From 989fb59a35c5ad79b8232a3c4cd9c9c8f70ee8f6 Mon Sep 17 00:00:00 2001 From: ZeroSkill1 Date: Tue, 24 Mar 2026 11:46:17 +0300 Subject: [PATCH] Add support for SDK 0.10.2 prototype FIRM --- arm9/source/emunand.c | 62 +++++++++++++++++++++++++++++++++++++++++-- arm9/source/firm.c | 17 ++++++++---- arm9/source/patches.c | 2 +- 3 files changed, 73 insertions(+), 8 deletions(-) diff --git a/arm9/source/emunand.c b/arm9/source/emunand.c index 691a766b..8e8a3d87 100644 --- a/arm9/source/emunand.c +++ b/arm9/source/emunand.c @@ -118,7 +118,10 @@ static inline u32 getProtoSdmmc(u32 *sdmmc, u32 firmVersion) case 243: // SDK 0.9.x (0.9.7?) *sdmmc = (0x080AAA28 + 0x4e0); break; - case 238: // SDK 0.10 + case 236: // SDK 0.10.2 + *sdmmc = (0x080CED30 + 0x690); + break; + case 238: // SDK 0.10.0 (early 0.10.0) *sdmmc = (0x080BEA70 + 0x690); break; case 1200: // SDK 0.12 @@ -239,6 +242,58 @@ static inline u32 patchProtoNandRw(u8 *pos, u32 size, u32 hookAddr, u32 hookCidA return 0; } +static inline u32 patchProtoNandRw236(u8 *pos, u32 size, u32 hookAddr, u32 hookCidAddr) +{ + //Look for read/write code + static const u8 pattern[] = { + 0x03, 0x00, 0x50, 0xE3, // cmp r0, #3 + 0x00, 0x00, 0xA0, 0x13, // movne r0, #0 + 0x01, 0x00, 0xA0, 0x03, // moveq r0, #1 + }; + + u32 *writeOffset = (u32 *)memsearch(pos, pattern, size, sizeof(pattern)); + + if(writeOffset == NULL) return 1; + + u32 *readOffset = (u32 *)memsearch((u8 *)(writeOffset + 3), pattern, 0x400, sizeof(pattern)); + + if(readOffset == NULL) return 1; + + // Find the mmc static ctor... + static const u8 mount_pattern[] = { + 0x30, 0xED, 0x0C, 0x08, // last byte of some ptr to something in P9 + 0x01, 0x01, 0x00, 0x00, // emmc controller id + }; + u8* mountOffset = (u8*) memsearch(pos, mount_pattern, size, sizeof(mount_pattern)); + if (mountOffset == NULL) return 1; + mountOffset += 4; + + // Find the sdmmc read cid function. + static const u8 readcid_pattern[] = { + 0x31, 0xFF, 0x2F, 0xE1, // blx r1 + 0x20, 0x60, 0x9F, 0xE5, // ldr r6, [pc, #0x20] // =failing_result + 0x00, 0x00, 0x50, 0xE3, // cmp r0, #0 + }; + u32* readCidOffset = (u32*) memsearch(pos, readcid_pattern, size, sizeof(readcid_pattern)); + if (readCidOffset == NULL) return 1; + readCidOffset -= 5; + + *(u32*)mountOffset = 0x300; // sd card + + readOffset[0] = writeOffset[0] = 0xe59fc000; // ldr r12, [pc, #0] + readOffset[1] = writeOffset[1] = 0xe12fff3c; // blx r12 + readOffset[2] = writeOffset[2] = hookAddr; + + readCidOffset[0] = 0xe59fc000; // ldr r12, [pc, #0] + readCidOffset[1] = 0xe12fff3c; // blx r12 + readCidOffset[2] = hookCidAddr; + + // Read the emmc cid into the place hook will copy it from + sdmmc_get_cid(1, emunandPatchNandCid); + + return 0; +} + static inline u32 patchProtoNandRw238(u8 *pos, u32 size, u32 hookAddr, u32 hookCidAddr) { //Look for read/write code @@ -381,9 +436,12 @@ u32 patchProtoEmuNand(u8 *process9Offset, u32 process9Size) case 243: // SDK 0.9.x (0.9.7?) ret += patchProtoNandRw(process9Offset, process9Size, (u32)emunandProtoPatch, (u32)emunandProtoCidPatch); break; - case 238: // SDK 0.10.x + case 238: // SDK 0.10.0 (early 0.10.0) ret += patchProtoNandRw238(process9Offset, process9Size, (u32)emunandProtoPatch238, (u32)emunandProtoCidPatch); break; + case 236: // SDK 0.10.2 + ret += patchProtoNandRw236(process9Offset, process9Size, (u32)emunandProtoPatch238, (u32)emunandProtoCidPatch); + break; case 1200: // SDK 0.12 ret += patchProtoNandRw1200(process9Offset, process9Size, (u32)emunandProtoPatch1200, (u32)emunandProtoCidPatch1200); break; diff --git a/arm9/source/firm.c b/arm9/source/firm.c index d54329ff..937c689d 100755 --- a/arm9/source/firm.c +++ b/arm9/source/firm.c @@ -208,9 +208,11 @@ u32 loadNintendoFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadF if(isO3dsFirm && (*firmType == NATIVE_FIRM || *firmType == NATIVE_FIRM1X2X)) { - __attribute__((aligned(4))) static const u8 hashes[6][0x20] = { + __attribute__((aligned(4))) static const u8 hashes[7][0x20] = { {0xD7, 0x43, 0x0F, 0x27, 0x8D, 0xC9, 0x3F, 0x4C, 0x96, 0xB5, 0xA8, 0x91, 0x48, 0xDB, 0x08, 0x8A, 0x7E, 0x46, 0xB3, 0x95, 0x65, 0xA2, 0x05, 0xF1, 0xF2, 0x41, 0x21, 0xF1, 0x0C, 0x59, 0x6A, 0x9D}, + {0x82, 0xCD, 0x41, 0x1E, 0x80, 0xF6, 0xEA, 0x8C, 0xA8, 0xDE, 0x4A, 0x27, 0x5D, 0xDF, 0xFD, 0xAE, + 0x06, 0x4B, 0xF7, 0x21, 0x17, 0x55, 0x1F, 0x51, 0x36, 0xEB, 0x19, 0x9A, 0x8E, 0x09, 0xFA, 0x7C}, {0x93, 0xDF, 0x49, 0xA1, 0x24, 0x86, 0xBB, 0x6F, 0xAF, 0x49, 0x99, 0x2D, 0xD0, 0x8D, 0xB1, 0x88, 0x8A, 0x00, 0xB6, 0xDD, 0x36, 0x89, 0xC0, 0xE2, 0xC9, 0xA9, 0x99, 0x62, 0x57, 0x5E, 0x6C, 0x23}, {0xD4, 0x91, 0xBC, 0x28, 0xFA, 0xBE, 0xC8, 0xF6, 0x80, 0xD2, 0x62, 0x51, 0xAF, 0x4B, 0x37, 0xBA, @@ -239,22 +241,27 @@ u32 loadNintendoFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadF break; case 1: firmVersion = 0x0; - firmProtoVersion = 238; + firmProtoVersion = 236; *firmType = NATIVE_PROTOTYPE; break; case 2: + firmVersion = 0x0; + firmProtoVersion = 238; + *firmType = NATIVE_PROTOTYPE; + break; + case 3: firmVersion = 0x0; firmProtoVersion = 1200; *firmType = NATIVE_PROTOTYPE; break; // Release - case 3: + case 4: firmVersion = 0x18; break; - case 4: + case 5: firmVersion = 0x1D; break; - case 5: + case 6: firmVersion = 0x1F; break; default: diff --git a/arm9/source/patches.c b/arm9/source/patches.c index 86ad1514..f52418c2 100644 --- a/arm9/source/patches.c +++ b/arm9/source/patches.c @@ -878,7 +878,7 @@ u32 patchProtoNandSignatureCheck(u8 *pos, u32 size) { off[0x20] = 2; } - else if (firmProtoVersion == 238) { // SDK 0.10 + else if (firmProtoVersion == 238 || firmProtoVersion == 236) { // SDK 0.10.0 (early 0.10.0) and SDK 0.10.2 // Same patch as for v243 ported to the different ncsd_read() function static const u8 pattern[] = { 0x00, 0x11, 0x9f, 0xe5,