From a437e533f537161b474d7abfe65dbb4151419702 Mon Sep 17 00:00:00 2001 From: Aurora Date: Mon, 21 Mar 2016 03:20:15 +0100 Subject: [PATCH] Slightly improved the reboot patch, added emuNAND patch improvements from CakesFW, made the emuNAND patch completely version-independent Should work as-is with future firmwares! --- emunand/emuCode.s | 16 ++++++---------- reboot/rebootCode.s | 16 ++++++++-------- source/emunand.c | 8 ++++++++ source/emunand.h | 3 ++- source/firm.c | 13 ++++--------- source/patches.c | 3 ++- 6 files changed, 30 insertions(+), 29 deletions(-) diff --git a/emunand/emuCode.s b/emunand/emuCode.s index d0e86d02..2c111268 100644 --- a/emunand/emuCode.s +++ b/emunand/emuCode.s @@ -1,9 +1,6 @@ -.nds +.arm.little -sdmmc equ 0x434D4453 ;dummy - -.create "emunand.bin", 0x0801A5C0 -.org 0x0801A5C0 +.create "emunand.bin", 0 .arm nand_sd: ; Original code that still needs to be executed. @@ -15,7 +12,7 @@ nand_sd: ; If we're already trying to access the SD, return. ldr r2, [r0, #4] - ldr r1, =sdmmc + ldr r1, [sdmmc] cmp r2, r1 beq nand_sd_ret @@ -23,12 +20,10 @@ nand_sd: ldr r2, [r0, #8] ; Get sector to read cmp r2, #0 ; For GW compatibility, see if we're trying to read the ncsd header (sector 0) - ldr r3, =nand_offset - ldr r3, [r3] + ldr r3, [nand_offset] add r2, r3 ; Add the offset to the NAND in the SD. - ldreq r3, =ncsd_header_offset - ldreq r3, [r3] + ldreq r3, [ncsd_header_offset] addeq r2, r3 ; If we're reading the ncsd header, add the offset of that sector. str r2, [r0, #8] ; Store sector to read @@ -45,6 +40,7 @@ nand_sd: add r0, #4 bx r0 .pool +sdmmc: .ascii "SDMC" nand_offset: .ascii "NAND" ; for rednand this should be 1 ncsd_header_offset: .ascii "NCSD" ; depends on nand manufacturer + emunand type (GW/RED) .close diff --git a/reboot/rebootCode.s b/reboot/rebootCode.s index 9054edb9..b6c1aa6d 100644 --- a/reboot/rebootCode.s +++ b/reboot/rebootCode.s @@ -1,12 +1,11 @@ -.nds -.create "reboot.bin", 0 +.arm.little byteswritten equ 0x2000E000 -externalFirm equ 0x2000A000 kernelCode equ 0x080F0000 buffer equ 0x24000000 fileOpen equ 0x4E45504F ;dummy +.create "reboot.bin", 0 .arm //Code jumps here right after the sprintf call process9Reboot: @@ -34,18 +33,16 @@ process9Reboot: ldreq r1, =(FileName - OpenFirm - 12) addeq r1, pc addne r1, sp, #0x3A8-0x70 - ldr r0, =externalFirm moveq r2, #1 movne r2, #0 - str r2, [r0] + str r2, [externalFirm] mov r2, #1 add r0, r7, #8 ldr r6, =fileOpen blx r6 SeekFirm: - ldr r0, =externalFirm - ldr r0, [r0] + ldr r0, [externalFirm] cmp r0, #1 moveq r0, r7 ldreq r1, =byteswritten @@ -97,11 +94,14 @@ Memcpy: LDMFD SP!, {R0-R4} MOV LR, R12 BX LR - + FileName: .dcw "sdmc:/aurei/patched_firmware_sys.bin" .word 0x0 +externalFirm: + .word 0x2000A000 + .pool // Kernel Code diff --git a/source/emunand.c b/source/emunand.c index 53485bc1..9fae7cb4 100644 --- a/source/emunand.c +++ b/source/emunand.c @@ -62,4 +62,12 @@ void getMPU(void *pos, u32 *off, u32 size){ const unsigned char pattern[] = {0x03, 0x00, 0x24, 0x00}; *off = (u32)memsearch(pos, pattern, size, 4); +} + +void getEmuCode(void *pos, u32 *off, u32 size){ + u8 *proc9 = (u8 *)memsearch(pos, "ess9", size, 4); + const unsigned char pattern[] = {0x00, 0xFF, 0xFF, 0xFF}; + + //Looking for the last spot before Process9 + *off = (u32)memsearch(pos, pattern, size - (size - (u32)(proc9 - (u8 *)pos)), 4) + 0xD; } \ No newline at end of file diff --git a/source/emunand.h b/source/emunand.h index 6ccd3417..c10465bf 100644 --- a/source/emunand.h +++ b/source/emunand.h @@ -13,4 +13,5 @@ void getEmunandSect(u32 *off, u32 *head, u32 emuNAND); void getSDMMC(void *pos, u32 *off, u32 size); void getEmuRW(void *pos, u32 size, u32 *readOff, u32 *writeOff); -void getMPU(void *pos, u32 *off, u32 size); \ No newline at end of file +void getMPU(void *pos, u32 *off, u32 size); +void getEmuCode(void *pos, u32 *off, u32 size); \ No newline at end of file diff --git a/source/firm.c b/source/firm.c index 9f9bec36..35367c70 100755 --- a/source/firm.c +++ b/source/firm.c @@ -150,10 +150,7 @@ static u32 loadEmu(void){ const char path[] = "/aurei/emunand/emunand.bin"; u32 size = fileSize(path); if(!size) return 0; - if(!console || !mode) nandRedir[5] = 0xA4; - //Find offset for emuNAND code from the offset in nandRedir - emuCodeOffset = *(u32 *)(nandRedir + 4) - (u32)section[2].address + - section[2].offset + (u32)firmLocation; + getEmuCode(firmLocation, &emuCodeOffset, firmSize); fileRead((u8 *)emuCodeOffset, path, size); //Find and patch emunand related offsets @@ -171,11 +168,9 @@ static u32 loadEmu(void){ //No emuNAND detected if(!*pos_header) return 0; - //Patch emuNAND code in memory for O3DS and 9.0 N3DS - if(!console || !mode){ - void *pos_instr = memsearch((void *)emuCodeOffset, "\xA6\x01\x08\x30", size, 4); - memcpy(pos_instr, emuInstr, sizeof(emuInstr)); - } + //Calculate offset for the hooks + *(u32 *)(nandRedir + 4) = emuCodeOffset - (u32)firmLocation - + section[2].offset + (u32)section[2].address; //Add emunand hooks memcpy((void *)emuRead, nandRedir, sizeof(nandRedir)); diff --git a/source/patches.c b/source/patches.c index 00ec5ab1..9fb89f17 100644 --- a/source/patches.c +++ b/source/patches.c @@ -17,7 +17,8 @@ const u8 mpu[0x2C] = { //MPU shit 0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x1C, 0x00, 0x00, 0x00, 0x02, 0x08 }; -u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA5, 0x01, 0x08}; //Branch to emunand function +//Branch to emunand function. To be filled in +u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0x00, 0x00, 0x00, 0x00}; const u8 sigPat1[2] = {0x00, 0x20}; const u8 sigPat2[4] = {0x00, 0x20, 0x70, 0x47};