Mirror/Luma3DS
1
0
Fork 0
mirror of https://github.com/LumaTeam/Luma3DS.git synced 2026-02-22 09:54:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Mirror:master
Branches Tags
Mirror:master
Mirror:v13.3.3
Mirror:v13.3.2
Mirror:v13.3.1
Mirror:v13.3
Mirror:v13.2.1
Mirror:v13.2
Mirror:v13.1.2
Mirror:v13.1.1
Mirror:v13.1
Mirror:v13.0.2
Mirror:v13.0.1
Mirror:v13.0
Mirror:v12.0.1
Mirror:v12.0
Mirror:v11.0
Mirror:v10.3
Mirror:v10.2.1
Mirror:v10.2
Mirror:v10.1.3
Mirror:v10.1.2
Mirror:v10.1.1
Mirror:v10.1
Mirror:v10.0.1
Mirror:v10.0
Mirror:v9.1
Mirror:v9.0-joyconhax
Mirror:v9.0
Mirror:v8.1.1
Mirror:v8.1
Mirror:v8.0
Mirror:v7.1
Mirror:v7.0.5
Mirror:v7.0.4
Mirror:v7.0.3
Mirror:v7.0.2
Mirror:v7.0.1
Mirror:v7.0
Mirror:v6.6
Mirror:v6.5
Mirror:v6.3.1
Mirror:v6.3
Mirror:v6.2.3
Mirror:v6.2.2
Mirror:v6.2.1
Mirror:v6.2
Mirror:v6.1.2
Mirror:v6.1.1
Mirror:v6.1
Mirror:v6.0.1
Mirror:v6.0
Mirror:v5.5
Mirror:v5.4
Mirror:v5.3.1
Mirror:v5.3
Mirror:v5.2
Mirror:v5.1.2
Mirror:v5.1.1
Mirror:v5.1
Mirror:v5.0
Mirror:v4.2
Mirror:v4.1
Mirror:v4.0.1
Mirror:v4.0
Mirror:v3.14
Mirror:v3.13
Mirror:v3.12
Mirror:v3.11
Mirror:v3.10
Mirror:v3.9
Mirror:v3.8.1-r2
Mirror:v3.8
Mirror:v3.7.3
Mirror:v3.7.2
Mirror:v3.7.1
Mirror:v3.7
Mirror:v3.6.1
Mirror:v3.6
Mirror:v3.5.3
Mirror:v3.5.2
Mirror:v3.5.1
Mirror:v3.5
Mirror:v3.4
Mirror:v3.3
..
compare: Mirror:v8.0
Branches Tags
Mirror:master
Mirror:v13.3.3
Mirror:v13.3.2
Mirror:v13.3.1
Mirror:v13.3
Mirror:v13.2.1
Mirror:v13.2
Mirror:v13.1.2
Mirror:v13.1.1
Mirror:v13.1
Mirror:v13.0.2
Mirror:v13.0.1
Mirror:v13.0
Mirror:v12.0.1
Mirror:v12.0
Mirror:v11.0
Mirror:v10.3
Mirror:v10.2.1
Mirror:v10.2
Mirror:v10.1.3
Mirror:v10.1.2
Mirror:v10.1.1
Mirror:v10.1
Mirror:v10.0.1
Mirror:v10.0
Mirror:v9.1
Mirror:v9.0-joyconhax
Mirror:v9.0
Mirror:v8.1.1
Mirror:v8.1
Mirror:v8.0
Mirror:v7.1
Mirror:v7.0.5
Mirror:v7.0.4
Mirror:v7.0.3
Mirror:v7.0.2
Mirror:v7.0.1
Mirror:v7.0
Mirror:v6.6
Mirror:v6.5
Mirror:v6.3.1
Mirror:v6.3
Mirror:v6.2.3
Mirror:v6.2.2
Mirror:v6.2.1
Mirror:v6.2
Mirror:v6.1.2
Mirror:v6.1.1
Mirror:v6.1
Mirror:v6.0.1
Mirror:v6.0
Mirror:v5.5
Mirror:v5.4
Mirror:v5.3.1
Mirror:v5.3
Mirror:v5.2
Mirror:v5.1.2
Mirror:v5.1.1
Mirror:v5.1
Mirror:v5.0
Mirror:v4.2
Mirror:v4.1
Mirror:v4.0.1
Mirror:v4.0
Mirror:v3.14
Mirror:v3.13
Mirror:v3.12
Mirror:v3.11
Mirror:v3.10
Mirror:v3.9
Mirror:v3.8.1-r2
Mirror:v3.8
Mirror:v3.7.3
Mirror:v3.7.2
Mirror:v3.7.1
Mirror:v3.7
Mirror:v3.6.1
Mirror:v3.6
Mirror:v3.5.3
Mirror:v3.5.2
Mirror:v3.5.1
Mirror:v3.5
Mirror:v3.4
Mirror:v3.3

No commits in common. "master" and "v8.0" have entirely different histories.
master ... v8.0

433 changed files with 21322 additions and 59099 deletions
Show Stats Expand all files Collapse all files

2
.gitattributes vendored
View File

@ -1,2 +0,0 @@
*.xml text eol=lf
*.ini text eol=lf

89
.github/ISSUE_TEMPLATE.md vendored Normal file
View File

@ -0,0 +1,89 @@
<!--
-- THIS IS NOT A SUPPORT FORUM! For support go here:
-- Luma3DS GBATemp thread: https://gbatemp.net/threads/luma3ds-noob-proof-3ds-custom-firmware.411110/
-- Nintendo Hacking: https://discord.gg/MjzatM8y
--
-- Also check the Wiki (https://github.com/AuroraWright/Luma3DS/wiki) before making an issue.
--
-- For GBA/DSiWare/DS/AGB_FIRM/TWL_FIRM problems: https://3ds.guide/troubleshooting
-- If you're using an emu/redNAND anything related to that must also be installed to sysNAND.
-- Please make sure to read "Enable game patching" https://github.com/AuroraWright/Luma3DS/wiki/Options-and-usage before posting any issues about the "Enable game patching" option(s).
--
-- Luma updaters that don't support Boot9Strap/Sighax won't work.
-- This is due to support for non-B9S/Sighax entrypoints being dropped.
--
-- Please fill in the placeholders.-->
**System model:**
[e.g. 2DS, New 3DS, Old 3DS]
**SysNAND version (+emu/redNAND version if applicable):**
[e.g. 11.4.0-37U SysNAND, 11.4.0-37J EmuNAND]
**Entrypoint (How/what you're using to boot Luma3DS):**
[e.g. Boot9Strap/Sighax, etc.]
**Luma3DS version:**
[e.g. 7.1 stable or if using nightly/hourly specify the commit like this https://github.com/AuroraWright/Luma3DS/commit/9570e6cbeca53128433abbf5e3473cb8a07fe69e]
<!--You can check which version you're on in System Settings. It will be on the bottom right of the top screen.-->
**Luma3DS configuration/options:**
Default EmuNAND: ( )
Screen brightness: ( )
Splash: ( )
PIN lock: ( )
New 3DS CPU: ( )
<!--This option is only available for New 3DS/2DS.-->
--
Autoboot EmuNAND: ( )
Use EmuNAND FIRM if booting with R: ( )
Enable loading external FIRMs and modules: ( )
<!--Firmware (.bin) files are not required by Luma, or NTR CFW anymore.
-- If you're having issues with this option enabled try deleting them from the luma folder on the root of the SD card and disabling this option.-->
Use custom path: ( )
Enable game patching: ( )
Show NAND or user string in System Settings: ( )
Show GBA boot screen in patched AGB_FIRM: ( )
Patch ARM9 access: ( )
Set developer UNITINFO: ( )
--
**Explanation of the issue:**
**Steps to reproduce:**
1.
2.
**Dump file:**
<!--If the issue leads to a crash you can generate a crash dump by checking the "Enable exception handlers" option.
-- The error message will tell you where the dump is.
-- Zip the dmp file and drag & drop it below.-->

96
.github/ISSUE_TEMPLATE/bug-report.md vendored
View File

@ -1,96 +0,0 @@
---
name: Bug report
about: Use this to report bugs you encounter with Luma3DS. Make sure you upload the crash dumps if Luma3DS crashes.
---
<!--
-- THIS IS NOT A SUPPORT FORUM! For support go here:
-- Nintendo Homebrew: https://discord.gg/MjzatM8
--
-- Rosalina feature requests go here: https://github.com/LumaTeam/Luma3DS/issues/752
--
-- Also check the Wiki (https://github.com/LumaTeam/Luma3DS/wiki) before making an issue.
--
-- For GBA/DSiWare/DS/AGB_FIRM/TWL_FIRM problems: use https://github.com/MechanicalDragon0687/TWLFix-CFW and update your system.
-- If you're using an emu/redNAND try installing anything on it to sysNAND.
-- Please make sure to read "Enable game patching" https://github.com/LumaTeam/Luma3DS/wiki/Options-and-usage before posting any issues about the "Enable game patching" option(s).
--
-- Luma updaters that don't support Boot9Strap/Sighax won't work.
-- This is due to support for non-B9S/Sighax entrypoints being dropped.
--
-- Please fill in the placeholders.-->
**System model:**
[New 2DS XL, New 3DS XL, New 3DS, Old 2DS, Old 3DS XL, Old 3DS]
**SysNAND version (+emu/redNAND version if applicable):**
[e.g. 11.17.0-50U SysNAND, 11.17.0-50E EmuNAND]
<!--You can check which version you're on in System Settings. It will be on the bottom right of the top screen.-->
**Entrypoint (How/what you're using to boot Luma3DS):**
[e.g. Boot9Strap/Sighax, etc.]
**Luma3DS version:**
[e.g. v13.2.1 stable or if using non-releases specify the commit like this https://github.com/LumaTeam/Luma3DS/commit/988ec17ebfce513fc4589f7b12e0d6e3894ae542]
**Luma3DS configuration/options:**
Default EmuNAND: ( )
<!--This option is only available if there's at least one EmuNAND.-->
Screen brightness: ( )
Splash: ( )
Splash duration: ( )
PIN lock: ( )
New 3DS CPU: ( )
<!--This option is only available on New 3DS (XL)/New 2DS XL.-->
Hbmenu autoboot: ( )
--
Autoboot EmuNAND: ( )
<!--This option is only available if there's at least one EmuNAND.-->
Enable loading external FIRMs and modules: ( )
<!--Firmware (.bin) files are not required by Luma, or NTR CFW anymore.
-- If you're having issues with this option enabled try deleting them from the luma folder on the root of the SD card or /rw/luma on CTRNAND and disabling this option.-->
Enable game patching: ( )
Redirect app. syscore threads to core2: ( )
<!--This option is only available on New 3DS (XL)/New 2DS XL.-->
Show NAND or user string in System Settings: ( )
Show GBA boot screen in patched AGB_FIRM: ( )
--
**Explanation of the issue:**
**Steps to reproduce:**
1.
2.
**Dump file (if applicable):**
<!--If the issue leads to a crash you must ensure the "Disable Arm11 exception handlers"
-- option is not disabled in config.ini.
-- The error message will tell you where the dump is.
-- Zip the dmp file and drag & drop it below.-->

14
.gitignore vendored
View File

@ -1,24 +1,18 @@
.vscode
out out
build build
arm11/build arm11/build
sysmodules/loader/build sysmodules/loader/build
sysmodules/rosalina/build
chainloader/build chainloader/build
rosalina/build
exceptions/arm9/build exceptions/arm9/build
exceptions/arm11/build exceptions/arm11/build
.vscode
.vscode/**
*.bin *.bin
*.firm *.firm
*.o *.o
*.d *.d
*.elf *.elf
*.cxi *.cxi
*.3dsx *.bmp
.DS_Store
*.dmp *.dmp
.project
.cproject
.settings
Luma3DS*.zip
hbmenu.zip

0
LICENSE → LICENSE.txt
View File

152
Makefile
View File

@ -1,48 +1,140 @@
rwildcard = $(foreach d, $(wildcard $1*), $(filter $(subst *, %, $2), $d) $(call rwildcard, $d/, $2))
ifeq ($(strip $(DEVKITARM)),)
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
endif
ifneq ($(strip $(shell firmtool -v 2>&1 | grep usage)),) ifneq ($(strip $(shell firmtool -v 2>&1 | grep usage)),)
$(error "Please install firmtool v1.1 or greater") $(error "Please install firmtool v1.1 or greater")
endif endif
# Disable kext and firmlaunch patches, all custom sysmodules except Loader, enable PASLR. include $(DEVKITARM)/base_tools
# Dangerous. Don't enable this unless you know what you're doing!
export BUILD_FOR_EXPLOIT_DEV ?= 0
# Build with O0 & frame pointer information for use with GDB name := Luma3DS
export BUILD_FOR_GDB ?= 0 revision := $(shell git describe --tags --match v[0-9]* --abbrev=8 | sed 's/-[0-9]*-g/-/i')
commit := $(shell git rev-parse --short=8 HEAD)
# Default 3DSX TitleID for hb:ldr ifeq ($(strip $(revision)),)
export HBLDR_DEFAULT_3DSX_TID ?= 000400000D921E00 revision := v0.0.0-0
endif
# What to call the title corresponding to HBLDR_DEFAULT_3DSX_TID ifeq ($(strip $(commit)),)
export HBLDR_DEFAULT_3DSX_TITLE_NAME ?= "hblauncher_loader" commit := 0
endif
NAME := $(notdir $(CURDIR)) dir_source := source
REVISION := $(shell git describe --tags --match v[0-9]* --abbrev=8 | sed 's/-[0-9]*-g/-/') dir_patches := patches
dir_arm11 := arm11
dir_chainloader := chainloader
dir_exceptions := exceptions
dir_arm9_exceptions := $(dir_exceptions)/arm9
dir_sysmodules := sysmodules
dir_loader := $(dir_sysmodules)/loader
dir_rosalina := $(dir_sysmodules)/rosalina
dir_build := build
dir_out := out
SUBFOLDERS := sysmodules arm11 arm9 k11_extension ASFLAGS := -mcpu=arm946e-s
CFLAGS := -Wall -Wextra $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
LDFLAGS := -nostartfiles -Wl,--nmagic
.PHONY: all release clean $(SUBFOLDERS) objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
$(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
$(call rwildcard, $(dir_source), *.s *.c)))
all: boot.firm bundled = $(dir_build)/reboot.bin.o $(dir_build)/emunand.bin.o $(dir_build)/mmuHook.bin.o $(dir_build)/k11MainHook.bin.o $(dir_build)/svcConnectToPortInitHook.bin.o $(dir_build)/svcCustomBackdoor.bin.o\
$(dir_build)/chainloader.bin.o $(dir_build)/arm9_exceptions.bin.o
release: $(NAME)$(REVISION).zip modules = $(dir_build)/loader.cxi $(dir_build)/rosalina.cxi
define bin2o
bin2s $< | $(AS) -o $(@)
endef
.PHONY: all
all: firm
.PHONY: release
release: $(dir_out)/$(name)$(revision).7z
.PHONY: firm
firm: $(dir_out)/boot.firm
.PHONY: clean
clean: clean:
@$(foreach dir, $(SUBFOLDERS), $(MAKE) -C $(dir) clean &&) true @$(MAKE) -C $(dir_arm11) clean
@rm -rf *.firm *.zip *.3dsx @$(MAKE) -C $(dir_chainloader) clean
@$(MAKE) -C $(dir_arm9_exceptions) clean
@$(MAKE) -C $(dir_loader) clean
@$(MAKE) -C $(dir_rosalina) clean
@rm -rf $(dir_out) $(dir_build)
# boot.3dsx comes from https://github.com/fincs/new-hbmenu/releases .PRECIOUS: $(dir_build)/%.bin
$(NAME)$(REVISION).zip: hbmenu.zip boot.firm
@cp $< $@
@zip $@ boot.firm -x "*.DS_Store*" "*__MACOSX*"
boot.firm: $(SUBFOLDERS) .PHONY: $(dir_arm11)
@firmtool build $@ -D sysmodules/sysmodules.bin arm11/arm11.elf arm9/arm9.elf k11_extension/k11_extension.elf \ .PHONY: $(dir_chainloader)
-A 0x18180000 -C XDMA XDMA NDMA XDMA .PHONY: $(dir_arm9_exceptions)
@echo built... $(notdir $@) .PHONY: $(dir_loader)
.PHONY: $(dir_rosalina)
hbmenu.zip: $(dir_out)/$(name)$(revision).7z: all
@curl -sSfL $(shell curl -s https://api.github.com/repos/devkitPro/3ds-hbmenu/releases/latest | grep 'browser_' | cut -d\" -f4) -o $@ @mkdir -p "$(@D)"
@echo downloaded... $(notdir $@) @7z a -mx $@ ./$(@D)/* ./$(dir_exceptions)/exception_dump_parser.py
$(SUBFOLDERS): $(dir_out)/boot.firm: $(dir_build)/modules.bin $(dir_build)/arm11.elf $(dir_build)/main.elf
@$(MAKE) -C $@ all @mkdir -p "$(@D)"
@firmtool build $@ -D $^ -A 0x1FF60000 -C XDMA XDMA NDMA
$(dir_build)/modules.bin: $(modules)
@mkdir -p "$(@D)"
cat $^ > $@
$(dir_build)/arm11.elf: $(dir_arm11)
@mkdir -p "$(@D)"
@$(MAKE) -C $<
$(dir_build)/main.elf: $(bundled) $(objects)
$(LINK.o) -T linker.ld $(OUTPUT_OPTION) $^
$(dir_build)/loader.cxi: $(dir_loader)
@mkdir -p "$(@D)"
@$(MAKE) -C $<
$(dir_build)/rosalina.cxi: $(dir_rosalina)
@mkdir -p "$(@D)"
@$(MAKE) -C $<
$(dir_build)/%.bin.o: $(dir_build)/%.bin
@$(bin2o)
$(dir_build)/chainloader.bin: $(dir_chainloader)
@mkdir -p "$(@D)"
@$(MAKE) -C $<
$(dir_build)/arm9_exceptions.bin: $(dir_arm9_exceptions)
@mkdir -p "$(@D)"
@$(MAKE) -C $<
$(dir_build)/%.bin: $(dir_patches)/%.s
@mkdir -p "$(@D)"
@armips $<
$(dir_build)/memory.o $(dir_build)/strings.o: CFLAGS += -O3
$(dir_build)/config.o: CFLAGS += -DCONFIG_TITLE="\"$(name) $(revision) configuration\""
$(dir_build)/patches.o: CFLAGS += -DREVISION=\"$(revision)\" -DCOMMIT_HASH="0x$(commit)"
$(dir_build)/firm.o: $(dir_build)/modules.bin
$(dir_build)/firm.o: CFLAGS += -DLUMA_SECTION0_SIZE="$(shell du -b $(dir_build)/modules.bin | cut -f1)"
$(dir_build)/bundled.h: $(bundled)
@$(foreach f, $(bundled),\
echo "extern const u8" `(echo $(basename $(notdir $(f))) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"[];" >> $@;\
echo "extern const u32" `(echo $(basename $(notdir $(f)))| sed -e 's/^\([0-9]\)/_\1/' | tr . _)`_size";" >> $@;\
)
$(dir_build)/%.o: $(dir_source)/%.c $(dir_build)/bundled.h
@mkdir -p "$(@D)"
$(COMPILE.c) $(OUTPUT_OPTION) $<
$(dir_build)/%.o: $(dir_source)/%.s
@mkdir -p "$(@D)"
$(COMPILE.s) $(OUTPUT_OPTION) $<

122
README.md
View File

@ -1,112 +1,40 @@
# Luma3DS # Luma3DS
*Noob-proof (N)3DS "Custom Firmware"*
![GitHub Downloads (all assets, all releases)](https://img.shields.io/github/downloads/LumaTeam/Luma3DS/total) ## What it is
![License](https://img.shields.io/badge/License-GPLv3-blue.svg)
*Nintendo 3DS "Custom Firmware"* **Luma3DS** is a program to patch the system software of (New) Nintendo 3DS handheld consoles "on the fly", adding features (such as per-game language settings and debugging capabilities for developers) and removing restrictions enforced by Nintendo (such as the region lock).
It also allows you to run unauthorized ("homebrew") content by removing signature checks.
To use it, you will need a console capable of running homebrew software on the ARM9 processor. We recommend [Plailect's guide](https://3ds.guide/) for details on how to get your system ready.
![Boot menu screenshot](img/boot_menu_v1321.png) Since Luma3DS v8.0, Luma3DS has its own in-game menu, triggerable by `L+Start+Select` (see the release notes).
![Rosalina menu screenshot](img/rosalina_menu_v1321.png)
## Description ---
**Luma3DS** patches and reimplements significant parts of the system software running on all models of the Nintendo 3DS family of consoles. It aims to greatly improve the user experience and support the 3DS far beyond its end-of-life. Features include:
* **First-class support for homebrew applications** ## Compiling
* **Rosalina**, an overlay menu (triggered by <kbd>L+Down+Select</kbd> by default), allowing things like:
* Taking screenshots while in game
* Blue light filters and other screen filters
* Input redirection to play with external devices, such as controllers
* Using cheat codes
* Setting time and date accurately from the network (NTP)
* ... and much more!
* **Many game modding features**, such as, but not limited to:
* Game plugins (in 3GX format)
* Per-game language overrides ("locale emulation")
* Asset content path redirection ("LayeredFS")
* **Support for user-provided patches and/or full "system modules" replacements**, an essential feature for Nintendo Network replacements (amongst other projects)
* A **fully-fledged GDB stub**, allowing homebrew developers and reverse-engineers alike to work much more efficiently
* Ability to chainload other firmware files, including other versions of itself
* ... and much more!
## Installation and upgrade First you need to clone the repository with: `git clone https://github.com/AuroraWright/Luma3DS.git`
Luma3DS requires [boot9strap](https://github.com/SciresM/boot9strap) to run. To compile, you'll need [armips](https://github.com/Kingcom/armips) and a build of a recent commit of [makerom](https://github.com/profi200/Project_CTR) added to your PATH. You'll also need to install [firmtool](https://github.com/TuxSH/firmtool), its README contains installation instructions.
For now, you'll also need to update your [libctru](https://github.com/smealum/ctrulib) install, building from the latest commit.
For your convenience, here are [Windows](http://www91.zippyshare.com/v/ePGpjk9r/file.html) and [Linux](https://mega.nz/#!uQ1T1IAD!Q91O0e12LXKiaXh_YjXD3D5m8_W3FuMI-hEa6KVMRDQ) builds of armips (thanks to who compiled them!).
Finally just run `make` and everything should work!
You can find the compiled files in the `out` folder.
Once boot9strap has been installed, simply download the [latest release archive](https://github.com/LumaTeam/Luma3DS/releases/latest) and extract the archive onto the root of your SD card to "install" or to upgrade Luma3DS alongside the [homebrew menu and certs bundle](https://github.com/devkitPro/3ds-hbmenu) shipped with it. Replace existing files and merge existing folders if necessary. ---
## Basic usage ## Setup / Usage / Features
**The main Luma3DS configuration menu** can be accessed by pressing <kbd>Select</kbd> at boot. The configuration file is stored in `/luma/config.ini` on the SD card (or `/rw/luma/config.ini` on the CTRNAND partition if Luma3DS has been launched from the CTRNAND partition, which happens when SD card is missing).
**The chainloader menu** is accessed by pressing <kbd>Start</kbd> at boot, or from the configuration menu. Payloads are expected to be located in `/luma/payloads` with the `.firm` extension; if there is only one such payload, the aforementionned selection menu will be skipped. Hotkeys can be assigned to payload, for example `x_test.firm` will be chainloaded when <kbd>X</kbd> is pressed at boot. See https://github.com/AuroraWright/Luma3DS/wiki
**The overlay menu, Rosalina**, has a default button combination: <kbd>L+Down+Select</kbd>. For greater flexbility, most Rosalina menu settings aren't saved automatically, hence the "Save settings" option. ---
**GDB ports**, when enabled, are `4000-4002` for the normal ports. Use of `attach` in "extended-remote" mode, alongside `info os processes` is supported and encouraged (for reverse-engineering, also check out `monitor getmemregions`). The port for the break-on-start feature is `4003` without "extended-remote". Both devkitARM-patched GDB and IDA Pro (without "stepping support" enabled) are actively supported.
We have a wiki, however it is currently very outdated.
## Components
Luma3DS consists of multiple components. While the code style within each component is mostly consistent, these components have been written over many years and may not reflect how maintainers would write new code in new components/projects:
* **arm9**, **arm11**: baremetal main settings menu, chainloader and firmware loader. Aside from showing settings and chainloading to other homebrew firmware files on demand, it is responsible for patching the official firmware to modify `Process9` code and to inject all other custom components. This was the first component ever written for this project, in 2015
* **k11_extension**: code extending the Arm11 `NATIVE_FIRM` kernel (`Kernel11`). It is injected by the above mentioned baremetal loader into the kernel by hooking its startup code, then hooks itself into the rest of the kernel. Its features include hooking system calls (SVCs), introducing new SVCs and hooking into interprocess communications, to bypass limitations in Nintendo's system design. This is the component that allows Rosalina to pause other processes on overlay menu entry, for example. This was written at a time when we didn't fully reverse-engineer the kernel, and originally released in 2017 alongside Rosalina. Further hooks for "game plugin" support have been merged in 2023
* **sysmodules**: reimplementation of "system modules" (processes) of the 3DS's OS (except for Rosalina being custom), currently only initial processes loaded directly in-memory by the kernel ("kernel initial process", or KIP in short)
* **loader**: process that loads non-KIP processes from storage. Because this is the perfect place to patch/replace executable code, this is where all process patches are done, enabling in particular "game modding" features. This is also the sysmodule handling 3DSX homebrew loading. Introduced in 2016
* _**rosalina**_: the most important component of Luma3DS and custom KIP: overlay menu, GDB server, `err:f` (fatal error screen) reimplementation, and much more. Introduced in mid-2017, and has continuously undergone changes and received many external contributions ever since
* **pxi**: Arm11<>Arm9 communication KIP, reimplemented just for the sake of it. Introduced late 2017
* **sm**: service manager KIP, reimplemented to remove service access control restrictions. Introduced late 2017
* **pm**: process manager KIP reponsible of starting/terminating processes and instructing `loader` to load them. The reimplemention allows for break-on-start GDB feature in Rosalina, as well as lifting FS access control restrictions the proper way. Introduced in 2019
## Maintainers
* **[@TuxSH](https://github.com/TuxSH)**: lead developer, created and maintains most features of the project. Joined in 2016
* **[@AuroraWright](https://github.com/AuroraWright)**: author of the project, implemented the core features (most of the baremetal boot settings menu and firmware loading code) with successful design decisions that made the project popular. Created the project in 2015, currently inactive
* **[@PabloMK7](https://github.com/PabloMK7)**: maintainer of the plugin loader feature merged for the v13.0 release. Joined in 2023
## Roadmap
There are still a lot more features and consolidation planned for Luma3DS! Here is a list of what is currently in store:
* Full reimplementation of `TwlBg` and `AgbBg`. This will allow much better, and more configurable, upscaling for top screen in DS and GBA games (except on Old 2DS). This is currently being developed privately in C++23 (no ETA). While this is quite a difficult endeavor as this requires rewriting the entire driver stack in semi-bare-metal (limited kernel with no IPC), this is the most critical feature for Luma3DS to have and will make driver sysmodule reimpelementation trivial
* Reimplementation of `Process9` for `TWL_FIRM` and `AGB_FIRM` to allow for more features in DS and GBA compatibility mode (ones that require file access)
* Eventually, a full `Kernel11` reimplementation
## Known issues
* **Cheat engine crashes with some applications, in particular Pokémon games**: there is a race condition in Nintendo's `Kernel11` pertaining to attaching a new `KDebugThread` to a `KThread` on thread creation, and another thread null-dereferencing `thread->debugThread`. This causes the cheat engine to crashes games that create and destroy many threads all the time (like Pokémon).
* For these games, having a **dedicated "game plugin"** is the only alternative until `Kernel11` is reimplemented.
* **Applications reacting to Rosalina menu button combo**: Rosalina merely polls button input at an interval to know when to show the menu. This means that the Rosalina menu combo can sometimes be processed by the game/process that is going to be paused.
* You can **change the menu combo** in the "Miscellaneous options" submenu (then save it with "Save settings" in the main menu) to work around this.
## Building from source
To build Luma3DS, the following is needed:
* git
* [makerom](https://github.com/jakcron/Project_CTR) in `$PATH`
* [firmtool](https://github.com/TuxSH/firmtool) installed
* up-to-date devkitARM and libctru:
* install `dkp-pacman` (or, for distributions that already provide pacman, add repositories): https://devkitpro.org/wiki/devkitPro_pacman
* install packages from `3ds-dev` metapackage: `sudo dkp-pacman -S 3ds-dev --needed`
* while libctru and Luma3DS releases are kept in sync, you may have to build libctru from source for non-release Luma3DS commits
While Luma3DS releases are bundled with `3ds-hbmenu`, Luma3DS actually compiles into one single file: `boot.firm`. Just copy it over to the root of your SD card ([ftpd](https://github.com/mtheall/ftpd) is the easiest way to do so), and you're done.
## Licensing
This software is licensed under the terms of the GPLv3. You can find a copy of the license in the LICENSE.txt file.
Files in the GDB stub are instead triple-licensed as MIT or "GPLv2 or any later version", in which case it's specified in the file header. PM, SM, PXI reimplementations are also licensed under MIT.
## Credits ## Credits
Luma3DS would not be what it is without the contributions and constructive feedback of many. We would like to thanks in particular: See https://github.com/AuroraWright/Luma3DS/wiki/Credits
* **[@devkitPro](https://github.com/devkitPro)** (especially **[@fincs](https://github.com/fincs)**, **[@WinterMute](https://github.com/WinterMute)** and **[@mtheall](https://github.com/mtheall)**) for providing quality and easy-to-use toolchains with bleeding-edge GCC, and for their continued technical advice ---
* **[@Nanquitas](https://github.com/Nanquitas)** for the initial version of the game plugin loader code as well as very useful contributions to the GDB stub
* **[@piepie62](https://github.com/piepie62)** for the current implementation of the Rosalina cheat engine, **Duckbill** for its original implementation ## Licensing
* **[@panicbit](https://github.com/panicbit)** for the original implementation of screen filters in Rosalina
* **[@jasondellaluce](https://github.com/jasondellaluce)** for LayeredFS This software is licensed under the terms of the GPLv3.
* **[@LiquidFenrir](https://github.com/LiquidFenrir)** for the memory viewer inside Rosalina's "Process List" You can find a copy of the license in the LICENSE.txt file.
* **ChaN** for [FatFs](http://elm-chan.org/fsw/ff/00index_e.html)
* Everyone who has contributed to the Luma3DS repository
* Everyone who has assisted with troubleshooting end-users
* Everyone who has provided constructive feedback to Luma3DS

156
arm11/Makefile
View File

@ -1,147 +1,39 @@
#--------------------------------------------------------------------------------- rwildcard = $(foreach d, $(wildcard $1*), $(filter $(subst *, %, $2), $d) $(call rwildcard, $d/, $2))
.SUFFIXES:
#---------------------------------------------------------------------------------
ifeq ($(strip $(DEVKITARM)),) ifeq ($(strip $(DEVKITARM)),)
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM") $(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
endif endif
TOPDIR ?= $(CURDIR) include $(DEVKITARM)/base_tools
include $(DEVKITARM)/base_rules
#--------------------------------------------------------------------------------- name := $(shell basename $(CURDIR))
# TARGET is the name of the output
# BUILD is the directory where object files & intermediate files will be placed
# SOURCES is a list of directories containing source code
# DATA is a list of directories containing data files
# INCLUDES is a list of directories containing header files
#---------------------------------------------------------------------------------
TARGET := $(notdir $(CURDIR))
BUILD := build
SOURCES := source source/svc
DATA := data
INCLUDES := include include/svc
#--------------------------------------------------------------------------------- dir_source := source
# options for code generation dir_build := build
#--------------------------------------------------------------------------------- dir_out := ../$(dir_build)
ARCH := -march=armv6k -mtune=mpcore -mfloat-abi=hard -mtp=soft
DEFINES := -DARM11 -D__3DS__
CFLAGS := -g -std=gnu11 -Wall -Wextra -Werror -O2 -mword-relocations \ ASFLAGS := -mcpu=mpcore
-fomit-frame-pointer -ffunction-sections -fdata-sections \ CFLAGS := -Wall -Wextra -MMD -MP -marm $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
-Wno-main -fno-builtin $(ARCH) $(DEFINES) LDFLAGS := -nostartfiles -Wl,--nmagic
CFLAGS += $(INCLUDE) objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
$(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
$(call rwildcard, $(dir_source), *.s *.c)))
CXXFLAGS := $(CFLAGS) -fno-rtti -fno-exceptions -std=gnu++11 .PHONY: all
all: $(dir_out)/$(name).elf
ASFLAGS := -g $(ARCH) .PHONY: clean
LDFLAGS = -specs=$(TOPDIR)/linker.specs -g $(ARCH) -Wl,-Map,$(notdir $*.map)
LIBS :=
#---------------------------------------------------------------------------------
# list of directories containing libraries, this must be the top level containing
# include and lib
#---------------------------------------------------------------------------------
LIBDIRS :=
#---------------------------------------------------------------------------------
# no real need to edit anything past this point unless you need to add additional
# rules for different file extensions
#---------------------------------------------------------------------------------
ifneq ($(BUILD),$(notdir $(CURDIR)))
#---------------------------------------------------------------------------------
export OUTPUT := $(CURDIR)/$(TARGET)
export TOPDIR := $(CURDIR)
export VPATH := $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) \
$(foreach dir,$(DATA),$(CURDIR)/$(dir))
export DEPSDIR := $(CURDIR)/$(BUILD)
CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c)))
CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp)))
SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s)))
BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*)))
#---------------------------------------------------------------------------------
# use CXX for linking C++ projects, CC for standard C
#---------------------------------------------------------------------------------
ifeq ($(strip $(CPPFILES)),)
#---------------------------------------------------------------------------------
export LD := $(CC)
#---------------------------------------------------------------------------------
else
#---------------------------------------------------------------------------------
export LD := $(CXX)
#---------------------------------------------------------------------------------
endif
#---------------------------------------------------------------------------------
export OFILES_BIN := $(addsuffix .o,$(BINFILES))
export OFILES_SRC := $(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
export OFILES := $(OFILES_BIN) $(OFILES_SRC)
export HFILES_BIN := $(addsuffix .h,$(subst .,_,$(BINFILES)))
export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \
$(foreach dir,$(LIBDIRS),-I$(dir)/include) \
-I$(CURDIR)/$(BUILD)
export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib)
.PHONY: $(BUILD) clean all
#---------------------------------------------------------------------------------
all: $(BUILD)
$(BUILD):
@[ -d $@ ] || mkdir -p $@
@$(MAKE) --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile
#---------------------------------------------------------------------------------
clean: clean:
@echo clean ... @rm -rf $(dir_build)
@rm -fr $(BUILD) $(TARGET).bin $(TARGET).elf
$(dir_out)/$(name).elf: $(objects)
$(LINK.o) -T linker.ld $(OUTPUT_OPTION) $^
#--------------------------------------------------------------------------------- $(dir_build)/%.o: $(dir_source)/%.c
else @mkdir -p "$(@D)"
.PHONY: all $(COMPILE.c) $(OUTPUT_OPTION) $<
DEPENDS := $(OFILES:.o=.d) $(dir_build)/%.o: $(dir_source)/%.s
@mkdir -p "$(@D)"
#--------------------------------------------------------------------------------- $(COMPILE.s) $(OUTPUT_OPTION) $<
# main targets
#---------------------------------------------------------------------------------
all : $(OUTPUT).bin
$(OUTPUT).bin : $(OUTPUT).elf
$(OBJCOPY) -S -O binary $< $@
@echo built ... $(notdir $@)
$(OUTPUT).elf : $(OFILES)
%.elf: $(OFILES)
@echo linking $(notdir $@)
@$(LD) $(LDFLAGS) $(OFILES) $(LIBPATHS) $(LIBS) -o $@
@$(NM) -CSn $@ > $(notdir $*.lst)
$(OFILES_SRC) : $(HFILES_BIN)
#---------------------------------------------------------------------------------
# you need a rule like this for each extension you use as binary data
#---------------------------------------------------------------------------------
%.bin.o %_bin.h : %.bin
#---------------------------------------------------------------------------------
@echo $(notdir $<)
@$(bin2o)
-include $(DEPENDS)
#---------------------------------------------------------------------------------------
endif
#---------------------------------------------------------------------------------------

158
arm11/linker.ld
View File

@ -1,158 +1,16 @@
OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm") OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
OUTPUT_ARCH(arm) OUTPUT_ARCH(arm)
ENTRY(_start) ENTRY(_start)
/* Mostly copied from https://github.com/devkitPro/buildscripts/blob/master/dkarm-eabi/crtls/3dsx.ld */
PHDRS
{
main PT_LOAD;
}
SECTIONS SECTIONS
{ {
PROVIDE(__start__ = 0x1FF80000); . = 0x1FF80000;
PROVIDE(__stack_top__ = 0x1FFFE000);
PROVIDE(__stack_bottom__ = 0x1FFFD000);
. = __start__; .text : ALIGN(4) { *(.text.start) *(.text*); . = ALIGN(4); }
.rodata : ALIGN(4) { *(.rodata*); . = ALIGN(4); }
.data : ALIGN(4) { *(.data*); . = ALIGN(4); }
.bss : ALIGN(8) { __bss_start = .; *(.bss* COMMON); . = ALIGN(8); __bss_end = .; }
.text : __stack_top__ = 0x1FFFF000;
{ . = ALIGN(4);
KEEP( *(.text.start) )
KEEP( *(.init) )
/* .text */
*(.text)
*(.text.*)
*(.glue_7)
*(.glue_7t)
*(.stub)
*(.gnu.warning)
*(.gnu.linkonce.t*)
/* .fini */
KEEP( *(.fini) )
. = ALIGN(32);
} :main
.rodata :
{
*(.rodata)
*(.roda)
*(.rodata.*)
*all.rodata*(*)
*(.gnu.linkonce.r*)
SORT(CONSTRUCTORS)
. = ALIGN(8);
}
.preinit_array :
{
PROVIDE (__preinit_array_start = .);
KEEP (*(.preinit_array))
PROVIDE (__preinit_array_end = .);
}
.init_array :
{
PROVIDE (__init_array_start = .);
KEEP (*(SORT(.init_array.*)))
KEEP (*(.init_array))
PROVIDE (__init_array_end = .);
}
.fini_array :
{
PROVIDE (__fini_array_start = .);
KEEP (*(.fini_array))
KEEP (*(SORT(.fini_array.*)))
PROVIDE (__fini_array_end = .);
}
.ctors :
{
KEEP (*crtbegin.o(.ctors)) /* MUST be first -- GCC requires it */
KEEP (*(EXCLUDE_FILE (*crtend.o) .ctors))
KEEP (*(SORT(.ctors.*)))
KEEP (*(.ctors))
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
}
.dtors :
{
KEEP (*crtbegin.o(.dtors))
KEEP (*(EXCLUDE_FILE (*crtend.o) .dtors))
KEEP (*(SORT(.dtors.*)))
KEEP (*(.dtors))
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
}
.ARM.extab : { *(.ARM.extab* .gnu.linkonce.armextab.*) __exidx_start = .;}
ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) __exidx_end = .;}
.data :
{
*(.data)
*(.data.*)
KEEP (*(.large_patch*))
*(.gnu.linkonce.d*)
CONSTRUCTORS
. = ALIGN(32);
}
.bss (NOLOAD) :
{
. = ALIGN(32);
PROVIDE (__bss_start__ = ABSOLUTE(.));
*(.dynbss)
*(.bss)
*(.bss.*)
*(.gnu.linkonce.b*)
*(COMMON)
. = ALIGN(8);
PROVIDE (__bss_end__ = ABSOLUTE(.));
} :NONE
PROVIDE (__end__ = ABSOLUTE(.));
/* ==================
==== Metadata ====
================== */
/* Discard sections that difficult post-processing */
/DISCARD/ : { *(.group .comment .note) }
/* Stabs debugging sections. */
.stab 0 : { *(.stab) }
.stabstr 0 : { *(.stabstr) }
.stab.excl 0 : { *(.stab.excl) }
.stab.exclstr 0 : { *(.stab.exclstr) }
.stab.index 0 : { *(.stab.index) }
.stab.indexstr 0 : { *(.stab.indexstr) }
/* DWARF debug sections.
Symbols in the DWARF debugging sections are relative to the beginning
of the section so we begin them at 0. */
/* DWARF 1 */
.debug 0 : { *(.debug) }
.line 0 : { *(.line) }
/* GNU DWARF 1 extensions */
.debug_srcinfo 0 : { *(.debug_srcinfo) }
.debug_sfnames 0 : { *(.debug_sfnames) }
/* DWARF 1.1 and DWARF 2 */
.debug_aranges 0 : { *(.debug_aranges) }
.debug_pubnames 0 : { *(.debug_pubnames) }
/* DWARF 2 */
.debug_info 0 : { *(.debug_info) }
.debug_abbrev 0 : { *(.debug_abbrev) }
.debug_line 0 : { *(.debug_line) }
.debug_frame 0 : { *(.debug_frame) }
.debug_str 0 : { *(.debug_str) }
.debug_loc 0 : { *(.debug_loc) }
.debug_macinfo 0 : { *(.debug_macinfo) }
} }

7
arm11/linker.specs
View File

@ -1,7 +0,0 @@
%rename link old_link
*link:
%(old_link) -T %:getenv(TOPDIR /linker.ld) --nmagic --gc-sections --no-warn-rwx-segments
*startfile:
crti%O%s crtbegin%O%s

72
arm11/source/main.c
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -37,13 +37,9 @@ extern u32 prepareForFirmlaunchSize;
extern volatile Arm11Operation operation; extern volatile Arm11Operation operation;
static void initScreens(u32 brightnessLevel, struct fb *fbs) static void initScreensSequence(u32 brightnessLevel)
{ {
*(vu32 *)0x10141200 = 0x1007F; *(vu32 *)0x10141200 = 0x1007F;
*(vu32 *)0x10202204 = 0x01000000; //set LCD fill black to hide potential garbage -- NFIRM does it before firmlaunching
*(vu32 *)0x10202A04 = 0x01000000;
*(vu32 *)0x10202014 = 0x00000001; *(vu32 *)0x10202014 = 0x00000001;
*(vu32 *)0x1020200C &= 0xFFFEFFFE; *(vu32 *)0x1020200C &= 0xFFFEFFFE;
*(vu32 *)0x10202240 = brightnessLevel; *(vu32 *)0x10202240 = brightnessLevel;
@ -74,18 +70,14 @@ static void initScreens(u32 brightnessLevel, struct fb *fbs)
*(vu32 *)0x1040045C = 0x00f00190; *(vu32 *)0x1040045C = 0x00f00190;
*(vu32 *)0x10400460 = 0x01c100d1; *(vu32 *)0x10400460 = 0x01c100d1;
*(vu32 *)0x10400464 = 0x01920002; *(vu32 *)0x10400464 = 0x01920002;
*(vu32 *)0x10400468 = (u32)fbs[0].top_left; *(vu32 *)0x10400468 = 0x18300000;
*(vu32 *)0x1040046C = (u32)fbs[1].top_left;
*(vu32 *)0x10400470 = 0x80341; *(vu32 *)0x10400470 = 0x80341;
*(vu32 *)0x10400474 = 0x00010501; *(vu32 *)0x10400474 = 0x00010501;
*(vu32 *)0x10400478 = 0; *(vu32 *)0x10400478 = 0;
*(vu32 *)0x10400494 = (u32)fbs[0].top_right;
*(vu32 *)0x10400498 = (u32)fbs[1].top_right;
*(vu32 *)0x10400490 = 0x000002D0; *(vu32 *)0x10400490 = 0x000002D0;
*(vu32 *)0x1040049C = 0x00000000; *(vu32 *)0x1040049C = 0x00000000;
// Color LUT //Disco register
*(vu32 *)0x10400480 = 0;
for(u32 i = 0; i < 256; i++) for(u32 i = 0; i < 256; i++)
*(vu32 *)0x10400484 = 0x10101 * i; *(vu32 *)0x10400484 = 0x10101 * i;
@ -112,45 +104,26 @@ static void initScreens(u32 brightnessLevel, struct fb *fbs)
*(vu32 *)0x1040055C = 0x00f00140; *(vu32 *)0x1040055C = 0x00f00140;
*(vu32 *)0x10400560 = 0x01c100d1; *(vu32 *)0x10400560 = 0x01c100d1;
*(vu32 *)0x10400564 = 0x01920052; *(vu32 *)0x10400564 = 0x01920052;
*(vu32 *)0x10400568 = (u32)fbs[0].bottom; *(vu32 *)0x10400568 = 0x18300000 + 0x46500;
*(vu32 *)0x1040056C = (u32)fbs[1].bottom;
*(vu32 *)0x10400570 = 0x80301; *(vu32 *)0x10400570 = 0x80301;
*(vu32 *)0x10400574 = 0x00010501; *(vu32 *)0x10400574 = 0x00010501;
*(vu32 *)0x10400578 = 0; *(vu32 *)0x10400578 = 0;
*(vu32 *)0x10400590 = 0x000002D0; *(vu32 *)0x10400590 = 0x000002D0;
*(vu32 *)0x1040059C = 0x00000000; *(vu32 *)0x1040059C = 0x00000000;
// Color LUT //Disco register
*(vu32 *)0x10400580 = 0;
for(u32 i = 0; i < 256; i++) for(u32 i = 0; i < 256; i++)
*(vu32 *)0x10400584 = 0x10101 * i; *(vu32 *)0x10400584 = 0x10101 * i;
*(vu32 *)0x10202204 = 0x00000000; //unset LCD fill
*(vu32 *)0x10202A04 = 0x00000000;
} }
static void setupFramebuffers(struct fb *fbs) static void setupFramebuffers(struct fb *fbs)
{ {
*(vu32 *)0x10202204 = 0x01000000; //set LCD fill black to hide potential garbage -- NFIRM does it before firmlaunching
*(vu32 *)0x10202A04 = 0x01000000;
*(vu32 *)0x10400468 = (u32)fbs[0].top_left; *(vu32 *)0x10400468 = (u32)fbs[0].top_left;
*(vu32 *)0x1040046c = (u32)fbs[1].top_left; *(vu32 *)0x1040046c = (u32)fbs[1].top_left;
*(vu32 *)0x10400494 = (u32)fbs[0].top_right; *(vu32 *)0x10400494 = (u32)fbs[0].top_right;
*(vu32 *)0x10400498 = (u32)fbs[1].top_right; *(vu32 *)0x10400498 = (u32)fbs[1].top_right;
*(vu32 *)0x10400568 = (u32)fbs[0].bottom; *(vu32 *)0x10400568 = (u32)fbs[0].bottom;
*(vu32 *)0x1040056c = (u32)fbs[1].bottom; *(vu32 *)0x1040056c = (u32)fbs[1].bottom;
//Set framebuffer format, framebuffer select and stride
*(vu32 *)0x10400470 = 0x80341;
*(vu32 *)0x10400478 = 0;
*(vu32 *)0x10400490 = 0x2D0;
*(vu32 *)0x10400570 = 0x80301;
*(vu32 *)0x10400578 = 0;
*(vu32 *)0x10400590 = 0x2D0;
*(vu32 *)0x10202204 = 0x00000000; //unset LCD fill
*(vu32 *)0x10202A04 = 0x00000000;
} }
static void clearScreens(struct fb *fb) static void clearScreens(struct fb *fb)
@ -177,7 +150,7 @@ static void swapFramebuffers(bool isAlternate)
{ {
u32 isAlternateTmp = isAlternate ? 1 : 0; u32 isAlternateTmp = isAlternate ? 1 : 0;
*(vu32 *)0x10400478 = (*(vu32 *)0x10400478 & 0xFFFFFFFE) | isAlternateTmp; *(vu32 *)0x10400478 = (*(vu32 *)0x10400478 & 0xFFFFFFFE) | isAlternateTmp;
*(vu32 *)0x10400578 = (*(vu32 *)0x10400578 & 0xFFFFFFFE) | isAlternateTmp; *(vu32 *)0x10400578 = (*(vu32 *)0x10400478 & 0xFFFFFFFE) | isAlternateTmp;
} }
static void updateBrightness(u32 brightnessLevel) static void updateBrightness(u32 brightnessLevel)
@ -195,28 +168,6 @@ static void deinitScreens(void)
*(vu32 *)0x10202014 = 0; *(vu32 *)0x10202014 = 0;
} }
static void zerofillN3dsAblRegisters(void)
{
// It should be fine to write to these regs even on O3DS as they
// are RAZ/WI
// TODO: read from calibration, but null values should do just
// fine. From testing, LUT explicitly ignores null values, and
// it is probably the case of reg @ 0x54 as well.
*(vu32 *)0x10202250 = 0; // unknown 24-bit value, seen: 0
*(vu32 *)0x10202254 = 0; // unknown 24-bit value, seen: nonzero
*(vu32 *)0x10202A50 = 0; // unknown 24-bit value, seen: 0
*(vu32 *)0x10202A54 = 0; // unknown 24-bit value, seen: nonzero
for (u32 i = 0; i < 64; i++) {
// Blend colors (w/ color multiplication) for each group
// of 4 relative-luminance Rs
*(vu32 *)(0x10202300 + 4*i) = 0;
*(vu32 *)(0x10202B00 + 4*i) = 0;
}
}
void main(void) void main(void)
{ {
operation = ARM11_READY; operation = ARM11_READY;
@ -227,8 +178,8 @@ void main(void)
{ {
case ARM11_READY: case ARM11_READY:
continue; continue;
case INIT_SCREENS: case INIT_SCREENS_SEQUENCE:
initScreens(*(vu32 *)ARM11_PARAMETERS_ADDRESS, (struct fb *)(ARM11_PARAMETERS_ADDRESS + 4)); initScreensSequence(*(vu32 *)ARM11_PARAMETERS_ADDRESS);
break; break;
case SETUP_FRAMEBUFFERS: case SETUP_FRAMEBUFFERS:
setupFramebuffers((struct fb *)ARM11_PARAMETERS_ADDRESS); setupFramebuffers((struct fb *)ARM11_PARAMETERS_ADDRESS);
@ -241,13 +192,10 @@ void main(void)
break; break;
case UPDATE_BRIGHTNESS: case UPDATE_BRIGHTNESS:
updateBrightness(*(vu32 *)ARM11_PARAMETERS_ADDRESS); updateBrightness(*(vu32 *)ARM11_PARAMETERS_ADDRESS);
break; break;
case DEINIT_SCREENS: case DEINIT_SCREENS:
deinitScreens(); deinitScreens();
break; break;
case ZEROFILL_N3DS_ABL_REGISTERS:
zerofillN3dsAblRegisters();
break;
case PREPARE_ARM11_FOR_FIRMLAUNCH: case PREPARE_ARM11_FOR_FIRMLAUNCH:
memcpy((void *)0x1FFFFC00, (void *)prepareForFirmlaunch, prepareForFirmlaunchSize); memcpy((void *)0x1FFFFC00, (void *)prepareForFirmlaunch, prepareForFirmlaunchSize);
*(vu32 *)0x1FFFFFFC = 0; *(vu32 *)0x1FFFFFFC = 0;

2
arm11/source/memory.c
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by

2
arm11/source/memory.h
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by

21
arm11/source/start.s
View File

@ -1,5 +1,5 @@
@ This file is part of Luma3DS @ This file is part of Luma3DS
@ Copyright (C) 2016-2020 Aurora Wright, TuxSH @ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@ @
@ This program is free software: you can redistribute it and/or modify @ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by @ it under the terms of the GNU General Public License as published by
@ -21,8 +21,8 @@
@ * Prohibiting misrepresentation of the origin of that material, @ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in @ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version. @ reasonable ways as different from the original version.
.section .text.start, "ax", %progbits .section .text.start
.align 4 .align 4
.global _start .global _start
.type _start, %function .type _start, %function
@ -53,25 +53,20 @@ start:
mcr p15, 0, r0, c7, c7, 0 mcr p15, 0, r0, c7, c7, 0
mcr p15, 0, r0, c7, c10, 4 mcr p15, 0, r0, c7, c10, 4
ldr sp, =__stack_top__
mov fp, #0
@ Clear BSS @ Clear BSS
ldr r0, =__bss_start__ ldr r0, =__bss_start
mov r1, #0 mov r1, #0
ldr r2, =__bss_end__ ldr r2, =__bss_end
sub r2, r0 sub r2, r0
bl memset bl memset32
@ Call the init array
bl __libc_init_array
ldr sp, =__stack_top__
b main b main
.global prepareForFirmlaunch .global prepareForFirmlaunch
.type prepareForFirmlaunch, %function .type prepareForFirmlaunch, %function
prepareForFirmlaunch: prepareForFirmlaunch:
str r0, [r1] @ tell Arm9 we're done str r0, [r1] @ tell ARM9 we're done
mov r0, #0x20000000 mov r0, #0x20000000
_wait_for_core0_entrypoint_loop: _wait_for_core0_entrypoint_loop:

7
arm11/source/types.h
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -50,17 +50,16 @@ struct fb {
u8 *top_left; u8 *top_left;
u8 *top_right; u8 *top_right;
u8 *bottom; u8 *bottom;
}; } __attribute__((packed));
typedef enum typedef enum
{ {
INIT_SCREENS = 0, INIT_SCREENS_SEQUENCE = 0,
SETUP_FRAMEBUFFERS, SETUP_FRAMEBUFFERS,
CLEAR_SCREENS, CLEAR_SCREENS,
SWAP_FRAMEBUFFERS, SWAP_FRAMEBUFFERS,
UPDATE_BRIGHTNESS, UPDATE_BRIGHTNESS,
DEINIT_SCREENS, DEINIT_SCREENS,
ZEROFILL_N3DS_ABL_REGISTERS,
PREPARE_ARM11_FOR_FIRMLAUNCH, PREPARE_ARM11_FOR_FIRMLAUNCH,
ARM11_READY, ARM11_READY,
} Arm11Operation; } Arm11Operation;

191
arm9/Makefile
View File

@ -1,191 +0,0 @@
#---------------------------------------------------------------------------------
.SUFFIXES:
#---------------------------------------------------------------------------------
ifeq ($(strip $(DEVKITARM)),)
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
endif
TOPDIR ?= $(CURDIR)
include $(DEVKITARM)/base_rules
export REVISION := $(shell git describe --tags --match v[0-9]* --abbrev=8 | sed 's/-[0-9]*-g/-/')
export VERSION_MAJOR := $(shell git describe --tags --match v[0-9]* | cut -c2- | cut -f1 -d- | cut -f1 -d.)
export VERSION_MINOR := $(shell git describe --tags --match v[0-9]* | cut -c2- | cut -f1 -d- | cut -f2 -d.)
export VERSION_BUILD := $(shell git describe --tags --match v[0-9]* | cut -c2- | cut -f1 -d- | cut -f3 -d.)
export COMMIT := $(shell git rev-parse --short=8 HEAD)
export IS_RELEASE := 0
ifeq ($(strip $(REVISION)),)
export REVISION := v0.0.0-0
export VERSION_MAJOR := 0
export VERSION_MINOR := 0
export VERSION_BUILD := 0
endif
ifeq ($(strip $(COMMIT)),)
export COMMIT := 0
endif
ifeq ($(strip $(VERSION_BUILD)),)
export VERSION_BUILD := 0
endif
ifeq ($(strip $(shell git describe --tags --match v[0-9]* | grep -)),)
export IS_RELEASE := 1
endif
# Default 3DSX TitleID for hb:ldr (note: also defined in top-level Makefile)
export HBLDR_DEFAULT_3DSX_TID ?= 000400000D921E00
#---------------------------------------------------------------------------------
# TARGET is the name of the output
# BUILD is the directory where object files & intermediate files will be placed
# SOURCES is a list of directories containing source code
# DATA is a list of directories containing data files
# INCLUDES is a list of directories containing header files
#---------------------------------------------------------------------------------
APP_TITLE := Luma3DS
TARGET := $(notdir $(CURDIR))
BUILD := build
SOURCES := source source/fatfs source/fatfs/sdmmc
DATA := data
INCLUDES := include
#---------------------------------------------------------------------------------
# options for code generation
#---------------------------------------------------------------------------------
ARCH := -marm -march=armv5te -mtune=arm946e-s
ifeq ($(BUILD_FOR_EXPLOIT_DEV),1)
DEFINES := -DARM9 -D__3DS__ -DHBLDR_DEFAULT_3DSX_TID="0x$(HBLDR_DEFAULT_3DSX_TID)ULL" -DBUILD_FOR_EXPLOIT_DEV=1
else
DEFINES := -DARM9 -D__3DS__ -DHBLDR_DEFAULT_3DSX_TID="0x$(HBLDR_DEFAULT_3DSX_TID)ULL"
endif
FALSEPOSITIVES := -Wno-array-bounds -Wno-stringop-overflow -Wno-stringop-overread
CFLAGS := -g -std=gnu11 -Wall -Wextra -Werror -O2 -mword-relocations \
-fomit-frame-pointer -ffunction-sections -fdata-sections \
-Wno-main $(FALSEPOSITIVES) $(ARCH) $(DEFINES)
CFLAGS += $(INCLUDE)
CXXFLAGS := $(CFLAGS) -fno-rtti -fno-exceptions -std=gnu++11
ASFLAGS := -g $(ARCH)
LDFLAGS = -specs=$(TOPDIR)/linker.specs -g $(ARCH) -Wl,-Map,$(notdir $*.map)
LIBS :=
#---------------------------------------------------------------------------------
# list of directories containing libraries, this must be the top level containing
# include and lib
#---------------------------------------------------------------------------------
LIBDIRS :=
#---------------------------------------------------------------------------------
# no real need to edit anything past this point unless you need to add additional
# rules for different file extensions
#---------------------------------------------------------------------------------
ifneq ($(BUILD),$(notdir $(CURDIR)))
#---------------------------------------------------------------------------------
export OUTPUT := $(CURDIR)/$(TARGET)
export TOPDIR := $(CURDIR)
export VPATH := $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) \
$(foreach dir,$(DATA),$(CURDIR)/$(dir))
export DEPSDIR := $(CURDIR)/$(BUILD)
export APP_TITLE := $(notdir $(TOPDIR)/..)
CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c)))
CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp)))
SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s)))
BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*)))
#---------------------------------------------------------------------------------
# use CXX for linking C++ projects, CC for standard C
#---------------------------------------------------------------------------------
ifeq ($(strip $(CPPFILES)),)
#---------------------------------------------------------------------------------
export LD := $(CC)
#---------------------------------------------------------------------------------
else
#---------------------------------------------------------------------------------
export LD := $(CXX)
#---------------------------------------------------------------------------------
endif
#---------------------------------------------------------------------------------
export OFILES_BIN := $(addsuffix .o,$(BINFILES))
export OFILES_SRC := $(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
export OFILES := $(OFILES_BIN) $(OFILES_SRC)
export HFILES_BIN := $(addsuffix .h,$(subst .,_,$(BINFILES)))
export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \
$(foreach dir,$(LIBDIRS),-I$(dir)/include) \
-I$(CURDIR)/$(BUILD)
export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib)
.PHONY: $(BUILD) clean all
#---------------------------------------------------------------------------------
all: $(BUILD)
$(BUILD):
@[ -d $@ ] || mkdir -p $@
@$(MAKE) --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile
#---------------------------------------------------------------------------------
clean:
@echo clean ...
@rm -fr $(BUILD) $(TARGET).bin $(TARGET).elf
#---------------------------------------------------------------------------------
else
.PHONY: all
DEPENDS := $(OFILES:.o=.d)
#---------------------------------------------------------------------------------
# main targets
#---------------------------------------------------------------------------------
all : $(OUTPUT).elf
$(OUTPUT).elf : $(OFILES)
%.elf: $(OFILES)
@echo linking $(notdir $@)
@$(LD) $(LDFLAGS) $(OFILES) $(LIBPATHS) $(LIBS) -o $@
@$(NM) -CSn $@ > $(notdir $*.lst)
$(OFILES_SRC) : $(HFILES_BIN)
memory.o strings.o: CFLAGS += -O3
patches.o config.o: CFLAGS += -DCONFIG_TITLE="\"$(APP_TITLE) $(REVISION) configuration\""\
-DVERSION_MAJOR="$(VERSION_MAJOR)" -DVERSION_MINOR="$(VERSION_MINOR)"\
-DVERSION_BUILD="$(VERSION_BUILD)" -DISRELEASE="$(IS_RELEASE)" -DCOMMIT_HASH="0x$(COMMIT)"
config.o ini.o: CFLAGS += -DINI_HANDLER_LINENO=1 -DINI_STOP_ON_FIRST_ERROR=1
#---------------------------------------------------------------------------------
# you need a rule like this for each extension you use as binary data
#---------------------------------------------------------------------------------
%.bin.o %_bin.h : %.bin
#---------------------------------------------------------------------------------
@echo $(notdir $<)
@$(bin2o)
#---------------------------------------------------------------------------------
%.ini.o %_ini.h: %.ini
#---------------------------------------------------------------------------------
@echo $(notdir $<)
@$(bin2o)
-include $(DEPENDS)
#---------------------------------------------------------------------------------------
endif
#---------------------------------------------------------------------------------------

BIN
arm9/data/config_template.ini
View File

Binary file not shown.

210
arm9/linker.ld
View File

@ -1,210 +0,0 @@
OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
OUTPUT_ARCH(arm)
ENTRY(_start)
PHDRS
{
crt0 PT_LOAD;
itcm PT_LOAD;
main PT_LOAD;
}
/* Mostly copied from https://github.com/devkitPro/buildscripts/blob/master/dkarm-eabi/crtls/3dsx.ld */
MEMORY
{
main : ORIGIN = 0x08006000, LENGTH = 0x080F0000 - 0x08006000
itcm : ORIGIN = 0x01FF8000, LENGTH = 0x01FFB800 - 0x01FF8000 /* Unused ITCM slice. */
}
SECTIONS
{
PROVIDE(__start__ = 0x08006000);
PROVIDE(__stack_top__ = 0x08100000);
PROVIDE(__stack_bottom__ = 0x080F0000);
PROVIDE(__itcm_stack_top__ = 0x01FFB800);
PROVIDE(__itcm_stack_bottom__ = 0x01FFA800);
. = __start__;
.crt0 :
{
KEEP( *(.text.start) )
KEEP( *(.init) )
. = ALIGN(32);
} >main :crt0
.itcm_loadable :
{
PROVIDE (__itcm_start__ = ABSOLUTE(.));
PROVIDE (__itcm_lma__ = LOADADDR(.itcm_loadable));
KEEP(*(.arm9_exception_handlers.text))
*(.arm9_exception_handlers.text*)
KEEP(*(.chainloader.text.start))
chainloader.o(.text*)
i2c.o(.text*)
arm9_exception_handlers.o(.text*)
KEEP (*(.emunand_patch))
*(.arm9_exception_handlers.rodata*)
chainloader.o(.rodata*)
i2c.o(.rodata*)
arm9_exception_handlers.o(.rodata*)
*(.arm9_exception_handlers.data*)
chainloader.o(.data*)
i2c.o(.data*)
arm9_exception_handlers.o(.data*)
. = ALIGN(32);
} >itcm AT>main :itcm
.itcm_bss (NOLOAD) :
{
. = ALIGN(32);
PROVIDE (__itcm_bss_start__ = ABSOLUTE(.));
*(.arm9_exception_handlers.bss*)
chainloader.o(.bss* COMMON)
i2c.o(.bss* COMMON)
arm9_exception_handlers.o(.bss* COMMON)
. = ALIGN(32);
PROVIDE (__itcm_end__ = ABSOLUTE(.));
} >itcm :NONE
.text :
{
/* .text */
*(.text)
*(.text.*)
*(.glue_7)
*(.glue_7t)
*(.stub)
*(.gnu.warning)
*(.gnu.linkonce.t*)
/* .fini */
KEEP( *(.fini) )
. = ALIGN(8);
} >main :main
.rodata :
{
*(.rodata)
*(.roda)
*(.rodata.*)
*all.rodata*(*)
*(.gnu.linkonce.r*)
SORT(CONSTRUCTORS)
. = ALIGN(8);
} >main
.preinit_array :
{
PROVIDE (__preinit_array_start = .);
KEEP (*(.preinit_array))
PROVIDE (__preinit_array_end = .);
} >main
.init_array ALIGN(4) :
{
PROVIDE (__init_array_start = .);
KEEP (*(SORT(.init_array.*)))
KEEP (*(.init_array))
PROVIDE (__init_array_end = .);
} >main
.fini_array ALIGN(4) :
{
PROVIDE (__fini_array_start = .);
KEEP (*(.fini_array))
KEEP (*(SORT(.fini_array.*)))
PROVIDE (__fini_array_end = .);
} >main
.ctors ALIGN(4) :
{
KEEP (*crtbegin.o(.ctors)) /* MUST be first -- GCC requires it */
KEEP (*(EXCLUDE_FILE (*crtend.o) .ctors))
KEEP (*(SORT(.ctors.*)))
KEEP (*(.ctors))
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
} >main
.dtors ALIGN(4) :
{
KEEP (*crtbegin.o(.dtors))
KEEP (*(EXCLUDE_FILE (*crtend.o) .dtors))
KEEP (*(SORT(.dtors.*)))
KEEP (*(.dtors))
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
} >main
.ARM.extab : { *(.ARM.extab* .gnu.linkonce.armextab.*) __exidx_start = ABSOLUTE(.);} >main
ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) __exidx_end = ABSOLUTE(.);} >main
.data :
{
*(.data)
*(.data.*)
KEEP (*(.large_patch*))
*(.gnu.linkonce.d*)
CONSTRUCTORS
. = ALIGN(32);
} >main
.bss (NOLOAD) :
{
. = ALIGN(32);
PROVIDE (__bss_start__ = ABSOLUTE(.));
*(.dynbss)
*(.bss)
*(.bss.*)
*(.gnu.linkonce.b*)
*(COMMON)
. = ALIGN(8);
PROVIDE (__bss_end__ = ABSOLUTE(.));
} >main :NONE
__end__ = ABSOLUTE(.) ;
/* ==================
==== Metadata ====
================== */
/* Discard sections that difficult post-processing */
/DISCARD/ : { *(.group .comment .note) }
/* Stabs debugging sections. */
.stab 0 : { *(.stab) }
.stabstr 0 : { *(.stabstr) }
.stab.excl 0 : { *(.stab.excl) }
.stab.exclstr 0 : { *(.stab.exclstr) }
.stab.index 0 : { *(.stab.index) }
.stab.indexstr 0 : { *(.stab.indexstr) }
/* DWARF debug sections.
Symbols in the DWARF debugging sections are relative to the beginning
of the section so we begin them at 0. */
/* DWARF 1 */
.debug 0 : { *(.debug) }
.line 0 : { *(.line) }
/* GNU DWARF 1 extensions */
.debug_srcinfo 0 : { *(.debug_srcinfo) }
.debug_sfnames 0 : { *(.debug_sfnames) }
/* DWARF 1.1 and DWARF 2 */
.debug_aranges 0 : { *(.debug_aranges) }
.debug_pubnames 0 : { *(.debug_pubnames) }
/* DWARF 2 */
.debug_info 0 : { *(.debug_info) }
.debug_abbrev 0 : { *(.debug_abbrev) }
.debug_line 0 : { *(.debug_line) }
.debug_frame 0 : { *(.debug_frame) }
.debug_str 0 : { *(.debug_str) }
.debug_loc 0 : { *(.debug_loc) }
.debug_macinfo 0 : { *(.debug_macinfo) }
}

7
arm9/linker.specs
View File

@ -1,7 +0,0 @@
%rename link old_link
*link:
%(old_link) -T %:getenv(TOPDIR /linker.ld) --nmagic --gc-sections --no-warn-rwx-segments
*startfile:
crti%O%s crtbegin%O%s

28
arm9/source/alignedseqmemcpy.h
View File

@ -1,28 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "types.h"
void *alignedseqmemcpy(void *dst, const void *src, u32 len);

168
arm9/source/arm9_exception_handlers_asm.s
View File

@ -1,168 +0,0 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016-2020 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@ the Free Software Foundation, either version 3 of the License, or
@ (at your option) any later version.
@
@ This program is distributed in the hope that it will be useful,
@ but WITHOUT ANY WARRANTY; without even the implied warranty of
@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@ GNU General Public License for more details.
@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b and 7.c of GPLv3 apply to this file:
@ * Requiring preservation of specified reasonable legal notices or
@ author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version.
.macro GEN_USUAL_HANDLER name, index
\name\()Handler:
ldr sp, =_regs
stmia sp, {r0-r7}
mov r0, #\index
b _arm9ExceptionHandlerCommon
.endm
.section .arm9_exception_handlers.text, "ax", %progbits
.arm
.align 4
.global _arm9ExceptionHandlerCommon
.type _arm9ExceptionHandlerCommon, %function
_arm9ExceptionHandlerCommon:
mov r1, r0
mov r0, sp
mrs r2, spsr
mrs r3, cpsr
add r6, r0, #(8 * 4)
orr r3, #0xc0 @ mask interrupts
msr cpsr_cx, r3
ands r4, r2, #0xf @ get the mode that triggered the exception
moveq r4, #0xf @ usr => sys
bic r5, r3, #0xf
orr r5, r4
msr cpsr_c, r5 @ change processor mode
stmia r6!, {r8-lr}
msr cpsr_c, r3 @ restore processor mode
str lr, [r6], #4
str r2, [r6]
msr cpsr_cxsf, #0xdf @ finally, switch to system mode, mask interrupts and clear flags (in case of double faults)
ldr sp, =0x02000000
b arm9ExceptionHandlerMain
.global FIQHandler
.type FIQHandler, %function
GEN_USUAL_HANDLER FIQ, 0
.global undefinedInstructionHandler
.type undefinedInstructionHandler, %function
GEN_USUAL_HANDLER undefinedInstruction, 1
.global prefetchAbortHandler
.type prefetchAbortHandler, %function
prefetchAbortHandler:
msr cpsr_cx, #0xd7 @ mask interrupts (abort mode)
mrs sp, spsr
and sp, #0x3f
cmp sp, #0x13
bne _prefetchAbortNormalHandler
ldr sp, =arm9ExceptionHandlerSvcBreakAddress
ldr sp, [sp]
cmp sp, #0
beq _prefetchAbortNormalHandler
add sp, #(1*4 + 4)
cmp lr, sp
bne _prefetchAbortNormalHandler
mov sp, r8
pop {r8-r11}
ldr lr, [sp, #8]!
ldr sp, [sp, #4]
msr spsr_cxsf, sp
tst sp, #0x20
addne lr, #2 @ adjust address for later
GEN_USUAL_HANDLER _prefetchAbortNormal, 2
.global dataAbortHandler
.type dataAbortHandler, %function
dataAbortHandler:
msr cpsr_cx, #0xd7 @ mask interrupts (abort mode)
mrs sp, spsr
and sp, #0x3f
cmp sp, #0x1f
bne _dataAbortNormalHandler
sub lr, #8
adr sp, safecpy
cmp lr, sp
blo _j_dataAbortNormalHandler
adr sp, _safecpy_end
cmp lr, sp
bhs _j_dataAbortNormalHandler
msr spsr_f, #(1 << 30)
mov r12, #0
adds pc, lr, #4
_j_dataAbortNormalHandler:
add lr, #8
GEN_USUAL_HANDLER _dataAbortNormal, 3
.global safecpy
.type safecpy, %function
safecpy:
push {r4, lr}
mov r3, #0
movs r12, #1
_safecpy_loop:
ldrb r4, [r1, r3]
cmp r12, #0
beq _safecpy_loop_end
strb r4, [r0, r3]
add r3, #1
cmp r3, r2
blo _safecpy_loop
_safecpy_loop_end:
mov r0, r3
pop {r4, pc}
_safecpy_end:
.section .arm9_exception_handlers.rodata, "a", %progbits
.align 4
.global arm9ExceptionHandlerAddressTable
arm9ExceptionHandlerAddressTable:
.word 0 @ IRQ
.word FIQHandler @ FIQ
.word 0 @ SVC
.word undefinedInstructionHandler @ Undefined instruction
.word prefetchAbortHandler @ Prefetch abort
.word dataAbortHandler @ Data abort
.section .arm9_exception_handlers.bss, "aw", %nobits
.align 4
.global arm9ExceptionHandlerSvcBreakAddress
arm9ExceptionHandlerSvcBreakAddress:
.skip 4
_regs: .skip (4 * 17)

84
arm9/source/chainloader.c
View File

@ -1,84 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "chainloader.h"
#include "screen.h"
void disableMpuAndJumpToEntrypoints(int argc, char **argv, void *arm11Entry, void *arm9Entry);
#pragma GCC optimize (3)
static void *xmemcpy(void *dst, const void *src, u32 len)
{
const u8 *src8 = (const u8 *)src;
u8 *dst8 = (u8 *)dst;
for (u32 i = 0; i < len; i++) {
dst8[i] = src8[i];
}
return dst;
}
static void doLaunchFirm(Firm *firm, int argc, char **argv)
{
//Copy FIRM sections to respective memory locations
for(u32 sectionNum = 0; sectionNum < 4; sectionNum++)
xmemcpy(firm->section[sectionNum].address, (u8 *)firm + firm->section[sectionNum].offset, firm->section[sectionNum].size);
disableMpuAndJumpToEntrypoints(argc, argv, firm->arm9Entry, firm->arm11Entry);
__builtin_unreachable();
}
void chainloader_main(int argc, char **argv, Firm *firm)
{
char *argvPassed[2],
absPath[24 + 255];
struct fb fbs[2];
if(argc > 0)
{
u32 i;
for(i = 0; i < sizeof(absPath) - 1 && argv[0][i] != 0; i++)
absPath[i] = argv[0][i];
absPath[i] = 0;
argvPassed[0] = (char *)absPath;
}
if(argc == 2)
{
struct fb *fbsrc = (struct fb *)argv[1];
fbs[0] = fbsrc[0];
fbs[1] = fbsrc[1];
argvPassed[1] = (char *)&fbs;
}
doLaunchFirm(firm, argc, argvPassed);
}

1209
arm9/source/config.c
View File

File diff suppressed because it is too large Load Diff

279
arm9/source/deliver_arg.c
View File

@ -1,279 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2022 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "deliver_arg.h"
#include "utils.h"
#include "memory.h"
#include "config.h"
#include "fs.h"
#include "i2c.h"
#include "screen.h"
u8 *loadDeliverArg(void)
{
static __attribute__((aligned(8))) u8 deliverArg[0x1000] = {0};
static bool deliverArgLoaded = false;
if (!deliverArgLoaded)
{
u32 bootenv = CFG_BOOTENV; // this register is preserved across reboots
if ((bootenv & 1) == 0) // true coldboot
{
memset(deliverArg, 0, 0x1000);
}
else
{
u32 mode = bootenv >> 1;
if (mode == 0) // CTR mode
{
memcpy(deliverArg, (const void *)0x20000000, 0x1000);
// Validate deliver arg
u32 testPattern = *(u32 *)(deliverArg + 0x438);
u32 *crcPtr = (u32 *)(deliverArg + 0x43C);
u32 crc = *crcPtr;
*crcPtr = 0; // clear crc field before calculation
u32 expectedCrc = crc32(deliverArg + 0x400, 0x140, 0xFFFFFFFF);
*crcPtr = crc;
if (testPattern != 0xFFFF || crc != expectedCrc)
memset(deliverArg, 0, 0x1000);
}
else // Legacy modes
{
// Copy TWL deliver arg stuff as-is (0...0x300)
copyFromLegacyModeFcram(deliverArg, (const void *)0x20000000, 0x400);
// Validate TLNC (TWL launcher params) block
// Note: Nintendo doesn't do crcLen bound check
u8 *tlnc = deliverArg + 0x300;
bool hasMagic = memcmp(tlnc, "TLNC", 4) == 0;
u8 crcLen = tlnc[5];
u16 crc = *(u16 *)(tlnc + 6);
if (!hasMagic || (8 + crcLen) > 0x100 || crc != crc16(tlnc + 8, crcLen, 0xFFFF))
memset(tlnc, 0, 0x100);
memset(deliverArg + 0x400, 0, 0xC00);
}
}
deliverArgLoaded = true;
}
return deliverArg;
}
void commitDeliverArg(void)
{
u8 *deliverArg = loadDeliverArg();
u32 bootenv = CFG_BOOTENV;
if ((bootenv & 1) == 0) // if true coldboot, set bootenv to "CTR mode reboot"
{
bootenv = 1;
CFG_BOOTENV = 1;
}
u32 mode = bootenv >> 1;
if (mode == 0) // CTR mode
{
*(u32 *)(deliverArg + 0x438) = 0xFFFF;
*(u32 *)(deliverArg + 0x43C) = 0; // clear CRC field before calculating it
*(u32 *)(deliverArg + 0x43C) = crc32(deliverArg + 0x400, 0x140, 0xFFFFFFFF);
memcpy((void *)0x20000000, deliverArg, 0x1000);
}
else // Legacy modes (just TWL mode, really)
{
copyToLegacyModeFcram((void *)0x20000000, deliverArg, 0x400);
}
}
bool hasValidTlncAutobootParams(void)
{
u8 *tlnc = loadDeliverArg() + 0x300; // loadDeliverArg clears invalid TLNC blocks
return memcmp(tlnc, "TLNC", 4) == 0 && (*(u16 *)(tlnc + 0x18) & 1) != 0;
}
bool isTwlToCtrLaunch(void)
{
// assumes TLNC block is valid
u8 *tlnc = loadDeliverArg() + 0x300; // loadDeliverArg clears invalid TLNC blocks
u64 twlTid = *(u64 *)(tlnc + 0x10);
switch (twlTid & ~0xFFull)
{
case 0x0000000000000000ull: // TWL Launcher -> Home menu (note: NS checks full TID)
case 0x00030015484E4200ull: // TWL System Settings -> CTR System Settings (mset)
return true;
default:
return false;
}
}
static bool configureHomebrewAutobootCtr(u8 *deliverArg)
{
static const u8 appmemtypesO3ds[] = { 0, 2, 3, 4, 5 };
static const u8 appmemtypesN3ds[] = { 6, 7, 7, 7, 7 };
u64 hbldrTid = configData.hbldr3dsxTitleId;
hbldrTid = hbldrTid == 0 ? HBLDR_DEFAULT_3DSX_TID : hbldrTid; // replicate Loader's behavior
if ((hbldrTid >> 46) != 0x10) // Not a CTR titleId. Bail out
return false;
u8 memtype = configData.autobootCtrAppmemtype;
// autobootCtrAppmemtype already checked, but it doesn't hurt to check again
memtype = memtype >= 5 ? 0 : memtype;
deliverArg[0x400] = ISN3DS ? appmemtypesN3ds[memtype] : appmemtypesO3ds[memtype];
// Determine whether to load from the SD card or from NAND. We don't support gamecards for this
u32 category = (hbldrTid >> 32) & 0xFFFF;
bool isSdApp = (category & 0x10) == 0 && category != 1; // not a system app nor a DLP child
*(u64 *)(deliverArg + 0x440) = hbldrTid;
*(u64 *)(deliverArg + 0x448) = isSdApp ? 1 : 0;
// Tell NS to run the title, and that it's not a title jump from legacy mode
*(u32 *)(deliverArg + 0x460) = (0 << 1) | (1 << 0);
// Whenever power button is held long enough ("force shutdown"), mcu sysmodule
// stores a flag in free reg 0. It will clear it next boot.
// During that next boot, if that flag was set and if CFG_BOOTENV.bit0 is set
// (warmboot/firm chainload, i.e. not coldbooting), then main() will simulate
// a "power button held" interrupt (after upgrading mcu fw if necessary -- it
// will reboot console after if it has upgraded mcu fw, I guess that's one of
// the reasons the flag is there). This obviously cause other processes to initiate
// a shutdown, and it also sets that flag again.
// In the case of autoboot, ns will panic when this happens. This caused
// hb autoboot to keep failing over and over again.
// Select free reg 0, read it, select it again, write it (clearing force shutdown flag)
I2C_writeReg(I2C_DEV_MCU, 0x60, 0);
u8 flags = I2C_readReg(I2C_DEV_MCU, 0x61);
flags &= ~4;
I2C_writeReg(I2C_DEV_MCU, 0x60, 0);
I2C_writeReg(I2C_DEV_MCU, 0x61, flags);
CFG_BOOTENV = 1;
return true;
}
static bool configureHomebrewAutobootTwl(u8 *deliverArg)
{
// Here, we pretend to be a TWL app rebooting into another TWL app.
// We get NS to do all the heavy lifting (starting NWM and AM, etc.) this way.
memset(deliverArg + 0x000, 0, 0x300); // zero TWL deliver arg params
// Now onto TLNC (launcher params):
u8 *tlnc = deliverArg + 0x300;
memset(tlnc, 0, 0x100);
memcpy(tlnc, "TLNC", 4);
tlnc[4] = 1; // version
tlnc[5] = 0x18; // length of data to calculate CRC over
*(u64 *)(tlnc + 8) = 0; // old title ID
*(u64 *)(tlnc + 0x10) = configData.autobootTwlTitleId; // new title ID
// bit4: "skip logo" ; bits2:1: NAND boot ; bit0: valid
*(u16 *)(tlnc + 0x18) = (1 << 4) | (3 << 1) | (1 << 0);
*(u16 *)(tlnc + 6) = crc16(tlnc + 8, 0x18, 0xFFFF);
// Even though (when running TWL/AGB FIRM) the SoC is in O3DS mode, and the GPU also is,
// as well as most other components behaving as such (external RAM, L2C not usable, etc.),
// this is NOT the case for the LCD and adaptive backlight logic which retains FULL N3DS
// functionality, including a feature where the window is blended with a given color depending
// on the overall relative luminance of that window.
// However, Nintendo's own code mistakenly assumes the opposite, and clearly so ("if GPU in N3DS mode"
// checks, not passing N3DS extra adaptive backlight (ABL) to TWL/AGB_FIRM). This has implications:
// - Powersaving (ABL) settings in TWL/AGB_FIRM is inconsistent with *both* O3DS (because the new RGB blend LUT
// has been set to its current value by NATIVE_FIRM) and N3DS (because "pwn_cnt" and "inertia" are missing
// their N3DS-only bits)
// - "rave party" when booting into TWL/AGB_FIRM or O3DS NATIVE_FIRM without these regs (well, the LUT) initialized.
// Easiest way to do so is by leveraging the "DSi autooboot" feature Luma provides. It is worth noting at least
// the LUT survives hardware reboots (if Nintendo were using DSi software that was using TLNC-based reboots,
// they wouldn't have noticed).
// As such, zerofill these registers (from testing, hardware explicitly discards null values, so this
// should be fine). For now, only touch the Luma-initiated autoboot path
if (ISN3DS)
zerofillN3dsAblRegisters();
CFG_BOOTENV = 3;
return true;
}
bool configureHomebrewAutoboot(void)
{
bool ret;
u8 *deliverArg = loadDeliverArg();
u32 bootenv = CFG_BOOTENV;
u32 mode = bootenv >> 1;
// NS always writes a valid deliver arg on reboot, no matter what.
// Check if it is empty, and, of course, bail out if we aren't rebooting from
// NATIVE_FIRM.
// Checking if it is empty is necessary to let us reboot from autobooted hbmenu
// to hbmenu.
if (mode != 0)
return false;
else if (bootenv == 1)
{
for (u32 i = 0; i < 0x410; i++)
{
if (deliverArg[i] != 0)
return false;
}
for (u32 i = 0x440; i < 0x1000; i++)
{
if (deliverArg[i] != 0)
return false;
}
}
switch (MULTICONFIG(AUTOBOOTMODE))
{
case 1:
ret = configureHomebrewAutobootCtr(deliverArg);
break;
case 2:
ret = configureHomebrewAutobootTwl(deliverArg);
break;
case 0:
default:
ret = false;
break;
}
if (ret)
commitDeliverArg();
return ret;
}

338
arm9/source/emunand.c
View File

@ -1,338 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2021 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* Code for locating the SDMMC struct by Normmatt
*/
#include "emunand.h"
#include "memory.h"
#include "utils.h"
#include "fatfs/sdmmc/sdmmc.h"
#include "large_patches.h"
u32 emuOffset,
emuHeader;
void locateEmuNand(FirmwareSource *nandType, u32 *emunandIndex, bool configureCtrNandParams)
{
static u8 __attribute__((aligned(4))) temp[0x200];
static u32 nandSize = 0,
fatStart;
if(!nandSize)
{
nandSize = getMMCDevice(0)->total_size;
sdmmc_sdcard_readsectors(0, 1, temp);
fatStart = *(u32 *)(temp + 0x1C6); //First sector of the FAT partition
}
/*if (*nandType == FIRMWARE_SYSNAND)
return;*/
for(u32 i = 0; i < 3; i++) // Test the different kinds of multi-EmuNAND there are, unless we are looking for the first one
{
static const u32 roundedMinsizes[] = {0x1D8000, 0x26E000};
u32 nandOffset;
switch(i)
{
case 1:
nandOffset = ROUND_TO_4MB(nandSize + 1); //"Default" layout
break;
case 2:
nandOffset = roundedMinsizes[ISN3DS ? 1 : 0]; //"Minsize" layout
break;
case 0:
nandOffset = nandSize > 0x200000 ? 0x400000 : 0x200000; //"Legacy" layout
break;
}
nandOffset *= *emunandIndex; // always 0 for 1st EmuNAND
if(fatStart >= nandOffset + roundedMinsizes[ISN3DS ? 1 : 0])
{
//Check for RedNAND
if(!sdmmc_sdcard_readsectors(nandOffset + 1, 1, temp) && memcmp(temp + 0x100, "NCSD", 4) == 0)
{
if (configureCtrNandParams)
{
emuOffset = nandOffset + 1;
emuHeader = 0;
}
return;
}
//Check for Gateway EmuNAND
else if(i != 2 && !sdmmc_sdcard_readsectors(nandOffset + nandSize, 1, temp) && memcmp(temp + 0x100, "NCSD", 4) == 0)
{
if (configureCtrNandParams)
{
emuOffset = nandOffset;
emuHeader = nandSize;
}
return;
}
}
if(*emunandIndex == 0) break; // See above comments
}
//Fallback to the first EmuNAND if there's no second/third/fourth one, or to SysNAND if there isn't any
if(*emunandIndex != 0)
{
*emunandIndex = 0;
locateEmuNand(nandType, emunandIndex, configureCtrNandParams);
}
else *nandType = FIRMWARE_SYSNAND;
}
static inline u32 getProtoSdmmc(u32 *sdmmc, u32 firmVersion)
{
switch(firmVersion)
{
case 243: // SDK 0.9.x (0.9.7?)
*sdmmc = (0x080AAA28 + 0x4e0);
break;
case 238: // SDK 0.10
*sdmmc = (0x080BEA70 + 0x690);
break;
default:
return 1;
}
return 0;
}
static inline u32 getOldSdmmc(u32 *sdmmc, u32 firmVersion)
{
switch(firmVersion)
{
case 0x18:
*sdmmc = 0x080D91D8;
break;
case 0x1D:
case 0x1F:
*sdmmc = 0x080D8CD0;
break;
default:
return 1;
}
return 0;
}
static inline u32 getSdmmc(u8 *pos, u32 size, u32 *sdmmc)
{
//Look for struct code
static const u8 pattern[] = {0x21, 0x20, 0x18, 0x20};
const u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
*sdmmc = *(u32 *)(off + 9) + *(u32 *)(off + 0xD);
return 0;
}
static inline u32 patchNandRw(u8 *pos, u32 size, u32 hookAddr)
{
//Look for read/write code
static const u8 pattern[] = {0x1E, 0x00, 0xC8, 0x05};
u16 *readOffset = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
if(readOffset == NULL) return 1;
readOffset -= 3;
u16 *writeOffset = (u16 *)memsearch((u8 *)(readOffset + 5), pattern, 0x100, sizeof(pattern));
if(writeOffset == NULL) return 1;
writeOffset -= 3;
*readOffset = *writeOffset = 0x4C00;
readOffset[1] = writeOffset[1] = 0x47A0;
((u32 *)writeOffset)[1] = ((u32 *)readOffset)[1] = hookAddr;
return 0;
}
static inline u32 patchProtoNandRw(u8 *pos, u32 size, u32 hookAddr, u32 hookCidAddr)
{
//Look for read/write code
static const u8 pattern[] = {
0x03, 0x00, 0x51, 0xE3, // cmp r1, #3
0x02, 0xC0, 0xA0, 0xE1, // mov r12, r2
0x04, 0x00, 0x80, 0xE2, // add r0, r0, #4
};
u32 *writeOffset = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
if(writeOffset == NULL) return 1;
u32 *readOffset = (u32 *)memsearch((u8 *)(writeOffset + 3), pattern, 0x400, sizeof(pattern));
if(readOffset == NULL) return 1;
// Find the sdmmc mount/init(?) function
static const u8 mount_pattern[] = {
0x20, 0x00, 0x84, 0xE2, // add r0, r4, 0x20
0x01, 0x20, 0xA0, 0xE3, // mov r2, #1
0x00, 0x10, 0xA0, 0xE3, // mov r1, #0
};
u32* mountOffset = (u32*) memsearch(pos, mount_pattern, size, sizeof(mount_pattern));
if (mountOffset == NULL) return 1;
// Find the sdmmc read cid function.
static const u8 readcid_pattern[] = {
0x31, 0xFF, 0x2F, 0xE1, // blx r1
0x20, 0x60, 0x9F, 0xE5, // ldr r6, [pc, #0x20] // =failing_result
0x00, 0x00, 0x50, 0xE3, // cmp r0, #0
};
u32* readCidOffset = (u32*) memsearch(pos, readcid_pattern, size, sizeof(readcid_pattern));
if (readCidOffset == NULL) return 1;
readCidOffset -= 5;
mountOffset[1] = 0xe3a02000; // mov r2, #0 // sd-card
readOffset[0] = writeOffset[0] = 0xe52de004; // push {lr}
readOffset[1] = writeOffset[1] = 0xe59fc000; // ldr r12, [pc, #0]
readOffset[2] = writeOffset[2] = 0xe12fff3c; // blx r12
readOffset[3] = writeOffset[3] = hookAddr;
readCidOffset[0] = 0xe59fc000; // ldr r12, [pc, #0]
readCidOffset[1] = 0xe12fff3c; // blx r12
readCidOffset[2] = hookCidAddr;
// Read the emmc cid into the place hook will copy it from
sdmmc_get_cid(1, emunandPatchNandCid);
return 0;
}
static inline u32 patchProtoNandRw238(u8 *pos, u32 size, u32 hookAddr, u32 hookCidAddr)
{
//Look for read/write code
static const u8 pattern[] = {
0x03, 0x00, 0x50, 0xE3, // cmp r0, #3
0x00, 0x00, 0xA0, 0x13, // movne r0, #0
0x01, 0x00, 0xA0, 0x03, // moveq r0, #1
};
u32 *writeOffset = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
if(writeOffset == NULL) return 1;
u32 *readOffset = (u32 *)memsearch((u8 *)(writeOffset + 3), pattern, 0x400, sizeof(pattern));
if(readOffset == NULL) return 1;
// Find the mmc static ctor...
static const u8 mount_pattern[] = {
0x08, // last byte of some ptr to something in P9
0x01, 0x01, 0x00, 0x00, // emmc controller id
};
u8* mountOffset = (u8*) memsearch(pos, mount_pattern, size, sizeof(mount_pattern));
if (mountOffset == NULL) return 1;
mountOffset++;
// Find the sdmmc read cid function.
static const u8 readcid_pattern[] = {
0x31, 0xFF, 0x2F, 0xE1, // blx r1
0x20, 0x60, 0x9F, 0xE5, // ldr r6, [pc, #0x20] // =failing_result
0x00, 0x00, 0x50, 0xE3, // cmp r0, #0
};
u32* readCidOffset = (u32*) memsearch(pos, readcid_pattern, size, sizeof(readcid_pattern));
if (readCidOffset == NULL) return 1;
readCidOffset -= 5;
*(u32*)mountOffset = 0x300; // sd card
readOffset[0] = writeOffset[0] = 0xe59fc000; // ldr r12, [pc, #0]
readOffset[1] = writeOffset[1] = 0xe12fff3c; // blx r12
readOffset[2] = writeOffset[2] = hookAddr;
readCidOffset[0] = 0xe59fc000; // ldr r12, [pc, #0]
readCidOffset[1] = 0xe12fff3c; // blx r12
readCidOffset[2] = hookCidAddr;
// Read the emmc cid into the place hook will copy it from
sdmmc_get_cid(1, emunandPatchNandCid);
return 0;
}
u32 patchEmuNand(u8 *process9Offset, u32 process9Size, u32 firmVersion)
{
u32 ret = 0;
//Add the data of the found EmuNAND
emunandPatchNandOffset = emuOffset;
emunandPatchNcsdHeaderOffset = emuHeader;
//Find and add the SDMMC struct
u32 sdmmc;
ret += !ISN3DS && firmVersion < 0x25 ? getOldSdmmc(&sdmmc, firmVersion) : getSdmmc(process9Offset, process9Size, &sdmmc);
if(!ret) emunandPatchSdmmcStructPtr = sdmmc;
//Add EmuNAND hooks
ret += patchNandRw(process9Offset, process9Size, (u32)emunandPatch);
return ret;
}
u32 patchProtoEmuNand(u8 *process9Offset, u32 process9Size)
{
extern u32 firmProtoVersion;
u32 ret = 0;
// Add the data of the found EmuNAND
emunandPatchNandOffset = emuOffset;
emunandPatchNcsdHeaderOffset = emuHeader;
// Find and add the SDMMC struct
u32 sdmmc;
ret += getProtoSdmmc(&sdmmc, firmProtoVersion);
if(!ret) emunandPatchSdmmcStructPtr = sdmmc;
// Add EmuNAND hooks
switch (firmProtoVersion) {
case 243: // SDK 0.9.x (0.9.7?)
ret += patchProtoNandRw(process9Offset, process9Size, (u32)emunandProtoPatch, (u32)emunandProtoCidPatch);
break;
case 238: // SDK 0.10.x
ret += patchProtoNandRw238(process9Offset, process9Size, (u32)emunandProtoPatch238, (u32)emunandProtoCidPatch);
break;
default:
ret++;
break;
}
return ret;
}

194
arm9/source/emunand_patch.s
View File

@ -1,194 +0,0 @@
.section .emunand_patch, "aw", %progbits
.arm
.align 4
@ Code originally by Normmatt
.global emunandPatch
emunandPatch:
@ Original code that still needs to be executed
mov r4, r0
mov r5, r1
mov r7, r2
mov r6, r3
@ End
@ If we're already trying to access the SD, return
ldr r2, [r0, #4]
ldr r1, emunandPatchSdmmcStructPtr
cmp r2, r1
beq out
str r1, [r0, #4] @ Set object to be SD
ldr r2, [r0, #8] @ Get sector to read
cmp r2, #0 @ For GW compatibility, see if we're trying to read the ncsd header (sector 0)
ldr r3, emunandPatchNandOffset
add r2, r3 @ Add the offset to the NAND in the SD
ldreq r3, emunandPatchNcsdHeaderOffset
addeq r2, r3 @ If we're reading the ncsd header, add the offset of that sector
str r2, [r0, #8] @ Store sector to read
out:
@ Restore registers.
mov r1, r5
mov r2, r7
mov r3, r6
@ Return 4 bytes behind where we got called,
@ due to the offset of this function being stored there
mov r0, lr
add r0, #4
bx r0
.pool
_emunandPatchEnd:
.global emunandProtoPatch
emunandProtoPatch:
@ Save registers
push {r0-r3}
@ If we're already trying to access the SD, return
ldr r2, [r0, #4]
ldr r1, emunandPatchSdmmcStructPtr
cmp r2, r1
beq _out
ldrb r2, [r1, #0xc] @ Get sdmc->m_isInitialised
cmp r2, #0 @ Is initialised?
beq _pastSdmc @ if not, use "NAND" object, patched elsewhere to access SD
str r1, [r0, #4] @ Set object to be SD
_pastSdmc:
ldr r2, [r0, #8] @ Get sector to read
cmp r2, #0 @ For GW compatibility, see if we're trying to read the ncsd header (sector 0)
ldr r3, emunandPatchNandOffset
add r2, r3 @ Add the offset to the NAND in the SD
ldreq r3, emunandPatchNcsdHeaderOffset
addeq r2, r3 @ If we're reading the ncsd header, add the offset of that sector
str r2, [r0, #8] @ Store sector to read
_out:
@ Restore registers
pop {r0-r3}
@ Execute original code that got patched.
cmp r1, #3
mov r12, r2
add r0, r0, #4
movne r1, #0
moveq r1, #1
@ r2 about to be overwritten, so it's free to use here.
@ Save off our return address and restore lr.
mov r2, lr
pop {lr}
@ r2+0 is return address (patched movne r1, #0)
@ r2+4 is moveq r1, #1
@ r2+8 is the following instruction (mov r2, r3)
add r2, #8
bx r2
.global emunandProtoCidPatch
emunandProtoCidPatch:
@ If we're already trying to access the SD, return
ldr r4, emunandPatchSdmmcStructPtr
cmp r0, r4
beq _cid_return
@ Trying to access nand, so copy the NAND cid into r1
adr r4, emunandPatchNandCid
ldr r2, [r4, #0]
ldr r3, [r4, #4]
ldr r5, [r4, #8]
ldr r6, [r4, #0xc]
str r2, [r1, #0]
str r3, [r1, #4]
str r5, [r1, #8]
str r6, [r1, #0xc]
@ And return from whence we came
mov r0, #0
pop {r4-r6, pc}
_cid_return:
@ Execute original code that got patched.
mov r4, r0
ldr r0, [r0]
mov r5, r1
@ lr+0 is return address (patched mov r5, r1)
@ lr+4 is following instruction (ldr r1, [r0,#8])
add lr, #4
bx lr
.global emunandProtoPatch238
emunandProtoPatch238:
@ Save registers
push {r0-r3}
@ If we're already trying to access the SD, return
ldr r2, [r4, #4]
ldr r1, emunandPatchSdmmcStructPtr
cmp r2, r1
beq _out238
ldr r2, [r1, #0x24] @ Get sdmc->m_someObjInitedLater
cmp r2, #0 @ Is initialised?
beq _pastSdmc238 @ if not, use "NAND" object, patched elsewhere to access SD
str r1, [r4, #4] @ Set object to be SD
_pastSdmc238:
ldr r2, [r4, #8] @ Get sector to read
cmp r2, #0 @ For GW compatibility, see if we're trying to read the ncsd header (sector 0)
ldr r3, emunandPatchNandOffset
add r2, r3 @ Add the offset to the NAND in the SD
ldreq r3, emunandPatchNcsdHeaderOffset
addeq r2, r3 @ If we're reading the ncsd header, add the offset of that sector
str r2, [r4, #8] @ Store sector to read
_out238:
@ Restore registers
pop {r0-r3}
@ Execute original code that got patched.
cmp r0, #3
movne r0, #0
moveq r0, #1
@ r1 about to be overwritten, so it's free to use here.
@ Save off our return address.
mov r1, lr
@ r1+0 is return address (patched moveq r1, #1)
@ r1+4 is tst r0, #0xff or sub sp, sp, #0xc
add r1, #4
bx r1
.pool
.global emunandPatchSdmmcStructPtr
.global emunandPatchNandOffset
.global emunandPatchNcsdHeaderOffset
.global emunandPatchNandCid
_emunandPatchBssStart:
emunandPatchSdmmcStructPtr: .word 0 @ Pointer to sdmmc struct
emunandPatchNandOffset: .word 0 @ For rednand this should be 1
emunandPatchNcsdHeaderOffset: .word 0 @ Depends on nand manufacturer + emunand type (GW/RED)
emunandPatchNandCid: @ Store emmc cid here, to override "sdmc's" when trying to read emmc's
.word 0,0,0,0
_emunandPatchBssEnd:
.pool
.balign 4
.global emunandPatchSize
emunandPatchSize:
.word _emunandPatchEnd - emunandPatch
.global emunandPatchBssSize
emunandPatchBssSize:
.word _emunandPatchBssEnd - _emunandPatchBssStart

186
arm9/source/fatfs/diskio.c
View File

@ -1,186 +0,0 @@
/*-----------------------------------------------------------------------*/
/* Low level disk I/O module SKELETON for FatFs (C)ChaN, 2019 */
/*-----------------------------------------------------------------------*/
/* If a working storage control module is available, it should be */
/* attached to the FatFs via a glue function rather than modifying it. */
/* This is an example of glue functions to attach various exsisting */
/* storage control modules to the FatFs module with a defined API. */
/*-----------------------------------------------------------------------*/
#include "ff.h" /* Obtains integer types */
#include "diskio.h" /* Declarations of disk functions */
#include "sdmmc/sdmmc.h"
#include "../crypto.h"
#include "../i2c.h"
/* Definitions of physical drive number for each drive */
#define SDCARD 0
#define CTRNAND 1
/*-----------------------------------------------------------------------*/
/* Get Drive Status */
/*-----------------------------------------------------------------------*/
DSTATUS disk_status (
BYTE pdrv /* Physical drive nmuber to identify the drive */
)
{
(void)pdrv;
return RES_OK;
}
/*-----------------------------------------------------------------------*/
/* Inidialize a Drive */
/*-----------------------------------------------------------------------*/
DSTATUS disk_initialize (
BYTE pdrv /* Physical drive nmuber to identify the drive */
)
{
static u32 sdmmcInitResult = 4;
DSTATUS res = 0;
if(sdmmcInitResult == 4)
sdmmcInitResult = sdmmc_sdcard_init();
// Check physical drive initialized status
switch (pdrv)
{
case SDCARD:
res = (sdmmcInitResult & 2) == 0 ? 0 : STA_NOINIT;
break;
case CTRNAND:
// Always update CTRNAND parameters when remounting
res = (sdmmcInitResult & 1) == 0 && ctrNandInit() == 0 ? 0 : STA_NOINIT;
break;
default:
res = STA_NODISK;
break;
}
return res;
}
/*-----------------------------------------------------------------------*/
/* Read Sector(s) */
/*-----------------------------------------------------------------------*/
DRESULT disk_read (
BYTE pdrv, /* Physical drive nmuber to identify the drive */
BYTE *buff, /* Data buffer to store read data */
LBA_t sector, /* Start sector in LBA */
UINT count /* Number of sectors to read */
)
{
DRESULT res = RES_OK;
switch (pdrv)
{
case SDCARD:
res = sdmmc_sdcard_readsectors(sector, count, buff) == 0 ? RES_OK : RES_PARERR;
break;
case CTRNAND:
res = ctrNandRead(sector, count, buff) == 0 ? RES_OK : RES_PARERR;
break;
default:
res = RES_NOTRDY;
break;
}
return res;
}
/*-----------------------------------------------------------------------*/
/* Write Sector(s) */
/*-----------------------------------------------------------------------*/
#if FF_FS_READONLY == 0
DRESULT disk_write (
BYTE pdrv, /* Physical drive nmuber to identify the drive */
const BYTE *buff, /* Data to be written */
LBA_t sector, /* Start sector in LBA */
UINT count /* Number of sectors to write */
)
{
DRESULT res = RES_OK;
switch (pdrv)
{
case SDCARD:
{
if ((*(vu16 *)(SDMMC_BASE + REG_SDSTATUS0) & TMIO_STAT0_WRPROTECT) == 0) // why == 0?
res = RES_WRPRT;
else
res = sdmmc_sdcard_writesectors(sector, count, buff) == 0 ? RES_OK : RES_PARERR;
break;
}
case CTRNAND:
res = ctrNandWrite(sector, count, buff) == 0 ? RES_OK : RES_PARERR;
break;
default:
res = RES_NOTRDY;
break;
}
return res;
}
#endif
/*-----------------------------------------------------------------------*/
/* Miscellaneous Functions */
/*-----------------------------------------------------------------------*/
DRESULT disk_ioctl (
BYTE pdrv, /* Physical drive nmuber (0..) */
BYTE cmd, /* Control code */
void *buff /* Buffer to send/receive control data */
)
{
(void)pdrv;
(void)buff;
return cmd == CTRL_SYNC ? RES_OK : RES_PARERR;
}
// From GodMode9
#define BCDVALID(b) (((b)<=0x99)&&(((b)&0xF)<=0x9)&&((((b)>>4)&0xF)<=0x9))
#define BCD2NUM(b) (BCDVALID(b) ? (((b)&0xF)+((((b)>>4)&0xF)*10)) : 0xFF)
#define NUM2BCD(n) ((n<99) ? (((n/10)*0x10)|(n%10)) : 0x99)
#define DSTIMEGET(bcd,n) (BCD2NUM((bcd)->n))
// see: http://3dbrew.org/wiki/I2C_Registers#Device_3 (register 30)
typedef struct DsTime {
u8 bcd_s;
u8 bcd_m;
u8 bcd_h;
u8 weekday;
u8 bcd_D;
u8 bcd_M;
u8 bcd_Y;
u8 leap_count;
} DsTime;
/*-----------------------------------------------------------------------*/
/* Get current FAT time */
/*-----------------------------------------------------------------------*/
DWORD get_fattime( void ) {
DsTime dstime;
I2C_readRegBuf(I2C_DEV_MCU, 0x30, (u8 *)&dstime, sizeof(DsTime));
DWORD fattime =
((DSTIMEGET(&dstime, bcd_s)&0x3F) >> 1 ) |
((DSTIMEGET(&dstime, bcd_m)&0x3F) << 5 ) |
((DSTIMEGET(&dstime, bcd_h)&0x3F) << 11) |
((DSTIMEGET(&dstime, bcd_D)&0x1F) << 16) |
((DSTIMEGET(&dstime, bcd_M)&0x0F) << 21) |
(((DSTIMEGET(&dstime, bcd_Y)+(2000-1980))&0x7F) << 25);
return fattime;
}

7084
arm9/source/fatfs/ff.c
View File

File diff suppressed because it is too large Load Diff

296
arm9/source/fatfs/ffconf.h
View File

@ -1,296 +0,0 @@
/*---------------------------------------------------------------------------/
/ Configurations of FatFs Module
/---------------------------------------------------------------------------*/
#define FFCONF_DEF 80286 /* Revision ID */
/*---------------------------------------------------------------------------/
/ Function Configurations
/---------------------------------------------------------------------------*/
#define FF_FS_READONLY 0
/* This option switches read-only configuration. (0:Read/Write or 1:Read-only)
/ Read-only configuration removes writing API functions, f_write(), f_sync(),
/ f_unlink(), f_mkdir(), f_chmod(), f_rename(), f_truncate(), f_getfree()
/ and optional writing functions as well. */
#define FF_FS_MINIMIZE 0
/* This option defines minimization level to remove some basic API functions.
/
/ 0: Basic functions are fully enabled.
/ 1: f_stat(), f_getfree(), f_unlink(), f_mkdir(), f_truncate() and f_rename()
/ are removed.
/ 2: f_opendir(), f_readdir() and f_closedir() are removed in addition to 1.
/ 3: f_lseek() function is removed in addition to 2. */
#define FF_USE_FIND 1
/* This option switches filtered directory read functions, f_findfirst() and
/ f_findnext(). (0:Disable, 1:Enable 2:Enable with matching altname[] too) */
#define FF_USE_MKFS 0
/* This option switches f_mkfs() function. (0:Disable or 1:Enable) */
#define FF_USE_FASTSEEK 0
/* This option switches fast seek function. (0:Disable or 1:Enable) */
#define FF_USE_EXPAND 0
/* This option switches f_expand function. (0:Disable or 1:Enable) */
#define FF_USE_CHMOD 0
/* This option switches attribute manipulation functions, f_chmod() and f_utime().
/ (0:Disable or 1:Enable) Also FF_FS_READONLY needs to be 0 to enable this option. */
#define FF_USE_LABEL 0
/* This option switches volume label functions, f_getlabel() and f_setlabel().
/ (0:Disable or 1:Enable) */
#define FF_USE_FORWARD 0
/* This option switches f_forward() function. (0:Disable or 1:Enable) */
#define FF_USE_STRFUNC 0
#define FF_PRINT_LLI 1
#define FF_PRINT_FLOAT 1
#define FF_STRF_ENCODE 3
/* FF_USE_STRFUNC switches string functions, f_gets(), f_putc(), f_puts() and
/ f_printf().
/
/ 0: Disable. FF_PRINT_LLI, FF_PRINT_FLOAT and FF_STRF_ENCODE have no effect.
/ 1: Enable without LF-CRLF conversion.
/ 2: Enable with LF-CRLF conversion.
/
/ FF_PRINT_LLI = 1 makes f_printf() support long long argument and FF_PRINT_FLOAT = 1/2
/ makes f_printf() support floating point argument. These features want C99 or later.
/ When FF_LFN_UNICODE >= 1 with LFN enabled, string functions convert the character
/ encoding in it. FF_STRF_ENCODE selects assumption of character encoding ON THE FILE
/ to be read/written via those functions.
/
/ 0: ANSI/OEM in current CP
/ 1: Unicode in UTF-16LE
/ 2: Unicode in UTF-16BE
/ 3: Unicode in UTF-8
*/
/*---------------------------------------------------------------------------/
/ Locale and Namespace Configurations
/---------------------------------------------------------------------------*/
#define FF_CODE_PAGE 437
/* This option specifies the OEM code page to be used on the target system.
/ Incorrect code page setting can cause a file open failure.
/
/ 437 - U.S.
/ 720 - Arabic
/ 737 - Greek
/ 771 - KBL
/ 775 - Baltic
/ 850 - Latin 1
/ 852 - Latin 2
/ 855 - Cyrillic
/ 857 - Turkish
/ 860 - Portuguese
/ 861 - Icelandic
/ 862 - Hebrew
/ 863 - Canadian French
/ 864 - Arabic
/ 865 - Nordic
/ 866 - Russian
/ 869 - Greek 2
/ 932 - Japanese (DBCS)
/ 936 - Simplified Chinese (DBCS)
/ 949 - Korean (DBCS)
/ 950 - Traditional Chinese (DBCS)
/ 0 - Include all code pages above and configured by f_setcp()
*/
#define FF_USE_LFN 2
#define FF_MAX_LFN 255
/* The FF_USE_LFN switches the support for LFN (long file name).
/
/ 0: Disable LFN. FF_MAX_LFN has no effect.
/ 1: Enable LFN with static working buffer on the BSS. Always NOT thread-safe.
/ 2: Enable LFN with dynamic working buffer on the STACK.
/ 3: Enable LFN with dynamic working buffer on the HEAP.
/
/ To enable the LFN, ffunicode.c needs to be added to the project. The LFN function
/ requiers certain internal working buffer occupies (FF_MAX_LFN + 1) * 2 bytes and
/ additional (FF_MAX_LFN + 44) / 15 * 32 bytes when exFAT is enabled.
/ The FF_MAX_LFN defines size of the working buffer in UTF-16 code unit and it can
/ be in range of 12 to 255. It is recommended to be set it 255 to fully support LFN
/ specification.
/ When use stack for the working buffer, take care on stack overflow. When use heap
/ memory for the working buffer, memory management functions, ff_memalloc() and
/ ff_memfree() exemplified in ffsystem.c, need to be added to the project. */
#define FF_LFN_UNICODE 2
/* This option switches the character encoding on the API when LFN is enabled.
/
/ 0: ANSI/OEM in current CP (TCHAR = char)
/ 1: Unicode in UTF-16 (TCHAR = WCHAR)
/ 2: Unicode in UTF-8 (TCHAR = char)
/ 3: Unicode in UTF-32 (TCHAR = DWORD)
/
/ Also behavior of string I/O functions will be affected by this option.
/ When LFN is not enabled, this option has no effect. */
#define FF_LFN_BUF 255
#define FF_SFN_BUF 12
/* This set of options defines size of file name members in the FILINFO structure
/ which is used to read out directory items. These values should be suffcient for
/ the file names to read. The maximum possible length of the read file name depends
/ on character encoding. When LFN is not enabled, these options have no effect. */
#define FF_FS_RPATH 1
/* This option configures support for relative path.
/
/ 0: Disable relative path and remove related functions.
/ 1: Enable relative path. f_chdir() and f_chdrive() are available.
/ 2: f_getcwd() function is available in addition to 1.
*/
/*---------------------------------------------------------------------------/
/ Drive/Volume Configurations
/---------------------------------------------------------------------------*/
#define FF_VOLUMES 2
/* Number of volumes (logical drives) to be used. (1-10) */
#define FF_STR_VOLUME_ID 1
#define FF_VOLUME_STRS "sdmc", "nand"
/* FF_STR_VOLUME_ID switches support for volume ID in arbitrary strings.
/ When FF_STR_VOLUME_ID is set to 1 or 2, arbitrary strings can be used as drive
/ number in the path name. FF_VOLUME_STRS defines the volume ID strings for each
/ logical drives. Number of items must not be less than FF_VOLUMES. Valid
/ characters for the volume ID strings are A-Z, a-z and 0-9, however, they are
/ compared in case-insensitive. If FF_STR_VOLUME_ID >= 1 and FF_VOLUME_STRS is
/ not defined, a user defined volume string table is needed as:
/
/ const char* VolumeStr[FF_VOLUMES] = {"ram","flash","sd","usb",...
*/
#define FF_MULTI_PARTITION 0
/* This option switches support for multiple volumes on the physical drive.
/ By default (0), each logical drive number is bound to the same physical drive
/ number and only an FAT volume found on the physical drive will be mounted.
/ When this function is enabled (1), each logical drive number can be bound to
/ arbitrary physical drive and partition listed in the VolToPart[]. Also f_fdisk()
/ function will be available. */
#define FF_MIN_SS 512
#define FF_MAX_SS 512
/* This set of options configures the range of sector size to be supported. (512,
/ 1024, 2048 or 4096) Always set both 512 for most systems, generic memory card and
/ harddisk, but a larger value may be required for on-board flash memory and some
/ type of optical media. When FF_MAX_SS is larger than FF_MIN_SS, FatFs is configured
/ for variable sector size mode and disk_ioctl() function needs to implement
/ GET_SECTOR_SIZE command. */
#define FF_LBA64 0
/* This option switches support for 64-bit LBA. (0:Disable or 1:Enable)
/ To enable the 64-bit LBA, also exFAT needs to be enabled. (FF_FS_EXFAT == 1) */
#define FF_MIN_GPT 0x10000000
/* Minimum number of sectors to switch GPT as partitioning format in f_mkfs and
/ f_fdisk function. 0x100000000 max. This option has no effect when FF_LBA64 == 0. */
#define FF_USE_TRIM 0
/* This option switches support for ATA-TRIM. (0:Disable or 1:Enable)
/ To enable Trim function, also CTRL_TRIM command should be implemented to the
/ disk_ioctl() function. */
/*---------------------------------------------------------------------------/
/ System Configurations
/---------------------------------------------------------------------------*/
#define FF_FS_TINY 0
/* This option switches tiny buffer configuration. (0:Normal or 1:Tiny)
/ At the tiny configuration, size of file object (FIL) is shrinked FF_MAX_SS bytes.
/ Instead of private sector buffer eliminated from the file object, common sector
/ buffer in the filesystem object (FATFS) is used for the file data transfer. */
#define FF_FS_EXFAT 0
/* This option switches support for exFAT filesystem. (0:Disable or 1:Enable)
/ To enable exFAT, also LFN needs to be enabled. (FF_USE_LFN >= 1)
/ Note that enabling exFAT discards ANSI C (C89) compatibility. */
#define FF_FS_NORTC 0
#define FF_NORTC_MON 1
#define FF_NORTC_MDAY 1
#define FF_NORTC_YEAR 2022
/* The option FF_FS_NORTC switches timestamp feature. If the system does not have
/ an RTC or valid timestamp is not needed, set FF_FS_NORTC = 1 to disable the
/ timestamp feature. Every object modified by FatFs will have a fixed timestamp
/ defined by FF_NORTC_MON, FF_NORTC_MDAY and FF_NORTC_YEAR in local time.
/ To enable timestamp function (FF_FS_NORTC = 0), get_fattime() function need to be
/ added to the project to read current time form real-time clock. FF_NORTC_MON,
/ FF_NORTC_MDAY and FF_NORTC_YEAR have no effect.
/ These options have no effect in read-only configuration (FF_FS_READONLY = 1). */
#define FF_FS_NOFSINFO 0
/* If you need to know correct free space on the FAT32 volume, set bit 0 of this
/ option, and f_getfree() function at the first time after volume mount will force
/ a full FAT scan. Bit 1 controls the use of last allocated cluster number.
/
/ bit0=0: Use free cluster count in the FSINFO if available.
/ bit0=1: Do not trust free cluster count in the FSINFO.
/ bit1=0: Use last allocated cluster number in the FSINFO if available.
/ bit1=1: Do not trust last allocated cluster number in the FSINFO.
*/
#define FF_FS_LOCK 0
/* The option FF_FS_LOCK switches file lock function to control duplicated file open
/ and illegal operation to open objects. This option must be 0 when FF_FS_READONLY
/ is 1.
/
/ 0: Disable file lock function. To avoid volume corruption, application program
/ should avoid illegal open, remove and rename to the open objects.
/ >0: Enable file lock function. The value defines how many files/sub-directories
/ can be opened simultaneously under file lock control. Note that the file
/ lock control is independent of re-entrancy. */
#define FF_FS_REENTRANT 0
#define FF_FS_TIMEOUT 1000
/* The option FF_FS_REENTRANT switches the re-entrancy (thread safe) of the FatFs
/ module itself. Note that regardless of this option, file access to different
/ volume is always re-entrant and volume control functions, f_mount(), f_mkfs()
/ and f_fdisk() function, are always not re-entrant. Only file/directory access
/ to the same volume is under control of this featuer.
/
/ 0: Disable re-entrancy. FF_FS_TIMEOUT have no effect.
/ 1: Enable re-entrancy. Also user provided synchronization handlers,
/ ff_mutex_create(), ff_mutex_delete(), ff_mutex_take() and ff_mutex_give()
/ function, must be added to the project. Samples are available in ffsystem.c.
/
/ The FF_FS_TIMEOUT defines timeout period in unit of O/S time tick.
*/
/*--- End of configuration options ---*/

208
arm9/source/fatfs/ffsystem.c
View File

@ -1,208 +0,0 @@
/*------------------------------------------------------------------------*/
/* A Sample Code of User Provided OS Dependent Functions for FatFs */
/*------------------------------------------------------------------------*/
#include "ff.h"
#if FF_USE_LFN == 3 /* Use dynamic memory allocation */
/*------------------------------------------------------------------------*/
/* Allocate/Free a Memory Block */
/*------------------------------------------------------------------------*/
#include <stdlib.h> /* with POSIX API */
void* ff_memalloc ( /* Returns pointer to the allocated memory block (null if not enough core) */
UINT msize /* Number of bytes to allocate */
)
{
return malloc((size_t)msize); /* Allocate a new memory block */
}
void ff_memfree (
void* mblock /* Pointer to the memory block to free (no effect if null) */
)
{
free(mblock); /* Free the memory block */
}
#endif
#if FF_FS_REENTRANT /* Mutal exclusion */
/*------------------------------------------------------------------------*/
/* Definitions of Mutex */
/*------------------------------------------------------------------------*/
#define OS_TYPE 0 /* 0:Win32, 1:uITRON4.0, 2:uC/OS-II, 3:FreeRTOS, 4:CMSIS-RTOS */
#if OS_TYPE == 0 /* Win32 */
#include <windows.h>
static HANDLE Mutex[FF_VOLUMES + 1]; /* Table of mutex handle */
#elif OS_TYPE == 1 /* uITRON */
#include "itron.h"
#include "kernel.h"
static mtxid Mutex[FF_VOLUMES + 1]; /* Table of mutex ID */
#elif OS_TYPE == 2 /* uc/OS-II */
#include "includes.h"
static OS_EVENT *Mutex[FF_VOLUMES + 1]; /* Table of mutex pinter */
#elif OS_TYPE == 3 /* FreeRTOS */
#include "FreeRTOS.h"
#include "semphr.h"
static SemaphoreHandle_t Mutex[FF_VOLUMES + 1]; /* Table of mutex handle */
#elif OS_TYPE == 4 /* CMSIS-RTOS */
#include "cmsis_os.h"
static osMutexId Mutex[FF_VOLUMES + 1]; /* Table of mutex ID */
#endif
/*------------------------------------------------------------------------*/
/* Create a Mutex */
/*------------------------------------------------------------------------*/
/* This function is called in f_mount function to create a new mutex
/ or semaphore for the volume. When a 0 is returned, the f_mount function
/ fails with FR_INT_ERR.
*/
int ff_mutex_create ( /* Returns 1:Function succeeded or 0:Could not create the mutex */
int vol /* Mutex ID: Volume mutex (0 to FF_VOLUMES - 1) or system mutex (FF_VOLUMES) */
)
{
#if OS_TYPE == 0 /* Win32 */
Mutex[vol] = CreateMutex(NULL, FALSE, NULL);
return (int)(Mutex[vol] != INVALID_HANDLE_VALUE);
#elif OS_TYPE == 1 /* uITRON */
T_CMTX cmtx = {TA_TPRI,1};
Mutex[vol] = acre_mtx(&cmtx);
return (int)(Mutex[vol] > 0);
#elif OS_TYPE == 2 /* uC/OS-II */
OS_ERR err;
Mutex[vol] = OSMutexCreate(0, &err);
return (int)(err == OS_NO_ERR);
#elif OS_TYPE == 3 /* FreeRTOS */
Mutex[vol] = xSemaphoreCreateMutex();
return (int)(Mutex[vol] != NULL);
#elif OS_TYPE == 4 /* CMSIS-RTOS */
osMutexDef(cmsis_os_mutex);
Mutex[vol] = osMutexCreate(osMutex(cmsis_os_mutex));
return (int)(Mutex[vol] != NULL);
#endif
}
/*------------------------------------------------------------------------*/
/* Delete a Mutex */
/*------------------------------------------------------------------------*/
/* This function is called in f_mount function to delete a mutex or
/ semaphore of the volume created with ff_mutex_create function.
*/
void ff_mutex_delete ( /* Returns 1:Function succeeded or 0:Could not delete due to an error */
int vol /* Mutex ID: Volume mutex (0 to FF_VOLUMES - 1) or system mutex (FF_VOLUMES) */
)
{
#if OS_TYPE == 0 /* Win32 */
CloseHandle(Mutex[vol]);
#elif OS_TYPE == 1 /* uITRON */
del_mtx(Mutex[vol]);
#elif OS_TYPE == 2 /* uC/OS-II */
OS_ERR err;
OSMutexDel(Mutex[vol], OS_DEL_ALWAYS, &err);
#elif OS_TYPE == 3 /* FreeRTOS */
vSemaphoreDelete(Mutex[vol]);
#elif OS_TYPE == 4 /* CMSIS-RTOS */
osMutexDelete(Mutex[vol]);
#endif
}
/*------------------------------------------------------------------------*/
/* Request a Grant to Access the Volume */
/*------------------------------------------------------------------------*/
/* This function is called on enter file functions to lock the volume.
/ When a 0 is returned, the file function fails with FR_TIMEOUT.
*/
int ff_mutex_take ( /* Returns 1:Succeeded or 0:Timeout */
int vol /* Mutex ID: Volume mutex (0 to FF_VOLUMES - 1) or system mutex (FF_VOLUMES) */
)
{
#if OS_TYPE == 0 /* Win32 */
return (int)(WaitForSingleObject(Mutex[vol], FF_FS_TIMEOUT) == WAIT_OBJECT_0);
#elif OS_TYPE == 1 /* uITRON */
return (int)(tloc_mtx(Mutex[vol], FF_FS_TIMEOUT) == E_OK);
#elif OS_TYPE == 2 /* uC/OS-II */
OS_ERR err;
OSMutexPend(Mutex[vol], FF_FS_TIMEOUT, &err));
return (int)(err == OS_NO_ERR);
#elif OS_TYPE == 3 /* FreeRTOS */
return (int)(xSemaphoreTake(Mutex[vol], FF_FS_TIMEOUT) == pdTRUE);
#elif OS_TYPE == 4 /* CMSIS-RTOS */
return (int)(osMutexWait(Mutex[vol], FF_FS_TIMEOUT) == osOK);
#endif
}
/*------------------------------------------------------------------------*/
/* Release a Grant to Access the Volume */
/*------------------------------------------------------------------------*/
/* This function is called on leave file functions to unlock the volume.
*/
void ff_mutex_give (
int vol /* Mutex ID: Volume mutex (0 to FF_VOLUMES - 1) or system mutex (FF_VOLUMES) */
)
{
#if OS_TYPE == 0 /* Win32 */
ReleaseMutex(Mutex[vol]);
#elif OS_TYPE == 1 /* uITRON */
unl_mtx(Mutex[vol]);
#elif OS_TYPE == 2 /* uC/OS-II */
OSMutexPost(Mutex[vol]);
#elif OS_TYPE == 3 /* FreeRTOS */
xSemaphoreGive(Mutex[vol]);
#elif OS_TYPE == 4 /* CMSIS-RTOS */
osMutexRelease(Mutex[vol]);
#endif
}
#endif /* FF_FS_REENTRANT */

15593
arm9/source/fatfs/ffunicode.c
View File

File diff suppressed because it is too large Load Diff

803
arm9/source/firm.c
View File

@ -1,803 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2021 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "firm.h"
#include "config.h"
#include "utils.h"
#include "fs.h"
#include "exceptions.h"
#include "patches.h"
#include "memory.h"
#include "cache.h"
#include "emunand.h"
#include "crypto.h"
#include "screen.h"
#include "fmt.h"
#include "chainloader.h"
static Firm *firm = (Firm *)0x20001000;
u32 firmProtoVersion = 0;
static __attribute__((noinline)) bool overlaps(u32 as, u32 ae, u32 bs, u32 be)
{
if(as <= bs && bs <= ae)
return true;
if(bs <= as && as <= be)
return true;
return false;
}
static __attribute__((noinline)) bool inRange(u32 as, u32 ae, u32 bs, u32 be)
{
if(as >= bs && ae <= be)
return true;
return false;
}
static bool checkFirm(u32 firmSize)
{
if(memcmp(firm->magic, "FIRM", 4) != 0 || firm->arm9Entry == NULL) //Allow for the Arm11 entrypoint to be zero in which case nothing is done on the Arm11 side
return false;
bool arm9EpFound = false,
arm11EpFound = false;
u32 size = 0x200;
for(u32 i = 0; i < 4; i++)
size += firm->section[i].size;
if(firmSize < size) return false;
for(u32 i = 0; i < 4; i++)
{
FirmSection *section = &firm->section[i];
//Allow empty sections
if(section->size == 0)
continue;
if((section->offset < 0x200) ||
(section->address + section->size < section->address) || //Overflow check
((u32)section->address & 3) || (section->offset & 0x1FF) || (section->size & 0x1FF) || //Alignment check
(overlaps((u32)section->address, (u32)section->address + section->size, (u32)firm, (u32)firm + size)) ||
((!inRange((u32)section->address, (u32)section->address + section->size, 0x08000000, 0x08000000 + 0x00100000)) &&
(!inRange((u32)section->address, (u32)section->address + section->size, 0x18000000, 0x18000000 + 0x00600000)) &&
(!inRange((u32)section->address, (u32)section->address + section->size, 0x1FF00000, 0x1FFFFC00)) &&
(!inRange((u32)section->address, (u32)section->address + section->size, 0x20000000, 0x20000000 + 0x8000000))))
return false;
__attribute__((aligned(4))) u8 hash[0x20];
sha(hash, (u8 *)firm + section->offset, section->size, SHA_256_MODE);
if(memcmp(hash, section->hash, 0x20) != 0)
return false;
if(firm->arm9Entry >= section->address && firm->arm9Entry < (section->address + section->size))
arm9EpFound = true;
if(firm->arm11Entry >= section->address && firm->arm11Entry < (section->address + section->size))
arm11EpFound = true;
}
return arm9EpFound && (firm->arm11Entry == NULL || arm11EpFound);
}
static inline u32 loadFirmFromStorage(FirmwareType firmType)
{
static const char *firmwareFiles[] = {
"native.firm",
"twl.firm",
"agb.firm",
"safe.firm",
"sysupdater.firm"
},
*cetkFiles[] = {
"cetk",
"cetk_twl",
"cetk_agb",
"cetk_safe",
"cetk_sysupdater"
};
u32 firmSize = fileRead(firm, firmwareFiles[(u32)firmType], 0x400000 + sizeof(Cxi) + 0x200);
if(!firmSize) return 0;
static const char *extFirmError = "The external FIRM is not valid.";
if(firmSize <= sizeof(Cxi) + 0x200) error(extFirmError);
if(memcmp(firm, "FIRM", 4) != 0)
{
if(firmSize <= sizeof(Cxi) + 0x400) error(extFirmError);
u8 cetk[0xA50];
if(fileRead(cetk, cetkFiles[(u32)firmType], sizeof(cetk)) != sizeof(cetk))
error("The cetk is missing or corrupted.");
firmSize = decryptNusFirm((Ticket *)(cetk + 0x140), (Cxi *)firm, firmSize);
if(!firmSize) error("Unable to decrypt the external FIRM.");
}
if(!checkFirm(firmSize)) error("The external FIRM is invalid or corrupted.");
return firmSize;
}
u32 loadNintendoFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadFromStorage, bool isSafeMode)
{
u32 firmVersion = 0xFFFFFFFF,
firmSize;
bool ctrNandError = true;
bool loadedFromStorage = false;
bool storageLoadError = false;
// Try loading FIRM from sdmc first if specified.
if (loadFromStorage) {
firmSize = loadFirmFromStorage(*firmType);
if (firmSize != 0) loadedFromStorage = true;
else storageLoadError = true;
}
// Remount ctrnand and load FIRM from it if loading from sdmc failed.
if (!loadedFromStorage) {
ctrNandError = isSdMode && !remountCtrNandPartition(false);
}
if(!ctrNandError)
{
//Load FIRM from CTRNAND
firmVersion = firmRead(firm, (u32)*firmType);
if(firmVersion == 0xFFFFFFFF) ctrNandError = true;
else
{
firmSize = decryptExeFs((Cxi *)firm);
if(!firmSize || !checkFirm(firmSize)) ctrNandError = true;
}
}
// If CTRNAND load failed, and it wasn't tried yet, load FIRM from sdmc.
if (ctrNandError && !storageLoadError)
{
u32 result = loadFirmFromStorage(*firmType);
if(result != 0)
{
loadedFromStorage = true;
firmSize = result;
}
else storageLoadError = true;
}
// If all attempts failed, panic.
if(ctrNandError && storageLoadError) error("Unable to mount CTRNAND or load the CTRNAND FIRM.\nPlease use an external one.");
//Check that the FIRM is right for the console from the Arm9 section address
bool isO3dsFirm = firm->section[3].offset == 0 && firm->section[2].address == (u8 *)0x8006800;
if(loadedFromStorage || ISDEVUNIT)
{
firmVersion = 0xFFFFFFFF;
if(isO3dsFirm && (*firmType == NATIVE_FIRM || *firmType == NATIVE_FIRM1X2X))
{
__attribute__((aligned(4))) static const u8 hashes[5][0x20] = {
{0xD7, 0x43, 0x0F, 0x27, 0x8D, 0xC9, 0x3F, 0x4C, 0x96, 0xB5, 0xA8, 0x91, 0x48, 0xDB, 0x08, 0x8A,
0x7E, 0x46, 0xB3, 0x95, 0x65, 0xA2, 0x05, 0xF1, 0xF2, 0x41, 0x21, 0xF1, 0x0C, 0x59, 0x6A, 0x9D},
{0x93, 0xDF, 0x49, 0xA1, 0x24, 0x86, 0xBB, 0x6F, 0xAF, 0x49, 0x99, 0x2D, 0xD0, 0x8D, 0xB1, 0x88,
0x8A, 0x00, 0xB6, 0xDD, 0x36, 0x89, 0xC0, 0xE2, 0xC9, 0xA9, 0x99, 0x62, 0x57, 0x5E, 0x6C, 0x23},
{0x39, 0x75, 0xB5, 0x28, 0x24, 0x5E, 0x8B, 0x56, 0xBC, 0x83, 0x79, 0x41, 0x09, 0x2C, 0x42, 0xE6,
0x26, 0xB6, 0x80, 0x59, 0xA5, 0x56, 0xF9, 0xF9, 0x6E, 0xF3, 0x63, 0x05, 0x58, 0xDF, 0x35, 0xEF},
{0x81, 0x9E, 0x71, 0x58, 0xE5, 0x44, 0x73, 0xF7, 0x48, 0x78, 0x7C, 0xEF, 0x5E, 0x30, 0xE2, 0x28,
0x78, 0x0B, 0x21, 0x23, 0x94, 0x63, 0xE8, 0x4E, 0x06, 0xBB, 0xD6, 0x8D, 0xA0, 0x99, 0xAE, 0x98},
{0x1D, 0xD5, 0xB0, 0xC2, 0xD9, 0x4A, 0x4A, 0xF3, 0x23, 0xDD, 0x2F, 0x65, 0x21, 0x95, 0x9B, 0x7E,
0xF2, 0x71, 0x7E, 0xB6, 0x7A, 0x3A, 0x74, 0x78, 0x0D, 0xE3, 0xB5, 0x0C, 0x2B, 0x7F, 0x85, 0x37},
};
u32 i;
for(i = 0; i < sizeof(hashes)/sizeof(hashes[0]); i++)
{
if(memcmp(firm->section[1].hash, hashes[i], 0x20) == 0) break;
}
switch(i)
{
// Beta
case 0:
firmVersion = 0x0;
firmProtoVersion = 243;
*firmType = NATIVE_PROTOTYPE;
break;
case 1:
firmVersion = 0x0;
firmProtoVersion = 238;
*firmType = NATIVE_PROTOTYPE;
break;
// Release
case 2:
firmVersion = 0x18;
break;
case 3:
firmVersion = 0x1D;
break;
case 4:
firmVersion = 0x1F;
break;
default:
break;
}
}
}
if(*firmType != NATIVE_PROTOTYPE && (firm->section[3].offset != 0 ? firm->section[3].address : firm->section[2].address) != (ISN3DS ? (u8 *)0x8006000 : (u8 *)0x8006800))
error("The %s FIRM is not for this console.", loadedFromStorage ? "external" : "CTRNAND");
if(!ISN3DS && *firmType == NATIVE_FIRM && firm->section[0].address == (u8 *)0x1FF80000)
{
//We can't boot < 3.x EmuNANDs
if(nandType != FIRMWARE_SYSNAND) error("An old unsupported EmuNAND has been detected.\nLuma3DS is unable to boot it.");
//If you want to use SAFE_FIRM on 1.0, use Luma from NAND & comment this line:
if(isSafeMode) error("SAFE_MODE is not supported on 1.x/2.x FIRM.");
*firmType = NATIVE_FIRM1X2X;
}
return firmVersion;
}
void loadHomebrewFirm(u32 pressed)
{
char path[10 + 255];
bool hasDisplayedMenu = false;
bool found = !pressed ? payloadMenu(path, &hasDisplayedMenu) : findPayload(path, pressed);
if(!found) return;
u32 maxPayloadSize = (u32)((u8 *)0x27FFE000 - (u8 *)firm),
payloadSize = fileRead(firm, path, maxPayloadSize);
if(payloadSize <= 0x200 || !checkFirm(payloadSize)) error("The payload is invalid or corrupted.");
char absPath[24 + 255];
if(isSdMode) sprintf(absPath, "sdmc:/luma/%s", path);
else sprintf(absPath, "nand:/rw/luma/%s", path);
char *argv[2] = {absPath, (char *)fbs};
bool wantsScreenInit = (firm->reserved2[0] & 1) != 0;
if(!hasDisplayedMenu && wantsScreenInit)
initScreens(); // Don't init the screens unless we have to, if not already done
launchFirm(wantsScreenInit ? 2 : 1, argv);
}
static int lzss_decompress(u8 *end)
{
unsigned int v1; // r1@2
u8 *v2; // r2@2
u8 *v3; // r3@2
u8 *v4; // r1@2
char v5; // r5@4
char v6; // t1@4
signed int v7; // r6@4
int v9; // t1@7
u8 *v11; // r3@8
int v12; // r12@8
int v13; // t1@8
int v14; // t1@8
unsigned int v15; // r7@8
int v16; // r12@8
int ret;
ret = 0;
if ( end )
{
v1 = *((u32 *)end - 2);
v2 = &end[*((u32 *)end - 1)];
v3 = &end[-(v1 >> 24)];
v4 = &end[-(v1 & 0xFFFFFF)];
while ( v3 > v4 )
{
v6 = *(v3-- - 1);
v5 = v6;
v7 = 8;
while ( 1 )
{
if ( (v7-- < 1) )
break;
if ( v5 & 0x80 )
{
v13 = *(v3 - 1);
v11 = v3 - 1;
v12 = v13;
v14 = *(v11 - 1);
v3 = v11 - 1;
v15 = ((v14 | (v12 << 8)) & 0xFFFF0FFF) + 2;
v16 = v12 + 32;
do
{
ret = v2[v15];
*(v2-- - 1) = ret;
v16 -= 16;
}
while ( !(v16 < 0) );
}
else
{
v9 = *(v3-- - 1);
ret = v9;
*(v2-- - 1) = v9;
}
v5 *= 2;
if ( v3 <= v4 )
return ret;
}
}
}
return ret;
}
typedef struct CopyKipResult {
u32 cxiSize;
u8 *codeDstAddr;
u32 codeSize;
} CopyKipResult;
// Copy a KIP, decompressing it in place if necessary (TwlBg)
static CopyKipResult copyKip(u8 *dst, const u8 *src, u32 maxSize, bool decompress)
{
const char *extModuleSizeError = "The external FIRM modules are too large.";
CopyKipResult res = { 0 };
Cxi *dstCxi = (Cxi *)dst;
const Cxi *srcCxi = (const Cxi *)src;
u32 mediaUnitShift = 9 + srcCxi->ncch.flags[6];
u32 totalSizeCompressed = srcCxi->ncch.contentSize << mediaUnitShift;
if (totalSizeCompressed > maxSize)
error(extModuleSizeError);
// First, copy the compressed KIP to the destination
memcpy(dst, src, totalSizeCompressed);
ExHeader *exh = &dstCxi->exHeader;
bool isCompressed = (exh->systemControlInfo.flag & 1) != 0;
ExeFsHeader *exefs = (ExeFsHeader *)(dst + (dstCxi->ncch.exeFsOffset << mediaUnitShift));
ExeFsFileHeader *fh = &exefs->fileHeaders[0];
u8 *codeAddr = (u8 *)exefs + sizeof(ExeFsHeader) + fh->offset;
if (memcmp(fh->name, ".code\0\0\0", 8) != 0 || fh->offset != 0 || exefs->fileHeaders[1].size != 0)
error("One of the external FIRM modules have invalid layout.");
// If it's already decompressed or we don't need to, there is not much left to do
if (!decompress || !isCompressed)
{
res.cxiSize = totalSizeCompressed;
res.codeDstAddr = codeAddr;
res.codeSize = fh->size;
}
else
{
u32 codeSize = exh->systemControlInfo.textCodeSet.size;
codeSize += exh->systemControlInfo.roCodeSet.size;
codeSize += exh->systemControlInfo.dataCodeSet.size;
u32 codeSizePadded = ((codeSize + (1 << mediaUnitShift) - 1) >> mediaUnitShift) << mediaUnitShift;
u32 newTotalSize = (codeAddr + codeSizePadded) - dst;
if (newTotalSize > maxSize)
error(extModuleSizeError);
// Decompress in place
lzss_decompress(codeAddr + fh->size);
// Fill padding just in case
memset(codeAddr + codeSize, 0, codeSizePadded - codeSize);
// Fix fields
fh->size = codeSize;
dstCxi->ncch.exeFsSize = codeSizePadded >> mediaUnitShift;
exh->systemControlInfo.flag &= ~1;
dstCxi->ncch.contentSize = newTotalSize >> mediaUnitShift;
res.cxiSize = newTotalSize;
res.codeDstAddr = codeAddr;
res.codeSize = codeSize;
}
return res;
}
static void mergeSection0(FirmwareType firmType, u32 firmVersion, bool loadFromStorage)
{
u32 srcModuleSize,
nbModules = 0;
bool isLgyFirm = firmType == TWL_FIRM || firmType == AGB_FIRM;
struct
{
char name[8];
u8 *src;
u32 size;
} moduleList[6];
//1) Parse info concerning Nintendo's modules
for(u8 *src = (u8 *)firm + firm->section[0].offset, *srcEnd = src + firm->section[0].size; src < srcEnd; src += srcModuleSize, nbModules++)
{
memcpy(moduleList[nbModules].name, ((Cxi *)src)->exHeader.systemControlInfo.appTitle, 8);
moduleList[nbModules].src = src;
srcModuleSize = moduleList[nbModules].size = ((Cxi *)src)->ncch.contentSize * 0x200;
}
// SAFE_FIRM only for N3DS and only if ENABLESAFEFIRMROSALINA is on
if((firmType == NATIVE_FIRM || firmType == SAFE_FIRM) && (ISN3DS || firmVersion >= 0x25))
{
//2) Merge that info with our own modules'
for(u8 *src = (u8 *)0x18180000; memcmp(((Cxi *)src)->ncch.magic, "NCCH", 4) == 0; src += srcModuleSize)
{
const char *name = ((Cxi *)src)->exHeader.systemControlInfo.appTitle;
u32 i;
for(i = 0; i < 5 && memcmp(name, moduleList[i].name, 8) != 0; i++);
if(i == 5)
{
nbModules++;
memcpy(moduleList[i].name, ((Cxi *)src)->exHeader.systemControlInfo.appTitle, 8);
}
moduleList[i].src = src;
srcModuleSize = moduleList[i].size = ((Cxi *)src)->ncch.contentSize * 0x200;
}
}
//3) Read or copy the modules
u8 *dst = firm->section[0].address;
const char *extModuleSizeError = "The external FIRM modules are too large.";
// SAFE_FIRM only for N3DS and only if ENABLESAFEFIRMROSALINA is on
u32 maxModuleSize = !isLgyFirm ? 0x80000 : 0x600000;
u32 dstModuleSize = 0;
for(u32 i = 0; i < nbModules; i++)
{
if(loadFromStorage)
{
char fileName[24];
//Read modules from files if they exist
sprintf(fileName, "sysmodules/%.8s.cxi", moduleList[i].name);
dstModuleSize = getFileSize(fileName);
if(dstModuleSize != 0)
{
if(dstModuleSize > maxModuleSize) error(extModuleSizeError);
if(dstModuleSize <= sizeof(Cxi) + 0x200 ||
fileRead(dst, fileName, dstModuleSize) != dstModuleSize ||
memcmp(((Cxi *)dst)->ncch.magic, "NCCH", 4) != 0 ||
memcmp(moduleList[i].name, ((Cxi *)dst)->exHeader.systemControlInfo.appTitle, sizeof(((Cxi *)dst)->exHeader.systemControlInfo.appTitle)) != 0)
error("An external FIRM module is invalid or corrupted.");
dst += dstModuleSize;
maxModuleSize -= dstModuleSize;
continue;
}
}
// If not successfully loaded from storage, then...
// Decompress stock TwlBg so that we can patch it
bool isStockTwlBg = firmType == TWL_FIRM && strcmp(moduleList[i].name, "TwlBg") == 0;
CopyKipResult copyRes = copyKip(dst, moduleList[i].src, maxModuleSize, isStockTwlBg);
if (isStockTwlBg)
patchTwlBg(copyRes.codeDstAddr, copyRes.codeSize);
dst += copyRes.cxiSize;
maxModuleSize -= copyRes.cxiSize;
}
//4) Patch kernel to take module size into account
u32 newKipSectionSize = dst - firm->section[0].address;
u32 oldKipSectionSize = firm->section[0].size;
u8 *kernel11Addr = (u8 *)firm + firm->section[1].offset;
u32 kernel11Size = firm->section[1].size;
if (isLgyFirm)
{
if (patchK11ModuleLoadingLgy(newKipSectionSize, kernel11Addr, kernel11Size) != 0)
error("Failed to load sysmodules");
}
else
{
if (patchK11ModuleLoading(oldKipSectionSize, newKipSectionSize, nbModules, kernel11Addr, kernel11Size) != 0)
error("Failed to load sysmodules");
}
}
u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, bool loadFromStorage, bool isFirmProtEnabled, bool needToInitSd, bool doUnitinfoPatch)
{
u8 *arm9Section = (u8 *)firm + firm->section[2].offset;
if(ISN3DS)
{
//Decrypt Arm9Bin and patch Arm9 entrypoint to skip kernel9loader
kernel9Loader((Arm9Bin *)arm9Section);
firm->arm9Entry = (u8 *)0x801B01C;
}
//Find the Process9 .code location, size and memory address
u32 process9Size,
process9MemAddr;
u8 *process9Offset = getProcess9Info(arm9Section, firm->section[2].size, &process9Size, &process9MemAddr);
u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
ret = 0;
#ifndef BUILD_FOR_EXPLOIT_DEV
//Skip on FIRMs < 5.0
if(ISN3DS || firmVersion >= 0x25)
{
//Find the Kernel11 SVC table and handler, exceptions page and free space locations
u8 *arm11Section1 = (u8 *)firm + firm->section[1].offset;
u32 baseK11VA;
u8 *freeK11Space;
u32 *arm11SvcHandler,
*arm11ExceptionsPage,
*arm11SvcTable = getKernel11Info(arm11Section1, firm->section[1].size, &baseK11VA, &freeK11Space, &arm11SvcHandler, &arm11ExceptionsPage);
ret += installK11Extension(arm11Section1, firm->section[1].size, needToInitSd, baseK11VA, arm11ExceptionsPage, &freeK11Space);
ret += patchKernel11(arm11Section1, firm->section[1].size, baseK11VA, arm11SvcTable, arm11ExceptionsPage);
}
#else
(void)needToInitSd;
#endif
//Apply signature patches
ret += patchSignatureChecks(process9Offset, process9Size);
//Apply EmuNAND patches
if(nandType != FIRMWARE_SYSNAND) ret += patchEmuNand(process9Offset, process9Size, firmVersion);
//Apply FIRM0/1 writes patches on SysNAND to protect A9LH
else if(isFirmProtEnabled) ret += patchFirmWrites(process9Offset, process9Size);
#ifndef BUILD_FOR_EXPLOIT_DEV
//Apply firmlaunch patches
ret += patchFirmlaunches(process9Offset, process9Size, process9MemAddr);
#endif
//Apply dev unit check patches related to NCCH encryption
if(!ISDEVUNIT)
{
ret += patchZeroKeyNcchEncryptionCheck(process9Offset, process9Size);
ret += patchNandNcchEncryptionCheck(process9Offset, process9Size);
}
//Apply anti-anti-DG patches on 11.0+
if(firmVersion >= (ISN3DS ? 0x21 : 0x52)) ret += patchTitleInstallMinVersionChecks(process9Offset, process9Size, firmVersion);
//Patch P9 AM ticket wrapper on 11.8+ to use 0 Key and IV, only with UNITINFO patch on to prevent NIM from actually sending any
if(doUnitinfoPatch && firmVersion >= (ISN3DS ? 0x35 : 0x64)) ret += patchP9AMTicketWrapperZeroKeyIV(process9Offset, process9Size, firmVersion);
//Apply UNITINFO patches
if(doUnitinfoPatch)
{
ret += patchUnitInfoValueSet(arm9Section, kernel9Size);
if(!ISDEVUNIT) ret += patchCheckForDevCommonKey(process9Offset, process9Size);
}
//Arm9 exception handlers
ret += patchArm9ExceptionHandlersInstall(arm9Section, kernel9Size);
ret += patchSvcBreak9(arm9Section, kernel9Size, (u32)firm->section[2].address);
ret += patchKernel9Panic(arm9Section, kernel9Size);
ret += patchP9AccessChecks(process9Offset, process9Size);
mergeSection0(NATIVE_FIRM, firmVersion, loadFromStorage);
firm->section[0].size = 0;
return ret;
}
u32 patchTwlFirm(u32 firmVersion, bool loadFromStorage, bool doUnitinfoPatch)
{
u8 *section1 = (u8 *)firm + firm->section[1].offset;
u32 section1Size = firm->section[1].size;
u8 *section2 = (u8 *)firm + firm->section[2].offset;
u32 section2Size = firm->section[2].size;
u8 *arm9Section = (u8 *)firm + firm->section[3].offset;
// Below 3.0, do not actually do anything.
if(!ISN3DS && firmVersion < 0xC)
return 0;
//On N3DS, decrypt Arm9Bin and patch Arm9 entrypoint to skip kernel9loader
if(ISN3DS)
{
kernel9Loader((Arm9Bin *)arm9Section);
firm->arm9Entry = (u8 *)0x801301C;
}
//Find the Process9 .code location, size and memory address
u32 process9Size,
process9MemAddr;
u8 *process9Offset = getProcess9Info(arm9Section, firm->section[3].size, &process9Size, &process9MemAddr);
u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
ret = 0;
ret += patchLgySignatureChecks(process9Offset, process9Size);
ret += patchTwlInvalidSignatureChecks(process9Offset, process9Size);
ret += patchTwlNintendoLogoChecks(process9Offset, process9Size);
ret += patchTwlWhitelistChecks(process9Offset, process9Size);
if(ISN3DS || firmVersion > 0x11) ret += patchTwlFlashcartChecks(process9Offset, process9Size, firmVersion);
else if(!ISN3DS && firmVersion == 0x11) ret += patchOldTwlFlashcartChecks(process9Offset, process9Size);
ret += patchTwlShaHashChecks(process9Offset, process9Size);
//Apply UNITINFO patch
if(doUnitinfoPatch) ret += patchUnitInfoValueSet(arm9Section, kernel9Size);
ret += patchLgyK11(section1, section1Size, section2, section2Size);
// Also patch TwlBg here
mergeSection0(TWL_FIRM, 0, loadFromStorage);
firm->section[0].size = 0;
return ret;
}
u32 patchAgbFirm(bool loadFromStorage, bool doUnitinfoPatch)
{
u8 *arm9Section = (u8 *)firm + firm->section[3].offset;
u8 *section1 = (u8 *)firm + firm->section[1].offset;
u32 section1Size = firm->section[1].size;
u8 *section2 = (u8 *)firm + firm->section[2].offset;
u32 section2Size = firm->section[2].size;
//On N3DS, decrypt Arm9Bin and patch Arm9 entrypoint to skip kernel9loader
if(ISN3DS)
{
kernel9Loader((Arm9Bin *)arm9Section);
firm->arm9Entry = (u8 *)0x801301C;
}
//Find the Process9 .code location, size and memory address
u32 process9Size,
process9MemAddr;
u8 *process9Offset = getProcess9Info(arm9Section, firm->section[3].size, &process9Size, &process9MemAddr);
u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
ret = 0;
ret += patchLgySignatureChecks(process9Offset, process9Size);
if(CONFIG(SHOWGBABOOT)) ret += patchAgbBootSplash(process9Offset, process9Size);
ret += patchLgyK11(section1, section1Size, section2, section2Size);
//Apply UNITINFO patch
if(doUnitinfoPatch) ret += patchUnitInfoValueSet(arm9Section, kernel9Size);
if(loadFromStorage)
{
mergeSection0(AGB_FIRM, 0, true);
firm->section[0].size = 0;
}
return ret;
}
u32 patch1x2xNativeAndSafeFirm(void)
{
u8 *arm9Section = (u8 *)firm + firm->section[2].offset;
if(ISN3DS)
{
//Decrypt Arm9Bin and patch Arm9 entrypoint to skip kernel9loader
kernel9Loader((Arm9Bin *)arm9Section);
firm->arm9Entry = (u8 *)0x801B01C;
}
//Find the Process9 .code location, size and memory address
u32 process9Size,
process9MemAddr;
u8 *process9Offset = getProcess9Info(arm9Section, firm->section[2].size, &process9Size, &process9MemAddr);
u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
ret = 0;
ret += ISN3DS ? patchFirmWrites(process9Offset, process9Size) : patchOldFirmWrites(process9Offset, process9Size);
ret += ISN3DS ? patchSignatureChecks(process9Offset, process9Size) : patchOldSignatureChecks(process9Offset, process9Size);
//Arm9 exception handlers
ret += patchArm9ExceptionHandlersInstall(arm9Section, kernel9Size);
ret += patchSvcBreak9(arm9Section, kernel9Size, (u32)firm->section[2].address);
//Apply firmlaunch patches
//Doesn't work here if Luma is on SD. If you want to use SAFE_FIRM on 1.0, use Luma from NAND & uncomment this line:
//ret += patchFirmlaunches(process9Offset, process9Size, process9MemAddr);
if(ISN3DS && CONFIG(ENABLESAFEFIRMROSALINA))
{
u8 *arm11Section1 = (u8 *)firm + firm->section[1].offset;
//Find the Kernel11 SVC table and handler, exceptions page and free space locations
u32 baseK11VA;
u8 *freeK11Space;
u32 *arm11SvcHandler,
*arm11ExceptionsPage,
*arm11SvcTable = getKernel11Info(arm11Section1, firm->section[1].size, &baseK11VA, &freeK11Space, &arm11SvcHandler, &arm11ExceptionsPage);
ret += installK11Extension(arm11Section1, firm->section[1].size, false, baseK11VA, arm11ExceptionsPage, &freeK11Space);
ret += patchKernel11(arm11Section1, firm->section[1].size, baseK11VA, arm11SvcTable, arm11ExceptionsPage);
// Add some other patches to the mix, as we can now launch homebrew on SAFE_FIRM:
ret += patchKernel9Panic(arm9Section, kernel9Size);
ret += patchP9AccessChecks(process9Offset, process9Size);
mergeSection0(NATIVE_FIRM, 0x45, false); // may change in the future
firm->section[0].size = 0;
}
return ret;
}
u32 patchPrototypeNative(FirmwareSource nandType)
{
u8 *arm9Section = (u8 *)firm + firm->section[2].offset;
//Find the Process9 .code location, size and memory address
u32 process9Size,
process9MemAddr;
u8 *process9Offset = getProcess9Info(arm9Section, firm->section[2].size, &process9Size, &process9MemAddr);
u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
ret = 0;
ret += patchProtoNandSignatureCheck(process9Offset, process9Size);
//Arm9 exception handlers
ret += patchArm9ExceptionHandlersInstall(arm9Section, kernel9Size);
//Apply EmuNAND patches
if(nandType != FIRMWARE_SYSNAND) ret += patchProtoEmuNand(process9Offset, process9Size);
return ret;
}
void launchFirm(int argc, char **argv)
{
prepareArm11ForFirmlaunch();
chainload(argc, argv, firm);
}

529
arm9/source/fs.c
View File

@ -1,529 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2021 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "fs.h"
#include "memory.h"
#include "fmt.h"
#include "crypto.h"
#include "cache.h"
#include "screen.h"
#include "draw.h"
#include "utils.h"
#include "fatfs/ff.h"
#include "buttons.h"
#include "firm.h"
#include "crypto.h"
#include "strings.h"
#include "alignedseqmemcpy.h"
#include "i2c.h"
static FATFS sdFs,
nandFs;
static bool switchToMainDir(bool isSd)
{
const char *mainDir = isSd ? "/luma" : "/rw/luma";
switch(f_chdir(mainDir))
{
case FR_OK:
return true;
case FR_NO_PATH:
{
if (f_mkdir(mainDir) != FR_OK)
{
error("Failed to create luma directory.");
return false;
}
return switchToMainDir(isSd);
}
default:
return false;
}
}
bool mountSdCardPartition(bool switchMainDir)
{
static bool sdInitialized = false;
if (!sdInitialized)
sdInitialized = f_mount(&sdFs, "sdmc:", 1) == FR_OK;
if (sdInitialized && switchMainDir)
return f_chdrive("sdmc:") == FR_OK && switchToMainDir(true);
return sdInitialized;
}
bool remountCtrNandPartition(bool switchMainDir)
{
static bool nandInitialized = false;
int res = FR_OK;
if (!nandInitialized)
{
res = f_mount(&nandFs, "nand:", 1);
nandInitialized = res == FR_OK;
}
if (nandInitialized && switchMainDir)
return f_chdrive("nand:") == FR_OK && switchToMainDir(false);
return nandInitialized;
}
void unmountPartitions(void)
{
f_unmount("nand:");
f_unmount("sdmc:");
}
u32 fileRead(void *dest, const char *path, u32 maxSize)
{
FIL file;
FRESULT result = FR_OK;
u32 ret = 0;
if(f_open(&file, path, FA_READ) != FR_OK) return ret;
u32 size = f_size(&file);
if(dest == NULL) ret = size;
else if(size <= maxSize)
result = f_read(&file, dest, size, (unsigned int *)&ret);
result |= f_close(&file);
return result == FR_OK ? ret : 0;
}
u32 getFileSize(const char *path)
{
return fileRead(NULL, path, 0);
}
bool fileWrite(const void *buffer, const char *path, u32 size)
{
FIL file;
FRESULT result = FR_OK;
switch(f_open(&file, path, FA_WRITE | FA_OPEN_ALWAYS))
{
case FR_OK:
{
unsigned int written;
result = f_write(&file, buffer, size, &written);
if(result == FR_OK) result = f_truncate(&file);
result |= f_close(&file);
return result == FR_OK && (u32)written == size;
}
case FR_NO_PATH:
// Only create the last dir in the hierarchy
for(u32 i = 1; path[i] != 0; i++)
if(path[i] == '/')
{
char folder[i + 1];
memcpy(folder, path, i);
folder[i] = 0;
result = f_mkdir(folder);
}
return result == FR_OK && fileWrite(buffer, path, size);
default:
return false;
}
}
bool fileDelete(const char *path)
{
return f_unlink(path) == FR_OK;
}
bool fileCopy(const char *pathSrc, const char *pathDst, bool replace, void *tmpBuffer, size_t bufferSize)
{
FIL fileSrc, fileDst;
FRESULT res;
res = f_open(&fileSrc, pathSrc, FA_READ);
if (res != FR_OK)
return true; // Succeed if the source file doesn't exist
size_t szSrc = f_size(&fileSrc), rem = szSrc;
res = f_open(&fileDst, pathDst, FA_WRITE | (replace ? FA_CREATE_ALWAYS : FA_CREATE_NEW));
if (res == FR_EXIST)
{
// We did not fail
f_close(&fileSrc);
return true;
}
else if (res == FR_NO_PATH)
{
// Only create the last dir in the hierarchy
const char *c;
for (c = pathDst + strlen(pathDst); *c != '/' && c >= pathDst; --c);
if (c >= pathDst && c - pathDst <= FF_MAX_LFN && *c != '\0')
{
char path[FF_MAX_LFN + 1];
strncpy(path, pathDst, c - pathDst);
path[c - pathDst] = '\0';
res = f_mkdir(path);
}
if (res == FR_OK)
res = f_open(&fileDst, pathDst, FA_WRITE | (replace ? FA_CREATE_ALWAYS : FA_CREATE_NEW));
}
if (res != FR_OK)
{
f_close(&fileSrc);
return false;
}
while (rem > 0)
{
size_t sz = rem >= bufferSize ? bufferSize : rem;
UINT n = 0;
res = f_read(&fileSrc, tmpBuffer, sz, &n);
if (n != sz)
res = FR_INT_ERR; // should not happen
if (res == FR_OK)
{
res = f_write(&fileDst, tmpBuffer, sz, &n);
if (n != sz)
res = FR_DENIED; // disk full
}
if (res != FR_OK)
{
f_close(&fileSrc);
f_close(&fileDst);
f_unlink(pathDst); // oops, failed
return false;
}
rem -= sz;
}
f_close(&fileSrc);
f_close(&fileDst);
return true;
}
bool createDir(const char *path)
{
FRESULT res = f_mkdir(path);
return res == FR_OK || res == FR_EXIST;
}
bool findPayload(char *path, u32 pressed)
{
const char *pattern;
if(pressed & BUTTON_LEFT) pattern = PATTERN("left");
else if(pressed & BUTTON_RIGHT) pattern = PATTERN("right");
else if(pressed & BUTTON_UP) pattern = PATTERN("up");
else if(pressed & BUTTON_DOWN) pattern = PATTERN("down");
else if(pressed & BUTTON_START) pattern = PATTERN("start");
else if(pressed & BUTTON_B) pattern = PATTERN("b");
else if(pressed & BUTTON_X) pattern = PATTERN("x");
else if(pressed & BUTTON_Y) pattern = PATTERN("y");
else if(pressed & BUTTON_R1) pattern = PATTERN("r");
else if(pressed & BUTTON_A) pattern = PATTERN("a");
else pattern = PATTERN("select");
DIR dir;
FILINFO info;
FRESULT result;
result = f_findfirst(&dir, &info, "payloads", pattern);
if(result != FR_OK) return false;
f_closedir(&dir);
if(!info.fname[0]) return false;
sprintf(path, "payloads/%s", info.fname);
return true;
}
bool payloadMenu(char *path, bool *hasDisplayedMenu)
{
DIR dir;
*hasDisplayedMenu = false;
if(f_opendir(&dir, "payloads") != FR_OK) return false;
FILINFO info;
u32 payloadNum = 0;
char payloadList[20][49];
while(f_readdir(&dir, &info) == FR_OK && info.fname[0] != 0 && payloadNum < 20)
{
if(info.fname[0] == '.') continue;
u32 nameLength = strlen(info.fname);
if(nameLength < 6 || nameLength > 52) continue;
nameLength -= 5;
if(memcmp(info.fname + nameLength, ".firm", 5) != 0) continue;
memcpy(payloadList[payloadNum], info.fname, nameLength);
payloadList[payloadNum][nameLength] = 0;
payloadNum++;
}
if(f_closedir(&dir) != FR_OK || !payloadNum) return false;
u32 pressed = 0,
selectedPayload = 0;
if(payloadNum != 1)
{
initScreens();
*hasDisplayedMenu = true;
drawString(true, 10, 10, COLOR_TITLE, "Luma3DS chainloader");
drawString(true, 10, 10 + SPACING_Y, COLOR_TITLE, "Press A to select, START to quit");
for(u32 i = 0, posY = 10 + 3 * SPACING_Y, color = COLOR_RED; i < payloadNum; i++, posY += SPACING_Y)
{
drawString(true, 10, posY, color, payloadList[i]);
if(color == COLOR_RED) color = COLOR_WHITE;
}
while(pressed != BUTTON_A && pressed != BUTTON_START)
{
do
{
pressed = waitInput(true) & MENU_BUTTONS;
}
while(!pressed);
u32 oldSelectedPayload = selectedPayload;
switch(pressed)
{
case BUTTON_UP:
selectedPayload = !selectedPayload ? payloadNum - 1 : selectedPayload - 1;
break;
case BUTTON_DOWN:
selectedPayload = selectedPayload == payloadNum - 1 ? 0 : selectedPayload + 1;
break;
case BUTTON_LEFT:
selectedPayload = 0;
break;
case BUTTON_RIGHT:
selectedPayload = payloadNum - 1;
break;
default:
continue;
}
if(oldSelectedPayload == selectedPayload) continue;
drawString(true, 10, 10 + (3 + oldSelectedPayload) * SPACING_Y, COLOR_WHITE, payloadList[oldSelectedPayload]);
drawString(true, 10, 10 + (3 + selectedPayload) * SPACING_Y, COLOR_RED, payloadList[selectedPayload]);
}
}
if(pressed != BUTTON_START)
{
sprintf(path, "payloads/%s.firm", payloadList[selectedPayload]);
return true;
}
while(HID_PAD & MENU_BUTTONS);
wait(2000ULL);
return false;
}
u32 firmRead(void *dest, u32 firmType)
{
static const char *firmFolders[][2] = {{"00000002", "20000002"},
{"00000102", "20000102"},
{"00000202", "20000202"},
{"00000003", "20000003"},
{"00000001", "20000001"}};
char folderPath[64],
path[128];
sprintf(folderPath, "nand:/title/00040138/%s/content", firmFolders[firmType][ISN3DS ? 1 : 0]);
DIR dir;
u32 firmVersion = 0xFFFFFFFF;
if(f_opendir(&dir, folderPath) != FR_OK) goto exit;
FILINFO info;
//Parse the target directory
while(f_readdir(&dir, &info) == FR_OK && info.fname[0] != 0)
{
//Not a cxi
if(info.fname[9] != 'a' || strlen(info.fname) != 12) continue;
u32 tempVersion = hexAtoi(info.altname, 8);
//Found an older cxi
if(tempVersion < firmVersion) firmVersion = tempVersion;
}
if(f_closedir(&dir) != FR_OK || firmVersion == 0xFFFFFFFF) goto exit;
//Complete the string with the .app name
sprintf(path, "%s/%08lx.app", folderPath, firmVersion);
if(fileRead(dest, path, 0x400000 + sizeof(Cxi) + 0x200) <= sizeof(Cxi) + 0x400) firmVersion = 0xFFFFFFFF;
exit:
return firmVersion;
}
void findDumpFile(const char *folderPath, char *fileName)
{
DIR dir;
FRESULT result;
for(u32 n = 0; n <= 99999999; n++)
{
FILINFO info;
sprintf(fileName, "crash_dump_%08lu.dmp", n);
result = f_findfirst(&dir, &info, folderPath, fileName);
if(result != FR_OK || !info.fname[0]) break;
}
if(result == FR_OK) f_closedir(&dir);
}
static u8 fileCopyBuffer[0x10000];
static const u8 boot9Sha256[32] = {
0x2F, 0x88, 0x74, 0x4F, 0xEE, 0xD7, 0x17, 0x85, 0x63, 0x86, 0x40, 0x0A, 0x44, 0xBB, 0xA4, 0xB9,
0xCA, 0x62, 0xE7, 0x6A, 0x32, 0xC7, 0x15, 0xD4, 0xF3, 0x09, 0xC3, 0x99, 0xBF, 0x28, 0x16, 0x6F
};
static const u8 boot11Sha256[32] = {
0x74, 0xDA, 0xAC, 0xE1, 0xF8, 0x06, 0x7B, 0x66, 0xCC, 0x81, 0xFC, 0x30, 0x7A, 0x3F, 0xDB, 0x50,
0x9C, 0xBE, 0xDC, 0x32, 0xF9, 0x03, 0xAE, 0xBE, 0x90, 0x61, 0x44, 0xDE, 0xA7, 0xA0, 0x75, 0x12
};
static bool backupEssentialFiles(void)
{
size_t sz = sizeof(fileCopyBuffer);
u32 deviceID = *(vu32*)0x01FFB804;
char pathStart[0x20];
sprintf(pathStart, "backups/%08lX/", deviceID);
char fullPath[0x80];
// Since the other funcs in this file don't create directories recursively (only the last one),
// and nor does f_mkdir, create the directories anyway and ignore the result
f_mkdir("backups");
f_mkdir(pathStart);
bool ok = true;
sprintf(fullPath, "%sHWCAL0.dat", pathStart);
ok = ok && fileCopy("nand:/ro/sys/HWCAL0.dat", fullPath, false, fileCopyBuffer, sz);
sprintf(fullPath, "%sHWCAL1.dat", pathStart);
ok = ok && fileCopy("nand:/ro/sys/HWCAL1.dat", fullPath, false, fileCopyBuffer, sz);
sprintf(fullPath, "%sLocalFriendCodeSeed_A", pathStart);
ok = ok && fileCopy("nand:/rw/sys/LocalFriendCodeSeed_A", fullPath, false, fileCopyBuffer, sz); // often doesn't exist
sprintf(fullPath, "%sLocalFriendCodeSeed_B", pathStart);
ok = ok && fileCopy("nand:/rw/sys/LocalFriendCodeSeed_B", fullPath, false, fileCopyBuffer, sz);
sprintf(fullPath, "%sSecureInfo_A", pathStart);
ok = ok && fileCopy("nand:/rw/sys/SecureInfo_A", fullPath, false, fileCopyBuffer, sz);
sprintf(fullPath, "%sSecureInfo_B", pathStart);
ok = ok && fileCopy("nand:/rw/sys/SecureInfo_B", fullPath, false, fileCopyBuffer, sz); // often doesn't exist
if (!ok) return false;
alignedseqmemcpy(fileCopyBuffer, (const void *)0x10012000, 0x100);
sprintf(fullPath, "%sotp.bin", pathStart);
if (getFileSize(fullPath) != 0x100)
ok = ok && fileWrite(fileCopyBuffer, fullPath, 0x100);
if (!ok) return false;
// On dev boards, but not O3DS IS_DEBUGGER, hwcal is on an EEPROM chip accessed via I2C
u8 c = mcuConsoleInfo[0];
if (c == 2 || c == 4 || (ISN3DS && c == 5) || c == 6)
{
sprintf(fullPath, "%sHWCAL_01_EEPROM.dat", pathStart);
I2C_readRegBuf(I2C_DEV_EEPROM, 0, fileCopyBuffer, 0x1000); // Up to two instances of hwcal, with the second one @0x800
if (getFileSize(fullPath) != 0x1000)
ok = ok && fileWrite(fileCopyBuffer, fullPath, 0x1000);
}
// B9S bootrom backups
u32 hash[32/4];
sha(hash, (const void *)0x08080000, 0x10000, SHA_256_MODE);
sprintf(fullPath, "%sboot9.bin", pathStart);
if (memcmp(hash, boot9Sha256, 32) == 0 && getFileSize(fullPath) != 0x10000)
ok = ok && fileWrite((const void *)0x08080000, fullPath, 0x10000);
sha(hash, (const void *)0x08090000, 0x10000, SHA_256_MODE);
sprintf(fullPath, "%sboot11.bin", pathStart);
if (memcmp(hash, boot11Sha256, 32) == 0 && getFileSize(fullPath) != 0x10000)
ok = ok && fileWrite((const void *)0x08090000, fullPath, 0x10000);
return ok;
}
bool doLumaUpgradeProcess(void)
{
bool ok = true, ok2 = true;
// Ensure CTRNAND is mounted
remountCtrNandPartition(false);
// Try to boot.firm to CTRNAND, when applicable
#ifndef BUILD_FOR_EXPLOIT_DEV
if (isSdMode && memcmp(launchedPathForFatfs, "sdmc:", 5) == 0)
ok = fileCopy(launchedPathForFatfs, "nand:/boot.firm", true, fileCopyBuffer, sizeof(fileCopyBuffer));
#endif
// Try to backup essential files
ok2 = backupEssentialFiles();
// Clean up some of the old files
fileDelete("sdmc:/luma/config.bin");
fileDelete("nand:/rw/luma/config.bin");
createDir("sdmc:/luma/payloads");
createDir("nand:/rw/luma/payloads");
return ok && ok2;
}

225
arm9/source/i2c.c
View File

@ -1,225 +0,0 @@
/*
* This file is part of fastboot 3DS
* Copyright (C) 2017 derrek, profi200
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdbool.h>
#include "types.h"
#include "i2c.h"
#include "utils.h"
#define I2C1_REGS_BASE (0x10161000)
#define I2C2_REGS_BASE (0x10144000)
#define I2C3_REGS_BASE (0x10148000)
typedef struct
{
vu8 REG_I2C_DATA;
vu8 REG_I2C_CNT;
vu16 REG_I2C_CNTEX;
vu16 REG_I2C_SCL;
} I2cRegs;
static const struct
{
u8 busId;
u8 devAddr;
} i2cDevTable[] =
{
{0, 0x4A},
{0, 0x7A},
{0, 0x78},
{1, 0x4A},
{1, 0x78},
{1, 0x2C},
{1, 0x2E},
{1, 0x40},
{1, 0x44},
{2, 0xA6}, // TODO: Find out if 0xA6 or 0xD6 is correct
{2, 0xD0},
{2, 0xD2},
{2, 0xA4},
{2, 0x9A},
{2, 0xA0},
{1, 0xEE},
{0, 0x40},
{2, 0x54}
};
static void i2cWaitBusy(I2cRegs *const regs)
{
while(regs->REG_I2C_CNT & I2C_ENABLE);
}
static I2cRegs* i2cGetBusRegsBase(u8 busId)
{
I2cRegs *base;
switch(busId)
{
case 0:
base = (I2cRegs*)I2C1_REGS_BASE;
break;
case 1:
base = (I2cRegs*)I2C2_REGS_BASE;
break;
case 2:
base = (I2cRegs*)I2C3_REGS_BASE;
break;
default:
base = NULL;
}
return base;
}
void I2C_init(void)
{
I2cRegs *regs = i2cGetBusRegsBase(0); // Bus 1
i2cWaitBusy(regs);
regs->REG_I2C_CNTEX = 2; // ?
regs->REG_I2C_SCL = 1280; // ?
regs = i2cGetBusRegsBase(1); // Bus 2
i2cWaitBusy(regs);
regs->REG_I2C_CNTEX = 2; // ?
regs->REG_I2C_SCL = 1280; // ?
regs = i2cGetBusRegsBase(2); // Bus 3
i2cWaitBusy(regs);
regs->REG_I2C_CNTEX = 2; // ?
regs->REG_I2C_SCL = 1280; // ?
}
static bool i2cStartTransfer(I2cDevice devId, u8 regAddr, bool read, I2cRegs *const regs)
{
const u8 devAddr = i2cDevTable[devId].devAddr;
u32 i = 0;
for(; i < 8; i++)
{
i2cWaitBusy(regs);
// Select device and start.
regs->REG_I2C_DATA = devAddr;
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_START;
i2cWaitBusy(regs);
if(!I2C_GET_ACK(regs->REG_I2C_CNT)) // If ack flag is 0 it failed.
{
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_ERROR | I2C_STOP;
continue;
}
// Select register and change direction to write.
regs->REG_I2C_DATA = regAddr;
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_DIRE_WRITE;
i2cWaitBusy(regs);
if(!I2C_GET_ACK(regs->REG_I2C_CNT)) // If ack flag is 0 it failed.
{
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_ERROR | I2C_STOP;
continue;
}
// Select device in read mode for read transfer.
if(read)
{
regs->REG_I2C_DATA = devAddr | 1u; // Set bit 0 for read.
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_START;
i2cWaitBusy(regs);
if(!I2C_GET_ACK(regs->REG_I2C_CNT)) // If ack flag is 0 it failed.
{
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_ERROR | I2C_STOP;
continue;
}
}
break;
}
if(i < 8) return true;
else return false;
}
bool I2C_readRegBuf(I2cDevice devId, u8 regAddr, u8 *out, u32 size)
{
const u8 busId = i2cDevTable[devId].busId;
I2cRegs *const regs = i2cGetBusRegsBase(busId);
if(!i2cStartTransfer(devId, regAddr, true, regs)) return false;
while(--size)
{
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_DIRE_READ | I2C_ACK;
i2cWaitBusy(regs);
*out++ = regs->REG_I2C_DATA;
}
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_DIRE_READ | I2C_STOP;
i2cWaitBusy(regs);
*out = regs->REG_I2C_DATA; // Last byte
return true;
}
bool I2C_writeRegBuf(I2cDevice devId, u8 regAddr, const u8 *in, u32 size)
{
const u8 busId = i2cDevTable[devId].busId;
I2cRegs *const regs = i2cGetBusRegsBase(busId);
if(!i2cStartTransfer(devId, regAddr, false, regs)) return false;
while(--size)
{
regs->REG_I2C_DATA = *in++;
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_DIRE_WRITE;
i2cWaitBusy(regs);
if(!I2C_GET_ACK(regs->REG_I2C_CNT)) // If ack flag is 0 it failed.
{
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_ERROR | I2C_STOP;
return false;
}
}
regs->REG_I2C_DATA = *in;
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_DIRE_WRITE | I2C_STOP;
i2cWaitBusy(regs);
if(!I2C_GET_ACK(regs->REG_I2C_CNT)) // If ack flag is 0 it failed.
{
regs->REG_I2C_CNT = I2C_ENABLE | I2C_IRQ_ENABLE | I2C_ERROR | I2C_STOP;
return false;
}
return true;
}
u8 I2C_readReg(I2cDevice devId, u8 regAddr)
{
u8 data;
if(!I2C_readRegBuf(devId, regAddr, &data, 1)) return 0xFF;
return data;
}
bool I2C_writeReg(I2cDevice devId, u8 regAddr, u8 data)
{
return I2C_writeRegBuf(devId, regAddr, &data, 1);
}

104
arm9/source/i2c.h
View File

@ -1,104 +0,0 @@
#pragma once
/*
* This file is part of fastboot 3DS
* Copyright (C) 2017 derrek, profi200
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdbool.h>
#include "types.h"
#define I2C_STOP (1u)
#define I2C_START (1u<<1)
#define I2C_ERROR (1u<<2)
#define I2C_ACK (1u<<4)
#define I2C_DIRE_WRITE (0u)
#define I2C_DIRE_READ (1u<<5)
#define I2C_IRQ_ENABLE (1u<<6)
#define I2C_ENABLE (1u<<7)
#define I2C_GET_ACK(reg) ((bool)((reg)>>4 & 1u))
typedef enum
{
I2C_DEV_POWER = 0, // Unconfirmed
I2C_DEV_CAMERA = 1, // Unconfirmed
I2C_DEV_CAMERA2 = 2, // Unconfirmed
I2C_DEV_MCU = 3,
I2C_DEV_LCD_TOP = 5,
I2C_DEV_LCD_BOT = 6,
I2C_DEV_GYRO = 10,
I2C_DEV_DEBUG_PAD = 12,
I2C_DEV_IR = 13,
I2C_DEV_EEPROM = 14, // Unconfirmed
I2C_DEV_NFC = 15,
I2C_DEV_QTM = 16,
I2C_DEV_N3DS_HID = 17
} I2cDevice;
/**
* @brief Initializes the I2C buses. Call this only once.
*/
void I2C_init(void);
/**
* @brief Reads data from a I2C register to a buffer.
*
* @param[in] devId The device ID. Use the enum above.
* @param[in] regAddr The register address.
* @param out The output buffer pointer.
* @param[in] size The read size.
*
* @return Returns true on success and false on failure.
*/
bool I2C_readRegBuf(I2cDevice devId, u8 regAddr, u8 *out, u32 size);
/**
* @brief Writes a buffer to a I2C register.
*
* @param[in] devId The device ID. Use the enum above.
* @param[in] regAddr The register address.
* @param[in] in The input buffer pointer.
* @param[in] size The write size.
*
* @return Returns true on success and false on failure.
*/
bool I2C_writeRegBuf(I2cDevice devId, u8 regAddr, const u8 *in, u32 size);
/**
* @brief Reads a byte from a I2C register.
*
* @param[in] devId The device ID. Use the enum above.
* @param[in] regAddr The register address.
*
* @return Returns the value read on success otherwise 0xFF.
*/
u8 I2C_readReg(I2cDevice devId, u8 regAddr);
/**
* @brief Writes a byte to a I2C register.
*
* @param[in] devId The device ID. Use the enum above.
* @param[in] regAddr The register address.
* @param[in] data The data to write.
*
* @return Returns true on success and false on failure.
*/
bool I2C_writeReg(I2cDevice devId, u8 regAddr, u8 data);

298
arm9/source/ini.c
View File

@ -1,298 +0,0 @@
/* inih -- simple .INI file parser
SPDX-License-Identifier: BSD-3-Clause
Copyright (C) 2009-2020, Ben Hoyt
inih is released under the New BSD license (see LICENSE.txt). Go to the project
home page for more info:
https://github.com/benhoyt/inih
*/
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_WARNINGS)
#define _CRT_SECURE_NO_WARNINGS
#endif
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include "ini.h"
#if !INI_USE_STACK
#if INI_CUSTOM_ALLOCATOR
#include <stddef.h>
void* ini_malloc(size_t size);
void ini_free(void* ptr);
void* ini_realloc(void* ptr, size_t size);
#else
#include <stdlib.h>
#define ini_malloc malloc
#define ini_free free
#define ini_realloc realloc
#endif
#endif
#define MAX_SECTION 50
#define MAX_NAME 50
/* Used by ini_parse_string() to keep track of string parsing state. */
typedef struct {
const char* ptr;
size_t num_left;
} ini_parse_string_ctx;
/* Strip whitespace chars off end of given string, in place. Return s. */
static char* rstrip(char* s)
{
char* p = s + strlen(s);
while (p > s && isspace((unsigned char)(*--p)))
*p = '\0';
return s;
}
/* Return pointer to first non-whitespace char in given string. */
static char* lskip(const char* s)
{
while (*s && isspace((unsigned char)(*s)))
s++;
return (char*)s;
}
/* Return pointer to first char (of chars) or inline comment in given string,
or pointer to NUL at end of string if neither found. Inline comment must
be prefixed by a whitespace character to register as a comment. */
static char* find_chars_or_comment(const char* s, const char* chars)
{
#if INI_ALLOW_INLINE_COMMENTS
int was_space = 0;
while (*s && (!chars || !strchr(chars, *s)) &&
!(was_space && strchr(INI_INLINE_COMMENT_PREFIXES, *s))) {
was_space = isspace((unsigned char)(*s));
s++;
}
#else
while (*s && (!chars || !strchr(chars, *s))) {
s++;
}
#endif
return (char*)s;
}
/* Similar to strncpy, but ensures dest (size bytes) is
NUL-terminated, and doesn't pad with NULs. */
static char* strncpy0(char* dest, const char* src, size_t size)
{
/* Could use strncpy internally, but it causes gcc warnings (see issue #91) */
size_t i;
for (i = 0; i < size - 1 && src[i]; i++)
dest[i] = src[i];
dest[i] = '\0';
return dest;
}
/* See documentation in header file. */
int ini_parse_stream(ini_reader reader, void* stream, ini_handler handler,
void* user)
{
/* Uses a fair bit of stack (use heap instead if you need to) */
#if INI_USE_STACK
char line[INI_MAX_LINE];
int max_line = INI_MAX_LINE;
#else
char* line;
size_t max_line = INI_INITIAL_ALLOC;
#endif
#if INI_ALLOW_REALLOC && !INI_USE_STACK
char* new_line;
size_t offset;
#endif
char section[MAX_SECTION] = "";
char prev_name[MAX_NAME] = "";
char* start;
char* end;
char* name;
char* value;
int lineno = 0;
int error = 0;
#if !INI_USE_STACK
line = (char*)ini_malloc(INI_INITIAL_ALLOC);
if (!line) {
return -2;
}
#endif
#if INI_HANDLER_LINENO
#define HANDLER(u, s, n, v) handler(u, s, n, v, lineno)
#else
#define HANDLER(u, s, n, v) handler(u, s, n, v)
#endif
/* Scan through stream line by line */
while (reader(line, (int)max_line, stream) != NULL) {
#if INI_ALLOW_REALLOC && !INI_USE_STACK
offset = strlen(line);
while (offset == max_line - 1 && line[offset - 1] != '\n') {
max_line *= 2;
if (max_line > INI_MAX_LINE)
max_line = INI_MAX_LINE;
new_line = ini_realloc(line, max_line);
if (!new_line) {
ini_free(line);
return -2;
}
line = new_line;
if (reader(line + offset, (int)(max_line - offset), stream) == NULL)
break;
if (max_line >= INI_MAX_LINE)
break;
offset += strlen(line + offset);
}
#endif
lineno++;
start = line;
#if INI_ALLOW_BOM
if (lineno == 1 && (unsigned char)start[0] == 0xEF &&
(unsigned char)start[1] == 0xBB &&
(unsigned char)start[2] == 0xBF) {
start += 3;
}
#endif
start = lskip(rstrip(start));
if (strchr(INI_START_COMMENT_PREFIXES, *start)) {
/* Start-of-line comment */
}
#if INI_ALLOW_MULTILINE
else if (*prev_name && *start && start > line) {
/* Non-blank line with leading whitespace, treat as continuation
of previous name's value (as per Python configparser). */
if (!HANDLER(user, section, prev_name, start) && !error)
error = lineno;
}
#endif
else if (*start == '[') {
/* A "[section]" line */
end = find_chars_or_comment(start + 1, "]");
if (*end == ']') {
*end = '\0';
strncpy0(section, start + 1, sizeof(section));
*prev_name = '\0';
#if INI_CALL_HANDLER_ON_NEW_SECTION
if (!HANDLER(user, section, NULL, NULL) && !error)
error = lineno;
#endif
}
else if (!error) {
/* No ']' found on section line */
error = lineno;
}
}
else if (*start) {
/* Not a comment, must be a name[=:]value pair */
end = find_chars_or_comment(start, "=:");
if (*end == '=' || *end == ':') {
*end = '\0';
name = rstrip(start);
value = end + 1;
#if INI_ALLOW_INLINE_COMMENTS
end = find_chars_or_comment(value, NULL);
if (*end)
*end = '\0';
#endif
value = lskip(value);
rstrip(value);
/* Valid name[=:]value pair found, call handler */
strncpy0(prev_name, name, sizeof(prev_name));
if (!HANDLER(user, section, name, value) && !error)
error = lineno;
}
else if (!error) {
/* No '=' or ':' found on name[=:]value line */
#if INI_ALLOW_NO_VALUE
*end = '\0';
name = rstrip(start);
if (!HANDLER(user, section, name, NULL) && !error)
error = lineno;
#else
error = lineno;
#endif
}
}
#if INI_STOP_ON_FIRST_ERROR
if (error)
break;
#endif
}
#if !INI_USE_STACK
ini_free(line);
#endif
return error;
}
/* See documentation in header file. */
int ini_parse_file(FILE* file, ini_handler handler, void* user)
{
return ini_parse_stream((ini_reader)fgets, file, handler, user);
}
/* See documentation in header file. */
int ini_parse(const char* filename, ini_handler handler, void* user)
{
FILE* file;
int error;
file = fopen(filename, "r");
if (!file)
return -1;
error = ini_parse_file(file, handler, user);
fclose(file);
return error;
}
/* An ini_reader function to read the next line from a string buffer. This
is the fgets() equivalent used by ini_parse_string(). */
static char* ini_reader_string(char* str, int num, void* stream) {
ini_parse_string_ctx* ctx = (ini_parse_string_ctx*)stream;
const char* ctx_ptr = ctx->ptr;
size_t ctx_num_left = ctx->num_left;
char* strp = str;
char c;
if (ctx_num_left == 0 || num < 2)
return NULL;
while (num > 1 && ctx_num_left != 0) {
c = *ctx_ptr++;
ctx_num_left--;
*strp++ = c;
if (c == '\n')
break;
num--;
}
*strp = '\0';
ctx->ptr = ctx_ptr;
ctx->num_left = ctx_num_left;
return str;
}
/* See documentation in header file. */
int ini_parse_string(const char* string, ini_handler handler, void* user) {
ini_parse_string_ctx ctx;
ctx.ptr = string;
ctx.num_left = strlen(string);
return ini_parse_stream((ini_reader)ini_reader_string, &ctx, handler,
user);
}

157
arm9/source/ini.h
View File

@ -1,157 +0,0 @@
/* inih -- simple .INI file parser
SPDX-License-Identifier: BSD-3-Clause
Copyright (C) 2009-2020, Ben Hoyt
inih is released under the New BSD license (see LICENSE.txt). Go to the project
home page for more info:
https://github.com/benhoyt/inih
*/
#ifndef INI_H
#define INI_H
/* Make this header file easier to include in C++ code */
#ifdef __cplusplus
extern "C" {
#endif
#include <stdio.h>
/* Nonzero if ini_handler callback should accept lineno parameter. */
#ifndef INI_HANDLER_LINENO
#define INI_HANDLER_LINENO 0
#endif
/* Typedef for prototype of handler function. */
#if INI_HANDLER_LINENO
typedef int (*ini_handler)(void* user, const char* section,
const char* name, const char* value,
int lineno);
#else
typedef int (*ini_handler)(void* user, const char* section,
const char* name, const char* value);
#endif
/* Typedef for prototype of fgets-style reader function. */
typedef char* (*ini_reader)(char* str, int num, void* stream);
/* Parse given INI-style file. May have [section]s, name=value pairs
(whitespace stripped), and comments starting with ';' (semicolon). Section
is "" if name=value pair parsed before any section heading. name:value
pairs are also supported as a concession to Python's configparser.
For each name=value pair parsed, call handler function with given user
pointer as well as section, name, and value (data only valid for duration
of handler call). Handler should return nonzero on success, zero on error.
Returns 0 on success, line number of first error on parse error (doesn't
stop on first error), -1 on file open error, or -2 on memory allocation
error (only when INI_USE_STACK is zero).
*/
int ini_parse(const char* filename, ini_handler handler, void* user);
/* Same as ini_parse(), but takes a FILE* instead of filename. This doesn't
close the file when it's finished -- the caller must do that. */
int ini_parse_file(FILE* file, ini_handler handler, void* user);
/* Same as ini_parse(), but takes an ini_reader function pointer instead of
filename. Used for implementing custom or string-based I/O (see also
ini_parse_string). */
int ini_parse_stream(ini_reader reader, void* stream, ini_handler handler,
void* user);
/* Same as ini_parse(), but takes a zero-terminated string with the INI data
instead of a file. Useful for parsing INI data from a network socket or
already in memory. */
int ini_parse_string(const char* string, ini_handler handler, void* user);
/* Nonzero to allow multi-line value parsing, in the style of Python's
configparser. If allowed, ini_parse() will call the handler with the same
name for each subsequent line parsed. */
#ifndef INI_ALLOW_MULTILINE
#define INI_ALLOW_MULTILINE 1
#endif
/* Nonzero to allow a UTF-8 BOM sequence (0xEF 0xBB 0xBF) at the start of
the file. See https://github.com/benhoyt/inih/issues/21 */
#ifndef INI_ALLOW_BOM
#define INI_ALLOW_BOM 1
#endif
/* Chars that begin a start-of-line comment. Per Python configparser, allow
both ; and # comments at the start of a line by default. */
#ifndef INI_START_COMMENT_PREFIXES
#define INI_START_COMMENT_PREFIXES ";#"
#endif
/* Nonzero to allow inline comments (with valid inline comment characters
specified by INI_INLINE_COMMENT_PREFIXES). Set to 0 to turn off and match
Python 3.2+ configparser behaviour. */
#ifndef INI_ALLOW_INLINE_COMMENTS
#define INI_ALLOW_INLINE_COMMENTS 1
#endif
#ifndef INI_INLINE_COMMENT_PREFIXES
#define INI_INLINE_COMMENT_PREFIXES ";"
#endif
/* Nonzero to use stack for line buffer, zero to use heap (malloc/free). */
#ifndef INI_USE_STACK
#define INI_USE_STACK 1
#endif
/* Maximum line length for any line in INI file (stack or heap). Note that
this must be 3 more than the longest line (due to '\r', '\n', and '\0'). */
#ifndef INI_MAX_LINE
#define INI_MAX_LINE 200
#endif
/* Nonzero to allow heap line buffer to grow via realloc(), zero for a
fixed-size buffer of INI_MAX_LINE bytes. Only applies if INI_USE_STACK is
zero. */
#ifndef INI_ALLOW_REALLOC
#define INI_ALLOW_REALLOC 0
#endif
/* Initial size in bytes for heap line buffer. Only applies if INI_USE_STACK
is zero. */
#ifndef INI_INITIAL_ALLOC
#define INI_INITIAL_ALLOC 200
#endif
/* Stop parsing on first error (default is to keep parsing). */
#ifndef INI_STOP_ON_FIRST_ERROR
#define INI_STOP_ON_FIRST_ERROR 0
#endif
/* Nonzero to call the handler at the start of each new section (with
name and value NULL). Default is to only call the handler on
each name=value pair. */
#ifndef INI_CALL_HANDLER_ON_NEW_SECTION
#define INI_CALL_HANDLER_ON_NEW_SECTION 0
#endif
/* Nonzero to allow a name without a value (no '=' or ':' on the line) and
call the handler with value NULL in this case. Default is to treat
no-value lines as an error. */
#ifndef INI_ALLOW_NO_VALUE
#define INI_ALLOW_NO_VALUE 0
#endif
/* Nonzero to use custom ini_malloc, ini_free, and ini_realloc memory
allocation functions (INI_USE_STACK must also be 0). These functions must
have the same signatures as malloc/free/realloc and behave in a similar
way. ini_realloc is only needed if INI_ALLOW_REALLOC is set. */
#ifndef INI_CUSTOM_ALLOCATOR
#define INI_CUSTOM_ALLOCATOR 0
#endif
#ifdef __cplusplus
}
#endif
#endif /* INI_H */

399
arm9/source/main.c
View File

@ -1,399 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2023 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "config.h"
#include "emunand.h"
#include "fs.h"
#include "firm.h"
#include "utils.h"
#include "exceptions.h"
#include "draw.h"
#include "buttons.h"
#include "pin.h"
#include "crypto.h"
#include "memory.h"
#include "deliver_arg.h"
#include "screen.h"
#include "i2c.h"
#include "fmt.h"
#include "fatfs/sdmmc/sdmmc.h"
extern u8 __itcm_start__[], __itcm_lma__[], __itcm_bss_start__[], __itcm_end__[];
extern CfgData configData;
extern ConfigurationStatus needConfig;
bool isSdMode;
char launchedPathForFatfs[256];
u16 launchedPath[80+1];
BootType bootType;
u16 mcuFwVersion;
u8 mcuConsoleInfo[9];
void main(int argc, char **argv, u32 magicWord)
{
bool isFirmProtEnabled = true,
isSafeMode = false,
needToInitSd = false,
isNoForceFlagSet = false,
isInvalidLoader = false,
isNtrBoot = false;
FirmwareType firmType = NATIVE_FIRM;
FirmwareSource nandType = FIRMWARE_SYSNAND;
u32 emunandIndex = 0;
const vu8 *bootMediaStatus = (const vu8 *)0x1FFFE00C;
const vu32 *bootPartitionsStatus = (const vu32 *)0x1FFFE010;
u32 firmlaunchTidLow = 0;
//Shell closed, no error booting NTRCARD, NAND paritions not even considered
isNtrBoot = bootMediaStatus[3] == 2 && !bootMediaStatus[1] && !bootPartitionsStatus[0] && !bootPartitionsStatus[1];
if((magicWord & 0xFFFF) == 0xBEEF && argc >= 1) //Normal (B9S) boot
{
bootType = isNtrBoot ? B9SNTR : B9S;
strncpy(launchedPathForFatfs, argv[0], sizeof(launchedPathForFatfs) - 1);
launchedPathForFatfs[sizeof(launchedPathForFatfs) - 1] = 0;
u32 i;
for(i = 0; i < sizeof(launchedPath)/2 - 1 && argv[0][i] != 0; i++) //Copy and convert the path to UTF-16
launchedPath[i] = argv[0][i];
launchedPath[i] = 0;
}
else if(magicWord == 0xBABE && argc == 2) //Firmlaunch
{
bootType = FIRMLAUNCH;
u32 i;
u16 *p = (u16 *)argv[0];
for(i = 0; i < sizeof(launchedPath)/2 - 1 && p[i] != 0; i++)
{
launchedPath[i] = p[i];
launchedPathForFatfs[i] = (u8)p[i]; // UCS-2 to ascii. Meh.
}
launchedPath[i] = 0;
for(i = 0; i < 8; i++)
firmlaunchTidLow = (argv[1][2 * i] > '9' ? argv[1][2 * i] - 'a' + 10 : argv[1][2 * i] - '0') | (firmlaunchTidLow << 4);
}
else if(magicWord == 0xB002) //FIRM/NTRCARD boot
{
if(isNtrBoot) bootType = NTR;
else
{
const char *path;
if(!((vu8 *)bootPartitionsStatus)[2])
{
bootType = FIRM0;
path = "firm0:";
}
else
{
bootType = FIRM1;
path = "firm1:";
}
for(u32 i = 0; i < 7; i++) //Copy and convert the path to UTF-16
launchedPath[i] = path[i];
strcpy(launchedPathForFatfs, path);
}
setupKeyslots();
}
else isInvalidLoader = true;
// Set up the additional sections, overwrites argc
memcpy(__itcm_start__, __itcm_lma__, __itcm_bss_start__ - __itcm_start__);
memset(__itcm_bss_start__, 0, __itcm_end__ - __itcm_bss_start__);
I2C_init();
u8 mcuFwVerHi = I2C_readReg(I2C_DEV_MCU, 0) - 0x10;
u8 mcuFwVerLo = I2C_readReg(I2C_DEV_MCU, 1);
mcuFwVersion = ((u16)mcuFwVerHi << 16) | mcuFwVerLo;
// Check if fw is older than factory. See https://www.3dbrew.org/wiki/MCU_Services#MCU_firmware_versions for a table
if (mcuFwVerHi < 1) error("Unsupported MCU FW version %d.%d.", (int)mcuFwVerHi, (int)mcuFwVerLo);
I2C_readRegBuf(I2C_DEV_MCU, 0x7F, mcuConsoleInfo, 9);
if(isInvalidLoader) error("Launched using an unsupported loader.");
installArm9Handlers();
if(memcmp(launchedPath, u"sdmc", 8) == 0)
{
if(!mountSdCardPartition(true)) error("Failed to mount SD.");
isSdMode = true;
}
else if(memcmp(launchedPath, u"nand", 8) == 0)
{
if(!remountCtrNandPartition(true)) error("Failed to mount CTRNAND.");
isSdMode = false;
}
else if(bootType == NTR || memcmp(launchedPath, u"firm", 8) == 0)
{
if(mountSdCardPartition(true)) isSdMode = true;
else if(remountCtrNandPartition(true)) isSdMode = false;
else error("Failed to mount SD and CTRNAND.");
if(bootType == NTR)
{
while(HID_PAD & NTRBOOT_BUTTONS);
loadHomebrewFirm(0);
mcuPowerOff();
}
}
else
{
char mountPoint[5];
u32 i;
for(i = 0; i < 4 && launchedPath[i] != u':'; i++)
mountPoint[i] = (char)launchedPath[i];
mountPoint[i] = 0;
error("Launched from an unsupported location: %s.", mountPoint);
}
detectAndProcessExceptionDumps();
//Attempt to read the configuration file
needConfig = readConfig() ? MODIFY_CONFIGURATION : CREATE_CONFIGURATION;
//Determine if this is a firmlaunch boot
if(bootType == FIRMLAUNCH)
{
if(needConfig == CREATE_CONFIGURATION) mcuPowerOff();
switch(firmlaunchTidLow & 0xF)
{
case 2:
firmType = (FirmwareType)((firmlaunchTidLow >> 8) & 0xF);
break;
case 3:
firmType = SAFE_FIRM;
break;
case 1:
firmType = SYSUPDATER_FIRM;
break;
}
nandType = (FirmwareSource)BOOTCFG_NAND;
emunandIndex = BOOTCFG_EMUINDEX;
isFirmProtEnabled = !BOOTCFG_NTRCARDBOOT;
goto boot;
}
firmType = NATIVE_FIRM;
isFirmProtEnabled = bootType != NTR;
//Get pressed buttons
u32 pressed = HID_PAD;
//If it's a MCU reboot, try to force boot options
if(CFG_BOOTENV && needConfig != CREATE_CONFIGURATION)
{
u32 bootenv = CFG_BOOTENV;
bool validTlnc = bootenv == 3 && hasValidTlncAutobootParams();
if (validTlnc)
needToInitSd = true;
//Always force a SysNAND boot when quitting AGB_FIRM
if(bootenv == 7)
{
nandType = FIRMWARE_SYSNAND;
// Prevent multiple boot options-forcing
// This bit is a bit weird. Basically, as you return to Home Menu by pressing either
// the HOME or POWER button, nandType will be overridden to "SysNAND" (needed). But,
// if you reboot again (e.g. via Rosalina menu), it'll use your default settings.
if(nandType != BOOTCFG_NAND) isNoForceFlagSet = true;
goto boot;
}
// Configure homebrew autoboot (if deliver arg ends up not containing anything)
if (bootenv == 1 && MULTICONFIG(AUTOBOOTMODE) != 0)
configureHomebrewAutoboot();
/* Force the last used boot options if doing autolaunch from TWL, or unless a button is pressed
or the no-forcing flag is set */
if(validTlnc || !(pressed || BOOTCFG_NOFORCEFLAG))
{
nandType = (FirmwareSource)BOOTCFG_NAND;
emunandIndex = BOOTCFG_EMUINDEX;
goto boot;
}
}
u32 pinMode = MULTICONFIG(PIN);
bool shouldLoadConfigMenu = needConfig == CREATE_CONFIGURATION || ((pressed & (BUTTON_SELECT | BUTTON_L1)) == BUTTON_SELECT);
bool pinExists = pinMode != 0 && verifyPin(pinMode);
/* If the PIN has been verified, wait to make it easier to press the SAFE_MODE combo or the configuration menu button
(if not already pressed, for the latter) */
if(pinExists && !shouldLoadConfigMenu)
{
while(HID_PAD & PIN_BUTTONS);
wait(2000ULL);
//Update pressed buttons
pressed = HID_PAD;
}
shouldLoadConfigMenu = needConfig == CREATE_CONFIGURATION || ((pressed & (BUTTON_SELECT | BUTTON_L1)) == BUTTON_SELECT);
if(shouldLoadConfigMenu)
{
configMenu(pinExists, pinMode);
//Update pressed buttons
pressed = HID_PAD;
}
if(!CFG_BOOTENV && pressed == SAFE_MODE)
{
nandType = FIRMWARE_SYSNAND;
isSafeMode = true;
needToInitSd = true;
goto boot;
}
u32 splashMode = MULTICONFIG(SPLASH);
if(splashMode == 1 && loadSplash()) pressed = HID_PAD;
bool autoBootEmu = CONFIG(AUTOBOOTEMU);
if((pressed & (BUTTON_START | BUTTON_L1)) == BUTTON_START)
{
loadHomebrewFirm(0);
pressed = HID_PAD;
}
else if((((pressed & SINGLE_PAYLOAD_BUTTONS) || (!autoBootEmu && (pressed & DPAD_BUTTONS))) && !(pressed & (BUTTON_L1 | BUTTON_R1))) ||
(((pressed & L_PAYLOAD_BUTTONS) || (autoBootEmu && (pressed & DPAD_BUTTONS))) && (pressed & BUTTON_L1))) loadHomebrewFirm(pressed);
if(splashMode == 2 && loadSplash()) pressed = HID_PAD;
//Check SAFE_MODE combo again
if(!CFG_BOOTENV && pressed == SAFE_MODE)
{
nandType = FIRMWARE_SYSNAND;
isSafeMode = true;
needToInitSd = true;
goto boot;
}
// Set-up autoboot
if (MULTICONFIG(AUTOBOOTMODE) != 0)
configureHomebrewAutoboot();
//If booting from CTRNAND, always use SysNAND
if(!isSdMode) nandType = FIRMWARE_SYSNAND;
else nandType = (autoBootEmu == ((pressed & BUTTON_L1) == BUTTON_L1)) ? FIRMWARE_SYSNAND : FIRMWARE_EMUNAND;
//If we're booting EmuNAND or using EmuNAND FIRM, determine which one from the directional pad buttons, or otherwise from the config
if(nandType == FIRMWARE_EMUNAND)
{
switch(pressed & DPAD_BUTTONS)
{
case BUTTON_UP:
emunandIndex = 0;
break;
case BUTTON_RIGHT:
emunandIndex = 1;
break;
case BUTTON_DOWN:
emunandIndex = 2;
break;
case BUTTON_LEFT:
emunandIndex = 3;
break;
default:
emunandIndex = MULTICONFIG(DEFAULTEMU);
break;
}
}
boot:
//If we need to boot EmuNAND, make sure it exists
if(nandType != FIRMWARE_SYSNAND)
{
locateEmuNand(&nandType, &emunandIndex, true);
if(nandType == FIRMWARE_EMUNAND && (*(vu16 *)(SDMMC_BASE + REG_SDSTATUS0) & TMIO_STAT0_WRPROTECT) == 0) //Make sure the SD card isn't write protected
error("The SD card is locked, EmuNAND can not be used.\nPlease turn the write protection switch off.");
}
ctrNandLocation = nandType; // for CTRNAND partition
if(bootType != FIRMLAUNCH)
{
configData.bootConfig = ((bootType == NTR ? 1 : 0) << 4) | ((u32)isNoForceFlagSet << 3) | ((u32)emunandIndex << 1) | (u32)nandType;
writeConfig(false);
}
bool loadFromStorage = CONFIG(LOADEXTFIRMSANDMODULES);
u32 firmVersion = loadNintendoFirm(&firmType, nandType, loadFromStorage, isSafeMode);
bool doUnitinfoPatch = CONFIG(PATCHUNITINFO);
u32 res = 0;
switch(firmType)
{
case NATIVE_FIRM:
{
res = patchNativeFirm(firmVersion, nandType, loadFromStorage, isFirmProtEnabled, needToInitSd, doUnitinfoPatch);
break;
}
case TWL_FIRM:
res = patchTwlFirm(firmVersion, loadFromStorage, doUnitinfoPatch);
break;
case AGB_FIRM:
res = patchAgbFirm(loadFromStorage, doUnitinfoPatch);
break;
case SAFE_FIRM:
case SYSUPDATER_FIRM:
case NATIVE_FIRM1X2X:
res = patch1x2xNativeAndSafeFirm();
break;
case NATIVE_PROTOTYPE:
res = patchPrototypeNative(nandType);
break;
}
if(res != 0) error("Failed to apply %u FIRM patch(es).", res);
unmountPartitions();
if(bootType != FIRMLAUNCH) deinitScreens();
launchFirm(0, NULL);
}

898
arm9/source/patches.c
View File

@ -1,898 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* Signature patches by an unknown author
* Signature patches for old FIRMs by SciresM
* firmlaunches patching code originally by delebile
* FIRM partition writes patches by delebile
* Idea for svcBreak patches from yellows8 and others on #3dsdev
* TWL_FIRM patches by Steveice10 and others
*/
#include "patches.h"
#include "fs.h"
#include "exceptions.h"
#include "memory.h"
#include "config.h"
#include "utils.h"
#include "arm9_exception_handlers.h"
#include "large_patches.h"
#define K11EXT_VA 0x70000000
extern u16 launchedPath[];
extern u32 firmProtoVersion;
u8 *getProcess9Info(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr)
{
u8 *temp = memsearch(pos, "NCCH", size, 4);
if(temp == NULL) error("Failed to get Process9 data.");
Cxi *off = (Cxi *)(temp - 0x100);
*process9MemAddr = off->exHeader.systemControlInfo.textCodeSet.address;
// Prototype FW has a different NCCH format
if (firmProtoVersion && firmProtoVersion <= 243)
{
*process9Size = off->ncch.exeFsSize;
return (u8 *)off + off->ncch.exeFsOffset;
}
else
{
*process9Size = (off->ncch.exeFsSize - 1) * 0x200;
return (u8 *)off + (off->ncch.exeFsOffset + 1) * 0x200;
}
}
u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space, u32 **arm11SvcHandler, u32 **arm11ExceptionsPage)
{
static const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5};
*arm11ExceptionsPage = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
if(*arm11ExceptionsPage == NULL) error("Failed to get Kernel11 data.");
u32 *arm11SvcTable;
*arm11ExceptionsPage -= 0xB;
u32 svcOffset = (-(((*arm11ExceptionsPage)[2] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch
u32 pointedInstructionVA = 0xFFFF0008 - svcOffset;
*baseK11VA = pointedInstructionVA & 0xFFFF0000; //This assumes that the pointed instruction has an offset < 0x10000, iirc that's always the case
arm11SvcTable = *arm11SvcHandler = (u32 *)(pos + *(u32 *)(pos + pointedInstructionVA - *baseK11VA + 8) - *baseK11VA); //SVC handler address
while(*arm11SvcTable) arm11SvcTable++; //Look for SVC0 (NULL)
u32 *freeSpace;
for(freeSpace = *arm11ExceptionsPage; freeSpace < *arm11ExceptionsPage + 0x400 && *freeSpace != 0xFFFFFFFF; freeSpace++);
*freeK11Space = (u8 *) freeSpace;
return arm11SvcTable;
}
// For Arm prologs in the form of: push {regs} ... sub sp, #off (this obviously doesn't intend to cover all cases)
static inline u32 computeArmFrameSize(const u32 *prolog)
{
const u32 *off;
for(off = prolog; (*off >> 16) != 0xE92D; off++); // look for stmfd sp! = push
u32 nbPushedRegs = 0;
for(u32 val = *off & 0xFFFF; val != 0; val >>= 1) // 1 bit = 1 pushed register
nbPushedRegs += val & 1;
for(; (*off >> 8) != 0xE24DD0; off++); // look for sub sp, #offset
u32 localVariablesSpaceSize = *off & 0xFF;
return 4 * nbPushedRegs + localVariablesSpaceSize;
}
static inline u32 *getKernel11HandlerVAPos(u8 *pos, u32 *arm11ExceptionsPage, u32 baseK11VA, u32 id)
{
u32 off = ((-((arm11ExceptionsPage[id] & 0xFFFFFF) << 2)) & (0xFFFFFF << 2)) - 8;
u32 pointedInstructionVA = 0xFFFF0000 + 4 * id - off;
return (u32 *)(pos + pointedInstructionVA - baseK11VA + 8);
}
u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32 *arm11ExceptionsPage, u8 **freeK11Space)
{
//The parameters to be passed on to the kernel ext
//Please keep that in sync with the definition in k11_extension/source/main.c
struct KExtParameters
{
u32 basePA;
u32 stolenSystemMemRegionSize;
void *originalHandlers[4];
u32 L1MMUTableAddrs[4];
volatile bool done;
struct CfwInfo
{
char magic[4];
u8 versionMajor;
u8 versionMinor;
u8 versionBuild;
u8 flags;
u32 commitHash;
u16 configFormatVersionMajor, configFormatVersionMinor;
u32 config, multiConfig, bootConfig;
u32 splashDurationMsec;
s8 volumeSliderOverride;
u64 hbldr3dsxTitleId;
u32 rosalinaMenuCombo;
u32 pluginLoaderFlags;
s16 ntpTzOffetMinutes;
ScreenFiltersCfgData topScreenFilter;
ScreenFiltersCfgData bottomScreenFilter;
u64 autobootTwlTitleId;
u8 autobootCtrAppmemtype;
u16 launchedPath[80+1];
} info;
};
static const u8 patternHook1[] = {0x02, 0xC2, 0xA0, 0xE3, 0xFF}; //MMU setup hook
static const u8 patternHook2[] = {0x08, 0x00, 0xA4, 0xE5, 0x02, 0x10, 0x80, 0xE0, 0x08, 0x10, 0x84, 0xE5}; //FCRAM layout setup hook
static const u8 patternHook3_4[] = {0x00, 0x00, 0xA0, 0xE1, 0x03, 0xF0, 0x20, 0xE3, 0xFD, 0xFF, 0xFF, 0xEA}; //SGI0 setup code, etc.
//Our kernel11 extension is initially loaded in VRAM
u32 kextTotalSize = *(u32 *)0x18000020 - K11EXT_VA;
u32 stolenSystemMemRegionSize = kextTotalSize; // no need to steal any more mem on N3DS. Currently, everything fits in BASE on O3DS too (?)
u32 dstKextPA = (ISN3DS ? 0x2E000000 : 0x26C00000) - stolenSystemMemRegionSize; // start of BASE memregion (note: linear heap ---> <--- the rest)
u32 *hookVeneers = (u32 *)*freeK11Space;
u32 relocBase = 0xFFFF0000 + (*freeK11Space - (u8 *)arm11ExceptionsPage);
hookVeneers[0] = 0xE51FF004; //ldr pc, [pc, #-8+4]
hookVeneers[1] = 0x18000004;
hookVeneers[2] = 0xE51FF004;
hookVeneers[3] = K11EXT_VA;
hookVeneers[4] = 0xE51FF004;
hookVeneers[5] = K11EXT_VA + 8;
hookVeneers[6] = 0xE51FF004;
hookVeneers[7] = K11EXT_VA + 0xC;
(*freeK11Space) += 32;
//MMU setup hook
u32 *off = (u32 *)memsearch(pos, patternHook1, size, sizeof(patternHook1));
if(off == NULL) return 1;
*off = MAKE_BRANCH_LINK(off, hookVeneers);
//Most important hook: FCRAM layout setup hook
off = (u32 *)memsearch(pos, patternHook2, size, sizeof(patternHook2));
if(off == NULL) return 1;
off += 2;
*off = MAKE_BRANCH_LINK(baseK11VA + ((u8 *)off - pos), relocBase + 8);
//Bind SGI0 hook
//Look for cpsie i and place our hook in the nop 2 instructions before
off = (u32 *)memsearch(pos, patternHook3_4, size, 12);
if(off == NULL) return 1;
for(; *off != 0xF1080080; off--);
off -= 2;
*off = MAKE_BRANCH_LINK(baseK11VA + ((u8 *)off - pos), relocBase + 16);
//Config hook (after the configuration memory fields have been filled)
for(; *off != 0xE1A00000; off++);
off += 4;
*off = MAKE_BRANCH_LINK(baseK11VA + ((u8 *)off - pos), relocBase + 24);
struct KExtParameters *p = (struct KExtParameters *)(*(u32 *)0x18000024 - K11EXT_VA + 0x18000000);
p->basePA = dstKextPA;
p->done = false;
p->stolenSystemMemRegionSize = stolenSystemMemRegionSize;
for(u32 i = 0; i < 4; i++)
{
u32 *handlerPos = getKernel11HandlerVAPos(pos, arm11ExceptionsPage, baseK11VA, 1 + i);
p->originalHandlers[i] = (void *)*handlerPos;
*handlerPos = K11EXT_VA + 0x10 + 4 * i;
}
struct CfwInfo *info = &p->info;
memcpy(&info->magic, "LUMA", 4);
info->commitHash = COMMIT_HASH;
info->configFormatVersionMajor = configData.formatVersionMajor;
info->configFormatVersionMinor = configData.formatVersionMinor;
info->config = configData.config;
info->multiConfig = configData.multiConfig;
info->bootConfig = configData.bootConfig;
info->splashDurationMsec = configData.splashDurationMsec;
info->volumeSliderOverride = configData.volumeSliderOverride;
info->hbldr3dsxTitleId = configData.hbldr3dsxTitleId;
info->rosalinaMenuCombo = configData.rosalinaMenuCombo;
info->pluginLoaderFlags = configData.pluginLoaderFlags;
info->ntpTzOffetMinutes = configData.ntpTzOffetMinutes;
info->topScreenFilter = configData.topScreenFilter;
info->bottomScreenFilter = configData.bottomScreenFilter;
info->autobootTwlTitleId = configData.autobootTwlTitleId;
info->autobootCtrAppmemtype = configData.autobootCtrAppmemtype;
info->versionMajor = VERSION_MAJOR;
info->versionMinor = VERSION_MINOR;
info->versionBuild = VERSION_BUILD;
if(ISRELEASE) info->flags = 1;
if(ISN3DS) info->flags |= 1 << 4;
if(needToInitSd) info->flags |= 1 << 5;
if(isSdMode) info->flags |= 1 << 6;
memcpy(info->launchedPath, launchedPath, sizeof(info->launchedPath));
return 0;
}
u32 patchKernel11(u8 *pos, u32 size, u32 baseK11VA, u32 *arm11SvcTable, u32 *arm11ExceptionsPage)
{
static const u8 patternKPanic[] = {0x02, 0x0B, 0x44, 0xE2};
static const u8 patternKThreadDebugReschedule[] = {0x34, 0x20, 0xD4, 0xE5, 0x00, 0x00, 0x55, 0xE3, 0x80, 0x00, 0xA0, 0x13};
//Assumption: ControlMemory, DebugActiveProcess and KernelSetState are in the first 0x20000 bytes
//Patch ControlMemory
u8 *instrPos = pos + (arm11SvcTable[1] + 20 - baseK11VA);
s32 displ = (*(u32 *)instrPos & 0xFFFFFF) << 2;
displ = (displ << 6) >> 6; // sign extend
u8 *ControlMemoryPos = instrPos + 8 + displ;
u32 *off;
/*
Here we replace currentProcess->processID == 1 by additionnalParameter == 1.
This patch should be generic enough to work even on firmware version 5.0.
It effectively changes the prototype of the ControlMemory function which
only caller is the svc 0x01 handler on OFW.
*/
for(off = (u32 *)ControlMemoryPos; (off[0] & 0xFFF0FFFF) != 0xE3500001 || (off[1] & 0xFFFF0FFF) != 0x13A00000; off++);
off -= 2;
*off = 0xE59D0000 | (*off & 0x0000F000) | (8 + computeArmFrameSize((u32 *)ControlMemoryPos)); // ldr r0, [sp, #(frameSize + 8)]
//Patch DebugActiveProcess
for(off = (u32 *)(pos + (arm11SvcTable[0x60] - baseK11VA)); *off != 0xE3110001; off++);
*off = 0xE3B01001; // tst r1, #1 -> movs r1, #1
for(off = (u32 *)(pos + (arm11SvcTable[0x7C] - baseK11VA)); off[0] != 0xE5D00001 || off[1] != 0xE3500000; off++);
off[2] = 0xE1A00000; // in case 6: beq -> nop
//Patch kernelpanic
off = (u32 *)memsearch(pos, patternKPanic, size, sizeof(patternKPanic));
if(off == NULL)
return 1;
off[-6] = 0xE12FFF7E;
//Redirect enableUserExceptionHandlersForCPUExc (= true)
for(off = arm11ExceptionsPage; *off != 0x96007F9; off++);
off[1] = K11EXT_VA + 0x28;
off = (u32 *)memsearch(pos, patternKThreadDebugReschedule, size, sizeof(patternKThreadDebugReschedule));
if(off == NULL)
return 1;
off[-5] = 0xE51FF004;
off[-4] = K11EXT_VA + 0x2C;
if (ISN3DS)
{
// Patch SvcSetProcessIdealProcessor and SvcCreate thread to always allow
// for core2 and core3 to be used. Normally, processes with the 0x2000 kernel flag
// have access to core2, and BASE processes have access to both core2 and core3.
// We're patching the if (memory region == BASE) check to be always true.
off = (u32 *)pos;
for (u32 i = 0; i < 2 && (u8 *)off < pos + size; i++)
{
// cmp r2, #0x300; beq...
for (; (off[0] != 0xE3520C03 || off[1] != 0x0A000003) && (u8 *)off < pos + size; off++);
if ((u8 *)off > pos + size)
return 1;
off[1] = 0xEA000003;
}
}
return 0;
}
u32 patchSignatureChecks(u8 *pos, u32 size)
{
//Look for signature checks
static const u8 pattern[] = {0xC0, 0x1C, 0x76, 0xE7},
pattern2[] = {0xB5, 0x22, 0x4D, 0x0C};
u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
u8 *temp = memsearch(pos, pattern2, size, sizeof(pattern2));
if(off == NULL || temp == NULL) return 1;
u16 *off2 = (u16 *)(temp - 1);
*off = off2[0] = 0x2000;
off2[1] = 0x4770;
return 0;
}
u32 patchOldSignatureChecks(u8 *pos, u32 size)
{
// Look for signature checks
static const u8 pattern[] = {0xC0, 0x1C, 0xBD, 0xE7},
pattern2[] = {0xB5, 0x23, 0x4E, 0x0C};
u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
u8 *temp = memsearch(pos, pattern2, size, sizeof(pattern2));
if(off == NULL || temp == NULL) return 1;
u16 *off2 = (u16 *)(temp - 1);
*off = off2[0] = 0x2000;
off2[1] = 0x4770;
return 0;
}
u32 patchFirmlaunches(u8 *pos, u32 size, u32 process9MemAddr)
{
//Look for firmlaunch code
static const u8 pattern[] = {0xE2, 0x20, 0x20, 0x90};
u32 pathLen;
for(pathLen = 0; pathLen < sizeof(launchedPath)/2 && launchedPath[pathLen] != 0; pathLen++);
if(launchedPath[pathLen] != 0) return 1;
u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
off -= 0x13;
//Firmlaunch function offset - offset in BLX opcode (A4-16 - Arm DDI 0100E) + 1
u32 fOpenOffset = (u32)(off + 9 - (-((*(u32 *)off & 0x00FFFFFF) << 2) & (0xFFFFFF << 2)) - pos + process9MemAddr);
//Put the fOpen offset in the right location
rebootPatchFopenPtr = fOpenOffset;
//Copy the launched path
memcpy(rebootPatchFileName, launchedPath, 2 * (1 + pathLen));
//Copy firmlaunch code
memcpy(off, rebootPatch, rebootPatchSize);
return 0;
}
u32 patchFirmWrites(u8 *pos, u32 size)
{
//Look for FIRM writing code
u8 *off = memsearch(pos, "exe:", size, 4);
if(off == NULL) return 1;
static const u8 pattern[] = {0x00, 0x28, 0x01, 0xDA};
u16 *off2 = (u16 *)memsearch(off - 0x100, pattern, 0x100, sizeof(pattern));
if(off2 == NULL) return 1;
off2[0] = 0x2000;
off2[1] = 0x46C0;
return 0;
}
u32 patchOldFirmWrites(u8 *pos, u32 size)
{
//Look for FIRM writing code
static const u8 pattern[] = {0x04, 0x1E, 0x1D, 0xDB};
u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
off[0] = 0x2400;
off[1] = 0xE01D;
return 0;
}
u32 patchTitleInstallMinVersionChecks(u8 *pos, u32 size, u32 firmVersion)
{
static const u8 pattern[] = {0xFF, 0x00, 0x00, 0x02};
u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return firmVersion == 0xFFFFFFFF ? 0 : 1;
off++;
//Zero out the first TitleID in the list
memset(off, 0, 8);
return 0;
}
u32 patchZeroKeyNcchEncryptionCheck(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x28, 0x2A, 0xD0, 0x08};
u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
if(temp == NULL) return 1;
u16 *off = (u16 *)(temp - 1);
*off = 0x2001; //mov r0, #1
return 0;
}
u32 patchNandNcchEncryptionCheck(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x07, 0xD1, 0x28, 0x7A};
u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
off--;
*off = 0x2001; //mov r0, #1
return 0;
}
u32 patchCheckForDevCommonKey(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x03, 0x7C, 0x28, 0x00};
u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
*off = 0x2301; //mov r3, #1
return 0;
}
u32 patchK11ModuleLoading(u32 oldKipSectionSize, u32 newKipSectionSize, u32 numKips, u8 *pos, u32 size)
{
static const u8 moduleLoadingPattern[] = {0xE2, 0x05, 0x00, 0x57},
modulePidPattern[] = {0x06, 0xA0, 0xE1, 0xF2}; //GetSystemInfo
u8 *off = memsearch(pos, moduleLoadingPattern, size, 4);
if(off == NULL) return 1;
off[1] = (u8)numKips;
u32 *off32;
for(off32 = (u32 *)(off - 3); *off32 != 0xE59F0000; off32++);
off32 += 2;
off32[1] = off32[0] + newKipSectionSize;
for(; *off32 != oldKipSectionSize; off32++);
*off32 = ((newKipSectionSize + 0x1FF) >> 9) << 9;
off = memsearch(pos, modulePidPattern, size, 4);
if(off == NULL) return 1;
off[0xB] = (u8)numKips;
return 0;
}
u32 patchK11ModuleLoadingLgy(u32 newKipSectionSize, u8 *pos, u32 size)
{
// Patch the function where TwlBg/AgbBg is copied from 18000000 (VRAM) to 21000000 (FCRAM).
// This is where we can also automatically obtain the section size
u16 *off = (u16 *)pos;
for (; (u8 *)off < pos + size && (off[0] != 0x06C9 || off[1] != 0x0600); off++);
if ((u8 *)off >= pos + size)
return 3;
off += 7;
u32 oldKipSectionSize = *(u32 *)off;
*(u32 *)off = newKipSectionSize;
off += 2;
u32 *off2 = (u32 *)off;
for (; (u8 *)off2 < pos + size && *off2 != oldKipSectionSize; off2++);
if ((u8 *)off2 >= pos + size)
return 4;
*off2 = newKipSectionSize;
return 0;
}
u32 patchArm9ExceptionHandlersInstall(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x80, 0xE5, 0x40, 0x1C};
u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
if(temp == NULL) return 1;
u32 *off;
for(off = (u32 *)(temp - 2); *off != 0xE5801000; off--); //Until str r1, [r0]
for(u32 r0 = 0x08000000; *off != 0xE3A01040; off++) //Until mov r1, #0x40
{
//Discard everything that's not str rX, [r0, #imm](!)
if((*off & 0xFE5F0000) != 0xE4000000) continue;
u32 rD = (*off >> 12) & 0xF,
offset = (*off & 0xFFF) * ((((*off >> 23) & 1) == 0) ? -1 : 1);
bool writeback = ((*off >> 21) & 1) != 0,
pre = ((*off >> 24) & 1) != 0;
u32 addr = r0 + ((pre || !writeback) ? offset : 0);
if((addr & 7) != 0 && addr != 0x08000014 && addr != 0x08000004) *off = 0xE1A00000; //nop
else *off = 0xE5800000 | (rD << 12) | (addr & 0xFFF); //Preserve IRQ and SVC handlers
if(!pre) addr += offset;
if(writeback) r0 = addr;
}
return 0;
}
u32 patchSvcBreak9(u8 *pos, u32 size, u32 kernel9Address)
{
//Stub svcBreak with "bkpt 65535" so we can debug the panic
//Look for the svc handler
static const u8 pattern[] = {0x00, 0xE0, 0x4F, 0xE1}; //mrs lr, spsr
u32 *arm9SvcTable = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
if(arm9SvcTable == NULL) return 1;
while(*arm9SvcTable != 0) arm9SvcTable++; //Look for SVC0 (NULL)
u32 *addr = (u32 *)(pos + arm9SvcTable[0x3C] - kernel9Address);
/*
mov r8, sp
bkpt 0xffff
*/
addr[0] = 0xE1A0800D;
addr[1] = 0xE12FFF7F;
arm9ExceptionHandlerSvcBreakAddress = arm9SvcTable[0x3C]; //BreakPtr
return 0;
}
u32 patchKernel9Panic(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x00, 0x20, 0x92, 0x15};
u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
if(temp == NULL) return 1;
u32 *off = (u32 *)(temp - 0x34);
*off = 0xE12FFF7E;
return 0;
}
u32 patchP9AccessChecks(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x00, 0x08, 0x49, 0x68};
u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
if(temp == NULL) return 1;
u16 *off = (u16 *)(temp - 3);
off[0] = 0x2001; //mov r0, #1
off[1] = 0x4770; //bx lr
return 0;
}
u32 patchUnitInfoValueSet(u8 *pos, u32 size)
{
//Look for UNITINFO value being set during kernel sync
static const u8 pattern[] = {0x01, 0x10, 0xA0, 0x13};
u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
off[0] = ISDEVUNIT ? 0 : 1;
off[3] = 0xE3;
return 0;
}
u32 patchP9AMTicketWrapperZeroKeyIV(u8 *pos, u32 size, u32 firmVersion)
{
static const u8 __rt_memclr_pattern[] = {0x00, 0x20, 0xA0, 0xE3, 0x04, 0x00, 0x51, 0xE3, 0x07, 0x00, 0x00, 0x3A};
static const u8 pattern[] = {0x20, 0x21, 0xA6, 0xA8};
u32 function = (u32)memsearch(pos, __rt_memclr_pattern, size, sizeof(__rt_memclr_pattern));
u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
if(function == 0 || off == NULL) return firmVersion == 0xFFFFFFFF ? 0 : 1;
//After the found code it's a BL call (at &off[2]), that will be replaced
//From Thumb, op distance for setting in BLX can be got with,
//(Destination_offset - blx_op_offset+2) / 2
s32 opjumpdistance = (s32)(function - ((u32)&off[3])) / 2;
//Beyond limit
if(opjumpdistance < -0x1fffff || opjumpdistance > 0x1fffff) return 1;
//r0 and r1 for old call are already correct for this one
//BLX __rt_memclr
u32 op = (0xE800F000U | (((u32)opjumpdistance & 0x7FF) << 16) | (((u32)opjumpdistance >> 11) & 0x3FF) | (((u32)opjumpdistance >> 21) & 0x400)) & ~(1<<16);
off[2] = op;
off[3] = op >> 16;
return 0;
}
u32 patchLgySignatureChecks(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x47, 0xC1, 0x17, 0x49};
u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
if(temp == NULL) return 1;
u16 *off = (u16 *)(temp + 1);
off[0] = 0x2000;
off[1] = 0xB04E;
off[2] = 0xBD70;
return 0;
}
u32 patchTwlInvalidSignatureChecks(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x20, 0xF6, 0xE7, 0x7F};
u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
if(temp == NULL) return 1;
u16 *off = (u16 *)(temp - 1);
*off = 0x2001; //mov r0, #1
return 0;
}
u32 patchTwlNintendoLogoChecks(u8 *pos, u32 size)
{
static const u8 pattern[] = {0xC0, 0x30, 0x06, 0xF0};
u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
off[1] = 0x2000;
off[2] = 0;
return 0;
}
u32 patchTwlWhitelistChecks(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x22, 0x00, 0x20, 0x30};
u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
off[2] = 0x2000;
off[3] = 0;
return 0;
}
u32 patchTwlFlashcartChecks(u8 *pos, u32 size, u32 firmVersion)
{
static const u8 pattern[] = {0x25, 0x20, 0x00, 0x0E};
u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
if(temp == NULL)
{
if(firmVersion == 0xFFFFFFFF) return patchOldTwlFlashcartChecks(pos, size);
return 1;
}
u16 *off = (u16 *)(temp + 3);
off[0] = off[6] = off[0xC] = 0x2001; //mov r0, #1
off[1] = off[7] = off[0xD] = 0; //nop
return 0;
}
u32 patchOldTwlFlashcartChecks(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x06, 0xF0, 0xA0, 0xFD};
u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
off[0] = off[6] = 0x2001; //mov r0, #1
off[1] = off[7] = 0; //nop
return 0;
}
u32 patchTwlShaHashChecks(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x10, 0xB5, 0x14, 0x22};
u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
off[0] = 0x2001; //mov r0, #1
off[1] = 0x4770;
return 0;
}
u32 patchAgbBootSplash(u8 *pos, u32 size)
{
static const u8 pattern[] = {0x00, 0x00, 0x01, 0xEF};
u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
off[2] = 0x26;
return 0;
}
void patchTwlBg(u8 *pos, u32 size)
{
// You can use the following Python code to convert something like below
// into twl_upscaling_filter.bin:
// import struct; open("twl_upscaling_filter.bin", "wb+").write(struct.pack("<30H", [array contents]))
static const u16 nintendoFilterTwl[] = {
0x0000, 0x004E, 0x011D, 0x01E3, 0x01C1,
0x0000, 0xFCA5, 0xF8D0, 0xF69D, 0xF873,
0x0000, 0x0D47, 0x1E35, 0x2F08, 0x3B6F,
0x4000, 0x3B6F, 0x2F08, 0x1E35, 0x0D47,
0x0000, 0xF873, 0xF69D, 0xF8D0, 0xFCA5,
0x0000, 0x01C1, 0x01E3, 0x011D, 0x004E,
};
// "error" func doesn't seem to work here
if (CONFIG(ENABLEDSIEXTFILTER))
{
u16 filter[5*6] = { 0 };
u32 rd = fileRead(filter, "twl_upscaling_filter.bin", sizeof(filter));
if (rd == sizeof(filter))
{
// else error("Failed to apply enable_dsi_external_filter:\n\ntwl_upscaling_filter.bin is missing or invalid.");
u8 *off = memsearch(pos, nintendoFilterTwl, size, sizeof(nintendoFilterTwl));
if (off != NULL)
memcpy(off, filter, sizeof(filter));
// else error("Failed to apply enable_dsi_external_filter.");
}
}
}
u32 patchLgyK11(u8 *section1, u32 section1Size, u8 *section2, u32 section2Size)
{
u32 *off;
// Fix a bug where Legacy K11 maps user TLS with "user no access" permissions
// Map it as RWX (just like the rest of other user-accessible pages) instead
for (off = (u32 *)section1; (u8 *)off <= section1 + section1Size && *off != 0xE0100000; off++);
if ((u8 *)off >= section1 + section1Size)
return 1;
++off;
*off &= ~0x231; // clear APX mask and XN
*off |= 0x030; // re-set APX (to user/kernel RW)
// Patch two pointer-to-bool to point to a non-zero byte, enabling user exception handling.
// It is impossible to enable it by normal means, otherwise
for (off = (u32 *)section2; (u8 *)off <= section2 + section2Size && *off != 0x100021F; off++);
if ((u8 *)off >= section2 + section2Size)
return 1;
off[1] = 0xFFFF0F00;
off[2] = 0xFFFF0F04;
// Dispatch-to-user code checks for memory block type and permissions (etc.), but
// LGY K11 doesn't do any memory management, so these checks will always fail.
// Patch with b +0x38 to skip all those checks
u16 *off2;
for (off2 = (u16 *)section2; (u8 *)off2 <= section2 + section2Size && (off2[0] != 0xDB1F || off2[1] != 0x4915); off2++);
if ((u8 *)off2 >= section2 + section2Size)
return 1;
*off2 = 0xE01A;
// Patch kernelpanic to skip devunit check, so that it sets the LCD fill regs
// which are useful to detect such panics
u16 *off3;
for (off3 = (u16 *)section1; (u8 *)off3 <= section1 + section1Size && (off3[0] != 0x481D || off3[1] != 0xB570); off3++);
if ((u8 *)off3 >= section1 + section1Size)
return 1;
off3[2] = 0x2001; // movs r0, #1
// Patch kernel to avoid allocating the two "configuration memory" pages, freeing
// 0x2000 bytes of kernel "heap" (which is 0xD000 AXIWRAM bytes on LGY K11 instead
// of the entire FCRAM on NFIRM). This is indeed a bug because if prevents two of the
// 12 KThread objects from being created
u16 *off4;
for (off4 = (u16 *)section1; (u8 *)off4 <= section1 + section1Size && (off4[0] != 0xB570 || off4[1] != 0x2200); off4++);
if ((u8 *)off4 >= section1 + section1Size)
return 1;
*off4 = 0x4770; // bx lr
return 0;
}
u32 patchProtoNandSignatureCheck(u8 *pos, u32 size) {
if (firmProtoVersion == 243) {
static const u8 pattern[] = {0x08, 0x31, 0x9F, 0xE5};
// Signature check function returns 0 if failed and 1 if succeeded.
// Proc9 breaks if the returned value is 0, change it to break if
// the returned value is 2 (never).
u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
if (!off)
return 1;
off[0x20] = 2;
}
else if (firmProtoVersion == 238) { // SDK 0.10
// Same patch as for v243 ported to the different ncsd_read() function
static const u8 pattern[] = {
0x00, 0x11, 0x9f, 0xe5,
0x00, 0x51, 0x9f, 0xe5,
};
u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
if (!off)
return 1;
off[0x20] = 2;
}
else return 1;
return 0;
}

251
arm9/source/utils.c
View File

@ -1,251 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2022 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* waitInput function based on code by d0k3 https://github.com/d0k3/Decrypt9WIP/blob/master/source/hid.c
*/
#include "utils.h"
#include "i2c.h"
#include "buttons.h"
#include "screen.h"
#include "draw.h"
#include "cache.h"
#include "fmt.h"
#include "memory.h"
#include "fs.h"
void startChrono(void)
{
static bool isChronoStarted = false;
if(isChronoStarted) return;
REG_TIMER_CNT(0) = 0; //67MHz
for(u32 i = 1; i < 4; i++) REG_TIMER_CNT(i) = 4; //Count-up
for(u32 i = 0; i < 4; i++) REG_TIMER_VAL(i) = 0;
REG_TIMER_CNT(0) = 0x80; //67MHz; enabled
for(u32 i = 1; i < 4; i++) REG_TIMER_CNT(i) = 0x84; //Count-up; enabled
isChronoStarted = true;
}
u64 chrono(void)
{
u64 res = 0;
for(u32 i = 0; i < 4; i++) res |= REG_TIMER_VAL(i) << (16 * i);
res /= (TICKS_PER_SEC / 1000);
return res;
}
u32 waitInput(bool isMenu)
{
static u64 dPadDelay = 0ULL;
u64 initialValue = 0ULL;
u32 key,
oldKey = HID_PAD;
bool shouldShellShutdown = bootType != B9SNTR && bootType != NTR;
if(isMenu)
{
dPadDelay = dPadDelay > 0ULL ? 87ULL : 143ULL;
startChrono();
initialValue = chrono();
}
while(true)
{
key = HID_PAD;
if(!key)
{
if(shouldShellShutdown)
{
u8 shellState = I2C_readReg(I2C_DEV_MCU, 0xF);
wait(5);
if(!(shellState & 2)) mcuPowerOff();
}
u8 intStatus = I2C_readReg(I2C_DEV_MCU, 0x10);
wait(5);
if(intStatus & 1) mcuPowerOff(); //Power button pressed
oldKey = 0;
dPadDelay = 0;
continue;
}
if(key == oldKey && (!isMenu || (!(key & DPAD_BUTTONS) || chrono() - initialValue < dPadDelay))) continue;
//Make sure the key is pressed
u32 i;
for(i = 0; i < 0x13000 && key == HID_PAD; i++);
if(i == 0x13000) break;
}
return key;
}
__attribute__((noreturn)) void mcuPowerOff(void)
{
// Unmount partitions
unmountPartitions();
if(!needToSetupScreens) clearScreens(false);
//Shutdown LCD
if(ARESCREENSINITIALIZED) I2C_writeReg(I2C_DEV_MCU, 0x22, 1 << 0);
//Ensure that all memory transfers have completed and that the data cache has been flushed
flushEntireDCache();
I2C_writeReg(I2C_DEV_MCU, 0x20, 1 << 0);
while(true);
}
void wait(u64 amount)
{
startChrono();
u64 initialValue = chrono();
while(chrono() - initialValue < amount);
}
void error(const char *fmt, ...)
{
char buf[DRAW_MAX_FORMATTED_STRING_SIZE + 1];
va_list args;
va_start(args, fmt);
vsprintf(buf, fmt, args);
va_end(args);
initScreens();
drawString(true, 10, 10, COLOR_RED, "An error has occurred:");
u32 posY = drawString(true, 10, 30, COLOR_WHITE, buf);
drawString(true, 10, posY + 2 * SPACING_Y, COLOR_WHITE, "Press any button to shutdown");
waitInput(false);
mcuPowerOff();
}
// CRC-16/MODBUS
u16 crc16(const void *data, size_t size, u16 initialValue)
{
static const u16 lut[256] = {
0x0000,0xC0C1,0xC181,0x0140,0xC301,0x03C0,0x0280,0xC241,
0xC601,0x06C0,0x0780,0xC741,0x0500,0xC5C1,0xC481,0x0440,
0xCC01,0x0CC0,0x0D80,0xCD41,0x0F00,0xCFC1,0xCE81,0x0E40,
0x0A00,0xCAC1,0xCB81,0x0B40,0xC901,0x09C0,0x0880,0xC841,
0xD801,0x18C0,0x1980,0xD941,0x1B00,0xDBC1,0xDA81,0x1A40,
0x1E00,0xDEC1,0xDF81,0x1F40,0xDD01,0x1DC0,0x1C80,0xDC41,
0x1400,0xD4C1,0xD581,0x1540,0xD701,0x17C0,0x1680,0xD641,
0xD201,0x12C0,0x1380,0xD341,0x1100,0xD1C1,0xD081,0x1040,
0xF001,0x30C0,0x3180,0xF141,0x3300,0xF3C1,0xF281,0x3240,
0x3600,0xF6C1,0xF781,0x3740,0xF501,0x35C0,0x3480,0xF441,
0x3C00,0xFCC1,0xFD81,0x3D40,0xFF01,0x3FC0,0x3E80,0xFE41,
0xFA01,0x3AC0,0x3B80,0xFB41,0x3900,0xF9C1,0xF881,0x3840,
0x2800,0xE8C1,0xE981,0x2940,0xEB01,0x2BC0,0x2A80,0xEA41,
0xEE01,0x2EC0,0x2F80,0xEF41,0x2D00,0xEDC1,0xEC81,0x2C40,
0xE401,0x24C0,0x2580,0xE541,0x2700,0xE7C1,0xE681,0x2640,
0x2200,0xE2C1,0xE381,0x2340,0xE101,0x21C0,0x2080,0xE041,
0xA001,0x60C0,0x6180,0xA141,0x6300,0xA3C1,0xA281,0x6240,
0x6600,0xA6C1,0xA781,0x6740,0xA501,0x65C0,0x6480,0xA441,
0x6C00,0xACC1,0xAD81,0x6D40,0xAF01,0x6FC0,0x6E80,0xAE41,
0xAA01,0x6AC0,0x6B80,0xAB41,0x6900,0xA9C1,0xA881,0x6840,
0x7800,0xB8C1,0xB981,0x7940,0xBB01,0x7BC0,0x7A80,0xBA41,
0xBE01,0x7EC0,0x7F80,0xBF41,0x7D00,0xBDC1,0xBC81,0x7C40,
0xB401,0x74C0,0x7580,0xB541,0x7700,0xB7C1,0xB681,0x7640,
0x7200,0xB2C1,0xB381,0x7340,0xB101,0x71C0,0x7080,0xB041,
0x5000,0x90C1,0x9181,0x5140,0x9301,0x53C0,0x5280,0x9241,
0x9601,0x56C0,0x5780,0x9741,0x5500,0x95C1,0x9481,0x5440,
0x9C01,0x5CC0,0x5D80,0x9D41,0x5F00,0x9FC1,0x9E81,0x5E40,
0x5A00,0x9AC1,0x9B81,0x5B40,0x9901,0x59C0,0x5880,0x9841,
0x8801,0x48C0,0x4980,0x8941,0x4B00,0x8BC1,0x8A81,0x4A40,
0x4E00,0x8EC1,0x8F81,0x4F40,0x8D01,0x4DC0,0x4C80,0x8C41,
0x4400,0x84C1,0x8581,0x4540,0x8701,0x47C0,0x4680,0x8641,
0x8201,0x42C0,0x4380,0x8341,0x4100,0x81C1,0x8081,0x4040,
};
u16 r = initialValue;
const u8 *data8 = (const u8 *)data;
for (size_t i = 0; i < size; i++)
r = (r >> 8) ^ lut[(r ^ data8[i]) & 0xFF];
return r;
}
u32 crc32(const void *data, size_t size, u32 initialValue)
{
static const u32 lut[256] = {
0x00000000,0x77073096,0xEE0E612C,0x990951BA,0x076DC419,0x706AF48F,0xE963A535,0x9E6495A3,
0x0EDB8832,0x79DCB8A4,0xE0D5E91E,0x97D2D988,0x09B64C2B,0x7EB17CBD,0xE7B82D07,0x90BF1D91,
0x1DB71064,0x6AB020F2,0xF3B97148,0x84BE41DE,0x1ADAD47D,0x6DDDE4EB,0xF4D4B551,0x83D385C7,
0x136C9856,0x646BA8C0,0xFD62F97A,0x8A65C9EC,0x14015C4F,0x63066CD9,0xFA0F3D63,0x8D080DF5,
0x3B6E20C8,0x4C69105E,0xD56041E4,0xA2677172,0x3C03E4D1,0x4B04D447,0xD20D85FD,0xA50AB56B,
0x35B5A8FA,0x42B2986C,0xDBBBC9D6,0xACBCF940,0x32D86CE3,0x45DF5C75,0xDCD60DCF,0xABD13D59,
0x26D930AC,0x51DE003A,0xC8D75180,0xBFD06116,0x21B4F4B5,0x56B3C423,0xCFBA9599,0xB8BDA50F,
0x2802B89E,0x5F058808,0xC60CD9B2,0xB10BE924,0x2F6F7C87,0x58684C11,0xC1611DAB,0xB6662D3D,
0x76DC4190,0x01DB7106,0x98D220BC,0xEFD5102A,0x71B18589,0x06B6B51F,0x9FBFE4A5,0xE8B8D433,
0x7807C9A2,0x0F00F934,0x9609A88E,0xE10E9818,0x7F6A0DBB,0x086D3D2D,0x91646C97,0xE6635C01,
0x6B6B51F4,0x1C6C6162,0x856530D8,0xF262004E,0x6C0695ED,0x1B01A57B,0x8208F4C1,0xF50FC457,
0x65B0D9C6,0x12B7E950,0x8BBEB8EA,0xFCB9887C,0x62DD1DDF,0x15DA2D49,0x8CD37CF3,0xFBD44C65,
0x4DB26158,0x3AB551CE,0xA3BC0074,0xD4BB30E2,0x4ADFA541,0x3DD895D7,0xA4D1C46D,0xD3D6F4FB,
0x4369E96A,0x346ED9FC,0xAD678846,0xDA60B8D0,0x44042D73,0x33031DE5,0xAA0A4C5F,0xDD0D7CC9,
0x5005713C,0x270241AA,0xBE0B1010,0xC90C2086,0x5768B525,0x206F85B3,0xB966D409,0xCE61E49F,
0x5EDEF90E,0x29D9C998,0xB0D09822,0xC7D7A8B4,0x59B33D17,0x2EB40D81,0xB7BD5C3B,0xC0BA6CAD,
0xEDB88320,0x9ABFB3B6,0x03B6E20C,0x74B1D29A,0xEAD54739,0x9DD277AF,0x04DB2615,0x73DC1683,
0xE3630B12,0x94643B84,0x0D6D6A3E,0x7A6A5AA8,0xE40ECF0B,0x9309FF9D,0x0A00AE27,0x7D079EB1,
0xF00F9344,0x8708A3D2,0x1E01F268,0x6906C2FE,0xF762575D,0x806567CB,0x196C3671,0x6E6B06E7,
0xFED41B76,0x89D32BE0,0x10DA7A5A,0x67DD4ACC,0xF9B9DF6F,0x8EBEEFF9,0x17B7BE43,0x60B08ED5,
0xD6D6A3E8,0xA1D1937E,0x38D8C2C4,0x4FDFF252,0xD1BB67F1,0xA6BC5767,0x3FB506DD,0x48B2364B,
0xD80D2BDA,0xAF0A1B4C,0x36034AF6,0x41047A60,0xDF60EFC3,0xA867DF55,0x316E8EEF,0x4669BE79,
0xCB61B38C,0xBC66831A,0x256FD2A0,0x5268E236,0xCC0C7795,0xBB0B4703,0x220216B9,0x5505262F,
0xC5BA3BBE,0xB2BD0B28,0x2BB45A92,0x5CB36A04,0xC2D7FFA7,0xB5D0CF31,0x2CD99E8B,0x5BDEAE1D,
0x9B64C2B0,0xEC63F226,0x756AA39C,0x026D930A,0x9C0906A9,0xEB0E363F,0x72076785,0x05005713,
0x95BF4A82,0xE2B87A14,0x7BB12BAE,0x0CB61B38,0x92D28E9B,0xE5D5BE0D,0x7CDCEFB7,0x0BDBDF21,
0x86D3D2D4,0xF1D4E242,0x68DDB3F8,0x1FDA836E,0x81BE16CD,0xF6B9265B,0x6FB077E1,0x18B74777,
0x88085AE6,0xFF0F6A70,0x66063BCA,0x11010B5C,0x8F659EFF,0xF862AE69,0x616BFFD3,0x166CCF45,
0xA00AE278,0xD70DD2EE,0x4E048354,0x3903B3C2,0xA7672661,0xD06016F7,0x4969474D,0x3E6E77DB,
0xAED16A4A,0xD9D65ADC,0x40DF0B66,0x37D83BF0,0xA9BCAE53,0xDEBB9EC5,0x47B2CF7F,0x30B5FFE9,
0xBDBDF21C,0xCABAC28A,0x53B39330,0x24B4A3A6,0xBAD03605,0xCDD70693,0x54DE5729,0x23D967BF,
0xB3667A2E,0xC4614AB8,0x5D681B02,0x2A6F2B94,0xB40BBE37,0xC30C8EA1,0x5A05DF1B,0x2D02EF8D,
};
u32 r = initialValue;
const u8 *data8 = (const u8 *)data;
for (size_t i = 0; i < size; i++)
r = (r >> 8) ^ lut[(r ^ data8[i]) & 0xFF];
return ~r;
}

44
chainloader/Makefile Normal file
View File

@ -0,0 +1,44 @@
rwildcard = $(foreach d, $(wildcard $1*), $(filter $(subst *, %, $2), $d) $(call rwildcard, $d/, $2))
ifeq ($(strip $(DEVKITARM)),)
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
endif
include $(DEVKITARM)/base_tools
name := $(shell basename $(CURDIR))
dir_source := source
dir_build := build
dir_out := ../$(dir_build)
ASFLAGS := -mcpu=arm946e-s
CFLAGS := -Wall -Wextra -marm $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
LDFLAGS := -nostartfiles -Wl,--nmagic
objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
$(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
$(call rwildcard, $(dir_source), *.s *.c)))
.PHONY: all
all: $(dir_out)/$(name).bin
.PHONY: clean
clean:
@rm -rf $(dir_build)
$(dir_out)/$(name).bin: $(dir_build)/$(name).elf
$(OBJCOPY) -S -O binary $< $@
$(dir_build)/$(name).elf: $(objects)
$(LINK.o) -T linker.ld $(OUTPUT_OPTION) $^
$(dir_build)/memory.o: CFLAGS += -O3
$(dir_build)/%.o: $(dir_source)/%.c
@mkdir -p "$(@D)"
$(COMPILE.c) $(OUTPUT_OPTION) $<
$(dir_build)/%.o: $(dir_source)/%.s
@mkdir -p "$(@D)"
$(COMPILE.s) $(OUTPUT_OPTION) $<

21
chainloader/linker.ld Normal file
View File

@ -0,0 +1,21 @@
OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
OUTPUT_ARCH(arm)
ENTRY(_start)
SECTIONS
{
. = 0x01FF9000;
__start__ = ABSOLUTE(.);
.text : ALIGN(4) { *(.text.start) *(.text*); . = ALIGN(4); }
.rodata : ALIGN(4) { *(.rodata*); . = ALIGN(4); }
.data : ALIGN(4) { *(.data*); . = ALIGN(8); *(.bss* COMMON); . = ALIGN(8); }
. = ALIGN(4);
__end__ = ABSOLUTE(.);
__stack_top__ = 0x01FFB800;
__stack_bottom__ = 0x01FFA800;
}

7
sysmodules/rosalina/include/bootdiag.h → chainloader/source/cache.h
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2022 TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -25,6 +25,7 @@
*/ */
#pragma once #pragma once
#include "MyThread.h"
MyThread *bootdiagCreateThread(void); #include "types.h"
void flushCaches(void);

60
chainloader/source/cache.s Normal file
View File

@ -0,0 +1,60 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@ the Free Software Foundation, either version 3 of the License, or
@ (at your option) any later version.
@
@ This program is distributed in the hope that it will be useful,
@ but WITHOUT ANY WARRANTY; without even the implied warranty of
@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@ GNU General Public License for more details.
@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b and 7.c of GPLv3 apply to this file:
@ * Requiring preservation of specified reasonable legal notices or
@ author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version.
.text
.arm
.align 4
.global flushCaches
.type flushCaches, %function
flushCaches:
@ Clean and flush both the data cache and instruction caches
@ Adpated from http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0155a/ch03s03s05.html ,
@ and https://github.com/gemarcano/libctr9_io/blob/master/src/ctr_system_ARM.c#L39 as well
@ Note: ARM's example is actually for a 8KB DCache (which is what the 3DS has)
@ Implemented in bootROM at addresses 0xffff0830 (DCache) and 0xffff0ab4 (ICache)
mov r1, #0 @ segment counter
outer_loop:
mov r0, #0 @ line counter
inner_loop:
orr r2, r1, r0 @ generate segment and line address
mcr p15, 0, r2, c7, c14, 2 @ clean and flush the line
add r0, #0x20 @ increment to next line
cmp r0, #0x400
bne inner_loop
add r1, #0x40000000
cmp r1, #0
bne outer_loop
mcr p15, 0, r1, c7, c10, 4 @ drain write buffer
@ Flush instruction cache
mcr p15, 0, r1, c7, c5, 0
bx lr

26
sysmodules/loader/source/hbldr.h → chainloader/source/firm.c
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2022 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -24,21 +24,19 @@
* reasonable ways as different from the original version. * reasonable ways as different from the original version.
*/ */
#pragma once #include "firm.h"
#include "memory.h"
#include "cache.h"
#include <3ds.h> void disableMpuAndJumpToEntrypoints(int argc, char **argv, void *arm11Entry, void *arm9Entry);
#include "luma_shared_config.h"
Result hbldrLoadProcess(Handle *outProcessHandle, const ExHeader_Info *exhi); void launchFirm(Firm *firm, int argc, char **argv)
void hbldrPatchExHeaderInfo(ExHeader_Info *exhi);
void hbldrHandleCommands(void *ctx);
static inline bool hbldrIs3dsxTitle(u64 tid)
{ {
if (!Luma_SharedConfig->use_hbldr) //Copy FIRM sections to respective memory locations
return false; for(u32 sectionNum = 0; sectionNum < 4; sectionNum++)
u64 hbldrTid = Luma_SharedConfig->hbldr_3dsx_tid; memcpy(firm->section[sectionNum].address, (u8 *)firm + firm->section[sectionNum].offset, firm->section[sectionNum].size);
// Just like p9 clears them, ignore platform/N3DS bits disableMpuAndJumpToEntrypoints(argc, argv, firm->arm9Entry, firm->arm11Entry);
return ((tid ^ hbldrTid) & ~0xF0000000ull) == 0;
__builtin_unreachable();
} }

50
chainloader/source/firm.h Normal file
View File

@ -0,0 +1,50 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
#include "types.h"
typedef struct __attribute__((packed))
{
u32 offset;
u8 *address;
u32 size;
u32 procType;
u8 hash[0x20];
} FirmSection;
typedef struct __attribute__((packed))
{
char magic[4];
u32 reserved1;
u8 *arm11Entry;
u8 *arm9Entry;
u8 reserved2[0x30];
FirmSection section[4];
} Firm;
void launchFirm(Firm *firm, int argc, char **argv);

38
k11_extension/source/svc/CreateThread.c → chainloader/source/main.c
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2023 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -24,14 +24,36 @@
* reasonable ways as different from the original version. * reasonable ways as different from the original version.
*/ */
#include "svc/CreateThread.h" #include "memory.h"
#include "cache.h"
#include "firm.h"
Result CreateThreadHook(Handle *outThreadHandle, u32 ep, u32 arg, u32 stackTop, s32 priority, s32 processorId) void main(int argc, char **argv)
{ {
u32 flags = flagsOfProcess(currentCoreContext->objectContext.currentProcess); Firm *firm = (Firm *)0x20001000;
if (isN3DS && CONFIG(REDIRECTAPPTHREADS) && !disableThreadRedirection && processorId == 1 && (flags & 0xF00) == 0x100) char *argvPassed[2],
processorId = 2; absPath[24 + 255];
struct fb fbs[2];
return CreateThread(outThreadHandle, ep, arg, stackTop, priority, processorId); if(argc > 0)
{
u32 i;
for(i = 0; i < sizeof(absPath) - 1 && argv[0][i] != 0; i++)
absPath[i] = argv[0][i];
absPath[i] = 0;
argvPassed[0] = (char *)absPath;
}
if(argc == 2)
{
struct fb *fbsrc = (struct fb *)argv[1];
fbs[0] = fbsrc[0];
fbs[1] = fbsrc[1];
argvPassed[1] = (char *)&fbs;
}
launchFirm(firm, argc, argvPassed);
} }

18
arm9/source/arm9_exception_handlers.h → chainloader/source/memory.c
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -24,9 +24,17 @@
* reasonable ways as different from the original version. * reasonable ways as different from the original version.
*/ */
#include "types.h" /*
* memcpy adapted from https://github.com/mid-kid/CakesForeveryWan/blob/557a8e8605ab3ee173af6497486e8f22c261d0e2/source/memfuncs.c
*/
extern const u32 arm9ExceptionHandlerAddressTable[6]; #include "memory.h"
extern u32 arm9ExceptionHandlerSvcBreakAddress;
u32 safecpy(void *dst, const void *src, u32 len); void memcpy(void *dest, const void *src, u32 size)
{
u8 *destc = (u8 *)dest;
const u8 *srcc = (const u8 *)src;
for(u32 i = 0; i < size; i++)
destc[i] = srcc[i];
}

14
arm9/source/deliver_arg.h → chainloader/source/memory.h
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2022 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -24,14 +24,12 @@
* reasonable ways as different from the original version. * reasonable ways as different from the original version.
*/ */
/*
* memcpy adapted from https://github.com/mid-kid/CakesForeveryWan/blob/557a8e8605ab3ee173af6497486e8f22c261d0e2/source/memfuncs.c
*/
#pragma once #pragma once
#include "types.h" #include "types.h"
u8 *loadDeliverArg(void); void memcpy(void *dest, const void *src, u32 size);
void commitDeliverArg(void);
bool hasValidTlncAutobootParams(void);
bool isTwlToCtrLaunch(void); // assumes TLNC block is valid
bool configureHomebrewAutoboot(void);

67
arm9/source/alignedseqmemcpy.s → chainloader/source/start.s
View File

@ -1,5 +1,5 @@
@ This file is part of Luma3DS @ This file is part of Luma3DS
@ Copyright (C) 2016-2020 Aurora Wright, TuxSH @ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@ @
@ This program is free software: you can redistribute it and/or modify @ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by @ it under the terms of the GNU General Public License as published by
@ -21,45 +21,40 @@
@ * Prohibiting misrepresentation of the origin of that material, @ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in @ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version. @ reasonable ways as different from the original version.
.section .text.alignedseqmemcpy, "ax", %progbits
.arm .arm
@ Align on cache line boundaries & make sure the loops don't cross them.
.align 5
.global alignedseqmemcpy
.type alignedseqmemcpy, %function
alignedseqmemcpy:
@ src=r1 and dst=r0 are expected to be 4-byte-aligned
push {r4-r10, lr}
lsrs r12, r2, #5 .section .text.start
sub r2, r2, r12, lsl #5 .align 4
beq 2f .global _start
_start:
ldr sp, =__stack_top__
b main
1: .text
ldmia r1!, {r3-r10} .balign 4
stmia r0!, {r3-r10} .global disableMpuAndJumpToEntrypoints
subs r12, #1 .type disableMpuAndJumpToEntrypoints, %function
bne 1b disableMpuAndJumpToEntrypoints:
mov r4, r0
mov r5, r1
mov r6, r2
mov r7, r3
2: bl flushCaches
lsrs r12, r2, #2
sub r2, r2, r12, lsl #2
beq 4f
3: @ Disable caches / MPU
ldr r3, [r1], #4 mrc p15, 0, r0, c1, c0, 0 @ read control register
str r3, [r0], #4 bic r0, #(1<<12) @ - instruction cache disable
subs r12, #1 bic r0, #(1<<2) @ - data cache disable
bne 3b bic r0, #(1<<0) @ - MPU disable
mcr p15, 0, r0, c1, c0, 0 @ write control register
4: @ Set the ARM11 entrypoint
tst r2, #2 mov r0, #0x20000000
ldrneh r3, [r1], #2 str r7, [r0, #-4]
strneh r3, [r0], #2
tst r2, #1 @ Jump to the ARM9 entrypoint
ldrneb r3, [r1], #1 mov r0, r4
strneb r3, [r0], #1 mov r1, r5
ldr r2, =0x1BEEF
pop {r4-r10, pc} bx r6

45
chainloader/source/types.h Normal file
View File

@ -0,0 +1,45 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
#include <stdint.h>
//Common data types
typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
typedef uint64_t u64;
typedef volatile u8 vu8;
typedef volatile u16 vu16;
typedef volatile u32 vu32;
typedef volatile u64 vu64;
struct fb {
u8 *top_left;
u8 *top_right;
u8 *bottom;
} __attribute__((packed));

42
exceptions/arm9/Makefile Normal file
View File

@ -0,0 +1,42 @@
rwildcard = $(foreach d, $(wildcard $1*), $(filter $(subst *, %, $2), $d) $(call rwildcard, $d/, $2))
ifeq ($(strip $(DEVKITARM)),)
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
endif
include $(DEVKITARM)/base_tools
name := arm9_exceptions
dir_source := source
dir_build := build
dir_out := ../../$(dir_build)
ASFLAGS := -mcpu=arm946e-s
CFLAGS := -Wall -Wextra -mthumb $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
LDFLAGS := -nostdlib
objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
$(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
$(call rwildcard, $(dir_source), *.s *.c)))
.PHONY: all
all: $(dir_out)/$(name).bin
.PHONY: clean
clean:
@rm -rf $(dir_build)
$(dir_out)/$(name).bin: $(dir_build)/$(name).elf
$(OBJCOPY) -S -O binary $< $@
$(dir_build)/$(name).elf: $(objects)
$(CC) $(LDFLAGS) -T linker.ld $(OUTPUT_OPTION) $^
$(dir_build)/%.o: $(dir_source)/%.c
@mkdir -p "$(@D)"
$(COMPILE.c) $(OUTPUT_OPTION) $<
$(dir_build)/%.o: $(dir_source)/%.s
@mkdir -p "$(@D)"
$(COMPILE.s) $(OUTPUT_OPTION) $<

14
exceptions/arm9/linker.ld Normal file
View File

@ -0,0 +1,14 @@
OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
OUTPUT_ARCH(arm)
ENTRY(_start)
SECTIONS
{
. = 0x01FF7FE0;
.text : ALIGN(4) { *(.text.start) *(.text*); . = ALIGN(4); }
.rodata : ALIGN(4) { *(.rodata*); . = ALIGN(4); }
.data : ALIGN(4) { *(.data*); . = ALIGN(8); *(.bss* COMMON); . = ALIGN(8); }
. = ALIGN(4);
}

50
exceptions/arm9/source/handlers.h Normal file
View File

@ -0,0 +1,50 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
#include "types.h"
typedef struct __attribute__((packed))
{
u32 magic[2];
u16 versionMinor, versionMajor;
u16 processor, core;
u32 type;
u32 totalSize;
u32 registerDumpSize;
u32 codeDumpSize;
u32 stackDumpSize;
u32 additionalDataSize;
} ExceptionDumpHeader;
u32 readMPUConfig(u32 *regionSettings);
void FIQHandler(void);
void undefinedInstructionHandler(void);
void dataAbortHandler(void);
void prefetchAbortHandler(void);

113
exceptions/arm9/source/handlers.s Normal file
View File

@ -0,0 +1,113 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@ the Free Software Foundation, either version 3 of the License, or
@ (at your option) any later version.
@
@ This program is distributed in the hope that it will be useful,
@ but WITHOUT ANY WARRANTY; without even the implied warranty of
@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@ GNU General Public License for more details.
@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b and 7.c of GPLv3 apply to this file:
@ * Requiring preservation of specified reasonable legal notices or
@ author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version.
.macro GEN_HANDLER name
.global \name
.type \name, %function
\name:
ldr sp, =#0x02000000 @ We make the (full descending) stack point to the end of ITCM for our exception handlers.
@ It doesn't matter if we're overwriting stuff here, since we're going to reboot.
stmfd sp!, {r0-r7} @ FIQ has its own r8-r14 regs
ldr r1, =\@ @ macro expansion counter
b _commonHandler
.size \name, . - \name
.endm
.text
.arm
.align 4
.global _commonHandler
.type _commonHandler, %function
_commonHandler:
mrs r2, spsr
mov r6, sp
mrs r3, cpsr
orr r3, #0x1c0 @ disable Imprecise Aborts, IRQ and FIQ (equivalent to "cpsid aif" on arm11)
msr cpsr_cx, r3
tst r2, #0x20
bne noSvcBreak
cmp r1, #2
bne noSvcBreak
sub r0, lr, #4 @ calling cannotAccessAddress cause more problems that it actually solves... (I've to save a lot of regs and that's a pain tbh)
lsr r0, #20 @ we'll just do some address checks (to see if it's in ARM9 internal memory)
cmp r0, #0x80
bne noSvcBreak
ldr r4, [lr, #-4]
ldr r5, =#0xe12fff7f
cmp r4, r5
bne noSvcBreak
bic r5, r3, #0xf
orr r5, #0x3
msr cpsr_c, r5 @ switch to supervisor mode
ldmfd sp, {r8-r11}^
ldr r2, [sp, #0x1c] @ implementation details of the official svc handler
ldr r4, [sp, #0x18]
msr cpsr_c, r3 @ restore processor mode
tst r2, #0x20
addne lr, r4, #2 @ adjust address for later
moveq lr, r4
noSvcBreak:
ands r4, r2, #0xf @ get the mode that triggered the exception
moveq r4, #0xf @ usr => sys
bic r5, r3, #0xf
orr r5, r4
msr cpsr_c, r5 @ change processor mode
stmfd r6!, {r8-lr}
msr cpsr_c, r3 @ restore processor mode
mov sp, r6
stmfd sp!, {r2,lr} @ it's a bit of a mess, but we will fix that later
@ order of saved regs now: cpsr, pc + (2/4/8), r8-r14, r0-r7
mov r0, sp
b mainHandler
GEN_HANDLER FIQHandler
GEN_HANDLER undefinedInstructionHandler
GEN_HANDLER prefetchAbortHandler
GEN_HANDLER dataAbortHandler
.global readMPUConfig
.type readMPUConfig, %function
readMPUConfig:
stmfd sp!, {r4-r8, lr}
mrc p15,0,r1,c6,c0,0
mrc p15,0,r2,c6,c1,0
mrc p15,0,r3,c6,c2,0
mrc p15,0,r4,c6,c3,0
mrc p15,0,r5,c6,c4,0
mrc p15,0,r6,c6,c5,0
mrc p15,0,r7,c6,c6,0
mrc p15,0,r8,c6,c7,0
stmia r0, {r1-r8}
mrc p15,0,r0,c5,c0,2 @ read data access permission bits
ldmfd sp!, {r4-r8, pc}

143
exceptions/arm9/source/i2c.c Normal file
View File

@ -0,0 +1,143 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* Thanks to whoever contributed in the development of this file
*/
#include "i2c.h"
//-----------------------------------------------------------------------------
static const struct { u8 bus_id, reg_addr; } dev_data[] = {
{0, 0x4A}, {0, 0x7A}, {0, 0x78},
{1, 0x4A}, {1, 0x78}, {1, 0x2C},
{1, 0x2E}, {1, 0x40}, {1, 0x44},
{2, 0xD6}, {2, 0xD0}, {2, 0xD2},
{2, 0xA4}, {2, 0x9A}, {2, 0xA0},
};
static inline u8 i2cGetDeviceBusId(u8 device_id)
{
return dev_data[device_id].bus_id;
}
static inline u8 i2cGetDeviceRegAddr(u8 device_id)
{
return dev_data[device_id].reg_addr;
}
//-----------------------------------------------------------------------------
static vu8 *reg_data_addrs[] = {
(vu8 *)(I2C1_REG_OFF + I2C_REG_DATA),
(vu8 *)(I2C2_REG_OFF + I2C_REG_DATA),
(vu8 *)(I2C3_REG_OFF + I2C_REG_DATA),
};
static inline vu8 *i2cGetDataReg(u8 bus_id)
{
return reg_data_addrs[bus_id];
}
//-----------------------------------------------------------------------------
static vu8 *reg_cnt_addrs[] = {
(vu8 *)(I2C1_REG_OFF + I2C_REG_CNT),
(vu8 *)(I2C2_REG_OFF + I2C_REG_CNT),
(vu8 *)(I2C3_REG_OFF + I2C_REG_CNT),
};
static inline vu8 *i2cGetCntReg(u8 bus_id)
{
return reg_cnt_addrs[bus_id];
}
//-----------------------------------------------------------------------------
static inline void i2cWaitBusy(u8 bus_id)
{
while (*i2cGetCntReg(bus_id) & 0x80);
}
static inline bool i2cGetResult(u8 bus_id)
{
i2cWaitBusy(bus_id);
return (*i2cGetCntReg(bus_id) >> 4) & 1;
}
static void i2cStop(u8 bus_id, u8 arg0)
{
*i2cGetCntReg(bus_id) = (arg0 << 5) | 0xC0;
i2cWaitBusy(bus_id);
*i2cGetCntReg(bus_id) = 0xC5;
}
//-----------------------------------------------------------------------------
static bool i2cSelectDevice(u8 bus_id, u8 dev_reg)
{
i2cWaitBusy(bus_id);
*i2cGetDataReg(bus_id) = dev_reg;
*i2cGetCntReg(bus_id) = 0xC2;
return i2cGetResult(bus_id);
}
static bool i2cSelectRegister(u8 bus_id, u8 reg)
{
i2cWaitBusy(bus_id);
*i2cGetDataReg(bus_id) = reg;
*i2cGetCntReg(bus_id) = 0xC0;
return i2cGetResult(bus_id);
}
//-----------------------------------------------------------------------------
bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
{
u8 bus_id = i2cGetDeviceBusId(dev_id);
u8 dev_addr = i2cGetDeviceRegAddr(dev_id);
for(u32 i = 0; i < 8; i++)
{
if(i2cSelectDevice(bus_id, dev_addr) && i2cSelectRegister(bus_id, reg))
{
i2cWaitBusy(bus_id);
*i2cGetDataReg(bus_id) = data;
*i2cGetCntReg(bus_id) = 0xC1;
i2cStop(bus_id, 0);
if(i2cGetResult(bus_id)) return true;
}
*i2cGetCntReg(bus_id) = 0xC5;
i2cWaitBusy(bus_id);
}
return false;
}

48
exceptions/arm9/source/i2c.h Normal file
View File

@ -0,0 +1,48 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* Thanks to whoever contributed in the development of this file
*/
#pragma once
#include "types.h"
#define I2C1_REG_OFF 0x10161000
#define I2C2_REG_OFF 0x10144000
#define I2C3_REG_OFF 0x10148000
#define I2C_REG_DATA 0
#define I2C_REG_CNT 1
#define I2C_REG_CNTEX 2
#define I2C_REG_SCL 4
#define I2C_DEV_MCU 3
#define I2C_DEV_GYRO 10
#define I2C_DEV_IR 13
bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data);

94
arm9/source/arm9_exception_handlers.c → exceptions/arm9/source/mainHandler.c
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -24,35 +24,62 @@
* reasonable ways as different from the original version. * reasonable ways as different from the original version.
*/ */
#include "arm9_exception_handlers.h"
#include "i2c.h" #include "i2c.h"
#include "screen.h" #include "handlers.h"
#define FINAL_BUFFER 0x25000000 #define FINAL_BUFFER 0x25000000
#define REG_DUMP_SIZE 4 * 17 #define REG_DUMP_SIZE 4 * 17
#define CODE_DUMP_SIZE 48 #define CODE_DUMP_SIZE 48
static inline void dumpArm9Memory(ExceptionDumpHeader *dumpHeader, u8 *buf) bool cannotAccessAddress(const void *address)
{ {
// Check if n3ds extra arm9 mem is enabled (if it's possible to read CFG9_EXTMEMCNT9) u32 regionSettings[8];
u8 extmemcnt9 = 0; u32 addr = (u32)address;
safecpy(&extmemcnt9, (const void *)0x10000200, 1);
u32 size = (extmemcnt9 & 1) ? 0x180000 : 0x100000; u32 dataAccessPermissions = readMPUConfig(regionSettings);
dumpHeader->additionalDataSize += safecpy(buf, (const void *)0x08000000, size); for(u32 i = 0; i < 8; i++)
{
if((dataAccessPermissions & 0xF) == 0 || (regionSettings[i] & 1) == 0)
continue; //No access / region not enabled
u32 regionAddrBase = regionSettings[i] & ~0xFFF;
u32 regionSize = 1 << (((regionSettings[i] >> 1) & 0x1F) + 1);
if(addr >= regionAddrBase && addr < regionAddrBase + regionSize)
return false;
dataAccessPermissions >>= 4;
}
return true;
} }
void __attribute__((noreturn)) arm9ExceptionHandlerMain(u32 *registerDump, u32 type) static u32 __attribute__((noinline)) copyMemory(void *dst, const void *src, u32 size, u32 alignment)
{
u8 *out = (u8 *)dst;
const u8 *in = (const u8 *)src;
if(((u32)src & (alignment - 1)) != 0 || cannotAccessAddress(src) || (size != 0 && cannotAccessAddress((u8 *)src + size - 1)))
return 0;
for(u32 i = 0; i < size; i++)
*out++ = *in++;
return size;
}
void __attribute__((noreturn)) mainHandler(u32 *regs, u32 type)
{ {
ExceptionDumpHeader dumpHeader; ExceptionDumpHeader dumpHeader;
u32 registerDump[REG_DUMP_SIZE / 4];
u8 codeDump[CODE_DUMP_SIZE]; u8 codeDump[CODE_DUMP_SIZE];
dumpHeader.magic[0] = 0xDEADC0DE; dumpHeader.magic[0] = 0xDEADC0DE;
dumpHeader.magic[1] = 0xDEADCAFE; dumpHeader.magic[1] = 0xDEADCAFE;
dumpHeader.versionMajor = 1; dumpHeader.versionMajor = 1;
dumpHeader.versionMinor = 3; dumpHeader.versionMinor = 2;
dumpHeader.processor = 9; dumpHeader.processor = 9;
dumpHeader.core = 0; dumpHeader.core = 0;
@ -62,51 +89,34 @@ void __attribute__((noreturn)) arm9ExceptionHandlerMain(u32 *registerDump, u32 t
dumpHeader.codeDumpSize = CODE_DUMP_SIZE; dumpHeader.codeDumpSize = CODE_DUMP_SIZE;
dumpHeader.additionalDataSize = 0; dumpHeader.additionalDataSize = 0;
u32 cpsr = registerDump[16]; //Dump registers
u32 pc = registerDump[15] - (type < 3 ? (((cpsr & 0x20) != 0 && type == 1) ? 2 : 4) : 8); //Current order of saved regs: cpsr, pc, r8-r14, r0-r7
u32 cpsr = regs[0];
u32 pc = regs[1] - (type < 3 ? (((cpsr & 0x20) != 0 && type == 1) ? 2 : 4) : 8);
registerDump[15] = pc; registerDump[15] = pc;
registerDump[16] = cpsr;
for(u32 i = 0; i < 7; i++) registerDump[8 + i] = regs[2 + i];
for(u32 i = 0; i < 8; i++) registerDump[i] = regs[9 + i];
//Dump code //Dump code
u8 *instr = (u8 *)pc + ((cpsr & 0x20) ? 2 : 4) - dumpHeader.codeDumpSize; //wouldn't work well on 32-bit Thumb instructions, but it isn't much of a problem u8 *instr = (u8 *)pc + ((cpsr & 0x20) ? 2 : 4) - dumpHeader.codeDumpSize; //Doesn't work well on 32-bit Thumb instructions, but it isn't much of a problem
dumpHeader.codeDumpSize = ((u32)instr & (((cpsr & 0x20) != 0) ? 1 : 3)) != 0 ? 0 : safecpy(codeDump, instr, dumpHeader.codeDumpSize); dumpHeader.codeDumpSize = copyMemory(codeDump, instr, dumpHeader.codeDumpSize, ((cpsr & 0x20) != 0) ? 2 : 4);
//Copy register dump and code dump //Copy register dump and code dump
u8 *final = (u8 *)(FINAL_BUFFER + sizeof(ExceptionDumpHeader)); u8 *final = (u8 *)(FINAL_BUFFER + sizeof(ExceptionDumpHeader));
final += safecpy(final, registerDump, dumpHeader.registerDumpSize); final += copyMemory(final, registerDump, dumpHeader.registerDumpSize, 1);
final += safecpy(final, codeDump, dumpHeader.codeDumpSize); final += copyMemory(final, codeDump, dumpHeader.codeDumpSize, 1);
//Dump stack in place //Dump stack in place
dumpHeader.stackDumpSize = safecpy(final, (const void *)registerDump[13], 0x1000 - (registerDump[13] & 0xFFF)); dumpHeader.stackDumpSize = copyMemory(final, (const void *)registerDump[13], 0x1000 - (registerDump[13] & 0xFFF), 1);
final += dumpHeader.stackDumpSize;
// See if we need to copy Arm9 memory (check for bkpt 0xFFFD / bkpt 0xFD)
if(dumpHeader.codeDumpSize > 0)
{
if(cpsr & 0x20)
{
// Thumb
u16 instr;
safecpy(&instr, codeDump + dumpHeader.codeDumpSize - 2, 2);
if(instr == 0xBEFD) dumpArm9Memory(&dumpHeader, final);
}
else
{
u32 instr;
safecpy(&instr, codeDump + dumpHeader.codeDumpSize - 4, 4);
if(instr == 0xE12FFF7D) dumpArm9Memory(&dumpHeader, final);
}
}
dumpHeader.totalSize = sizeof(ExceptionDumpHeader) + dumpHeader.registerDumpSize + dumpHeader.codeDumpSize + dumpHeader.stackDumpSize + dumpHeader.additionalDataSize; dumpHeader.totalSize = sizeof(ExceptionDumpHeader) + dumpHeader.registerDumpSize + dumpHeader.codeDumpSize + dumpHeader.stackDumpSize + dumpHeader.additionalDataSize;
//Copy header (actually optimized by the compiler) //Copy header (actually optimized by the compiler)
*(ExceptionDumpHeader *)FINAL_BUFFER = dumpHeader; *(ExceptionDumpHeader *)FINAL_BUFFER = dumpHeader;
if(ARESCREENSINITIALIZED) I2C_writeReg(I2C_DEV_MCU, 0x22, 1 << 0); //Shutdown LCD
((void (*)())0xFFFF0830)(); //Ensure that all memory transfers have completed and that the data cache has been flushed ((void (*)())0xFFFF0830)(); //Ensure that all memory transfers have completed and that the data cache has been flushed
i2cWriteRegister(I2C_DEV_MCU, 0x20, 1 << 2); //Reboot
I2C_writeReg(I2C_DEV_MCU, 0x20, 1 << 2); //Reboot
while(true); while(true);
} }

25
k11_extension/source/svc/CustomBackdoor.s → exceptions/arm9/source/start.s
View File

@ -1,5 +1,5 @@
@ This file is part of Luma3DS @ This file is part of Luma3DS
@ Copyright (C) 2016-2020 Aurora Wright, TuxSH @ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@ @
@ This program is free software: you can redistribute it and/or modify @ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by @ it under the terms of the GNU General Public License as published by
@ -22,17 +22,14 @@
@ or requiring that modified versions of such material be marked in @ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version. @ reasonable ways as different from the original version.
.text .section .text.start
.arm .align 4
.balign 4 .global _start
_start:
add pc, r0, #(handlers - .) @ Dummy instruction to prevent compiler optimizations
.global CustomBackdoor handlers:
.type CustomBackdoor, %function .word FIQHandler
CustomBackdoor: .word undefinedInstructionHandler
push {r4, lr} .word prefetchAbortHandler
mov r4, r0 .word dataAbortHandler
mov r0, r1
mov r1, r2
mov r2, r3
blx r4
pop {r4, pc}

17
arm9/source/chainloader.h → exceptions/arm9/source/types.h
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -26,7 +26,16 @@
#pragma once #pragma once
#include "types.h" #include <stdint.h>
#include "firm.h" #include <stdlib.h>
#include <stdbool.h>
void chainload(int argc, char **argv, Firm *firm); //Common data types
typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
typedef uint64_t u64;
typedef volatile u8 vu8;
typedef volatile u16 vu16;
typedef volatile u32 vu32;
typedef volatile u64 vu64;

169
exceptions/exception_dump_parser.py Normal file
View File

@ -0,0 +1,169 @@
#!/usr/bin/env python
# Requires Python >= 3.2 or >= 2.7
# This file is part of Luma3DS
# Copyright (C) 2016 Aurora Wright, TuxSH
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
# reasonable legal notices or author attributions in that material or in the Appropriate Legal
# Notices displayed by works containing it.
__author__ = "TuxSH"
__copyright__ = "Copyright (c) 2016 TuxSH"
__license__ = "GPLv3"
__version__ = "v1.2"
"""
Parses Luma3DS exception dumps
"""
import argparse
from struct import unpack_from
import os
import subprocess
# Source of hexdump: https://gist.github.com/ImmortalPC/c340564823f283fe530b
# Credits for hexdump go to the original authors
# Slightly edited by TuxSH
def hexdump(addr, src, length=16, sep='.' ):
'''
@brief Return {src} in hex dump.
@param[in] length {Int} Nb Bytes by row.
@param[in] sep {Char} For the text part, {sep} will be used for non ASCII char.
@return {Str} The hexdump
@note Full support for python2 and python3 !
'''
result = []
# Python3 support
try:
xrange(0,1)
except NameError:
xrange = range
for i in xrange(0, len(src), length):
subSrc = src[i:i+length]
hexa = ''
isMiddle = False
for h in xrange(0,len(subSrc)):
if h == length/2:
hexa += ' '
h = subSrc[h]
if not isinstance(h, int):
h = ord(h)
h = hex(h).replace('0x','')
if len(h) == 1:
h = '0'+h
hexa += h+' '
hexa = hexa.strip(' ')
text = ''
for c in subSrc:
if not isinstance(c, int):
c = ord(c)
if 0x20 <= c < 0x7F:
text += chr(c)
else:
text += sep
result.append(('%08x: %-'+str(length*(2+1)+1)+'s |%s|') % (addr + i, hexa, text))
return '\n'.join(result)
def makeRegisterLine(A, rA, B, rB):
return "{0:<15}{1:<20}{2:<15}{3:<20}".format(A, "{0:08x}".format(rA), B, "{0:08x}".format(rB))
handledExceptionNames = ("FIQ", "undefined instruction", "prefetch abort", "data abort")
registerNames = tuple("r{0}".format(i) for i in range(13)) + ("sp", "lr", "pc", "cpsr") + ("dfsr", "ifsr", "far") + ("fpexc", "fpinst", "fpinst2")
svcBreakReasons = ("(svcBreak: panic)", "(svcBreak: assertion failed)", "(svcBreak: user-related)")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Parse Luma3DS exception dumps")
parser.add_argument("filename")
args = parser.parse_args()
data = b""
with open(args.filename, "rb") as f: data = f.read()
if unpack_from("<2I", data) != (0xdeadc0de, 0xdeadcafe):
raise SystemExit("Invalid file format")
version, processor, exceptionType, _, nbRegisters, codeDumpSize, stackDumpSize, additionalDataSize = unpack_from("<8I", data, 8)
nbRegisters //= 4
if version < (1 << 16) | 2:
raise SystemExit("Incompatible format version, please use the appropriate parser.")
registers = unpack_from("<{0}I".format(nbRegisters), data, 40)
codeOffset = 40 + 4 * nbRegisters
codeDump = data[codeOffset : codeOffset + codeDumpSize]
stackOffset = codeOffset + codeDumpSize
stackDump = data[stackOffset : stackOffset + stackDumpSize]
addtionalDataOffset = stackOffset + stackDumpSize
additionalData = data[addtionalDataOffset : addtionalDataOffset + additionalDataSize]
if processor == 9: print("Processor: ARM9")
else: print("Processor: ARM11 (core {0})".format(processor >> 16))
typeDetailsStr = ""
if exceptionType == 2:
if (registers[16] & 0x20) == 0 and codeDumpSize >= 4:
instr = unpack_from("<I", codeDump[-4:])[0]
if instr == 0xe12fff7e:
typeDetailsStr = " (kernel panic)"
elif instr == 0xef00003c:
typeDetailsStr = " " + (svcBreakReasons[registers[0]] if registers[0] < 3 else "(svcBreak)")
elif (registers[16] & 0x20) == 1 and codeDumpSize >= 2:
instr = unpack_from("<I", codeDump[-4:])[0]
if instr == 0xdf3c:
typeDetailsStr = " " + (svcBreakReasons[registers[0]] if registers[0] < 3 else "(svcBreak)")
elif processor != 9 and (registers[20] & 0x80000000) != 0:
typeDetailsStr = " (VFP exception)"
print("Exception type: {0}{1}".format("unknown" if exceptionType >= len(handledExceptionNames) else handledExceptionNames[exceptionType], typeDetailsStr))
if additionalDataSize != 0:
print("Current process: {0} ({1:016x})".format(additionalData[:8].decode("ascii"), unpack_from("<Q", additionalData, 8)[0]))
print("\nRegister dump:\n")
for i in range(0, nbRegisters - (nbRegisters % 2), 2):
if i == 16: print("")
print(makeRegisterLine(registerNames[i], registers[i], registerNames[i+1], registers[i+1]))
if nbRegisters % 2 == 1: print("{0:<15}{1:<20}".format(registerNames[nbRegisters - 1], "{0:08x}".format(registers[nbRegisters - 1])))
thumb = registers[16] & 0x20 != 0
addr = registers[15] - codeDumpSize + (2 if thumb else 4)
print("\nCode dump:\n")
objdump_res = ""
try:
path = os.path.join(os.environ["DEVKITARM"], "bin", "arm-none-eabi-objdump")
if os.name == "nt":
path = ''.join((path[1], ':', path[2:])).replace('/', '\\')
objdump_res = subprocess.check_output((
path, "-marm", "-b", "binary",
"--adjust-vma="+hex(addr - codeOffset), "--start-address="+hex(addr),
"--stop-address="+hex(addr + codeDumpSize), "-D", "-z", "-M",
"reg-names-std" + (",force-thumb" if thumb else ""), args.filename
)).decode("utf-8")
objdump_res = '\n'.join(objdump_res[objdump_res.find('<.data+'):].split('\n')[1:])
except: objdump_res = ""
print(objdump_res if objdump_res != "" else hexdump(addr, codeDump))
print("\nStack dump:\n")
print(hexdump(registers[13], stackDump))

BIN
img/boot_menu_v1321.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 5.9 KiB

BIN
img/rosalina_menu_v1321.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.7 KiB

145
k11_extension/Makefile
View File

@ -1,145 +0,0 @@
#---------------------------------------------------------------------------------
.SUFFIXES:
#---------------------------------------------------------------------------------
ifeq ($(strip $(DEVKITARM)),)
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
endif
TOPDIR ?= $(CURDIR)
include $(DEVKITARM)/base_rules
#---------------------------------------------------------------------------------
# TARGET is the name of the output
# BUILD is the directory where object files & intermediate files will be placed
# SOURCES is a list of directories containing source code
# DATA is a list of directories containing data files
# INCLUDES is a list of directories containing header files
#---------------------------------------------------------------------------------
TARGET := $(notdir $(CURDIR))
BUILD := build
SOURCES := source source/svc
DATA := data
INCLUDES := include include/svc
#---------------------------------------------------------------------------------
# options for code generation
#---------------------------------------------------------------------------------
# -mgeneral-regs-only so that the C code is guaranteed not to use FPU regs
ARCH := -march=armv6k -mtune=mpcore -mfloat-abi=hard -mtp=soft -mgeneral-regs-only
DEFINES := -DARM11 -D__3DS__
FALSEPOSITIVES := -Wno-array-bounds -Wno-stringop-overflow -Wno-stringop-overread
CFLAGS := -g -std=gnu11 -Wall -Wextra -Werror -O2 -mword-relocations \
-fomit-frame-pointer -ffunction-sections -fdata-sections \
-Wno-main $(FALSEPOSITIVES) $(ARCH) $(DEFINES)
CFLAGS += $(INCLUDE)
CXXFLAGS := $(CFLAGS) -fno-rtti -fno-exceptions -std=gnu++11
ASFLAGS := -g $(ARCH)
LDFLAGS = -specs=$(TOPDIR)/linker.specs -g $(ARCH) -Wl,-Map,$(notdir $*.map)
LIBS :=
#---------------------------------------------------------------------------------
# list of directories containing libraries, this must be the top level containing
# include and lib
#---------------------------------------------------------------------------------
LIBDIRS :=
#---------------------------------------------------------------------------------
# no real need to edit anything past this point unless you need to add additional
# rules for different file extensions
#---------------------------------------------------------------------------------
ifneq ($(BUILD),$(notdir $(CURDIR)))
#---------------------------------------------------------------------------------
export OUTPUT := $(CURDIR)/$(TARGET)
export TOPDIR := $(CURDIR)
export VPATH := $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) \
$(foreach dir,$(DATA),$(CURDIR)/$(dir))
export DEPSDIR := $(CURDIR)/$(BUILD)
CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c)))
CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp)))
SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s)))
BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*)))
#---------------------------------------------------------------------------------
# use CXX for linking C++ projects, CC for standard C
#---------------------------------------------------------------------------------
ifeq ($(strip $(CPPFILES)),)
#---------------------------------------------------------------------------------
export LD := $(CC)
#---------------------------------------------------------------------------------
else
#---------------------------------------------------------------------------------
export LD := $(CXX)
#---------------------------------------------------------------------------------
endif
#---------------------------------------------------------------------------------
export OFILES_BIN := $(addsuffix .o,$(BINFILES))
export OFILES_SRC := $(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
export OFILES := $(OFILES_BIN) $(OFILES_SRC)
export HFILES_BIN := $(addsuffix .h,$(subst .,_,$(BINFILES)))
export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \
$(foreach dir,$(LIBDIRS),-I$(dir)/include) \
-I$(CURDIR)/$(BUILD)
export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib)
.PHONY: $(BUILD) clean all
#---------------------------------------------------------------------------------
all: $(BUILD)
$(BUILD):
@[ -d $@ ] || mkdir -p $@
@$(MAKE) --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile
#---------------------------------------------------------------------------------
clean:
@echo clean ...
@rm -fr $(BUILD) $(TARGET).elf
#---------------------------------------------------------------------------------
else
.PHONY: all
DEPENDS := $(OFILES:.o=.d)
#---------------------------------------------------------------------------------
# main targets
#---------------------------------------------------------------------------------
all : $(OUTPUT).elf
$(OUTPUT).elf : $(OFILES)
%.elf: $(OFILES)
@echo linking $(notdir $@)
@$(LD) $(LDFLAGS) $(OFILES) $(LIBPATHS) $(LIBS) -o $@
@$(NM) -CSn $@ > $(notdir $*.lst)
$(OFILES_SRC) : $(HFILES_BIN)
#---------------------------------------------------------------------------------
# you need a rule like this for each extension you use as binary data
#---------------------------------------------------------------------------------
%.bin.o %_bin.h : %.bin
#---------------------------------------------------------------------------------
@echo $(notdir $<)
@$(bin2o)
-include $(DEPENDS)
#---------------------------------------------------------------------------------------
endif
#---------------------------------------------------------------------------------------

40
k11_extension/include/config.h
View File

@ -1,40 +0,0 @@
#pragma once
#include "types.h"
#define MAKE_BRANCH(src,dst) (0xEA000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
#define MAKE_BRANCH_LINK(src,dst) (0xEB000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
#define CONFIG(a) (((cfwInfo.config >> (a)) & 1) != 0)
#define MULTICONFIG(a) ((cfwInfo.multiConfig >> (2 * (a))) & 3)
#define BOOTCONFIG(a, b) ((cfwInfo.bootConfig >> (a)) & (b))
#define BOOTCFG_NAND BOOTCONFIG(0, 1)
#define BOOTCFG_EMUINDEX BOOTCONFIG(1, 3)
#define BOOTCFG_NOFORCEFLAG BOOTCONFIG(3, 1)
#define BOOTCFG_NTRCARDBOOT BOOTCONFIG(4, 1)
enum multiOptions
{
DEFAULTEMU = 0,
BRIGHTNESS,
SPLASH,
PIN,
NEWCPU,
AUTOBOOTMODE,
FORCEAUDIOOUTPUT,
};
enum singleOptions
{
AUTOBOOTEMU = 0,
LOADEXTFIRMSANDMODULES,
PATCHGAMES,
REDIRECTAPPTHREADS,
PATCHVERSTRING,
SHOWGBABOOT,
PATCHUNITINFO,
ENABLEDSIEXTFILTER,
DISABLEARM11EXCHANDLERS,
ENABLESAFEFIRMROSALINA,
};

129
k11_extension/include/mmu.h
View File

@ -1,129 +0,0 @@
#pragma once
#include "types.h"
#include "kernel.h"
typedef struct
{
u32 bits1_0 : 2; ///< 0b00
} Desc_TranslationFault;
typedef struct
{
u32 bits1_0 : 2; ///< 0b01
u32 sbz : 3;
u32 domain : 4;
u32 p : 1;
u32 addr : 21;
} Desc_CoarsePageTable;
typedef struct
{
u32 bits1_0 : 2; ///< 0b10
u32 b : 1;
u32 c : 1;
u32 xn : 1;
u32 domain : 4;
u32 p : 1;
u32 ap : 2;
u32 tex : 3;
u32 apx : 1;
u32 s : 1;
u32 ng : 1;
u32 bit18 : 1; ///< 0
u32 sbz : 1;
u32 addr : 12;
} Desc_Section;
typedef struct
{
u32 bits1_0 : 2; ///< 0b10
u32 b : 1;
u32 c : 1;
u32 xn : 1;
u32 domain : 4;
u32 p : 1;
u32 ap : 2;
u32 tex : 3;
u32 sbz : 3;
u32 bit18 : 1; ///< 1
u32 sbz2 : 5;
u32 addr : 8;
} Desc_Supersection;
typedef struct
{
u32 bits1_0 : 2; ///< 0b11
} Desc_Reserved;
typedef struct
{
u32 bits1_0 : 2; ///< 0b01
u32 b : 1;
u32 c : 1;
u32 ap : 2;
u32 sbz : 3;
u32 apx : 1;
u32 s : 1;
u32 ng : 1;
u32 tex : 3;
u32 xn : 1;
u32 addr : 16;
} Desc_LargePage;
typedef struct
{
u32 xn : 1;
u32 bit1 : 1; ///< 1
u32 b : 1;
u32 c : 1;
u32 ap : 2;
u32 tex : 3;
u32 apx : 1;
u32 s : 1;
u32 ng : 1;
u32 addr : 20;
} Desc_SmallPage;
typedef union
{
u32 raw;
Desc_TranslationFault translationFault;
Desc_CoarsePageTable coarsePageTable;
Desc_Section section;
Desc_Supersection supersection;
Desc_Reserved reserved;
} L1Descriptor;
typedef union
{
u32 raw;
Desc_TranslationFault translationFault;
Desc_LargePage largePage;
Desc_SmallPage smallPage;
} L2Descriptor;
typedef enum
{
Descriptor_TranslationFault,
Descriptor_CoarsePageTable,
Descriptor_Section,
Descriptor_Supersection,
Descriptor_Reserved,
Descriptor_LargePage,
Descriptor_SmallPage
} DescType;
void L1MMUTable__RWXForAll(u32 *table);
void L2MMUTable__RWXForAll(u32 *table);
u32 L1MMUTable__GetPAFromVA(u32 *table, u32 va);
u32 L2MMUTable__GetPAFromVA(u32 *table, u32 va);
u32 L1MMUTable__GetAddressUserPerm(u32 *table, u32 va);
u32 L2MMUTable__GetAddressUserPerm(u32 *table, u32 va);
void KProcessHwInfo__SetMMUTableToRWX(KProcessHwInfo *hwInfo);
u32 KProcessHwInfo__GetPAFromVA(KProcessHwInfo *hwInfo, u32 va);
u32 KProcessHwInfo__GetAddressUserPerm(KProcessHwInfo *hwInfo, u32 va);

21
k11_extension/include/svc/ControlProcess.h
View File

@ -1,21 +0,0 @@
#pragma once
#include "utils.h"
#include "kernel.h"
#include "svc.h"
/// Operations for svcControlProcess
typedef enum ProcessOp
{
PROCESSOP_GET_ALL_HANDLES, ///< List all handles of the process, varg3 can be either 0 to fetch all handles, or token of the type to fetch
///< svcControlProcess(handle, PROCESSOP_GET_ALL_HANDLES, (u32)&outBuf, 0)
PROCESSOP_SET_MMU_TO_RWX, ///< Set the whole memory of the process with rwx access
///< svcControlProcess(handle, PROCESSOP_SET_MMU_TO_RWX, 0, 0)
PROCESSOP_GET_ON_MEMORY_CHANGE_EVENT,
PROCESSOP_SIGNAL_ON_EXIT,
PROCESSOP_GET_PA_FROM_VA, ///< Get the physical address of the va within the process
///< svcControlProcess(handle, PROCESSOP_GET_PA_FROM_VA, (u32)&outPa, va)
PROCESSOP_SCHEDULE_THREADS,
} ProcessOp;
Result ControlProcess(Handle process, ProcessOp op, u32 varg2, u32 varg3);

6
k11_extension/include/svc/ExitProcess.h
View File

@ -1,6 +0,0 @@
#include "utils.h"
#include "kernel.h"
#include "svc.h"
void ExitProcessHook(void);
void ExitProcessHookWrapper(void);

40
k11_extension/include/svc/MapProcessMemoryEx.h
View File

@ -1,40 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
#include "utils.h"
#include "kernel.h"
#include "svc.h"
/// Flags for svcMapProcessMemoryEx
typedef enum MapExFlags
{
MAPEXFLAGS_PRIVATE = BIT(0), ///< Maps the memory as PRIVATE (0xBB05) instead of SHARED (0x5806)
} MapExFlags;
Result MapProcessMemoryEx(Handle dstProcessHandle, u32 vaDst, Handle srcProcessHandle, u32 vaSrc, u32 size, MapExFlags flags);
Result MapProcessMemoryExWrapper(Handle dstProcessHandle, u32 vaDst, Handle srcProcessHandle, u32 vaSrc, u32 size, MapExFlags flags);

125
k11_extension/include/synchronization.h
View File

@ -1,125 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
#include "types.h"
#include "kernel.h"
typedef KSchedulableInterruptEvent* (*SGI0Handler_t)(KBaseInterruptEvent *this, u32 interruptID);
// http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0360f/CCHDIFIJ.html
void executeFunctionOnCores(SGI0Handler_t func, u8 targetList, u8 targetListFilter);
void KScheduler__TriggerCrossCoreInterrupt(KScheduler *this);
void KThread__DebugReschedule(KThread *this, bool lock);
bool rosalinaThreadLockPredicate(KThread *thread, u32 mask);
void rosalinaRescheduleThread(KThread *thread, bool lock);
void rosalinaLockThreads(u32 mask);
void rosalinaUnlockThreads(u32 mask);
// Taken from ctrulib:
static inline void __dsb(void)
{
__asm__ __volatile__("mcr p15, 0, %[val], c7, c10, 4" :: [val] "r" (0) : "memory");
}
static inline void __dmb(void)
{
__asm__ __volatile__("mcr p15, 0, %[val], c7, c10, 5" :: [val] "r" (0) : "memory");
}
static inline void __clrex(void)
{
__asm__ __volatile__("clrex" ::: "memory");
}
static inline s32 __ldrex(s32* addr)
{
s32 val;
__asm__ __volatile__("ldrex %[val], %[addr]" : [val] "=r" (val) : [addr] "Q" (*addr));
return val;
}
static inline bool __strex(s32* addr, s32 val)
{
bool res;
__asm__ __volatile__("strex %[res], %[val], %[addr]" : [res] "=&r" (res) : [val] "r" (val), [addr] "Q" (*addr));
return res;
}
static inline s8 __ldrex8(s8* addr)
{
s8 val;
__asm__ __volatile__("ldrexb %[val], %[addr]" : [val] "=r" (val) : [addr] "Q" (*addr));
return val;
}
static inline bool __strex8(s8* addr, s8 val)
{
bool res;
__asm__ __volatile__("strexb %[res], %[val], %[addr]" : [res] "=&r" (res) : [val] "r" (val), [addr] "Q" (*addr));
return res;
}
static inline s16 __ldrex16(s16* addr)
{
s16 val;
__asm__ __volatile__("ldrexh %[val], %[addr]" : [val] "=r" (val) : [addr] "Q" (*addr));
return val;
}
static inline bool __strex16(s16* addr, s16 val)
{
bool res;
__asm__ __volatile__("strexh %[res], %[val], %[addr]" : [res] "=&r" (res) : [val] "r" (val), [addr] "Q" (*addr));
return res;
}
static inline u32 __get_cpsr(void)
{
u32 cpsr;
__asm__ __volatile__("mrs %0, cpsr" : "=r"(cpsr));
return cpsr;
}
static inline void __set_cpsr_cx(u32 cpsr)
{
__asm__ __volatile__("msr cpsr_cx, %0" :: "r"(cpsr));
}
static inline void __enable_irq(void)
{
__asm__ __volatile__("cpsie i");
}
static inline void __disable_irq(void)
{
__asm__ __volatile__("cpsid i");
}

157
k11_extension/linker.ld
View File

@ -1,157 +0,0 @@
OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
OUTPUT_ARCH(arm)
ENTRY(_start)
MEMORY
{
vram : ORIGIN = 0x18000000, LENGTH = 0x18180000 - 0x18000000 /* Up to the kernel builtins. */
main : ORIGIN = 0x70000000, LENGTH = 1M
}
PHDRS
{
main PT_LOAD;
}
SECTIONS
{
PROVIDE(__start__ = ORIGIN(main));
. = ABSOLUTE(__start__);
.text :
{
KEEP( *(.text.start) )
KEEP( *(.init) )
/* .text */
*(.text)
*(.text.*)
*(.glue_7)
*(.glue_7t)
*(.stub)
*(.gnu.warning)
*(.gnu.linkonce.t*)
/* .fini */
KEEP( *(.fini) )
. = ALIGN(32);
} >main AT>vram :main
.rodata :
{
*(.rodata)
*(.roda)
*(.rodata.*)
*all.rodata*(*)
*(.gnu.linkonce.r*)
SORT(CONSTRUCTORS)
. = ALIGN(8);
} >main AT>vram
.preinit_array :
{
PROVIDE (__preinit_array_start = .);
KEEP (*(.preinit_array))
PROVIDE (__preinit_array_end = .);
} >main AT>vram
.init_array :
{
PROVIDE (__init_array_start = .);
KEEP (*(SORT(.init_array.*)))
KEEP (*(.init_array))
PROVIDE (__init_array_end = .);
} >main AT>vram
.fini_array :
{
PROVIDE (__fini_array_start = .);
KEEP (*(.fini_array))
KEEP (*(SORT(.fini_array.*)))
PROVIDE (__fini_array_end = .);
} >main AT>vram
.ctors :
{
KEEP (*crtbegin.o(.ctors)) /* MUST be first -- GCC requires it */
KEEP (*(EXCLUDE_FILE (*crtend.o) .ctors))
KEEP (*(SORT(.ctors.*)))
KEEP (*(.ctors))
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
} >main AT>vram
.dtors :
{
KEEP (*crtbegin.o(.dtors))
KEEP (*(EXCLUDE_FILE (*crtend.o) .dtors))
KEEP (*(SORT(.dtors.*)))
KEEP (*(.dtors))
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
} >main AT>vram
.ARM.extab : { *(.ARM.extab* .gnu.linkonce.armextab.*) __exidx_start = ABSOLUTE(.);} >main AT>vram
ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) __exidx_end = ABSOLUTE(.);} >main AT>vram
.data :
{
*(.data)
*(.data.*)
*(.gnu.linkonce.d*)
CONSTRUCTORS
. = ALIGN(32);
} >main AT>vram
.bss (NOLOAD) :
{
. = ALIGN(32);
PROVIDE (__bss_start__ = ABSOLUTE(.));
*(.dynbss)
*(.bss)
*(.bss.*)
*(.gnu.linkonce.b*)
*(COMMON)
. = ALIGN(0x1000);
PROVIDE (__bss_end__ = ABSOLUTE(.));
PROVIDE (__end__ = ABSOLUTE(.));
} >main :NONE
/* ==================
==== Metadata ====
================== */
/* Discard sections that difficult post-processing */
/DISCARD/ : { *(.group .comment .note) }
/* Stabs debugging sections. */
.stab 0 : { *(.stab) }
.stabstr 0 : { *(.stabstr) }
.stab.excl 0 : { *(.stab.excl) }
.stab.exclstr 0 : { *(.stab.exclstr) }
.stab.index 0 : { *(.stab.index) }
.stab.indexstr 0 : { *(.stab.indexstr) }
/* DWARF debug sections.
Symbols in the DWARF debugging sections are relative to the beginning
of the section so we begin them at 0. */
/* DWARF 1 */
.debug 0 : { *(.debug) }
.line 0 : { *(.line) }
/* GNU DWARF 1 extensions */
.debug_srcinfo 0 : { *(.debug_srcinfo) }
.debug_sfnames 0 : { *(.debug_sfnames) }
/* DWARF 1.1 and DWARF 2 */
.debug_aranges 0 : { *(.debug_aranges) }
.debug_pubnames 0 : { *(.debug_pubnames) }
/* DWARF 2 */
.debug_info 0 : { *(.debug_info) }
.debug_abbrev 0 : { *(.debug_abbrev) }
.debug_line 0 : { *(.debug_line) }
.debug_frame 0 : { *(.debug_frame) }
.debug_str 0 : { *(.debug_str) }
.debug_loc 0 : { *(.debug_loc) }
.debug_macinfo 0 : { *(.debug_macinfo) }
}

7
k11_extension/linker.specs
View File

@ -1,7 +0,0 @@
%rename link old_link
*link:
%(old_link) -T %:getenv(TOPDIR /linker.ld) --nmagic --gc-sections --no-warn-rwx-segments
*startfile:
crti%O%s crtbegin%O%s

147
k11_extension/source/debug.c
View File

@ -1,147 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include <string.h>
#include "debug.h"
#include "synchronization.h"
KRecursiveLock dbgParamsLock = { NULL };
u32 dbgParamWatchpointId, dbgParamDVA, dbgParamWCR, dbgParamContextId;
KSchedulableInterruptEvent *enableMonitorModeDebugging(KBaseInterruptEvent *this CTR_UNUSED, u32 interruptID CTR_UNUSED)
{
coreBarrier();
u32 DSCR;
__asm__ __volatile__("mrc p14, 0, %[val], c0, c1, 0" : [val] "=r" (DSCR));
DSCR |= 0x8000;
__asm__ __volatile__("mcr p14, 0, %[val], c0, c1, 0" :: [val] "r" (DSCR));
__dsb();
coreBarrier();
return NULL;
}
static void disableWatchpoint0(void)
{
u32 control;
// WCR0
__asm__ __volatile__("mrc p14, 0, %[val], c0, c0, 7" : [val] "=r" (control));
control &= ~1;
__asm__ __volatile__("mcr p14, 0, %[val], c0, c0, 7" :: [val] "r" (control));
// BCR4
__asm__ __volatile__("mrc p14, 0, %[val], c0, c4, 5" : [val] "=r" (control));
control &= ~1;
__asm__ __volatile__("mcr p14, 0, %[val], c0, c4, 5" :: [val] "r" (control));
}
static void disableWatchpoint1(void)
{
u32 control;
// WCR1
__asm__ __volatile__("mrc p14, 0, %[val], c0, c1, 7" : [val] "=r" (control));
control &= ~1;
__asm__ __volatile__("mcr p14, 0, %[val], c0, c1, 7" :: [val] "r" (control));
// BCR5
__asm__ __volatile__("mrc p14, 0, %[val], c0, c5, 5" : [val] "=r" (control));
control &= ~1;
__asm__ __volatile__("mcr p14, 0, %[val], c0, c5, 5" :: [val] "r" (control));
}
KSchedulableInterruptEvent *disableWatchpoint(KBaseInterruptEvent *this CTR_UNUSED, u32 interruptID CTR_UNUSED)
{
coreBarrier();
if(dbgParamWatchpointId == 0)
disableWatchpoint0();
else
disableWatchpoint1();
__dsb();
coreBarrier();
return NULL;
}
static void setWatchpoint0WithContextId(u32 DVA, u32 WCR, u32 contextId)
{
// http://infocenter.arm.com/help/topic/com.arm.doc.ddi0360f/CEGCFFDF.html
u32 BCR =
(1 << 21) | /* compare with context ID */
(1 << 20) | /* linked (with a WRP in our case) */
(0xf << 5) | /* byte address select, +0 to +3 as mandated when linking with a WRP */
(3 << 1) | /* either privileged modes or user mode, as mandated when linking with a WRP */
(1 << 0) ; /* enabled */
disableWatchpoint0();
__asm__ __volatile__("mcr p14, 0, %[val], c0, c0, 6" :: [val] "r" (DVA));
__asm__ __volatile__("mcr p14, 0, %[val], c0, c4, 4" :: [val] "r" (contextId));
__asm__ __volatile__("mcr p14, 0, %[val], c0, c0, 7" :: [val] "r" (WCR));
__asm__ __volatile__("mcr p14, 0, %[val], c0, c4, 5" :: [val] "r" (BCR));
__asm__ __volatile__("mcr p15, 0, %[val], c7, c10, 5" :: [val] "r" (0) : "memory"); // DMB
}
static void setWatchpoint1WithContextId(u32 DVA, u32 WCR, u32 contextId)
{
// http://infocenter.arm.com/help/topic/com.arm.doc.ddi0360f/CEGCFFDF.html
u32 BCR =
(1 << 21) | /* compare with context ID */
(1 << 20) | /* linked (with a WRP in our case) */
(0xf << 5) | /* byte address select, +0 to +3 as mandated when linking with a WRP */
(3 << 1) | /* either privileged modes or user mode, as mandated when linking with a WRP */
(1 << 0) ; /* enabled */
disableWatchpoint1();
__asm__ __volatile__("mcr p14, 0, %[val], c0, c1, 6" :: [val] "r" (DVA));
__asm__ __volatile__("mcr p14, 0, %[val], c0, c5, 4" :: [val] "r" (contextId));
__asm__ __volatile__("mcr p14, 0, %[val], c0, c1, 7" :: [val] "r" (WCR));
__asm__ __volatile__("mcr p14, 0, %[val], c0, c5, 5" :: [val] "r" (BCR));
__asm__ __volatile__("mcr p15, 0, %[val], c7, c10, 5" :: [val] "r" (0) : "memory"); // DMB
}
KSchedulableInterruptEvent *setWatchpointWithContextId(KBaseInterruptEvent *this CTR_UNUSED, u32 interruptID CTR_UNUSED)
{
coreBarrier();
if(dbgParamWatchpointId == 0)
setWatchpoint0WithContextId(dbgParamDVA, dbgParamWCR, dbgParamContextId);
else
setWatchpoint1WithContextId(dbgParamDVA, dbgParamWCR, dbgParamContextId);
__dsb();
coreBarrier();
return NULL;
}

404
k11_extension/source/main.c
View File

@ -1,404 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include <string.h>
#include "utils.h"
#include "globals.h"
#include "synchronization.h"
#include "fatalExceptionHandlers.h"
#include "svc.h"
#include "svc/ConnectToPort.h"
#include "svcHandler.h"
#define K11EXT_VA 0x70000000
struct KExtParameters
{
u32 basePA;
u32 stolenSystemMemRegionSize;
void *originalHandlers[4];
u32 L1MMUTableAddrs[4];
volatile bool done;
CfwInfo cfwInfo;
} kExtParameters = { .basePA = 0x12345678 }; // place this in .data
static CTR_ALIGN(1024) u32 g_L2Table[256] = {0};
void relocateAndSetupMMU(u32 coreId, u32 *L1Table)
{
struct KExtParameters *p0 = (struct KExtParameters *)((u32)&kExtParameters - K11EXT_VA + 0x18000000);
struct KExtParameters *p = (struct KExtParameters *)((u32)&kExtParameters - K11EXT_VA + p0->basePA);
u32 *L2Table = (u32 *)((u32)g_L2Table - K11EXT_VA + p0->basePA);
if(coreId == 0)
{
// Relocate ourselves, and clear BSS
// This is only OK because the jumps will be relative & there's no mode switch...
memcpy((void *)p0->basePA, (const void *)0x18000000, __bss_start__ - __start__);
memset((u32 *)(p0->basePA + (__bss_start__ - __start__)), 0, __bss_end__ - __bss_start__);
// Map the kernel ext at K11EXT_VA
// 4KB extended small pages:
// Outer Write-Through cached, No Allocate on Write, Buffered
// Inner Cached Write-Back Write-Allocate, Buffered
// This was changed at some point (8.0 maybe?), it was outer noncached before
for(u32 offset = 0; offset < (u32)(__end__ - __start__); offset += 0x1000)
L2Table[offset >> 12] = (p0->basePA + offset) | 0x596;
p0->done = true;
// DSB, Flush Prefetch Buffer (more or less "isb")
__asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
__asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
__asm__ __volatile__ ("sev");
}
else {
do
{
__asm__ __volatile__ ("wfe");
} while(!p0->done);
// DSB, Flush Prefetch Buffer (more or less "isb")
__asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
__asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
}
// bit31 idea thanks to SALT
// Maps physmem so that, if addr is in physmem(0, 0x30000000), it can be accessed uncached&rwx as addr|(1<<31)
u32 attribs = 0x40C02; // supersection (rwx for all) of strongly ordered memory, shared
for(u32 PA = 0; PA < 0x30000000; PA += 0x01000000)
{
u32 VA = (1 << 31) | PA;
for(u32 i = 0; i < 16; i++)
L1Table[i + (VA >> 20)] = PA | attribs;
}
L1Table[K11EXT_VA >> 20] = (u32)L2Table | 1;
p->L1MMUTableAddrs[coreId] = (u32)L1Table;
// DSB, Flush Prefetch Buffer (more or less "isb")
__asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
__asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
}
void bindSGI0Hook(void)
{
if(InterruptManager__MapInterrupt(interruptManager, customInterruptEvent, 0, getCurrentCoreID(), 0, false, false) != 0)
__asm__ __volatile__ ("bkpt 0xdead");
}
void configHook(vu8 *cfgPage)
{
configPage = cfgPage;
kernelVersion = *(vu32 *)configPage;
*(vu32 *)(configPage + 0x40) = fcramLayout.applicationSize;
*(vu32 *)(configPage + 0x44) = fcramLayout.systemSize;
*(vu32 *)(configPage + 0x48) = fcramLayout.baseSize;
*isDevUnit = true; // enable debug features
pidOffsetKProcess = KPROCESS_OFFSETOF(processId);
hwInfoOffsetKProcess = KPROCESS_OFFSETOF(hwInfo);
codeSetOffsetKProcess = KPROCESS_OFFSETOF(codeSet);
handleTableOffsetKProcess = KPROCESS_OFFSETOF(handleTable);
debugOffsetKProcess = KPROCESS_OFFSETOF(debug);
flagsKProcess = KPROCESS_OFFSETOF(kernelFlags);
}
void KProcessHwInfo__MapL1Section_Hook(void);
void KProcessHwInfo__MapL2Section_Hook(void);
static void installMmuHooks(void)
{
// Older versions of k11 had different VA memory mappings
u32 k11TextStartVa = (u32)originalHandlers[2] & ~0xFFFF;
u32 *off;
for (off = (u32 *)k11TextStartVa; off[0] != 0xE3A05801 || off[1] != 0xE2010EE3; off++);
for (; (off[0] >> 16) != 0xE92D; off--);
u32 *mapL2Section = PA_FROM_VA_PTR(off); // fragile, might break due to cache
for (off = (u32 *)k11TextStartVa; off[0] != 0x13A0A401 || off[1] != 0x03A0A601; off++);
for (; (off[0] >> 16) != 0xE92D; off--);
u32 *mapL1Section = PA_FROM_VA_PTR(off);
mapL1Section[1] = 0xE28FE004; // add lr, pc, #4
mapL1Section[2] = 0xE51FF004; // ldr pc, [pc, #-4]
mapL1Section[3] = (u32)KProcessHwInfo__MapL1Section_Hook;
mapL2Section[1] = 0xE28FE004; // add lr, pc, #4
mapL2Section[2] = 0xE51FF004; // ldr pc, [pc, #-4]
mapL2Section[3] = (u32)KProcessHwInfo__MapL2Section_Hook;
}
static void findUsefulSymbols(void)
{
u32 *off;
// Older versions of k11 had different VA memory mappings
u32 k11TextStartVa = (u32)originalHandlers[2] & ~0xFFFF;
// Get fcramDescriptor
for (off = (u32 *)k11TextStartVa; ; ++off)
{
if ( (off[0] >> 16) == 0xE59F
&& (off[1] >> 16) == 0xE3A0
&& (off[2] >> 16) == 0xE3A0
&& (off[3] >> 16) == 0xE1A0
&& (off[4] >> 16) == 0xEB00)
{
fcramDescriptor = (FcramDescriptor *)off[2 + (off[0] & 0xFFFF) / 4];
break;
}
}
// Get kAlloc
for (; *off != 0xE1A00005 || *(off + 1) != 0xE320F000; ++off);
off = decodeArmBranch(off + 2);
for (; (*off >> 16) != 0xEB00; ++off);
kAlloc = (void* (*)(FcramDescriptor *, u32, u32, u32))decodeArmBranch(off);
// Patch ERRF__DumpException
for(off = (u32 *)0xFFFF0000; *off != 0xE1A04005; ++off);
++off;
*(u32 *)PA_FROM_VA_PTR(off) = makeArmBranch(off, off + 51, false);
for(; *off != 0xE2100102; ++off);
KProcessHwInfo__QueryMemory = (Result (*)(KProcessHwInfo *, MemoryInfo *, PageInfo *, void *))decodeArmBranch(off - 1);
for(; *off != 0xE1A0D002; off++);
off += 3;
initFPU = (void (*) (void))off;
for(; *off != 0xE3A0A0C2; off++);
mcuReboot = (void (*) (void))--off;
coreBarrier = (void (*) (void))decodeArmBranch(off - 4);
for(off = (u32 *)originalHandlers[2]; *off != 0xE1A00009; off++);
svcFallbackHandler = (void (*)(u8))decodeArmBranch(off + 1);
for(; *off != 0xE92D000F; off++);
officialPostProcessSvc = (void (*)(void))decodeArmBranch(off + 1);
KProcessHandleTable__ToKProcess = (KProcess * (*)(KProcessHandleTable *, Handle))decodeArmBranch(5 + (u32 *)officialSVCs[0x76]);
for(off = (u32 *)KProcessHandleTable__ToKProcess; *off != 0xE1A00004; off++);
KAutoObject__AddReference = (void (*)(KAutoObject *))decodeArmBranch(off + 1);
for(; *off != 0xE320F000; off++);
KProcessHandleTable__ToKAutoObject = (KAutoObject * (*)(KProcessHandleTable *, Handle))decodeArmBranch(off + 1);
for(off = (u32 *)decodeArmBranch(3 + (u32 *)officialSVCs[9]); /* KThread::Terminate */ *off != 0xE5D42034; off++);
off -= 2;
criticalSectionLock = (KRecursiveLock *)off[2 + (off[0] & 0xFF) / 4];
KRecursiveLock__Lock = (void (*)(KRecursiveLock *))decodeArmBranch(off + 1);
off += 4;
for(; (*off >> 16) != 0xE59F; off++);
KRecursiveLock__Unlock = (void (*)(KRecursiveLock *))decodeArmBranch(off + 1);
for(; *off != 0xE5C4007D; off++);
KSynchronizationObject__Signal = (void (*)(KSynchronizationObject *, bool))decodeArmBranch(off + 3);
for(off = (u32 *)officialSVCs[0x19]; *off != 0xE1A04005; off++);
KEvent__Clear = (Result (*)(KEvent *))decodeArmBranch(off + 1);
for(off = (u32 *)KEvent__Clear; *off != 0xE8BD8070; off++);
synchronizationMutex = *(KObjectMutex **)(off + 1);
for(off = (u32 *)officialSVCs[0x18]; *off != 0xE1A04005; ++off);
KEvent__Signal = (Result (*)(KEvent *))decodeArmBranch(off + 1);
for(off = (u32 *)officialSVCs[0x24]; *off != 0xE59F004C; off++);
WaitSynchronization1 = (Result (*)(void *, KThread *, KSynchronizationObject *, s64))decodeArmBranch(off + 6);
for(off = (u32 *)decodeArmBranch(3 + (u32 *)officialSVCs[0x33]) /* OpenProcess */ ; *off != 0xE1A05000; off++);
KProcessHandleTable__CreateHandle = (Result (*)(KProcessHandleTable *, Handle *, KAutoObject *, u8))decodeArmBranch(off - 1);
for(off = (u32 *)decodeArmBranch(3 + (u32 *)officialSVCs[0x34]) /* OpenThread */; *off != 0xD9001BF7; off++);
threadList = *(KObjectList **)(off + 1);
off = (u32 *)decodeArmBranch((u32 *)officialSVCs[0x37] + 3) + 5; /* GetThreadId */
KProcessHandleTable__ToKThread = (KThread * (*)(KProcessHandleTable *, Handle))decodeArmBranch((*off >> 16) == 0xEB00 ? off : off + 2);
for(off = (u32 *)officialSVCs[0x50]; off[0] != 0xE1A05000 || off[1] != 0xE2100102 || off[2] != 0x5A00000B; off++);
InterruptManager__MapInterrupt = (Result (*)(InterruptManager *, KBaseInterruptEvent *, u32, u32, u32, bool, bool))decodeArmBranch(--off);
interruptManager = *(InterruptManager **)(off - 4 + (off[-6] & 0xFFF) / 4);
for(off = (u32 *)officialSVCs[0x54]; *off != 0xE8BD8008; off++);
flushDataCacheRange = (void (*)(void *, u32))(*(u32 **)(off[1]) + 3);
for(off = (u32 *)officialSVCs[0x71]; *off != 0xE2101102; off++);
KProcessHwInfo__MapProcessMemory = (Result (*)(KProcessHwInfo *, KProcessHwInfo *, void *, void *, u32))decodeArmBranch(off - 1);
// From 4.x to 6.x the pattern will match but the result will be wrong
for(off = (u32 *)officialSVCs[0x72]; *off != 0xE2041102; off++);
KProcessHwInfo__UnmapProcessMemory = (Result (*)(KProcessHwInfo *, void *, u32))decodeArmBranch(off - 1);
for (off = (u32 *)officialSVCs[0x70]; *off != 0xE8881200 && *off != 0xE8891900; ++off);
for (off = (u32 *)decodeArmBranch(off + 1); *off != 0xE2101102; ++off);
KProcessHwInfo__CheckVaState = (Result (*)(KProcessHwInfo *, u32, u32, u32, u32))decodeArmBranch(off - 1);
for (; *off != 0xE28D1008; ++off);
KProcessHwInfo__GetListOfKBlockInfoForVA = (Result (*)(KProcessHwInfo*, KLinkedList*, u32, u32))decodeArmBranch(off + 1);
for (; *off != 0xE2000102; ++off);
KProcessHwInfo__MapListOfKBlockInfo = (Result (*)(KProcessHwInfo*, u32, KLinkedList*, u32, u32, u32))decodeArmBranch(off - 1);
for (; *off != 0xE8BD8FF0; ++off);
KLinkedList_KBlockInfo__Clear = (void (*)(KLinkedList *))decodeArmBranch(off - 6);
for(off = (u32 *)KProcessHwInfo__MapListOfKBlockInfo; *off != 0xE1A0000B; ++off);
doControlMemory = (Result (*)(KProcessHwInfo*, u32, u32, u32, u32, u32, u32, u32))decodeArmBranch(off + 1);
for(off = (u32 *)officialSVCs[0x7C]; *off != 0x03530000; off++);
KObjectMutex__WaitAndAcquire = (void (*)(KObjectMutex *))decodeArmBranch(++off);
for(; *off != 0xE320F000; off++);
KObjectMutex__ErrorOccured = (void (*)(void))decodeArmBranch(off + 1);
for(off = (u32 *)originalHandlers[4]; *off != (u32)exceptionStackTop; off++);
kernelUsrCopyFuncsStart = (void *)off[1];
kernelUsrCopyFuncsEnd = (void *)off[2];
u32 n_cmp_0;
for(off = (u32 *)kernelUsrCopyFuncsStart, n_cmp_0 = 1; n_cmp_0 <= 6; off++)
{
if(*off == 0xE3520000)
{
// We're missing some funcs
switch(n_cmp_0)
{
case 1:
usrToKernelMemcpy8 = (bool (*)(void *, const void *, u32))off;
break;
case 2:
usrToKernelMemcpy32 = (bool (*)(u32 *, const u32 *, u32))off;
break;
case 3:
usrToKernelStrncpy = (s32 (*)(char *, const char *, u32))off;
break;
case 4:
kernelToUsrMemcpy8 = (bool (*)(void *, const void *, u32))off;
break;
case 5:
kernelToUsrMemcpy32 = (bool (*)(u32 *, const u32 *, u32))off;
break;
case 6:
kernelToUsrStrncpy = (s32 (*)(char *, const char *, u32))off;
break;
default: break;
}
n_cmp_0++;
}
}
// The official prototype of ControlMemory doesn't have that extra param'
ControlMemory = (Result (*)(u32 *, u32, u32, u32, MemOp, MemPerm, bool))
decodeArmBranch((u32 *)officialSVCs[0x01] + 5);
CreateThread = (Result (*)(Handle *, u32, u32, u32, s32, s32))decodeArmBranch((u32 *)officialSVCs[0x08] + 5);
SleepThread = (void (*)(s64))officialSVCs[0x0A];
CreateEvent = (Result (*)(Handle *, ResetType))decodeArmBranch((u32 *)officialSVCs[0x17] + 3);
CloseHandle = (Result (*)(Handle))officialSVCs[0x23];
GetHandleInfo = (Result (*)(s64 *, Handle, u32))decodeArmBranch((u32 *)officialSVCs[0x29] + 3);
GetSystemInfo = (Result (*)(s64 *, s32, s32))decodeArmBranch((u32 *)officialSVCs[0x2A] + 3);
GetProcessInfo = (Result (*)(s64 *, Handle, u32))decodeArmBranch((u32 *)officialSVCs[0x2B] + 3);
GetThreadInfo = (Result (*)(s64 *, Handle, u32))decodeArmBranch((u32 *)officialSVCs[0x2C] + 3);
ConnectToPort = (Result (*)(Handle *, const char*))decodeArmBranch((u32 *)officialSVCs[0x2D] + 3);
SendSyncRequest = (Result (*)(Handle))officialSVCs[0x32];
OpenProcess = (Result (*)(Handle *, u32))decodeArmBranch((u32 *)officialSVCs[0x33] + 3);
GetProcessId = (Result (*)(u32 *, Handle))decodeArmBranch((u32 *)officialSVCs[0x35] + 3);
DebugActiveProcess = (Result (*)(Handle *, u32))decodeArmBranch((u32 *)officialSVCs[0x60] + 3);
SignalEvent = (Result (*)(Handle event))officialSVCs[0x18];
UnmapProcessMemory = (Result (*)(Handle, void *, u32))officialSVCs[0x72];
KernelSetState = (Result (*)(u32, u32, u32, u32))((u32 *)officialSVCs[0x7C] + 1);
for(off = (u32 *)svcFallbackHandler; *off != 0xE8BD4010; off++);
kernelpanic = (void (*)(void))decodeArmBranch(off + 1);
for(off = (u32 *)0xFFFF0000; off[0] != 0xE3A01002 || off[1] != 0xE3A00004; off++);
SignalDebugEvent = (Result (*)(DebugEventType type, u32 info, ...))decodeArmBranch(off + 2);
for(; *off != 0x96007F9; off++);
isDevUnit = *(bool **)(off - 1);
///////////////////////////////////////////
// Shitty/lazy heuristic but it works on even 4.5, so...
u32 textStart = ((u32)originalHandlers[2]) & ~0xFFFF;
u32 rodataStart = (u32)(interruptManager->N3DS.privateInterrupts[1][0x1D].interruptEvent->vtable) & ~0xFFF;
u32 textSize = rodataStart - textStart;
for(off = (u32 *)textStart; off < (u32 *)(textStart + textSize - 12); off++)
{
if(off[0] == 0xE5D13034 && off[1] == 0xE1530002)
KScheduler__AdjustThread = (void (*)(KScheduler *, KThread *, u32))off;
else if(off[0] == (u32)interruptManager && off[1] == (u32)&currentCoreContext->objectContext)
KScheduler__AttemptSwitchingThreadContext = (void (*)(KScheduler *))(off - 2);
else if(off[0] == 0xE3510B1A && off[1] == 0xE3A06000)
{
u32 *off2;
for(off2 = off; *off2 != 0xE92D40F8; off2--);
invalidateInstructionCacheRange = (void (*)(void *, u32))off2;
}
}
installMmuHooks();
}
void main(FcramLayout *layout, KCoreContext *ctxs)
{
struct KExtParameters *p = &kExtParameters;
u32 TTBCR_;
s64 nb;
cfwInfo = p->cfwInfo;
kextBasePa = p->basePA;
stolenSystemMemRegionSize = p->stolenSystemMemRegionSize;
layout->systemSize -= stolenSystemMemRegionSize;
fcramLayout = *layout;
coreCtxs = ctxs;
__asm__ __volatile__("mrc p15, 0, %0, c2, c0, 2" : "=r"(TTBCR_));
TTBCR = TTBCR_;
isN3DS = getNumberOfCores() == 4;
memcpy(L1MMUTableAddrs, (const void *)p->L1MMUTableAddrs, 16);
exceptionStackTop = (u32 *)0xFFFF2000 + (1 << (32 - TTBCR - 20));
memcpy(originalHandlers + 1, p->originalHandlers, 16);
void **arm11SvcTable = (void**)originalHandlers[2];
while(*arm11SvcTable != NULL) arm11SvcTable++; //Look for SVC0 (NULL)
memcpy(officialSVCs, arm11SvcTable, 4 * 0x7E);
findUsefulSymbols();
buildAlteredSvcTable();
GetSystemInfo(&nb, 26, 0);
nbSection0Modules = (u32)nb;
rosalinaState = 0;
hasStartedRosalinaNetworkFuncsOnce = false;
// DSB, Flush Prefetch Buffer (more or less "isb")
__asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
__asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
}

319
k11_extension/source/mmu.c
View File

@ -1,319 +0,0 @@
#include "mmu.h"
#include "globals.h"
#include "utils.h"
extern u8 svcSignalingEnabled;
DescType L1Descriptor__GetType(u32 descriptor)
{
L1Descriptor pdesc = {descriptor};
if (pdesc.reserved.bits1_0 == 0b00)
return Descriptor_TranslationFault;
if (pdesc.reserved.bits1_0 == 0b01)
return Descriptor_CoarsePageTable;
if (pdesc.reserved.bits1_0 == 0b10)
return pdesc.section.bit18 == 0 ? Descriptor_Section : Descriptor_Supersection;
return Descriptor_Reserved;
}
DescType L2Descriptor__GetType(u32 descriptor)
{
L2Descriptor pdesc = {descriptor};
if (pdesc.translationFault.bits1_0 == 0b01)
return Descriptor_LargePage;
if (pdesc.smallPage.bit1 == 1)
return Descriptor_SmallPage;
return Descriptor_TranslationFault;
}
void L1MMUTable__RWXForAll(u32 *table)
{
u32 *tableEnd = table + 1024;
for (; table != tableEnd; ++table)
{
L1Descriptor descriptor = {*table};
switch (L1Descriptor__GetType(descriptor.raw))
{
case Descriptor_CoarsePageTable:
{
u32 *l2table = (u32 *)((descriptor.coarsePageTable.addr << 10) - 0x40000000);
L2MMUTable__RWXForAll(l2table);
break;
}
case Descriptor_Section:
{
descriptor.section.xn = 0;
descriptor.section.apx = 0;
descriptor.section.ap = 3;
*table = descriptor.raw;
break;
}
case Descriptor_Supersection:
{
descriptor.supersection.xn = 0;
descriptor.supersection.ap = 3;
*table = descriptor.raw;
break;
}
default:
break;
}
}
}
void L2MMUTable__RWXForAll(u32 *table)
{
u32 *tableEnd = table + 256;
for (; table != tableEnd; ++table)
{
L2Descriptor descriptor = {*table};
switch (L2Descriptor__GetType(descriptor.raw))
{
case Descriptor_LargePage:
{
descriptor.largePage.xn = 0;
descriptor.largePage.apx = 0;
descriptor.largePage.ap = 3;
*table = descriptor.raw;
break;
}
case Descriptor_SmallPage:
{
descriptor.smallPage.xn = 0;
descriptor.smallPage.apx = 0;
descriptor.smallPage.ap = 3;
*table = descriptor.raw;
break;
}
default:
break;
}
}
}
u32 L1MMUTable__GetPAFromVA(u32 *table, u32 va)
{
u32 pa = 0;
L1Descriptor descriptor = {table[va >> 20]};
switch (L1Descriptor__GetType(descriptor.raw))
{
case Descriptor_CoarsePageTable:
{
u32 *l2table = (u32 *)((descriptor.coarsePageTable.addr << 10) - 0x40000000);
pa = L2MMUTable__GetPAFromVA(l2table, va);
break;
}
case Descriptor_Section:
{
pa = descriptor.section.addr << 20;
pa |= (va << 12) >> 12;
break;
}
case Descriptor_Supersection:
{
pa = descriptor.supersection.addr << 24;
pa |= (va << 8) >> 8;
break;
}
default:
// VA not found
break;
}
return pa;
}
u32 L2MMUTable__GetPAFromVA(u32 *table, u32 va)
{
u32 pa = 0;
L2Descriptor descriptor = {table[(va << 12) >> 24]};
switch(L2Descriptor__GetType(descriptor.raw))
{
case Descriptor_LargePage:
{
pa = descriptor.largePage.addr << 16;
pa |= va & 0xFFFF;
break;
}
case Descriptor_SmallPage:
{
pa = descriptor.smallPage.addr << 12;
pa |= va & 0xFFF;
break;
}
default:
break;
}
return pa;
}
u32 L1MMUTable__GetAddressUserPerm(u32 *table, u32 va)
{
u32 perm = 0;
L1Descriptor descriptor = {table[va >> 20]};
switch (L1Descriptor__GetType(descriptor.raw))
{
case Descriptor_CoarsePageTable:
{
u32 *l2table = (u32 *)((descriptor.coarsePageTable.addr << 10) - 0x40000000);
perm = L2MMUTable__GetAddressUserPerm(l2table, va);
break;
}
case Descriptor_Section:
{
perm = descriptor.section.ap >> 1;
if (perm)
{
perm |= (!descriptor.section.apx && (descriptor.section.ap & 1)) << 1;
perm |= (!descriptor.section.xn) << 2;
}
break;
}
case Descriptor_Supersection:
{
perm = descriptor.supersection.ap >> 1;
if (perm)
{
perm |= (descriptor.supersection.ap & 1) << 1;
perm |= (!descriptor.supersection.xn) << 2;
}
break;
}
default:
// VA not found
break;
}
return perm;
}
u32 L2MMUTable__GetAddressUserPerm(u32 *table, u32 va)
{
u32 perm = 0;
L2Descriptor descriptor = {table[(va << 12) >> 24]};
switch(L2Descriptor__GetType(descriptor.raw))
{
case Descriptor_LargePage:
{
perm = descriptor.largePage.ap >> 1;
if (perm)
{
perm |= (!descriptor.largePage.apx && (descriptor.largePage.ap & 1)) << 1;
perm |= (!descriptor.largePage.xn) << 2;
}
break;
}
case Descriptor_SmallPage:
{
perm = descriptor.smallPage.ap >> 1;
if (perm)
{
perm |= (!descriptor.smallPage.apx && (descriptor.smallPage.ap & 1)) << 1;
perm |= (!descriptor.smallPage.xn) << 2;
}
break;
}
default:
break;
}
return perm;
}
void KProcessHwInfo__SetMMUTableToRWX(KProcessHwInfo *hwInfo)
{
KObjectMutex *mutex = KPROCESSHWINFO_GET_PTR(hwInfo, mutex);
u32 *table = KPROCESSHWINFO_GET_RVALUE(hwInfo, mmuTableVA);
KObjectMutex__Acquire(mutex);
L1MMUTable__RWXForAll(table);
KObjectMutex__Release(mutex);
}
u32 KProcessHwInfo__GetPAFromVA(KProcessHwInfo *hwInfo, u32 va)
{
KObjectMutex *mutex = KPROCESSHWINFO_GET_PTR(hwInfo, mutex);
u32 *table = KPROCESSHWINFO_GET_RVALUE(hwInfo, mmuTableVA);
KObjectMutex__Acquire(mutex);
u32 pa = L1MMUTable__GetPAFromVA(table, va);
KObjectMutex__Release(mutex);
return pa;
}
u32 KProcessHwInfo__GetAddressUserPerm(KProcessHwInfo *hwInfo, u32 va)
{
KObjectMutex *mutex = KPROCESSHWINFO_GET_PTR(hwInfo, mutex);
u32 *table = KPROCESSHWINFO_GET_RVALUE(hwInfo, mmuTableVA);
KObjectMutex__Acquire(mutex);
u32 perm = L1MMUTable__GetAddressUserPerm(table, va);
KObjectMutex__Release(mutex);
return perm;
}
static union
{
u32 raw;
struct
{
u32 xn : 1;
u32 unkn : 1;
u32 cb : 2;
u32 ap : 2;
u32 tex : 3;
u32 apx : 1;
u32 s : 1;
u32 ng : 1;
};
} g_rwxState;
// This function patch the permissions when memory is mapped in the mmu table (rwx)
KProcessHwInfo *PatchDescriptorAccessControl(KProcessHwInfo *hwInfo, u32 **outState)
{
KProcess *process = (KProcess *)((u32)hwInfo - 0x1C);
u32 state = **outState;
u32 flags = KPROCESS_GET_RVALUE(process, customFlags);
if (flags & SignalOnMemLayoutChanges) {
svcSignalingEnabled |= 2;
*KPROCESS_GET_PTR(process, customFlags) |= MemLayoutChanged;
}
if (!(flags & ForceRWXPages))
return hwInfo;
g_rwxState.raw = state;
g_rwxState.xn = 0;
g_rwxState.ap = 3;
g_rwxState.apx = 0;
*outState = &g_rwxState.raw;
return hwInfo;
}

141
k11_extension/source/svc.c
View File

@ -1,141 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include <string.h>
#include "synchronization.h"
#include "svc.h"
#include "svc/ControlMemory.h"
#include "svc/CreateThread.h"
#include "svc/GetHandleInfo.h"
#include "svc/GetSystemInfo.h"
#include "svc/GetProcessInfo.h"
#include "svc/GetThreadInfo.h"
#include "svc/ConnectToPort.h"
#include "svc/SendSyncRequest.h"
#include "svc/Break.h"
#include "svc/SetGpuProt.h"
#include "svc/SetWifiEnabled.h"
#include "svc/Backdoor.h"
#include "svc/KernelSetState.h"
#include "svc/CustomBackdoor.h"
#include "svc/MapProcessMemoryEx.h"
#include "svc/UnmapProcessMemoryEx.h"
#include "svc/ControlService.h"
#include "svc/ControlProcess.h"
#include "svc/ExitProcess.h"
#include "svc/CopyHandle.h"
#include "svc/TranslateHandle.h"
#include "svc/ControlMemoryUnsafe.h"
void *officialSVCs[0x7E] = {NULL};
void *alteredSvcTable[0x100] = {NULL};
static Result BreakHook(UserBreakType breakReason, const void* croInfo, u32 croInfoSize)
{
KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
void *funptr = (debugOfProcess(currentProcess) != NULL) ? officialSVCs[0x3C] : (void *)Break;
return ((Result (*)(UserBreakType, const void *, u32))funptr)(breakReason, croInfo, croInfoSize);
}
void buildAlteredSvcTable(void)
{
memcpy(alteredSvcTable, officialSVCs, 4 * 0x7E);
alteredSvcTable[0x01] = ControlMemoryHookWrapper;
alteredSvcTable[0x03] = ExitProcessHookWrapper;
if (isN3DS)
alteredSvcTable[0x08] = CreateThreadHookWrapper;
alteredSvcTable[0x29] = GetHandleInfoHookWrapper;
alteredSvcTable[0x2A] = GetSystemInfoHookWrapper;
alteredSvcTable[0x2B] = GetProcessInfoHookWrapper;
alteredSvcTable[0x2C] = GetThreadInfoHookWrapper;
alteredSvcTable[0x2D] = ConnectToPortHookWrapper;
alteredSvcTable[0x32] = SendSyncRequestHook;
alteredSvcTable[0x3C] = BreakHook;
alteredSvcTable[0x59] = SetGpuProt;
alteredSvcTable[0x5A] = SetWifiEnabled;
alteredSvcTable[0x7B] = Backdoor;
alteredSvcTable[0x7C] = KernelSetStateHook;
// Custom SVCs past that point
alteredSvcTable[0x80] = CustomBackdoor;
alteredSvcTable[0x90] = convertVAToPA;
alteredSvcTable[0x91] = flushDataCacheRange;
alteredSvcTable[0x92] = flushEntireDataCache;
alteredSvcTable[0x93] = invalidateInstructionCacheRange;
alteredSvcTable[0x94] = invalidateEntireInstructionCache;
alteredSvcTable[0xA0] = MapProcessMemoryExWrapper;
alteredSvcTable[0xA1] = UnmapProcessMemoryEx;
alteredSvcTable[0xA2] = ControlMemoryEx;
alteredSvcTable[0xA3] = ControlMemoryUnsafeWrapper;
alteredSvcTable[0xB0] = ControlService;
alteredSvcTable[0xB1] = CopyHandleWrapper;
alteredSvcTable[0xB2] = TranslateHandleWrapper;
alteredSvcTable[0xB3] = ControlProcess;
}
void signalSvcEntry(u32 svcId)
{
KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
// Since DBGEVENT_SYSCALL_ENTRY is non blocking, we'll cheat using EXCEVENT_UNDEFINED_SYSCALL (debug->svcId is fortunately an u16!)
if(debugOfProcess(currentProcess) != NULL && svcId != 0xFF && shouldSignalSyscallDebugEvent(currentProcess, svcId))
SignalDebugEvent(DBGEVENT_OUTPUT_STRING, 0xFFFFFFFE, svcId);
}
void signalSvcReturn(u32 svcId)
{
KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
u32 flags = KPROCESS_GET_RVALUE(currentProcess, customFlags);
// Since DBGEVENT_SYSCALL_RETURN is non blocking, we'll cheat using EXCEVENT_UNDEFINED_SYSCALL (debug->svcId is fortunately an u16!)
if((svcSignalingEnabled & 1) != 0 && (currentProcess) != NULL && svcId != 0xFF && shouldSignalSyscallDebugEvent(currentProcess, svcId))
SignalDebugEvent(DBGEVENT_OUTPUT_STRING, 0xFFFFFFFF, svcId);
if (flags & SignalOnMemLayoutChanges && flags & MemLayoutChanged)
{
*KPROCESS_GET_PTR(currentProcess, customFlags) = flags & ~MemLayoutChanged;
SignalEvent(KPROCESS_GET_RVALUE(currentProcess, onMemoryLayoutChangeEvent));
svcSignalingEnabled &= ~2;
}
}
void postprocessSvc(void)
{
KThread *currentThread = currentCoreContext->objectContext.currentThread;
if(!currentThread->shallTerminate && rosalinaThreadLockPredicate(currentThread, rosalinaState & 5))
rosalinaRescheduleThread(currentThread, true);
officialPostProcessSvc();
}

84
k11_extension/source/svc/ControlMemoryUnsafe.c
View File

@ -1,84 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2018 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "globals.h"
#include "memory.h"
#include "svc/ControlMemoryUnsafe.h"
Result ControlMemoryUnsafe(u32 *out, u32 addr0, u32 size, MemOp op, MemPerm perm)
{
Result res = 0;
KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
KProcessHwInfo *hwInfo = hwInfoOfProcess(currentProcess);
KAutoObject__AddReference((KAutoObject *)currentProcess);
size = size >> 12 << 12;
switch (op & MEMOP_OP_MASK)
{
case MEMOP_FREE:
{
res = doControlMemory(hwInfo, addr0, size >> 12, 0, 0, 0, 0, 0);
break;
}
case MEMOP_COMMIT:
{
u32 pAddr = 0;
u32 state = 0xBB05;
u32 region = op & MEMOP_REGION_MASK;
perm = (perm & 7) | 0x18;
if (op & MEMOP_LINEAR)
{
void *kvAddr = kAlloc(fcramDescriptor, size >> 12, 0, region);
if (!kvAddr)
{
res = 0xD86007F3;
break;
}
memset(kvAddr, 0, size >> 2);
flushDataCacheRange(kvAddr, size);
pAddr = (u32)kvAddr + 0x40000000;
state = 0x3907;
}
res = doControlMemory(hwInfo, addr0, size >> 12, pAddr, state, perm, 0, region);
if (res >= 0 && out)
*out = addr0;
break;
}
default:
res = 0xE0E01BEE;
break;
}
((KAutoObject *)currentProcess)->vtable->DecrementReferenceCount((KAutoObject *)currentProcess);
return res;
}

208
k11_extension/source/svc/ControlProcess.c
View File

@ -1,208 +0,0 @@
#include "svc/ControlProcess.h"
#include "memory.h"
#include "mmu.h"
#include "synchronization.h"
typedef bool (*ThreadPredicate)(KThread *thread);
// Lock bit has to be different from Rosalina to avoid unintended unlock when using Rosalina menu
static void rescheduleThread(KThread *thread, bool lock)
{
KRecursiveLock__Lock(criticalSectionLock);
u32 oldSchedulingMask = thread->schedulingMask;
if(lock)
thread->schedulingMask |= 0x20;
else
thread->schedulingMask &= ~0x20;
KScheduler__AdjustThread(currentCoreContext->objectContext.currentScheduler, thread, oldSchedulingMask);
KRecursiveLock__Unlock(criticalSectionLock);
}
static void lockThread(KThread *thread)
{
KThread *syncThread = synchronizationMutex->owner;
if(syncThread == NULL || syncThread != thread)
rescheduleThread(thread, true);
}
Result ControlProcess(Handle processHandle, ProcessOp op, u32 varg2, u32 varg3)
{
Result res = 0;
KProcess *process;
KProcessHandleTable *handleTable = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
if(processHandle == CUR_PROCESS_HANDLE)
{
process = currentCoreContext->objectContext.currentProcess;
KAutoObject__AddReference((KAutoObject *)process);
}
else
process = KProcessHandleTable__ToKProcess(handleTable, processHandle);
if(process == NULL)
return 0xD8E007F7; // invalid handle
switch (op)
{
case PROCESSOP_GET_ALL_HANDLES:
{
KProcessHandleTable *table = handleTableOfProcess(process);
u32 *originalHandleList = (u32 *)varg2;
u32 count = 0;
u32 searchForToken = varg3;
HandleDescriptor *handleDesc = table->handleTable == NULL ? table->internalTable : table->handleTable;
for (u32 idx = 0; idx < (u32)table->maxHandleCount; ++idx, ++handleDesc)
{
if (handleDesc->pointer == NULL)
continue;
if (searchForToken)
{
KClassToken token;
handleDesc->pointer->vtable->GetClassToken(&token, handleDesc->pointer);
if (searchForToken != token.flags)
continue;
}
*originalHandleList++ = idx | ((handleDesc->info << 16) >> 1);
++count;
}
res = count;
break;
}
case PROCESSOP_SET_MMU_TO_RWX:
{
KProcessHwInfo *hwInfo = hwInfoOfProcess(process);
*KPROCESS_GET_PTR(process, customFlags) |= ForceRWXPages;
KProcessHwInfo__SetMMUTableToRWX(hwInfo);
break;
}
case PROCESSOP_GET_ON_MEMORY_CHANGE_EVENT:
{
// Only accept current process for this command
if (process != currentCoreContext->objectContext.currentProcess)
{
res = 0xD8E007F7; // invalid handle
break;
}
Handle *onMemoryLayoutChangeEvent = KPROCESS_GET_PTR(process, onMemoryLayoutChangeEvent);
if (*onMemoryLayoutChangeEvent == 0)
res = CreateEvent(onMemoryLayoutChangeEvent, RESET_ONESHOT);
if (res >= 0)
{
*KPROCESS_GET_PTR(process, customFlags) |= SignalOnMemLayoutChanges;
KAutoObject * event = KProcessHandleTable__ToKAutoObject(handleTable, *onMemoryLayoutChangeEvent);
createHandleForThisProcess((Handle *)varg2, event);
((KAutoObject *)event)->vtable->DecrementReferenceCount((KAutoObject *)event);
}
break;
}
case PROCESSOP_SIGNAL_ON_EXIT:
{
*KPROCESS_GET_PTR(process, customFlags) |= SignalOnExit;
break;
}
case PROCESSOP_GET_PA_FROM_VA:
{
KProcessHwInfo *hwInfo = hwInfoOfProcess(process);
u32 pa = KProcessHwInfo__GetPAFromVA(hwInfo, varg3);
*(u32 *)varg2 = pa;
if (pa == 0)
res = 0xE0E01BF5; ///< Invalid address
break;
}
case PROCESSOP_SCHEDULE_THREADS:
{
ThreadPredicate threadPredicate = (ThreadPredicate)varg3;
KRecursiveLock__Lock(criticalSectionLock);
if (varg2 == 0) // Unlock
{
for (KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
{
KThread *thread = (KThread *)node->key;
if ((thread->schedulingMask & 0xF) == 2) // thread is terminating
continue;
if (thread->ownerProcess == process && (thread->schedulingMask & 0x20)
&& (threadPredicate == NULL || threadPredicate(thread)))
rescheduleThread(thread, false);
}
}
else // Lock
{
bool currentThreadsFound = false;
for(KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
{
KThread *thread = (KThread *)node->key;
if(thread->ownerProcess != process
|| (threadPredicate != NULL && !threadPredicate(thread)))
continue;
if(thread == coreCtxs[thread->coreId].objectContext.currentThread)
currentThreadsFound = true;
else
lockThread(thread);
}
if(currentThreadsFound)
{
for(KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
{
KThread *thread = (KThread *)node->key;
if(thread->ownerProcess != process
|| (threadPredicate != NULL && !threadPredicate(thread)))
continue;
if(!(thread->schedulingMask & 0x20))
{
lockThread(thread);
KRecursiveLock__Lock(criticalSectionLock);
if(thread->coreId != getCurrentCoreID())
{
u32 cpsr = __get_cpsr();
__disable_irq();
coreCtxs[thread->coreId].objectContext.currentScheduler->triggerCrossCoreInterrupt = true;
currentCoreContext->objectContext.currentScheduler->triggerCrossCoreInterrupt = true;
__set_cpsr_cx(cpsr);
}
KRecursiveLock__Unlock(criticalSectionLock);
}
}
KScheduler__TriggerCrossCoreInterrupt(currentCoreContext->objectContext.currentScheduler);
}
}
KRecursiveLock__Unlock(criticalSectionLock);
break;
}
default:
res = 0xF8C007F4;
}
((KAutoObject *)process)->vtable->DecrementReferenceCount((KAutoObject *)process);
return res;
}

32
k11_extension/source/svc/ExitProcess.c
View File

@ -1,32 +0,0 @@
#include "svc/ExitProcess.h"
void ExitProcessHook(void) {
KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
u32 flags = KPROCESS_GET_RVALUE(currentProcess, customFlags);
if (flags & SignalOnExit)
{
// Signal that the process is about to be terminated
if (PLG_GetStatus() == PLG_CFG_RUNNING)
PLG_SignalEvent(PLG_CFG_EXIT_EVENT);
// Unlock all threads that might be locked
{
KRecursiveLock__Lock(criticalSectionLock);
for (KLinkedListNode *node = threadList->list.nodes.first;
node != (KLinkedListNode *)&threadList->list.nodes;
node = node->next)
{
KThread *thread = (KThread *)node->key;
if (thread->ownerProcess == currentProcess && thread->schedulingMask & 0x20)
thread->schedulingMask &= ~0x20;
}
KRecursiveLock__Unlock(criticalSectionLock);
}
}
return ((void(*)())officialSVCs[0x3])();
}

129
k11_extension/source/svc/GetHandleInfo.c
View File

@ -1,129 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include <string.h>
#include "svc/GetThreadInfo.h"
Result GetHandleInfoHook(s64 *out, Handle handle, u32 type)
{
Result res = 0;
if(type >= 0x10000)
{
KProcessHwInfo *hwInfo;
KProcessHandleTable *handleTable = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
KAutoObject *obj;
if(handle == CUR_PROCESS_HANDLE)
{
obj = (KAutoObject *)(currentCoreContext->objectContext.currentProcess);
KAutoObject__AddReference(obj);
}
else
obj = KProcessHandleTable__ToKAutoObject(handleTable, handle);
if(obj == NULL)
return 0xD8E007F7;
switch (type)
{
case 0x10000: ///< Get ctx id (should probably move it to GetProcessInfo)
{
if(strcmp(classNameOfAutoObject(obj), "KDebug") == 0)
hwInfo = hwInfoOfProcess(((KDebug *)obj)->owner);
else if(strcmp(classNameOfAutoObject(obj), "KProcess") == 0)
hwInfo = hwInfoOfProcess((KProcess *)obj);
else
hwInfo = NULL;
*out = hwInfo != NULL ? KPROCESSHWINFO_GET_RVALUE(hwInfo, contextId) : -1;
break;
}
case 0x10001: ///< Get referenced object flags (token)
{
KClassToken token;
obj->vtable->GetClassToken(&token, obj);
*out = token.flags;
break;
}
case 0x10002: ///< Get object owner
{
Handle hOut;
KClassToken token;
KProcess * owner = NULL;
obj->vtable->GetClassToken(&token, obj);
switch(token.flags)
{
case TOKEN_KEVENT:
owner = ((KEvent *)obj)->owner;
break;
case TOKEN_KSEMAPHORE:
owner = ((KSemaphore *)obj)->owner;
break;
case TOKEN_KTIMER:
owner = ((KTimer *)obj)->owner;
break;
case TOKEN_KMUTEX:
owner = ((KMutex *)obj)->owner;
break;
case TOKEN_KDEBUG:
owner = ((KDebug *)obj)->owner;
break;
case TOKEN_KTHREAD:
owner = ((KThread *)obj)->ownerProcess;
break;
case TOKEN_KADDRESSARBITER:
owner = ((KAddressArbiter *)obj)->owner;
break;
case TOKEN_KSHAREDMEMORY:
owner = ((KSharedMemory *)obj)->owner;
break;
default:
break;
}
if (owner == NULL)
res = 0xD8E007F7;
res = createHandleForThisProcess(&hOut, (KAutoObject *)owner);
*out = hOut;
break;
}
default:
res = 0xF8C007F4;
break;
}
obj->vtable->DecrementReferenceCount(obj);
return res;
}
return GetHandleInfo(out, handle, type);
}

230
k11_extension/source/svc/GetSystemInfo.c
View File

@ -1,230 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "svc/GetSystemInfo.h"
#include "utils.h"
#include "ipc.h"
#include "synchronization.h"
Result GetSystemInfoHook(s64 *out, s32 type, s32 param)
{
Result res = 0;
switch(type)
{
case 0x10000:
{
if (param >= 0x400 && param < 0x500) {
*out = 0;
s32 offset = param - 0x400;
s32 toCopy = (s32)sizeof(cfwInfo.launchedPath) - offset;
if (toCopy > 8) toCopy = 8;
memcpy(out, (u8*)cfwInfo.launchedPath + offset, (toCopy > 0) ? toCopy : 0);
}
else switch(param)
{
// Please do not use these, except 0, 1, and 0x200
// Other types may get removed or reordered without notice
case 0:
*out = SYSTEM_VERSION(cfwInfo.versionMajor, cfwInfo.versionMinor, cfwInfo.versionBuild);
break;
case 1:
*out = cfwInfo.commitHash;
break;
case 2:
*out = (cfwInfo.configFormatVersionMajor << 16) | cfwInfo.configFormatVersionMinor;
break;
case 3:
*out = cfwInfo.config;
break;
case 4:
*out = cfwInfo.multiConfig;
break;
case 5:
*out = cfwInfo.bootConfig;
break;
case 6:
*out = cfwInfo.splashDurationMsec;
break;
case 7:
*out = (s64)cfwInfo.volumeSliderOverride;
break;
case 0x10:
*out = (s64)cfwInfo.autobootTwlTitleId;
break;
case 0x11:
*out = cfwInfo.autobootCtrAppmemtype;
break;
case 0x80:
*out = fcramDescriptor->appRegion.regionSizeInBytes;
break;
case 0x100:
*out = (s64)cfwInfo.hbldr3dsxTitleId;
break;
case 0x101:
*out = cfwInfo.rosalinaMenuCombo;
break;
case 0x102:
*out = cfwInfo.topScreenFilter.cct;
break;
case 0x103:
*out = (s64)cfwInfo.ntpTzOffetMinutes;
break;
case 0x104:
*out = cfwInfo.topScreenFilter.gammaEnc;
break;
case 0x105:
*out = cfwInfo.topScreenFilter.contrastEnc;
break;
case 0x106:
*out = cfwInfo.topScreenFilter.brightnessEnc;
break;
case 0x107:
*out = (s64)cfwInfo.topScreenFilter.invert;
break;
case 0x108:
*out = cfwInfo.bottomScreenFilter.cct;
break;
case 0x109:
*out = cfwInfo.bottomScreenFilter.gammaEnc;
break;
case 0x10A:
*out = cfwInfo.bottomScreenFilter.contrastEnc;
break;
case 0x10B:
*out = cfwInfo.bottomScreenFilter.brightnessEnc;
break;
case 0x10C:
*out = (s64)cfwInfo.bottomScreenFilter.invert;
break;
case 0x10D:
*out = (s64)cfwInfo.topScreenFilter.colorCurveCorrection;
break;
case 0x10E:
*out = (s64)cfwInfo.bottomScreenFilter.colorCurveCorrection;
break;
case 0x180:
*out = cfwInfo.pluginLoaderFlags;
break;
case 0x181:
*out = disableThreadRedirection;
break;
case 0x200: // isRelease
*out = cfwInfo.flags & 1;
break;
case 0x201: // isN3DS
*out = (cfwInfo.flags >> 4) & 1;
break;
case 0x202: // needToInitSd
*out = (cfwInfo.flags >> 5) & 1;
break;
case 0x203: // isSdMode
*out = (cfwInfo.flags >> 6) & 1;
break;
case 0x300: // K11Ext size
*out = (s64)(((u64)kextBasePa << 32) | (u64)(__end__ - __start__));
break;
case 0x301: // stolen SYSTEM memory size
*out = stolenSystemMemRegionSize;
break;
default:
*out = 0;
res = 0xF8C007F4; // not implemented
break;
}
break;
}
case 0x10001: // N3DS-related info
{
if(isN3DS)
{
switch(param)
{
case 0: // current clock rate
*out = (((CFG11_MPCORE_CLKCNT >> 1) & 3) + 1) * 268;
break;
case 1: // higher clock rate
*out = (((CFG11_MPCORE_CFG >> 2) & 1) + 2) * 268;
break;
case 2: // L2C enabled status
*out = L2C_CTRL & 1;
break;
default:
*out = 0;
res = 0xF8C007F4;
break;
}
}
else
{
*out = 0;
res = 0xF8C007F4;
}
break;
}
case 0x10002: // MMU config (cached values from booting)
{
switch(param)
{
case 0:
*out = TTBCR;
break;
default:
{
if((u32)param <= getNumberOfCores())
*out = L1MMUTableAddrs[param - 1];
else
{
*out = 0;
res = 0xF8C007F4;
}
break;
}
}
break;
}
case 0x20000:
{
*out = 0;
return 1;
}
default:
GetSystemInfo(out, type, param);
break;
}
return res;
}

86
k11_extension/source/svc/MapProcessMemoryEx.c
View File

@ -1,86 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "svc/MapProcessMemoryEx.h"
Result MapProcessMemoryEx(Handle dstProcessHandle, u32 vaDst, Handle srcProcessHandle, u32 vaSrc, u32 size, MapExFlags flags)
{
Result res = 0;
u32 sizeInPage = size >> 12;
KLinkedList list;
KProcess *srcProcess;
KProcess *dstProcess;
KProcessHandleTable *handleTable = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
if (dstProcessHandle == CUR_PROCESS_HANDLE)
{
dstProcess = currentCoreContext->objectContext.currentProcess;
KAutoObject__AddReference((KAutoObject *)dstProcess);
}
else
dstProcess = KProcessHandleTable__ToKProcess(handleTable, dstProcessHandle);
if (dstProcess == NULL)
return 0xD8E007F7;
if (srcProcessHandle == CUR_PROCESS_HANDLE)
{
srcProcess = currentCoreContext->objectContext.currentProcess;
KAutoObject__AddReference((KAutoObject *)srcProcess);
}
else
srcProcess = KProcessHandleTable__ToKProcess(handleTable, srcProcessHandle);
if (srcProcess == NULL)
{
res = 0xD8E007F7;
goto exit1;
}
KLinkedList__Initialize(&list);
res = KProcessHwInfo__GetListOfKBlockInfoForVA(hwInfoOfProcess(srcProcess), &list, vaSrc, sizeInPage);
if (res >= 0)
{
// Check if the destination address is free and large enough
res = KProcessHwInfo__CheckVaState(hwInfoOfProcess(dstProcess), vaDst, size, 0, 0);
if (res == 0)
res = KProcessHwInfo__MapListOfKBlockInfo(hwInfoOfProcess(dstProcess), vaDst, &list, (flags & MAPEXFLAGS_PRIVATE) ? 0xBB05 : 0x5806, MEMPERM_RW | 0x18, 0);
}
KLinkedList_KBlockInfo__Clear(&list);
((KAutoObject *)srcProcess)->vtable->DecrementReferenceCount((KAutoObject *)srcProcess);
exit1:
((KAutoObject *)dstProcess)->vtable->DecrementReferenceCount((KAutoObject *)dstProcess);
invalidateEntireInstructionCache();
flushEntireDataCache();
return res;
}

61
k11_extension/source/svc/UnmapProcessMemoryEx.c
View File

@ -1,61 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "globals.h"
#include "svc/MapProcessMemoryEx.h"
Result UnmapProcessMemoryEx(Handle processHandle, void *dst, u32 size)
{
Result res = 0;
KProcess *process;
KProcessHwInfo *hwInfo;
KProcessHandleTable *handleTable = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
if(GET_VERSION_MINOR(kernelVersion) < 37) // < 6.x
return UnmapProcessMemory(processHandle, dst, size); // equivalent when size <= 64MB
if (processHandle == CUR_PROCESS_HANDLE)
{
process = currentCoreContext->objectContext.currentProcess;
KAutoObject__AddReference((KAutoObject *)process);
}
else
process = KProcessHandleTable__ToKProcess(handleTable, processHandle);
if (process == NULL)
return 0xD8E007F7;
hwInfo = hwInfoOfProcess(process);
res = KProcessHwInfo__UnmapProcessMemory(hwInfo, dst, size >> 12);
((KAutoObject *)process)->vtable->DecrementReferenceCount((KAutoObject *)process);
invalidateEntireInstructionCache();
flushEntireDataCache();
return res;
}

180
k11_extension/source/synchronization.c
View File

@ -1,180 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "synchronization.h"
#include "utils.h"
#include "kernel.h"
#include "globals.h"
extern SGI0Handler_t SGI0Handler;
void executeFunctionOnCores(SGI0Handler_t handler, u8 targetList, u8 targetListFilter)
{
u32 coreID = getCurrentCoreID();
SGI0Handler = handler;
if(targetListFilter == 0 && (targetListFilter & (1 << coreID)) != 0)
__enable_irq(); // make sure interrupts aren't masked
MPCORE_GID_SGI = (targetListFilter << 24) | (targetList << 16) | 0;
}
void KScheduler__TriggerCrossCoreInterrupt(KScheduler *this)
{
this->triggerCrossCoreInterrupt = false;
for(s16 i = 0; i < (s16)getNumberOfCores(); i++)
{
if(this->coreNumber != i)
MPCORE_GID_SGI = (1 << (16 + i)) | 8;
}
}
void KThread__DebugReschedule(KThread *this, bool lock)
{
KRecursiveLock__Lock(criticalSectionLock);
u32 oldSchedulingMask = this->schedulingMask;
if(lock) // the original k11 function discards the other flags
this->schedulingMask |= 0x80;
else
this->schedulingMask &= ~0x80;
KScheduler__AdjustThread(currentCoreContext->objectContext.currentScheduler, this, oldSchedulingMask);
KRecursiveLock__Unlock(criticalSectionLock);
}
static void rosalinaLockThread(KThread *thread)
{
KThread *syncThread = synchronizationMutex->owner;
if(syncThread == NULL || syncThread != thread)
rosalinaRescheduleThread(thread, true);
}
void rosalinaRescheduleThread(KThread *thread, bool lock)
{
KRecursiveLock__Lock(criticalSectionLock);
u32 oldSchedulingMask = thread->schedulingMask;
if(lock)
thread->schedulingMask |= 0x40;
else
thread->schedulingMask &= ~0x40;
if (oldSchedulingMask != thread->schedulingMask)
KScheduler__AdjustThread(currentCoreContext->objectContext.currentScheduler, thread, oldSchedulingMask);
KRecursiveLock__Unlock(criticalSectionLock);
}
bool rosalinaThreadLockPredicate(KThread *thread, u32 mask)
{
KProcess *process = thread->ownerProcess;
if(process == NULL || idOfProcess(process) < nbSection0Modules)
return false;
u64 titleId = codeSetOfProcess(process)->titleId;
u32 highTitleId = (u32)(titleId >> 32), lowTitleId = (u32)(titleId & ~0xF0000001); // clear N3DS and SAFE_FIRM bits
if (mask & 1)
{
if (highTitleId != 0x00040130) // non-sysmodules
return true;
else
return lowTitleId == 0x1A02 || lowTitleId == 0x2702; // dsp, csnd
}
if (mask & 2)
{
if (highTitleId != 0x00040130) // non-sysmodules
return false;
return lowTitleId == 0x1C02; // gsp
}
if (mask & 4)
{
if (highTitleId != 0x00040130) // non-sysmodules
return false;
return lowTitleId == 0x1D02 || lowTitleId == 0x3302;
}
return false;
}
void rosalinaLockThreads(u32 mask)
{
bool currentThreadsFound = false;
KRecursiveLock__Lock(criticalSectionLock);
for(KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
{
KThread *thread = (KThread *)node->key;
if(!rosalinaThreadLockPredicate(thread, mask))
continue;
if(thread == coreCtxs[thread->coreId].objectContext.currentThread)
currentThreadsFound = true;
else
rosalinaLockThread(thread);
}
if(currentThreadsFound)
{
for(KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
{
KThread *thread = (KThread *)node->key;
if(!rosalinaThreadLockPredicate(thread, mask))
continue;
if(!(thread->schedulingMask & 0x40))
{
rosalinaLockThread(thread);
KRecursiveLock__Lock(criticalSectionLock);
if(thread->coreId != getCurrentCoreID())
{
u32 cpsr = __get_cpsr();
__disable_irq();
coreCtxs[thread->coreId].objectContext.currentScheduler->triggerCrossCoreInterrupt = true;
currentCoreContext->objectContext.currentScheduler->triggerCrossCoreInterrupt = true;
__set_cpsr_cx(cpsr);
}
KRecursiveLock__Unlock(criticalSectionLock);
}
}
KScheduler__TriggerCrossCoreInterrupt(currentCoreContext->objectContext.currentScheduler);
}
KRecursiveLock__Unlock(criticalSectionLock);
}
void rosalinaUnlockThreads(u32 mask)
{
for(KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
{
KThread *thread = (KThread *)node->key;
if((thread->schedulingMask & 0xF) == 2) // thread is terminating
continue;
if((thread->schedulingMask & 0x40) && rosalinaThreadLockPredicate(thread, mask))
rosalinaRescheduleThread(thread, false);
}
}

15
linker.ld Normal file
View File

@ -0,0 +1,15 @@
OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
OUTPUT_ARCH(arm)
ENTRY(_start)
SECTIONS
{
. = 0x08006000;
.text : ALIGN(4) { *(.text.start) *(.text*); . = ALIGN(4); }
.rodata : ALIGN(4) { *(.rodata*); . = ALIGN(4); }
.data : ALIGN(4) { *(.data*); . = ALIGN(4); }
.bss : ALIGN(8) { __bss_start = .; *(.bss* COMMON); . = ALIGN(8); __bss_end = .; }
. = ALIGN(4);
}

48
patches/emunand.s Normal file
View File

@ -0,0 +1,48 @@
; Code by Normmatt
.arm.little
.create "build/emunand.bin", 0
.arm
; Original code that still needs to be executed
mov r4, r0
mov r5, r1
mov r7, r2
mov r6, r3
; End
; If we're already trying to access the SD, return
ldr r2, [r0, #4]
ldr r1, [sdmmc]
cmp r2, r1
beq out
str r1, [r0, #4] ; Set object to be SD
ldr r2, [r0, #8] ; Get sector to read
cmp r2, #0 ; For GW compatibility, see if we're trying to read the ncsd header (sector 0)
ldr r3, [nand_offset]
add r2, r3 ; Add the offset to the NAND in the SD
ldreq r3, [ncsd_header_offset]
addeq r2, r3 ; If we're reading the ncsd header, add the offset of that sector
str r2, [r0, #8] ; Store sector to read
out:
; Restore registers.
mov r1, r5
mov r2, r7
mov r3, r6
; Return 4 bytes behind where we got called,
; due to the offset of this function being stored there
mov r0, lr
add r0, #4
bx r0
.pool
sdmmc: .ascii "SDMC"
nand_offset: .ascii "NAND" ; For rednand this should be 1
ncsd_header_offset: .ascii "NCSD" ; Depends on nand manufacturer + emunand type (GW/RED)
.close

73
patches/k11MainHook.s Normal file
View File

@ -0,0 +1,73 @@
.arm.little
.create "build/k11MainHook.bin", 0
.arm
bindSGI0:
; hook __kernel_main to bind SGI0 for own purposes
push {r0-r4, lr}
sub sp, #16 ; 3 args passed through the stack + alignment
ldr r0, [interruptManager]
adr r1, interruptEvent
mov r2, #0
mrc p15, 0, r3, c0, c0, 5
and r3, #3
mov r4, #0
str r4, [sp]
str r4, [sp, #4]
str r4, [sp, #8]
ldr r12, [InterruptManager_mapInterrupt]
blx r12
cmp r0, #0
blt .
add sp, #16
pop {r0-r4, pc}
executeCustomHandler:
push {r4, lr}
mrs r4, cpsr
adr r0, customHandler
bl convertVAToPA
orr r0, #(1 << 31)
ldr r12, [r0]
blx r12
mov r0, #0
msr cpsr_cx, r4
pop {r4, pc}
convertVAToPA:
mov r1, #0x1000
sub r1, #1
and r2, r0, r1
bic r0, r1
mcr p15, 0, r0, c7, c8, 0 ; VA to PA translation with privileged read permission check
mrc p15, 0, r0, c7, c4, 0 ; read PA register
tst r0, #1 ; failure bit
bic r0, r1
addeq r0, r2
movne r0, #0
bx lr
.pool
; Result InterruptManager::mapInterrupt(InterruptManager *this, InterruptEvent *iEvent, u32 interruptID, u32 coreID, s32 priority, bool willBeMasked, bool isLevelHighActive);
InterruptManager_mapInterrupt: .ascii "bind"
_vtable: .word executeCustomHandler
interruptEvent: .word _vtable
parameters:
customHandler: .ascii "hdlr"
interruptManager: .word 0
L2MMUTable: .word 0
funcs: .word 0,0,0
TTBCR: .word 0
L1MMUTableAddrs: .word 0,0,0,0
kernelVersion: .word 0
CFWInfo: .word 0,0,0,0
.close

36
patches/mmuHook.s Normal file
View File

@ -0,0 +1,36 @@
.arm.little
.create "build/mmuHook.bin", 0
.arm
; r2 = L1 table
; Thanks @Dazzozo for giving me that idea
; Maps physmem so that, if addr is in physmem(0, 0x30000000), it can be accessed uncached&rwx as addr|(1<<31)
; Save the value of all registers
push {r0-r1, r3-r7}
mov r0, #0
mov r1, #0x30000000 ; end address
ldr r3, =#0x40C02 ; supersection (rwx for all) of strongly ordered memory, shared
loop:
orr r4, r0, #0x80000000
orr r5, r0, r3
mov r6, #0 ;
loop2:
add r7, r6, r4,lsr #20
str r5, [r2, r7,lsl #2]
add r6, #1
cmp r6, #16
blo loop2
add r0, #0x01000000
cmp r0, r1
blo loop
pop {r0-r1, r3-r7}
mov r3, #0xe0000000 ; instruction that has been patched
bx lr
.pool
.close

144
arm9/source/large_patches.s → patches/reboot.s
View File

@ -1,30 +1,26 @@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ; Code originally from delebile and mid-kid
@ Code originally from delebile and mid-kid .arm.little
.section .large_patch.reboot, "aw", %progbits copy_launch_stub_stack_top equ 0x01FFB800
copy_launch_stub_stack_bottom equ 0x01FFA800
copy_launch_stub_addr equ 0x01FF9000
argv_addr equ (copy_launch_stub_stack_bottom - 0x100)
fname_addr equ (copy_launch_stub_stack_bottom - 0x200)
low_tid_addr equ (copy_launch_stub_stack_bottom - 0x300)
firm_addr equ 0x20001000
firm_maxsize equ 0x07FFF000
.create "build/reboot.bin", 0
.arm .arm
.align 4 ; Interesting registers and locations to keep in mind, set just before this code is ran:
; - r1: FIRM path in exefs.
#define copy_launch_stub_stack_top 0x01FFB800 ; - r7 (or r8): pointer to file object
#define copy_launch_stub_stack_bottom 0x01FFA800 ; - *r7: vtable
#define copy_launch_stub_addr 0x01FF9000 ; - *(vtable + 0x28): fread function
; - *(r7 + 8): file handle
#define argv_addr (copy_launch_stub_stack_bottom - 0x100)
#define fname_addr (copy_launch_stub_stack_bottom - 0x200)
#define low_tid_addr (copy_launch_stub_stack_bottom - 0x300)
#define firm_addr 0x20001000
#define firm_maxsize 0x07FFF000
.global rebootPatch
rebootPatch:
@ Interesting registers and locations to keep in mind, set just before this code is ran:
@ - r1: FIRM path in exefs.
@ - r7 (or r8): pointer to file object
@ - *r7: vtable
@ - *(vtable + 0x28): fread function
@ - *(r7 + 8): file handle
sub r7, r0, #8 sub r7, r0, #8
mov r8, r1 mov r8, r1
@ -40,18 +36,17 @@ rebootPatch:
cmp r0, r2 cmp r0, r2
bne pxi_wait_recv bne pxi_wait_recv
@ Open file ; Open file
add r0, r7, #8 add r0, r7, #8
adr r1, rebootPatchFileName adr r1, fname
mov r2, #1 mov r2, #1
adr r6, rebootPatchFopenPtr ldr r6, [fopen]
ldr r6, [r6] orr r6, 1
orr r6, #1
blx r6 blx r6
cmp r0, #0 cmp r0, #0
bne panic bne panic
@ Read file ; Read file
mov r0, r7 mov r0, r7
adr r1, bytes_read adr r1, bytes_read
ldr r2, =firm_addr ldr r2, =firm_addr
@ -60,16 +55,16 @@ rebootPatch:
ldr r6, [r6, #0x28] ldr r6, [r6, #0x28]
blx r6 blx r6
@ Copy the low TID (in UTF-16) of the wanted firm ; Copy the low TID (in UTF-16) of the wanted firm
ldr r0, =low_tid_addr ldr r0, =low_tid_addr
add r1, r8, #0x1A add r1, r8, #0x1A
mov r2, #0x10 mov r2, #0x10
bl memcpy16 bl memcpy16
@ Copy argv[0] ; Copy argv[0]
ldr r0, =fname_addr ldr r0, =fname_addr
adr r1, rebootPatchFileName adr r1, fname
mov r2, #82 mov r2, #42
bl memcpy16 bl memcpy16
ldr r0, =argv_addr ldr r0, =argv_addr
@ -77,18 +72,18 @@ rebootPatch:
ldr r2, =low_tid_addr ldr r2, =low_tid_addr
stmia r0, {r1, r2} stmia r0, {r1, r2}
@ Set kernel state ; Set kernel state
mov r0, #0 mov r0, #0
mov r1, #0 mov r1, #0
mov r2, #0 mov r2, #0
mov r3, #0 mov r3, #0
svc 0x7C swi 0x7C
goto_reboot: goto_reboot:
@ Jump to reboot code ; Jump to reboot code
ldr r0, kernel_func_displ ldr r0, =(kernelcode_start - goto_reboot - 12)
add r0, pc @ pc is two instructions ahead of the instruction being executed (12 = 2*4 + 4) add r0, pc ; pc is two instructions ahead of the instruction being executed (12 = 2*4 + 4)
svc 0x7B swi 0x7B
die: die:
b die b die
@ -105,31 +100,25 @@ rebootPatch:
bx lr bx lr
panic: panic:
mov r1, r0 @ unused register mov r1, r0 ; unused register
mov r0, #0 mov r0, #0
svc 0x3C @ svcBreak(USERBREAK_PANIC) swi 0x3C ; svcBreak(USERBREAK_PANIC)
b die b die
kernel_func_displ: bytes_read: .word 0
.word kernelcode_start - goto_reboot - 12 fopen: .ascii "OPEN"
bytes_read:
.word 0
.global rebootPatchFopenPtr
rebootPatchFopenPtr:
.word 0
.pool .pool
.global rebootPatchFileName .area 82, 0
rebootPatchFileName: fname: .ascii "FILE"
.skip 2*(80+1) .endarea
.balign 4 .align 4
kernelcode_start: kernelcode_start:
msr cpsr_cxsf, #0xD3 @ disable interrupts and clear flags mrs r0, cpsr ; disable interrupts
orr r0, #0xC0
msr cpsr, r0
ldr sp, =copy_launch_stub_stack_top ldr sp, =copy_launch_stub_stack_top
@ -138,8 +127,8 @@ rebootPatchFileName:
mov r2, #(copy_launch_stub_end - copy_launch_stub) mov r2, #(copy_launch_stub_end - copy_launch_stub)
bl memcpy32 bl memcpy32
@ Disable MPU ; Disable MPU
ldr r0, =0x42078 @ alt vector select, enable itcm ldr r0, =0x42078 ; alt vector select, enable itcm
mcr p15, 0, r0, c1, c0, 0 mcr p15, 0, r0, c1, c0, 0
bl flushCaches bl flushCaches
@ -153,7 +142,7 @@ rebootPatchFileName:
mov r5, #0 mov r5, #0
load_section_loop: load_section_loop:
@ Such checks. Very ghetto. Wow. ; Such checks. Very ghetto. Wow.
add r3, r4, #0x40 add r3, r4, #0x40
add r3, r5,lsl #5 add r3, r5,lsl #5
add r3, r5,lsl #4 add r3, r5,lsl #4
@ -164,16 +153,16 @@ rebootPatchFileName:
movne r2, r8 movne r2, r8
blne memcpy32 blne memcpy32
add r5, #1 add r5, #1
cmp r5, #4 cmp r5, #3
blo load_section_loop blo load_section_loop
mov r0, #2 @ argc mov r0, #2 ; argc
ldr r1, =argv_addr @ argv ldr r1, =argv_addr ; argv
ldr r2, =0xBABE @ magic word ldr r2, =0xBABE ; magic word
mov r5, #0x20000000 mov r5, #0x20000000
ldr r6, [r4, #0x08] ldr r6, [r4, #0x08]
str r6, [r5, #-4] @ store arm11 entrypoint str r6, [r5, #-4] ; store arm11 entrypoint
ldr lr, [r4, #0x0c] ldr lr, [r4, #0x0c]
bx lr bx lr
@ -193,15 +182,15 @@ rebootPatchFileName:
flushCaches: flushCaches:
@ Clean and flush data cache ; Clean and flush data cache
mov r1, #0 @ segment counter mov r1, #0 ; segment counter
outer_loop: outer_loop:
mov r0, #0 @ line counter mov r0, #0 ; line counter
inner_loop: inner_loop:
orr r2, r1, r0 @ generate segment and line address orr r2, r1, r0 ; generate segment and line address
mcr p15, 0, r2, c7, c14, 2 @ clean and flush the line mcr p15, 0, r2, c7, c14, 2 ; clean and flush the line
add r0, #0x20 @ increment to next line add r0, #0x20 ; increment to next line
cmp r0, #0x400 cmp r0, #0x400
bne inner_loop bne inner_loop
@ -209,19 +198,12 @@ rebootPatchFileName:
cmp r1, #0 cmp r1, #0
bne outer_loop bne outer_loop
@ Drain write buffer ; Drain write buffer
mcr p15, 0, r1, c7, c10, 4 mcr p15, 0, r1, c7, c10, 4
@ Flush instruction cache ; Flush instruction cache
mcr p15, 0, r1, c7, c5, 0 mcr p15, 0, r1, c7, c5, 0
bx lr bx lr
.pool .close
.balign 4
_rebootPatchEnd:
.global rebootPatchSize
rebootPatchSize:
.word _rebootPatchEnd - rebootPatch

43
patches/svcConnectToPortInitHook.s Normal file
View File

@ -0,0 +1,43 @@
.arm.little
.create "build/svcConnectToPortInitHook.bin", 0
.arm
push {r0-r4, lr}
adr r0, jumpAddress
bl convertVAToPA
orr r4, r0, #(1 << 31)
loop:
ldr r12, [r4]
cmp r12, #0
bne loop_end
ldr r12, [SleepThread]
ldr r0, =(10 * 1000 * 1000)
mov r1, #0
blx r12
b loop
loop_end:
pop {r0-r4, lr}
bx r12
convertVAToPA:
mov r1, #0x1000
sub r1, #1
and r2, r0, r1
bic r0, r1
mcr p15, 0, r0, c7, c8, 0 ; VA to PA translation with privileged read permission check
mrc p15, 0, r0, c7, c4, 0 ; read PA register
tst r0, #1 ; failure bit
bic r0, r1
addeq r0, r2
movne r0, #0
bx lr
.pool
_base: .ascii "base"
jumpAddressOrig: .ascii "orig"
SleepThread: .ascii "SlpT"
jumpAddress: .word 0
.close

20
patches/svcCustomBackdoor.s Normal file
View File

@ -0,0 +1,20 @@
.arm.little
.create "build/svcCustomBackdoor.bin", 0
.arm
; Result svcCustomBackdoor(void *func, ... <up to 3 args>)
svcCustomBackdoor:
b skip_orig
orig: .word 0
skip_orig:
push {r4, lr}
mov r4, r0
mov r0, r1
mov r1, r2
mov r2, r3
blx r4
pop {r4, pc}
.pool
.close

36
arm9/source/3dsheaders.h → source/3dsheaders.h
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -30,21 +30,21 @@
#pragma once #pragma once
typedef struct typedef struct __attribute__((packed))
{ {
u32 address; u32 address;
u32 phyRegionSize; u32 phyRegionSize;
u32 size; u32 size;
} CodeSetInfo; } CodeSetInfo;
typedef struct typedef struct __attribute__((packed))
{ {
u32 saveDataSize[2]; u32 saveDataSize[2];
u32 jumpID[2]; u32 jumpID[2];
u8 reserved[0x30]; u8 reserved[0x30];
} SystemInfo; } SystemInfo;
typedef struct typedef struct __attribute__((packed))
{ {
char appTitle[8]; char appTitle[8];
u8 reserved1[5]; u8 reserved1[5];
@ -60,7 +60,7 @@ typedef struct
SystemInfo systemInfo; SystemInfo systemInfo;
} SystemControlInfo; } SystemControlInfo;
typedef struct typedef struct __attribute__((packed))
{ {
SystemControlInfo systemControlInfo; SystemControlInfo systemControlInfo;
u8 aci[0x200]; u8 aci[0x200];
@ -69,7 +69,7 @@ typedef struct
u8 aciLim[0x200]; u8 aciLim[0x200];
} ExHeader; } ExHeader;
typedef struct typedef struct __attribute__((packed))
{ {
u8 sig[0x100]; //RSA-2048 signature of the NCCH header, using SHA-256 u8 sig[0x100]; //RSA-2048 signature of the NCCH header, using SHA-256
char magic[4]; //NCCH char magic[4]; //NCCH
@ -102,27 +102,13 @@ typedef struct
u8 romFsHash[0x20]; //RomFS superblock SHA-256 hash u8 romFsHash[0x20]; //RomFS superblock SHA-256 hash
} Ncch; } Ncch;
typedef struct ExeFsFileHeader typedef struct __attribute__((packed))
{
char name[8];
u32 offset;
u32 size;
} ExeFsFileHeader;
typedef struct ExeFsHeader
{
ExeFsFileHeader fileHeaders[10];
u8 _reserved_0xa0[0xC0 - 0xA0];
u8 fileHashes[10][32];
} ExeFsHeader;
typedef struct
{ {
Ncch ncch; Ncch ncch;
ExHeader exHeader; ExHeader exHeader;
} Cxi; } Cxi;
typedef struct typedef struct __attribute__((packed))
{ {
char sigIssuer[0x40]; char sigIssuer[0x40];
u8 eccPubKey[0x3C]; u8 eccPubKey[0x3C];
@ -148,7 +134,7 @@ typedef struct
u8 contentIndex[0xAC]; u8 contentIndex[0xAC];
} Ticket; } Ticket;
typedef struct typedef struct __attribute__((packed))
{ {
u32 offset; u32 offset;
u8 *address; u8 *address;
@ -157,7 +143,7 @@ typedef struct
u8 hash[0x20]; u8 hash[0x20];
} FirmSection; } FirmSection;
typedef struct typedef struct __attribute__((packed))
{ {
char magic[4]; char magic[4];
u32 reserved1; u32 reserved1;
@ -167,7 +153,7 @@ typedef struct
FirmSection section[4]; FirmSection section[4];
} Firm; } Firm;
typedef struct typedef struct __attribute__((packed))
{ {
u8 keyX[0x10]; u8 keyX[0x10];
u8 keyY[0x10]; u8 keyY[0x10];

5
arm9/source/buttons.h → source/buttons.h
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -45,8 +45,7 @@
#define DPAD_BUTTONS (BUTTON_LEFT | BUTTON_RIGHT | BUTTON_UP | BUTTON_DOWN) #define DPAD_BUTTONS (BUTTON_LEFT | BUTTON_RIGHT | BUTTON_UP | BUTTON_DOWN)
#define SAFE_MODE (BUTTON_R1 | BUTTON_L1 | BUTTON_A | BUTTON_UP) #define SAFE_MODE (BUTTON_R1 | BUTTON_L1 | BUTTON_A | BUTTON_UP)
#define SINGLE_PAYLOAD_BUTTONS (BUTTON_B | BUTTON_X | BUTTON_Y) #define SINGLE_PAYLOAD_BUTTONS (DPAD_BUTTONS | BUTTON_B | BUTTON_X | BUTTON_Y)
#define L_PAYLOAD_BUTTONS (BUTTON_R1 | BUTTON_A | BUTTON_START | BUTTON_SELECT) #define L_PAYLOAD_BUTTONS (BUTTON_R1 | BUTTON_A | BUTTON_START | BUTTON_SELECT)
#define MENU_BUTTONS (DPAD_BUTTONS | BUTTON_A | BUTTON_START) #define MENU_BUTTONS (DPAD_BUTTONS | BUTTON_A | BUTTON_START)
#define PIN_BUTTONS (BUTTON_A | BUTTON_B | BUTTON_X | BUTTON_Y | DPAD_BUTTONS | BUTTON_START | BUTTON_SELECT) #define PIN_BUTTONS (BUTTON_A | BUTTON_B | BUTTON_X | BUTTON_Y | DPAD_BUTTONS | BUTTON_START | BUTTON_SELECT)
#define NTRBOOT_BUTTONS (BUTTON_START | BUTTON_SELECT | BUTTON_X)

4
arm9/source/cache.h → source/cache.h
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -33,7 +33,7 @@
The data cache and/or the instruction cache MUST be flushed before doing one of the following: The data cache and/or the instruction cache MUST be flushed before doing one of the following:
- rebooting - rebooting
- powering down - powering down
- setting the Arm11 entrypoint to execute a function - setting the ARM11 entrypoint to execute a function
- jumping to a payload - jumping to a payload
***/ ***/

6
arm9/source/cache.s → source/cache.s
View File

@ -1,5 +1,5 @@
@ This file is part of Luma3DS @ This file is part of Luma3DS
@ Copyright (C) 2016-2020 Aurora Wright, TuxSH @ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@ @
@ This program is free software: you can redistribute it and/or modify @ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by @ it under the terms of the GNU General Public License as published by
@ -22,7 +22,7 @@
@ or requiring that modified versions of such material be marked in @ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version. @ reasonable ways as different from the original version.
.section .text.cache, "ax", %progbits .text
.arm .arm
.align 4 .align 4
@ -31,7 +31,7 @@
flushEntireDCache: flushEntireDCache:
@ Adapted from http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0155a/ch03s03s05.html, @ Adapted from http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0155a/ch03s03s05.html,
@ and https://github.com/gemarcano/libctr9_io/blob/master/src/ctr_system_ARM.c#L39 as well @ and https://github.com/gemarcano/libctr9_io/blob/master/src/ctr_system_ARM.c#L39 as well
@ Note: Arm's example is actually for a 8KB DCache (which is what the 3DS has) @ Note: ARM's example is actually for a 8KB DCache (which is what the 3DS has)
@ Implemented in bootROM at address 0xffff0830 @ Implemented in bootROM at address 0xffff0830
mov r1, #0 @ segment counter mov r1, #0 @ segment counter

392
source/config.c Normal file
View File

@ -0,0 +1,392 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "config.h"
#include "memory.h"
#include "fs.h"
#include "utils.h"
#include "screen.h"
#include "draw.h"
#include "buttons.h"
#include "pin.h"
CfgData configData;
ConfigurationStatus needConfig;
static u32 oldConfig;
bool readConfig(void)
{
bool ret;
if(fileRead(&configData, CONFIG_FILE, sizeof(CfgData)) != sizeof(CfgData) ||
memcmp(configData.magic, "CONF", 4) != 0 ||
configData.formatVersionMajor != CONFIG_VERSIONMAJOR ||
configData.formatVersionMinor != CONFIG_VERSIONMINOR)
{
configData.config = 0;
ret = false;
}
else ret = true;
oldConfig = configData.config;
return ret;
}
void writeConfig(bool isPayloadLaunch)
{
if(isPayloadLaunch) configData.config = (configData.config & 0xFFFFFF80) | (oldConfig & 0x7F);
/* If the configuration is different from previously, overwrite it.
Just the no-forcing flag being set is not enough */
if(needConfig != CREATE_CONFIGURATION && (configData.config & 0xFFFFFFBF) == oldConfig) return;
if(needConfig == CREATE_CONFIGURATION)
{
memcpy(configData.magic, "CONF", 4);
configData.formatVersionMajor = CONFIG_VERSIONMAJOR;
configData.formatVersionMinor = CONFIG_VERSIONMINOR;
}
if(!fileWrite(&configData, CONFIG_FILE, sizeof(CfgData)))
error("Error writing the configuration file");
}
void configMenu(bool oldPinStatus, u32 oldPinMode)
{
const char *multiOptionsText[] = { "Default EmuNAND: 1( ) 2( ) 3( ) 4( )",
"Screen brightness: 4( ) 3( ) 2( ) 1( )",
"Splash: Off( ) Before( ) After( ) payloads",
"PIN lock: Off( ) 4( ) 6( ) 8( ) digits",
"New 3DS CPU: Off( ) Clock( ) L2( ) Clock+L2( )",
};
const char *singleOptionsText[] = { "( ) Autoboot EmuNAND",
"( ) Use EmuNAND FIRM if booting with R",
"( ) Enable loading external FIRMs and modules",
"( ) Enable game patching",
"( ) Show NAND or user string in System Settings",
"( ) Show GBA boot screen in patched AGB_FIRM",
"( ) Patch ARM9 access",
"( ) Set developer UNITINFO",
};
const char *optionsDescription[] = { "Select the default EmuNAND.\n\n"
"It will be booted when no\n"
"directional pad buttons are pressed.",
"Select the screen brightness.",
"Enable splash screen support.\n\n"
"\t* 'Before payloads' displays it\n"
"before booting payloads\n"
"(intended for splashes that display\n"
"button hints).\n\n"
"\t* 'After payloads' displays it\n"
"afterwards.",
"Activate a PIN lock.\n\n"
"The PIN will be asked each time\n"
"Luma3DS boots.\n\n"
"4, 6 or 8 digits can be selected.\n\n"
"The ABXY buttons and the directional\n"
"pad buttons can be used as keys.\n\n"
"A message can also be displayed\n"
"(refer to the wiki for instructions).",
"Select the New 3DS CPU mode.\n\n"
"This won't apply to\n"
"New 3DS exclusive/enhanced games.\n\n"
"'Clock+L2' can cause issues with some\n"
"games.",
"If enabled, an EmuNAND\n"
"will be launched on boot.\n\n"
"Otherwise, SysNAND will.\n\n"
"Hold L on boot to switch NAND.\n\n"
"To use a different EmuNAND from the\n"
"default, hold a directional pad button\n"
"(Up/Right/Down/Left equal EmuNANDs\n"
"1/2/3/4).",
"If enabled, when holding R on boot\n"
"SysNAND will be booted with an\n"
"EmuNAND FIRM.\n\n"
"Otherwise, an EmuNAND will be booted\n"
"with the SysNAND FIRM.\n\n"
"To use a different EmuNAND from the\n"
"default, hold a directional pad button\n"
"(Up/Right/Down/Left equal EmuNANDs\n"
"1/2/3/4), also add A if you have\n"
"a matching payload.",
"Enable loading external FIRMs and\n"
"system modules.\n\n"
"This isn't needed in most cases.\n\n"
"Refer to the wiki for instructions.",
"Enable overriding the region and\n"
"language configuration and the usage\n"
"of patched code binaries,\n"
"IPS code patches and LayeredFS\n"
"for specific games.\n\n"
"Also makes certain DLCs\n"
"for out-of-region games work.\n\n"
"Enabling this requires the\n"
"archive patch to be applied.\n\n"
"Refer to the wiki for instructions.",
"Enable showing the current NAND/FIRM:\n\n"
"\t* Sys = SysNAND\n"
"\t* Emu = EmuNAND 1\n"
"\t* EmuX = EmuNAND X\n"
"\t* SysE = SysNAND with EmuNAND 1 FIRM\n"
"\t* SyEX = SysNAND with EmuNAND X FIRM\n"
"\t* EmuS = EmuNAND 1 with SysNAND FIRM\n"
"\t* EmXS = EmuNAND X with SysNAND FIRM\n\n"
"or a user-defined custom string in\n"
"System Settings.\n\n"
"Refer to the wiki for instructions.",
"Enable showing the GBA boot screen\n"
"when booting GBA games.",
"Disable ARM9 exheader access checks.\n\n"
"Only select this if you know what you\n"
"are doing!",
"Make the console be always detected\n"
"as a development unit, and conversely.\n"
"(which breaks online features, amiibo\n"
"and retail CIAs, but allows installing\n"
"and booting some developer software).\n\n"
"Only select this if you know what you\n"
"are doing!",
};
struct multiOption {
u32 posXs[4];
u32 posY;
u32 enabled;
bool visible;
} multiOptions[] = {
{ .posXs = {19, 24, 29, 34}, .visible = isSdMode },
{ .posXs = {21, 26, 31, 36}, .visible = true },
{ .posXs = {12, 22, 31, 0}, .visible = true },
{ .posXs = {14, 19, 24, 29}, .visible = true },
{ .posXs = {17, 26, 32, 44}, .visible = ISN3DS },
};
struct singleOption {
u32 posY;
bool enabled;
bool visible;
} singleOptions[] = {
{ .visible = isSdMode },
{ .visible = isSdMode },
{ .visible = true },
{ .visible = true },
{ .visible = true },
{ .visible = true },
{ .visible = true },
{ .visible = true }
};
//Calculate the amount of the various kinds of options and pre-select the first single one
u32 multiOptionsAmount = sizeof(multiOptions) / sizeof(struct multiOption),
singleOptionsAmount = sizeof(singleOptions) / sizeof(struct singleOption),
totalIndexes = multiOptionsAmount + singleOptionsAmount - 1,
selectedOption,
singleSelected;
bool isMultiOption = false;
//Parse the existing options
for(u32 i = 0; i < multiOptionsAmount; i++)
multiOptions[i].enabled = MULTICONFIG(i);
for(u32 i = 0; i < singleOptionsAmount; i++)
singleOptions[i].enabled = CONFIG(i);
initScreens();
drawString(true, 10, 10, COLOR_TITLE, CONFIG_TITLE);
drawString(true, 10, 10 + SPACING_Y, COLOR_TITLE, "Press A to select, START to save");
//Character to display a selected option
char selected = 'x';
u32 endPos = 10 + 2 * SPACING_Y;
//Display all the multiple choice options in white
for(u32 i = 0; i < multiOptionsAmount; i++)
{
if(!multiOptions[i].visible) continue;
multiOptions[i].posY = endPos + SPACING_Y;
endPos = drawString(true, 10, multiOptions[i].posY, COLOR_WHITE, multiOptionsText[i]);
drawCharacter(true, 10 + multiOptions[i].posXs[multiOptions[i].enabled] * SPACING_X, multiOptions[i].posY, COLOR_WHITE, selected);
}
endPos += SPACING_Y / 2;
//Display all the normal options in white except for the first one
for(u32 i = 0, color = COLOR_RED; i < singleOptionsAmount; i++)
{
if(!singleOptions[i].visible) continue;
singleOptions[i].posY = endPos + SPACING_Y;
endPos = drawString(true, 10, singleOptions[i].posY, color, singleOptionsText[i]);
if(singleOptions[i].enabled) drawCharacter(true, 10 + SPACING_X, singleOptions[i].posY, color, selected);
if(color == COLOR_RED)
{
singleSelected = i;
selectedOption = i + multiOptionsAmount;
color = COLOR_WHITE;
}
}
drawString(false, 10, 10, COLOR_WHITE, optionsDescription[selectedOption]);
//Boring configuration menu
while(true)
{
u32 pressed;
do
{
pressed = waitInput(true);
}
while(!(pressed & MENU_BUTTONS));
if(pressed == BUTTON_START) break;
if(pressed != BUTTON_A)
{
//Remember the previously selected option
u32 oldSelectedOption = selectedOption;
while(true)
{
switch(pressed)
{
case BUTTON_UP:
selectedOption = !selectedOption ? totalIndexes : selectedOption - 1;
break;
case BUTTON_DOWN:
selectedOption = selectedOption == totalIndexes ? 0 : selectedOption + 1;
break;
case BUTTON_LEFT:
pressed = BUTTON_DOWN;
selectedOption = 0;
break;
case BUTTON_RIGHT:
pressed = BUTTON_UP;
selectedOption = totalIndexes;
break;
default:
break;
}
if(selectedOption < multiOptionsAmount)
{
if(!multiOptions[selectedOption].visible) continue;
isMultiOption = true;
break;
}
else
{
singleSelected = selectedOption - multiOptionsAmount;
if(!singleOptions[singleSelected].visible) continue;
isMultiOption = false;
break;
}
}
if(selectedOption == oldSelectedOption) continue;
//The user moved to a different option, print the old option in white and the new one in red. Only print 'x's if necessary
if(oldSelectedOption < multiOptionsAmount)
{
drawString(true, 10, multiOptions[oldSelectedOption].posY, COLOR_WHITE, multiOptionsText[oldSelectedOption]);
drawCharacter(true, 10 + multiOptions[oldSelectedOption].posXs[multiOptions[oldSelectedOption].enabled] * SPACING_X, multiOptions[oldSelectedOption].posY, COLOR_WHITE, selected);
}
else
{
u32 singleOldSelected = oldSelectedOption - multiOptionsAmount;
drawString(true, 10, singleOptions[singleOldSelected].posY, COLOR_WHITE, singleOptionsText[singleOldSelected]);
if(singleOptions[singleOldSelected].enabled) drawCharacter(true, 10 + SPACING_X, singleOptions[singleOldSelected].posY, COLOR_WHITE, selected);
}
if(isMultiOption) drawString(true, 10, multiOptions[selectedOption].posY, COLOR_RED, multiOptionsText[selectedOption]);
else drawString(true, 10, singleOptions[singleSelected].posY, COLOR_RED, singleOptionsText[singleSelected]);
drawString(false, 10, 10, COLOR_BLACK, optionsDescription[oldSelectedOption]);
drawString(false, 10, 10, COLOR_WHITE, optionsDescription[selectedOption]);
}
else
{
//The selected option's status changed, print the 'x's accordingly
if(isMultiOption)
{
u32 oldEnabled = multiOptions[selectedOption].enabled;
drawCharacter(true, 10 + multiOptions[selectedOption].posXs[oldEnabled] * SPACING_X, multiOptions[selectedOption].posY, COLOR_BLACK, selected);
multiOptions[selectedOption].enabled = (oldEnabled == 3 || !multiOptions[selectedOption].posXs[oldEnabled + 1]) ? 0 : oldEnabled + 1;
if(selectedOption == BRIGHTNESS) updateBrightness(multiOptions[BRIGHTNESS].enabled);
}
else
{
bool oldEnabled = singleOptions[singleSelected].enabled;
singleOptions[singleSelected].enabled = !oldEnabled;
if(oldEnabled) drawCharacter(true, 10 + SPACING_X, singleOptions[singleSelected].posY, COLOR_BLACK, selected);
}
}
//In any case, if the current option is enabled (or a multiple choice option is selected) we must display a red 'x'
if(isMultiOption) drawCharacter(true, 10 + multiOptions[selectedOption].posXs[multiOptions[selectedOption].enabled] * SPACING_X, multiOptions[selectedOption].posY, COLOR_RED, selected);
else if(singleOptions[singleSelected].enabled) drawCharacter(true, 10 + SPACING_X, singleOptions[singleSelected].posY, COLOR_RED, selected);
}
//Preserve the last-used boot options (first 9 bits)
configData.config &= 0x7F;
//Parse and write the new configuration
for(u32 i = 0; i < multiOptionsAmount; i++)
configData.config |= multiOptions[i].enabled << (i * 2 + 7);
for(u32 i = 0; i < singleOptionsAmount; i++)
configData.config |= (singleOptions[i].enabled ? 1 : 0) << (i + 17);
u32 newPinMode = MULTICONFIG(PIN);
if(newPinMode != 0) newPin(oldPinStatus && newPinMode == oldPinMode, newPinMode);
else if(oldPinStatus) fileDelete(PIN_FILE);
while(HID_PAD & PIN_BUTTONS);
wait(2000ULL);
}

41
arm9/source/config.h → source/config.h
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -28,20 +28,17 @@
#include "types.h" #include "types.h"
#define AUTOBOOT_DEFAULT_TWL_TID 0x0003000448424C41ull #define CONFIG(a) (((configData.config >> (a + 17)) & 1) != 0)
#define MULTICONFIG(a) ((configData.config >> (a * 2 + 7)) & 3)
#define BOOTCONFIG(a, b) ((configData.config >> a) & b)
#define CONFIG(a) (((configData.config >> (a)) & 1) != 0) #define CONFIG_FILE "config.bin"
#define MULTICONFIG(a) ((configData.multiConfig >> (2 * (a))) & 3) #define CONFIG_VERSIONMAJOR 1
#define BOOTCONFIG(a, b) ((configData.bootConfig >> (a)) & (b)) #define CONFIG_VERSIONMINOR 12
#define CONFIG_FILE "config.ini" #define BOOTCFG_NAND BOOTCONFIG(0, 7)
#define CONFIG_VERSIONMAJOR 3 #define BOOTCFG_FIRM BOOTCONFIG(3, 7)
#define CONFIG_VERSIONMINOR 13 #define BOOTCFG_NOFORCEFLAG BOOTCONFIG(6, 1)
#define BOOTCFG_NAND BOOTCONFIG(0, 1)
#define BOOTCFG_EMUINDEX BOOTCONFIG(1, 3)
#define BOOTCFG_NOFORCEFLAG BOOTCONFIG(3, 1)
#define BOOTCFG_NTRCARDBOOT BOOTCONFIG(4, 1)
enum multiOptions enum multiOptions
{ {
@ -49,25 +46,19 @@ enum multiOptions
BRIGHTNESS, BRIGHTNESS,
SPLASH, SPLASH,
PIN, PIN,
NEWCPU, NEWCPU
AUTOBOOTMODE,
FORCEAUDIOOUTPUT,
}; };
enum singleOptions enum singleOptions
{ {
AUTOBOOTEMU = 0, AUTOBOOTEMU = 0,
USEEMUFIRM,
LOADEXTFIRMSANDMODULES, LOADEXTFIRMSANDMODULES,
PATCHGAMES, PATCHGAMES,
REDIRECTAPPTHREADS,
PATCHVERSTRING, PATCHVERSTRING,
SHOWGBABOOT, SHOWGBABOOT,
PATCHUNITINFO, PATCHACCESS,
ENABLEDSIEXTFILTER, PATCHUNITINFO
DISABLEARM11EXCHANDLERS,
ENABLESAFEFIRMROSALINA,
NUMCONFIGURABLE = PATCHUNITINFO,
}; };
typedef enum ConfigurationStatus typedef enum ConfigurationStatus
@ -77,8 +68,6 @@ typedef enum ConfigurationStatus
CREATE_CONFIGURATION CREATE_CONFIGURATION
} ConfigurationStatus; } ConfigurationStatus;
extern CfgData configData;
bool readConfig(void); bool readConfig(void);
void writeConfig(bool isConfigOptions); void writeConfig(bool isPayloadLaunch);
void configMenu(bool oldPinStatus, u32 oldPinMode); void configMenu(bool oldPinStatus, u32 oldPinMode);

74
arm9/source/crypto.c → source/crypto.c
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2021 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -33,10 +33,8 @@
#include "crypto.h" #include "crypto.h"
#include "memory.h" #include "memory.h"
#include "emunand.h"
#include "utils.h"
#include "alignedseqmemcpy.h"
#include "strings.h" #include "strings.h"
#include "utils.h"
#include "fatfs/sdmmc/sdmmc.h" #include "fatfs/sdmmc/sdmmc.h"
/**************************************************************** /****************************************************************
@ -289,18 +287,24 @@ void sha(void *res, const void *src, u32 size, u32 mode)
sha_wait_idle(); sha_wait_idle();
*REG_SHA_CNT = mode | SHA_CNT_OUTPUT_ENDIAN | SHA_NORMAL_ROUND; *REG_SHA_CNT = mode | SHA_CNT_OUTPUT_ENDIAN | SHA_NORMAL_ROUND;
const u8 *src8 = (const u8 *)src; const u32 *src32 = (const u32 *)src;
int i;
while(size >= 0x40) while(size >= 0x40)
{ {
sha_wait_idle(); sha_wait_idle();
alignedseqmemcpy((void *)REG_SHA_INFIFO, src8, 0x40); for(i = 0; i < 4; ++i)
{
*REG_SHA_INFIFO = *src32++;
*REG_SHA_INFIFO = *src32++;
*REG_SHA_INFIFO = *src32++;
*REG_SHA_INFIFO = *src32++;
}
src8 += 0x40;
size -= 0x40; size -= 0x40;
} }
sha_wait_idle(); sha_wait_idle();
alignedseqmemcpy((void *)REG_SHA_INFIFO, src8, size); memcpy((void *)REG_SHA_INFIFO, src32, size);
*REG_SHA_CNT = (*REG_SHA_CNT & ~SHA_NORMAL_ROUND) | SHA_FINAL_ROUND; *REG_SHA_CNT = (*REG_SHA_CNT & ~SHA_NORMAL_ROUND) | SHA_FINAL_ROUND;
@ -313,7 +317,7 @@ void sha(void *res, const void *src, u32 size, u32 mode)
else if(mode == SHA_1_MODE) else if(mode == SHA_1_MODE)
hashSize = SHA_1_HASH_SIZE; hashSize = SHA_1_HASH_SIZE;
alignedseqmemcpy(res, (void *)REG_SHA_HASH, hashSize); memcpy(res, (void *)REG_SHA_HASH, hashSize);
} }
/*****************************************************************/ /*****************************************************************/
@ -322,7 +326,7 @@ __attribute__((aligned(4))) static u8 nandCtr[AES_BLOCK_SIZE];
static u8 nandSlot; static u8 nandSlot;
static u32 fatStart = 0; static u32 fatStart = 0;
FirmwareSource ctrNandLocation = FIRMWARE_SYSNAND; FirmwareSource firmSource;
__attribute__((aligned(4))) static const u8 key1s[2][AES_BLOCK_SIZE] = { __attribute__((aligned(4))) static const u8 key1s[2][AES_BLOCK_SIZE] = {
{0x07, 0x29, 0x44, 0x38, 0xF8, 0xC9, 0x75, 0x93, 0xAA, 0x0E, 0x4A, 0xB4, 0xAE, 0x84, 0xC1, 0xD8}, {0x07, 0x29, 0x44, 0x38, 0xF8, 0xC9, 0x75, 0x93, 0xAA, 0x0E, 0x4A, 0xB4, 0xAE, 0x84, 0xC1, 0xD8},
@ -348,7 +352,7 @@ int ctrNandInit(void)
u8 __attribute__((aligned(4))) temp[0x200]; u8 __attribute__((aligned(4))) temp[0x200];
//Read NCSD header //Read NCSD header
result = ctrNandLocation == FIRMWARE_SYSNAND ? sdmmc_nand_readsectors(0, 1, temp) : sdmmc_sdcard_readsectors(emuOffset + emuHeader, 1, temp); result = firmSource == FIRMWARE_SYSNAND ? sdmmc_nand_readsectors(0, 1, temp) : sdmmc_sdcard_readsectors(emuHeader, 1, temp);
if(!result) if(!result)
{ {
@ -375,7 +379,7 @@ int ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf)
//Read //Read
int result; int result;
if(ctrNandLocation == FIRMWARE_SYSNAND) if(firmSource == FIRMWARE_SYSNAND)
result = sdmmc_nand_readsectors(sector + fatStart, sectorCount, outbuf); result = sdmmc_nand_readsectors(sector + fatStart, sectorCount, outbuf);
else else
{ {
@ -417,17 +421,12 @@ int ctrNandWrite(u32 sector, u32 sectorCount, const u8 *inbuf)
return result; return result;
} }
u32 decryptExeFs(Cxi *cxi) bool decryptExeFs(Cxi *cxi)
{ {
if(memcmp(cxi->ncch.magic, "NCCH", 4) != 0) return 0; if(memcmp(cxi->ncch.magic, "NCCH", 4) != 0) return false;
if(cxi->ncch.exeFsOffset != 5) return 0; u8 *exeFsOffset = (u8 *)cxi + (cxi->ncch.exeFsOffset + 1) * 0x200;
u8 *exeFsOffset = (u8 *)cxi + 6 * 0x200;
u32 exeFsSize = (cxi->ncch.exeFsSize - 1) * 0x200; u32 exeFsSize = (cxi->ncch.exeFsSize - 1) * 0x200;
if(exeFsSize > 0x400000) return 0;
__attribute__((aligned(4))) u8 ncchCtr[AES_BLOCK_SIZE] = {0}; __attribute__((aligned(4))) u8 ncchCtr[AES_BLOCK_SIZE] = {0};
for(u32 i = 0; i < 8; i++) for(u32 i = 0; i < 8; i++)
@ -439,14 +438,14 @@ u32 decryptExeFs(Cxi *cxi)
aes_use_keyslot(0x2C); aes_use_keyslot(0x2C);
aes(cxi, exeFsOffset, exeFsSize / AES_BLOCK_SIZE, ncchCtr, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL); aes(cxi, exeFsOffset, exeFsSize / AES_BLOCK_SIZE, ncchCtr, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
return memcmp(cxi, "FIRM", 4) == 0 ? exeFsSize : 0; return memcmp(cxi, "FIRM", 4) == 0;
} }
u32 decryptNusFirm(const Ticket *ticket, Cxi *cxi, u32 ncchSize) bool decryptNusFirm(const Ticket *ticket, Cxi *cxi, u32 ncchSize)
{ {
if(memcmp(ticket->sigIssuer, "Root", 4) != 0) return 0; if(memcmp(ticket->sigIssuer, "Root", 4) != 0) return false;
__attribute__((aligned(4))) static const u8 keyY0x3D[AES_BLOCK_SIZE] = {0x0C, 0x76, 0x72, 0x30, 0xF0, 0x99, 0x8F, 0x1C, 0x46, 0x82, 0x82, 0x02, 0xFA, 0xAC, 0xBE, 0x4C}; __attribute__((aligned(4))) const u8 keyY0x3D[AES_BLOCK_SIZE] = {0x0C, 0x76, 0x72, 0x30, 0xF0, 0x99, 0x8F, 0x1C, 0x46, 0x82, 0x82, 0x02, 0xFA, 0xAC, 0xBE, 0x4C};
__attribute__((aligned(4))) u8 titleKey[AES_BLOCK_SIZE], __attribute__((aligned(4))) u8 titleKey[AES_BLOCK_SIZE],
cetkIv[AES_BLOCK_SIZE] = {0}; cetkIv[AES_BLOCK_SIZE] = {0};
memcpy(titleKey, ticket->titleKey, sizeof(titleKey)); memcpy(titleKey, ticket->titleKey, sizeof(titleKey));
@ -485,8 +484,8 @@ static inline void twlConsoleInfoInit(void)
aes_setkey(2, (u8 *)0x01FFD398, AES_KEYX, AES_INPUT_TWLNORMAL); aes_setkey(2, (u8 *)0x01FFD398, AES_KEYX, AES_INPUT_TWLNORMAL);
if(CFG_TWLUNITINFO != 0) if(CFG_TWLUNITINFO != 0)
{ {
__attribute__((aligned(4))) static const u8 key2YDev[AES_BLOCK_SIZE] = {0x3B, 0x06, 0x86, 0x57, 0x33, 0x04, 0x88, 0x11, 0x49, 0x04, 0x6B, 0x33, 0x12, 0x02, 0xAC, 0xF3}, __attribute__((aligned(4))) u8 key2YDev[AES_BLOCK_SIZE] = {0x3B, 0x06, 0x86, 0x57, 0x33, 0x04, 0x88, 0x11, 0x49, 0x04, 0x6B, 0x33, 0x12, 0x02, 0xAC, 0xF3},
key3YDev[AES_BLOCK_SIZE] = {0xAA, 0xBF, 0x76, 0xF1, 0x7A, 0xB8, 0xE8, 0x66, 0x97, 0x64, 0x6A, 0x26, 0x05, 0x00, 0xA0, 0xE1}; key3YDev[AES_BLOCK_SIZE] = {0xAA, 0xBF, 0x76, 0xF1, 0x7A, 0xB8, 0xE8, 0x66, 0x97, 0x64, 0x6A, 0x26, 0x05, 0x00, 0xA0, 0xE1};
k3X[1] = 0xEE7A4B1E; k3X[1] = 0xEE7A4B1E;
k3X[2] = 0xAF42C08B; k3X[2] = 0xAF42C08B;
@ -511,15 +510,15 @@ static inline void twlConsoleInfoInit(void)
void setupKeyslots(void) void setupKeyslots(void)
{ {
//Setup 0x24 KeyY //Setup 0x24 KeyY
__attribute__((aligned(4))) static const u8 keyY0x24[AES_BLOCK_SIZE] = {0x74, 0xCA, 0x07, 0x48, 0x84, 0xF4, 0x22, 0x8D, 0xEB, 0x2A, 0x1C, 0xA7, 0x2D, 0x28, 0x77, 0x62}; __attribute__((aligned(4))) u8 keyY0x24[AES_BLOCK_SIZE] = {0x74, 0xCA, 0x07, 0x48, 0x84, 0xF4, 0x22, 0x8D, 0xEB, 0x2A, 0x1C, 0xA7, 0x2D, 0x28, 0x77, 0x62};
aes_setkey(0x24, keyY0x24, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL); aes_setkey(0x24, keyY0x24, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
//Setup 0x25 KeyX and 0x2F KeyY //Setup 0x25 KeyX and 0x2F KeyY
__attribute__((aligned(4))) static const u8 keyX0x25s[2][AES_BLOCK_SIZE] = { __attribute__((aligned(4))) const u8 keyX0x25s[2][AES_BLOCK_SIZE] = {
{0xCE, 0xE7, 0xD8, 0xAB, 0x30, 0xC0, 0x0D, 0xAE, 0x85, 0x0E, 0xF5, 0xE3, 0x82, 0xAC, 0x5A, 0xF3}, {0xCE, 0xE7, 0xD8, 0xAB, 0x30, 0xC0, 0x0D, 0xAE, 0x85, 0x0E, 0xF5, 0xE3, 0x82, 0xAC, 0x5A, 0xF3},
{0x81, 0x90, 0x7A, 0x4B, 0x6F, 0x1B, 0x47, 0x32, 0x3A, 0x67, 0x79, 0x74, 0xCE, 0x4A, 0xD7, 0x1B} {0x81, 0x90, 0x7A, 0x4B, 0x6F, 0x1B, 0x47, 0x32, 0x3A, 0x67, 0x79, 0x74, 0xCE, 0x4A, 0xD7, 0x1B}
}, },
keyY0x2Fs[2][AES_BLOCK_SIZE] = { keyY0x2Fs[2][AES_BLOCK_SIZE] = {
{0xC3, 0x69, 0xBA, 0xA2, 0x1E, 0x18, 0x8A, 0x88, 0xA9, 0xAA, 0x94, 0xE5, 0x50, 0x6A, 0x9F, 0x16}, {0xC3, 0x69, 0xBA, 0xA2, 0x1E, 0x18, 0x8A, 0x88, 0xA9, 0xAA, 0x94, 0xE5, 0x50, 0x6A, 0x9F, 0x16},
{0x73, 0x25, 0xC4, 0xEB, 0x14, 0x3A, 0x0D, 0x5F, 0x5D, 0xB6, 0xE5, 0xC5, 0x7A, 0x21, 0x95, 0xAC} {0x73, 0x25, 0xC4, 0xEB, 0x14, 0x3A, 0x0D, 0x5F, 0x5D, 0xB6, 0xE5, 0xC5, 0x7A, 0x21, 0x95, 0xAC}
}; };
@ -527,10 +526,10 @@ void setupKeyslots(void)
aes_setkey(0x25, keyX0x25s[ISDEVUNIT ? 1 : 0], AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL); aes_setkey(0x25, keyX0x25s[ISDEVUNIT ? 1 : 0], AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_setkey(0x2F, keyY0x2Fs[ISDEVUNIT ? 1 : 0], AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL); aes_setkey(0x2F, keyY0x2Fs[ISDEVUNIT ? 1 : 0], AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
if(ISN3DS) if(ISN3DS)
{ {
//Setup 0x05 KeyY //Setup 0x05 KeyY
__attribute__((aligned(4))) static const u8 keyY0x5[AES_BLOCK_SIZE] = {0x4D, 0x80, 0x4F, 0x4E, 0x99, 0x90, 0x19, 0x46, 0x13, 0xA2, 0x04, 0xAC, 0x58, 0x44, 0x60, 0xBE}; __attribute__((aligned(4))) u8 keyY0x5[AES_BLOCK_SIZE] = {0x4D, 0x80, 0x4F, 0x4E, 0x99, 0x90, 0x19, 0x46, 0x13, 0xA2, 0x04, 0xAC, 0x58, 0x44, 0x60, 0xBE};
aes_setkey(0x05, keyY0x5, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL); aes_setkey(0x05, keyY0x5, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
} }
@ -542,7 +541,7 @@ void setupKeyslots(void)
{0xDD, 0xDA, 0xA4, 0xC6, 0x2C, 0xC4, 0x50, 0xE9, 0xDA, 0xB6, 0x9B, 0x0D, 0x9D, 0x2A, 0x21, 0x98} {0xDD, 0xDA, 0xA4, 0xC6, 0x2C, 0xC4, 0x50, 0xE9, 0xDA, 0xB6, 0x9B, 0x0D, 0x9D, 0x2A, 0x21, 0x98}
}, decKey[AES_BLOCK_SIZE]; }, decKey[AES_BLOCK_SIZE];
//Initialize Key 0x18 //Initialize Key 0x18
aes_setkey(0x11, key1s[ISDEVUNIT ? 1 : 0], AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL); aes_setkey(0x11, key1s[ISDEVUNIT ? 1 : 0], AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_use_keyslot(0x11); aes_use_keyslot(0x11);
aes(decKey, keyBlocks[0], 1, NULL, AES_ECB_DECRYPT_MODE, 0); aes(decKey, keyBlocks[0], 1, NULL, AES_ECB_DECRYPT_MODE, 0);
@ -581,9 +580,6 @@ void kernel9Loader(Arm9Bin *arm9Section)
u8 arm9BinSlot = k9lVersion == 0 ? 0x15 : 0x16; u8 arm9BinSlot = k9lVersion == 0 ? 0x15 : 0x16;
// Get size
u32 arm9SectionSize = decAtoi(arm9Section->size, 8);
//Set keyX //Set keyX
__attribute__((aligned(4))) u8 keyX[AES_BLOCK_SIZE]; __attribute__((aligned(4))) u8 keyX[AES_BLOCK_SIZE];
aes_use_keyslot(0x11); aes_use_keyslot(0x11);
@ -599,11 +595,11 @@ void kernel9Loader(Arm9Bin *arm9Section)
__attribute__((aligned(4))) u8 arm9BinCtr[AES_BLOCK_SIZE]; __attribute__((aligned(4))) u8 arm9BinCtr[AES_BLOCK_SIZE];
memcpy(arm9BinCtr, arm9Section->ctr, sizeof(arm9BinCtr)); memcpy(arm9BinCtr, arm9Section->ctr, sizeof(arm9BinCtr));
//Decrypt Arm9 binary //Decrypt ARM9 binary
aes_use_keyslot(arm9BinSlot); aes_use_keyslot(arm9BinSlot);
aes(startOfArm9Bin, startOfArm9Bin, arm9SectionSize / AES_BLOCK_SIZE, arm9BinCtr, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL); aes(startOfArm9Bin, startOfArm9Bin, decAtoi(arm9Section->size, sizeof(arm9Section->size)) / AES_BLOCK_SIZE, arm9BinCtr, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
if(*startOfArm9Bin != 0x47704770 && *startOfArm9Bin != 0xB0862000) error("Failed to decrypt the Arm9 binary."); if(*startOfArm9Bin != 0x47704770 && *startOfArm9Bin != 0xB0862000) error("Failed to decrypt the ARM9 binary.");
} }
void computePinHash(u8 *outbuf, const u8 *inbuf) void computePinHash(u8 *outbuf, const u8 *inbuf)
@ -612,7 +608,7 @@ void computePinHash(u8 *outbuf, const u8 *inbuf)
cipherText[AES_BLOCK_SIZE]; cipherText[AES_BLOCK_SIZE];
sdmmc_get_cid(1, (u32 *)cid); sdmmc_get_cid(1, (u32 *)cid);
aes_use_keyslot(0x04); //Console-unique keyslot whose keys are set by the Arm9 bootROM aes_use_keyslot(0x04); //Console-unique keyslot whose keys are set by the ARM9 bootROM
aes(cipherText, inbuf, 1, cid, AES_CBC_ENCRYPT_MODE, AES_INPUT_BE | AES_INPUT_NORMAL); aes(cipherText, inbuf, 1, cid, AES_CBC_ENCRYPT_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
sha(outbuf, cipherText, sizeof(cipherText), SHA_256_MODE); sha(outbuf, cipherText, sizeof(cipherText), SHA_256_MODE);
} }

10
arm9/source/crypto.h → source/crypto.h
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -110,15 +110,17 @@
#define SHA_224_HASH_SIZE (224 / 8) #define SHA_224_HASH_SIZE (224 / 8)
#define SHA_1_HASH_SIZE (160 / 8) #define SHA_1_HASH_SIZE (160 / 8)
extern FirmwareSource ctrNandLocation; extern u32 emuOffset,
emuHeader;
extern FirmwareSource firmSource;
void sha(void *res, const void *src, u32 size, u32 mode); void sha(void *res, const void *src, u32 size, u32 mode);
int ctrNandInit(void); int ctrNandInit(void);
int ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf); int ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf);
int ctrNandWrite(u32 sector, u32 sectorCount, const u8 *inbuf); int ctrNandWrite(u32 sector, u32 sectorCount, const u8 *inbuf);
u32 decryptExeFs(Cxi *cxi); bool decryptExeFs(Cxi *cxi);
u32 decryptNusFirm(const Ticket *ticket, Cxi *cxi, u32 ncchSize); bool decryptNusFirm(const Ticket *ticket, Cxi *cxi, u32 ncchSize);
void setupKeyslots(void); void setupKeyslots(void);
void kernel9Loader(Arm9Bin *arm9Section); void kernel9Loader(Arm9Bin *arm9Section);
void computePinHash(u8 *outbuf, const u8 *inbuf); void computePinHash(u8 *outbuf, const u8 *inbuf);

13
arm9/source/draw.c → source/draw.c
View File

@ -1,6 +1,6 @@
/* /*
* This file is part of Luma3DS * This file is part of Luma3DS
* Copyright (C) 2016-2020 Aurora Wright, TuxSH * Copyright (C) 2016-2017 Aurora Wright, TuxSH
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -30,18 +30,17 @@
*/ */
#include "draw.h" #include "draw.h"
#include "memory.h" #include "strings.h"
#include "screen.h" #include "screen.h"
#include "utils.h" #include "utils.h"
#include "fs.h" #include "fs.h"
#include "fmt.h" #include "fmt.h"
#include "font.h" #include "font.h"
#include "config.h"
bool loadSplash(void) bool loadSplash(void)
{ {
static const char *topSplashFile = "splash.bin", const char *topSplashFile = "splash.bin",
*bottomSplashFile = "splashbottom.bin"; *bottomSplashFile = "splashbottom.bin";
bool isTopSplashValid = getFileSize(topSplashFile) == SCREEN_TOP_FBSIZE, bool isTopSplashValid = getFileSize(topSplashFile) == SCREEN_TOP_FBSIZE,
isBottomSplashValid = getFileSize(bottomSplashFile) == SCREEN_BOTTOM_FBSIZE; isBottomSplashValid = getFileSize(bottomSplashFile) == SCREEN_BOTTOM_FBSIZE;
@ -50,6 +49,7 @@ bool loadSplash(void)
if(!isTopSplashValid && !isBottomSplashValid) return false; if(!isTopSplashValid && !isBottomSplashValid) return false;
initScreens(); initScreens();
clearScreens(true);
if(isTopSplashValid) isTopSplashValid = fileRead(fbs[1].top_left, topSplashFile, SCREEN_TOP_FBSIZE) == SCREEN_TOP_FBSIZE; if(isTopSplashValid) isTopSplashValid = fileRead(fbs[1].top_left, topSplashFile, SCREEN_TOP_FBSIZE) == SCREEN_TOP_FBSIZE;
if(isBottomSplashValid) isBottomSplashValid = fileRead(fbs[1].bottom, bottomSplashFile, SCREEN_BOTTOM_FBSIZE) == SCREEN_BOTTOM_FBSIZE; if(isBottomSplashValid) isBottomSplashValid = fileRead(fbs[1].bottom, bottomSplashFile, SCREEN_BOTTOM_FBSIZE) == SCREEN_BOTTOM_FBSIZE;
@ -57,8 +57,7 @@ bool loadSplash(void)
if(!isTopSplashValid && !isBottomSplashValid) return false; if(!isTopSplashValid && !isBottomSplashValid) return false;
swapFramebuffers(true); swapFramebuffers(true);
wait(3000ULL);
wait(configData.splashDurationMsec);
return true; return true;
} }

Some files were not shown because too many files have changed in this diff Show More