rosalina: fix volume slider override value calculation

Below 50%, the volume slider moves the dB value twice as fast. When
linearly interpolating the value in dB (lerp in log-scale), we need to
account for that fact to match how the MCU firmware handles the actual
volume slider.

.gitattributes

@@ -1 +1,2 @@
 *.xml text eol=lf
+*.ini text eol=lf

.github/ISSUE_TEMPLATE/bug-report.md

@@ -7,13 +7,13 @@ about: Use this to report bugs you encounter with Luma3DS. Make sure you upload
 -- THIS IS NOT A SUPPORT FORUM! For support go here:
 -- Nintendo Homebrew: https://discord.gg/MjzatM8
 --
--- Rosalina feature requests go here: https://github.com/AuroraWright/Luma3DS/issues/752
+-- Rosalina feature requests go here: https://github.com/LumaTeam/Luma3DS/issues/752
 --
--- Also check the Wiki (https://github.com/AuroraWright/Luma3DS/wiki) before making an issue.
+-- Also check the Wiki (https://github.com/LumaTeam/Luma3DS/wiki) before making an issue.
 --
--- For GBA/DSiWare/DS/AGB_FIRM/TWL_FIRM problems: https://3ds.hacks.guide/troubleshooting
+-- For GBA/DSiWare/DS/AGB_FIRM/TWL_FIRM problems: use https://github.com/MechanicalDragon0687/TWLFix-CFW and update your system.
 -- If you're using an emu/redNAND try installing anything on it to sysNAND.
--- Please make sure to read "Enable game patching" https://github.com/AuroraWright/Luma3DS/wiki/Options-and-usage before posting any issues about the "Enable game patching" option(s).
+-- Please make sure to read "Enable game patching" https://github.com/LumaTeam/Luma3DS/wiki/Options-and-usage before posting any issues about the "Enable game patching" option(s).
 --
 -- Luma updaters that don't support Boot9Strap/Sighax won't work.
 -- This is due to support for non-B9S/Sighax entrypoints being dropped.
@@ -21,11 +21,11 @@ about: Use this to report bugs you encounter with Luma3DS. Make sure you upload
 -- Please fill in the placeholders.-->
 **System model:**
 
-[e.g. 2DS, New 3DS, Old 3DS]
+[New 2DS XL, New 3DS XL, New 3DS, Old 2DS, Old 3DS XL, Old 3DS]
 
 **SysNAND version (+emu/redNAND version if applicable):**
 
-[e.g. 11.13.0-45U SysNAND, 11.13.0-45E EmuNAND]
+[e.g. 11.17.0-50U SysNAND, 11.17.0-50E EmuNAND]
 <!--You can check which version you're on in System Settings. It will be on the bottom right of the top screen.-->
 
 **Entrypoint (How/what you're using to boot Luma3DS):**
@@ -34,7 +34,7 @@ about: Use this to report bugs you encounter with Luma3DS. Make sure you upload
 
 **Luma3DS version:**
 
-[e.g. v10.1.2 stable or if using nightly/hourly specify the commit like this https://github.com/AuroraWright/Luma3DS/commit/0543c208fd154e6326ea5da8cbf66ffcbdef010c]
+[e.g. v13.2.1 stable or if using non-releases specify the commit like this https://github.com/LumaTeam/Luma3DS/commit/988ec17ebfce513fc4589f7b12e0d6e3894ae542]
 
 **Luma3DS configuration/options:**
 
@@ -50,32 +50,28 @@ Splash duration: ( )
 PIN lock: ( )
 
 New 3DS CPU: ( )
-<!--This option is only available for New 3DS/2DS.-->
+<!--This option is only available on New 3DS (XL)/New 2DS XL.-->
+
+Hbmenu autoboot: ( )
 
 --
 
 Autoboot EmuNAND: ( )
 <!--This option is only available if there's at least one EmuNAND.-->
 
-Use EmuNAND FIRM if booting with R: ( )
-<!--This option is only available if there's at least one EmuNAND.-->
-
 Enable loading external FIRMs and modules: ( )
 <!--Firmware (.bin) files are not required by Luma, or NTR CFW anymore.
 -- If you're having issues with this option enabled try deleting them from the luma folder on the root of the SD card or /rw/luma on CTRNAND and disabling this option.-->
 
 Enable game patching: ( )
 
+Redirect app. syscore threads to core2: ( )
+<!--This option is only available on New 3DS (XL)/New 2DS XL.-->
+
 Show NAND or user string in System Settings: ( )
 
 Show GBA boot screen in patched AGB_FIRM: ( )
 
-Patch Arm9 access: ( )
-
-Set developer UNITINFO: ( )
-
-Disable Arm11 exception handlers: ( )
-
 --
 
 
@@ -93,7 +89,8 @@ Disable Arm11 exception handlers: ( )
 2.
 
 
-**Dump file:**
+**Dump file (if applicable):**
-<!--If the issue leads to a crash you must uncheck the "Disable Arm11 exception handlers" option.
+<!--If the issue leads to a crash you must ensure the "Disable Arm11 exception handlers"
+-- option is not disabled in config.ini.
 -- The error message will tell you where the dump is.
 -- Zip the dmp file and drag & drop it below.-->

.gitignore

@@ -13,8 +13,12 @@ exceptions/arm11/build
 *.d
 *.elf
 *.cxi
+*.3dsx
 .DS_Store
 *.dmp
 .project
 .cproject
 .settings
+
+Luma3DS*.zip
+hbmenu.zip

Makefile

@@ -2,6 +2,19 @@ ifneq ($(strip $(shell firmtool -v 2>&1 | grep usage)),)
 $(error "Please install firmtool v1.1 or greater")
 endif
 
+# Disable kext and firmlaunch patches, all custom sysmodules except Loader, enable PASLR.
+# Dangerous. Don't enable this unless you know what you're doing!
+export BUILD_FOR_EXPLOIT_DEV ?= 0
+
+# Build with O0 & frame pointer information for use with GDB
+export BUILD_FOR_GDB ?= 0
+
+# Default 3DSX TitleID for hb:ldr
+export HBLDR_DEFAULT_3DSX_TID ?= 000400000D921E00
+
+# What to call the title corresponding to HBLDR_DEFAULT_3DSX_TID
+export HBLDR_DEFAULT_3DSX_TITLE_NAME ?= "hblauncher_loader"
+
 NAME		:=	$(notdir $(CURDIR))
 REVISION	:=	$(shell git describe --tags --match v[0-9]* --abbrev=8 | sed 's/-[0-9]*-g/-/')
 
@@ -15,15 +28,21 @@ release:	$(NAME)$(REVISION).zip
 
 clean:
 	@$(foreach dir, $(SUBFOLDERS), $(MAKE) -C $(dir) clean &&) true
-	@rm -rf *.firm *.zip
+	@rm -rf *.firm *.zip *.3dsx
 
-$(NAME)$(REVISION).zip:	boot.firm exception_dump_parser
+# boot.3dsx comes from https://github.com/fincs/new-hbmenu/releases
-	@zip -r $@ $^ -x "*.DS_Store*" "*__MACOSX*"
+$(NAME)$(REVISION).zip:	hbmenu.zip boot.firm
+	@cp $< $@
+	@zip $@ boot.firm -x "*.DS_Store*" "*__MACOSX*"
 
 boot.firm:	$(SUBFOLDERS)
 	@firmtool build $@ -D sysmodules/sysmodules.bin arm11/arm11.elf arm9/arm9.elf k11_extension/k11_extension.elf \
 	-A 0x18180000 -C XDMA XDMA NDMA XDMA
 	@echo built... $(notdir $@)
 
+hbmenu.zip:
+	@curl -sSfL $(shell curl -s https://api.github.com/repos/devkitPro/3ds-hbmenu/releases/latest | grep 'browser_' | cut -d\" -f4) -o $@
+	@echo downloaded... $(notdir $@)
+
 $(SUBFOLDERS):
 	@$(MAKE) -C $@ all

README.md

@@ -1,36 +1,112 @@
 # Luma3DS
-*Noob-proof (N)3DS "Custom Firmware"*
 
-### What it is
+![GitHub Downloads (all assets, all releases)](https://img.shields.io/github/downloads/LumaTeam/Luma3DS/total)
-**Luma3DS** is a program to patch the system software of (New) Nintendo (2)3DS handheld consoles "on the fly", adding features such as per-game language settings, debugging capabilities for developers, and removing restrictions enforced by Nintendo such as the region lock.
+![License](https://img.shields.io/badge/License-GPLv3-blue.svg)
 
-It also allows you to run unauthorized ("homebrew") content by removing signature checks.
+*Nintendo 3DS "Custom Firmware"*
-To use it, you will need a console capable of running homebrew software on the Arm9 processor. We recommend [Plailect's guide](https://3ds.hacks.guide/) for details on how to get your system ready.
 
-Since v8.0, Luma3DS has its own in-game menu, triggerable by <kbd>L+Down+Select</kbd> (see the [release notes](https://github.com/AuroraWright/Luma3DS/releases/tag/v8.0)).
+![Boot menu screenshot](img/boot_menu_v1321.png)
+![Rosalina menu screenshot](img/rosalina_menu_v1321.png)
 
-#
+## Description
-### Compiling
+**Luma3DS** patches and reimplements significant parts of the system software running on all models of the Nintendo 3DS family of consoles. It aims to greatly improve the user experience and support the 3DS far beyond its end-of-life. Features include:
-* Prerequisites
-    1. git
-    2. [makerom](https://github.com/jakcron/Project_CTR) in PATH
-    3. [firmtool](https://github.com/TuxSH/firmtool)
-    4. Up-to-date devkitARM+libctru
-1. Clone the repository with `git clone https://github.com/AuroraWright/Luma3DS.git`
-2. Run `make`.
 
-    The produced `boot.firm` is meant to be copied to the root of your SD card for usage with Boot9Strap.
+* **First-class support for homebrew applications**
+* **Rosalina**, an overlay menu (triggered by <kbd>L+Down+Select</kbd> by default), allowing things like:
+    * Taking screenshots while in game
+    * Blue light filters and other screen filters
+    * Input redirection to play with external devices, such as controllers
+    * Using cheat codes
+    * Setting time and date accurately from the network (NTP)
+    * ... and much more!
+* **Many game modding features**, such as, but not limited to:
+    * Game plugins (in 3GX format)
+    * Per-game language overrides ("locale emulation")
+    * Asset content path redirection ("LayeredFS")
+* **Support for user-provided patches and/or full "system modules" replacements**, an essential feature for Nintendo Network replacements (amongst other projects)
+* A **fully-fledged GDB stub**, allowing homebrew developers and reverse-engineers alike to work much more efficiently
+* Ability to chainload other firmware files, including other versions of itself
+* ... and much more!
 
-#
+## Installation and upgrade
-### Setup / Usage / Features
+Luma3DS requires [boot9strap](https://github.com/SciresM/boot9strap) to run.
-See https://github.com/AuroraWright/Luma3DS/wiki
 
-#
+Once boot9strap has been installed, simply download the [latest release archive](https://github.com/LumaTeam/Luma3DS/releases/latest) and extract the archive onto the root of your SD card to "install" or to upgrade Luma3DS alongside the [homebrew menu and certs bundle](https://github.com/devkitPro/3ds-hbmenu) shipped with it. Replace existing files and merge existing folders if necessary.
-### Credits
-See https://github.com/AuroraWright/Luma3DS/wiki/Credits
 
-#
+## Basic usage
-### Licensing
+**The main Luma3DS configuration menu** can be accessed by pressing <kbd>Select</kbd> at boot. The configuration file is stored in `/luma/config.ini` on the SD card (or `/rw/luma/config.ini` on the CTRNAND partition if Luma3DS has been launched from the CTRNAND partition, which happens when SD card is missing).
+
+**The chainloader menu** is accessed by pressing <kbd>Start</kbd> at boot, or from the configuration menu. Payloads are expected to be located in `/luma/payloads` with the `.firm` extension; if there is only one such payload, the aforementionned selection menu will be skipped. Hotkeys can be assigned to payload, for example `x_test.firm` will be chainloaded when <kbd>X</kbd> is pressed at boot.
+
+**The overlay menu, Rosalina**, has a default button combination: <kbd>L+Down+Select</kbd>. For greater flexbility, most Rosalina menu settings aren't saved automatically, hence the "Save settings" option.
+
+**GDB ports**, when enabled, are `4000-4002` for the normal ports. Use of `attach` in "extended-remote" mode, alongside `info os processes` is supported and encouraged (for reverse-engineering, also check out `monitor getmemregions`). The port for the break-on-start feature is `4003` without "extended-remote". Both devkitARM-patched GDB and IDA Pro (without "stepping support" enabled) are actively supported.
+
+We have a wiki, however it is currently very outdated.
+
+## Components
+
+Luma3DS consists of multiple components. While the code style within each component is mostly consistent, these components have been written over many years and may not reflect how maintainers would write new code in new components/projects:
+
+* **arm9**, **arm11**: baremetal main settings menu, chainloader and firmware loader. Aside from showing settings and chainloading to other homebrew firmware files on demand, it is responsible for patching the official firmware to modify `Process9` code and to inject all other custom components. This was the first component ever written for this project, in 2015
+* **k11_extension**: code extending the Arm11 `NATIVE_FIRM` kernel (`Kernel11`). It is injected by the above mentioned baremetal loader into the kernel by hooking its startup code, then hooks itself into the rest of the kernel. Its features include hooking system calls (SVCs), introducing new SVCs and hooking into interprocess communications, to bypass limitations in Nintendo's system design. This is the component that allows Rosalina to pause other processes on overlay menu entry, for example. This was written at a time when we didn't fully reverse-engineer the kernel, and originally released in 2017 alongside Rosalina. Further hooks for "game plugin" support have been merged in 2023
+* **sysmodules**: reimplementation of "system modules" (processes) of the 3DS's OS (except for Rosalina being custom), currently only initial processes loaded directly in-memory by the kernel ("kernel initial process", or KIP in short)
+    * **loader**: process that loads non-KIP processes from storage. Because this is the perfect place to patch/replace executable code, this is where all process patches are done, enabling in particular "game modding" features. This is also the sysmodule handling 3DSX homebrew loading. Introduced in 2016
+    * _**rosalina**_: the most important component of Luma3DS and custom KIP: overlay menu, GDB server, `err:f` (fatal error screen) reimplementation, and much more. Introduced in mid-2017, and has continuously undergone changes and received many external contributions ever since
+    * **pxi**: Arm11<>Arm9 communication KIP, reimplemented just for the sake of it. Introduced late 2017
+    * **sm**: service manager KIP, reimplemented to remove service access control restrictions. Introduced late 2017
+    * **pm**: process manager KIP reponsible of starting/terminating processes and instructing `loader` to load them. The reimplemention allows for break-on-start GDB feature in Rosalina, as well as lifting FS access control restrictions the proper way. Introduced in 2019
+
+## Maintainers
+
+* **[@TuxSH](https://github.com/TuxSH)**: lead developer, created and maintains most features of the project. Joined in 2016
+* **[@AuroraWright](https://github.com/AuroraWright)**: author of the project, implemented the core features (most of the baremetal boot settings menu and firmware loading code) with successful design decisions that made the project popular. Created the project in 2015, currently inactive
+* **[@PabloMK7](https://github.com/PabloMK7)**: maintainer of the plugin loader feature merged for the v13.0 release. Joined in 2023
+
+## Roadmap
+
+There are still a lot more features and consolidation planned for Luma3DS! Here is a list of what is currently in store:
+
+* Full reimplementation of `TwlBg` and `AgbBg`. This will allow much better, and more configurable, upscaling for top screen in DS and GBA games (except on Old 2DS). This is currently being developed privately in C++23 (no ETA). While this is quite a difficult endeavor as this requires rewriting the entire driver stack in semi-bare-metal (limited kernel with no IPC), this is the most critical feature for Luma3DS to have and will make driver sysmodule reimpelementation trivial
+* Reimplementation of `Process9` for `TWL_FIRM` and `AGB_FIRM` to allow for more features in DS and GBA compatibility mode (ones that require file access)
+* Eventually, a full `Kernel11` reimplementation
+
+## Known issues
+
+* **Cheat engine crashes with some applications, in particular Pokémon games**: there is a race condition in Nintendo's `Kernel11` pertaining to attaching a new `KDebugThread` to a `KThread` on thread creation, and another thread null-dereferencing `thread->debugThread`. This causes the cheat engine to crashes games that create and destroy many threads all the time (like Pokémon).
+    * For these games, having a **dedicated "game plugin"** is the only alternative until `Kernel11` is reimplemented.
+* **Applications reacting to Rosalina menu button combo**: Rosalina merely polls button input at an interval to know when to show the menu. This means that the Rosalina menu combo can sometimes be processed by the game/process that is going to be paused.
+    * You can **change the menu combo** in the "Miscellaneous options" submenu (then save it with "Save settings" in the main menu) to work around this.
+
+## Building from source
+
+To build Luma3DS, the following is needed:
+* git
+* [makerom](https://github.com/jakcron/Project_CTR) in `$PATH`
+* [firmtool](https://github.com/TuxSH/firmtool) installed
+* up-to-date devkitARM and libctru:
+    * install `dkp-pacman` (or, for distributions that already provide pacman, add repositories): https://devkitpro.org/wiki/devkitPro_pacman
+    * install packages from `3ds-dev` metapackage: `sudo dkp-pacman -S 3ds-dev --needed`
+    * while libctru and Luma3DS releases are kept in sync, you may have to build libctru from source for non-release Luma3DS commits
+
+While Luma3DS releases are bundled with `3ds-hbmenu`, Luma3DS actually compiles into one single file: `boot.firm`. Just copy it over to the root of your SD card ([ftpd](https://github.com/mtheall/ftpd) is the easiest way to do so), and you're done.
+
+## Licensing
 This software is licensed under the terms of the GPLv3. You can find a copy of the license in the LICENSE.txt file.
 
-Files in the GDB stub are instead triple-licensed as MIT or "GPLv2 or any later version", in which case it's specified in the file header.
+Files in the GDB stub are instead triple-licensed as MIT or "GPLv2 or any later version", in which case it's specified in the file header. PM, SM, PXI reimplementations are also licensed under MIT.
+
+## Credits
+
+Luma3DS would not be what it is without the contributions and constructive feedback of many. We would like to thanks in particular:
+
+* **[@devkitPro](https://github.com/devkitPro)** (especially **[@fincs](https://github.com/fincs)**, **[@WinterMute](https://github.com/WinterMute)** and **[@mtheall](https://github.com/mtheall)**) for providing quality and easy-to-use toolchains with bleeding-edge GCC, and for their continued technical advice
+* **[@Nanquitas](https://github.com/Nanquitas)** for the initial version of the game plugin loader code as well as very useful contributions to the GDB stub
+* **[@piepie62](https://github.com/piepie62)** for the current implementation of the Rosalina cheat engine, **Duckbill** for its original implementation
+* **[@panicbit](https://github.com/panicbit)** for the original implementation of screen filters in Rosalina
+* **[@jasondellaluce](https://github.com/jasondellaluce)** for LayeredFS
+* **[@LiquidFenrir](https://github.com/LiquidFenrir)** for the memory viewer inside Rosalina's "Process List"
+* **ChaN** for [FatFs](http://elm-chan.org/fsw/ff/00index_e.html)
+* Everyone who has contributed to the Luma3DS repository
+* Everyone who has assisted with troubleshooting end-users
+* Everyone who has provided constructive feedback to Luma3DS

arm11/Makefile

@@ -26,7 +26,7 @@ INCLUDES	:=	include include/svc
 # options for code generation
 #---------------------------------------------------------------------------------
 ARCH	:=	-march=armv6k -mtune=mpcore -mfloat-abi=hard -mtp=soft
-DEFINES :=	-DARM11 -D_3DS
+DEFINES :=	-DARM11 -D__3DS__
 
 CFLAGS	:=	-g -std=gnu11 -Wall -Wextra -Werror -O2 -mword-relocations \
 			-fomit-frame-pointer -ffunction-sections -fdata-sections \

arm11/linker.specs

@@ -1,7 +1,7 @@
 %rename link                old_link
 
 *link:
-%(old_link) -T %:getenv(TOPDIR /linker.ld) --nmagic --gc-sections
+%(old_link) -T %:getenv(TOPDIR /linker.ld) --nmagic --gc-sections --no-warn-rwx-segments
 
 *startfile:
 crti%O%s crtbegin%O%s

arm11/source/main.c

@@ -84,7 +84,8 @@ static void initScreens(u32 brightnessLevel, struct fb *fbs)
     *(vu32 *)0x10400490 = 0x000002D0;
     *(vu32 *)0x1040049C = 0x00000000;
 
-    //Disco register
+    // Color LUT
+    *(vu32 *)0x10400480 = 0;
     for(u32 i = 0; i < 256; i++)
         *(vu32 *)0x10400484 = 0x10101 * i;
 
@@ -119,7 +120,8 @@ static void initScreens(u32 brightnessLevel, struct fb *fbs)
     *(vu32 *)0x10400590 = 0x000002D0;
     *(vu32 *)0x1040059C = 0x00000000;
 
-    //Disco register
+    // Color LUT
+    *(vu32 *)0x10400580 = 0;
     for(u32 i = 0; i < 256; i++)
         *(vu32 *)0x10400584 = 0x10101 * i;
 
@@ -175,7 +177,7 @@ static void swapFramebuffers(bool isAlternate)
 {
     u32 isAlternateTmp = isAlternate ? 1 : 0;
     *(vu32 *)0x10400478 = (*(vu32 *)0x10400478 & 0xFFFFFFFE) | isAlternateTmp;
-    *(vu32 *)0x10400578 = (*(vu32 *)0x10400478 & 0xFFFFFFFE) | isAlternateTmp;
+    *(vu32 *)0x10400578 = (*(vu32 *)0x10400578 & 0xFFFFFFFE) | isAlternateTmp;
 }
 
 static void updateBrightness(u32 brightnessLevel)
@@ -193,6 +195,28 @@ static void deinitScreens(void)
     *(vu32 *)0x10202014 = 0;
 }
 
+static void zerofillN3dsAblRegisters(void)
+{
+    // It should be fine to write to these regs even on O3DS as they
+    // are RAZ/WI
+
+    // TODO: read from calibration, but null values should do just
+    // fine. From testing, LUT explicitly ignores null values, and
+    // it is probably the case of reg @ 0x54 as well.
+    *(vu32 *)0x10202250 = 0; // unknown 24-bit value, seen: 0
+    *(vu32 *)0x10202254 = 0; // unknown 24-bit value, seen: nonzero
+
+    *(vu32 *)0x10202A50 = 0; // unknown 24-bit value, seen: 0
+    *(vu32 *)0x10202A54 = 0; // unknown 24-bit value, seen: nonzero
+
+    for (u32 i = 0; i < 64; i++) {
+        // Blend colors (w/ color multiplication) for each group
+        // of 4 relative-luminance Rs
+        *(vu32 *)(0x10202300 + 4*i) = 0;
+        *(vu32 *)(0x10202B00 + 4*i) = 0;
+    }
+}
+
 void main(void)
 {
     operation = ARM11_READY;
@@ -221,6 +245,9 @@ void main(void)
             case DEINIT_SCREENS:
                 deinitScreens();
                 break;
+            case ZEROFILL_N3DS_ABL_REGISTERS:
+                zerofillN3dsAblRegisters();
+                break;
             case PREPARE_ARM11_FOR_FIRMLAUNCH:
                 memcpy((void *)0x1FFFFC00, (void *)prepareForFirmlaunch, prepareForFirmlaunchSize);
                 *(vu32 *)0x1FFFFFFC = 0;

arm11/source/types.h

@@ -60,6 +60,7 @@ typedef enum
     SWAP_FRAMEBUFFERS,
     UPDATE_BRIGHTNESS,
     DEINIT_SCREENS,
+    ZEROFILL_N3DS_ABL_REGISTERS,
     PREPARE_ARM11_FOR_FIRMLAUNCH,
     ARM11_READY,
 } Arm11Operation;

arm9/Makefile

@@ -35,6 +35,9 @@ ifeq ($(strip $(shell git describe --tags --match v[0-9]* | grep -)),)
 	export IS_RELEASE		:=	1
 endif
 
+# Default 3DSX TitleID for hb:ldr (note: also defined in top-level Makefile)
+export HBLDR_DEFAULT_3DSX_TID ?= 000400000D921E00
+
 #---------------------------------------------------------------------------------
 # TARGET is the name of the output
 # BUILD is the directory where object files & intermediate files will be placed
@@ -53,11 +56,17 @@ INCLUDES	:=	include
 # options for code generation
 #---------------------------------------------------------------------------------
 ARCH	:=	-marm -march=armv5te -mtune=arm946e-s
-DEFINES :=	-DARM9 -D_3DS
 
+ifeq ($(BUILD_FOR_EXPLOIT_DEV),1)
+	DEFINES :=	-DARM9 -D__3DS__ -DHBLDR_DEFAULT_3DSX_TID="0x$(HBLDR_DEFAULT_3DSX_TID)ULL" -DBUILD_FOR_EXPLOIT_DEV=1
+else
+	DEFINES :=	-DARM9 -D__3DS__ -DHBLDR_DEFAULT_3DSX_TID="0x$(HBLDR_DEFAULT_3DSX_TID)ULL"
+endif
+
+FALSEPOSITIVES := -Wno-array-bounds -Wno-stringop-overflow -Wno-stringop-overread
 CFLAGS	:=	-g -std=gnu11 -Wall -Wextra -Werror -O2 -mword-relocations \
 			-fomit-frame-pointer -ffunction-sections -fdata-sections \
-			-Wno-main $(ARCH) $(DEFINES)
+			-Wno-main $(FALSEPOSITIVES) $(ARCH) $(DEFINES)
 
 CFLAGS	+=	$(INCLUDE)
 
@@ -158,13 +167,19 @@ $(OUTPUT).elf	:	$(OFILES)
 $(OFILES_SRC)	: $(HFILES_BIN)
 
 memory.o strings.o:	CFLAGS +=	-O3
-config.o:			CFLAGS +=	-DCONFIG_TITLE="\"$(APP_TITLE) $(REVISION) configuration\""
+patches.o config.o:	CFLAGS +=	-DCONFIG_TITLE="\"$(APP_TITLE) $(REVISION) configuration\""\
-patches.o:			CFLAGS +=	-DVERSION_MAJOR="$(VERSION_MAJOR)" -DVERSION_MINOR="$(VERSION_MINOR)"\
+								-DVERSION_MAJOR="$(VERSION_MAJOR)" -DVERSION_MINOR="$(VERSION_MINOR)"\
 								-DVERSION_BUILD="$(VERSION_BUILD)" -DISRELEASE="$(IS_RELEASE)" -DCOMMIT_HASH="0x$(COMMIT)"
+config.o ini.o:		CFLAGS +=	-DINI_HANDLER_LINENO=1 -DINI_STOP_ON_FIRST_ERROR=1
 #---------------------------------------------------------------------------------
 # you need a rule like this for each extension you use as binary data
 #---------------------------------------------------------------------------------
 %.bin.o	%_bin.h :	%.bin
+#---------------------------------------------------------------------------------
+	@echo $(notdir $<)
+	@$(bin2o)
+#---------------------------------------------------------------------------------
+%.ini.o	%_ini.h:	%.ini
 #---------------------------------------------------------------------------------
 	@echo $(notdir $<)
 	@$(bin2o)

arm9/linker.ld

@@ -46,6 +46,7 @@ SECTIONS
         chainloader.o(.text*)
         i2c.o(.text*)
         arm9_exception_handlers.o(.text*)
+        KEEP (*(.emunand_patch))
 
         *(.arm9_exception_handlers.rodata*)
         chainloader.o(.rodata*)

arm9/linker.specs

@@ -1,7 +1,7 @@
 %rename link                old_link
 
 *link:
-%(old_link) -T %:getenv(TOPDIR /linker.ld) --nmagic --gc-sections
+%(old_link) -T %:getenv(TOPDIR /linker.ld) --nmagic --gc-sections --no-warn-rwx-segments
 
 *startfile:
 crti%O%s crtbegin%O%s

arm9/source/3dsheaders.h

@@ -102,6 +102,20 @@ typedef struct
     u8 romFsHash[0x20]; //RomFS superblock SHA-256 hash
 } Ncch;
 
+typedef struct ExeFsFileHeader
+{
+    char name[8];
+    u32 offset;
+    u32 size;
+} ExeFsFileHeader;
+
+typedef struct ExeFsHeader
+{
+    ExeFsFileHeader fileHeaders[10];
+    u8 _reserved_0xa0[0xC0 - 0xA0];
+    u8 fileHashes[10][32];
+} ExeFsHeader;
+
 typedef struct
 {
     Ncch ncch;

arm9/source/arm9_exception_handlers.c

@@ -33,6 +33,16 @@
 #define REG_DUMP_SIZE   4 * 17
 #define CODE_DUMP_SIZE  48
 
+static inline void dumpArm9Memory(ExceptionDumpHeader *dumpHeader, u8 *buf)
+{
+    // Check if n3ds extra arm9 mem is enabled (if it's possible to read CFG9_EXTMEMCNT9)
+    u8 extmemcnt9 = 0;
+    safecpy(&extmemcnt9, (const void *)0x10000200, 1);
+
+    u32 size = (extmemcnt9 & 1) ? 0x180000 : 0x100000;
+    dumpHeader->additionalDataSize += safecpy(buf, (const void *)0x08000000, size);
+}
+
 void __attribute__((noreturn)) arm9ExceptionHandlerMain(u32 *registerDump, u32 type)
 {
     ExceptionDumpHeader dumpHeader;
@@ -42,7 +52,7 @@ void __attribute__((noreturn)) arm9ExceptionHandlerMain(u32 *registerDump, u32 t
     dumpHeader.magic[0] = 0xDEADC0DE;
     dumpHeader.magic[1] = 0xDEADCAFE;
     dumpHeader.versionMajor = 1;
-    dumpHeader.versionMinor = 2;
+    dumpHeader.versionMinor = 3;
 
     dumpHeader.processor = 9;
     dumpHeader.core = 0;
@@ -68,6 +78,25 @@ void __attribute__((noreturn)) arm9ExceptionHandlerMain(u32 *registerDump, u32 t
 
     //Dump stack in place
     dumpHeader.stackDumpSize = safecpy(final, (const void *)registerDump[13], 0x1000 - (registerDump[13] & 0xFFF));
+    final += dumpHeader.stackDumpSize;
+
+    // See if we need to copy Arm9 memory (check for bkpt 0xFFFD / bkpt 0xFD)
+    if(dumpHeader.codeDumpSize > 0)
+    {
+        if(cpsr & 0x20)
+        {
+            // Thumb
+            u16 instr;
+            safecpy(&instr, codeDump + dumpHeader.codeDumpSize - 2, 2);
+            if(instr == 0xBEFD) dumpArm9Memory(&dumpHeader, final);
+        }
+        else
+        {
+            u32 instr;
+            safecpy(&instr, codeDump + dumpHeader.codeDumpSize - 4, 4);
+            if(instr == 0xE12FFF7D) dumpArm9Memory(&dumpHeader, final);
+        }
+    }
 
     dumpHeader.totalSize = sizeof(ExceptionDumpHeader) + dumpHeader.registerDumpSize + dumpHeader.codeDumpSize + dumpHeader.stackDumpSize + dumpHeader.additionalDataSize;
 

arm9/source/config.h

@@ -28,39 +28,46 @@
 
 #include "types.h"
 
+#define AUTOBOOT_DEFAULT_TWL_TID    0x0003000448424C41ull
+
 #define CONFIG(a)        (((configData.config >> (a)) & 1) != 0)
 #define MULTICONFIG(a)   ((configData.multiConfig >> (2 * (a))) & 3)
 #define BOOTCONFIG(a, b) ((configData.bootConfig >> (a)) & (b))
 
-#define CONFIG_FILE         "config.bin"
+#define CONFIG_FILE         "config.ini"
-#define CONFIG_VERSIONMAJOR 2
+#define CONFIG_VERSIONMAJOR 3
-#define CONFIG_VERSIONMINOR 3
+#define CONFIG_VERSIONMINOR 13
 
-#define BOOTCFG_NAND         BOOTCONFIG(0, 7)
+#define BOOTCFG_NAND         BOOTCONFIG(0, 1)
-#define BOOTCFG_FIRM         BOOTCONFIG(3, 7)
+#define BOOTCFG_EMUINDEX     BOOTCONFIG(1, 3)
-#define BOOTCFG_NOFORCEFLAG  BOOTCONFIG(6, 1)
+#define BOOTCFG_NOFORCEFLAG  BOOTCONFIG(3, 1)
-#define BOOTCFG_NTRCARDBOOT  BOOTCONFIG(7, 1)
+#define BOOTCFG_NTRCARDBOOT  BOOTCONFIG(4, 1)
 
 enum multiOptions
 {
     DEFAULTEMU = 0,
     BRIGHTNESS,
     SPLASH,
-    SPLASH_DURATION,
     PIN,
-    NEWCPU
+    NEWCPU,
+    AUTOBOOTMODE,
+    FORCEAUDIOOUTPUT,
 };
 
 enum singleOptions
 {
     AUTOBOOTEMU = 0,
-    USEEMUFIRM,
     LOADEXTFIRMSANDMODULES,
     PATCHGAMES,
+    REDIRECTAPPTHREADS,
     PATCHVERSTRING,
     SHOWGBABOOT,
     PATCHUNITINFO,
-    DISABLEARM11EXCHANDLERS
+    ENABLEDSIEXTFILTER,
+    DISABLEARM11EXCHANDLERS,
+    ENABLESAFEFIRMROSALINA,
+
+    NUMCONFIGURABLE = PATCHUNITINFO,
 };
 
 typedef enum ConfigurationStatus

arm9/source/crypto.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2021 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -322,7 +322,7 @@ __attribute__((aligned(4))) static u8 nandCtr[AES_BLOCK_SIZE];
 static u8 nandSlot;
 static u32 fatStart = 0;
 
-FirmwareSource firmSource = FIRMWARE_SYSNAND;
+FirmwareSource ctrNandLocation = FIRMWARE_SYSNAND;
 
 __attribute__((aligned(4))) static const u8 key1s[2][AES_BLOCK_SIZE] = {
     {0x07, 0x29, 0x44, 0x38, 0xF8, 0xC9, 0x75, 0x93, 0xAA, 0x0E, 0x4A, 0xB4, 0xAE, 0x84, 0xC1, 0xD8},
@@ -348,7 +348,7 @@ int ctrNandInit(void)
     u8 __attribute__((aligned(4))) temp[0x200];
 
     //Read NCSD header
-    result = firmSource == FIRMWARE_SYSNAND ? sdmmc_nand_readsectors(0, 1, temp) : sdmmc_sdcard_readsectors(emuHeader, 1, temp);
+    result = ctrNandLocation == FIRMWARE_SYSNAND ? sdmmc_nand_readsectors(0, 1, temp) : sdmmc_sdcard_readsectors(emuOffset + emuHeader, 1, temp);
 
     if(!result)
     {
@@ -375,7 +375,7 @@ int ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf)
 
     //Read
     int result;
-    if(firmSource == FIRMWARE_SYSNAND)
+    if(ctrNandLocation == FIRMWARE_SYSNAND)
         result = sdmmc_nand_readsectors(sector + fatStart, sectorCount, outbuf);
     else
     {

arm9/source/crypto.h

@@ -110,7 +110,7 @@
 #define SHA_224_HASH_SIZE   (224 / 8)
 #define SHA_1_HASH_SIZE     (160 / 8)
 
-extern FirmwareSource firmSource;
+extern FirmwareSource ctrNandLocation;
 
 void sha(void *res, const void *src, u32 size, u32 mode);
 

arm9/source/deliver_arg.c

@@ -0,0 +1,279 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2022 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b and 7.c of GPLv3 apply to this file:
+*       * Requiring preservation of specified reasonable legal notices or
+*         author attributions in that material or in the Appropriate Legal
+*         Notices displayed by works containing it.
+*       * Prohibiting misrepresentation of the origin of that material,
+*         or requiring that modified versions of such material be marked in
+*         reasonable ways as different from the original version.
+*/
+
+#include "deliver_arg.h"
+#include "utils.h"
+#include "memory.h"
+#include "config.h"
+#include "fs.h"
+#include "i2c.h"
+#include "screen.h"
+
+u8 *loadDeliverArg(void)
+{
+    static __attribute__((aligned(8))) u8 deliverArg[0x1000] = {0};
+    static bool deliverArgLoaded = false;
+
+    if (!deliverArgLoaded)
+    {
+        u32 bootenv = CFG_BOOTENV;  // this register is preserved across reboots
+        if ((bootenv & 1) == 0) // true coldboot
+        {
+            memset(deliverArg, 0, 0x1000);
+        }
+        else
+        {
+            u32 mode = bootenv >> 1;
+            if (mode == 0) // CTR mode
+            {
+                memcpy(deliverArg, (const void *)0x20000000, 0x1000);
+
+                // Validate deliver arg
+                u32 testPattern = *(u32 *)(deliverArg + 0x438);
+                u32 *crcPtr = (u32 *)(deliverArg + 0x43C);
+                u32 crc = *crcPtr;
+                *crcPtr = 0; // clear crc field before calculation
+                u32 expectedCrc = crc32(deliverArg + 0x400, 0x140, 0xFFFFFFFF);
+                *crcPtr = crc;
+                if (testPattern != 0xFFFF || crc != expectedCrc)
+                    memset(deliverArg, 0, 0x1000);
+            }
+            else // Legacy modes
+            {
+                // Copy TWL deliver arg stuff as-is (0...0x300)
+                copyFromLegacyModeFcram(deliverArg, (const void *)0x20000000, 0x400);
+
+                // Validate TLNC (TWL launcher params) block
+                // Note: Nintendo doesn't do crcLen bound check
+                u8 *tlnc = deliverArg + 0x300;
+                bool hasMagic = memcmp(tlnc, "TLNC", 4) == 0;
+                u8 crcLen = tlnc[5];
+                u16 crc = *(u16 *)(tlnc + 6);
+                if (!hasMagic || (8 + crcLen) > 0x100 || crc != crc16(tlnc + 8, crcLen, 0xFFFF))
+                    memset(tlnc, 0, 0x100);
+
+                memset(deliverArg + 0x400, 0, 0xC00);
+            }
+        }
+        deliverArgLoaded = true;
+    }
+
+    return deliverArg;
+}
+
+void commitDeliverArg(void)
+{
+    u8 *deliverArg = loadDeliverArg();
+    u32 bootenv = CFG_BOOTENV;
+
+    if ((bootenv & 1) == 0) // if true coldboot, set bootenv to "CTR mode reboot"
+    {
+        bootenv = 1;
+        CFG_BOOTENV = 1;
+    }
+
+    u32 mode = bootenv >> 1;
+    if (mode == 0) // CTR mode
+    {
+        *(u32 *)(deliverArg + 0x438) = 0xFFFF;
+        *(u32 *)(deliverArg + 0x43C) = 0; // clear CRC field before calculating it
+        *(u32 *)(deliverArg + 0x43C) = crc32(deliverArg + 0x400, 0x140, 0xFFFFFFFF);
+        memcpy((void *)0x20000000, deliverArg, 0x1000);
+    }
+    else // Legacy modes (just TWL mode, really)
+    {
+        copyToLegacyModeFcram((void *)0x20000000, deliverArg, 0x400);
+    }
+}
+
+bool hasValidTlncAutobootParams(void)
+{
+    u8 *tlnc = loadDeliverArg() + 0x300; // loadDeliverArg clears invalid TLNC blocks
+    return memcmp(tlnc, "TLNC", 4) == 0 && (*(u16 *)(tlnc + 0x18) & 1) != 0;
+}
+
+bool isTwlToCtrLaunch(void)
+{
+    // assumes TLNC block is valid
+    u8 *tlnc = loadDeliverArg() + 0x300; // loadDeliverArg clears invalid TLNC blocks
+    u64 twlTid = *(u64 *)(tlnc + 0x10);
+
+    switch (twlTid & ~0xFFull)
+    {
+        case 0x0000000000000000ull: // TWL Launcher -> Home menu (note: NS checks full TID)
+        case 0x00030015484E4200ull: // TWL System Settings -> CTR System Settings (mset)
+            return true;
+        default:
+            return false;
+    }
+}
+
+static bool configureHomebrewAutobootCtr(u8 *deliverArg)
+{
+    static const u8 appmemtypesO3ds[] = { 0, 2, 3, 4, 5 };
+    static const u8 appmemtypesN3ds[] = { 6, 7, 7, 7, 7 };
+
+    u64 hbldrTid = configData.hbldr3dsxTitleId;
+    hbldrTid = hbldrTid == 0 ? HBLDR_DEFAULT_3DSX_TID : hbldrTid; // replicate Loader's behavior
+    if ((hbldrTid >> 46) != 0x10) // Not a CTR titleId. Bail out
+        return false;
+
+    u8 memtype = configData.autobootCtrAppmemtype;
+    // autobootCtrAppmemtype already checked, but it doesn't hurt to check again
+    memtype = memtype >= 5 ? 0 : memtype;
+    deliverArg[0x400] = ISN3DS ? appmemtypesN3ds[memtype] : appmemtypesO3ds[memtype];
+
+    // Determine whether to load from the SD card or from NAND. We don't support gamecards for this
+    u32 category = (hbldrTid >> 32) & 0xFFFF;
+    bool isSdApp = (category & 0x10) == 0 && category != 1; // not a system app nor a DLP child
+    *(u64 *)(deliverArg + 0x440) = hbldrTid;
+    *(u64 *)(deliverArg + 0x448) = isSdApp ? 1 : 0;
+
+    // Tell NS to run the title, and that it's not a title jump from legacy mode
+    *(u32 *)(deliverArg + 0x460) = (0 << 1) | (1 << 0);
+
+    // Whenever power button is held long enough ("force shutdown"), mcu sysmodule
+    // stores a flag in free reg 0. It will clear it next boot.
+
+    // During that next boot, if that flag was set and if CFG_BOOTENV.bit0 is set
+    // (warmboot/firm chainload, i.e. not coldbooting), then main() will simulate
+    // a "power button held" interrupt (after upgrading mcu fw if necessary -- it
+    // will reboot console after if it has upgraded mcu fw, I guess that's one of
+    // the reasons the flag is there). This obviously cause other processes to initiate
+    // a shutdown, and it also sets that flag again.
+
+    // In the case of autoboot, ns will panic when this happens. This caused
+    // hb autoboot to keep failing over and over again.
+
+    // Select free reg 0, read it, select it again, write it (clearing force shutdown flag)
+    I2C_writeReg(I2C_DEV_MCU, 0x60, 0);
+    u8 flags = I2C_readReg(I2C_DEV_MCU, 0x61);
+    flags &= ~4;
+    I2C_writeReg(I2C_DEV_MCU, 0x60, 0);
+    I2C_writeReg(I2C_DEV_MCU, 0x61, flags);
+
+    CFG_BOOTENV = 1;
+
+    return true;
+}
+
+static bool configureHomebrewAutobootTwl(u8 *deliverArg)
+{
+    // Here, we pretend to be a TWL app rebooting into another TWL app.
+    // We get NS to do all the heavy lifting (starting NWM and AM, etc.) this way.
+
+    memset(deliverArg + 0x000, 0, 0x300); // zero TWL deliver arg params
+
+    // Now onto TLNC (launcher params):
+    u8 *tlnc = deliverArg + 0x300;
+    memset(tlnc, 0, 0x100);
+    memcpy(tlnc, "TLNC", 4);
+    tlnc[4] = 1; // version
+    tlnc[5] = 0x18; // length of data to calculate CRC over
+
+    *(u64 *)(tlnc + 8) = 0; // old title ID
+    *(u64 *)(tlnc + 0x10) = configData.autobootTwlTitleId; // new title ID
+    // bit4: "skip logo" ; bits2:1: NAND boot ; bit0: valid
+    *(u16 *)(tlnc + 0x18) = (1 << 4) | (3 << 1) | (1 << 0);
+
+    *(u16 *)(tlnc + 6) = crc16(tlnc + 8, 0x18, 0xFFFF);
+
+    // Even though (when running TWL/AGB FIRM) the SoC is in O3DS mode, and the GPU also is,
+    // as well as most other components behaving as such (external RAM, L2C not usable, etc.),
+    // this is NOT the case for the LCD and adaptive backlight logic which retains FULL N3DS
+    // functionality, including a feature where the window is blended with a given color depending
+    // on the overall relative luminance of that window.
+
+    // However, Nintendo's own code mistakenly assumes the opposite, and clearly so ("if GPU in N3DS mode"
+    // checks, not passing N3DS extra adaptive backlight (ABL) to TWL/AGB_FIRM). This has implications:
+
+    // - Powersaving (ABL) settings in TWL/AGB_FIRM is inconsistent with *both* O3DS (because the new RGB blend LUT
+    // has been set to its current value by NATIVE_FIRM) and N3DS (because "pwn_cnt" and "inertia" are missing
+    // their N3DS-only bits)
+    // - "rave party" when booting into TWL/AGB_FIRM or O3DS NATIVE_FIRM without these regs (well, the LUT) initialized.
+    // Easiest way to do so is by leveraging the "DSi autooboot" feature Luma provides. It is worth noting at least
+    // the LUT survives hardware reboots (if Nintendo were using DSi software that was using TLNC-based reboots,
+    // they wouldn't have noticed).
+
+    // As such, zerofill these registers (from testing, hardware explicitly discards null values, so this
+    // should be fine). For now, only touch the Luma-initiated autoboot path
+
+    if (ISN3DS)
+        zerofillN3dsAblRegisters();
+
+    CFG_BOOTENV = 3;
+
+    return true;
+}
+
+bool configureHomebrewAutoboot(void)
+{
+    bool ret;
+    u8 *deliverArg = loadDeliverArg();
+
+    u32 bootenv = CFG_BOOTENV;
+    u32 mode = bootenv >> 1;
+
+    // NS always writes a valid deliver arg on reboot, no matter what.
+    // Check if it is empty, and, of course, bail out if we aren't rebooting from
+    // NATIVE_FIRM.
+    // Checking if it is empty is necessary to let us reboot from autobooted hbmenu
+    // to hbmenu.
+
+    if (mode != 0)
+        return false;
+    else if (bootenv == 1)
+    {
+        for (u32 i = 0; i < 0x410; i++)
+        {
+            if (deliverArg[i] != 0)
+                return false;
+        }
+        for (u32 i = 0x440; i < 0x1000; i++)
+        {
+            if (deliverArg[i] != 0)
+                return false;
+        }
+    }
+
+    switch (MULTICONFIG(AUTOBOOTMODE))
+    {
+        case 1:
+            ret = configureHomebrewAutobootCtr(deliverArg);
+            break;
+        case 2:
+            ret = configureHomebrewAutobootTwl(deliverArg);
+            break;
+        case 0:
+        default:
+            ret = false;
+            break;
+    }
+
+    if (ret)
+        commitDeliverArg();
+    return ret;
+}

arm9/source/deliver_arg.h

@@ -0,0 +1,37 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2022 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b and 7.c of GPLv3 apply to this file:
+*       * Requiring preservation of specified reasonable legal notices or
+*         author attributions in that material or in the Appropriate Legal
+*         Notices displayed by works containing it.
+*       * Prohibiting misrepresentation of the origin of that material,
+*         or requiring that modified versions of such material be marked in
+*         reasonable ways as different from the original version.
+*/
+
+#pragma once
+
+#include "types.h"
+
+u8 *loadDeliverArg(void);
+void commitDeliverArg(void);
+
+bool hasValidTlncAutobootParams(void);
+bool isTwlToCtrLaunch(void); // assumes TLNC block is valid
+
+bool configureHomebrewAutoboot(void);

arm9/source/draw.c

@@ -58,8 +58,7 @@ bool loadSplash(void)
 
     swapFramebuffers(true);
 
-    u32 durationIndex = MULTICONFIG(SPLASH_DURATION);
+    wait(configData.splashDurationMsec);
-    wait(1000ULL + (durationIndex * 2000ULL));
 
     return true;
 }

arm9/source/draw.h

@@ -39,6 +39,7 @@
 #define COLOR_TITLE  0xFF9900
 #define COLOR_WHITE  0xFFFFFF
 #define COLOR_RED    0x0000FF
+#define COLOR_GREEN  0x00FF00
 #define COLOR_BLACK  0x000000
 #define COLOR_YELLOW 0x00FFFF
 
@@ -47,4 +48,6 @@
 bool loadSplash(void);
 void drawCharacter(bool isTopScreen, u32 posX, u32 posY, u32 color, char character);
 u32 drawString(bool isTopScreen, u32 posX, u32 posY, u32 color, const char *string);
+
+__attribute__((format(printf,5,6)))
 u32 drawFormattedString(bool isTopScreen, u32 posX, u32 posY, u32 color, const char *fmt, ...);

arm9/source/emunand.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2021 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -38,7 +38,7 @@
 u32 emuOffset,
     emuHeader;
 
-void locateEmuNand(FirmwareSource *nandType)
+void locateEmuNand(FirmwareSource *nandType, u32 *emunandIndex, bool configureCtrNandParams)
 {
     static u8 __attribute__((aligned(4))) temp[0x200];
     static u32 nandSize = 0,
@@ -51,7 +51,10 @@ void locateEmuNand(FirmwareSource *nandType)
         fatStart = *(u32 *)(temp + 0x1C6); //First sector of the FAT partition
     }
 
-    for(u32 i = 0; i < 3; i++)
+    /*if (*nandType == FIRMWARE_SYSNAND)
+        return;*/
+
+    for(u32 i = 0; i < 3; i++)  // Test the different kinds of multi-EmuNAND there are, unless we are looking for the first one
     {
         static const u32 roundedMinsizes[] = {0x1D8000, 0x26E000};
 
@@ -65,56 +68,64 @@ void locateEmuNand(FirmwareSource *nandType)
                 nandOffset = roundedMinsizes[ISN3DS ? 1 : 0]; //"Minsize" layout
                 break;
             case 0:
-                nandOffset = *nandType == FIRMWARE_EMUNAND ? 0 : (nandSize > 0x200000 ? 0x400000 : 0x200000); //"Legacy" layout
+                nandOffset = nandSize > 0x200000 ? 0x400000 : 0x200000; //"Legacy" layout
                 break;
         }
 
-        if(*nandType != FIRMWARE_EMUNAND) nandOffset *= ((u32)*nandType - 1);
+        nandOffset *= *emunandIndex; // always 0 for 1st EmuNAND
 
         if(fatStart >= nandOffset + roundedMinsizes[ISN3DS ? 1 : 0])
         {
             //Check for RedNAND
             if(!sdmmc_sdcard_readsectors(nandOffset + 1, 1, temp) && memcmp(temp + 0x100, "NCSD", 4) == 0)
             {
-                emuOffset = nandOffset + 1;
+                if (configureCtrNandParams)
-                emuHeader = nandOffset + 1;
+                {
+                    emuOffset = nandOffset + 1;
+                    emuHeader = 0;
+                }
                 return;
             }
 
             //Check for Gateway EmuNAND
             else if(i != 2 && !sdmmc_sdcard_readsectors(nandOffset + nandSize, 1, temp) && memcmp(temp + 0x100, "NCSD", 4) == 0)
             {
-                emuOffset = nandOffset;
+                if (configureCtrNandParams)
-                emuHeader = nandOffset + nandSize;
+                {
+                    emuOffset = nandOffset;
+                    emuHeader = nandSize;
+                }
                 return;
             }
         }
 
-        if(*nandType == FIRMWARE_EMUNAND) break;
+        if(*emunandIndex == 0) break; // See above comments
     }
 
     //Fallback to the first EmuNAND if there's no second/third/fourth one, or to SysNAND if there isn't any
-    if(*nandType != FIRMWARE_EMUNAND)
+    if(*emunandIndex != 0)
     {
-        *nandType = FIRMWARE_EMUNAND;
+        *emunandIndex = 0;
-        locateEmuNand(nandType);
+        locateEmuNand(nandType, emunandIndex, configureCtrNandParams);
     }
     else *nandType = FIRMWARE_SYSNAND;
 }
 
-static inline bool getFreeK9Space(u8 *pos, u32 size, u8 **freeK9Space)
+static inline u32 getProtoSdmmc(u32 *sdmmc, u32 firmVersion)
 {
-    static const u8 pattern[] = {0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0x00};
+    switch(firmVersion)
+    {
+        case 243: // SDK 0.9.x (0.9.7?)
+            *sdmmc = (0x080AAA28 + 0x4e0);
+            break;
+        case 238: // SDK 0.10
+            *sdmmc = (0x080BEA70 + 0x690);
+            break;
+        default:
+            return 1;
+    }
 
-    //Looking for the last free space before Process9
+    return 0;
-    *freeK9Space = memsearch(pos, pattern, size, sizeof(pattern));
-
-    if(*freeK9Space == NULL || (u32)(pos + size - *freeK9Space) < 0x455 + emunandPatchSize ||
-       *(u32 *)(*freeK9Space + 0x455 + emunandPatchSize - 4) != 0xFFFFFFFF) return false;
-
-    *freeK9Space += 0x455;
-
-    return true;
 }
 
 static inline u32 getOldSdmmc(u32 *sdmmc, u32 firmVersion)
@@ -149,7 +160,7 @@ static inline u32 getSdmmc(u8 *pos, u32 size, u32 *sdmmc)
     return 0;
 }
 
-static inline u32 patchNandRw(u8 *pos, u32 size, u32 branchOffset)
+static inline u32 patchNandRw(u8 *pos, u32 size, u32 hookAddr)
 {
     //Look for read/write code
     static const u8 pattern[] = {0x1E, 0x00, 0xC8, 0x05};
@@ -167,32 +178,118 @@ static inline u32 patchNandRw(u8 *pos, u32 size, u32 branchOffset)
     writeOffset -= 3;
     *readOffset = *writeOffset = 0x4C00;
     readOffset[1] = writeOffset[1] = 0x47A0;
-    ((u32 *)writeOffset)[1] = ((u32 *)readOffset)[1] = branchOffset;
+    ((u32 *)writeOffset)[1] = ((u32 *)readOffset)[1] = hookAddr;
 
     return 0;
 }
 
-static inline u32 patchMpu(u8 *pos, u32 size)
+static inline u32 patchProtoNandRw(u8 *pos, u32 size, u32 hookAddr, u32 hookCidAddr)
 {
-    //Look for MPU pattern
+    //Look for read/write code
-    static const u8 pattern[] = {0x03, 0x00, 0x24, 0x00};
+    static const u8 pattern[] = {
+        0x03, 0x00, 0x51, 0xE3, // cmp r1, #3
+        0x02, 0xC0, 0xA0, 0xE1, // mov r12, r2
+        0x04, 0x00, 0x80, 0xE2, // add r0, r0, #4
+    };
 
-    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
+    u32 *writeOffset = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
 
-    if(off == NULL) return 1;
+    if(writeOffset == NULL) return 1;
 
-    off[1] = 0x0036;
+    u32 *readOffset = (u32 *)memsearch((u8 *)(writeOffset + 3), pattern, 0x400, sizeof(pattern));
-    off[0xC] = off[0x12] = 0x0603;
+
+    if(readOffset == NULL) return 1;
+
+    // Find the sdmmc mount/init(?) function
+    static const u8 mount_pattern[] = {
+        0x20, 0x00, 0x84, 0xE2, // add r0, r4, 0x20
+        0x01, 0x20, 0xA0, 0xE3, // mov r2, #1
+        0x00, 0x10, 0xA0, 0xE3, // mov r1, #0
+    };
+    u32* mountOffset = (u32*) memsearch(pos, mount_pattern, size, sizeof(mount_pattern));
+    if (mountOffset == NULL) return 1;
+
+    // Find the sdmmc read cid function.
+    static const u8 readcid_pattern[] = {
+        0x31, 0xFF, 0x2F, 0xE1, // blx r1
+        0x20, 0x60, 0x9F, 0xE5, // ldr r6, [pc, #0x20] // =failing_result
+        0x00, 0x00, 0x50, 0xE3, // cmp r0, #0
+    };
+    u32* readCidOffset = (u32*) memsearch(pos, readcid_pattern, size, sizeof(readcid_pattern));
+    if (readCidOffset == NULL) return 1;
+    readCidOffset -= 5;
+
+    mountOffset[1] = 0xe3a02000; // mov r2, #0 // sd-card
+
+    readOffset[0] = writeOffset[0] = 0xe52de004; // push {lr}
+    readOffset[1] = writeOffset[1] = 0xe59fc000; // ldr r12, [pc, #0]
+    readOffset[2] = writeOffset[2] = 0xe12fff3c; // blx r12
+    readOffset[3] = writeOffset[3] = hookAddr;
+
+    readCidOffset[0] = 0xe59fc000; // ldr r12, [pc, #0]
+    readCidOffset[1] = 0xe12fff3c; // blx r12
+    readCidOffset[2] = hookCidAddr;
+
+    // Read the emmc cid into the place hook will copy it from
+    sdmmc_get_cid(1, emunandPatchNandCid);
 
     return 0;
 }
 
-u32 patchEmuNand(u8 *arm9Section, u32 kernel9Size, u8 *process9Offset, u32 process9Size, u8 *kernel9Address, u32 firmVersion)
+static inline u32 patchProtoNandRw238(u8 *pos, u32 size, u32 hookAddr, u32 hookCidAddr)
 {
-    u8 *freeK9Space;
+    //Look for read/write code
+    static const u8 pattern[] = {
+        0x03, 0x00, 0x50, 0xE3, // cmp r0, #3
+        0x00, 0x00, 0xA0, 0x13, // movne r0, #0
+        0x01, 0x00, 0xA0, 0x03, // moveq r0, #1
+    };
 
-    if(!getFreeK9Space(arm9Section, kernel9Size, &freeK9Space)) return 1;
+    u32 *writeOffset = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
 
+    if(writeOffset == NULL) return 1;
+
+    u32 *readOffset = (u32 *)memsearch((u8 *)(writeOffset + 3), pattern, 0x400, sizeof(pattern));
+
+    if(readOffset == NULL) return 1;
+
+    // Find the mmc static ctor...
+    static const u8 mount_pattern[] = {
+        0x08, // last byte of some ptr to something in P9
+        0x01, 0x01, 0x00, 0x00, // emmc controller id
+    };
+    u8* mountOffset = (u8*) memsearch(pos, mount_pattern, size, sizeof(mount_pattern));
+    if (mountOffset == NULL) return 1;
+    mountOffset++;
+
+    // Find the sdmmc read cid function.
+    static const u8 readcid_pattern[] = {
+        0x31, 0xFF, 0x2F, 0xE1, // blx r1
+        0x20, 0x60, 0x9F, 0xE5, // ldr r6, [pc, #0x20] // =failing_result
+        0x00, 0x00, 0x50, 0xE3, // cmp r0, #0
+    };
+    u32* readCidOffset = (u32*) memsearch(pos, readcid_pattern, size, sizeof(readcid_pattern));
+    if (readCidOffset == NULL) return 1;
+    readCidOffset -= 5;
+
+    *(u32*)mountOffset = 0x300; // sd card
+
+    readOffset[0] = writeOffset[0] = 0xe59fc000; // ldr r12, [pc, #0]
+    readOffset[1] = writeOffset[1] = 0xe12fff3c; // blx r12
+    readOffset[2] = writeOffset[2] = hookAddr;
+
+    readCidOffset[0] = 0xe59fc000; // ldr r12, [pc, #0]
+    readCidOffset[1] = 0xe12fff3c; // blx r12
+    readCidOffset[2] = hookCidAddr;
+
+    // Read the emmc cid into the place hook will copy it from
+    sdmmc_get_cid(1, emunandPatchNandCid);
+
+    return 0;
+}
+
+u32 patchEmuNand(u8 *process9Offset, u32 process9Size, u32 firmVersion)
+{
     u32 ret = 0;
 
     //Add the data of the found EmuNAND
@@ -204,15 +301,38 @@ u32 patchEmuNand(u8 *arm9Section, u32 kernel9Size, u8 *process9Offset, u32 proce
     ret += !ISN3DS && firmVersion < 0x25 ? getOldSdmmc(&sdmmc, firmVersion) : getSdmmc(process9Offset, process9Size, &sdmmc);
     if(!ret) emunandPatchSdmmcStructPtr = sdmmc;
 
-    //Copy EmuNAND code
-    memcpy(freeK9Space, emunandPatch, emunandPatchSize);
-
     //Add EmuNAND hooks
-    u32 branchOffset = (u32)(freeK9Space - arm9Section + kernel9Address);
+    ret += patchNandRw(process9Offset, process9Size, (u32)emunandPatch);
-    ret += patchNandRw(process9Offset, process9Size, branchOffset);
-
-    //Set MPU
-    ret += patchMpu(arm9Section, kernel9Size);
 
     return ret;
 }
+
+u32 patchProtoEmuNand(u8 *process9Offset, u32 process9Size)
+{
+    extern u32 firmProtoVersion;
+    u32 ret = 0;
+
+    // Add the data of the found EmuNAND
+    emunandPatchNandOffset = emuOffset;
+    emunandPatchNcsdHeaderOffset = emuHeader;
+
+    // Find and add the SDMMC struct
+    u32 sdmmc;
+    ret += getProtoSdmmc(&sdmmc, firmProtoVersion);
+    if(!ret) emunandPatchSdmmcStructPtr = sdmmc;
+
+    // Add EmuNAND hooks
+    switch (firmProtoVersion) {
+        case 243: // SDK 0.9.x (0.9.7?)
+            ret += patchProtoNandRw(process9Offset, process9Size, (u32)emunandProtoPatch, (u32)emunandProtoCidPatch);
+            break;
+        case 238: // SDK 0.10.x
+            ret += patchProtoNandRw238(process9Offset, process9Size, (u32)emunandProtoPatch238, (u32)emunandProtoCidPatch);
+            break;
+        default:
+            ret++;
+            break;
+    }
+
+    return ret;
+}

arm9/source/emunand.h

@@ -37,5 +37,6 @@
 extern u32 emuOffset,
            emuHeader;
 
-void locateEmuNand(FirmwareSource *nandType);
+void locateEmuNand(FirmwareSource *nandType, u32 *emunandIndex, bool configureCtrNandParams);
-u32 patchEmuNand(u8 *arm9Section, u32 kernel9Size, u8 *process9Offset, u32 process9Size, u8 *kernel9Address, u32 firmVersion);
+u32 patchEmuNand(u8 *process9Offset, u32 process9Size, u32 firmVersion);
+u32 patchProtoEmuNand(u8 *process9Offset, u32 process9Size);

arm9/source/emunand_patch.s

@@ -0,0 +1,194 @@
+.section .emunand_patch, "aw", %progbits
+.arm
+.align 4
+
+@ Code originally by Normmatt
+
+.global emunandPatch
+emunandPatch:
+    @ Original code that still needs to be executed
+    mov r4, r0
+    mov r5, r1
+    mov r7, r2
+    mov r6, r3
+    @ End
+
+    @ If we're already trying to access the SD, return
+    ldr r2, [r0, #4]
+    ldr r1, emunandPatchSdmmcStructPtr
+    cmp r2, r1
+    beq out
+
+    str r1, [r0, #4] @ Set object to be SD
+    ldr r2, [r0, #8] @ Get sector to read
+    cmp r2, #0 @ For GW compatibility, see if we're trying to read the ncsd header (sector 0)
+
+    ldr r3, emunandPatchNandOffset
+    add r2, r3 @ Add the offset to the NAND in the SD
+
+    ldreq r3, emunandPatchNcsdHeaderOffset
+    addeq r2, r3 @ If we're reading the ncsd header, add the offset of that sector
+
+    str r2, [r0, #8] @ Store sector to read
+
+    out:
+        @ Restore registers.
+        mov r1, r5
+        mov r2, r7
+        mov r3, r6
+
+        @ Return 4 bytes behind where we got called,
+        @ due to the offset of this function being stored there
+        mov r0, lr
+        add r0, #4
+        bx r0
+
+.pool
+
+_emunandPatchEnd:
+
+.global emunandProtoPatch
+emunandProtoPatch:
+    @ Save registers
+    push {r0-r3}
+
+    @ If we're already trying to access the SD, return
+    ldr r2, [r0, #4]
+    ldr r1, emunandPatchSdmmcStructPtr
+    cmp r2, r1
+    beq _out
+
+    ldrb r2, [r1, #0xc] @ Get sdmc->m_isInitialised
+    cmp r2, #0 @ Is initialised?
+    beq _pastSdmc @ if not, use "NAND" object, patched elsewhere to access SD
+    str r1, [r0, #4] @ Set object to be SD
+    _pastSdmc:
+    ldr r2, [r0, #8] @ Get sector to read
+    cmp r2, #0 @ For GW compatibility, see if we're trying to read the ncsd header (sector 0)
+
+    ldr r3, emunandPatchNandOffset
+    add r2, r3 @ Add the offset to the NAND in the SD
+
+    ldreq r3, emunandPatchNcsdHeaderOffset
+    addeq r2, r3 @ If we're reading the ncsd header, add the offset of that sector
+
+    str r2, [r0, #8] @ Store sector to read
+
+    _out:
+        @ Restore registers
+        pop {r0-r3}
+        @ Execute original code that got patched.
+        cmp r1, #3
+        mov r12, r2
+        add r0, r0, #4
+        movne r1, #0
+        moveq r1, #1
+        @ r2 about to be overwritten, so it's free to use here.
+        @ Save off our return address and restore lr.
+        mov r2, lr
+        pop {lr}
+        @ r2+0 is return address (patched movne r1, #0)
+        @ r2+4 is moveq r1, #1
+        @ r2+8 is the following instruction (mov r2, r3)
+        add r2, #8
+        bx r2
+
+.global emunandProtoCidPatch
+emunandProtoCidPatch:
+    @ If we're already trying to access the SD, return
+    ldr r4, emunandPatchSdmmcStructPtr
+    cmp r0, r4
+    beq _cid_return
+    
+    @ Trying to access nand, so copy the NAND cid into r1
+    adr r4, emunandPatchNandCid
+    ldr r2, [r4, #0]
+    ldr r3, [r4, #4]
+    ldr r5, [r4, #8]
+    ldr r6, [r4, #0xc]
+    str r2, [r1, #0]
+    str r3, [r1, #4]
+    str r5, [r1, #8]
+    str r6, [r1, #0xc]
+    @ And return from whence we came
+    mov r0, #0
+    pop {r4-r6, pc}
+    
+    _cid_return:
+        @ Execute original code that got patched.
+        mov r4, r0
+        ldr r0, [r0]
+        mov r5, r1
+        @ lr+0 is return address (patched mov r5, r1)
+        @ lr+4 is following instruction (ldr r1, [r0,#8])
+        add lr, #4
+        bx lr
+
+.global emunandProtoPatch238
+emunandProtoPatch238:
+    @ Save registers
+    push {r0-r3}
+
+    @ If we're already trying to access the SD, return
+    ldr r2, [r4, #4]
+    ldr r1, emunandPatchSdmmcStructPtr
+    cmp r2, r1
+    beq _out238
+
+    ldr r2, [r1, #0x24] @ Get sdmc->m_someObjInitedLater
+    cmp r2, #0 @ Is initialised?
+    beq _pastSdmc238 @ if not, use "NAND" object, patched elsewhere to access SD
+    str r1, [r4, #4] @ Set object to be SD
+    _pastSdmc238:
+
+    ldr r2, [r4, #8] @ Get sector to read
+    cmp r2, #0 @ For GW compatibility, see if we're trying to read the ncsd header (sector 0)
+
+    ldr r3, emunandPatchNandOffset
+    add r2, r3 @ Add the offset to the NAND in the SD
+
+    ldreq r3, emunandPatchNcsdHeaderOffset
+    addeq r2, r3 @ If we're reading the ncsd header, add the offset of that sector
+
+    str r2, [r4, #8] @ Store sector to read
+
+    _out238:
+        @ Restore registers
+        pop {r0-r3}
+        @ Execute original code that got patched.
+        cmp r0, #3
+        movne r0, #0
+        moveq r0, #1
+        @ r1 about to be overwritten, so it's free to use here.
+        @ Save off our return address.
+        mov r1, lr
+        @ r1+0 is return address (patched moveq r1, #1)
+        @ r1+4 is tst r0, #0xff or sub sp, sp, #0xc
+        add r1, #4
+        bx r1
+
+.pool
+
+.global emunandPatchSdmmcStructPtr
+.global emunandPatchNandOffset
+.global emunandPatchNcsdHeaderOffset
+.global emunandPatchNandCid
+
+_emunandPatchBssStart:
+emunandPatchSdmmcStructPtr:     .word   0 @ Pointer to sdmmc struct
+emunandPatchNandOffset:         .word   0 @ For rednand this should be 1
+emunandPatchNcsdHeaderOffset:   .word   0 @ Depends on nand manufacturer + emunand type (GW/RED)
+emunandPatchNandCid:                      @ Store emmc cid here, to override "sdmc's" when trying to read emmc's
+    .word 0,0,0,0 
+_emunandPatchBssEnd:
+
+.pool
+.balign 4
+
+.global emunandPatchSize
+emunandPatchSize:
+    .word _emunandPatchEnd - emunandPatch
+
+.global emunandPatchBssSize
+emunandPatchBssSize:
+    .word _emunandPatchBssEnd - _emunandPatchBssStart

arm9/source/exceptions.c

@@ -34,6 +34,8 @@
 #include "buttons.h"
 #include "arm9_exception_handlers.h"
 
+// See https://github.com/LumaTeam/luma3ds_exception_dump_parser
+
 void installArm9Handlers(void)
 {
     vu32 *dstVeneers = (vu32 *)0x08000000;
@@ -127,8 +129,15 @@ void detectAndProcessExceptionDumps(void)
     }
 
     if(dumpHeader->additionalDataSize != 0)
-        posY = drawFormattedString(true, 10, posY + SPACING_Y, COLOR_WHITE,
+    {
-                                   "Current process: %.8s (%016llX)", (const char *)additionalData, *(vu64 *)(additionalData + 8));
+        u32 size = dumpHeader->additionalDataSize;
+        if(dumpHeader->processor == 11)
+            posY = drawFormattedString(true, 10, posY + SPACING_Y, COLOR_WHITE,
+                                    "Current process: %.8s (%016llX)", (const char *)additionalData, *(vu64 *)(additionalData + 8));
+        else
+            posY = drawFormattedString(true, 10, posY + SPACING_Y, COLOR_WHITE,
+                                    "Arm9 memory dump at offset %X size %lX", (uintptr_t)additionalData - (uintptr_t)dumpHeader, size);
+    }
     posY += SPACING_Y;
 
     for(u32 i = 0; i < 17; i += 2)

arm9/source/fatfs/00history.txt

@@ -328,3 +328,42 @@ R0.13c (October 14, 2018)
   Fixed creating a sub-directory in the fragmented sub-directory on the exFAT volume collapses FAT chain of the parent directory. (appeared at R0.12)
   Fixed f_getcwd() cause output buffer overrun when the buffer has a valid drive number. (appeared at R0.13b)
 
+
+
+R0.14 (October 14, 2019)
+  Added support for 64-bit LBA and GUID partition table (FF_LBA64 = 1)
+  Changed some API functions, f_mkfs() and f_fdisk().
+  Fixed f_open() function cannot find the file with file name in length of FF_MAX_LFN characters.
+  Fixed f_readdir() function cannot retrieve long file names in length of FF_MAX_LFN - 1 characters.
+  Fixed f_readdir() function returns file names with wrong case conversion. (appeared at R0.12)
+  Fixed f_mkfs() function can fail to create exFAT volume in the second partition. (appeared at R0.12)
+
+
+R0.14a (December 5, 2020)
+  Limited number of recursive calls in f_findnext().
+  Fixed old floppy disks formatted with MS-DOS 2.x and 3.x cannot be mounted.
+  Fixed some compiler warnings.
+
+
+
+R0.14b (April 17, 2021)
+  Made FatFs uses standard library <string.h> for copy, compare and search instead of built-in string functions.
+  Added support for long long integer and floating point to f_printf(). (FF_STRF_LLI and FF_STRF_FP)
+  Made path name parser ignore the terminating separator to allow "dir/".
+  Improved the compatibility in Unix style path name feature.
+  Fixed the file gets dead-locked when f_open() failed with some conditions. (appeared at R0.12a)
+  Fixed f_mkfs() can create wrong exFAT volume due to a timing dependent error. (appeared at R0.12)
+  Fixed code page 855 cannot be set by f_setcp().
+  Fixed some compiler warnings.
+
+
+
+R0.15 (November 6, 2022)
+  Changed user provided synchronization functions in order to completely eliminate the platform dependency from FatFs code.
+  FF_SYNC_t is removed from the configuration options.
+  Fixed a potential error in f_mount when FF_FS_REENTRANT.
+  Fixed file lock control FF_FS_LOCK is not mutal excluded when FF_FS_REENTRANT && FF_VOLUMES > 1 is true.
+  Fixed f_mkfs() creates broken exFAT volume when the size of volume is >= 2^32 sectors.
+  Fixed string functions cannot write the unicode characters not in BMP when FF_LFN_UNICODE == 2 (UTF-8).
+  Fixed a compatibility issue in identification of GPT header.
+

arm9/source/fatfs/00readme.txt

@@ -1,4 +1,4 @@
-FatFs Module Source Files R0.13c
+FatFs Module Source Files R0.15
 
 
 FILES

arm9/source/fatfs/diskio.c

@@ -1,138 +1,186 @@
-/*-----------------------------------------------------------------------*/
+/*-----------------------------------------------------------------------*/
-/* Low level disk I/O module skeleton for FatFs     (C)ChaN, 2014        */
+/* Low level disk I/O module SKELETON for FatFs     (C)ChaN, 2019        */
-/*-----------------------------------------------------------------------*/
+/*-----------------------------------------------------------------------*/
-/* If a working storage control module is available, it should be        */
+/* If a working storage control module is available, it should be        */
-/* attached to the FatFs via a glue function rather than modifying it.   */
+/* attached to the FatFs via a glue function rather than modifying it.   */
-/* This is an example of glue functions to attach various exsisting      */
+/* This is an example of glue functions to attach various exsisting      */
-/* storage control modules to the FatFs module with a defined API.       */
+/* storage control modules to the FatFs module with a defined API.       */
-/*-----------------------------------------------------------------------*/
+/*-----------------------------------------------------------------------*/
-
+
-#include "diskio.h"		/* FatFs lower layer API */
+#include "ff.h"			/* Obtains integer types */
-#include "sdmmc/sdmmc.h"
+#include "diskio.h"		/* Declarations of disk functions */
-#include "../crypto.h"
+#include "sdmmc/sdmmc.h"
-#include "../i2c.h"
+#include "../crypto.h"
-
+#include "../i2c.h"
-/* Definitions of physical drive number for each media */
+
-#define SDCARD        0
+/* Definitions of physical drive number for each drive */
-#define CTRNAND       1
+#define SDCARD        0
-
+#define CTRNAND       1
-/*-----------------------------------------------------------------------*/
+
-/* Get Drive Status                                                      */
+/*-----------------------------------------------------------------------*/
-/*-----------------------------------------------------------------------*/
+/* Get Drive Status                                                      */
-
+/*-----------------------------------------------------------------------*/
-DSTATUS disk_status (
+
-    __attribute__((unused))
+DSTATUS disk_status (
-    BYTE pdrv		/* Physical drive nmuber to identify the drive */
+    BYTE pdrv		/* Physical drive nmuber to identify the drive */
-)
+)
-{
+{
-    return RES_OK;
+    (void)pdrv;
-}
+    return RES_OK;
-
+}
-
+
-
+
-/*-----------------------------------------------------------------------*/
+
-/* Inidialize a Drive                                                    */
+/*-----------------------------------------------------------------------*/
-/*-----------------------------------------------------------------------*/
+/* Inidialize a Drive                                                    */
-
+/*-----------------------------------------------------------------------*/
-DSTATUS disk_initialize (
+
-    BYTE pdrv				/* Physical drive nmuber to identify the drive */
+DSTATUS disk_initialize (
-)
+    BYTE pdrv				/* Physical drive nmuber to identify the drive */
-{
+)
-        static u32 sdmmcInitResult = 4;
+{
-
+    static u32 sdmmcInitResult = 4;
-        if(sdmmcInitResult == 4) sdmmcInitResult = sdmmc_sdcard_init();
+    DSTATUS res = 0;
-
+
-    return ((pdrv == SDCARD && !(sdmmcInitResult & 2)) ||
+    if(sdmmcInitResult == 4)
-            (pdrv == CTRNAND && !(sdmmcInitResult & 1) && !ctrNandInit())) ? 0 : STA_NOINIT;
+        sdmmcInitResult = sdmmc_sdcard_init();
-}
+
-
+    // Check physical drive initialized status
-
+    switch (pdrv)
-
+    {
-/*-----------------------------------------------------------------------*/
+        case SDCARD:
-/* Read Sector(s)                                                        */
+            res = (sdmmcInitResult & 2) == 0 ? 0 : STA_NOINIT;
-/*-----------------------------------------------------------------------*/
+            break;
-
+        case CTRNAND:
-DRESULT disk_read (
+            // Always update CTRNAND parameters when remounting
-    BYTE pdrv,		/* Physical drive nmuber to identify the drive */
+            res = (sdmmcInitResult & 1) == 0 && ctrNandInit() == 0 ? 0 : STA_NOINIT;
-    BYTE *buff,		/* Data buffer to store read data */
+            break;
-    DWORD sector,	/* Sector address in LBA */
+        default:
-    UINT count		/* Number of sectors to read */
+            res = STA_NODISK;
-)
+            break;
-{
+    }
-    return ((pdrv == SDCARD && !sdmmc_sdcard_readsectors(sector, count, buff)) ||
+
-            (pdrv == CTRNAND && !ctrNandRead(sector, count, buff))) ? RES_OK : RES_PARERR;
+    return res;
-}
+}
-
+
-
+
-
+
-/*-----------------------------------------------------------------------*/
+/*-----------------------------------------------------------------------*/
-/* Write Sector(s)                                                       */
+/* Read Sector(s)                                                        */
-/*-----------------------------------------------------------------------*/
+/*-----------------------------------------------------------------------*/
-
+
-#if _USE_WRITE
+DRESULT disk_read (
-DRESULT disk_write (
+    BYTE pdrv,		/* Physical drive nmuber to identify the drive */
-    BYTE pdrv,			/* Physical drive nmuber to identify the drive */
+    BYTE *buff,		/* Data buffer to store read data */
-    const BYTE *buff,       	/* Data to be written */
+    LBA_t sector,	/* Start sector in LBA */
-    DWORD sector,		/* Sector address in LBA */
+    UINT count		/* Number of sectors to read */
-    UINT count			/* Number of sectors to write */
+)
-)
+{
-{
+    DRESULT res = RES_OK;
-    return ((pdrv == SDCARD && (*(vu16 *)(SDMMC_BASE + REG_SDSTATUS0) & TMIO_STAT0_WRPROTECT) != 0 && !sdmmc_sdcard_writesectors(sector, count, buff)) ||
+
-            (pdrv == CTRNAND && !ctrNandWrite(sector, count, buff))) ? RES_OK : RES_PARERR;
+    switch (pdrv)
-}
+    {
-#endif
+        case SDCARD:
-
+            res = sdmmc_sdcard_readsectors(sector, count, buff) == 0 ? RES_OK : RES_PARERR;
-
+            break;
-
+        case CTRNAND:
-/*-----------------------------------------------------------------------*/
+            res = ctrNandRead(sector, count, buff) == 0 ? RES_OK : RES_PARERR;
-/* Miscellaneous Functions                                               */
+            break;
-/*-----------------------------------------------------------------------*/
+        default:
-
+            res = RES_NOTRDY;
-#if _USE_IOCTL
+            break;
-DRESULT disk_ioctl (
+    }
-    __attribute__((unused))
+
-    BYTE pdrv,		/* Physical drive nmuber (0..) */
+    return res;
-    BYTE cmd,		/* Control code */
+}
-    __attribute__((unused))
+
-    void *buff		/* Buffer to send/receive control data */
+
-)
+
-{
+/*-----------------------------------------------------------------------*/
-    return cmd == CTRL_SYNC ? RES_OK : RES_PARERR;
+/* Write Sector(s)                                                       */
-}
+/*-----------------------------------------------------------------------*/
-#endif
+
-
+#if FF_FS_READONLY == 0
-// From GodMode9
+
-#define BCDVALID(b) (((b)<=0x99)&&(((b)&0xF)<=0x9)&&((((b)>>4)&0xF)<=0x9))
+DRESULT disk_write (
-#define BCD2NUM(b)  (BCDVALID(b) ? (((b)&0xF)+((((b)>>4)&0xF)*10)) : 0xFF)
+    BYTE pdrv,			/* Physical drive nmuber to identify the drive */
-#define NUM2BCD(n)  ((n<99) ? (((n/10)*0x10)|(n%10)) : 0x99)
+    const BYTE *buff,	/* Data to be written */
-#define DSTIMEGET(bcd,n) (BCD2NUM((bcd)->n))
+    LBA_t sector,		/* Start sector in LBA */
-
+    UINT count			/* Number of sectors to write */
-// see: http://3dbrew.org/wiki/I2C_Registers#Device_3 (register 30)
+)
-typedef struct DsTime {
+{
-    u8 bcd_s;
+    DRESULT res = RES_OK;
-    u8 bcd_m;
+
-    u8 bcd_h;
+    switch (pdrv)
-    u8 weekday;
+    {
-    u8 bcd_D;
+        case SDCARD:
-    u8 bcd_M;
+        {
-    u8 bcd_Y;
+            if ((*(vu16 *)(SDMMC_BASE + REG_SDSTATUS0) & TMIO_STAT0_WRPROTECT) == 0) // why == 0?
-    u8 leap_count;
+                res = RES_WRPRT;
-} DsTime;
+            else
-
+                res = sdmmc_sdcard_writesectors(sector, count, buff) == 0 ? RES_OK : RES_PARERR;
-/*-----------------------------------------------------------------------*/
+            break;
-/* Get current FAT time                                                  */
+        }
-/*-----------------------------------------------------------------------*/
+        case CTRNAND:
-
+            res = ctrNandWrite(sector, count, buff) == 0 ? RES_OK : RES_PARERR;
-DWORD get_fattime( void ) {
+            break;
-    DsTime dstime;
+        default:
-    I2C_readRegBuf(I2C_DEV_MCU, 0x30, (u8 *)&dstime, sizeof(DsTime));
+            res = RES_NOTRDY;
-    DWORD fattime =
+            break;
-        ((DSTIMEGET(&dstime, bcd_s)&0x3F) >> 1 ) |
+    }
-        ((DSTIMEGET(&dstime, bcd_m)&0x3F) << 5 ) |
+
-        ((DSTIMEGET(&dstime, bcd_h)&0x3F) << 11) |
+    return res;
-        ((DSTIMEGET(&dstime, bcd_D)&0x1F) << 16) |
+}
-        ((DSTIMEGET(&dstime, bcd_M)&0x0F) << 21) |
+#endif
-        (((DSTIMEGET(&dstime, bcd_Y)+(2000-1980))&0x7F) << 25);
+
-    
+
-    return fattime;
+/*-----------------------------------------------------------------------*/
-}
+/* Miscellaneous Functions                                               */
+/*-----------------------------------------------------------------------*/
+
+DRESULT disk_ioctl (
+    BYTE pdrv,		/* Physical drive nmuber (0..) */
+    BYTE cmd,		/* Control code */
+    void *buff		/* Buffer to send/receive control data */
+)
+{
+    (void)pdrv;
+    (void)buff;
+    return cmd == CTRL_SYNC ? RES_OK : RES_PARERR;
+}
+
+// From GodMode9
+#define BCDVALID(b) (((b)<=0x99)&&(((b)&0xF)<=0x9)&&((((b)>>4)&0xF)<=0x9))
+#define BCD2NUM(b)  (BCDVALID(b) ? (((b)&0xF)+((((b)>>4)&0xF)*10)) : 0xFF)
+#define NUM2BCD(n)  ((n<99) ? (((n/10)*0x10)|(n%10)) : 0x99)
+#define DSTIMEGET(bcd,n) (BCD2NUM((bcd)->n))
+
+// see: http://3dbrew.org/wiki/I2C_Registers#Device_3 (register 30)
+typedef struct DsTime {
+    u8 bcd_s;
+    u8 bcd_m;
+    u8 bcd_h;
+    u8 weekday;
+    u8 bcd_D;
+    u8 bcd_M;
+    u8 bcd_Y;
+    u8 leap_count;
+} DsTime;
+
+/*-----------------------------------------------------------------------*/
+/* Get current FAT time                                                  */
+/*-----------------------------------------------------------------------*/
+
+DWORD get_fattime( void ) {
+    DsTime dstime;
+    I2C_readRegBuf(I2C_DEV_MCU, 0x30, (u8 *)&dstime, sizeof(DsTime));
+    DWORD fattime =
+        ((DSTIMEGET(&dstime, bcd_s)&0x3F) >> 1 ) |
+        ((DSTIMEGET(&dstime, bcd_m)&0x3F) << 5 ) |
+        ((DSTIMEGET(&dstime, bcd_h)&0x3F) << 11) |
+        ((DSTIMEGET(&dstime, bcd_D)&0x1F) << 16) |
+        ((DSTIMEGET(&dstime, bcd_M)&0x0F) << 21) |
+        (((DSTIMEGET(&dstime, bcd_Y)+(2000-1980))&0x7F) << 25);
+
+    return fattime;
+}

arm9/source/fatfs/diskio.h

@@ -1,81 +1,77 @@
-/*-----------------------------------------------------------------------/
+/*-----------------------------------------------------------------------/
-/  Low level disk interface modlue include file   (C)ChaN, 2014          /
+/  Low level disk interface modlue include file   (C)ChaN, 2019          /
-/-----------------------------------------------------------------------*/
+/-----------------------------------------------------------------------*/
-
+
-#ifndef _DISKIO_DEFINED
+#ifndef _DISKIO_DEFINED
-#define _DISKIO_DEFINED
+#define _DISKIO_DEFINED
-
+
-#ifdef __cplusplus
+#ifdef __cplusplus
-extern "C" {
+extern "C" {
-#endif
+#endif
-
+
-#define _USE_WRITE	1	/* 1: Enable disk_write function */
+/* Status of Disk Functions */
-#define _USE_IOCTL	1	/* 1: Enable disk_ioctl fucntion */
+typedef BYTE	DSTATUS;
-
+
-#include "integer.h"
+/* Results of Disk Functions */
-
+typedef enum {
-
+	RES_OK = 0,		/* 0: Successful */
-/* Status of Disk Functions */
+	RES_ERROR,		/* 1: R/W Error */
-typedef BYTE	DSTATUS;
+	RES_WRPRT,		/* 2: Write Protected */
-
+	RES_NOTRDY,		/* 3: Not Ready */
-/* Results of Disk Functions */
+	RES_PARERR		/* 4: Invalid Parameter */
-typedef enum {
+} DRESULT;
-	RES_OK = 0,		/* 0: Successful */
+
-	RES_ERROR,		/* 1: R/W Error */
+
-	RES_WRPRT,		/* 2: Write Protected */
+/*---------------------------------------*/
-	RES_NOTRDY,		/* 3: Not Ready */
+/* Prototypes for disk control functions */
-	RES_PARERR		/* 4: Invalid Parameter */
+
-} DRESULT;
+
-
+DSTATUS disk_initialize (BYTE pdrv);
-
+DSTATUS disk_status (BYTE pdrv);
-/*---------------------------------------*/
+DRESULT disk_read (BYTE pdrv, BYTE* buff, LBA_t sector, UINT count);
-/* Prototypes for disk control functions */
+DRESULT disk_write (BYTE pdrv, const BYTE* buff, LBA_t sector, UINT count);
-
+DRESULT disk_ioctl (BYTE pdrv, BYTE cmd, void* buff);
-
+
-DSTATUS disk_initialize (BYTE pdrv);
+
-DSTATUS disk_status (BYTE pdrv);
+/* Disk Status Bits (DSTATUS) */
-DRESULT disk_read (BYTE pdrv, BYTE* buff, DWORD sector, UINT count);
+
-DRESULT disk_write (BYTE pdrv, const BYTE* buff, DWORD sector, UINT count);
+#define STA_NOINIT		0x01	/* Drive not initialized */
-DRESULT disk_ioctl (BYTE pdrv, BYTE cmd, void* buff);
+#define STA_NODISK		0x02	/* No medium in the drive */
-
+#define STA_PROTECT		0x04	/* Write protected */
-DWORD get_fattime( void ); // not a disk control function, but fits here
+
-
+
-/* Disk Status Bits (DSTATUS) */
+/* Command code for disk_ioctrl fucntion */
-
+
-#define STA_NOINIT		0x01	/* Drive not initialized */
+/* Generic command (Used by FatFs) */
-#define STA_NODISK		0x02	/* No medium in the drive */
+#define CTRL_SYNC			0	/* Complete pending write process (needed at FF_FS_READONLY == 0) */
-#define STA_PROTECT		0x04	/* Write protected */
+#define GET_SECTOR_COUNT	1	/* Get media size (needed at FF_USE_MKFS == 1) */
-
+#define GET_SECTOR_SIZE		2	/* Get sector size (needed at FF_MAX_SS != FF_MIN_SS) */
-
+#define GET_BLOCK_SIZE		3	/* Get erase block size (needed at FF_USE_MKFS == 1) */
-/* Command code for disk_ioctrl fucntion */
+#define CTRL_TRIM			4	/* Inform device that the data on the block of sectors is no longer used (needed at FF_USE_TRIM == 1) */
-
+
-/* Generic command (Used by FatFs) */
+/* Generic command (Not used by FatFs) */
-#define CTRL_SYNC			0	/* Complete pending write process (needed at _FS_READONLY == 0) */
+#define CTRL_POWER			5	/* Get/Set power status */
-#define GET_SECTOR_COUNT	1	/* Get media size (needed at _USE_MKFS == 1) */
+#define CTRL_LOCK			6	/* Lock/Unlock media removal */
-#define GET_SECTOR_SIZE		2	/* Get sector size (needed at _MAX_SS != _MIN_SS) */
+#define CTRL_EJECT			7	/* Eject media */
-#define GET_BLOCK_SIZE		3	/* Get erase block size (needed at _USE_MKFS == 1) */
+#define CTRL_FORMAT			8	/* Create physical format on the media */
-#define CTRL_TRIM			4	/* Inform device that the data on the block of sectors is no longer used (needed at _USE_TRIM == 1) */
+
-
+/* MMC/SDC specific ioctl command */
-/* Generic command (Not used by FatFs) */
+#define MMC_GET_TYPE		10	/* Get card type */
-#define CTRL_POWER			5	/* Get/Set power status */
+#define MMC_GET_CSD			11	/* Get CSD */
-#define CTRL_LOCK			6	/* Lock/Unlock media removal */
+#define MMC_GET_CID			12	/* Get CID */
-#define CTRL_EJECT			7	/* Eject media */
+#define MMC_GET_OCR			13	/* Get OCR */
-#define CTRL_FORMAT			8	/* Create physical format on the media */
+#define MMC_GET_SDSTAT		14	/* Get SD status */
-
+#define ISDIO_READ			55	/* Read data form SD iSDIO register */
-/* MMC/SDC specific ioctl command */
+#define ISDIO_WRITE			56	/* Write data to SD iSDIO register */
-#define MMC_GET_TYPE		10	/* Get card type */
+#define ISDIO_MRITE			57	/* Masked write data to SD iSDIO register */
-#define MMC_GET_CSD			11	/* Get CSD */
+
-#define MMC_GET_CID			12	/* Get CID */
+/* ATA/CF specific ioctl command */
-#define MMC_GET_OCR			13	/* Get OCR */
+#define ATA_GET_REV			20	/* Get F/W revision */
-#define MMC_GET_SDSTAT		14	/* Get SD status */
+#define ATA_GET_MODEL		21	/* Get model name */
-
+#define ATA_GET_SN			22	/* Get serial number */
-/* ATA/CF specific ioctl command */
+
-#define ATA_GET_REV			20	/* Get F/W revision */
+#ifdef __cplusplus
-#define ATA_GET_MODEL		21	/* Get model name */
+}
-#define ATA_GET_SN			22	/* Get serial number */
+#endif
-
+
-#ifdef __cplusplus
+#endif
-}
-#endif
-
-#endif

arm9/source/fatfs/ff.h

@@ -1,8 +1,8 @@
 /*----------------------------------------------------------------------------/
-/  FatFs - Generic FAT Filesystem module  R0.13c                              /
+/  FatFs - Generic FAT Filesystem module  R0.15                               /
 /-----------------------------------------------------------------------------/
 /
-/ Copyright (C) 2018, ChaN, all right reserved.
+/ Copyright (C) 2022, ChaN, all right reserved.
 /
 / FatFs module is an open source software. Redistribution and use of FatFs in
 / source and binary forms, with or without modification, are permitted provided
@@ -20,7 +20,7 @@
 
 
 #ifndef FF_DEFINED
-#define FF_DEFINED	86604	/* Revision ID */
+#define FF_DEFINED	80286	/* Revision ID */
 
 #ifdef __cplusplus
 extern "C" {
@@ -35,51 +35,57 @@ extern "C" {
 
 /* Integer types used for FatFs API */
 
-#if defined(_WIN32)	/* Main development platform */
+#if defined(_WIN32)		/* Windows VC++ (for development only) */
 #define FF_INTDEF 2
 #include <windows.h>
 typedef unsigned __int64 QWORD;
+#include <float.h>
+#define isnan(v) _isnan(v)
+#define isinf(v) (!_finite(v))
+
 #elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || defined(__cplusplus)	/* C99 or later */
 #define FF_INTDEF 2
 #include <stdint.h>
 typedef unsigned int	UINT;	/* int must be 16-bit or 32-bit */
 typedef unsigned char	BYTE;	/* char must be 8-bit */
 typedef uint16_t		WORD;	/* 16-bit unsigned integer */
-typedef uint16_t		WCHAR;	/* 16-bit unsigned integer */
 typedef uint32_t		DWORD;	/* 32-bit unsigned integer */
 typedef uint64_t		QWORD;	/* 64-bit unsigned integer */
+typedef WORD			WCHAR;	/* UTF-16 character type */
+
 #else  	/* Earlier than C99 */
 #define FF_INTDEF 1
 typedef unsigned int	UINT;	/* int must be 16-bit or 32-bit */
 typedef unsigned char	BYTE;	/* char must be 8-bit */
 typedef unsigned short	WORD;	/* 16-bit unsigned integer */
-typedef unsigned short	WCHAR;	/* 16-bit unsigned integer */
 typedef unsigned long	DWORD;	/* 32-bit unsigned integer */
+typedef WORD			WCHAR;	/* UTF-16 character type */
 #endif
 
 
-/* Definitions of volume management */
+/* Type of file size and LBA variables */
 
-#if FF_MULTI_PARTITION		/* Multiple partition configuration */
+#if FF_FS_EXFAT
-typedef struct {
+#if FF_INTDEF != 2
-	BYTE pd;	/* Physical drive number */
+#error exFAT feature wants C99 or later
-	BYTE pt;	/* Partition: 0:Auto detect, 1-4:Forced partition) */
-} PARTITION;
-extern PARTITION VolToPart[];	/* Volume - Partition resolution table */
 #endif
-
+typedef QWORD FSIZE_t;
-#if FF_STR_VOLUME_ID
+#if FF_LBA64
-#ifndef FF_VOLUME_STRS
+typedef QWORD LBA_t;
-extern const char* VolumeStr[FF_VOLUMES];	/* User defied volume ID */
+#else
+typedef DWORD LBA_t;
 #endif
+#else
+#if FF_LBA64
+#error exFAT needs to be enabled when enable 64-bit LBA
+#endif
+typedef DWORD FSIZE_t;
+typedef DWORD LBA_t;
 #endif
 
 
 
-/* Type of path name strings on FatFs API */
+/* Type of path name strings on FatFs API (TCHAR) */
-
-#ifndef _INC_TCHAR
-#define _INC_TCHAR
 
 #if FF_USE_LFN && FF_LFN_UNICODE == 1 	/* Unicode in UTF-16 encoding */
 typedef WCHAR TCHAR;
@@ -101,19 +107,22 @@ typedef char TCHAR;
 #define _TEXT(x) x
 #endif
 
+
+
+/* Definitions of volume management */
+
+#if FF_MULTI_PARTITION		/* Multiple partition configuration */
+typedef struct {
+	BYTE pd;	/* Physical drive number */
+	BYTE pt;	/* Partition: 0:Auto detect, 1-4:Forced partition) */
+} PARTITION;
+extern PARTITION VolToPart[];	/* Volume - Partition mapping table */
 #endif
 
-
+#if FF_STR_VOLUME_ID
-
+#ifndef FF_VOLUME_STRS
-/* Type of file size variables */
+extern const char* VolumeStr[FF_VOLUMES];	/* User defied volume ID */
-
-#if FF_FS_EXFAT
-#if FF_INTDEF != 2
-#error exFAT feature wants C99 or later
 #endif
-typedef QWORD FSIZE_t;
-#else
-typedef DWORD FSIZE_t;
 #endif
 
 
@@ -122,10 +131,11 @@ typedef DWORD FSIZE_t;
 
 typedef struct {
 	BYTE	fs_type;		/* Filesystem type (0:not mounted) */
-	BYTE	pdrv;			/* Associated physical drive */
+	BYTE	pdrv;			/* Volume hosting physical drive */
+	BYTE	ldrv;			/* Logical drive number (used only when FF_FS_REENTRANT) */
 	BYTE	n_fats;			/* Number of FATs (1 or 2) */
-	BYTE	wflag;			/* win[] flag (b0:dirty) */
+	BYTE	wflag;			/* win[] status (b0:dirty) */
-	BYTE	fsi_flag;		/* FSINFO flags (b7:disabled, b0:dirty) */
+	BYTE	fsi_flag;		/* FSINFO status (b7:disabled, b0:dirty) */
 	WORD	id;				/* Volume mount ID */
 	WORD	n_rootdir;		/* Number of root directory entries (FAT12/16) */
 	WORD	csize;			/* Cluster size [sectors] */
@@ -138,9 +148,6 @@ typedef struct {
 #if FF_FS_EXFAT
 	BYTE*	dirbuf;			/* Directory entry block scratchpad buffer for exFAT */
 #endif
-#if FF_FS_REENTRANT
-	FF_SYNC_t	sobj;		/* Identifier of sync object */
-#endif
 #if !FF_FS_READONLY
 	DWORD	last_clst;		/* Last allocated cluster */
 	DWORD	free_clst;		/* Number of free clusters */
@@ -154,15 +161,15 @@ typedef struct {
 #endif
 #endif
 	DWORD	n_fatent;		/* Number of FAT entries (number of clusters + 2) */
-	DWORD	fsize;			/* Size of an FAT [sectors] */
+	DWORD	fsize;			/* Number of sectors per FAT */
-	DWORD	volbase;		/* Volume base sector */
+	LBA_t	volbase;		/* Volume base sector */
-	DWORD	fatbase;		/* FAT base sector */
+	LBA_t	fatbase;		/* FAT base sector */
-	DWORD	dirbase;		/* Root directory base sector/cluster */
+	LBA_t	dirbase;		/* Root directory base sector (FAT12/16) or cluster (FAT32/exFAT) */
-	DWORD	database;		/* Data base sector */
+	LBA_t	database;		/* Data base sector */
 #if FF_FS_EXFAT
-	DWORD	bitbase;		/* Allocation bitmap base sector */
+	LBA_t	bitbase;		/* Allocation bitmap base sector */
 #endif
-	DWORD	winsect;		/* Current sector appearing in the win[] */
+	LBA_t	winsect;		/* Current sector appearing in the win[] */
 	BYTE	win[FF_MAX_SS];	/* Disk access window for Directory, FAT (and file data at tiny cfg) */
 } FATFS;
 
@@ -172,7 +179,7 @@ typedef struct {
 
 typedef struct {
 	FATFS*	fs;				/* Pointer to the hosting volume of this object */
-	WORD	id;				/* Hosting volume mount ID */
+	WORD	id;				/* Hosting volume's mount ID */
 	BYTE	attr;			/* Object attribute */
 	BYTE	stat;			/* Object chain status (b1-0: =0:not contiguous, =2:contiguous, =3:fragmented in this session, b2:sub-directory stretched) */
 	DWORD	sclust;			/* Object data start cluster (0:no cluster or root directory) */
@@ -199,9 +206,9 @@ typedef struct {
 	BYTE	err;			/* Abort flag (error code) */
 	FSIZE_t	fptr;			/* File read/write pointer (Zeroed on file open) */
 	DWORD	clust;			/* Current cluster of fpter (invalid when fptr is 0) */
-	DWORD	sect;			/* Sector number appearing in buf[] (0:invalid) */
+	LBA_t	sect;			/* Sector number appearing in buf[] (0:invalid) */
 #if !FF_FS_READONLY
-	DWORD	dir_sect;		/* Sector number containing the directory entry (not used at exFAT) */
+	LBA_t	dir_sect;		/* Sector number containing the directory entry (not used at exFAT) */
 	BYTE*	dir_ptr;		/* Pointer to the directory entry in the win[] (not used at exFAT) */
 #endif
 #if FF_USE_FASTSEEK
@@ -220,7 +227,7 @@ typedef struct {
 	FFOBJID	obj;			/* Object identifier */
 	DWORD	dptr;			/* Current read/write offset */
 	DWORD	clust;			/* Current cluster */
-	DWORD	sect;			/* Current sector (0:Read operation has terminated) */
+	LBA_t	sect;			/* Current sector (0:Read operation has terminated) */
 	BYTE*	dir;			/* Pointer to the directory item in the win[] */
 	BYTE	fn[12];			/* SFN (in/out) {body[8],ext[3],status[1]} */
 #if FF_USE_LFN
@@ -241,7 +248,7 @@ typedef struct {
 	WORD	ftime;			/* Modified time */
 	BYTE	fattrib;		/* File attribute */
 #if FF_USE_LFN
-	TCHAR	altname[FF_SFN_BUF + 1];/* Altenative file name */
+	TCHAR	altname[FF_SFN_BUF + 1];/* Alternative file name */
 	TCHAR	fname[FF_LFN_BUF + 1];	/* Primary file name */
 #else
 	TCHAR	fname[12 + 1];	/* File name */
@@ -250,6 +257,18 @@ typedef struct {
 
 
 
+/* Format parameter structure (MKFS_PARM) */
+
+typedef struct {
+	BYTE fmt;			/* Format option (FM_FAT, FM_FAT32, FM_EXFAT and FM_SFD) */
+	BYTE n_fat;			/* Number of FATs */
+	UINT align;			/* Data area alignment (sector) */
+	UINT n_root;		/* Number of root directory entries */
+	DWORD au_size;		/* Cluster size (byte) */
+} MKFS_PARM;
+
+
+
 /* File function return code (FRESULT) */
 
 typedef enum {
@@ -277,8 +296,10 @@ typedef enum {
 
 
 
+
+/*--------------------------------------------------------------*/
+/* FatFs Module Application Interface                           */
 /*--------------------------------------------------------------*/
-/* FatFs module application interface                           */
 
 FRESULT f_open (FIL* fp, const TCHAR* path, BYTE mode);				/* Open or create a file */
 FRESULT f_close (FIL* fp);											/* Close an open file object */
@@ -305,16 +326,18 @@ FRESULT f_getfree (const TCHAR* path, DWORD* nclst, FATFS** fatfs);	/* Get numbe
 FRESULT f_getlabel (const TCHAR* path, TCHAR* label, DWORD* vsn);	/* Get volume label */
 FRESULT f_setlabel (const TCHAR* label);							/* Set volume label */
 FRESULT f_forward (FIL* fp, UINT(*func)(const BYTE*,UINT), UINT btf, UINT* bf);	/* Forward data to the stream */
-FRESULT f_expand (FIL* fp, FSIZE_t szf, BYTE opt);					/* Allocate a contiguous block to the file */
+FRESULT f_expand (FIL* fp, FSIZE_t fsz, BYTE opt);					/* Allocate a contiguous block to the file */
 FRESULT f_mount (FATFS* fs, const TCHAR* path, BYTE opt);			/* Mount/Unmount a logical drive */
-FRESULT f_mkfs (const TCHAR* path, BYTE opt, DWORD au, void* work, UINT len);	/* Create a FAT volume */
+FRESULT f_mkfs (const TCHAR* path, const MKFS_PARM* opt, void* work, UINT len);	/* Create a FAT volume */
-FRESULT f_fdisk (BYTE pdrv, const DWORD* szt, void* work);			/* Divide a physical drive into some partitions */
+FRESULT f_fdisk (BYTE pdrv, const LBA_t ptbl[], void* work);		/* Divide a physical drive into some partitions */
 FRESULT f_setcp (WORD cp);											/* Set current code page */
 int f_putc (TCHAR c, FIL* fp);										/* Put a character to the file */
 int f_puts (const TCHAR* str, FIL* cp);								/* Put a string to the file */
 int f_printf (FIL* fp, const TCHAR* str, ...);						/* Put a formatted string to the file */
 TCHAR* f_gets (TCHAR* buff, int len, FIL* fp);						/* Get a string from the file */
 
+/* Some API fucntions are implemented as macro */
+
 #define f_eof(fp) ((int)((fp)->fptr == (fp)->obj.objsize))
 #define f_error(fp) ((fp)->err)
 #define f_tell(fp) ((fp)->fptr)
@@ -324,46 +347,47 @@ TCHAR* f_gets (TCHAR* buff, int len, FIL* fp);						/* Get a string from the fil
 #define f_rmdir(path) f_unlink(path)
 #define f_unmount(path) f_mount(0, path, 0)
 
-#ifndef EOF
-#define EOF (-1)
-#endif
-
 
 
 
 /*--------------------------------------------------------------*/
-/* Additional user defined functions                            */
+/* Additional Functions                                         */
+/*--------------------------------------------------------------*/
 
-/* RTC function */
+/* RTC function (provided by user) */
 #if !FF_FS_READONLY && !FF_FS_NORTC
-DWORD get_fattime (void);
+DWORD get_fattime (void);	/* Get current time */
 #endif
 
-/* LFN support functions */
+
-#if FF_USE_LFN >= 1						/* Code conversion (defined in unicode.c) */
+/* LFN support functions (defined in ffunicode.c) */
+
+#if FF_USE_LFN >= 1
 WCHAR ff_oem2uni (WCHAR oem, WORD cp);	/* OEM code to Unicode conversion */
 WCHAR ff_uni2oem (DWORD uni, WORD cp);	/* Unicode to OEM code conversion */
 DWORD ff_wtoupper (DWORD uni);			/* Unicode upper-case conversion */
 #endif
-#if FF_USE_LFN == 3						/* Dynamic memory allocation */
-void* ff_memalloc (UINT msize);			/* Allocate memory block */
-void ff_memfree (void* mblock);			/* Free memory block */
-#endif
 
-/* Sync functions */
+
-#if FF_FS_REENTRANT
+/* O/S dependent functions (samples available in ffsystem.c) */
-int ff_cre_syncobj (BYTE vol, FF_SYNC_t* sobj);	/* Create a sync object */
+
-int ff_req_grant (FF_SYNC_t sobj);		/* Lock sync object */
+#if FF_USE_LFN == 3		/* Dynamic memory allocation */
-void ff_rel_grant (FF_SYNC_t sobj);		/* Unlock sync object */
+void* ff_memalloc (UINT msize);		/* Allocate memory block */
-int ff_del_syncobj (FF_SYNC_t sobj);	/* Delete a sync object */
+void ff_memfree (void* mblock);		/* Free memory block */
+#endif
+#if FF_FS_REENTRANT	/* Sync functions */
+int ff_mutex_create (int vol);		/* Create a sync object */
+void ff_mutex_delete (int vol);		/* Delete a sync object */
+int ff_mutex_take (int vol);		/* Lock sync object */
+void ff_mutex_give (int vol);		/* Unlock sync object */
 #endif
 
 
 
 
 /*--------------------------------------------------------------*/
-/* Flags and offset address                                     */
+/* Flags and Offset Address                                     */
-
+/*--------------------------------------------------------------*/
 
 /* File access mode and open method flags (3rd argument of f_open) */
 #define	FA_READ				0x01

arm9/source/fatfs/ffconf.h

@@ -1,8 +1,8 @@
 /*---------------------------------------------------------------------------/
-/  FatFs Functional Configurations
+/  Configurations of FatFs Module
 /---------------------------------------------------------------------------*/
 
-#define FFCONF_DEF	86604	/* Revision ID */
+#define FFCONF_DEF	80286	/* Revision ID */
 
 /*---------------------------------------------------------------------------/
 / Function Configurations
@@ -25,14 +25,6 @@
 /   3: f_lseek() function is removed in addition to 2. */
 
 
-#define FF_USE_STRFUNC	0
-/* This option switches string functions, f_gets(), f_putc(), f_puts() and f_printf().
-/
-/  0: Disable string functions.
-/  1: Enable without LF-CRLF conversion.
-/  2: Enable with LF-CRLF conversion. */
-
-
 #define FF_USE_FIND		1
 /* This option switches filtered directory read functions, f_findfirst() and
 /  f_findnext(). (0:Disable, 1:Enable 2:Enable with matching altname[] too) */
@@ -64,6 +56,30 @@
 /* This option switches f_forward() function. (0:Disable or 1:Enable) */
 
 
+#define FF_USE_STRFUNC	0
+#define FF_PRINT_LLI	1
+#define FF_PRINT_FLOAT	1
+#define FF_STRF_ENCODE	3
+/* FF_USE_STRFUNC switches string functions, f_gets(), f_putc(), f_puts() and
+/  f_printf().
+/
+/   0: Disable. FF_PRINT_LLI, FF_PRINT_FLOAT and FF_STRF_ENCODE have no effect.
+/   1: Enable without LF-CRLF conversion.
+/   2: Enable with LF-CRLF conversion.
+/
+/  FF_PRINT_LLI = 1 makes f_printf() support long long argument and FF_PRINT_FLOAT = 1/2
+/  makes f_printf() support floating point argument. These features want C99 or later.
+/  When FF_LFN_UNICODE >= 1 with LFN enabled, string functions convert the character
+/  encoding in it. FF_STRF_ENCODE selects assumption of character encoding ON THE FILE
+/  to be read/written via those functions.
+/
+/   0: ANSI/OEM in current CP
+/   1: Unicode in UTF-16LE
+/   2: Unicode in UTF-16BE
+/   3: Unicode in UTF-8
+*/
+
+
 /*---------------------------------------------------------------------------/
 / Locale and Namespace Configurations
 /---------------------------------------------------------------------------*/
@@ -102,7 +118,7 @@
 /* The FF_USE_LFN switches the support for LFN (long file name).
 /
 /   0: Disable LFN. FF_MAX_LFN has no effect.
-/   1: Enable LFN with static working buffer on the BSS. Always NOT thread-safe.
+/   1: Enable LFN with static  working buffer on the BSS. Always NOT thread-safe.
 /   2: Enable LFN with dynamic working buffer on the STACK.
 /   3: Enable LFN with dynamic working buffer on the HEAP.
 /
@@ -110,11 +126,11 @@
 /  requiers certain internal working buffer occupies (FF_MAX_LFN + 1) * 2 bytes and
 /  additional (FF_MAX_LFN + 44) / 15 * 32 bytes when exFAT is enabled.
 /  The FF_MAX_LFN defines size of the working buffer in UTF-16 code unit and it can
-/  be in range of 12 to 255. It is recommended to be set 255 to fully support LFN
+/  be in range of 12 to 255. It is recommended to be set it 255 to fully support LFN
 /  specification.
 /  When use stack for the working buffer, take care on stack overflow. When use heap
 /  memory for the working buffer, memory management functions, ff_memalloc() and
-/  ff_memfree() in ffsystem.c, need to be added to the project. */
+/  ff_memfree() exemplified in ffsystem.c, need to be added to the project. */
 
 
 #define FF_LFN_UNICODE	2
@@ -137,19 +153,6 @@
 /  on character encoding. When LFN is not enabled, these options have no effect. */
 
 
-#define FF_STRF_ENCODE	3
-/* When FF_LFN_UNICODE >= 1 with LFN enabled, string I/O functions, f_gets(),
-/  f_putc(), f_puts and f_printf() convert the character encoding in it.
-/  This option selects assumption of character encoding ON THE FILE to be
-/  read/written via those functions.
-/
-/   0: ANSI/OEM in current CP
-/   1: Unicode in UTF-16LE
-/   2: Unicode in UTF-16BE
-/   3: Unicode in UTF-8
-*/
-
-
 #define FF_FS_RPATH		1
 /* This option configures support for relative path.
 /
@@ -167,15 +170,15 @@
 /* Number of volumes (logical drives) to be used. (1-10) */
 
 
-#define FF_STR_VOLUME_ID	0
+#define FF_STR_VOLUME_ID	1
-#define FF_VOLUME_STRS		"RAM","NAND","CF","SD","SD2","USB","USB2","USB3"
+#define FF_VOLUME_STRS		"sdmc", "nand"
 /* FF_STR_VOLUME_ID switches support for volume ID in arbitrary strings.
 /  When FF_STR_VOLUME_ID is set to 1 or 2, arbitrary strings can be used as drive
 /  number in the path name. FF_VOLUME_STRS defines the volume ID strings for each
 /  logical drives. Number of items must not be less than FF_VOLUMES. Valid
 /  characters for the volume ID strings are A-Z, a-z and 0-9, however, they are
 /  compared in case-insensitive. If FF_STR_VOLUME_ID >= 1 and FF_VOLUME_STRS is
-/  not defined, a user defined volume string table needs to be defined as:
+/  not defined, a user defined volume string table is needed as:
 /
 /  const char* VolumeStr[FF_VOLUMES] = {"ram","flash","sd","usb",...
 */
@@ -187,37 +190,35 @@
 /  number and only an FAT volume found on the physical drive will be mounted.
 /  When this function is enabled (1), each logical drive number can be bound to
 /  arbitrary physical drive and partition listed in the VolToPart[]. Also f_fdisk()
-/  funciton will be available. */
+/  function will be available. */
 
 
 #define FF_MIN_SS		512
 #define FF_MAX_SS		512
 /* This set of options configures the range of sector size to be supported. (512,
 /  1024, 2048 or 4096) Always set both 512 for most systems, generic memory card and
-/  harddisk. But a larger value may be required for on-board flash memory and some
+/  harddisk, but a larger value may be required for on-board flash memory and some
 /  type of optical media. When FF_MAX_SS is larger than FF_MIN_SS, FatFs is configured
 /  for variable sector size mode and disk_ioctl() function needs to implement
 /  GET_SECTOR_SIZE command. */
 
 
+#define FF_LBA64		0
+/* This option switches support for 64-bit LBA. (0:Disable or 1:Enable)
+/  To enable the 64-bit LBA, also exFAT needs to be enabled. (FF_FS_EXFAT == 1) */
+
+
+#define FF_MIN_GPT		0x10000000
+/* Minimum number of sectors to switch GPT as partitioning format in f_mkfs and
+/  f_fdisk function. 0x100000000 max. This option has no effect when FF_LBA64 == 0. */
+
+
 #define FF_USE_TRIM		0
 /* This option switches support for ATA-TRIM. (0:Disable or 1:Enable)
 /  To enable Trim function, also CTRL_TRIM command should be implemented to the
 /  disk_ioctl() function. */
 
 
-#define FF_FS_NOFSINFO	0
-/* If you need to know correct free space on the FAT32 volume, set bit 0 of this
-/  option, and f_getfree() function at first time after volume mount will force
-/  a full FAT scan. Bit 1 controls the use of last allocated cluster number.
-/
-/  bit0=0: Use free cluster count in the FSINFO if available.
-/  bit0=1: Do not trust free cluster count in the FSINFO.
-/  bit1=0: Use last allocated cluster number in the FSINFO if available.
-/  bit1=1: Do not trust last allocated cluster number in the FSINFO.
-*/
-
-
 
 /*---------------------------------------------------------------------------/
 / System Configurations
@@ -239,15 +240,27 @@
 #define FF_FS_NORTC		0
 #define FF_NORTC_MON	1
 #define FF_NORTC_MDAY	1
-#define FF_NORTC_YEAR	2019
+#define FF_NORTC_YEAR	2022
-/* The option FF_FS_NORTC switches timestamp functiton. If the system does not have
+/* The option FF_FS_NORTC switches timestamp feature. If the system does not have
-/  any RTC function or valid timestamp is not needed, set FF_FS_NORTC = 1 to disable
+/  an RTC or valid timestamp is not needed, set FF_FS_NORTC = 1 to disable the
-/  the timestamp function. Every object modified by FatFs will have a fixed timestamp
+/  timestamp feature. Every object modified by FatFs will have a fixed timestamp
 /  defined by FF_NORTC_MON, FF_NORTC_MDAY and FF_NORTC_YEAR in local time.
 /  To enable timestamp function (FF_FS_NORTC = 0), get_fattime() function need to be
 /  added to the project to read current time form real-time clock. FF_NORTC_MON,
 /  FF_NORTC_MDAY and FF_NORTC_YEAR have no effect.
-/  These options have no effect at read-only configuration (FF_FS_READONLY = 1). */
+/  These options have no effect in read-only configuration (FF_FS_READONLY = 1). */
+
+
+#define FF_FS_NOFSINFO	0
+/* If you need to know correct free space on the FAT32 volume, set bit 0 of this
+/  option, and f_getfree() function at the first time after volume mount will force
+/  a full FAT scan. Bit 1 controls the use of last allocated cluster number.
+/
+/  bit0=0: Use free cluster count in the FSINFO if available.
+/  bit0=1: Do not trust free cluster count in the FSINFO.
+/  bit1=0: Use last allocated cluster number in the FSINFO if available.
+/  bit1=1: Do not trust last allocated cluster number in the FSINFO.
+*/
 
 
 #define FF_FS_LOCK		0
@@ -262,26 +275,21 @@
 /      lock control is independent of re-entrancy. */
 
 
-/* #include <somertos.h>	// O/S definitions */
 #define FF_FS_REENTRANT	0
 #define FF_FS_TIMEOUT	1000
-#define FF_SYNC_t		HANDLE
 /* The option FF_FS_REENTRANT switches the re-entrancy (thread safe) of the FatFs
 /  module itself. Note that regardless of this option, file access to different
 /  volume is always re-entrant and volume control functions, f_mount(), f_mkfs()
 /  and f_fdisk() function, are always not re-entrant. Only file/directory access
-/  to the same volume is under control of this function.
+/  to the same volume is under control of this featuer.
 /
-/   0: Disable re-entrancy. FF_FS_TIMEOUT and FF_SYNC_t have no effect.
+/   0: Disable re-entrancy. FF_FS_TIMEOUT have no effect.
 /   1: Enable re-entrancy. Also user provided synchronization handlers,
-/      ff_req_grant(), ff_rel_grant(), ff_del_syncobj() and ff_cre_syncobj()
+/      ff_mutex_create(), ff_mutex_delete(), ff_mutex_take() and ff_mutex_give()
-/      function, must be added to the project. Samples are available in
+/      function, must be added to the project. Samples are available in ffsystem.c.
-/      option/syscall.c.
 /
-/  The FF_FS_TIMEOUT defines timeout period in unit of time tick.
+/  The FF_FS_TIMEOUT defines timeout period in unit of O/S time tick.
-/  The FF_SYNC_t defines O/S dependent sync object type. e.g. HANDLE, ID, OS_EVENT*,
+*/
-/  SemaphoreHandle_t and etc. A header file for O/S definitions needs to be
-/  included somewhere in the scope of ff.h. */
 
 
 

arm9/source/fatfs/ffsystem.c

@@ -1,170 +1,208 @@
 /*------------------------------------------------------------------------*/
-/* Sample Code of OS Dependent Functions for FatFs                        */
+/* A Sample Code of User Provided OS Dependent Functions for FatFs        */
-/* (C)ChaN, 2018                                                          */
 /*------------------------------------------------------------------------*/
 
-
 #include "ff.h"
 
 
-#if FF_USE_LFN == 3	/* Dynamic memory allocation */
+#if FF_USE_LFN == 3	/* Use dynamic memory allocation */
 
 /*------------------------------------------------------------------------*/
-/* Allocate a memory block                                                */
+/* Allocate/Free a Memory Block                                           */
 /*------------------------------------------------------------------------*/
 
+#include <stdlib.h>		/* with POSIX API */
+
+
 void* ff_memalloc (	/* Returns pointer to the allocated memory block (null if not enough core) */
 	UINT msize		/* Number of bytes to allocate */
 )
 {
-	return malloc(msize);	/* Allocate a new memory block with POSIX API */
+	return malloc((size_t)msize);	/* Allocate a new memory block */
 }
 
 
-/*------------------------------------------------------------------------*/
-/* Free a memory block                                                    */
-/*------------------------------------------------------------------------*/
-
 void ff_memfree (
-	void* mblock	/* Pointer to the memory block to free (nothing to do if null) */
+	void* mblock	/* Pointer to the memory block to free (no effect if null) */
 )
 {
-	free(mblock);	/* Free the memory block with POSIX API */
+	free(mblock);	/* Free the memory block */
 }
 
 #endif
 
 
 
+
 #if FF_FS_REENTRANT	/* Mutal exclusion */
-
 /*------------------------------------------------------------------------*/
-/* Create a Synchronization Object                                        */
+/* Definitions of Mutex                                                   */
 /*------------------------------------------------------------------------*/
-/* This function is called in f_mount() function to create a new
-/  synchronization object for the volume, such as semaphore and mutex.
-/  When a 0 is returned, the f_mount() function fails with FR_INT_ERR.
-*/
 
-//const osMutexDef_t Mutex[FF_VOLUMES];	/* Table of CMSIS-RTOS mutex */
+#define OS_TYPE	0	/* 0:Win32, 1:uITRON4.0, 2:uC/OS-II, 3:FreeRTOS, 4:CMSIS-RTOS */
 
 
-int ff_cre_syncobj (	/* 1:Function succeeded, 0:Could not create the sync object */
+#if   OS_TYPE == 0	/* Win32 */
-	BYTE vol,			/* Corresponding volume (logical drive number) */
+#include <windows.h>
-	FF_SYNC_t* sobj		/* Pointer to return the created sync object */
+static HANDLE Mutex[FF_VOLUMES + 1];	/* Table of mutex handle */
-)
-{
-	/* Win32 */
-	*sobj = CreateMutex(NULL, FALSE, NULL);
-	return (int)(*sobj != INVALID_HANDLE_VALUE);
 
-	/* uITRON */
+#elif OS_TYPE == 1	/* uITRON */
-//	T_CSEM csem = {TA_TPRI,1,1};
+#include "itron.h"
-//	*sobj = acre_sem(&csem);
+#include "kernel.h"
-//	return (int)(*sobj > 0);
+static mtxid Mutex[FF_VOLUMES + 1];		/* Table of mutex ID */
 
-	/* uC/OS-II */
+#elif OS_TYPE == 2	/* uc/OS-II */
-//	OS_ERR err;
+#include "includes.h"
-//	*sobj = OSMutexCreate(0, &err);
+static OS_EVENT *Mutex[FF_VOLUMES + 1];	/* Table of mutex pinter */
-//	return (int)(err == OS_NO_ERR);
 
-	/* FreeRTOS */
+#elif OS_TYPE == 3	/* FreeRTOS */
-//	*sobj = xSemaphoreCreateMutex();
+#include "FreeRTOS.h"
-//	return (int)(*sobj != NULL);
+#include "semphr.h"
+static SemaphoreHandle_t Mutex[FF_VOLUMES + 1];	/* Table of mutex handle */
 
-	/* CMSIS-RTOS */
+#elif OS_TYPE == 4	/* CMSIS-RTOS */
-//	*sobj = osMutexCreate(&Mutex[vol]);
+#include "cmsis_os.h"
-//	return (int)(*sobj != NULL);
+static osMutexId Mutex[FF_VOLUMES + 1];	/* Table of mutex ID */
-}
-
-
-/*------------------------------------------------------------------------*/
-/* Delete a Synchronization Object                                        */
-/*------------------------------------------------------------------------*/
-/* This function is called in f_mount() function to delete a synchronization
-/  object that created with ff_cre_syncobj() function. When a 0 is returned,
-/  the f_mount() function fails with FR_INT_ERR.
-*/
-
-int ff_del_syncobj (	/* 1:Function succeeded, 0:Could not delete due to an error */
-	FF_SYNC_t sobj		/* Sync object tied to the logical drive to be deleted */
-)
-{
-	/* Win32 */
-	return (int)CloseHandle(sobj);
-
-	/* uITRON */
-//	return (int)(del_sem(sobj) == E_OK);
-
-	/* uC/OS-II */
-//	OS_ERR err;
-//	OSMutexDel(sobj, OS_DEL_ALWAYS, &err);
-//	return (int)(err == OS_NO_ERR);
-
-	/* FreeRTOS */
-//  vSemaphoreDelete(sobj);
-//	return 1;
-
-	/* CMSIS-RTOS */
-//	return (int)(osMutexDelete(sobj) == osOK);
-}
-
-
-/*------------------------------------------------------------------------*/
-/* Request Grant to Access the Volume                                     */
-/*------------------------------------------------------------------------*/
-/* This function is called on entering file functions to lock the volume.
-/  When a 0 is returned, the file function fails with FR_TIMEOUT.
-*/
-
-int ff_req_grant (	/* 1:Got a grant to access the volume, 0:Could not get a grant */
-	FF_SYNC_t sobj	/* Sync object to wait */
-)
-{
-	/* Win32 */
-	return (int)(WaitForSingleObject(sobj, FF_FS_TIMEOUT) == WAIT_OBJECT_0);
-
-	/* uITRON */
-//	return (int)(wai_sem(sobj) == E_OK);
-
-	/* uC/OS-II */
-//	OS_ERR err;
-//	OSMutexPend(sobj, FF_FS_TIMEOUT, &err));
-//	return (int)(err == OS_NO_ERR);
-
-	/* FreeRTOS */
-//	return (int)(xSemaphoreTake(sobj, FF_FS_TIMEOUT) == pdTRUE);
-
-	/* CMSIS-RTOS */
-//	return (int)(osMutexWait(sobj, FF_FS_TIMEOUT) == osOK);
-}
-
-
-/*------------------------------------------------------------------------*/
-/* Release Grant to Access the Volume                                     */
-/*------------------------------------------------------------------------*/
-/* This function is called on leaving file functions to unlock the volume.
-*/
-
-void ff_rel_grant (
-	FF_SYNC_t sobj	/* Sync object to be signaled */
-)
-{
-	/* Win32 */
-	ReleaseMutex(sobj);
-
-	/* uITRON */
-//	sig_sem(sobj);
-
-	/* uC/OS-II */
-//	OSMutexPost(sobj);
-
-	/* FreeRTOS */
-//	xSemaphoreGive(sobj);
-
-	/* CMSIS-RTOS */
-//	osMutexRelease(sobj);
-}
 
 #endif
 
+
+
+/*------------------------------------------------------------------------*/
+/* Create a Mutex                                                         */
+/*------------------------------------------------------------------------*/
+/* This function is called in f_mount function to create a new mutex
+/  or semaphore for the volume. When a 0 is returned, the f_mount function
+/  fails with FR_INT_ERR.
+*/
+
+int ff_mutex_create (	/* Returns 1:Function succeeded or 0:Could not create the mutex */
+	int vol				/* Mutex ID: Volume mutex (0 to FF_VOLUMES - 1) or system mutex (FF_VOLUMES) */
+)
+{
+#if OS_TYPE == 0	/* Win32 */
+	Mutex[vol] = CreateMutex(NULL, FALSE, NULL);
+	return (int)(Mutex[vol] != INVALID_HANDLE_VALUE);
+
+#elif OS_TYPE == 1	/* uITRON */
+	T_CMTX cmtx = {TA_TPRI,1};
+
+	Mutex[vol] = acre_mtx(&cmtx);
+	return (int)(Mutex[vol] > 0);
+
+#elif OS_TYPE == 2	/* uC/OS-II */
+	OS_ERR err;
+
+	Mutex[vol] = OSMutexCreate(0, &err);
+	return (int)(err == OS_NO_ERR);
+
+#elif OS_TYPE == 3	/* FreeRTOS */
+	Mutex[vol] = xSemaphoreCreateMutex();
+	return (int)(Mutex[vol] != NULL);
+
+#elif OS_TYPE == 4	/* CMSIS-RTOS */
+	osMutexDef(cmsis_os_mutex);
+
+	Mutex[vol] = osMutexCreate(osMutex(cmsis_os_mutex));
+	return (int)(Mutex[vol] != NULL);
+
+#endif
+}
+
+
+/*------------------------------------------------------------------------*/
+/* Delete a Mutex                                                         */
+/*------------------------------------------------------------------------*/
+/* This function is called in f_mount function to delete a mutex or
+/  semaphore of the volume created with ff_mutex_create function.
+*/
+
+void ff_mutex_delete (	/* Returns 1:Function succeeded or 0:Could not delete due to an error */
+	int vol				/* Mutex ID: Volume mutex (0 to FF_VOLUMES - 1) or system mutex (FF_VOLUMES) */
+)
+{
+#if OS_TYPE == 0	/* Win32 */
+	CloseHandle(Mutex[vol]);
+
+#elif OS_TYPE == 1	/* uITRON */
+	del_mtx(Mutex[vol]);
+
+#elif OS_TYPE == 2	/* uC/OS-II */
+	OS_ERR err;
+
+	OSMutexDel(Mutex[vol], OS_DEL_ALWAYS, &err);
+
+#elif OS_TYPE == 3	/* FreeRTOS */
+	vSemaphoreDelete(Mutex[vol]);
+
+#elif OS_TYPE == 4	/* CMSIS-RTOS */
+	osMutexDelete(Mutex[vol]);
+
+#endif
+}
+
+
+/*------------------------------------------------------------------------*/
+/* Request a Grant to Access the Volume                                   */
+/*------------------------------------------------------------------------*/
+/* This function is called on enter file functions to lock the volume.
+/  When a 0 is returned, the file function fails with FR_TIMEOUT.
+*/
+
+int ff_mutex_take (	/* Returns 1:Succeeded or 0:Timeout */
+	int vol			/* Mutex ID: Volume mutex (0 to FF_VOLUMES - 1) or system mutex (FF_VOLUMES) */
+)
+{
+#if OS_TYPE == 0	/* Win32 */
+	return (int)(WaitForSingleObject(Mutex[vol], FF_FS_TIMEOUT) == WAIT_OBJECT_0);
+
+#elif OS_TYPE == 1	/* uITRON */
+	return (int)(tloc_mtx(Mutex[vol], FF_FS_TIMEOUT) == E_OK);
+
+#elif OS_TYPE == 2	/* uC/OS-II */
+	OS_ERR err;
+
+	OSMutexPend(Mutex[vol], FF_FS_TIMEOUT, &err));
+	return (int)(err == OS_NO_ERR);
+
+#elif OS_TYPE == 3	/* FreeRTOS */
+	return (int)(xSemaphoreTake(Mutex[vol], FF_FS_TIMEOUT) == pdTRUE);
+
+#elif OS_TYPE == 4	/* CMSIS-RTOS */
+	return (int)(osMutexWait(Mutex[vol], FF_FS_TIMEOUT) == osOK);
+
+#endif
+}
+
+
+
+/*------------------------------------------------------------------------*/
+/* Release a Grant to Access the Volume                                   */
+/*------------------------------------------------------------------------*/
+/* This function is called on leave file functions to unlock the volume.
+*/
+
+void ff_mutex_give (
+	int vol			/* Mutex ID: Volume mutex (0 to FF_VOLUMES - 1) or system mutex (FF_VOLUMES) */
+)
+{
+#if OS_TYPE == 0	/* Win32 */
+	ReleaseMutex(Mutex[vol]);
+
+#elif OS_TYPE == 1	/* uITRON */
+	unl_mtx(Mutex[vol]);
+
+#elif OS_TYPE == 2	/* uC/OS-II */
+	OSMutexPost(Mutex[vol]);
+
+#elif OS_TYPE == 3	/* FreeRTOS */
+	xSemaphoreGive(Mutex[vol]);
+
+#elif OS_TYPE == 4	/* CMSIS-RTOS */
+	osMutexRelease(Mutex[vol]);
+
+#endif
+}
+
+#endif	/* FF_FS_REENTRANT */
+

arm9/source/fatfs/ffunicode.c

@@ -1,13 +1,13 @@
 /*------------------------------------------------------------------------*/
-/* Unicode handling functions for FatFs R0.13c                            */
+/* Unicode Handling Functions for FatFs R0.13 and Later                   */
+/*------------------------------------------------------------------------*/
+/* This module will occupy a huge memory in the .rodata section when the  */
+/* FatFs is configured for LFN with DBCS. If the system has a Unicode     */
+/* library for the code conversion, this module should be modified to use */
+/* it to avoid silly memory consumption.                                  */
 /*------------------------------------------------------------------------*/
-/* This module will occupy a huge memory in the .const section when the    /
-/  FatFs is configured for LFN with DBCS. If the system has any Unicode    /
-/  utilitiy for the code conversion, this module should be modified to use /
-/  that function to avoid silly memory consumption.                        /
-/-------------------------------------------------------------------------*/
 /*
-/ Copyright (C) 2018, ChaN, all right reserved.
+/ Copyright (C) 2022, ChaN, all right reserved.
 /
 / FatFs module is an open source software. Redistribution and use of FatFs in
 / source and binary forms, with or without modification, are permitted provided
@@ -25,11 +25,7 @@
 
 #include "ff.h"
 
-#if FF_USE_LFN	/* This module will be blanked at non-LFN configuration */
+#if FF_USE_LFN != 0	/* This module will be blanked if in non-LFN configuration */
-
-#if FF_DEFINED != 86604	/* Revision ID */
-#error Wrong include file (ff.h).
-#endif
 
 #define MERGE2(a, b) a ## b
 #define CVTBL(tbl, cp) MERGE2(tbl, cp)
@@ -15218,8 +15214,8 @@ static const WCHAR uc869[] = {	/*  CP869(Greek 2) to Unicode conversion table */
 
 
 /*------------------------------------------------------------------------*/
-/* OEM <==> Unicode conversions for static code page configuration        */
+/* OEM <==> Unicode Conversions for Static Code Page Configuration with   */
-/* SBCS fixed code page                                                   */
+/* SBCS Fixed Code Page                                                   */
 /*------------------------------------------------------------------------*/
 
 #if FF_CODE_PAGE != 0 && FF_CODE_PAGE < 900
@@ -15229,7 +15225,7 @@ WCHAR ff_uni2oem (	/* Returns OEM code character, zero on error */
 )
 {
 	WCHAR c = 0;
-	const WCHAR *p = CVTBL(uc, FF_CODE_PAGE);
+	const WCHAR* p = CVTBL(uc, FF_CODE_PAGE);
 
 
 	if (uni < 0x80) {	/* ASCII? */
@@ -15245,13 +15241,13 @@ WCHAR ff_uni2oem (	/* Returns OEM code character, zero on error */
 	return c;
 }
 
-WCHAR ff_oem2uni (	/* Returns Unicode character, zero on error */
+WCHAR ff_oem2uni (	/* Returns Unicode character in UTF-16, zero on error */
 	WCHAR	oem,	/* OEM code to be converted */
 	WORD	cp		/* Code page for the conversion */
 )
 {
 	WCHAR c = 0;
-	const WCHAR *p = CVTBL(uc, FF_CODE_PAGE);
+	const WCHAR* p = CVTBL(uc, FF_CODE_PAGE);
 
 
 	if (oem < 0x80) {	/* ASCII? */
@@ -15271,8 +15267,8 @@ WCHAR ff_oem2uni (	/* Returns Unicode character, zero on error */
 
 
 /*------------------------------------------------------------------------*/
-/* OEM <==> Unicode conversions for static code page configuration        */
+/* OEM <==> Unicode Conversions for Static Code Page Configuration with   */
-/* DBCS fixed code page                                                   */
+/* DBCS Fixed Code Page                                                   */
 /*------------------------------------------------------------------------*/
 
 #if FF_CODE_PAGE >= 900
@@ -15281,7 +15277,7 @@ WCHAR ff_uni2oem (	/* Returns OEM code character, zero on error */
 	WORD	cp		/* Code page for the conversion */
 )
 {
-	const WCHAR *p;
+	const WCHAR* p;
 	WCHAR c = 0, uc;
 	UINT i = 0, n, li, hi;
 
@@ -15312,12 +15308,12 @@ WCHAR ff_uni2oem (	/* Returns OEM code character, zero on error */
 }
 
 
-WCHAR ff_oem2uni (	/* Returns Unicode character, zero on error */
+WCHAR ff_oem2uni (	/* Returns Unicode character in UTF-16, zero on error */
 	WCHAR	oem,	/* OEM code to be converted */
 	WORD	cp		/* Code page for the conversion */
 )
 {
-	const WCHAR *p;
+	const WCHAR* p;
 	WCHAR c = 0;
 	UINT i = 0, n, li, hi;
 
@@ -15350,7 +15346,7 @@ WCHAR ff_oem2uni (	/* Returns Unicode character, zero on error */
 
 
 /*------------------------------------------------------------------------*/
-/* OEM <==> Unicode conversions for dynamic code page configuration       */
+/* OEM <==> Unicode Conversions for Dynamic Code Page Configuration       */
 /*------------------------------------------------------------------------*/
 
 #if FF_CODE_PAGE == 0
@@ -15364,7 +15360,7 @@ WCHAR ff_uni2oem (	/* Returns OEM code character, zero on error */
 	WORD	cp		/* Code page for the conversion */
 )
 {
-	const WCHAR *p;
+	const WCHAR* p;
 	WCHAR c = 0, uc;
 	UINT i, n, li, hi;
 
@@ -15411,12 +15407,12 @@ WCHAR ff_uni2oem (	/* Returns OEM code character, zero on error */
 }
 
 
-WCHAR ff_oem2uni (	/* Returns Unicode character, zero on error */
+WCHAR ff_oem2uni (	/* Returns Unicode character in UTF-16, zero on error */
 	WCHAR	oem,	/* OEM code to be converted (DBC if >=0x100) */
 	WORD	cp		/* Code page for the conversion */
 )
 {
-	const WCHAR *p;
+	const WCHAR* p;
 	WCHAR c = 0;
 	UINT i, n, li, hi;
 
@@ -15462,14 +15458,14 @@ WCHAR ff_oem2uni (	/* Returns Unicode character, zero on error */
 
 
 /*------------------------------------------------------------------------*/
-/* Unicode up-case conversion                                             */
+/* Unicode Up-case Conversion                                             */
 /*------------------------------------------------------------------------*/
 
 DWORD ff_wtoupper (	/* Returns up-converted code point */
 	DWORD uni		/* Unicode code point to be up-converted */
 )
 {
-	const WORD *p;
+	const WORD* p;
 	WORD uc, bc, nc, cmd;
 	static const WORD cvt1[] = {	/* Compressed up conversion table for U+0000 - U+0FFF */
 		/* Basic Latin */
@@ -15594,4 +15590,4 @@ DWORD ff_wtoupper (	/* Returns up-converted code point */
 }
 
 
-#endif /* #if FF_USE_LFN */
+#endif /* #if FF_USE_LFN != 0 */

arm9/source/fatfs/integer.h

@@ -1,38 +0,0 @@
-/*-------------------------------------------*/
-/* Integer type definitions for FatFs module */
-/*-------------------------------------------*/
-
-#ifndef FF_INTEGER
-#define FF_INTEGER
-
-#ifdef _WIN32	/* FatFs development platform */
-
-#include <windows.h>
-#include <tchar.h>
-typedef unsigned __int64 QWORD;
-
-
-#else			/* Embedded platform */
-
-/* These types MUST be 16-bit or 32-bit */
-typedef int				INT;
-typedef unsigned int	UINT;
-
-/* This type MUST be 8-bit */
-typedef unsigned char	BYTE;
-
-/* These types MUST be 16-bit */
-typedef short			SHORT;
-typedef unsigned short	WORD;
-typedef unsigned short	WCHAR;
-
-/* These types MUST be 32-bit */
-typedef long			LONG;
-typedef unsigned long	DWORD;
-
-/* This type MUST be 64-bit (Remove this for ANSI C (C89) compatibility) */
-typedef unsigned long long QWORD;
-
-#endif
-
-#endif

arm9/source/firm.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2021 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -39,6 +39,7 @@
 #include "chainloader.h"
 
 static Firm *firm = (Firm *)0x20001000;
+u32 firmProtoVersion = 0;
 
 static __attribute__((noinline)) bool overlaps(u32 as, u32 ae, u32 bs, u32 be)
 {
@@ -151,10 +152,24 @@ static inline u32 loadFirmFromStorage(FirmwareType firmType)
 
 u32 loadNintendoFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadFromStorage, bool isSafeMode)
 {
-    u32 firmVersion,
+    u32 firmVersion = 0xFFFFFFFF,
         firmSize;
 
-    bool ctrNandError = isSdMode && !mountFs(false, false);
+    bool ctrNandError = true;
+    bool loadedFromStorage = false;
+    bool storageLoadError = false;
+
+    // Try loading FIRM from sdmc first if specified.
+    if (loadFromStorage) {
+        firmSize = loadFirmFromStorage(*firmType);
+        if (firmSize != 0) loadedFromStorage = true;
+        else storageLoadError = true;
+    }
+
+    // Remount ctrnand and load FIRM from it if loading from sdmc failed.
+    if (!loadedFromStorage) {
+        ctrNandError = isSdMode && !remountCtrNandPartition(false);
+    }
 
     if(!ctrNandError)
     {
@@ -169,10 +184,8 @@ u32 loadNintendoFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadF
             if(!firmSize || !checkFirm(firmSize)) ctrNandError = true;
         }
     }
-
+    // If CTRNAND load failed, and it wasn't tried yet, load FIRM from sdmc.
-    bool loadedFromStorage = false;
+    if (ctrNandError && !storageLoadError)
-
-    if(loadFromStorage || ctrNandError)
     {
         u32 result = loadFirmFromStorage(*firmType);
 
@@ -181,11 +194,69 @@ u32 loadNintendoFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadF
             loadedFromStorage = true;
             firmSize = result;
         }
-        else if(ctrNandError) error("Unable to mount CTRNAND or load the CTRNAND FIRM.\nPlease use an external one.");
+        else storageLoadError = true;
     }
+    // If all attempts failed, panic.
+    if(ctrNandError && storageLoadError) error("Unable to mount CTRNAND or load the CTRNAND FIRM.\nPlease use an external one.");
 
     //Check that the FIRM is right for the console from the Arm9 section address
-    if((firm->section[3].offset != 0 ? firm->section[3].address : firm->section[2].address) != (ISN3DS ? (u8 *)0x8006000 : (u8 *)0x8006800))
+    bool isO3dsFirm = firm->section[3].offset == 0 && firm->section[2].address == (u8 *)0x8006800;
+
+    if(loadedFromStorage || ISDEVUNIT)
+    {
+        firmVersion = 0xFFFFFFFF;
+
+        if(isO3dsFirm && (*firmType == NATIVE_FIRM || *firmType == NATIVE_FIRM1X2X))
+        {
+            __attribute__((aligned(4))) static const u8 hashes[5][0x20] = {
+                {0xD7, 0x43, 0x0F, 0x27, 0x8D, 0xC9, 0x3F, 0x4C, 0x96, 0xB5, 0xA8, 0x91, 0x48, 0xDB, 0x08, 0x8A,
+                 0x7E, 0x46, 0xB3, 0x95, 0x65, 0xA2, 0x05, 0xF1, 0xF2, 0x41, 0x21, 0xF1, 0x0C, 0x59, 0x6A, 0x9D},
+                {0x93, 0xDF, 0x49, 0xA1, 0x24, 0x86, 0xBB, 0x6F, 0xAF, 0x49, 0x99, 0x2D, 0xD0, 0x8D, 0xB1, 0x88,
+                 0x8A, 0x00, 0xB6, 0xDD, 0x36, 0x89, 0xC0, 0xE2, 0xC9, 0xA9, 0x99, 0x62, 0x57, 0x5E, 0x6C, 0x23},
+                {0x39, 0x75, 0xB5, 0x28, 0x24, 0x5E, 0x8B, 0x56, 0xBC, 0x83, 0x79, 0x41, 0x09, 0x2C, 0x42, 0xE6,
+                 0x26, 0xB6, 0x80, 0x59, 0xA5, 0x56, 0xF9, 0xF9, 0x6E, 0xF3, 0x63, 0x05, 0x58, 0xDF, 0x35, 0xEF},
+                {0x81, 0x9E, 0x71, 0x58, 0xE5, 0x44, 0x73, 0xF7, 0x48, 0x78, 0x7C, 0xEF, 0x5E, 0x30, 0xE2, 0x28,
+                 0x78, 0x0B, 0x21, 0x23, 0x94, 0x63, 0xE8, 0x4E, 0x06, 0xBB, 0xD6, 0x8D, 0xA0, 0x99, 0xAE, 0x98},
+                {0x1D, 0xD5, 0xB0, 0xC2, 0xD9, 0x4A, 0x4A, 0xF3, 0x23, 0xDD, 0x2F, 0x65, 0x21, 0x95, 0x9B, 0x7E,
+                 0xF2, 0x71, 0x7E, 0xB6, 0x7A, 0x3A, 0x74, 0x78, 0x0D, 0xE3, 0xB5, 0x0C, 0x2B, 0x7F, 0x85, 0x37},
+            };
+
+            u32 i;
+            for(i = 0; i < sizeof(hashes)/sizeof(hashes[0]); i++)
+            {
+                if(memcmp(firm->section[1].hash, hashes[i], 0x20) == 0) break;
+            }
+
+            switch(i)
+            {
+                // Beta
+                case 0:
+                    firmVersion = 0x0;
+                    firmProtoVersion = 243;
+                    *firmType = NATIVE_PROTOTYPE;
+                    break;
+                case 1:
+                    firmVersion = 0x0;
+                    firmProtoVersion = 238;
+                    *firmType = NATIVE_PROTOTYPE;
+                    break;
+                // Release
+                case 2:
+                    firmVersion = 0x18;
+                    break;
+                case 3:
+                    firmVersion = 0x1D;
+                    break;
+                case 4:
+                    firmVersion = 0x1F;
+                    break;
+                default:
+                    break;
+            }
+        }
+    }
+
+    if(*firmType != NATIVE_PROTOTYPE && (firm->section[3].offset != 0 ? firm->section[3].address : firm->section[2].address) != (ISN3DS ? (u8 *)0x8006000 : (u8 *)0x8006800))
         error("The %s FIRM is not for this console.", loadedFromStorage ? "external" : "CTRNAND");
 
     if(!ISN3DS && *firmType == NATIVE_FIRM && firm->section[0].address == (u8 *)0x1FF80000)
@@ -193,51 +264,20 @@ u32 loadNintendoFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadF
         //We can't boot < 3.x EmuNANDs
         if(nandType != FIRMWARE_SYSNAND) error("An old unsupported EmuNAND has been detected.\nLuma3DS is unable to boot it.");
 
+        //If you want to use SAFE_FIRM on 1.0, use Luma from NAND & comment this line:
         if(isSafeMode) error("SAFE_MODE is not supported on 1.x/2.x FIRM.");
 
         *firmType = NATIVE_FIRM1X2X;
     }
 
-    if(loadedFromStorage || ISDEVUNIT)
-    {
-        firmVersion = 0xFFFFFFFF;
-
-        if(!ISN3DS && *firmType == NATIVE_FIRM)
-        {
-            __attribute__((aligned(4))) static const u8 hashes[3][0x20] = {
-                {0x39, 0x75, 0xB5, 0x28, 0x24, 0x5E, 0x8B, 0x56, 0xBC, 0x83, 0x79, 0x41, 0x09, 0x2C, 0x42, 0xE6,
-                 0x26, 0xB6, 0x80, 0x59, 0xA5, 0x56, 0xF9, 0xF9, 0x6E, 0xF3, 0x63, 0x05, 0x58, 0xDF, 0x35, 0xEF},
-                {0x81, 0x9E, 0x71, 0x58, 0xE5, 0x44, 0x73, 0xF7, 0x48, 0x78, 0x7C, 0xEF, 0x5E, 0x30, 0xE2, 0x28,
-                 0x78, 0x0B, 0x21, 0x23, 0x94, 0x63, 0xE8, 0x4E, 0x06, 0xBB, 0xD6, 0x8D, 0xA0, 0x99, 0xAE, 0x98},
-                {0x1D, 0xD5, 0xB0, 0xC2, 0xD9, 0x4A, 0x4A, 0xF3, 0x23, 0xDD, 0x2F, 0x65, 0x21, 0x95, 0x9B, 0x7E,
-                 0xF2, 0x71, 0x7E, 0xB6, 0x7A, 0x3A, 0x74, 0x78, 0x0D, 0xE3, 0xB5, 0x0C, 0x2B, 0x7F, 0x85, 0x37}
-            };
-
-            u32 i;
-            for(i = 0; i < 3; i++) if(memcmp(firm->section[1].hash, hashes[i], 0x20) == 0) break;
-
-            switch(i)
-            {
-                case 0:
-                    firmVersion = 0x18;
-                    break;
-                case 1:
-                    firmVersion = 0x1D;
-                    break;
-                case 2:
-                    firmVersion = 0x1F;
-                    break;
-            }
-        }
-    }
-
     return firmVersion;
 }
 
 void loadHomebrewFirm(u32 pressed)
 {
     char path[10 + 255];
-    bool found = !pressed ? payloadMenu(path) : findPayload(path, pressed);
+    bool hasDisplayedMenu = false;
+    bool found = !pressed ? payloadMenu(path, &hasDisplayedMenu) : findPayload(path, pressed);
 
     if(!found) return;
 
@@ -252,17 +292,156 @@ void loadHomebrewFirm(u32 pressed)
     else sprintf(absPath, "nand:/rw/luma/%s", path);
 
     char *argv[2] = {absPath, (char *)fbs};
+    bool wantsScreenInit = (firm->reserved2[0] & 1) != 0;
 
-    initScreens();
+    if(!hasDisplayedMenu && wantsScreenInit)
+        initScreens(); // Don't init the screens unless we have to, if not already done
 
-    launchFirm((firm->reserved2[0] & 1) ? 2 : 1, argv);
+    launchFirm(wantsScreenInit ? 2 : 1, argv);
 }
 
-static inline void mergeSection0(FirmwareType firmType, u32 firmVersion, bool loadFromStorage)
+static int lzss_decompress(u8 *end)
+{
+    unsigned int v1; // r1@2
+    u8 *v2; // r2@2
+    u8 *v3; // r3@2
+    u8 *v4; // r1@2
+    char v5; // r5@4
+    char v6; // t1@4
+    signed int v7; // r6@4
+    int v9; // t1@7
+    u8 *v11; // r3@8
+    int v12; // r12@8
+    int v13; // t1@8
+    int v14; // t1@8
+    unsigned int v15; // r7@8
+    int v16; // r12@8
+    int ret;
+
+    ret = 0;
+    if ( end )
+    {
+        v1 = *((u32 *)end - 2);
+        v2 = &end[*((u32 *)end - 1)];
+        v3 = &end[-(v1 >> 24)];
+        v4 = &end[-(v1 & 0xFFFFFF)];
+        while ( v3 > v4 )
+        {
+            v6 = *(v3-- - 1);
+            v5 = v6;
+            v7 = 8;
+            while ( 1 )
+            {
+                if ( (v7-- < 1) )
+                    break;
+                if ( v5 & 0x80 )
+                {
+                    v13 = *(v3 - 1);
+                    v11 = v3 - 1;
+                    v12 = v13;
+                    v14 = *(v11 - 1);
+                    v3 = v11 - 1;
+                    v15 = ((v14 | (v12 << 8)) & 0xFFFF0FFF) + 2;
+                    v16 = v12 + 32;
+                    do
+                    {
+                        ret = v2[v15];
+                        *(v2-- - 1) = ret;
+                        v16 -= 16;
+                    }
+                    while ( !(v16 < 0) );
+                }
+                else
+                {
+                    v9 = *(v3-- - 1);
+                    ret = v9;
+                    *(v2-- - 1) = v9;
+                }
+                v5 *= 2;
+                if ( v3 <= v4 )
+                    return ret;
+            }
+        }
+    }
+    return ret;
+}
+
+typedef struct CopyKipResult {
+    u32 cxiSize;
+    u8 *codeDstAddr;
+    u32 codeSize;
+} CopyKipResult;
+
+// Copy a KIP, decompressing it in place if necessary (TwlBg)
+static CopyKipResult copyKip(u8 *dst, const u8 *src, u32 maxSize, bool decompress)
+{
+    const char *extModuleSizeError = "The external FIRM modules are too large.";
+    CopyKipResult res = { 0 };
+    Cxi *dstCxi = (Cxi *)dst;
+    const Cxi *srcCxi = (const Cxi *)src;
+
+    u32 mediaUnitShift = 9 + srcCxi->ncch.flags[6];
+    u32 totalSizeCompressed = srcCxi->ncch.contentSize << mediaUnitShift;
+
+    if (totalSizeCompressed > maxSize)
+        error(extModuleSizeError);
+
+    // First, copy the compressed KIP to the destination
+    memcpy(dst, src, totalSizeCompressed);
+
+    ExHeader *exh = &dstCxi->exHeader;
+    bool isCompressed = (exh->systemControlInfo.flag & 1) != 0;
+    ExeFsHeader *exefs = (ExeFsHeader *)(dst + (dstCxi->ncch.exeFsOffset << mediaUnitShift));
+    ExeFsFileHeader *fh = &exefs->fileHeaders[0];
+    u8 *codeAddr = (u8 *)exefs + sizeof(ExeFsHeader) + fh->offset;
+
+    if (memcmp(fh->name, ".code\0\0\0", 8) != 0 || fh->offset != 0 || exefs->fileHeaders[1].size != 0)
+        error("One of the external FIRM modules have invalid layout.");
+
+    // If it's already decompressed or we don't need to, there is not much left to do
+    if (!decompress || !isCompressed)
+    {
+        res.cxiSize = totalSizeCompressed;
+        res.codeDstAddr = codeAddr;
+        res.codeSize = fh->size;
+    }
+    else
+    {
+        u32 codeSize = exh->systemControlInfo.textCodeSet.size;
+        codeSize += exh->systemControlInfo.roCodeSet.size;
+        codeSize += exh->systemControlInfo.dataCodeSet.size;
+
+        u32 codeSizePadded = ((codeSize + (1 << mediaUnitShift) - 1) >> mediaUnitShift) << mediaUnitShift;
+        u32 newTotalSize = (codeAddr + codeSizePadded) - dst;
+        if (newTotalSize > maxSize)
+            error(extModuleSizeError);
+
+        // Decompress in place
+        lzss_decompress(codeAddr + fh->size);
+
+        // Fill padding just in case
+        memset(codeAddr + codeSize, 0, codeSizePadded - codeSize);
+
+        // Fix fields
+        fh->size = codeSize;
+        dstCxi->ncch.exeFsSize = codeSizePadded >> mediaUnitShift;
+        exh->systemControlInfo.flag &= ~1;
+        dstCxi->ncch.contentSize = newTotalSize >> mediaUnitShift;
+
+        res.cxiSize = newTotalSize;
+        res.codeDstAddr = codeAddr;
+        res.codeSize = codeSize;
+    }
+
+    return res;
+}
+static void mergeSection0(FirmwareType firmType, u32 firmVersion, bool loadFromStorage)
 {
     u32 srcModuleSize,
         nbModules = 0;
 
+    bool isLgyFirm = firmType == TWL_FIRM || firmType == AGB_FIRM;
+
     struct
     {
         char name[8];
@@ -278,7 +457,8 @@ static inline void mergeSection0(FirmwareType firmType, u32 firmVersion, bool lo
         srcModuleSize = moduleList[nbModules].size = ((Cxi *)src)->ncch.contentSize * 0x200;
     }
 
-    if(firmType == NATIVE_FIRM && (ISN3DS || firmVersion >= 0x1D))
+    // SAFE_FIRM only for N3DS and only if ENABLESAFEFIRMROSALINA is on
+    if((firmType == NATIVE_FIRM || firmType == SAFE_FIRM) && (ISN3DS || firmVersion >= 0x25))
     {
         //2) Merge that info with our own modules'
         for(u8 *src = (u8 *)0x18180000; memcmp(((Cxi *)src)->ncch.magic, "NCCH", 4) == 0; src += srcModuleSize)
@@ -303,7 +483,10 @@ static inline void mergeSection0(FirmwareType firmType, u32 firmVersion, bool lo
     //3) Read or copy the modules
     u8 *dst = firm->section[0].address;
     const char *extModuleSizeError = "The external FIRM modules are too large.";
-    for(u32 i = 0, dstModuleSize, maxModuleSize = firmType == NATIVE_FIRM ? 0x80000 : 0x600000; i < nbModules; i++, dst += dstModuleSize, maxModuleSize -= dstModuleSize)
+    // SAFE_FIRM only for N3DS and only if ENABLESAFEFIRMROSALINA is on
+    u32 maxModuleSize = !isLgyFirm ? 0x80000 : 0x600000;
+    u32 dstModuleSize = 0;
+    for(u32 i = 0; i < nbModules; i++)
     {
         if(loadFromStorage)
         {
@@ -324,29 +507,46 @@ static inline void mergeSection0(FirmwareType firmType, u32 firmVersion, bool lo
                    memcmp(moduleList[i].name, ((Cxi *)dst)->exHeader.systemControlInfo.appTitle, sizeof(((Cxi *)dst)->exHeader.systemControlInfo.appTitle)) != 0)
                     error("An external FIRM module is invalid or corrupted.");
 
+                dst += dstModuleSize;
+                maxModuleSize -= dstModuleSize;
                 continue;
             }
         }
 
-        dstModuleSize = moduleList[i].size;
+        // If not successfully loaded from storage, then...
 
-        if(dstModuleSize > maxModuleSize) error(extModuleSizeError);
+        // Decompress stock TwlBg so that we can patch it
+        bool isStockTwlBg = firmType == TWL_FIRM && strcmp(moduleList[i].name, "TwlBg") == 0;
 
-        memcpy(dst, moduleList[i].src, dstModuleSize);
+        CopyKipResult copyRes = copyKip(dst, moduleList[i].src, maxModuleSize, isStockTwlBg);
+
+        if (isStockTwlBg)
+            patchTwlBg(copyRes.codeDstAddr, copyRes.codeSize);
+
+        dst += copyRes.cxiSize;
+        maxModuleSize -= copyRes.cxiSize;
     }
 
-    //4) Patch NATIVE_FIRM if necessary
+    //4) Patch kernel to take module size into account
-    if(nbModules == 6)
+    u32 newKipSectionSize = dst - firm->section[0].address;
+    u32 oldKipSectionSize = firm->section[0].size;
+    u8 *kernel11Addr = (u8 *)firm + firm->section[1].offset;
+    u32 kernel11Size = firm->section[1].size;
+    if (isLgyFirm)
     {
-        if(patchK11ModuleLoading(firm->section[0].size, dst - firm->section[0].address, (u8 *)firm + firm->section[1].offset, firm->section[1].size) != 0)
+        if (patchK11ModuleLoadingLgy(newKipSectionSize, kernel11Addr, kernel11Size) != 0)
-            error("Failed to inject custom sysmodule");
+            error("Failed to load sysmodules");
+    }
+    else
+    {
+        if (patchK11ModuleLoading(oldKipSectionSize, newKipSectionSize, nbModules, kernel11Addr, kernel11Size) != 0)
+            error("Failed to load sysmodules");
     }
 }
 
 u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, bool loadFromStorage, bool isFirmProtEnabled, bool needToInitSd, bool doUnitinfoPatch)
 {
-    u8 *arm9Section = (u8 *)firm + firm->section[2].offset,
+    u8 *arm9Section = (u8 *)firm + firm->section[2].offset;
-       *arm11Section1 = (u8 *)firm + firm->section[1].offset;
 
     if(ISN3DS)
     {
@@ -360,34 +560,41 @@ u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, bool loadFromStora
         process9MemAddr;
     u8 *process9Offset = getProcess9Info(arm9Section, firm->section[2].size, &process9Size, &process9MemAddr);
 
-    //Find the Kernel11 SVC table and handler, exceptions page and free space locations
-    u32 baseK11VA;
-    u8 *freeK11Space;
-    u32 *arm11SvcHandler,
-        *arm11ExceptionsPage,
-        *arm11SvcTable = getKernel11Info(arm11Section1, firm->section[1].size, &baseK11VA, &freeK11Space, &arm11SvcHandler, &arm11ExceptionsPage);
-
     u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
         ret = 0;
 
-    //Skip on FIRMs < 4.0
+#ifndef BUILD_FOR_EXPLOIT_DEV
-    if(ISN3DS || firmVersion >= 0x1D)
+    //Skip on FIRMs < 5.0
+    if(ISN3DS || firmVersion >= 0x25)
     {
+        //Find the Kernel11 SVC table and handler, exceptions page and free space locations
+        u8 *arm11Section1 = (u8 *)firm + firm->section[1].offset;
+        u32 baseK11VA;
+        u8 *freeK11Space;
+        u32 *arm11SvcHandler,
+            *arm11ExceptionsPage,
+            *arm11SvcTable = getKernel11Info(arm11Section1, firm->section[1].size, &baseK11VA, &freeK11Space, &arm11SvcHandler, &arm11ExceptionsPage);
+
         ret += installK11Extension(arm11Section1, firm->section[1].size, needToInitSd, baseK11VA, arm11ExceptionsPage, &freeK11Space);
         ret += patchKernel11(arm11Section1, firm->section[1].size, baseK11VA, arm11SvcTable, arm11ExceptionsPage);
     }
+#else
+    (void)needToInitSd;
+#endif
 
     //Apply signature patches
     ret += patchSignatureChecks(process9Offset, process9Size);
 
     //Apply EmuNAND patches
-    if(nandType != FIRMWARE_SYSNAND) ret += patchEmuNand(arm9Section, kernel9Size, process9Offset, process9Size, firm->section[2].address, firmVersion);
+    if(nandType != FIRMWARE_SYSNAND) ret += patchEmuNand(process9Offset, process9Size, firmVersion);
 
     //Apply FIRM0/1 writes patches on SysNAND to protect A9LH
     else if(isFirmProtEnabled) ret += patchFirmWrites(process9Offset, process9Size);
 
+#ifndef BUILD_FOR_EXPLOIT_DEV
     //Apply firmlaunch patches
     ret += patchFirmlaunches(process9Offset, process9Size, process9MemAddr);
+#endif
 
     //Apply dev unit check patches related to NCCH encryption
     if(!ISDEVUNIT)
@@ -424,8 +631,17 @@ u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, bool loadFromStora
 
 u32 patchTwlFirm(u32 firmVersion, bool loadFromStorage, bool doUnitinfoPatch)
 {
+    u8 *section1 = (u8 *)firm + firm->section[1].offset;
+    u32 section1Size = firm->section[1].size;
+    u8 *section2 = (u8 *)firm + firm->section[2].offset;
+    u32 section2Size = firm->section[2].size;
+
     u8 *arm9Section = (u8 *)firm + firm->section[3].offset;
 
+    // Below 3.0, do not actually do anything.
+    if(!ISN3DS && firmVersion < 0xC)
+        return 0;
+
     //On N3DS, decrypt Arm9Bin and patch Arm9 entrypoint to skip kernel9loader
     if(ISN3DS)
     {
@@ -452,11 +668,11 @@ u32 patchTwlFirm(u32 firmVersion, bool loadFromStorage, bool doUnitinfoPatch)
     //Apply UNITINFO patch
     if(doUnitinfoPatch) ret += patchUnitInfoValueSet(arm9Section, kernel9Size);
 
-    if(loadFromStorage)
+    ret += patchLgyK11(section1, section1Size, section2, section2Size);
-    {
+
-        mergeSection0(TWL_FIRM, 0, true);
+    // Also patch TwlBg here
-        firm->section[0].size = 0;
+    mergeSection0(TWL_FIRM, 0, loadFromStorage);
-    }
+    firm->section[0].size = 0;
 
     return ret;
 }
@@ -465,6 +681,11 @@ u32 patchAgbFirm(bool loadFromStorage, bool doUnitinfoPatch)
 {
     u8 *arm9Section = (u8 *)firm + firm->section[3].offset;
 
+    u8 *section1 = (u8 *)firm + firm->section[1].offset;
+    u32 section1Size = firm->section[1].size;
+    u8 *section2 = (u8 *)firm + firm->section[2].offset;
+    u32 section2Size = firm->section[2].size;
+
     //On N3DS, decrypt Arm9Bin and patch Arm9 entrypoint to skip kernel9loader
     if(ISN3DS)
     {
@@ -482,6 +703,7 @@ u32 patchAgbFirm(bool loadFromStorage, bool doUnitinfoPatch)
 
     ret += patchLgySignatureChecks(process9Offset, process9Size);
     if(CONFIG(SHOWGBABOOT)) ret += patchAgbBootSplash(process9Offset, process9Size);
+    ret += patchLgyK11(section1, section1Size, section2, section2Size);
 
     //Apply UNITINFO patch
     if(doUnitinfoPatch) ret += patchUnitInfoValueSet(arm9Section, kernel9Size);
@@ -522,6 +744,55 @@ u32 patch1x2xNativeAndSafeFirm(void)
     ret += patchArm9ExceptionHandlersInstall(arm9Section, kernel9Size);
     ret += patchSvcBreak9(arm9Section, kernel9Size, (u32)firm->section[2].address);
 
+    //Apply firmlaunch patches
+    //Doesn't work here if Luma is on SD. If you want to use SAFE_FIRM on 1.0, use Luma from NAND & uncomment this line:
+    //ret += patchFirmlaunches(process9Offset, process9Size, process9MemAddr);
+
+    if(ISN3DS && CONFIG(ENABLESAFEFIRMROSALINA))
+    {
+        u8 *arm11Section1 = (u8 *)firm + firm->section[1].offset;
+        //Find the Kernel11 SVC table and handler, exceptions page and free space locations
+        u32 baseK11VA;
+        u8 *freeK11Space;
+        u32 *arm11SvcHandler,
+            *arm11ExceptionsPage,
+            *arm11SvcTable = getKernel11Info(arm11Section1, firm->section[1].size, &baseK11VA, &freeK11Space, &arm11SvcHandler, &arm11ExceptionsPage);
+
+        ret += installK11Extension(arm11Section1, firm->section[1].size, false, baseK11VA, arm11ExceptionsPage, &freeK11Space);
+        ret += patchKernel11(arm11Section1, firm->section[1].size, baseK11VA, arm11SvcTable, arm11ExceptionsPage);
+
+        // Add some other patches to the mix, as we can now launch homebrew on SAFE_FIRM:
+
+        ret += patchKernel9Panic(arm9Section, kernel9Size);
+        ret += patchP9AccessChecks(process9Offset, process9Size);
+
+        mergeSection0(NATIVE_FIRM, 0x45, false); // may change in the future
+        firm->section[0].size = 0;
+    }
+
+    return ret;
+}
+
+u32 patchPrototypeNative(FirmwareSource nandType)
+{
+    u8 *arm9Section = (u8 *)firm + firm->section[2].offset;
+
+    //Find the Process9 .code location, size and memory address
+    u32 process9Size,
+        process9MemAddr;
+    u8 *process9Offset = getProcess9Info(arm9Section, firm->section[2].size, &process9Size, &process9MemAddr);
+
+    u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
+        ret = 0;
+
+    ret += patchProtoNandSignatureCheck(process9Offset, process9Size);
+
+    //Arm9 exception handlers
+    ret += patchArm9ExceptionHandlersInstall(arm9Section, kernel9Size);
+
+    //Apply EmuNAND patches
+    if(nandType != FIRMWARE_SYSNAND) ret += patchProtoEmuNand(process9Offset, process9Size);
+
     return ret;
 }
 

arm9/source/firm.h

@@ -35,4 +35,5 @@ u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, bool loadFromStora
 u32 patchTwlFirm(u32 firmVersion, bool loadFromStorage, bool doUnitinfoPatch);
 u32 patchAgbFirm(bool loadFromStorage, bool doUnitinfoPatch);
 u32 patch1x2xNativeAndSafeFirm(void);
+u32 patchPrototypeNative(FirmwareSource nandType);
 void launchFirm(int argc, char **argv);

arm9/source/fs.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2021 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -37,6 +37,8 @@
 #include "firm.h"
 #include "crypto.h"
 #include "strings.h"
+#include "alignedseqmemcpy.h"
+#include "i2c.h"
 
 static FATFS sdFs,
              nandFs;
@@ -50,16 +52,50 @@ static bool switchToMainDir(bool isSd)
         case FR_OK:
             return true;
         case FR_NO_PATH:
-            return f_mkdir(mainDir) == FR_OK && switchToMainDir(isSd);
+        {
+            if (f_mkdir(mainDir) != FR_OK)
+            {
+                error("Failed to create luma directory.");
+                return false;
+            }
+            return switchToMainDir(isSd);
+        }
         default:
             return false;
     }
 }
 
-bool mountFs(bool isSd, bool switchToCtrNand)
+bool mountSdCardPartition(bool switchMainDir)
 {
-    return isSd ? f_mount(&sdFs, "0:", 1) == FR_OK && switchToMainDir(true) :
+    static bool sdInitialized = false;
-                  f_mount(&nandFs, "1:", 1) == FR_OK && (!switchToCtrNand || (f_chdrive("1:") == FR_OK && switchToMainDir(false)));
+    if (!sdInitialized)
+        sdInitialized = f_mount(&sdFs, "sdmc:", 1) == FR_OK;
+
+    if (sdInitialized && switchMainDir)
+        return f_chdrive("sdmc:") == FR_OK && switchToMainDir(true);
+    return sdInitialized;
+}
+
+bool remountCtrNandPartition(bool switchMainDir)
+{
+    static bool nandInitialized = false;
+    int res = FR_OK;
+
+    if (!nandInitialized)
+    {
+        res = f_mount(&nandFs, "nand:", 1);
+        nandInitialized = res == FR_OK;
+    }
+
+    if (nandInitialized && switchMainDir)
+        return f_chdrive("nand:") == FR_OK && switchToMainDir(false);
+    return nandInitialized;
+}
+
+void unmountPartitions(void)
+{
+    f_unmount("nand:");
+    f_unmount("sdmc:");
 }
 
 u32 fileRead(void *dest, const char *path, u32 maxSize)
@@ -101,6 +137,7 @@ bool fileWrite(const void *buffer, const char *path, u32 size)
             return result == FR_OK && (u32)written == size;
         }
         case FR_NO_PATH:
+            // Only create the last dir in the hierarchy
             for(u32 i = 1; path[i] != 0; i++)
                 if(path[i] == '/')
                 {
@@ -121,6 +158,86 @@ bool fileDelete(const char *path)
     return f_unlink(path) == FR_OK;
 }
 
+bool fileCopy(const char *pathSrc, const char *pathDst, bool replace, void *tmpBuffer, size_t bufferSize)
+{
+    FIL fileSrc, fileDst;
+    FRESULT res;
+
+    res = f_open(&fileSrc, pathSrc, FA_READ);
+    if (res != FR_OK)
+        return true; // Succeed if the source file doesn't exist
+
+    size_t szSrc = f_size(&fileSrc), rem = szSrc;
+
+    res = f_open(&fileDst, pathDst, FA_WRITE | (replace ? FA_CREATE_ALWAYS : FA_CREATE_NEW));
+
+    if (res == FR_EXIST)
+    {
+        // We did not fail
+        f_close(&fileSrc);
+        return true;
+    }
+    else if (res == FR_NO_PATH)
+    {
+        // Only create the last dir in the hierarchy
+        const char *c;
+        for (c = pathDst + strlen(pathDst); *c != '/' && c >= pathDst; --c);
+        if (c >= pathDst && c - pathDst <= FF_MAX_LFN && *c != '\0')
+        {
+            char path[FF_MAX_LFN + 1];
+            strncpy(path, pathDst, c - pathDst);
+            path[c - pathDst] = '\0';
+            res = f_mkdir(path);
+        }
+
+        if (res == FR_OK)
+            res = f_open(&fileDst, pathDst, FA_WRITE | (replace ? FA_CREATE_ALWAYS : FA_CREATE_NEW));
+    }
+
+    if (res != FR_OK)
+    {
+        f_close(&fileSrc);
+        return false;
+    }
+
+    while (rem > 0)
+    {
+        size_t sz = rem >= bufferSize ? bufferSize : rem;
+        UINT n = 0;
+
+        res = f_read(&fileSrc, tmpBuffer, sz, &n);
+        if (n != sz)
+            res = FR_INT_ERR; // should not happen
+
+        if (res == FR_OK)
+        {
+            res = f_write(&fileDst, tmpBuffer, sz, &n);
+            if (n != sz)
+                res = FR_DENIED; // disk full
+        }
+
+        if (res != FR_OK)
+        {
+            f_close(&fileSrc);
+            f_close(&fileDst);
+            f_unlink(pathDst); // oops, failed
+            return false;
+        }
+        rem -= sz;
+    }
+
+    f_close(&fileSrc);
+    f_close(&fileDst);
+
+    return true;
+}
+
+bool createDir(const char *path)
+{
+    FRESULT res = f_mkdir(path);
+    return res == FR_OK || res == FR_EXIST;
+}
+
 bool findPayload(char *path, u32 pressed)
 {
     const char *pattern;
@@ -154,10 +271,11 @@ bool findPayload(char *path, u32 pressed)
     return true;
 }
 
-bool payloadMenu(char *path)
+bool payloadMenu(char *path, bool *hasDisplayedMenu)
 {
     DIR dir;
 
+    *hasDisplayedMenu = false;
     if(f_opendir(&dir, "payloads") != FR_OK) return false;
 
     FILINFO info;
@@ -189,6 +307,7 @@ bool payloadMenu(char *path)
     if(payloadNum != 1)
     {
         initScreens();
+        *hasDisplayedMenu = true;
 
         drawString(true, 10, 10, COLOR_TITLE, "Luma3DS chainloader");
         drawString(true, 10, 10 + SPACING_Y, COLOR_TITLE, "Press A to select, START to quit");
@@ -255,10 +374,10 @@ u32 firmRead(void *dest, u32 firmType)
                                            {"00000003", "20000003"},
                                            {"00000001", "20000001"}};
 
-    char folderPath[35],
+    char folderPath[64],
-         path[48];
+         path[128];
 
-    sprintf(folderPath, "1:/title/00040138/%s/content", firmFolders[firmType][ISN3DS ? 1 : 0]);
+    sprintf(folderPath, "nand:/title/00040138/%s/content", firmFolders[firmType][ISN3DS ? 1 : 0]);
 
     DIR dir;
     u32 firmVersion = 0xFFFFFFFF;
@@ -307,3 +426,104 @@ void findDumpFile(const char *folderPath, char *fileName)
 
     if(result == FR_OK) f_closedir(&dir);
 }
+
+static u8 fileCopyBuffer[0x10000];
+
+static const u8 boot9Sha256[32] = {
+    0x2F, 0x88, 0x74, 0x4F, 0xEE, 0xD7, 0x17, 0x85, 0x63, 0x86, 0x40, 0x0A, 0x44, 0xBB, 0xA4, 0xB9,
+    0xCA, 0x62, 0xE7, 0x6A, 0x32, 0xC7, 0x15, 0xD4, 0xF3, 0x09, 0xC3, 0x99, 0xBF, 0x28, 0x16, 0x6F
+};
+
+static const u8 boot11Sha256[32] = {
+    0x74, 0xDA, 0xAC, 0xE1, 0xF8, 0x06, 0x7B, 0x66, 0xCC, 0x81, 0xFC, 0x30, 0x7A, 0x3F, 0xDB, 0x50,
+    0x9C, 0xBE, 0xDC, 0x32, 0xF9, 0x03, 0xAE, 0xBE, 0x90, 0x61, 0x44, 0xDE, 0xA7, 0xA0, 0x75, 0x12
+};
+
+static bool backupEssentialFiles(void)
+{
+    size_t sz = sizeof(fileCopyBuffer);
+
+    u32 deviceID = *(vu32*)0x01FFB804;
+    char pathStart[0x20];
+    sprintf(pathStart, "backups/%08lX/", deviceID);
+    char fullPath[0x80];
+
+    // Since the other funcs in this file don't create directories recursively (only the last one),
+    // and nor does f_mkdir, create the directories anyway and ignore the result
+    f_mkdir("backups");
+    f_mkdir(pathStart);
+
+    bool ok = true;
+    sprintf(fullPath, "%sHWCAL0.dat", pathStart);
+    ok = ok && fileCopy("nand:/ro/sys/HWCAL0.dat", fullPath, false, fileCopyBuffer, sz);
+    sprintf(fullPath, "%sHWCAL1.dat", pathStart);
+    ok = ok && fileCopy("nand:/ro/sys/HWCAL1.dat", fullPath, false, fileCopyBuffer, sz);
+
+    sprintf(fullPath, "%sLocalFriendCodeSeed_A", pathStart);
+    ok = ok && fileCopy("nand:/rw/sys/LocalFriendCodeSeed_A", fullPath, false, fileCopyBuffer, sz); // often doesn't exist
+    sprintf(fullPath, "%sLocalFriendCodeSeed_B", pathStart);
+    ok = ok && fileCopy("nand:/rw/sys/LocalFriendCodeSeed_B", fullPath, false, fileCopyBuffer, sz);
+
+    sprintf(fullPath, "%sSecureInfo_A", pathStart);
+    ok = ok && fileCopy("nand:/rw/sys/SecureInfo_A", fullPath, false, fileCopyBuffer, sz);
+    sprintf(fullPath, "%sSecureInfo_B", pathStart);
+    ok = ok && fileCopy("nand:/rw/sys/SecureInfo_B", fullPath, false, fileCopyBuffer, sz); // often doesn't exist
+
+    if (!ok) return false;
+
+    alignedseqmemcpy(fileCopyBuffer, (const void *)0x10012000, 0x100);
+    sprintf(fullPath, "%sotp.bin", pathStart);
+    if (getFileSize(fullPath) != 0x100)
+        ok = ok && fileWrite(fileCopyBuffer, fullPath, 0x100);
+
+    if (!ok) return false;
+
+    // On dev boards, but not O3DS IS_DEBUGGER, hwcal is on an EEPROM chip accessed via I2C
+    u8 c = mcuConsoleInfo[0];
+    if (c == 2 || c == 4 || (ISN3DS && c == 5) || c == 6)
+    {
+        sprintf(fullPath, "%sHWCAL_01_EEPROM.dat", pathStart);
+        I2C_readRegBuf(I2C_DEV_EEPROM, 0, fileCopyBuffer, 0x1000); // Up to two instances of hwcal, with the second one @0x800
+        if (getFileSize(fullPath) != 0x1000)
+            ok = ok && fileWrite(fileCopyBuffer, fullPath, 0x1000);
+    }
+
+    // B9S bootrom backups
+    u32 hash[32/4];
+    sha(hash, (const void *)0x08080000, 0x10000, SHA_256_MODE);
+    sprintf(fullPath, "%sboot9.bin", pathStart);
+    if (memcmp(hash, boot9Sha256, 32) == 0 && getFileSize(fullPath) != 0x10000)
+        ok = ok && fileWrite((const void *)0x08080000, fullPath, 0x10000);
+    sha(hash, (const void *)0x08090000, 0x10000, SHA_256_MODE);
+    sprintf(fullPath, "%sboot11.bin", pathStart);
+    if (memcmp(hash, boot11Sha256, 32) == 0 && getFileSize(fullPath) != 0x10000)
+        ok = ok && fileWrite((const void *)0x08090000, fullPath, 0x10000);
+
+    return ok;
+}
+
+bool doLumaUpgradeProcess(void)
+{
+    bool ok = true, ok2 = true;
+
+    // Ensure CTRNAND is mounted
+    remountCtrNandPartition(false);
+
+    // Try to boot.firm to CTRNAND, when applicable
+#ifndef BUILD_FOR_EXPLOIT_DEV
+    if (isSdMode && memcmp(launchedPathForFatfs, "sdmc:", 5) == 0)
+        ok = fileCopy(launchedPathForFatfs, "nand:/boot.firm", true, fileCopyBuffer, sizeof(fileCopyBuffer));
+#endif
+
+    // Try to backup essential files
+    ok2 = backupEssentialFiles();
+
+    // Clean up some of the old files
+    fileDelete("sdmc:/luma/config.bin");
+    fileDelete("nand:/rw/luma/config.bin");
+
+    createDir("sdmc:/luma/payloads");
+    createDir("nand:/rw/luma/payloads");
+
+    return ok && ok2;
+}

arm9/source/fs.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2021 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -30,12 +30,19 @@
 
 #define PATTERN(a) a "_*.firm"
 
-bool mountFs(bool isSd, bool switchToCtrNand);
+bool mountSdCardPartition(bool switchMainDir);
+bool remountCtrNandPartition(bool switchMainDir);
+void unmountPartitions(void);
+
 u32 fileRead(void *dest, const char *path, u32 maxSize);
 u32 getFileSize(const char *path);
 bool fileWrite(const void *buffer, const char *path, u32 size);
 bool fileDelete(const char *path);
+bool fileCopy(const char *pathSrc, const char *pathDst, bool replace, void *tmpBuffer, size_t bufferSize);
+bool createDir(const char *path);
 bool findPayload(char *path, u32 pressed);
-bool payloadMenu(char *path);
+bool payloadMenu(char *path, bool *hasDisplayedMenu);
 u32 firmRead(void *dest, u32 firmType);
 void findDumpFile(const char *folderPath, char *fileName);
+
+bool doLumaUpgradeProcess(void);

arm9/source/i2c.h

@@ -40,6 +40,8 @@ typedef enum
     I2C_DEV_CAMERA    = 1, 	// Unconfirmed
     I2C_DEV_CAMERA2   = 2, 	// Unconfirmed
     I2C_DEV_MCU       = 3,
+    I2C_DEV_LCD_TOP   = 5,
+    I2C_DEV_LCD_BOT   = 6,
     I2C_DEV_GYRO      = 10,
     I2C_DEV_DEBUG_PAD = 12,
     I2C_DEV_IR        = 13,

arm9/source/ini.c

@@ -0,0 +1,298 @@
+/* inih -- simple .INI file parser
+
+SPDX-License-Identifier: BSD-3-Clause
+
+Copyright (C) 2009-2020, Ben Hoyt
+
+inih is released under the New BSD license (see LICENSE.txt). Go to the project
+home page for more info:
+
+https://github.com/benhoyt/inih
+
+*/
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_WARNINGS)
+#define _CRT_SECURE_NO_WARNINGS
+#endif
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+
+#include "ini.h"
+
+#if !INI_USE_STACK
+#if INI_CUSTOM_ALLOCATOR
+#include <stddef.h>
+void* ini_malloc(size_t size);
+void ini_free(void* ptr);
+void* ini_realloc(void* ptr, size_t size);
+#else
+#include <stdlib.h>
+#define ini_malloc malloc
+#define ini_free free
+#define ini_realloc realloc
+#endif
+#endif
+
+#define MAX_SECTION 50
+#define MAX_NAME 50
+
+/* Used by ini_parse_string() to keep track of string parsing state. */
+typedef struct {
+    const char* ptr;
+    size_t num_left;
+} ini_parse_string_ctx;
+
+/* Strip whitespace chars off end of given string, in place. Return s. */
+static char* rstrip(char* s)
+{
+    char* p = s + strlen(s);
+    while (p > s && isspace((unsigned char)(*--p)))
+        *p = '\0';
+    return s;
+}
+
+/* Return pointer to first non-whitespace char in given string. */
+static char* lskip(const char* s)
+{
+    while (*s && isspace((unsigned char)(*s)))
+        s++;
+    return (char*)s;
+}
+
+/* Return pointer to first char (of chars) or inline comment in given string,
+   or pointer to NUL at end of string if neither found. Inline comment must
+   be prefixed by a whitespace character to register as a comment. */
+static char* find_chars_or_comment(const char* s, const char* chars)
+{
+#if INI_ALLOW_INLINE_COMMENTS
+    int was_space = 0;
+    while (*s && (!chars || !strchr(chars, *s)) &&
+           !(was_space && strchr(INI_INLINE_COMMENT_PREFIXES, *s))) {
+        was_space = isspace((unsigned char)(*s));
+        s++;
+    }
+#else
+    while (*s && (!chars || !strchr(chars, *s))) {
+        s++;
+    }
+#endif
+    return (char*)s;
+}
+
+/* Similar to strncpy, but ensures dest (size bytes) is
+   NUL-terminated, and doesn't pad with NULs. */
+static char* strncpy0(char* dest, const char* src, size_t size)
+{
+    /* Could use strncpy internally, but it causes gcc warnings (see issue #91) */
+    size_t i;
+    for (i = 0; i < size - 1 && src[i]; i++)
+        dest[i] = src[i];
+    dest[i] = '\0';
+    return dest;
+}
+
+/* See documentation in header file. */
+int ini_parse_stream(ini_reader reader, void* stream, ini_handler handler,
+                     void* user)
+{
+    /* Uses a fair bit of stack (use heap instead if you need to) */
+#if INI_USE_STACK
+    char line[INI_MAX_LINE];
+    int max_line = INI_MAX_LINE;
+#else
+    char* line;
+    size_t max_line = INI_INITIAL_ALLOC;
+#endif
+#if INI_ALLOW_REALLOC && !INI_USE_STACK
+    char* new_line;
+    size_t offset;
+#endif
+    char section[MAX_SECTION] = "";
+    char prev_name[MAX_NAME] = "";
+
+    char* start;
+    char* end;
+    char* name;
+    char* value;
+    int lineno = 0;
+    int error = 0;
+
+#if !INI_USE_STACK
+    line = (char*)ini_malloc(INI_INITIAL_ALLOC);
+    if (!line) {
+        return -2;
+    }
+#endif
+
+#if INI_HANDLER_LINENO
+#define HANDLER(u, s, n, v) handler(u, s, n, v, lineno)
+#else
+#define HANDLER(u, s, n, v) handler(u, s, n, v)
+#endif
+
+    /* Scan through stream line by line */
+    while (reader(line, (int)max_line, stream) != NULL) {
+#if INI_ALLOW_REALLOC && !INI_USE_STACK
+        offset = strlen(line);
+        while (offset == max_line - 1 && line[offset - 1] != '\n') {
+            max_line *= 2;
+            if (max_line > INI_MAX_LINE)
+                max_line = INI_MAX_LINE;
+            new_line = ini_realloc(line, max_line);
+            if (!new_line) {
+                ini_free(line);
+                return -2;
+            }
+            line = new_line;
+            if (reader(line + offset, (int)(max_line - offset), stream) == NULL)
+                break;
+            if (max_line >= INI_MAX_LINE)
+                break;
+            offset += strlen(line + offset);
+        }
+#endif
+
+        lineno++;
+
+        start = line;
+#if INI_ALLOW_BOM
+        if (lineno == 1 && (unsigned char)start[0] == 0xEF &&
+                           (unsigned char)start[1] == 0xBB &&
+                           (unsigned char)start[2] == 0xBF) {
+            start += 3;
+        }
+#endif
+        start = lskip(rstrip(start));
+
+        if (strchr(INI_START_COMMENT_PREFIXES, *start)) {
+            /* Start-of-line comment */
+        }
+#if INI_ALLOW_MULTILINE
+        else if (*prev_name && *start && start > line) {
+            /* Non-blank line with leading whitespace, treat as continuation
+               of previous name's value (as per Python configparser). */
+            if (!HANDLER(user, section, prev_name, start) && !error)
+                error = lineno;
+        }
+#endif
+        else if (*start == '[') {
+            /* A "[section]" line */
+            end = find_chars_or_comment(start + 1, "]");
+            if (*end == ']') {
+                *end = '\0';
+                strncpy0(section, start + 1, sizeof(section));
+                *prev_name = '\0';
+#if INI_CALL_HANDLER_ON_NEW_SECTION
+                if (!HANDLER(user, section, NULL, NULL) && !error)
+                    error = lineno;
+#endif
+            }
+            else if (!error) {
+                /* No ']' found on section line */
+                error = lineno;
+            }
+        }
+        else if (*start) {
+            /* Not a comment, must be a name[=:]value pair */
+            end = find_chars_or_comment(start, "=:");
+            if (*end == '=' || *end == ':') {
+                *end = '\0';
+                name = rstrip(start);
+                value = end + 1;
+#if INI_ALLOW_INLINE_COMMENTS
+                end = find_chars_or_comment(value, NULL);
+                if (*end)
+                    *end = '\0';
+#endif
+                value = lskip(value);
+                rstrip(value);
+
+                /* Valid name[=:]value pair found, call handler */
+                strncpy0(prev_name, name, sizeof(prev_name));
+                if (!HANDLER(user, section, name, value) && !error)
+                    error = lineno;
+            }
+            else if (!error) {
+                /* No '=' or ':' found on name[=:]value line */
+#if INI_ALLOW_NO_VALUE
+                *end = '\0';
+                name = rstrip(start);
+                if (!HANDLER(user, section, name, NULL) && !error)
+                    error = lineno;
+#else
+                error = lineno;
+#endif
+            }
+        }
+
+#if INI_STOP_ON_FIRST_ERROR
+        if (error)
+            break;
+#endif
+    }
+
+#if !INI_USE_STACK
+    ini_free(line);
+#endif
+
+    return error;
+}
+
+/* See documentation in header file. */
+int ini_parse_file(FILE* file, ini_handler handler, void* user)
+{
+    return ini_parse_stream((ini_reader)fgets, file, handler, user);
+}
+
+/* See documentation in header file. */
+int ini_parse(const char* filename, ini_handler handler, void* user)
+{
+    FILE* file;
+    int error;
+
+    file = fopen(filename, "r");
+    if (!file)
+        return -1;
+    error = ini_parse_file(file, handler, user);
+    fclose(file);
+    return error;
+}
+
+/* An ini_reader function to read the next line from a string buffer. This
+   is the fgets() equivalent used by ini_parse_string(). */
+static char* ini_reader_string(char* str, int num, void* stream) {
+    ini_parse_string_ctx* ctx = (ini_parse_string_ctx*)stream;
+    const char* ctx_ptr = ctx->ptr;
+    size_t ctx_num_left = ctx->num_left;
+    char* strp = str;
+    char c;
+
+    if (ctx_num_left == 0 || num < 2)
+        return NULL;
+
+    while (num > 1 && ctx_num_left != 0) {
+        c = *ctx_ptr++;
+        ctx_num_left--;
+        *strp++ = c;
+        if (c == '\n')
+            break;
+        num--;
+    }
+
+    *strp = '\0';
+    ctx->ptr = ctx_ptr;
+    ctx->num_left = ctx_num_left;
+    return str;
+}
+
+/* See documentation in header file. */
+int ini_parse_string(const char* string, ini_handler handler, void* user) {
+    ini_parse_string_ctx ctx;
+
+    ctx.ptr = string;
+    ctx.num_left = strlen(string);
+    return ini_parse_stream((ini_reader)ini_reader_string, &ctx, handler,
+                            user);
+}

arm9/source/ini.h

@@ -0,0 +1,157 @@
+/* inih -- simple .INI file parser
+
+SPDX-License-Identifier: BSD-3-Clause
+
+Copyright (C) 2009-2020, Ben Hoyt
+
+inih is released under the New BSD license (see LICENSE.txt). Go to the project
+home page for more info:
+
+https://github.com/benhoyt/inih
+
+*/
+
+#ifndef INI_H
+#define INI_H
+
+/* Make this header file easier to include in C++ code */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdio.h>
+
+/* Nonzero if ini_handler callback should accept lineno parameter. */
+#ifndef INI_HANDLER_LINENO
+#define INI_HANDLER_LINENO 0
+#endif
+
+/* Typedef for prototype of handler function. */
+#if INI_HANDLER_LINENO
+typedef int (*ini_handler)(void* user, const char* section,
+                           const char* name, const char* value,
+                           int lineno);
+#else
+typedef int (*ini_handler)(void* user, const char* section,
+                           const char* name, const char* value);
+#endif
+
+/* Typedef for prototype of fgets-style reader function. */
+typedef char* (*ini_reader)(char* str, int num, void* stream);
+
+/* Parse given INI-style file. May have [section]s, name=value pairs
+   (whitespace stripped), and comments starting with ';' (semicolon). Section
+   is "" if name=value pair parsed before any section heading. name:value
+   pairs are also supported as a concession to Python's configparser.
+
+   For each name=value pair parsed, call handler function with given user
+   pointer as well as section, name, and value (data only valid for duration
+   of handler call). Handler should return nonzero on success, zero on error.
+
+   Returns 0 on success, line number of first error on parse error (doesn't
+   stop on first error), -1 on file open error, or -2 on memory allocation
+   error (only when INI_USE_STACK is zero).
+*/
+int ini_parse(const char* filename, ini_handler handler, void* user);
+
+/* Same as ini_parse(), but takes a FILE* instead of filename. This doesn't
+   close the file when it's finished -- the caller must do that. */
+int ini_parse_file(FILE* file, ini_handler handler, void* user);
+
+/* Same as ini_parse(), but takes an ini_reader function pointer instead of
+   filename. Used for implementing custom or string-based I/O (see also
+   ini_parse_string). */
+int ini_parse_stream(ini_reader reader, void* stream, ini_handler handler,
+                     void* user);
+
+/* Same as ini_parse(), but takes a zero-terminated string with the INI data
+instead of a file. Useful for parsing INI data from a network socket or
+already in memory. */
+int ini_parse_string(const char* string, ini_handler handler, void* user);
+
+/* Nonzero to allow multi-line value parsing, in the style of Python's
+   configparser. If allowed, ini_parse() will call the handler with the same
+   name for each subsequent line parsed. */
+#ifndef INI_ALLOW_MULTILINE
+#define INI_ALLOW_MULTILINE 1
+#endif
+
+/* Nonzero to allow a UTF-8 BOM sequence (0xEF 0xBB 0xBF) at the start of
+   the file. See https://github.com/benhoyt/inih/issues/21 */
+#ifndef INI_ALLOW_BOM
+#define INI_ALLOW_BOM 1
+#endif
+
+/* Chars that begin a start-of-line comment. Per Python configparser, allow
+   both ; and # comments at the start of a line by default. */
+#ifndef INI_START_COMMENT_PREFIXES
+#define INI_START_COMMENT_PREFIXES ";#"
+#endif
+
+/* Nonzero to allow inline comments (with valid inline comment characters
+   specified by INI_INLINE_COMMENT_PREFIXES). Set to 0 to turn off and match
+   Python 3.2+ configparser behaviour. */
+#ifndef INI_ALLOW_INLINE_COMMENTS
+#define INI_ALLOW_INLINE_COMMENTS 1
+#endif
+#ifndef INI_INLINE_COMMENT_PREFIXES
+#define INI_INLINE_COMMENT_PREFIXES ";"
+#endif
+
+/* Nonzero to use stack for line buffer, zero to use heap (malloc/free). */
+#ifndef INI_USE_STACK
+#define INI_USE_STACK 1
+#endif
+
+/* Maximum line length for any line in INI file (stack or heap). Note that
+   this must be 3 more than the longest line (due to '\r', '\n', and '\0'). */
+#ifndef INI_MAX_LINE
+#define INI_MAX_LINE 200
+#endif
+
+/* Nonzero to allow heap line buffer to grow via realloc(), zero for a
+   fixed-size buffer of INI_MAX_LINE bytes. Only applies if INI_USE_STACK is
+   zero. */
+#ifndef INI_ALLOW_REALLOC
+#define INI_ALLOW_REALLOC 0
+#endif
+
+/* Initial size in bytes for heap line buffer. Only applies if INI_USE_STACK
+   is zero. */
+#ifndef INI_INITIAL_ALLOC
+#define INI_INITIAL_ALLOC 200
+#endif
+
+/* Stop parsing on first error (default is to keep parsing). */
+#ifndef INI_STOP_ON_FIRST_ERROR
+#define INI_STOP_ON_FIRST_ERROR 0
+#endif
+
+/* Nonzero to call the handler at the start of each new section (with
+   name and value NULL). Default is to only call the handler on
+   each name=value pair. */
+#ifndef INI_CALL_HANDLER_ON_NEW_SECTION
+#define INI_CALL_HANDLER_ON_NEW_SECTION 0
+#endif
+
+/* Nonzero to allow a name without a value (no '=' or ':' on the line) and
+   call the handler with value NULL in this case. Default is to treat
+   no-value lines as an error. */
+#ifndef INI_ALLOW_NO_VALUE
+#define INI_ALLOW_NO_VALUE 0
+#endif
+
+/* Nonzero to use custom ini_malloc, ini_free, and ini_realloc memory
+   allocation functions (INI_USE_STACK must also be 0). These functions must
+   have the same signatures as malloc/free/realloc and behave in a similar
+   way. ini_realloc is only needed if INI_ALLOW_REALLOC is set. */
+#ifndef INI_CUSTOM_ALLOCATOR
+#define INI_CUSTOM_ALLOCATOR 0
+#endif
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* INI_H */

arm9/source/large_patches.h

@@ -28,9 +28,11 @@
 
 #include "types.h"
 
-extern const u8 emunandPatch[];
+extern const u8 emunandPatch[], emunandProtoPatch[], emunandProtoCidPatch[];
-extern const u32 emunandPatchSize;
+extern const u8 emunandProtoPatch238[];
+extern const u32 emunandPatchSize, emunandPatchBssSize;
 extern u32 emunandPatchSdmmcStructPtr, emunandPatchNandOffset, emunandPatchNcsdHeaderOffset;
+extern u32 emunandPatchNandCid[4];
 
 extern const u8 rebootPatch[];
 extern const u32 rebootPatchSize;

arm9/source/large_patches.s

@@ -1,67 +1,3 @@
-.section .large_patch.emunand, "aw", %progbits
-.arm
-.align 4
-
-@ Code originally by Normmatt
-
-.global emunandPatch
-emunandPatch:
-    @ Original code that still needs to be executed
-    mov r4, r0
-    mov r5, r1
-    mov r7, r2
-    mov r6, r3
-    @ End
-
-    @ If we're already trying to access the SD, return
-    ldr r2, [r0, #4]
-    ldr r1, emunandPatchSdmmcStructPtr
-    cmp r2, r1
-    beq out
-
-    str r1, [r0, #4] @ Set object to be SD
-    ldr r2, [r0, #8] @ Get sector to read
-    cmp r2, #0 @ For GW compatibility, see if we're trying to read the ncsd header (sector 0)
-
-    ldr r3, emunandPatchNandOffset
-    add r2, r3 @ Add the offset to the NAND in the SD
-
-    ldreq r3, emunandPatchNcsdHeaderOffset
-    addeq r2, r3 @ If we're reading the ncsd header, add the offset of that sector
-
-    str r2, [r0, #8] @ Store sector to read
-
-    out:
-        @ Restore registers.
-        mov r1, r5
-        mov r2, r7
-        mov r3, r6
-
-        @ Return 4 bytes behind where we got called,
-        @ due to the offset of this function being stored there
-        mov r0, lr
-        add r0, #4
-        bx r0
-
-.pool
-
-.global emunandPatchSdmmcStructPtr
-.global emunandPatchNandOffset
-.global emunandPatchNcsdHeaderOffset
-
-emunandPatchSdmmcStructPtr:     .word   0 @ Pointer to sdmmc struct
-emunandPatchNandOffset:         .word   0 @ For rednand this should be 1
-emunandPatchNcsdHeaderOffset:   .word   0 @ Depends on nand manufacturer + emunand type (GW/RED)
-
-.pool
-.balign 4
-
-_emunandPatchEnd:
-
-.global emunandPatchSize
-emunandPatchSize:
-    .word _emunandPatchEnd - emunandPatch
-
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 
 @ Code originally from delebile and mid-kid

arm9/source/main.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2023 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -35,30 +35,37 @@
 #include "pin.h"
 #include "crypto.h"
 #include "memory.h"
+#include "deliver_arg.h"
 #include "screen.h"
 #include "i2c.h"
+#include "fmt.h"
 #include "fatfs/sdmmc/sdmmc.h"
 
 extern u8 __itcm_start__[], __itcm_lma__[], __itcm_bss_start__[], __itcm_end__[];
 
 extern CfgData configData;
 extern ConfigurationStatus needConfig;
-extern FirmwareSource firmSource;
 
 bool isSdMode;
+char launchedPathForFatfs[256];
 u16 launchedPath[80+1];
 BootType bootType;
 
+u16 mcuFwVersion;
+u8 mcuConsoleInfo[9];
+
 void main(int argc, char **argv, u32 magicWord)
 {
-    bool isFirmProtEnabled,
+    bool isFirmProtEnabled = true,
          isSafeMode = false,
          needToInitSd = false,
          isNoForceFlagSet = false,
          isInvalidLoader = false,
-         isNtrBoot;
+         isNtrBoot = false;
-    FirmwareType firmType;
+    FirmwareType firmType = NATIVE_FIRM;
-    FirmwareSource nandType;
+    FirmwareSource nandType = FIRMWARE_SYSNAND;
+    u32 emunandIndex = 0;
+
     const vu8 *bootMediaStatus = (const vu8 *)0x1FFFE00C;
     const vu32 *bootPartitionsStatus = (const vu32 *)0x1FFFE010;
     u32 firmlaunchTidLow = 0;
@@ -69,6 +76,8 @@ void main(int argc, char **argv, u32 magicWord)
     if((magicWord & 0xFFFF) == 0xBEEF && argc >= 1) //Normal (B9S) boot
     {
         bootType = isNtrBoot ? B9SNTR : B9S;
+        strncpy(launchedPathForFatfs, argv[0], sizeof(launchedPathForFatfs) - 1);
+        launchedPathForFatfs[sizeof(launchedPathForFatfs) - 1] = 0;
 
         u32 i;
         for(i = 0; i < sizeof(launchedPath)/2 - 1 && argv[0][i] != 0; i++) //Copy and convert the path to UTF-16
@@ -82,7 +91,10 @@ void main(int argc, char **argv, u32 magicWord)
         u32 i;
         u16 *p = (u16 *)argv[0];
         for(i = 0; i < sizeof(launchedPath)/2 - 1 && p[i] != 0; i++)
+        {
             launchedPath[i] = p[i];
+            launchedPathForFatfs[i] = (u8)p[i]; // UCS-2 to ascii. Meh.
+        }
         launchedPath[i] = 0;
 
         for(i = 0; i < 8; i++)
@@ -107,6 +119,7 @@ void main(int argc, char **argv, u32 magicWord)
 
             for(u32 i = 0; i < 7; i++) //Copy and convert the path to UTF-16
                 launchedPath[i] = path[i];
+            strcpy(launchedPathForFatfs, path);
         }
 
         setupKeyslots();
@@ -117,24 +130,34 @@ void main(int argc, char **argv, u32 magicWord)
     memcpy(__itcm_start__, __itcm_lma__, __itcm_bss_start__ - __itcm_start__);
     memset(__itcm_bss_start__, 0, __itcm_end__ - __itcm_bss_start__);
     I2C_init();
+
+    u8 mcuFwVerHi = I2C_readReg(I2C_DEV_MCU, 0) - 0x10;
+    u8 mcuFwVerLo = I2C_readReg(I2C_DEV_MCU, 1);
+    mcuFwVersion = ((u16)mcuFwVerHi << 16) | mcuFwVerLo;
+
+    // Check if fw is older than factory. See https://www.3dbrew.org/wiki/MCU_Services#MCU_firmware_versions for a table
+    if (mcuFwVerHi < 1) error("Unsupported MCU FW version %d.%d.", (int)mcuFwVerHi, (int)mcuFwVerLo);
+
+    I2C_readRegBuf(I2C_DEV_MCU, 0x7F, mcuConsoleInfo, 9);
+
     if(isInvalidLoader) error("Launched using an unsupported loader.");
 
     installArm9Handlers();
 
     if(memcmp(launchedPath, u"sdmc", 8) == 0)
     {
-        if(!mountFs(true, false)) error("Failed to mount SD.");
+        if(!mountSdCardPartition(true)) error("Failed to mount SD.");
         isSdMode = true;
     }
     else if(memcmp(launchedPath, u"nand", 8) == 0)
     {
-        if(!mountFs(false, true)) error("Failed to mount CTRNAND.");
+        if(!remountCtrNandPartition(true)) error("Failed to mount CTRNAND.");
         isSdMode = false;
     }
     else if(bootType == NTR || memcmp(launchedPath, u"firm", 8) == 0)
     {
-        if(mountFs(true, false)) isSdMode = true;
+        if(mountSdCardPartition(true)) isSdMode = true;
-        else if(mountFs(false, true)) isSdMode = false;
+        else if(remountCtrNandPartition(true)) isSdMode = false;
         else error("Failed to mount SD and CTRNAND.");
 
         if(bootType == NTR)
@@ -180,7 +203,7 @@ void main(int argc, char **argv, u32 magicWord)
         }
 
         nandType = (FirmwareSource)BOOTCFG_NAND;
-        firmSource = (FirmwareSource)BOOTCFG_FIRM;
+        emunandIndex = BOOTCFG_EMUINDEX;
         isFirmProtEnabled = !BOOTCFG_NTRCARDBOOT;
 
         goto boot;
@@ -195,31 +218,36 @@ void main(int argc, char **argv, u32 magicWord)
     //If it's a MCU reboot, try to force boot options
     if(CFG_BOOTENV && needConfig != CREATE_CONFIGURATION)
     {
+        u32 bootenv = CFG_BOOTENV;
+        bool validTlnc = bootenv == 3 && hasValidTlncAutobootParams();
+
+        if (validTlnc)
+            needToInitSd = true;
+
         //Always force a SysNAND boot when quitting AGB_FIRM
-        if(CFG_BOOTENV == 7)
+        if(bootenv == 7)
         {
             nandType = FIRMWARE_SYSNAND;
-            firmSource = (BOOTCFG_NAND != 0) == (BOOTCFG_FIRM != 0) ? FIRMWARE_SYSNAND : (FirmwareSource)BOOTCFG_FIRM;
 
-            //Prevent multiple boot options-forcing
+            // Prevent multiple boot options-forcing
-            if(nandType != BOOTCFG_NAND || firmSource != BOOTCFG_FIRM) isNoForceFlagSet = true;
+            // This bit is a bit weird. Basically, as you return to Home Menu by pressing either
+            // the HOME or POWER button, nandType will be overridden to "SysNAND" (needed). But,
+            // if you reboot again (e.g. via Rosalina menu), it'll use your default settings.
+            if(nandType != BOOTCFG_NAND) isNoForceFlagSet = true;
 
             goto boot;
         }
 
-        //Account for DSiWare soft resets if exiting TWL_FIRM
+        // Configure homebrew autoboot (if deliver arg ends up not containing anything)
-        if(CFG_BOOTENV == 3)
+        if (bootenv == 1 && MULTICONFIG(AUTOBOOTMODE) != 0)
-        {
+            configureHomebrewAutoboot();
-            static const u8 TLNC[] = {0x54, 0x4C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4E, 0x43};
-            if(memcmp((void *)0x20000C00, TLNC, 10) == 0) needToInitSd = true;
-        }
 
-        /* Force the last used boot options if autobooting a TWL title, or unless a button is pressed
+        /* Force the last used boot options if doing autolaunch from TWL, or unless a button is pressed
            or the no-forcing flag is set */
-        if(needToInitSd || memcmp((void *)0x20000300, "TLNC", 4) == 0 || (!pressed && !BOOTCFG_NOFORCEFLAG))
+        if(validTlnc || !(pressed || BOOTCFG_NOFORCEFLAG))
         {
             nandType = (FirmwareSource)BOOTCFG_NAND;
-            firmSource = (FirmwareSource)BOOTCFG_FIRM;
+            emunandIndex = BOOTCFG_EMUINDEX;
 
             goto boot;
         }
@@ -252,7 +280,6 @@ void main(int argc, char **argv, u32 magicWord)
     if(!CFG_BOOTENV && pressed == SAFE_MODE)
     {
         nandType = FIRMWARE_SYSNAND;
-        firmSource = FIRMWARE_SYSNAND;
 
         isSafeMode = true;
         needToInitSd = true;
@@ -280,7 +307,6 @@ void main(int argc, char **argv, u32 magicWord)
     if(!CFG_BOOTENV && pressed == SAFE_MODE)
     {
         nandType = FIRMWARE_SYSNAND;
-        firmSource = FIRMWARE_SYSNAND;
 
         isSafeMode = true;
         needToInitSd = true;
@@ -288,53 +314,35 @@ void main(int argc, char **argv, u32 magicWord)
         goto boot;
     }
 
+    // Set-up autoboot
+    if (MULTICONFIG(AUTOBOOTMODE) != 0)
+        configureHomebrewAutoboot();
+
     //If booting from CTRNAND, always use SysNAND
     if(!isSdMode) nandType = FIRMWARE_SYSNAND;
-
+    else nandType = (autoBootEmu == ((pressed & BUTTON_L1) == BUTTON_L1)) ? FIRMWARE_SYSNAND : FIRMWARE_EMUNAND;
-    //If R is pressed, boot the non-updated NAND with the FIRM of the opposite one
-    else if(pressed & BUTTON_R1)
-    {
-        if(CONFIG(USEEMUFIRM))
-        {
-            nandType = FIRMWARE_SYSNAND;
-            firmSource = FIRMWARE_EMUNAND;
-        }
-        else
-        {
-            nandType = FIRMWARE_EMUNAND;
-            firmSource = FIRMWARE_SYSNAND;
-        }
-    }
-
-    /* Else, boot the NAND the user set to autoboot or the opposite one, depending on L,
-       with their own FIRM */
-    else firmSource = nandType = (autoBootEmu == ((pressed & BUTTON_L1) == BUTTON_L1)) ? FIRMWARE_SYSNAND : FIRMWARE_EMUNAND;
 
     //If we're booting EmuNAND or using EmuNAND FIRM, determine which one from the directional pad buttons, or otherwise from the config
-    if(nandType == FIRMWARE_EMUNAND || firmSource == FIRMWARE_EMUNAND)
+    if(nandType == FIRMWARE_EMUNAND)
     {
-        FirmwareSource tempNand;
         switch(pressed & DPAD_BUTTONS)
         {
             case BUTTON_UP:
-                tempNand = FIRMWARE_EMUNAND;
+                emunandIndex = 0;
                 break;
             case BUTTON_RIGHT:
-                tempNand = FIRMWARE_EMUNAND2;
+                emunandIndex = 1;
                 break;
             case BUTTON_DOWN:
-                tempNand = FIRMWARE_EMUNAND3;
+                emunandIndex = 2;
                 break;
             case BUTTON_LEFT:
-                tempNand = FIRMWARE_EMUNAND4;
+                emunandIndex = 3;
                 break;
             default:
-                tempNand = (FirmwareSource)(1 + MULTICONFIG(DEFAULTEMU));
+                emunandIndex = MULTICONFIG(DEFAULTEMU);
                 break;
         }
-
-        if(nandType == FIRMWARE_EMUNAND) nandType = tempNand;
-        else firmSource = tempNand;
     }
 
 boot:
@@ -342,32 +350,31 @@ boot:
     //If we need to boot EmuNAND, make sure it exists
     if(nandType != FIRMWARE_SYSNAND)
     {
-        locateEmuNand(&nandType);
+        locateEmuNand(&nandType, &emunandIndex, true);
-        if(nandType == FIRMWARE_SYSNAND) firmSource = FIRMWARE_SYSNAND;
+        if(nandType == FIRMWARE_EMUNAND && (*(vu16 *)(SDMMC_BASE + REG_SDSTATUS0) & TMIO_STAT0_WRPROTECT) == 0) //Make sure the SD card isn't write protected
-        else if((*(vu16 *)(SDMMC_BASE + REG_SDSTATUS0) & TMIO_STAT0_WRPROTECT) == 0) //Make sure the SD card isn't write protected
             error("The SD card is locked, EmuNAND can not be used.\nPlease turn the write protection switch off.");
     }
 
-    //Same if we're using EmuNAND as the FIRM source
+    ctrNandLocation = nandType; // for CTRNAND partition
-    else if(firmSource != FIRMWARE_SYSNAND)
-        locateEmuNand(&firmSource);
 
     if(bootType != FIRMLAUNCH)
     {
-        configData.bootConfig = ((bootType == NTR ? 1 : 0) << 7) | ((u32)isNoForceFlagSet << 6) | ((u32)firmSource << 3) | (u32)nandType;
+        configData.bootConfig = ((bootType == NTR ? 1 : 0) << 4) | ((u32)isNoForceFlagSet << 3) | ((u32)emunandIndex << 1) | (u32)nandType;
         writeConfig(false);
     }
 
     bool loadFromStorage = CONFIG(LOADEXTFIRMSANDMODULES);
-    u32 firmVersion = loadNintendoFirm(&firmType, firmSource, loadFromStorage, isSafeMode);
+    u32 firmVersion = loadNintendoFirm(&firmType, nandType, loadFromStorage, isSafeMode);
 
     bool doUnitinfoPatch = CONFIG(PATCHUNITINFO);
     u32 res = 0;
     switch(firmType)
     {
         case NATIVE_FIRM:
+        {
             res = patchNativeFirm(firmVersion, nandType, loadFromStorage, isFirmProtEnabled, needToInitSd, doUnitinfoPatch);
             break;
+        }
         case TWL_FIRM:
             res = patchTwlFirm(firmVersion, loadFromStorage, doUnitinfoPatch);
             break;
@@ -379,10 +386,14 @@ boot:
         case NATIVE_FIRM1X2X:
             res = patch1x2xNativeAndSafeFirm();
             break;
+        case NATIVE_PROTOTYPE:
+            res = patchPrototypeNative(nandType);
+            break;
     }
 
     if(res != 0) error("Failed to apply %u FIRM patch(es).", res);
 
+    unmountPartitions();
     if(bootType != FIRMLAUNCH) deinitScreens();
     launchFirm(0, NULL);
 }

arm9/source/memory.c

@@ -54,3 +54,27 @@ u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize)
 
     return NULL;
 }
+
+void *copyFromLegacyModeFcram(void *dst, const void *src, size_t size)
+{
+    // Copy 2 bytes with a stride of 8
+    const u16 *src16 = (const u16 *)src;
+    u16 *dst16 = (u16 *)dst;
+
+    for (size_t i = 0; i < size / 2; i++)
+        dst16[i] = src16[4 * i];
+
+    return dst;
+}
+
+void *copyToLegacyModeFcram(void *dst, const void *src, size_t size)
+{
+    // Copy 2 bytes with a stride of 8
+    const u16 *src16 = (const u16 *)src;
+    u16 *dst16 = (u16 *)dst;
+
+    for (size_t i = 0; i < size / 2; i++)
+        dst16[4 * i] = src16[i];
+
+    return dst;
+}

arm9/source/memory.h

@@ -34,3 +34,5 @@
 #include "types.h"
 
 u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize);
+void *copyFromLegacyModeFcram(void *dst, const void *src, size_t size);
+void *copyToLegacyModeFcram(void *dst, const void *src, size_t size);

arm9/source/patches.c

@@ -42,6 +42,11 @@
 #include "arm9_exception_handlers.h"
 #include "large_patches.h"
 
+#define K11EXT_VA         0x70000000
+
+extern u16 launchedPath[];
+extern u32 firmProtoVersion;
+
 u8 *getProcess9Info(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr)
 {
     u8 *temp = memsearch(pos, "NCCH", size, 4);
@@ -50,10 +55,20 @@ u8 *getProcess9Info(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr)
 
     Cxi *off = (Cxi *)(temp - 0x100);
 
-    *process9Size = (off->ncch.exeFsSize - 1) * 0x200;
     *process9MemAddr = off->exHeader.systemControlInfo.textCodeSet.address;
 
-    return (u8 *)off + (off->ncch.exeFsOffset + 1) * 0x200;
+    // Prototype FW has a different NCCH format
+    if (firmProtoVersion && firmProtoVersion <= 243)
+    {
+        *process9Size = off->ncch.exeFsSize;
+        return (u8 *)off + off->ncch.exeFsOffset;
+    }
+    else
+    {
+        *process9Size = (off->ncch.exeFsSize - 1) * 0x200;
+        return (u8 *)off + (off->ncch.exeFsOffset + 1) * 0x200;
+    }
+
 }
 
 u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space, u32 **arm11SvcHandler, u32 **arm11ExceptionsPage)
@@ -108,9 +123,12 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
     struct KExtParameters
     {
         u32 basePA;
+        u32 stolenSystemMemRegionSize;
         void *originalHandlers[4];
         u32 L1MMUTableAddrs[4];
 
+        volatile bool done;
+
         struct CfwInfo
         {
             char magic[4];
@@ -124,8 +142,20 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
 
             u16 configFormatVersionMajor, configFormatVersionMinor;
             u32 config, multiConfig, bootConfig;
+            u32 splashDurationMsec;
+            s8 volumeSliderOverride;
             u64 hbldr3dsxTitleId;
             u32 rosalinaMenuCombo;
+            u32 pluginLoaderFlags;
+            s16 ntpTzOffetMinutes;
+
+            ScreenFiltersCfgData topScreenFilter;
+            ScreenFiltersCfgData bottomScreenFilter;
+
+            u64 autobootTwlTitleId;
+            u8 autobootCtrAppmemtype;
+
+            u16 launchedPath[80+1];
         } info;
     };
 
@@ -134,8 +164,9 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
     static const u8 patternHook3_4[] = {0x00, 0x00, 0xA0, 0xE1, 0x03, 0xF0, 0x20, 0xE3, 0xFD, 0xFF, 0xFF, 0xEA}; //SGI0 setup code, etc.
 
     //Our kernel11 extension is initially loaded in VRAM
-    u32 kextTotalSize = *(u32 *)0x18000020 - 0x40000000;
+    u32 kextTotalSize = *(u32 *)0x18000020 - K11EXT_VA;
-    u32 dstKextPA = (ISN3DS ? 0x2E000000 : 0x26C00000) - kextTotalSize;
+    u32 stolenSystemMemRegionSize = kextTotalSize; // no need to steal any more mem on N3DS. Currently, everything fits in BASE on O3DS too (?)
+    u32 dstKextPA = (ISN3DS ? 0x2E000000 : 0x26C00000) - stolenSystemMemRegionSize; // start of BASE memregion (note: linear heap ---> <--- the rest)
 
     u32 *hookVeneers = (u32 *)*freeK11Space;
     u32 relocBase = 0xFFFF0000 + (*freeK11Space - (u8 *)arm11ExceptionsPage);
@@ -143,11 +174,11 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
     hookVeneers[0] = 0xE51FF004; //ldr pc, [pc, #-8+4]
     hookVeneers[1] = 0x18000004;
     hookVeneers[2] = 0xE51FF004;
-    hookVeneers[3] = 0x40000000;
+    hookVeneers[3] = K11EXT_VA;
     hookVeneers[4] = 0xE51FF004;
-    hookVeneers[5] = 0x40000008;
+    hookVeneers[5] = K11EXT_VA + 8;
     hookVeneers[6] = 0xE51FF004;
-    hookVeneers[7] = 0x4000000C;
+    hookVeneers[7] = K11EXT_VA + 0xC;
 
     (*freeK11Space) += 32;
 
@@ -175,14 +206,16 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
     off += 4;
     *off = MAKE_BRANCH_LINK(baseK11VA + ((u8 *)off - pos), relocBase + 24);
 
-    struct KExtParameters *p = (struct KExtParameters *)(*(u32 *)0x18000024 - 0x40000000 + 0x18000000);
+    struct KExtParameters *p = (struct KExtParameters *)(*(u32 *)0x18000024 - K11EXT_VA + 0x18000000);
     p->basePA = dstKextPA;
+    p->done = false;
+    p->stolenSystemMemRegionSize = stolenSystemMemRegionSize;
 
     for(u32 i = 0; i < 4; i++)
     {
         u32 *handlerPos = getKernel11HandlerVAPos(pos, arm11ExceptionsPage, baseK11VA, 1 + i);
         p->originalHandlers[i] = (void *)*handlerPos;
-        *handlerPos = 0x40000010 + 4 * i;
+        *handlerPos = K11EXT_VA + 0x10 + 4 * i;
     }
 
     struct CfwInfo *info = &p->info;
@@ -193,8 +226,16 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
     info->config = configData.config;
     info->multiConfig = configData.multiConfig;
     info->bootConfig = configData.bootConfig;
+    info->splashDurationMsec = configData.splashDurationMsec;
+    info->volumeSliderOverride = configData.volumeSliderOverride;
     info->hbldr3dsxTitleId = configData.hbldr3dsxTitleId;
     info->rosalinaMenuCombo = configData.rosalinaMenuCombo;
+    info->pluginLoaderFlags = configData.pluginLoaderFlags;
+    info->ntpTzOffetMinutes = configData.ntpTzOffetMinutes;
+    info->topScreenFilter = configData.topScreenFilter;
+    info->bottomScreenFilter = configData.bottomScreenFilter;
+    info->autobootTwlTitleId = configData.autobootTwlTitleId;
+    info->autobootCtrAppmemtype = configData.autobootCtrAppmemtype;
     info->versionMajor = VERSION_MAJOR;
     info->versionMinor = VERSION_MINOR;
     info->versionBuild = VERSION_BUILD;
@@ -204,6 +245,8 @@ u32 installK11Extension(u8 *pos, u32 size, bool needToInitSd, u32 baseK11VA, u32
     if(needToInitSd) info->flags |= 1 << 5;
     if(isSdMode) info->flags |= 1 << 6;
 
+    memcpy(info->launchedPath, launchedPath, sizeof(info->launchedPath));
+
     return 0;
 }
 
@@ -248,14 +291,31 @@ u32 patchKernel11(u8 *pos, u32 size, u32 baseK11VA, u32 *arm11SvcTable, u32 *arm
 
     //Redirect enableUserExceptionHandlersForCPUExc (= true)
     for(off = arm11ExceptionsPage; *off != 0x96007F9; off++);
-    off[1] = 0x40000028;
+    off[1] = K11EXT_VA + 0x28;
 
     off = (u32 *)memsearch(pos, patternKThreadDebugReschedule, size, sizeof(patternKThreadDebugReschedule));
     if(off == NULL)
         return 1;
 
     off[-5] = 0xE51FF004;
-    off[-4] = 0x4000002C;
+    off[-4] = K11EXT_VA + 0x2C;
+
+    if (ISN3DS)
+    {
+        // Patch SvcSetProcessIdealProcessor and SvcCreate thread to always allow
+        // for core2 and core3 to be used. Normally, processes with the 0x2000 kernel flag
+        // have access to core2, and BASE processes have access to both core2 and core3.
+        // We're patching the if (memory region == BASE) check to be always true.
+        off = (u32 *)pos;
+        for (u32 i = 0; i < 2 && (u8 *)off < pos + size; i++)
+        {
+            // cmp r2, #0x300; beq...
+            for (; (off[0] != 0xE3520C03 || off[1] != 0x0A000003) && (u8 *)off < pos + size; off++);
+            if ((u8 *)off > pos + size)
+                return 1;
+            off[1] = 0xEA000003;
+        }
+    }
 
     return 0;
 }
@@ -418,7 +478,7 @@ u32 patchCheckForDevCommonKey(u8 *pos, u32 size)
     return 0;
 }
 
-u32 patchK11ModuleLoading(u32 section0size, u32 modulesSize, u8 *pos, u32 size)
+u32 patchK11ModuleLoading(u32 oldKipSectionSize, u32 newKipSectionSize, u32 numKips, u8 *pos, u32 size)
 {
     static const u8 moduleLoadingPattern[]  = {0xE2, 0x05, 0x00, 0x57},
                     modulePidPattern[] = {0x06, 0xA0, 0xE1, 0xF2}; //GetSystemInfo
@@ -427,20 +487,44 @@ u32 patchK11ModuleLoading(u32 section0size, u32 modulesSize, u8 *pos, u32 size)
 
     if(off == NULL) return 1;
 
-    off[1]++;
+    off[1] = (u8)numKips;
 
     u32 *off32;
     for(off32 = (u32 *)(off - 3); *off32 != 0xE59F0000; off32++);
     off32 += 2;
-    off32[1] = off32[0] + modulesSize;
+    off32[1] = off32[0] + newKipSectionSize;
-    for(; *off32 != section0size; off32++);
+    for(; *off32 != oldKipSectionSize; off32++);
-    *off32 += ((modulesSize + 0x1FF) >> 9) << 9;
+    *off32 = ((newKipSectionSize + 0x1FF) >> 9) << 9;
 
     off = memsearch(pos, modulePidPattern, size, 4);
 
     if(off == NULL) return 1;
 
-    off[0xB] = 6;
+    off[0xB] = (u8)numKips;
+
+    return 0;
+}
+
+u32 patchK11ModuleLoadingLgy(u32 newKipSectionSize, u8 *pos, u32 size)
+{
+    // Patch the function where TwlBg/AgbBg is copied from 18000000 (VRAM) to 21000000 (FCRAM).
+    // This is where we can also automatically obtain the section size
+
+    u16 *off = (u16 *)pos;
+    for (; (u8 *)off < pos + size && (off[0] != 0x06C9 || off[1] != 0x0600); off++);
+    if ((u8 *)off >= pos + size)
+        return 3;
+
+    off += 7;
+    u32 oldKipSectionSize = *(u32 *)off;
+    *(u32 *)off = newKipSectionSize;
+    off += 2;
+
+    u32 *off2 = (u32 *)off;
+    for (; (u8 *)off2 < pos + size && *off2 != oldKipSectionSize; off2++);
+    if ((u8 *)off2 >= pos + size)
+        return 4;
+    *off2 = newKipSectionSize;
 
     return 0;
 }
@@ -567,7 +651,7 @@ u32 patchP9AMTicketWrapperZeroKeyIV(u8 *pos, u32 size, u32 firmVersion)
     //Beyond limit
     if(opjumpdistance < -0x1fffff || opjumpdistance > 0x1fffff) return 1;
 
-    //r0 and r1 for old call are already correct for this one 
+    //r0 and r1 for old call are already correct for this one
     //BLX __rt_memclr
     u32 op = (0xE800F000U | (((u32)opjumpdistance & 0x7FF) << 16) | (((u32)opjumpdistance >> 11) & 0x3FF) | (((u32)opjumpdistance >> 21) & 0x400)) & ~(1<<16);
 
@@ -695,3 +779,120 @@ u32 patchAgbBootSplash(u8 *pos, u32 size)
 
     return 0;
 }
+
+void patchTwlBg(u8 *pos, u32 size)
+{
+    // You can use the following Python code to convert something like below
+    // into twl_upscaling_filter.bin:
+    // import struct; open("twl_upscaling_filter.bin", "wb+").write(struct.pack("<30H", [array contents]))
+    static const u16 nintendoFilterTwl[] = {
+        0x0000, 0x004E, 0x011D, 0x01E3, 0x01C1,
+        0x0000, 0xFCA5, 0xF8D0, 0xF69D, 0xF873,
+        0x0000, 0x0D47, 0x1E35, 0x2F08, 0x3B6F,
+        0x4000, 0x3B6F, 0x2F08, 0x1E35, 0x0D47,
+        0x0000, 0xF873, 0xF69D, 0xF8D0, 0xFCA5,
+        0x0000, 0x01C1, 0x01E3, 0x011D, 0x004E,
+    };
+
+    // "error" func doesn't seem to work here
+    if (CONFIG(ENABLEDSIEXTFILTER))
+    {
+        u16 filter[5*6] = { 0 };
+        u32 rd = fileRead(filter, "twl_upscaling_filter.bin", sizeof(filter));
+        if (rd == sizeof(filter))
+        {
+            // else error("Failed to apply enable_dsi_external_filter:\n\ntwl_upscaling_filter.bin is missing or invalid.");
+            u8 *off = memsearch(pos, nintendoFilterTwl, size, sizeof(nintendoFilterTwl));
+            if (off != NULL)
+                memcpy(off, filter, sizeof(filter));
+            // else error("Failed to apply enable_dsi_external_filter.");
+        }
+    }
+}
+
+u32 patchLgyK11(u8 *section1, u32 section1Size, u8 *section2, u32 section2Size)
+{
+    u32 *off;
+
+    // Fix a bug where Legacy K11 maps user TLS with "user no access" permissions
+    // Map it as RWX (just like the rest of other user-accessible pages) instead
+    for (off = (u32 *)section1; (u8 *)off <= section1 + section1Size && *off != 0xE0100000; off++);
+
+    if ((u8 *)off >= section1 + section1Size)
+        return 1;
+
+    ++off;
+
+    *off &= ~0x231; // clear APX mask and XN
+    *off |= 0x030; // re-set APX (to user/kernel RW)
+
+    // Patch two pointer-to-bool to point to a non-zero byte, enabling user exception handling.
+    // It is impossible to enable it by normal means, otherwise
+    for (off = (u32 *)section2; (u8 *)off <= section2 + section2Size && *off != 0x100021F; off++);
+    if ((u8 *)off >= section2 + section2Size)
+        return 1;
+    off[1] = 0xFFFF0F00;
+    off[2] = 0xFFFF0F04;
+
+    // Dispatch-to-user code checks for memory block type and permissions (etc.), but
+    // LGY K11 doesn't do any memory management, so these checks will always fail.
+    // Patch with b +0x38 to skip all those checks
+    u16 *off2;
+    for (off2 = (u16 *)section2; (u8 *)off2 <= section2 + section2Size && (off2[0] != 0xDB1F || off2[1] != 0x4915); off2++);
+    if ((u8 *)off2 >= section2 + section2Size)
+        return 1;
+    *off2 = 0xE01A;
+
+    // Patch kernelpanic to skip devunit check, so that it sets the LCD fill regs
+    // which are useful to detect such panics
+    u16 *off3;
+    for (off3 = (u16 *)section1; (u8 *)off3 <= section1 + section1Size && (off3[0] != 0x481D || off3[1] != 0xB570); off3++);
+    if ((u8 *)off3 >= section1 + section1Size)
+        return 1;
+    off3[2] = 0x2001; // movs r0, #1
+
+    // Patch kernel to avoid allocating the two "configuration memory" pages, freeing
+    // 0x2000 bytes of kernel "heap" (which is 0xD000 AXIWRAM bytes on LGY K11 instead
+    // of the entire FCRAM on NFIRM). This is indeed a bug because if prevents two of the
+    // 12 KThread objects from being created
+    u16 *off4;
+    for (off4 = (u16 *)section1; (u8 *)off4 <= section1 + section1Size && (off4[0] != 0xB570 || off4[1] != 0x2200); off4++);
+    if ((u8 *)off4 >= section1 + section1Size)
+        return 1;
+    *off4 = 0x4770; // bx lr
+
+    return 0;
+}
+
+u32 patchProtoNandSignatureCheck(u8 *pos, u32 size) {
+    if (firmProtoVersion == 243) {
+        static const u8 pattern[] = {0x08, 0x31, 0x9F, 0xE5};
+
+        // Signature check function returns 0 if failed and 1 if succeeded.
+        // Proc9 breaks if the returned value is 0, change it to break if
+        // the returned value is 2 (never).
+        u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
+        if (!off)
+            return 1;
+
+        off[0x20] = 2;
+    }
+
+    else if (firmProtoVersion == 238) { // SDK 0.10
+        // Same patch as for v243 ported to the different ncsd_read() function
+        static const u8 pattern[] = {
+            0x00, 0x11, 0x9f, 0xe5,
+            0x00, 0x51, 0x9f, 0xe5,
+        };
+
+        u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
+        if (!off)
+            return 1;
+
+        off[0x20] = 2;
+    }
+
+    else return 1;
+
+    return 0;
+}

arm9/source/patches.h

@@ -31,6 +31,7 @@
 *   FIRM partition writes patches by delebile
 *   Idea for svcBreak patches from yellows8 and others on #3dsdev
 *   TWL_FIRM patches by Steveice10 and others
+*   Signature patches for prototype FW by PabloMK7
 */
 
 #pragma once
@@ -50,7 +51,8 @@ u32 patchTitleInstallMinVersionChecks(u8 *pos, u32 size, u32 firmVersion);
 u32 patchZeroKeyNcchEncryptionCheck(u8 *pos, u32 size);
 u32 patchNandNcchEncryptionCheck(u8 *pos, u32 size);
 u32 patchCheckForDevCommonKey(u8 *pos, u32 size);
-u32 patchK11ModuleLoading(u32 section0size, u32 modulesSize, u8 *startPos, u32 size);
+u32 patchK11ModuleLoading(u32 oldKipSectionSize, u32 newKipSectionSize, u32 numKips, u8 *pos, u32 size);
+u32 patchK11ModuleLoadingLgy(u32 newKipSectionSize, u8 *pos, u32 size);
 u32 patchArm9ExceptionHandlersInstall(u8 *pos, u32 size);
 u32 patchSvcBreak9(u8 *pos, u32 size, u32 kernel9Address);
 u32 patchKernel9Panic(u8 *pos, u32 size);
@@ -65,3 +67,6 @@ u32 patchTwlFlashcartChecks(u8 *pos, u32 size, u32 firmVersion);
 u32 patchOldTwlFlashcartChecks(u8 *pos, u32 size);
 u32 patchTwlShaHashChecks(u8 *pos, u32 size);
 u32 patchAgbBootSplash(u8 *pos, u32 size);
+void patchTwlBg(u8 *pos, u32 size); // silently fails
+u32 patchLgyK11(u8 *section1, u32 section1Size, u8 *section2, u32 section2Size);
+u32 patchProtoNandSignatureCheck(u8 *pos, u32 size);

arm9/source/screen.c

@@ -70,6 +70,14 @@ void prepareArm11ForFirmlaunch(void)
 void deinitScreens(void)
 {
     if(ARESCREENSINITIALIZED) invokeArm11Function(DEINIT_SCREENS);
+
+    // Backlight voltage off
+    I2C_writeReg(I2C_DEV_MCU, 0x22, 0x14);
+    wait(50);
+
+    // LCD panel voltage off
+    I2C_writeReg(I2C_DEV_MCU, 0x22, 0x01);
+    wait(50);
 }
 
 void updateBrightness(u32 brightnessIndex)
@@ -102,8 +110,31 @@ void initScreens(void)
             memcpy((void *)(ARM11_PARAMETERS_ADDRESS + 4), fbs, sizeof(fbs));
             invokeArm11Function(INIT_SCREENS);
 
-            //Turn on backlight
+            // Fragile code, needs proper fix/total rewrite of the baremetal components anyway
-            I2C_writeReg(I2C_DEV_MCU, 0x22, 0x2A);
+            // Assume controller revision is not 0x00 for either screen (this revision is extremely
+            // old and shouldn't be seen in retail units nor normal devunits)
+
+            // Controller reset off
+            I2C_writeReg(I2C_DEV_LCD_TOP, 0xFE, 0xAA);
+            I2C_writeReg(I2C_DEV_LCD_BOT, 0xFE, 0xAA);
+            wait(5);
+
+            // Controller power on
+            I2C_writeReg(I2C_DEV_LCD_TOP, 0x01, 0x10);
+            I2C_writeReg(I2C_DEV_LCD_BOT, 0x01, 0x10);
+            wait(5);
+
+            // Clear error flag
+            I2C_writeReg(I2C_DEV_LCD_TOP, 0x60, 0x00);
+            I2C_writeReg(I2C_DEV_LCD_BOT, 0x60, 0x00);
+            wait(5);
+
+            // LCD panel (bias ?) voltage on
+            I2C_writeReg(I2C_DEV_MCU, 0x22, 0x02);
+            wait(50);
+
+            // Backlight voltage on
+            I2C_writeReg(I2C_DEV_MCU, 0x22, 0x28);
             wait(5);
         }
         else updateBrightness(MULTICONFIG(BRIGHTNESS));
@@ -118,3 +149,8 @@ void initScreens(void)
     clearScreens(false);
     swapFramebuffers(false);
 }
+
+void zerofillN3dsAblRegisters(void)
+{
+    invokeArm11Function(ZEROFILL_N3DS_ABL_REGISTERS);
+}

arm9/source/screen.h

@@ -59,6 +59,7 @@ typedef enum
     SWAP_FRAMEBUFFERS,
     UPDATE_BRIGHTNESS,
     DEINIT_SCREENS,
+    ZEROFILL_N3DS_ABL_REGISTERS,
     PREPARE_ARM11_FOR_FIRMLAUNCH,
     ARM11_READY,
 } Arm11Operation;
@@ -73,3 +74,4 @@ void swapFramebuffers(bool isAlternate);
 void updateBrightness(u32 brightnessIndex);
 void clearScreens(bool isAlternate);
 void initScreens(void);
+void zerofillN3dsAblRegisters(void);

arm9/source/start.s

@@ -160,7 +160,7 @@ disableMpuAndJumpToEntrypoints:
     @ Jump to the Arm9 entrypoint
     mov r0, r4
     mov r1, r5
-    ldr r2, =0x3BEEF
+    ldr r2, =0x4BEEF
     bx r6
 
 .pool

arm9/source/types.h

@@ -61,16 +61,42 @@ typedef volatile s64 vs64;
 #define ISN3DS       (CFG11_SOCINFO & 2)
 #define ISDEVUNIT    (CFG_UNITINFO != 0)
 
-typedef struct __attribute__((packed, aligned(4)))
+typedef struct ScreenFiltersCfgData {
-{
+    u16 cct;
-    char magic[4];
+    bool invert;
+    u8 colorCurveCorrection;
+    s64 gammaEnc;
+    s64 contrastEnc;
+    s64 brightnessEnc;
+} ScreenFiltersCfgData;
+
+typedef struct CfgData {
     u16 formatVersionMajor, formatVersionMinor;
 
     u32 config, multiConfig, bootConfig;
+    u32 splashDurationMsec;
+    s8 volumeSliderOverride;
+
     u64 hbldr3dsxTitleId;
     u32 rosalinaMenuCombo;
+    u32 pluginLoaderFlags;
+    s16 ntpTzOffetMinutes;
+
+    ScreenFiltersCfgData topScreenFilter;
+    ScreenFiltersCfgData bottomScreenFilter;
+
+    u64 autobootTwlTitleId;
+    u8 autobootCtrAppmemtype;
 } CfgData;
 
+typedef struct
+{
+    u16 lumaVersion;
+    u8 bootCfg;
+    u8 reserved[2];
+    u8 checksum;
+} CfgDataMcu;
+
 typedef struct
 {
     char magic[4];
@@ -99,9 +125,6 @@ typedef enum FirmwareSource
 {
     FIRMWARE_SYSNAND = 0,
     FIRMWARE_EMUNAND,
-    FIRMWARE_EMUNAND2,
-    FIRMWARE_EMUNAND3,
-    FIRMWARE_EMUNAND4
 } FirmwareSource;
 
 typedef enum FirmwareType
@@ -111,7 +134,8 @@ typedef enum FirmwareType
     AGB_FIRM,
     SAFE_FIRM,
     SYSUPDATER_FIRM,
-    NATIVE_FIRM1X2X
+    NATIVE_FIRM1X2X,
+    NATIVE_PROTOTYPE,
 } FirmwareType;
 
 typedef enum bootType
@@ -128,5 +152,9 @@ extern bool isSdMode;
 
 extern BootType bootType;
 
+extern char launchedPathForFatfs[256];
 extern u16 launchedFirmTidLow[8];
 extern u16 launchedPath[80+1];
+
+extern u16 mcuFwVersion;
+extern u8 mcuConsoleInfo[9];

arm9/source/utils.c

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2022 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -38,7 +38,7 @@
 #include "memory.h"
 #include "fs.h"
 
-static void startChrono(void)
+void startChrono(void)
 {
     static bool isChronoStarted = false;
 
@@ -55,7 +55,7 @@ static void startChrono(void)
     isChronoStarted = true;
 }
 
-static u64 chrono(void)
+u64 chrono(void)
 {
     u64 res = 0;
     for(u32 i = 0; i < 4; i++) res |= REG_TIMER_VAL(i) << (16 * i);
@@ -113,8 +113,11 @@ u32 waitInput(bool isMenu)
     return key;
 }
 
-void mcuPowerOff(void)
+__attribute__((noreturn)) void mcuPowerOff(void)
 {
+    // Unmount partitions
+    unmountPartitions();
+
     if(!needToSetupScreens) clearScreens(false);
 
     //Shutdown LCD
@@ -154,3 +157,95 @@ void error(const char *fmt, ...)
 
     mcuPowerOff();
 }
+
+
+// CRC-16/MODBUS
+u16 crc16(const void *data, size_t size, u16 initialValue)
+{
+    static const u16 lut[256] = {
+        0x0000,0xC0C1,0xC181,0x0140,0xC301,0x03C0,0x0280,0xC241,
+        0xC601,0x06C0,0x0780,0xC741,0x0500,0xC5C1,0xC481,0x0440,
+        0xCC01,0x0CC0,0x0D80,0xCD41,0x0F00,0xCFC1,0xCE81,0x0E40,
+        0x0A00,0xCAC1,0xCB81,0x0B40,0xC901,0x09C0,0x0880,0xC841,
+        0xD801,0x18C0,0x1980,0xD941,0x1B00,0xDBC1,0xDA81,0x1A40,
+        0x1E00,0xDEC1,0xDF81,0x1F40,0xDD01,0x1DC0,0x1C80,0xDC41,
+        0x1400,0xD4C1,0xD581,0x1540,0xD701,0x17C0,0x1680,0xD641,
+        0xD201,0x12C0,0x1380,0xD341,0x1100,0xD1C1,0xD081,0x1040,
+        0xF001,0x30C0,0x3180,0xF141,0x3300,0xF3C1,0xF281,0x3240,
+        0x3600,0xF6C1,0xF781,0x3740,0xF501,0x35C0,0x3480,0xF441,
+        0x3C00,0xFCC1,0xFD81,0x3D40,0xFF01,0x3FC0,0x3E80,0xFE41,
+        0xFA01,0x3AC0,0x3B80,0xFB41,0x3900,0xF9C1,0xF881,0x3840,
+        0x2800,0xE8C1,0xE981,0x2940,0xEB01,0x2BC0,0x2A80,0xEA41,
+        0xEE01,0x2EC0,0x2F80,0xEF41,0x2D00,0xEDC1,0xEC81,0x2C40,
+        0xE401,0x24C0,0x2580,0xE541,0x2700,0xE7C1,0xE681,0x2640,
+        0x2200,0xE2C1,0xE381,0x2340,0xE101,0x21C0,0x2080,0xE041,
+        0xA001,0x60C0,0x6180,0xA141,0x6300,0xA3C1,0xA281,0x6240,
+        0x6600,0xA6C1,0xA781,0x6740,0xA501,0x65C0,0x6480,0xA441,
+        0x6C00,0xACC1,0xAD81,0x6D40,0xAF01,0x6FC0,0x6E80,0xAE41,
+        0xAA01,0x6AC0,0x6B80,0xAB41,0x6900,0xA9C1,0xA881,0x6840,
+        0x7800,0xB8C1,0xB981,0x7940,0xBB01,0x7BC0,0x7A80,0xBA41,
+        0xBE01,0x7EC0,0x7F80,0xBF41,0x7D00,0xBDC1,0xBC81,0x7C40,
+        0xB401,0x74C0,0x7580,0xB541,0x7700,0xB7C1,0xB681,0x7640,
+        0x7200,0xB2C1,0xB381,0x7340,0xB101,0x71C0,0x7080,0xB041,
+        0x5000,0x90C1,0x9181,0x5140,0x9301,0x53C0,0x5280,0x9241,
+        0x9601,0x56C0,0x5780,0x9741,0x5500,0x95C1,0x9481,0x5440,
+        0x9C01,0x5CC0,0x5D80,0x9D41,0x5F00,0x9FC1,0x9E81,0x5E40,
+        0x5A00,0x9AC1,0x9B81,0x5B40,0x9901,0x59C0,0x5880,0x9841,
+        0x8801,0x48C0,0x4980,0x8941,0x4B00,0x8BC1,0x8A81,0x4A40,
+        0x4E00,0x8EC1,0x8F81,0x4F40,0x8D01,0x4DC0,0x4C80,0x8C41,
+        0x4400,0x84C1,0x8581,0x4540,0x8701,0x47C0,0x4680,0x8641,
+        0x8201,0x42C0,0x4380,0x8341,0x4100,0x81C1,0x8081,0x4040,
+    };
+
+    u16 r = initialValue;
+    const u8 *data8 = (const u8 *)data;
+    for (size_t i = 0; i < size; i++)
+        r = (r >> 8) ^ lut[(r ^ data8[i]) & 0xFF];
+
+    return r;
+}
+
+u32 crc32(const void *data, size_t size, u32 initialValue)
+{
+    static const u32 lut[256] = {
+        0x00000000,0x77073096,0xEE0E612C,0x990951BA,0x076DC419,0x706AF48F,0xE963A535,0x9E6495A3,
+        0x0EDB8832,0x79DCB8A4,0xE0D5E91E,0x97D2D988,0x09B64C2B,0x7EB17CBD,0xE7B82D07,0x90BF1D91,
+        0x1DB71064,0x6AB020F2,0xF3B97148,0x84BE41DE,0x1ADAD47D,0x6DDDE4EB,0xF4D4B551,0x83D385C7,
+        0x136C9856,0x646BA8C0,0xFD62F97A,0x8A65C9EC,0x14015C4F,0x63066CD9,0xFA0F3D63,0x8D080DF5,
+        0x3B6E20C8,0x4C69105E,0xD56041E4,0xA2677172,0x3C03E4D1,0x4B04D447,0xD20D85FD,0xA50AB56B,
+        0x35B5A8FA,0x42B2986C,0xDBBBC9D6,0xACBCF940,0x32D86CE3,0x45DF5C75,0xDCD60DCF,0xABD13D59,
+        0x26D930AC,0x51DE003A,0xC8D75180,0xBFD06116,0x21B4F4B5,0x56B3C423,0xCFBA9599,0xB8BDA50F,
+        0x2802B89E,0x5F058808,0xC60CD9B2,0xB10BE924,0x2F6F7C87,0x58684C11,0xC1611DAB,0xB6662D3D,
+        0x76DC4190,0x01DB7106,0x98D220BC,0xEFD5102A,0x71B18589,0x06B6B51F,0x9FBFE4A5,0xE8B8D433,
+        0x7807C9A2,0x0F00F934,0x9609A88E,0xE10E9818,0x7F6A0DBB,0x086D3D2D,0x91646C97,0xE6635C01,
+        0x6B6B51F4,0x1C6C6162,0x856530D8,0xF262004E,0x6C0695ED,0x1B01A57B,0x8208F4C1,0xF50FC457,
+        0x65B0D9C6,0x12B7E950,0x8BBEB8EA,0xFCB9887C,0x62DD1DDF,0x15DA2D49,0x8CD37CF3,0xFBD44C65,
+        0x4DB26158,0x3AB551CE,0xA3BC0074,0xD4BB30E2,0x4ADFA541,0x3DD895D7,0xA4D1C46D,0xD3D6F4FB,
+        0x4369E96A,0x346ED9FC,0xAD678846,0xDA60B8D0,0x44042D73,0x33031DE5,0xAA0A4C5F,0xDD0D7CC9,
+        0x5005713C,0x270241AA,0xBE0B1010,0xC90C2086,0x5768B525,0x206F85B3,0xB966D409,0xCE61E49F,
+        0x5EDEF90E,0x29D9C998,0xB0D09822,0xC7D7A8B4,0x59B33D17,0x2EB40D81,0xB7BD5C3B,0xC0BA6CAD,
+        0xEDB88320,0x9ABFB3B6,0x03B6E20C,0x74B1D29A,0xEAD54739,0x9DD277AF,0x04DB2615,0x73DC1683,
+        0xE3630B12,0x94643B84,0x0D6D6A3E,0x7A6A5AA8,0xE40ECF0B,0x9309FF9D,0x0A00AE27,0x7D079EB1,
+        0xF00F9344,0x8708A3D2,0x1E01F268,0x6906C2FE,0xF762575D,0x806567CB,0x196C3671,0x6E6B06E7,
+        0xFED41B76,0x89D32BE0,0x10DA7A5A,0x67DD4ACC,0xF9B9DF6F,0x8EBEEFF9,0x17B7BE43,0x60B08ED5,
+        0xD6D6A3E8,0xA1D1937E,0x38D8C2C4,0x4FDFF252,0xD1BB67F1,0xA6BC5767,0x3FB506DD,0x48B2364B,
+        0xD80D2BDA,0xAF0A1B4C,0x36034AF6,0x41047A60,0xDF60EFC3,0xA867DF55,0x316E8EEF,0x4669BE79,
+        0xCB61B38C,0xBC66831A,0x256FD2A0,0x5268E236,0xCC0C7795,0xBB0B4703,0x220216B9,0x5505262F,
+        0xC5BA3BBE,0xB2BD0B28,0x2BB45A92,0x5CB36A04,0xC2D7FFA7,0xB5D0CF31,0x2CD99E8B,0x5BDEAE1D,
+        0x9B64C2B0,0xEC63F226,0x756AA39C,0x026D930A,0x9C0906A9,0xEB0E363F,0x72076785,0x05005713,
+        0x95BF4A82,0xE2B87A14,0x7BB12BAE,0x0CB61B38,0x92D28E9B,0xE5D5BE0D,0x7CDCEFB7,0x0BDBDF21,
+        0x86D3D2D4,0xF1D4E242,0x68DDB3F8,0x1FDA836E,0x81BE16CD,0xF6B9265B,0x6FB077E1,0x18B74777,
+        0x88085AE6,0xFF0F6A70,0x66063BCA,0x11010B5C,0x8F659EFF,0xF862AE69,0x616BFFD3,0x166CCF45,
+        0xA00AE278,0xD70DD2EE,0x4E048354,0x3903B3C2,0xA7672661,0xD06016F7,0x4969474D,0x3E6E77DB,
+        0xAED16A4A,0xD9D65ADC,0x40DF0B66,0x37D83BF0,0xA9BCAE53,0xDEBB9EC5,0x47B2CF7F,0x30B5FFE9,
+        0xBDBDF21C,0xCABAC28A,0x53B39330,0x24B4A3A6,0xBAD03605,0xCDD70693,0x54DE5729,0x23D967BF,
+        0xB3667A2E,0xC4614AB8,0x5D681B02,0x2A6F2B94,0xB40BBE37,0xC30C8EA1,0x5A05DF1B,0x2D02EF8D,
+    };
+
+    u32 r = initialValue;
+    const u8 *data8 = (const u8 *)data;
+    for (size_t i = 0; i < size; i++)
+        r = (r >> 8) ^ lut[(r ^ data8[i]) & 0xFF];
+
+    return ~r;
+}

arm9/source/utils.h

@@ -1,6 +1,6 @@
 /*
 *   This file is part of Luma3DS
-*   Copyright (C) 2016-2020 Aurora Wright, TuxSH
+*   Copyright (C) 2016-2022 Aurora Wright, TuxSH
 *
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
@@ -39,7 +39,13 @@
 #define MAKE_BRANCH(src,dst)      (0xEA000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
 #define MAKE_BRANCH_LINK(src,dst) (0xEB000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
 
+void startChrono(void);
+u64 chrono(void);
+
 u32 waitInput(bool isMenu);
 void mcuPowerOff(void);
 void wait(u64 amount);
 void error(const char *fmt, ...);
+
+u16 crc16(const void *data, size_t size, u16 initialValue);
+u32 crc32(const void *data, size_t size, u32 initialValue);

exception_dump_parser/luma3ds_exception_dump_parser/__main__.py

@@ -1,188 +0,0 @@
-#!/usr/bin/env python
-# Requires Python >= 3.2 or >= 2.7
-
-#   This file is part of Luma3DS
-#   Copyright (C) 2016-2020 Aurora Wright, TuxSH
-#
-#   This program is free software: you can redistribute it and/or modify
-#   it under the terms of the GNU General Public License as published by
-#   the Free Software Foundation, either version 3 of the License, or
-#   (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be useful,
-#   but WITHOUT ANY WARRANTY; without even the implied warranty of
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#   GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-#   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
-#   reasonable legal notices or author attributions in that material or in the Appropriate Legal
-#   Notices displayed by works containing it.
-
-__author__    = "TuxSH"
-__copyright__ = "Copyright (c) 2016-2020 TuxSH"
-__license__   = "GPLv3"
-__version__   = "v1.2"
-
-"""
-Parses Luma3DS exception dumps
-"""
-
-import argparse
-from struct import unpack_from
-
-import os
-import subprocess
-
-# Source of hexdump: https://gist.github.com/ImmortalPC/c340564823f283fe530b
-# Credits for hexdump go to the original authors
-# Slightly edited by TuxSH
-
-def hexdump(addr, src, length=16, sep='.' ):
-    '''
-    @brief Return {src} in hex dump.
-    @param[in] length   {Int} Nb Bytes by row.
-    @param[in] sep      {Char} For the text part, {sep} will be used for non ASCII char.
-    @return {Str} The hexdump
-    @note Full support for python2 and python3 !
-    '''
-    result = []
-
-    # Python3 support
-    try:
-        xrange(0,1)
-    except NameError:
-        xrange = range
-
-    for i in xrange(0, len(src), length):
-        subSrc = src[i:i+length]
-        hexa = ''
-        isMiddle = False
-        for h in xrange(0,len(subSrc)):
-            if h == length/2:
-                hexa += ' '
-            h = subSrc[h]
-            if not isinstance(h, int):
-                h = ord(h)
-            h = hex(h).replace('0x','')
-            if len(h) == 1:
-                h = '0'+h
-            hexa += h+' '
-        hexa = hexa.strip(' ')
-        text = ''
-        for c in subSrc:
-            if not isinstance(c, int):
-                c = ord(c)
-            if 0x20 <= c < 0x7F:
-                text += chr(c)
-            else:
-                text += sep
-        result.append(('%08x:  %-'+str(length*(2+1)+1)+'s  |%s|') % (addr + i, hexa, text))
-
-    return '\n'.join(result)
-
-
-def makeRegisterLine(A, rA, B, rB):
-    return "{0:<15}{1:<20}{2:<15}{3:<20}".format(A, "{0:08x}".format(rA), B, "{0:08x}".format(rB))
-
-handledExceptionNames = ("FIQ", "undefined instruction", "prefetch abort", "data abort")
-registerNames = tuple("r{0}".format(i) for i in range(13)) + ("sp", "lr", "pc", "cpsr") + ("dfsr", "ifsr", "far") + ("fpexc", "fpinst", "fpinst2")
-svcBreakReasons = ("(svcBreak: panic)", "(svcBreak: assertion failed)", "(svcBreak: user-related)")
-faultStatusSources = {
-    0b1:'Alignment', 0b100:'Instruction cache maintenance operation fault',
-    0b1100:'External Abort on translation - First-level', 0b1110:'External Abort on translation - Second-level',
-    0b101:'Translation - Section', 0b111:'Translation - Page', 0b11:'Access bit - Section', 0b110:'Access bit - Page',
-    0b1001:'Domain - Section', 0b1011:'Domain - Page', 0b1101:'Permission - Section', 0b1111:'Permission - Page',
-    0b1000:'Precise External Abort', 0b10110:'Imprecise External Abort', 0b10:'Debug event'
-}
-
-def main(args=None):
-    parser = argparse.ArgumentParser(description="Parse Luma3DS exception dumps")
-    parser.add_argument("filename")
-    args = parser.parse_args()
-    data = b""
-    with open(args.filename, "rb") as f: data = f.read()
-    if unpack_from("<2I", data) != (0xdeadc0de, 0xdeadcafe):
-        raise SystemExit("Invalid file format")
-
-    version, processor, exceptionType, _, nbRegisters, codeDumpSize, stackDumpSize, additionalDataSize = unpack_from("<8I", data, 8)
-    nbRegisters //= 4
-
-    if version < (1 << 16) | 2:
-        raise SystemExit("Incompatible format version, please use the appropriate parser.")
-
-    registers = unpack_from("<{0}I".format(nbRegisters), data, 40)
-    codeOffset = 40 + 4 * nbRegisters
-    codeDump = data[codeOffset : codeOffset + codeDumpSize]
-    stackOffset = codeOffset + codeDumpSize
-    stackDump = data[stackOffset : stackOffset + stackDumpSize]
-    addtionalDataOffset = stackOffset + stackDumpSize
-    additionalData = data[addtionalDataOffset : addtionalDataOffset + additionalDataSize]
-
-    if processor == 9: print("Processor: Arm9")
-    else: print("Processor: Arm11 (core {0})".format(processor >> 16))
-
-    typeDetailsStr = ""
-    if exceptionType == 2:
-        if (registers[16] & 0x20) == 0 and codeDumpSize >= 4:
-            instr = unpack_from("<I", codeDump[-4:])[0]
-            if instr == 0xe12fff7e:
-                typeDetailsStr = " (kernel panic)"
-            elif instr == 0xef00003c:
-                typeDetailsStr = " " + (svcBreakReasons[registers[0]] if registers[0] < 3 else "(svcBreak)")
-        elif (registers[16] & 0x20) == 1 and codeDumpSize >= 2:
-            instr = unpack_from("<I", codeDump[-4:])[0]
-            if instr == 0xdf3c:
-                typeDetailsStr = " " + (svcBreakReasons[registers[0]] if registers[0] < 3 else "(svcBreak)")
-
-    elif processor != 9 and (registers[20] & 0x80000000) != 0:
-        typeDetailsStr = " (VFP exception)"
-
-    print("Exception type: {0}{1}".format("unknown" if exceptionType >= len(handledExceptionNames) else handledExceptionNames[exceptionType], typeDetailsStr))
-
-    if processor == 11 and exceptionType >= 2:
-        xfsr = registers[18] if exceptionType == 2 else registers[17]
-        print("Fault status: " + faultStatusSources[xfsr & 0xf])
-
-    if additionalDataSize != 0:
-        print("Current process: {0} ({1:016x})".format(additionalData[:8].decode("ascii"), unpack_from("<Q", additionalData, 8)[0]))
-
-    print("\nRegister dump:\n")
-    for i in range(0, nbRegisters - (nbRegisters % 2), 2):
-        if i == 16: print("")
-        print(makeRegisterLine(registerNames[i], registers[i], registerNames[i+1], registers[i+1]))
-    if nbRegisters % 2 == 1: print("{0:<15}{1:<20}".format(registerNames[nbRegisters - 1], "{0:08x}".format(registers[nbRegisters - 1])))
-
-    if processor == 11 and exceptionType == 3:
-        print("{0:<15}{1:<20}Access type: {2}".format("FAR", "{0:08x}".format(registers[19]), "Write" if registers[17] & (1 << 11) != 0 else "Read"))
-
-    thumb = registers[16] & 0x20 != 0
-    addr = registers[15] - codeDumpSize + (2 if thumb else 4)
-
-    print("\nCode dump:\n")
-
-    objdump_res = ""
-    try:
-        path = os.path.join(os.environ["DEVKITARM"], "bin", "arm-none-eabi-objdump")
-
-        if os.name == "nt" and path[0] == '/':
-            path = ''.join((path[1], ':', path[2:]))
-
-        objdump_res = subprocess.check_output((
-                                                    path, "-marm", "-b", "binary",
-                                                     "--adjust-vma="+hex(addr - codeOffset), "--start-address="+hex(addr),
-                                                     "--stop-address="+hex(addr + codeDumpSize), "-D", "-z", "-M",
-                                                     "reg-names-std" + (",force-thumb" if thumb else ""), args.filename
-                                             )).decode("utf-8")
-        objdump_res = '\n'.join(objdump_res[objdump_res.find('<.data+'):].split('\n')[1:])
-    except: objdump_res = ""
-
-    print(objdump_res if objdump_res != "" else hexdump(addr, codeDump))
-
-    print("\nStack dump:\n")
-    print(hexdump(registers[13], stackDump))
-
-if __name__ == "__main__":
-    main()

exception_dump_parser/setup.py

@@ -1,13 +0,0 @@
-from setuptools import setup, find_packages
-
-setup(
-    name='luma3ds_exception_dump_parser',
-    version='1.2',
-    url='https://github.com/AuroraWright/Luma3DS',
-    author='TuxSH',
-    license='GPLv3',
-    description='Parses Luma3DS exception dumps',
-    install_requires=[''],
-    packages=find_packages(),
-    entry_points={'console_scripts': ['luma3ds_exception_dump_parser=luma3ds_exception_dump_parser.__main__:main']},
-)

k11_extension/Makefile

@@ -25,12 +25,14 @@ INCLUDES	:=	include include/svc
 #---------------------------------------------------------------------------------
 # options for code generation
 #---------------------------------------------------------------------------------
-ARCH	:=	-march=armv6k -mtune=mpcore -mfloat-abi=hard -mtp=soft
+# -mgeneral-regs-only so that the C code is guaranteed not to use FPU regs
-DEFINES :=	-DARM11 -D_3DS
+ARCH	:=	-march=armv6k -mtune=mpcore -mfloat-abi=hard -mtp=soft -mgeneral-regs-only
+DEFINES :=	-DARM11 -D__3DS__
 
+FALSEPOSITIVES := -Wno-array-bounds -Wno-stringop-overflow -Wno-stringop-overread
 CFLAGS	:=	-g -std=gnu11 -Wall -Wextra -Werror -O2 -mword-relocations \
 			-fomit-frame-pointer -ffunction-sections -fdata-sections \
-			-Wno-main $(ARCH) $(DEFINES)
+			-Wno-main $(FALSEPOSITIVES) $(ARCH) $(DEFINES)
 
 CFLAGS	+=	$(INCLUDE)
 

k11_extension/include/config.h

@@ -9,29 +9,32 @@
 #define MULTICONFIG(a)   ((cfwInfo.multiConfig >> (2 * (a))) & 3)
 #define BOOTCONFIG(a, b) ((cfwInfo.bootConfig >> (a)) & (b))
 
-#define BOOTCFG_NAND         BOOTCONFIG(0, 7)
+#define BOOTCFG_NAND         BOOTCONFIG(0, 1)
-#define BOOTCFG_FIRM         BOOTCONFIG(3, 7)
+#define BOOTCFG_EMUINDEX     BOOTCONFIG(1, 3)
-#define BOOTCFG_NOFORCEFLAG  BOOTCONFIG(6, 1)
+#define BOOTCFG_NOFORCEFLAG  BOOTCONFIG(3, 1)
-#define BOOTCFG_NTRCARDBOOT  BOOTCONFIG(7, 1)
+#define BOOTCFG_NTRCARDBOOT  BOOTCONFIG(4, 1)
 
 enum multiOptions
 {
     DEFAULTEMU = 0,
     BRIGHTNESS,
     SPLASH,
-    SPLASH_DURATION,
     PIN,
-    NEWCPU
+    NEWCPU,
+    AUTOBOOTMODE,
+    FORCEAUDIOOUTPUT,
 };
 
 enum singleOptions
 {
     AUTOBOOTEMU = 0,
-    USEEMUFIRM,
     LOADEXTFIRMSANDMODULES,
     PATCHGAMES,
+    REDIRECTAPPTHREADS,
     PATCHVERSTRING,
     SHOWGBABOOT,
     PATCHUNITINFO,
-    DISABLEARM11EXCHANDLERS
+    ENABLEDSIEXTFILTER,
+    DISABLEARM11EXCHANDLERS,
+    ENABLESAFEFIRMROSALINA,
 };

k11_extension/include/globals.h

@@ -31,6 +31,7 @@
 
 extern KRecursiveLock *criticalSectionLock;
 extern KObjectList *threadList;
+extern KObjectList *resourceLimitList;
 extern KObjectMutex *synchronizationMutex;
 
 extern void (*KRecursiveLock__Lock)(KRecursiveLock *this);
@@ -44,17 +45,27 @@ extern KAutoObject * (*KProcessHandleTable__ToKAutoObject)(KProcessHandleTable *
 extern void (*KSynchronizationObject__Signal)(KSynchronizationObject *this, bool isPulse);
 extern Result (*WaitSynchronization1)(void *this_unused, KThread *thread, KSynchronizationObject *syncObject, s64 timeout);
 extern Result (*KProcessHandleTable__CreateHandle)(KProcessHandleTable *this, Handle *out, KAutoObject *obj, u8 token);
+extern Result (*KProcessHwInfo__QueryMemory)(KProcessHwInfo *this, MemoryInfo *memoryInfo, PageInfo *pageInfo, void *address);
 extern Result (*KProcessHwInfo__MapProcessMemory)(KProcessHwInfo *this, KProcessHwInfo *other, void *dst, void *src, u32 nbPages);
 extern Result (*KProcessHwInfo__UnmapProcessMemory)(KProcessHwInfo *this, void *addr, u32 nbPages);
+extern Result (*KProcessHwInfo__CheckVaState)(KProcessHwInfo *hwInfo, u32 va, u32 size, u32 state, u32 perm);
+extern Result (*KProcessHwInfo__GetListOfKBlockInfoForVA)(KProcessHwInfo *hwInfo, KLinkedList *list, u32 va, u32 sizeInPage);
+extern Result (*KProcessHwInfo__MapListOfKBlockInfo)(KProcessHwInfo *this, u32 va, KLinkedList *list, u32 state, u32 perm, u32 sbz);
 extern Result (*KEvent__Clear)(KEvent *this);
+extern Result (*KEvent__Signal)(KEvent *this);
 extern void (*KObjectMutex__WaitAndAcquire)(KObjectMutex *this);
 extern void (*KObjectMutex__ErrorOccured)(void);
 
 extern void (*KScheduler__AdjustThread)(KScheduler *this, KThread *thread, u32 oldSchedulingMask);
 extern void (*KScheduler__AttemptSwitchingThreadContext)(KScheduler *this);
 
+extern void (*KLinkedList_KBlockInfo__Clear)(KLinkedList *list);
+
 extern Result (*ControlMemory)(u32 *addrOut, u32 addr0, u32 addr1, u32 size, MemOp op, MemPerm perm, bool isLoader);
+extern Result (*doControlMemory)(KProcessHwInfo *this, u32 addr, u32 requestedNbPages, u32 pa, u32 state, u32 perm, u32 a7, u32 region);
+extern Result (*CreateThread)(Handle *outThreadHandle, u32 ep, u32 arg, u32 stackTop, s32 priority, s32 processorId);
 extern void (*SleepThread)(s64 ns);
+extern Result (*CreateEvent)(Handle *out, ResetType resetType);
 extern Result (*CloseHandle)(Handle handle);
 extern Result (*GetHandleInfo)(s64 *out, Handle handle, u32 type);
 extern Result (*GetSystemInfo)(s64 *out, s32 type, s32 param);
@@ -65,6 +76,7 @@ extern Result (*SendSyncRequest)(Handle handle);
 extern Result (*OpenProcess)(Handle *out, u32 processId);
 extern Result (*GetProcessId)(u32 *out, Handle process);
 extern Result (*DebugActiveProcess)(Handle *out, u32 processId);
+extern Result (*SignalEvent)(Handle event);
 extern Result (*UnmapProcessMemory)(Handle processHandle, void *dst, u32 size);
 extern Result (*KernelSetState)(u32 type, u32 varg1, u32 varg2, u32 varg3);
 
@@ -97,6 +109,7 @@ extern bool *isDevUnit;
 extern vu8 *configPage;
 extern u32 kernelVersion;
 extern FcramLayout fcramLayout;
+extern FcramDescriptor *fcramDescriptor;
 
 extern KCoreContext *coreCtxs;
 
@@ -110,9 +123,19 @@ extern Result (*InterruptManager__MapInterrupt)(InterruptManager *manager, KBase
 extern InterruptManager *interruptManager;
 extern KBaseInterruptEvent *customInterruptEvent;
 
-extern void (*initFPU)(void);
+extern void  (*initFPU)(void);
-extern void (*mcuReboot)(void);
+extern void  (*mcuReboot)(void);
-extern void (*coreBarrier)(void);
+extern void  (*coreBarrier)(void);
+extern void* (*kAlloc)(FcramDescriptor *fcramDesc, u32 nbPages, u32 alignment, u32 region);
+
+typedef struct ScreenFiltersCfgData {
+    u16 cct;
+    bool invert;
+    u8 colorCurveCorrection;
+    s64 gammaEnc;
+    s64 contrastEnc;
+    s64 brightnessEnc;
+} ScreenFiltersCfgData;
 
 typedef struct CfwInfo
 {
@@ -127,11 +150,43 @@ typedef struct CfwInfo
 
     u16 configFormatVersionMajor, configFormatVersionMinor;
     u32 config, multiConfig, bootConfig;
+    u32 splashDurationMsec;
+    s8 volumeSliderOverride;
     u64 hbldr3dsxTitleId;
     u32 rosalinaMenuCombo;
+    u32 pluginLoaderFlags;
+    s16 ntpTzOffetMinutes;
+
+    ScreenFiltersCfgData topScreenFilter;
+    ScreenFiltersCfgData bottomScreenFilter;
+
+    u64 autobootTwlTitleId;
+    u8 autobootCtrAppmemtype;
+
+    u16 launchedPath[80+1];
 } CfwInfo;
 
 extern CfwInfo cfwInfo;
+extern u32 kextBasePa;
+extern u32 stolenSystemMemRegionSize;
+extern bool disableThreadRedirection;
 
 extern vu32 rosalinaState;
 extern bool hasStartedRosalinaNetworkFuncsOnce;
+extern KEvent* signalPluginEvent;
+
+typedef enum
+{
+    PLG_CFG_NONE = 0,
+    PLG_CFG_RUNNING = 1,
+    PLG_CFG_INHOME = 2,
+    PLG_CFG_EXITING = 3,
+
+    PLG_CFG_HOME_EVENT = 1 << 16,
+    PLG_CFG_EXIT_EVENT = 2 << 16
+}   PLG_CFG_STATUS;
+
+void    PLG_SignalEvent(u32 event);
+void    PLG__WakeAppThread(void);
+u32     PLG_GetStatus(void);
+KLinkedList*    KLinkedList__Initialize(KLinkedList *list);

k11_extension/include/kernel.h

@@ -27,6 +27,7 @@
 #pragma once
 
 #include "types.h"
+#include <string.h>
 
 extern u32 kernelVersion;
 
@@ -52,7 +53,7 @@ struct KMutexLinkedList;
 struct KPreemptionTimer;
 
 /* 12 */
-typedef struct ALIGN(4) KAutoObject
+typedef struct CTR_ALIGN(4) KAutoObject
 {
   struct Vtable__KAutoObject *vtable;
   u32 refCount;
@@ -95,7 +96,7 @@ typedef struct KMutexLinkedListNode
 } KMutexLinkedListNode;
 
 /* 1 */
-typedef struct ALIGN(4) KMutex
+typedef struct CTR_ALIGN(4) KMutex
 {
   KSynchronizationObject syncObject;
   KMutexLinkedListNode mutexListNode;
@@ -105,6 +106,14 @@ typedef struct ALIGN(4) KMutex
   union KProcess *owner;
 } KMutex;
 
+typedef struct KAddressArbiter
+{
+  KAutoObject     autoObject;
+  struct KThread  *first;
+  struct KThread  *last;
+  union  KProcess *owner;
+} KAddressArbiter;
+
 /* 92 */
 typedef struct KMutexLinkedList
 {
@@ -112,6 +121,30 @@ typedef struct KMutexLinkedList
   KMutex *last;
 } KMutexLinkedList;
 
+enum
+{
+    TOKEN_KAUTOOBJECT = 0,
+    TOKEN_KSYNCHRONIZATIONOBJECT = 1,
+    TOKEN_KEVENT = 0x1F,
+    TOKEN_KSEMAPHORE = 0x2F,
+    TOKEN_KTIMER = 0x35,
+    TOKEN_KMUTEX = 0x39,
+    TOKEN_KDEBUG = 0x4D,
+    TOKEN_KSERVERPORT = 0x55,
+    TOKEN_KDMAOBJECT = 0x59,
+    TOKEN_KCLIENTPORT = 0x65,
+    TOKEN_KCODESET = 0x68,
+    TOKEN_KSESSION = 0x70,
+    TOKEN_KTHREAD = 0x8D,
+    TOKEN_KSERVERSESSION = 0x95,
+    TOKEN_KADDRESSARBITER = 0x98,
+    TOKEN_KCLIENTSESSION = 0xA5,
+    TOKEN_KPORT = 0xA8,
+    TOKEN_KSHAREDMEMORY = 0xB0,
+    TOKEN_KPROCESS = 0xC5,
+    TOKEN_KRESOURCELIMIT = 0xC8
+};
+
 /* 45 */
 typedef struct KClassToken
 {
@@ -120,7 +153,7 @@ typedef struct KClassToken
 } KClassToken;
 
 /* 44 */
-typedef struct ALIGN(4) Vtable__KAutoObject
+typedef struct CTR_ALIGN(4) Vtable__KAutoObject
 {
   void *field_0;
   void *field_4;
@@ -141,7 +174,7 @@ typedef struct KBaseInterruptEvent
 } KBaseInterruptEvent;
 
 /* 55 */
-typedef struct ALIGN(4) Vtable__KBaseInterruptEvent
+typedef struct CTR_ALIGN(4) Vtable__KBaseInterruptEvent
 {
   struct KSchedulableInterruptEvent *(*handleInterruptEvent)(KBaseInterruptEvent *, u32);
 } Vtable__KBaseInterruptEvent;
@@ -177,7 +210,7 @@ typedef struct KThreadLinkedListNode
 
 
 /* 93 */
-typedef struct ALIGN(4) KPreemptionTimer
+typedef struct CTR_ALIGN(4) KPreemptionTimer
 {
   u32 nLimitedTicks;
   u32 timer;
@@ -186,7 +219,7 @@ typedef struct ALIGN(4) KPreemptionTimer
 } KPreemptionTimer;
 
 /* 15 */
-typedef struct PACKED ALIGN(4) KThread
+typedef struct CTR_PACKED CTR_ALIGN(4) KThread
 {
   KSynchronizationObject syncObject;
   KTimeableInterruptEvent timeableInterruptEvent;
@@ -244,7 +277,7 @@ typedef enum ProcessStatus
 } ProcessStatus;
 
 /* 3 */
-typedef struct ALIGN(4) HandleDescriptor
+typedef struct CTR_ALIGN(4) HandleDescriptor
 {
   u32 info;
   KAutoObject *pointer;
@@ -264,7 +297,7 @@ typedef struct KProcessHandleTable
 } KProcessHandleTable;
 
 /* 4 */
-typedef struct ALIGN(4) KDebugThread
+typedef struct CTR_ALIGN(4) KDebugThread
 {
   KThread *linkedThread;
   bool usedSvcBreak;
@@ -322,7 +355,7 @@ typedef enum {
 } ExceptionEventType;
 
 /* 6 */
-typedef struct ALIGN(4) KDebug
+typedef struct CTR_ALIGN(4) KDebug
 {
   KSynchronizationObject syncObject;
   KSendableInterruptEvent sendableInterruptEvent;
@@ -389,7 +422,7 @@ typedef struct KCodeSetMemDescriptor
 } KCodeSetMemDescriptor;
 
 /* 5 */
-typedef struct PACKED ALIGN(4) KCodeSet
+typedef struct CTR_PACKED CTR_ALIGN(4) KCodeSet
 {
   KAutoObject autoObject;
   KCodeSetMemDescriptor textSection;
@@ -464,7 +497,7 @@ typedef struct KUserBindableInterruptEvent
 } KUserBindableInterruptEvent;
 
 /* 14 */
-typedef struct ALIGN(4) KEvent
+typedef struct CTR_ALIGN(4) KEvent
 {
   KSynchronizationObject syncObject;
   KUserBindableInterruptEvent userBindableInterruptEvent;
@@ -488,6 +521,9 @@ typedef enum MemOp
   MEMOP_REGION_SYSTEM = 0x200,
   MEMOP_REGION_BASE = 0x300,
   MEMOP_LINEAR = 0x10000,
+
+  MEMOP_OP_MASK = 0xFF,
+  MEMOP_REGION_MASK = 0xF00,
 } MemOp;
 
 /* 17 */
@@ -540,6 +576,20 @@ typedef struct KBlockInfo
   u32 pageCount;
 } KBlockInfo;
 
+typedef struct KSharedMemory
+{
+  KAutoObject   autoObject;
+  KLinkedList   ownedKBlockInfo;
+  union KProcess *owner;
+  u32           ownerPermissions;
+  u32           otherPermissions;
+  u8            isBlockInfoGenerated;
+  s8            allBlockInfoGenerated;
+  u8            unknown_1;
+  u8            unknown_2;
+  u32           address;
+} KSharedMemory;
+
 /* 25 */
 typedef struct KMemoryBlock
 {
@@ -551,7 +601,7 @@ typedef struct KMemoryBlock
 } KMemoryBlock;
 
 /* 28 */
-typedef struct ALIGN(4) KScheduler
+typedef struct CTR_ALIGN(4) KScheduler
 {
   KSchedulableInterruptEvent interruptEvent;
   u32 threadSwitchAttempts;
@@ -569,7 +619,7 @@ typedef struct ALIGN(4) KScheduler
 } KScheduler;
 
 /* 46 */
-typedef struct PACKED CodeSetInfo
+typedef struct CTR_PACKED CodeSetInfo
 {
   char name[8];
   u16 unknown_1;
@@ -589,7 +639,7 @@ typedef struct PACKED CodeSetInfo
 } CodeSetInfo;
 
 /* 53 */
-typedef struct ALIGN(4) InterruptData
+typedef struct CTR_ALIGN(4) InterruptData
 {
   KBaseInterruptEvent *interruptEvent;
   bool disableUponReceipt;
@@ -690,7 +740,7 @@ typedef enum ResetType
 } ResetType;
 
 /* 81 */
-typedef struct PACKED ALIGN(4) KTimer
+typedef struct CTR_PACKED CTR_ALIGN(4) KTimer
 {
   KSynchronizationObject syncObject;
   KTimeableInterruptEvent timeableInterruptEvent;
@@ -718,7 +768,7 @@ typedef KSchedulableInterruptEvent KThreadTerminationInterruptEvent;
 typedef KSchedulableInterruptEvent KThreadExitInterruptEvent;
 
 /* 89 */
-typedef struct ALIGN(4) KInterruptEventMailbox
+typedef struct CTR_ALIGN(4) KInterruptEventMailbox
 {
   u32 mailboxID;
   KSendableInterruptEvent *first;
@@ -745,7 +795,7 @@ typedef enum LimitableResource
 } LimitableResource;
 
 /* 99 */
-typedef struct ALIGN(4) CpuRegisters
+typedef struct CTR_ALIGN(4) CpuRegisters
 {
   u32 r[13];
   u32 sp;
@@ -759,7 +809,7 @@ typedef struct FpuRegisters
 {
   union
   {
-      struct PACKED { double d[16]; };
+      struct CTR_PACKED { double d[16]; };
       float  s[32];
   };
   u32 fpscr;
@@ -924,7 +974,7 @@ typedef struct KEventInfo
   };
 } KEventInfo;
 
-typedef struct ALIGN(0x1000) KCoreObjectContext
+typedef struct CTR_ALIGN(0x1000) KCoreObjectContext
 {
   KThread *volatile currentThread;
   union KProcess *volatile currentProcess;
@@ -954,7 +1004,7 @@ extern KCoreContext *coreCtxs;
 
 #define DEFINE_CONSOLE_SPECIFIC_STRUCTS(console, nbCores)
 /* 60 */
-typedef struct ALIGN(4) KProcessHwInfoN3DS
+typedef struct CTR_ALIGN(4) KProcessHwInfoN3DS
 {
   KObjectMutex mutex;
   u32 processTLBEntriesNeedToBeFlushedOnCore[4];
@@ -973,7 +1023,7 @@ typedef struct ALIGN(4) KProcessHwInfoN3DS
   u32 *mmuTableVA;
 } KProcessHwInfoN3DS;
 
-typedef struct ALIGN(4) KProcessHwInfoO3DS8x
+typedef struct CTR_ALIGN(4) KProcessHwInfoO3DS8x
 {
   KObjectMutex mutex;
   u32 processTLBEntriesNeedToBeFlushedOnCore[2];
@@ -992,7 +1042,7 @@ typedef struct ALIGN(4) KProcessHwInfoO3DS8x
   u32 *mmuTableVA;
 } KProcessHwInfoO3DS8x;
 
-typedef struct ALIGN(4) KProcessHwInfoO3DSPre8x
+typedef struct CTR_ALIGN(4) KProcessHwInfoO3DSPre8x
 {
   KObjectMutex mutex;
   u32 processTLBEntriesNeedToBeFlushedOnCore[2];
@@ -1037,10 +1087,24 @@ typedef struct KProcess##sys\
   KThread *mainThread;\
   u32 interruptEnabledFlags[4];\
   KProcessHandleTable handleTable;\
-  u8 gap234[52];\
+  /* Custom fields for plugin system */ \
+  /* { */ \
+  u32     customFlags; /* see KProcess_CustomFlags enum below */ \
+  Handle  onMemoryLayoutChangeEvent;\
+  /* } */ \
+  u8 gap234[44];\
   u64 unused;\
 } KProcess##sys;
 
+enum KProcess_CustomFlags
+{
+    ForceRWXPages = 1 << 0,
+    SignalOnMemLayoutChanges = 1 << 1,
+    SignalOnExit = 1 << 2,
+
+    MemLayoutChanged = 1 << 16
+};
+
 INSTANCIATE_KPROCESS(N3DS);
 INSTANCIATE_KPROCESS(O3DS8x);
 INSTANCIATE_KPROCESS(O3DSPre8x);
@@ -1126,27 +1190,49 @@ typedef union KCacheMaintenanceInterruptEvent
 
 typedef struct FcramLayout
 {
-  void *applicationAddr;
+  u32 applicationAddr;
   u32 applicationSize;
-  void *systemAddr;
+  u32 systemAddr;
   u32 systemSize;
-  void *baseAddr;
+  u32 baseAddr;
   u32 baseSize;
 } FcramLayout;
 
+typedef struct RegionDescriptor
+{
+    void               *firstMemoryBlock;
+    void               *lastMemoryBlock;
+    void               *regionStart;
+    u32                 regionSizeInBytes;
+}   RegionDescriptor;
+
+typedef struct FcramDescriptor
+{
+    RegionDescriptor    appRegion;
+    RegionDescriptor    sysRegion;
+    RegionDescriptor    baseRegion;
+    RegionDescriptor *  regionDescsPtr;
+    u32                 fcramStart;
+    u32                 fcramSizeInPages;
+    u32                 baseMemoryStart;
+    u32                 kernelUsageInBytes;
+    u32                 unknown;
+    KObjectMutex        mutex;
+}   FcramDescriptor;
+
 extern bool isN3DS;
 extern void *officialSVCs[0x7E];
 
 #define KPROCESSRELATED_OFFSETOFF(classname, field) (isN3DS ? offsetof(classname##N3DS, field) :\
-((kernelVersion >= SYSTEM_VERSION(2, 44, 6)) ? offsetof(classname##O3DS8x, field) :\
+((GET_VERSION_MINOR(kernelVersion) >= 44) ? offsetof(classname##O3DS8x, field) :\
 offsetof(classname##O3DSPre8x, field)))
 
 #define KPROCESSRELATED_GET_PTR(obj, field) (isN3DS ? &(obj)->N3DS.field :\
-((kernelVersion >= SYSTEM_VERSION(2, 44, 6)) ? &(obj)->O3DS8x.field :\
+((GET_VERSION_MINOR(kernelVersion) >= 44) ? &(obj)->O3DS8x.field :\
 &(obj)->O3DSPre8x.field))
 
 #define KPROCESSRELATED_GET_PTR_TYPE(type, obj, field) (isN3DS ? (type *)(&(obj)->N3DS.field) :\
-((kernelVersion >= SYSTEM_VERSION(2, 44, 6)) ? (type *)(&(obj)->O3DS8x.field) :\
+((GET_VERSION_MINOR(kernelVersion) >= 44) ? (type *)(&(obj)->O3DS8x.field) :\
 (type *)(&(obj)->O3DSPre8x.field)))
 
 #define KPROCESS_OFFSETOF(field)                    KPROCESSRELATED_OFFSETOFF(KProcess, field)
@@ -1161,35 +1247,50 @@ offsetof(classname##O3DSPre8x, field)))
 #define KPROCESSHWINFO_GET_RVALUE(obj, field)             *(KPROCESSHWINFO_GET_PTR(obj, field))
 #define KPROCESSHWINFO_GET_RVALUE_TYPE(type, obj, field)  *(KPROCESSHWINFO_GET_PTR_TYPE(type, obj, field))
 
+extern u32 pidOffsetKProcess, hwInfoOffsetKProcess, codeSetOffsetKProcess, handleTableOffsetKProcess, debugOffsetKProcess, flagsKProcess;
+
 static inline u32 idOfProcess(KProcess *process)
 {
-    return KPROCESS_GET_RVALUE(process, processId);
+    u32 id;
+    memcpy(&id, (const u8 *)process + pidOffsetKProcess, 4);
+    return id;
 }
 
 static inline KProcessHwInfo *hwInfoOfProcess(KProcess *process)
 {
-    return KPROCESS_GET_PTR_TYPE(KProcessHwInfo, process, hwInfo);
+    return (KProcessHwInfo *)((uintptr_t)process + hwInfoOffsetKProcess);
 }
 
 static inline KCodeSet *codeSetOfProcess(KProcess *process)
 {
-    return KPROCESS_GET_RVALUE(process, codeSet);
+    KCodeSet *cs;
+    memcpy(&cs, (const u8 *)process + codeSetOffsetKProcess, 4);
+    return cs;
 }
 
 static inline KProcessHandleTable *handleTableOfProcess(KProcess *process)
 {
-    return KPROCESS_GET_PTR(process, handleTable);
+    return (KProcessHandleTable *)((uintptr_t)process + handleTableOffsetKProcess);
 }
 
 static inline KDebug *debugOfProcess(KProcess *process)
 {
-    return KPROCESS_GET_RVALUE(process, debug);
+    KDebug *debug;
+    memcpy(&debug, (const u8 *)process + debugOffsetKProcess, 4);
+    return debug;
+}
+
+static inline u32 flagsOfProcess(KProcess *process)
+{
+    u32 flags;
+    memcpy(&flags, (const u8 *)process + flagsKProcess, 4);
+    return flags;
 }
 
 static inline const char *classNameOfAutoObject(KAutoObject *object)
 {
     const char *name;
-    if(kernelVersion >= SYSTEM_VERSION(2, 46, 0))
+    if(GET_VERSION_MINOR(kernelVersion) >= 46)
     {
         KClassToken tok;
         object->vtable->GetClassToken(&tok, object);
@@ -1205,7 +1306,7 @@ extern Result (*KProcessHandleTable__CreateHandle)(KProcessHandleTable *this, Ha
 static inline Result createHandleForProcess(Handle *out, KProcess *process, KAutoObject *obj)
 {
     u8 token;
-    if(kernelVersion >= SYSTEM_VERSION(2, 46, 0))
+    if(GET_VERSION_MINOR(kernelVersion) >= 46)
     {
         KClassToken tok;
         obj->vtable->GetClassToken(&tok, obj);

k11_extension/include/mmu.h

@@ -0,0 +1,129 @@
+#pragma once
+
+#include "types.h"
+#include "kernel.h"
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b00
+}   Desc_TranslationFault;
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b01
+    u32     sbz     : 3;
+    u32     domain  : 4;
+    u32     p       : 1;
+    u32     addr    : 21;
+}   Desc_CoarsePageTable;
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b10
+    u32     b       : 1;
+    u32     c       : 1;
+    u32     xn      : 1;
+    u32     domain  : 4;
+    u32     p       : 1;
+    u32     ap      : 2;
+    u32     tex     : 3;
+    u32     apx     : 1;
+    u32     s       : 1;
+    u32     ng      : 1;
+    u32     bit18   : 1;    ///< 0
+    u32     sbz     : 1;
+    u32     addr    : 12;
+}   Desc_Section;
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b10
+    u32     b       : 1;
+    u32     c       : 1;
+    u32     xn      : 1;
+    u32     domain  : 4;
+    u32     p       : 1;
+    u32     ap      : 2;
+    u32     tex     : 3;
+    u32     sbz     : 3;
+    u32     bit18   : 1;    ///< 1
+    u32     sbz2    : 5;
+    u32     addr    : 8;
+}   Desc_Supersection;
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b11
+}   Desc_Reserved;
+
+typedef struct
+{
+    u32     bits1_0 : 2;    ///< 0b01
+    u32     b       : 1;
+    u32     c       : 1;
+    u32     ap      : 2;
+    u32     sbz     : 3;
+    u32     apx     : 1;
+    u32     s       : 1;
+    u32     ng      : 1;
+    u32     tex     : 3;
+    u32     xn      : 1;
+    u32     addr    : 16;
+}   Desc_LargePage;
+
+typedef struct
+{
+    u32     xn      : 1;
+    u32     bit1    : 1;    ///< 1
+    u32     b       : 1;
+    u32     c       : 1;
+    u32     ap      : 2;
+    u32     tex     : 3;
+    u32     apx     : 1;
+    u32     s       : 1;
+    u32     ng      : 1;
+    u32     addr    : 20;
+}   Desc_SmallPage;
+
+typedef union
+{
+    u32     raw;
+
+    Desc_TranslationFault   translationFault;
+    Desc_CoarsePageTable    coarsePageTable;
+    Desc_Section            section;
+    Desc_Supersection       supersection;
+    Desc_Reserved           reserved;
+
+}   L1Descriptor;
+
+typedef union
+{
+    u32     raw;
+
+    Desc_TranslationFault   translationFault;
+    Desc_LargePage          largePage;
+    Desc_SmallPage          smallPage;
+}   L2Descriptor;
+
+typedef enum
+{
+    Descriptor_TranslationFault,
+    Descriptor_CoarsePageTable,
+    Descriptor_Section,
+    Descriptor_Supersection,
+    Descriptor_Reserved,
+    Descriptor_LargePage,
+    Descriptor_SmallPage
+}   DescType;
+
+void    L1MMUTable__RWXForAll(u32 *table);
+void    L2MMUTable__RWXForAll(u32 *table);
+u32     L1MMUTable__GetPAFromVA(u32 *table, u32 va);
+u32     L2MMUTable__GetPAFromVA(u32 *table, u32 va);
+u32     L1MMUTable__GetAddressUserPerm(u32 *table, u32 va);
+u32     L2MMUTable__GetAddressUserPerm(u32 *table, u32 va);
+
+void    KProcessHwInfo__SetMMUTableToRWX(KProcessHwInfo *hwInfo);
+u32     KProcessHwInfo__GetPAFromVA(KProcessHwInfo *hwInfo, u32 va);
+u32     KProcessHwInfo__GetAddressUserPerm(KProcessHwInfo *hwInfo, u32 va);

k11_extension/include/svc.h

@@ -32,7 +32,9 @@
 #include "utils.h"
 
 extern void *officialSVCs[0x7E];
+extern void *alteredSvcTable[0x100];
+
+void buildAlteredSvcTable(void);
 
 void postprocessSvc(void);
 void svcDefaultHandler(u8 svcId);
-void *svcHook(u8 *pageEnd);

k11_extension/include/svc/ControlMemoryUnsafe.h

@@ -0,0 +1,34 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016-2018 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b and 7.c of GPLv3 apply to this file:
+*       * Requiring preservation of specified reasonable legal notices or
+*         author attributions in that material or in the Appropriate Legal
+*         Notices displayed by works containing it.
+*       * Prohibiting misrepresentation of the origin of that material,
+*         or requiring that modified versions of such material be marked in
+*         reasonable ways as different from the original version.
+*/
+
+#pragma once
+
+#include "utils.h"
+#include "kernel.h"
+#include "svc.h"
+
+Result ControlMemoryUnsafe(u32 *out, u32 addr0, u32 size, MemOp op, MemPerm perm);
+Result ControlMemoryUnsafeWrapper(u32 *out, u32 addr0, u32 size, MemOp op, MemPerm perm);

k11_extension/include/svc/ControlProcess.h

@@ -0,0 +1,21 @@
+#pragma once
+
+#include "utils.h"
+#include "kernel.h"
+#include "svc.h"
+
+/// Operations for svcControlProcess
+typedef enum ProcessOp
+{
+    PROCESSOP_GET_ALL_HANDLES,  ///< List all handles of the process, varg3 can be either 0 to fetch all handles, or token of the type to fetch
+                                ///< svcControlProcess(handle, PROCESSOP_GET_ALL_HANDLES, (u32)&outBuf, 0)
+    PROCESSOP_SET_MMU_TO_RWX,   ///< Set the whole memory of the process with rwx access
+                                ///< svcControlProcess(handle, PROCESSOP_SET_MMU_TO_RWX, 0, 0)
+    PROCESSOP_GET_ON_MEMORY_CHANGE_EVENT,
+    PROCESSOP_SIGNAL_ON_EXIT,
+    PROCESSOP_GET_PA_FROM_VA,   ///< Get the physical address of the va within the process
+                                ///< svcControlProcess(handle, PROCESSOP_GET_PA_FROM_VA, (u32)&outPa, va)
+    PROCESSOP_SCHEDULE_THREADS,
+} ProcessOp;
+
+Result  ControlProcess(Handle process, ProcessOp op, u32 varg2, u32 varg3);

k11_extension/include/svc/CreateThread.h

@@ -0,0 +1,32 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016-2023 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b and 7.c of GPLv3 apply to this file:
+*       * Requiring preservation of specified reasonable legal notices or
+*         author attributions in that material or in the Appropriate Legal
+*         Notices displayed by works containing it.
+*       * Prohibiting misrepresentation of the origin of that material,
+*         or requiring that modified versions of such material be marked in
+*         reasonable ways as different from the original version.
+*/
+
+#include "utils.h"
+#include "kernel.h"
+#include "svc.h"
+
+Result CreateThreadHookWrapper(Handle *outThreadHandle, u32 ep, u32 arg, u32 stackTop, s32 priority, s32 processorId);
+Result CreateThreadHook(Handle *outThreadHandle, u32 ep, u32 arg, u32 stackTop, s32 priority, s32 processorId);

k11_extension/include/svc/ExitProcess.h

@@ -0,0 +1,6 @@
+#include "utils.h"
+#include "kernel.h"
+#include "svc.h"
+
+void ExitProcessHook(void);
+void ExitProcessHookWrapper(void);

k11_extension/include/svc/KernelSetState.h

@@ -30,5 +30,7 @@
 #include "kernel.h"
 #include "svc.h"
 
+extern u8 svcSignalingEnabled;
+
 bool shouldSignalSyscallDebugEvent(KProcess *process, u8 svcId);
 Result KernelSetStateHook(u32 type, u32 varg1, u32 varg2, u32 varg3);

k11_extension/include/svc/MapProcessMemoryEx.h

@@ -30,4 +30,11 @@
 #include "kernel.h"
 #include "svc.h"
 
-Result MapProcessMemoryEx(Handle processHandle, void *dst, void *src, u32 size);
+/// Flags for svcMapProcessMemoryEx
+typedef enum MapExFlags
+{
+    MAPEXFLAGS_PRIVATE = BIT(0), ///< Maps the memory as PRIVATE (0xBB05) instead of SHARED (0x5806)
+} MapExFlags;
+
+Result MapProcessMemoryEx(Handle dstProcessHandle, u32 vaDst, Handle srcProcessHandle, u32 vaSrc, u32 size, MapExFlags flags);
+Result MapProcessMemoryExWrapper(Handle dstProcessHandle, u32 vaDst, Handle srcProcessHandle, u32 vaSrc, u32 size, MapExFlags flags);

k11_extension/include/synchronization.h

@@ -36,11 +36,12 @@ void executeFunctionOnCores(SGI0Handler_t func, u8 targetList, u8 targetListFilt
 
 void KScheduler__TriggerCrossCoreInterrupt(KScheduler *this);
 void KThread__DebugReschedule(KThread *this, bool lock);
-bool rosalinaThreadLockPredicate(KThread *thread);
+
+bool rosalinaThreadLockPredicate(KThread *thread, u32 mask);
 void rosalinaRescheduleThread(KThread *thread, bool lock);
-void rosalinaLockThread(KThread *thread);
+
-void rosalinaLockAllThreads(void);
+void rosalinaLockThreads(u32 mask);
-void rosalinaUnlockAllThreads(void);
+void rosalinaUnlockThreads(u32 mask);
 
 // Taken from ctrulib:
 
@@ -49,6 +50,11 @@ static inline void __dsb(void)
 	__asm__ __volatile__("mcr p15, 0, %[val], c7, c10, 4" :: [val] "r" (0) : "memory");
 }
 
+static inline void __dmb(void)
+{
+    __asm__ __volatile__("mcr p15, 0, %[val], c7, c10, 5" :: [val] "r" (0) : "memory");
+}
+
 static inline void __clrex(void)
 {
     __asm__ __volatile__("clrex" ::: "memory");

k11_extension/include/types.h

@@ -69,15 +69,24 @@ typedef s32 Result;                 ///< Function result.
 #define BIT(n) (1U<<(n))
 
 /// Aligns a struct (and other types?) to m, making sure that the size of the struct is a multiple of m.
-#define ALIGN(m)   __attribute__((aligned(m)))
+#define CTR_ALIGN(m)   __attribute__((aligned(m)))
 /// Packs a struct (and other types?) so it won't include padding bytes.
-#define PACKED      __attribute__((packed))
+#define CTR_PACKED      __attribute__((packed))
-#define USED        __attribute__((used))
+#define CTR_USED        __attribute__((used))
-#define UNUSED      __attribute__((unused))
+#define CTR_UNUSED      __attribute__((unused))
 /// Packs a system version from its components.
 #define SYSTEM_VERSION(major, minor, revision) \
     (((major)<<24)|((minor)<<16)|((revision)<<8))
 
+/// Retrieves the major version from a packed system version.
+#define GET_VERSION_MAJOR(version)    ((version) >>24)
+
+/// Retrieves the minor version from a packed system version.
+#define GET_VERSION_MINOR(version)    (((version)>>16)&0xFF)
+
+/// Retrieves the revision version from a packed system version.
+#define GET_VERSION_REVISION(version) (((version)>> 8)&0xFF)
+
 #define CUR_THREAD_HANDLE       0xFFFF8000
 #define CUR_PROCESS_HANDLE      0xFFFF8001
 

k11_extension/linker.ld

@@ -5,7 +5,7 @@ ENTRY(_start)
 MEMORY
 {
     vram                : ORIGIN = 0x18000000, LENGTH = 0x18180000 - 0x18000000 /* Up to the kernel builtins. */
-    main                : ORIGIN = 0x40000000, LENGTH = 1M
+    main                : ORIGIN = 0x70000000, LENGTH = 1M
 }
 
 PHDRS
@@ -15,7 +15,7 @@ PHDRS
 
 SECTIONS
 {
-    PROVIDE(__start__ = 0x40000000);
+    PROVIDE(__start__ = ORIGIN(main));
     . = ABSOLUTE(__start__);
 
     .text :

k11_extension/linker.specs

@@ -1,7 +1,7 @@
 %rename link                old_link
 
 *link:
-%(old_link) -T %:getenv(TOPDIR /linker.ld) --nmagic --gc-sections
+%(old_link) -T %:getenv(TOPDIR /linker.ld) --nmagic --gc-sections --no-warn-rwx-segments
 
 *startfile:
 crti%O%s crtbegin%O%s

k11_extension/source/debug.c

@@ -31,7 +31,7 @@
 KRecursiveLock dbgParamsLock = { NULL };
 u32 dbgParamWatchpointId, dbgParamDVA, dbgParamWCR, dbgParamContextId;
 
-KSchedulableInterruptEvent *enableMonitorModeDebugging(KBaseInterruptEvent *this UNUSED, u32 interruptID UNUSED)
+KSchedulableInterruptEvent *enableMonitorModeDebugging(KBaseInterruptEvent *this CTR_UNUSED, u32 interruptID CTR_UNUSED)
 {
     coreBarrier();
 
@@ -76,7 +76,7 @@ static void disableWatchpoint1(void)
     __asm__ __volatile__("mcr p14, 0, %[val], c0, c5, 5" :: [val] "r" (control));
 }
 
-KSchedulableInterruptEvent *disableWatchpoint(KBaseInterruptEvent *this UNUSED, u32 interruptID UNUSED)
+KSchedulableInterruptEvent *disableWatchpoint(KBaseInterruptEvent *this CTR_UNUSED, u32 interruptID CTR_UNUSED)
 {
     coreBarrier();
 
@@ -131,7 +131,7 @@ static void setWatchpoint1WithContextId(u32 DVA, u32 WCR, u32 contextId)
     __asm__ __volatile__("mcr p15, 0, %[val], c7, c10, 5" :: [val] "r" (0) : "memory"); // DMB
 }
 
-KSchedulableInterruptEvent *setWatchpointWithContextId(KBaseInterruptEvent *this UNUSED, u32 interruptID UNUSED)
+KSchedulableInterruptEvent *setWatchpointWithContextId(KBaseInterruptEvent *this CTR_UNUSED, u32 interruptID CTR_UNUSED)
 {
     coreBarrier();
 

k11_extension/source/fatalExceptionHandlers.s

@@ -24,23 +24,6 @@
 
 .fpu vfp
 
-.macro TEST_IF_MODE_AND_ARM_INST_OR_JUMP lbl, mode
-    cpsid aif
-    mrs sp, spsr
-    tst sp, #0x20
-    bne \lbl
-    and sp, #0x1f                @ get previous processor mode
-    cmp sp, #\mode
-    bne \lbl
-
-    sub sp, lr, #4
-    mcr p15, 0, sp, c7, c8, 0    @ VA to PA translation with privileged read permission check
-    mrc p15, 0, sp, c7, c4, 0    @ read PA register
-    tst sp, #1                   @ failure bit
-    bne \lbl
-.endm
-
-
 .macro GEN_USUAL_HANDLER name, index, pos
     \name\()Handler:
         ldr sp, =exceptionStackTop
@@ -180,14 +163,20 @@ _commonHandler:
 .type   FIQHandler, %function
 GEN_USUAL_HANDLER FIQ, 0, 28
 
+.align  5
 .global undefinedInstructionHandler
 .type   undefinedInstructionHandler, %function
 undefinedInstructionHandler:
-    TEST_IF_MODE_AND_ARM_INST_OR_JUMP _undefinedInstructionNormalHandler, 0x10
+    @ Most of the time, we're here to re-enable the FPU (over and over again)
+    mrs sp, spsr
+    @ We can assume bit4 is always set in SPSR. Test if if it's not thumb and if it's usermode
+    tst sp, #0x2F
+    bne _undefinedInstructionNormalHandler
 
-    ldr sp, [lr, #-4]   @ test if it's an VFP instruction that was aborted
+    @ Test if it's an VFP instruction that was aborted
+    ldr sp, [lr, #-4]
     lsl sp, #4
-    sub sp, #0xc0000000
+    sub sp, #0xC0000000
     cmp sp, #0x30000000
     bcs _undefinedInstructionNormalHandler
     fmrx sp, fpexc
@@ -212,8 +201,6 @@ undefinedInstructionHandler:
 .global prefetchAbortHandler
 .type   prefetchAbortHandler, %function
 prefetchAbortHandler:
-    TEST_IF_MODE_AND_ARM_INST_OR_JUMP _prefetchAbortNormalHandler, 0x13
-
     ldr sp, =(Break + 3*4 + 4)
     cmp lr, sp
     bne _prefetchAbortNormalHandler

k11_extension/source/fatalExceptionHandlersMain.c

@@ -28,10 +28,43 @@
 #include "fatalExceptionHandlers.h"
 #include "utils.h"
 #include "kernel.h"
+#include "memory.h"
+#include "mmu.h"
 #include "globals.h"
 
 #define REG_DUMP_SIZE   4 * 23
-#define CODE_DUMP_SIZE  48
+#define CODE_DUMP_SIZE  96
+
+// Return true if parameters are invalid
+static bool checkExceptionHandlerValidity(KProcess *process, vu32 *threadLocalStorage)
+{
+    if (process == NULL)
+        return true;
+
+    u32             stackBottom = threadLocalStorage[0x11];
+    u32             exceptionBuf = threadLocalStorage[0x12];
+    MemoryInfo      memInfo;
+    PageInfo        pageInfo;
+    KProcessHwInfo *hwInfo = hwInfoOfProcess(process);
+
+    u32 perm = KProcessHwInfo__GetAddressUserPerm(hwInfo, threadLocalStorage[0x10]);
+
+    if (stackBottom != 1)
+    {
+        if (KProcessHwInfo__QueryMemory(hwInfo, &memInfo, &pageInfo, (void *)stackBottom)
+            || (memInfo.permissions & MEMPERM_RW) != MEMPERM_RW)
+            return true;
+    }
+
+    if (exceptionBuf > 1)
+    {
+        if (KProcessHwInfo__QueryMemory(hwInfo, &memInfo, &pageInfo, (void *)exceptionBuf)
+            || (memInfo.permissions & MEMPERM_RW) != MEMPERM_RW)
+            return true;
+    }
+
+    return (perm & MEMPERM_RX) != MEMPERM_RX;
+}
 
 bool isExceptionFatal(u32 spsr, u32 *regs, u32 index)
 {
@@ -43,7 +76,7 @@ bool isExceptionFatal(u32 spsr, u32 *regs, u32 index)
     KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
 
     if(thread != NULL && thread->threadLocalStorage != NULL && *((vu32 *)thread->threadLocalStorage + 0x10) != 0)
-       return false;
+       return checkExceptionHandlerValidity(currentProcess, (vu32 *)thread->threadLocalStorage);
 
     if(currentProcess != NULL)
     {
@@ -52,7 +85,7 @@ bool isExceptionFatal(u32 spsr, u32 *regs, u32 index)
 
         thread = KPROCESS_GET_RVALUE(currentProcess, mainThread);
         if(thread != NULL && thread->threadLocalStorage != NULL && *((vu32 *)thread->threadLocalStorage + 0x10) != 0)
-           return false;
+           return checkExceptionHandlerValidity(currentProcess, thread->threadLocalStorage);
 
         if(index == 3 && strcmp(codeSetOfProcess(currentProcess)->processName, "menu") == 0 && // workaround a Home Menu bug leading to a dabort
            regs[0] == 0x3FFF && regs[2] == 0 && regs[5] == 2 && regs[7] == 1)
@@ -70,6 +103,7 @@ bool isDataAbortExceptionRangeControlled(u32 spsr, u32 addr)
                 ((u32)safecpy <= addr && addr < (u32)safecpy + safecpy_sz)
             );
 }
+
 void fatalExceptionHandlersMain(u32 *registerDump, u32 type, u32 cpuId)
 {
     ExceptionDumpHeader dumpHeader;
@@ -81,7 +115,7 @@ void fatalExceptionHandlersMain(u32 *registerDump, u32 type, u32 cpuId)
     dumpHeader.magic[0] = 0xDEADC0DE;
     dumpHeader.magic[1] = 0xDEADCAFE;
     dumpHeader.versionMajor = 1;
-    dumpHeader.versionMinor = 2;
+    dumpHeader.versionMinor = 3;
 
     dumpHeader.processor = 11;
     dumpHeader.core = cpuId & 0xF;

k11_extension/source/globals.c

@@ -25,6 +25,8 @@
 */
 
 #include "globals.h"
+#include "utils.h"
+#include "ipc.h"
 
 KRecursiveLock *criticalSectionLock;
 KObjectList *threadList;
@@ -40,17 +42,29 @@ KAutoObject * (*KProcessHandleTable__ToKAutoObject)(KProcessHandleTable *this, H
 void (*KSynchronizationObject__Signal)(KSynchronizationObject *this, bool isPulse);
 Result (*WaitSynchronization1)(void *this_unused, KThread *thread, KSynchronizationObject *syncObject, s64 timeout);
 Result (*KProcessHandleTable__CreateHandle)(KProcessHandleTable *this, Handle *out, KAutoObject *obj, u8 token);
+Result (*KProcessHwInfo__QueryMemory)(KProcessHwInfo *this, MemoryInfo *memoryInfo, PageInfo *pageInfo, void *address);
 Result (*KProcessHwInfo__MapProcessMemory)(KProcessHwInfo *this, KProcessHwInfo *other, void *dst, void *src, u32 nbPages);
 Result (*KProcessHwInfo__UnmapProcessMemory)(KProcessHwInfo *this, void *addr, u32 nbPages);
+Result (*KProcessHwInfo__CheckVaState)(KProcessHwInfo *hwInfo, u32 va, u32 size, u32 state, u32 perm);
+Result (*KProcessHwInfo__GetListOfKBlockInfoForVA)(KProcessHwInfo *hwInfo, KLinkedList *list, u32 va, u32 sizeInPage);
+Result (*KProcessHwInfo__MapListOfKBlockInfo)(KProcessHwInfo *this, u32 va, KLinkedList *list, u32 state, u32 perm, u32 sbz);
 Result (*KEvent__Clear)(KEvent *this);
+Result (*KEvent__Signal)(KEvent *this);
+
 void (*KObjectMutex__WaitAndAcquire)(KObjectMutex *this);
 void (*KObjectMutex__ErrorOccured)(void);
 
 void (*KScheduler__AdjustThread)(KScheduler *this, KThread *thread, u32 oldSchedulingMask);
 void (*KScheduler__AttemptSwitchingThreadContext)(KScheduler *this);
 
+void (*KLinkedList_KBlockInfo__Clear)(KLinkedList *list);
+
 Result (*ControlMemory)(u32 *addrOut, u32 addr0, u32 addr1, u32 size, MemOp op, MemPerm perm, bool isLoader);
+Result (*doControlMemory)(KProcessHwInfo *this, u32 addr, u32 requestedNbPages, u32 pa, u32 state, u32 perm, u32 a7, u32 region);
+
+Result (*CreateThread)(Handle *outThreadHandle, u32 ep, u32 arg, u32 stackTop, s32 priority, s32 processorId);
 void (*SleepThread)(s64 ns);
+Result (*CreateEvent)(Handle *out, ResetType resetType);
 Result (*CloseHandle)(Handle handle);
 Result (*GetHandleInfo)(s64 *out, Handle handle, u32 type);
 Result (*GetSystemInfo)(s64 *out, s32 type, s32 param);
@@ -61,6 +75,7 @@ Result (*SendSyncRequest)(Handle handle);
 Result (*OpenProcess)(Handle *out, u32 processId);
 Result (*GetProcessId)(u32 *out, Handle process);
 Result (*DebugActiveProcess)(Handle *out, u32 processId);
+Result (*SignalEvent)(Handle event);
 Result (*UnmapProcessMemory)(Handle processHandle, void *dst, u32 size);
 Result (*KernelSetState)(u32 type, u32 varg1, u32 varg2, u32 varg3);
 
@@ -93,6 +108,7 @@ bool *isDevUnit;
 vu8 *configPage;
 u32 kernelVersion;
 FcramLayout fcramLayout;
+FcramDescriptor *fcramDescriptor;
 KCoreContext *coreCtxs;
 
 void *originalHandlers[8] = {NULL};
@@ -102,13 +118,68 @@ u32 nbSection0Modules;
 Result (*InterruptManager__MapInterrupt)(InterruptManager *manager, KBaseInterruptEvent *iEvent, u32 interruptID,
                                          u32 coreID, u32 priority, bool disableUponReceipt, bool levelHighActive);
 InterruptManager *interruptManager;
-KBaseInterruptEvent *customInterruptEvent;
 
-void (*initFPU)(void);
+void  (*initFPU)(void);
-void (*mcuReboot)(void);
+void  (*mcuReboot)(void);
-void (*coreBarrier)(void);
+void  (*coreBarrier)(void);
+void* (*kAlloc)(FcramDescriptor *fcramDesc, u32 nbPages, u32 alignment, u32 region);
 
 CfwInfo cfwInfo;
+u32 kextBasePa;
+u32 stolenSystemMemRegionSize;
+bool disableThreadRedirection = false;
 
 vu32 rosalinaState;
 bool hasStartedRosalinaNetworkFuncsOnce;
+KEvent* signalPluginEvent = NULL;
+u32 pidOffsetKProcess, hwInfoOffsetKProcess, codeSetOffsetKProcess, handleTableOffsetKProcess, debugOffsetKProcess, flagsKProcess;
+
+KLinkedList*    KLinkedList__Initialize(KLinkedList *list)
+{
+    list->size = 0;
+    list->nodes.first = list->nodes.last = (KLinkedListNode *)&list->nodes;
+    return list;
+}
+
+void     PLG_SignalEvent(u32 event)
+{
+    KThread     *currentThread = currentCoreContext->objectContext.currentThread;
+
+    // Set configuration memory field with event
+    *(vu32 *)PA_FROM_VA_PTR((u32 *)0x1FF800F0) |= event;
+
+    // Send notification 0x1001
+    {
+        u32     *cmdbuf = (u32 *)((u8 *)currentCoreContext->objectContext.currentThread->threadLocalStorage + 0x80);
+        u32     backup[3] = { cmdbuf[0], cmdbuf[1], cmdbuf[2] };
+        Handle  srvHandle;
+        SessionInfo *info = SessionInfo_FindFirst("srv:");
+
+        Result  res = createHandleForThisProcess(&srvHandle, &info->session->clientSession.syncObject.autoObject);
+
+        if (res >= 0)
+        {
+            cmdbuf[0] = 0x000C0080;
+            cmdbuf[1] = 0x1001;
+            cmdbuf[2] = 0;
+
+            SendSyncRequest(srvHandle);
+            CloseHandle(srvHandle);
+        }
+
+        cmdbuf[0] = backup[0]; cmdbuf[1] = backup[1]; cmdbuf[2] = backup[2];
+    }
+    // Wait for notification 0x1002
+    WaitSynchronization1(NULL, currentThread, (KSynchronizationObject *)signalPluginEvent, U64_MAX);
+}
+
+void    PLG__WakeAppThread(void)
+{
+    KEvent__Signal(signalPluginEvent);
+}
+
+u32      PLG_GetStatus(void)
+{
+    return (*(vu32 *)PA_FROM_VA_PTR((u32 *)0x1FF800F0)) & 0xFFFF;
+}
+

k11_extension/source/ipc.c

@@ -246,24 +246,24 @@ bool doErrfThrowHook(u32 *cmdbuf)
     u8 *srcerrbuf = (u8 *)r0_to_r7_r12_usr[(spsr & 0x20) ? 4 : 6];
     const char *pname = codeSetOfProcess(currentCoreContext->objectContext.currentProcess)->processName;
 
-    static const struct
+    const struct
     {
         const char *name;
         Result errCode;
+        bool enabled;
     } errorCodesToIgnore[] =
     {
         /*
-            If you're getting this error, you have broken your head-tracking hardware,
+            If you're getting this error, you may have broken your head-tracking hardware,
-            and should uncomment the following line:
+            and you need to enable the qtm error bypass below:
         */
-        //{ "qtm", (Result)0xF96183FE },
+        { "qtm", 0xF96183FEu, CONFIG(ENABLESAFEFIRMROSALINA)},
-
+        {   "",             0,                         false}, // impossible case to ensure the array has at least 1 element
-        { "", 0 }, // impossible case to ensure the array has at least 1 element
     };
 
     for(u32 i = 0; i < sizeof(errorCodesToIgnore) / sizeof(errorCodesToIgnore[0]); i++)
     {
-        if(strcmp(pname, errorCodesToIgnore[i].name) == 0 && (Result)cmdbuf[2] == errorCodesToIgnore[i].errCode)
+        if(errorCodesToIgnore[i].enabled && strcmp(pname, errorCodesToIgnore[i].name) == 0 && (Result)cmdbuf[2] == errorCodesToIgnore[i].errCode)
         {
             srcerrbuf[0] = 5;
             cmdbuf[0] = 0x10040;

k11_extension/source/main.c

@@ -32,22 +32,27 @@
 #include "svc/ConnectToPort.h"
 #include "svcHandler.h"
 
+#define K11EXT_VA         0x70000000
+
 struct KExtParameters
 {
     u32 basePA;
+    u32 stolenSystemMemRegionSize;
     void *originalHandlers[4];
     u32 L1MMUTableAddrs[4];
 
+    volatile bool done;
+
     CfwInfo cfwInfo;
 } kExtParameters = { .basePA = 0x12345678 }; // place this in .data
 
-static ALIGN(1024) u32 L2TableFor0x40000000[256] = {0};
+static CTR_ALIGN(1024) u32 g_L2Table[256] = {0};
 
 void relocateAndSetupMMU(u32 coreId, u32 *L1Table)
 {
-    struct KExtParameters *p0 = (struct KExtParameters *)((u32)&kExtParameters - 0x40000000 + 0x18000000);
+    struct KExtParameters *p0 = (struct KExtParameters *)((u32)&kExtParameters - K11EXT_VA + 0x18000000);
-    struct KExtParameters *p = (struct KExtParameters *)((u32)&kExtParameters - 0x40000000 + p0->basePA);
+    struct KExtParameters *p = (struct KExtParameters *)((u32)&kExtParameters - K11EXT_VA + p0->basePA);
-    u32 *L2Table = (u32 *)((u32)L2TableFor0x40000000 - 0x40000000 + p0->basePA);
+    u32 *L2Table = (u32 *)((u32)g_L2Table - K11EXT_VA + p0->basePA);
 
     if(coreId == 0)
     {
@@ -56,16 +61,32 @@ void relocateAndSetupMMU(u32 coreId, u32 *L1Table)
         memcpy((void *)p0->basePA, (const void *)0x18000000, __bss_start__ - __start__);
         memset((u32 *)(p0->basePA + (__bss_start__ - __start__)), 0, __bss_end__ - __bss_start__);
 
-        // Map the kernel ext to 0x40000000
+        // Map the kernel ext at K11EXT_VA
-        // 4KB extended small pages: [SYS:RW USR:-- X  TYP:NORMAL SHARED OUTER NOCACHE, INNER CACHED WB WA]
+        // 4KB extended small pages:
+        // Outer Write-Through cached, No Allocate on Write, Buffered
+        // Inner Cached Write-Back Write-Allocate, Buffered
+        // This was changed at some point (8.0 maybe?), it was outer noncached before
         for(u32 offset = 0; offset < (u32)(__end__ - __start__); offset += 0x1000)
-            L2Table[offset >> 12] = (p0->basePA + offset) | 0x516;
+            L2Table[offset >> 12] = (p0->basePA + offset) | 0x596;
+
+        p0->done = true;
+
+        // DSB, Flush Prefetch Buffer (more or less "isb")
+        __asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
+        __asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
 
         __asm__ __volatile__ ("sev");
     }
-    else
+    else {
-        __asm__ __volatile__ ("wfe");
+        do
+        {
+            __asm__ __volatile__ ("wfe");
+        } while(!p0->done);
 
+        // DSB, Flush Prefetch Buffer (more or less "isb")
+        __asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
+        __asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
+    }
     // bit31 idea thanks to SALT
     // Maps physmem so that, if addr is in physmem(0, 0x30000000), it can be accessed uncached&rwx as addr|(1<<31)
     u32 attribs = 0x40C02; // supersection (rwx for all) of strongly ordered memory, shared
@@ -76,9 +97,13 @@ void relocateAndSetupMMU(u32 coreId, u32 *L1Table)
             L1Table[i + (VA >> 20)] = PA | attribs;
     }
 
-    L1Table[0x40000000 >> 20] = (u32)L2Table | 1;
+    L1Table[K11EXT_VA >> 20] = (u32)L2Table | 1;
 
     p->L1MMUTableAddrs[coreId] = (u32)L1Table;
+
+    // DSB, Flush Prefetch Buffer (more or less "isb")
+    __asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
+    __asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
 }
 
 void bindSGI0Hook(void)
@@ -96,13 +121,76 @@ void configHook(vu8 *cfgPage)
     *(vu32 *)(configPage + 0x44) = fcramLayout.systemSize;
     *(vu32 *)(configPage + 0x48) = fcramLayout.baseSize;
     *isDevUnit = true; // enable debug features
+
+    pidOffsetKProcess = KPROCESS_OFFSETOF(processId);
+    hwInfoOffsetKProcess = KPROCESS_OFFSETOF(hwInfo);
+    codeSetOffsetKProcess = KPROCESS_OFFSETOF(codeSet);
+    handleTableOffsetKProcess = KPROCESS_OFFSETOF(handleTable);
+    debugOffsetKProcess = KPROCESS_OFFSETOF(debug);
+    flagsKProcess = KPROCESS_OFFSETOF(kernelFlags);
+}
+
+void KProcessHwInfo__MapL1Section_Hook(void);
+void KProcessHwInfo__MapL2Section_Hook(void);
+
+static void installMmuHooks(void)
+{
+    // Older versions of k11 had different VA memory mappings
+    u32 k11TextStartVa = (u32)originalHandlers[2] & ~0xFFFF;
+    u32 *off;
+
+    for (off = (u32 *)k11TextStartVa; off[0] != 0xE3A05801 || off[1] != 0xE2010EE3; off++);
+    for (; (off[0] >> 16) != 0xE92D; off--);
+    u32 *mapL2Section = PA_FROM_VA_PTR(off); // fragile, might break due to cache
+
+    for (off = (u32 *)k11TextStartVa; off[0] != 0x13A0A401 || off[1] != 0x03A0A601; off++);
+    for (; (off[0] >> 16) != 0xE92D; off--);
+    u32 *mapL1Section = PA_FROM_VA_PTR(off);
+
+    mapL1Section[1] = 0xE28FE004; // add lr, pc, #4
+    mapL1Section[2] = 0xE51FF004; // ldr pc, [pc, #-4]
+    mapL1Section[3] = (u32)KProcessHwInfo__MapL1Section_Hook;
+
+    mapL2Section[1] = 0xE28FE004; // add lr, pc, #4
+    mapL2Section[2] = 0xE51FF004; // ldr pc, [pc, #-4]
+    mapL2Section[3] = (u32)KProcessHwInfo__MapL2Section_Hook;
 }
 
 static void findUsefulSymbols(void)
 {
     u32 *off;
 
-    for(off = (u32 *)0xFFFF0000; *off != 0xE1A0D002; off++);
+    // Older versions of k11 had different VA memory mappings
+    u32 k11TextStartVa = (u32)originalHandlers[2] & ~0xFFFF;
+    // Get fcramDescriptor
+    for (off = (u32 *)k11TextStartVa; ; ++off)
+    {
+        if (  (off[0] >> 16) == 0xE59F
+           && (off[1] >> 16) == 0xE3A0
+           && (off[2] >> 16) == 0xE3A0
+           && (off[3] >> 16) == 0xE1A0
+           && (off[4] >> 16) == 0xEB00)
+        {
+            fcramDescriptor = (FcramDescriptor *)off[2 + (off[0] & 0xFFFF) / 4];
+            break;
+        }
+    }
+
+    // Get kAlloc
+    for (; *off != 0xE1A00005 || *(off + 1) != 0xE320F000; ++off);
+    off = decodeArmBranch(off + 2);
+    for (; (*off >> 16) != 0xEB00; ++off);
+    kAlloc = (void* (*)(FcramDescriptor *, u32, u32, u32))decodeArmBranch(off);
+
+    // Patch ERRF__DumpException
+    for(off = (u32 *)0xFFFF0000; *off != 0xE1A04005; ++off);
+    ++off;
+    *(u32 *)PA_FROM_VA_PTR(off) = makeArmBranch(off, off + 51, false);
+
+    for(; *off != 0xE2100102; ++off);
+    KProcessHwInfo__QueryMemory = (Result (*)(KProcessHwInfo *, MemoryInfo *, PageInfo *, void *))decodeArmBranch(off - 1);
+
+    for(; *off != 0xE1A0D002; off++);
     off += 3;
     initFPU = (void (*) (void))off;
 
@@ -139,6 +227,8 @@ static void findUsefulSymbols(void)
     KEvent__Clear = (Result (*)(KEvent *))decodeArmBranch(off + 1);
     for(off = (u32 *)KEvent__Clear; *off != 0xE8BD8070; off++);
     synchronizationMutex = *(KObjectMutex **)(off + 1);
+    for(off = (u32 *)officialSVCs[0x18]; *off != 0xE1A04005; ++off);
+    KEvent__Signal = (Result (*)(KEvent *))decodeArmBranch(off + 1);
 
     for(off = (u32 *)officialSVCs[0x24]; *off != 0xE59F004C; off++);
     WaitSynchronization1 = (Result (*)(void *, KThread *, KSynchronizationObject *, s64))decodeArmBranch(off + 6);
@@ -165,6 +255,21 @@ static void findUsefulSymbols(void)
     for(off = (u32 *)officialSVCs[0x72]; *off != 0xE2041102; off++);
     KProcessHwInfo__UnmapProcessMemory = (Result (*)(KProcessHwInfo *, void *, u32))decodeArmBranch(off - 1);
 
+    for (off = (u32 *)officialSVCs[0x70]; *off != 0xE8881200 && *off != 0xE8891900; ++off);
+    for (off = (u32 *)decodeArmBranch(off + 1); *off != 0xE2101102; ++off);
+    KProcessHwInfo__CheckVaState = (Result (*)(KProcessHwInfo *, u32, u32, u32, u32))decodeArmBranch(off - 1);
+    for (; *off != 0xE28D1008; ++off);
+    KProcessHwInfo__GetListOfKBlockInfoForVA = (Result (*)(KProcessHwInfo*, KLinkedList*, u32, u32))decodeArmBranch(off + 1);
+
+    for (; *off != 0xE2000102; ++off);
+    KProcessHwInfo__MapListOfKBlockInfo = (Result (*)(KProcessHwInfo*, u32, KLinkedList*, u32, u32, u32))decodeArmBranch(off - 1);
+
+    for (; *off != 0xE8BD8FF0; ++off);
+    KLinkedList_KBlockInfo__Clear = (void (*)(KLinkedList *))decodeArmBranch(off - 6);
+
+    for(off = (u32 *)KProcessHwInfo__MapListOfKBlockInfo; *off != 0xE1A0000B; ++off);
+    doControlMemory = (Result (*)(KProcessHwInfo*, u32, u32, u32, u32, u32, u32, u32))decodeArmBranch(off + 1);
+
     for(off = (u32 *)officialSVCs[0x7C]; *off != 0x03530000; off++);
     KObjectMutex__WaitAndAcquire = (void (*)(KObjectMutex *))decodeArmBranch(++off);
     for(; *off != 0xE320F000; off++);
@@ -209,7 +314,9 @@ static void findUsefulSymbols(void)
     // The official prototype of ControlMemory doesn't have that extra param'
     ControlMemory = (Result (*)(u32 *, u32, u32, u32, MemOp, MemPerm, bool))
                     decodeArmBranch((u32 *)officialSVCs[0x01] + 5);
+    CreateThread = (Result (*)(Handle *, u32, u32, u32, s32, s32))decodeArmBranch((u32 *)officialSVCs[0x08] + 5);
     SleepThread = (void (*)(s64))officialSVCs[0x0A];
+    CreateEvent = (Result (*)(Handle *, ResetType))decodeArmBranch((u32 *)officialSVCs[0x17] + 3);
     CloseHandle = (Result (*)(Handle))officialSVCs[0x23];
     GetHandleInfo = (Result (*)(s64 *, Handle, u32))decodeArmBranch((u32 *)officialSVCs[0x29] + 3);
     GetSystemInfo = (Result (*)(s64 *, s32, s32))decodeArmBranch((u32 *)officialSVCs[0x2A] + 3);
@@ -220,6 +327,8 @@ static void findUsefulSymbols(void)
     OpenProcess = (Result (*)(Handle *, u32))decodeArmBranch((u32 *)officialSVCs[0x33] + 3);
     GetProcessId = (Result (*)(u32 *, Handle))decodeArmBranch((u32 *)officialSVCs[0x35] + 3);
     DebugActiveProcess = (Result (*)(Handle *, u32))decodeArmBranch((u32 *)officialSVCs[0x60] + 3);
+    SignalEvent = (Result (*)(Handle event))officialSVCs[0x18];
+
     UnmapProcessMemory = (Result (*)(Handle, void *, u32))officialSVCs[0x72];
     KernelSetState = (Result (*)(u32, u32, u32, u32))((u32 *)officialSVCs[0x7C] + 1);
 
@@ -251,6 +360,8 @@ static void findUsefulSymbols(void)
             invalidateInstructionCacheRange = (void (*)(void *, u32))off2;
         }
     }
+
+    installMmuHooks();
 }
 
 void main(FcramLayout *layout, KCoreContext *ctxs)
@@ -259,7 +370,11 @@ void main(FcramLayout *layout, KCoreContext *ctxs)
     u32 TTBCR_;
     s64 nb;
 
-    layout->systemSize -= __end__ - __start__;
+    cfwInfo = p->cfwInfo;
+    kextBasePa = p->basePA;
+    stolenSystemMemRegionSize = p->stolenSystemMemRegionSize;
+
+    layout->systemSize -= stolenSystemMemRegionSize;
     fcramLayout = *layout;
     coreCtxs = ctxs;
 
@@ -268,7 +383,6 @@ void main(FcramLayout *layout, KCoreContext *ctxs)
     isN3DS = getNumberOfCores() == 4;
     memcpy(L1MMUTableAddrs, (const void *)p->L1MMUTableAddrs, 16);
     exceptionStackTop = (u32 *)0xFFFF2000 + (1 << (32 - TTBCR - 20));
-    cfwInfo = p->cfwInfo;
 
     memcpy(originalHandlers + 1, p->originalHandlers, 16);
     void **arm11SvcTable = (void**)originalHandlers[2];
@@ -276,10 +390,15 @@ void main(FcramLayout *layout, KCoreContext *ctxs)
     memcpy(officialSVCs, arm11SvcTable, 4 * 0x7E);
 
     findUsefulSymbols();
+    buildAlteredSvcTable();
 
     GetSystemInfo(&nb, 26, 0);
     nbSection0Modules = (u32)nb;
 
     rosalinaState = 0;
     hasStartedRosalinaNetworkFuncsOnce = false;
+
+    // DSB, Flush Prefetch Buffer (more or less "isb")
+    __asm__ __volatile__ ("mcr p15, 0, %0, c7, c10, 4" :: "r" (0) : "memory");
+    __asm__ __volatile__ ("mcr p15, 0, %0, c7, c5, 4" :: "r" (0) : "memory");
 }

k11_extension/source/mmu.c

@@ -0,0 +1,319 @@
+#include "mmu.h"
+#include "globals.h"
+#include "utils.h"
+
+extern u8 svcSignalingEnabled;
+
+DescType     L1Descriptor__GetType(u32 descriptor)
+{
+    L1Descriptor   pdesc = {descriptor};
+
+    if (pdesc.reserved.bits1_0 == 0b00)
+        return Descriptor_TranslationFault;
+    if (pdesc.reserved.bits1_0 == 0b01)
+        return Descriptor_CoarsePageTable;
+    if (pdesc.reserved.bits1_0 == 0b10)
+        return pdesc.section.bit18 == 0 ? Descriptor_Section : Descriptor_Supersection;
+    return Descriptor_Reserved;
+}
+
+DescType     L2Descriptor__GetType(u32 descriptor)
+{
+    L2Descriptor    pdesc = {descriptor};
+
+    if (pdesc.translationFault.bits1_0 == 0b01)
+        return Descriptor_LargePage;
+    if (pdesc.smallPage.bit1 == 1)
+        return Descriptor_SmallPage;
+
+    return Descriptor_TranslationFault;
+}
+
+void    L1MMUTable__RWXForAll(u32 *table)
+{
+    u32     *tableEnd = table + 1024;
+
+    for (; table != tableEnd; ++table)
+    {
+        L1Descriptor    descriptor = {*table};
+
+        switch (L1Descriptor__GetType(descriptor.raw))
+        {
+            case Descriptor_CoarsePageTable:
+            {
+                u32     *l2table = (u32 *)((descriptor.coarsePageTable.addr << 10) - 0x40000000);
+
+                L2MMUTable__RWXForAll(l2table);
+                break;
+            }
+            case Descriptor_Section:
+            {
+                descriptor.section.xn = 0;
+                descriptor.section.apx = 0;
+                descriptor.section.ap = 3;
+                *table = descriptor.raw;
+                break;
+            }
+            case Descriptor_Supersection:
+            {
+                descriptor.supersection.xn = 0;
+                descriptor.supersection.ap = 3;
+                *table = descriptor.raw;
+                break;
+            }
+            default:
+                break;
+        }
+    }
+}
+
+void    L2MMUTable__RWXForAll(u32 *table)
+{
+    u32     *tableEnd = table + 256;
+
+    for (; table != tableEnd; ++table)
+    {
+        L2Descriptor    descriptor = {*table};
+
+        switch (L2Descriptor__GetType(descriptor.raw))
+        {
+            case Descriptor_LargePage:
+            {
+                descriptor.largePage.xn = 0;
+                descriptor.largePage.apx = 0;
+                descriptor.largePage.ap = 3;
+                *table = descriptor.raw;
+                break;
+            }
+            case Descriptor_SmallPage:
+            {
+                descriptor.smallPage.xn = 0;
+                descriptor.smallPage.apx = 0;
+                descriptor.smallPage.ap = 3;
+                *table = descriptor.raw;
+                break;
+            }
+            default:
+                break;
+        }
+    }
+}
+
+u32     L1MMUTable__GetPAFromVA(u32 *table, u32 va)
+{
+    u32             pa = 0;
+    L1Descriptor    descriptor = {table[va >> 20]};
+
+    switch (L1Descriptor__GetType(descriptor.raw))
+    {
+        case Descriptor_CoarsePageTable:
+        {
+            u32     *l2table = (u32 *)((descriptor.coarsePageTable.addr << 10) - 0x40000000);
+
+            pa = L2MMUTable__GetPAFromVA(l2table, va);
+            break;
+        }
+        case Descriptor_Section:
+        {
+            pa = descriptor.section.addr << 20;
+            pa |= (va << 12) >> 12;
+            break;
+        }
+        case Descriptor_Supersection:
+        {
+            pa = descriptor.supersection.addr << 24;
+            pa |= (va << 8) >> 8;
+            break;
+        }
+        default:
+            // VA not found
+            break;
+    }
+
+    return pa;
+}
+
+u32     L2MMUTable__GetPAFromVA(u32 *table, u32 va)
+{
+    u32             pa = 0;
+    L2Descriptor    descriptor = {table[(va << 12) >> 24]};
+
+    switch(L2Descriptor__GetType(descriptor.raw))
+    {
+        case Descriptor_LargePage:
+        {
+            pa = descriptor.largePage.addr << 16;
+            pa |= va & 0xFFFF;
+            break;
+        }
+        case Descriptor_SmallPage:
+        {
+            pa = descriptor.smallPage.addr << 12;
+            pa |= va & 0xFFF;
+            break;
+        }
+        default:
+            break;
+    }
+
+    return pa;
+}
+
+u32     L1MMUTable__GetAddressUserPerm(u32 *table, u32 va)
+{
+    u32             perm = 0;
+    L1Descriptor    descriptor = {table[va >> 20]};
+
+    switch (L1Descriptor__GetType(descriptor.raw))
+    {
+        case Descriptor_CoarsePageTable:
+        {
+            u32     *l2table = (u32 *)((descriptor.coarsePageTable.addr << 10) - 0x40000000);
+
+            perm = L2MMUTable__GetAddressUserPerm(l2table, va);
+            break;
+        }
+        case Descriptor_Section:
+        {
+            perm = descriptor.section.ap >> 1;
+
+            if (perm)
+            {
+                perm |= (!descriptor.section.apx && (descriptor.section.ap & 1)) << 1;
+                perm |= (!descriptor.section.xn) << 2;
+            }
+            break;
+        }
+        case Descriptor_Supersection:
+        {
+            perm = descriptor.supersection.ap >> 1;
+
+            if (perm)
+            {
+                perm |= (descriptor.supersection.ap & 1) << 1;
+                perm |= (!descriptor.supersection.xn) << 2;
+            }
+            break;
+        }
+        default:
+            // VA not found
+            break;
+    }
+
+    return perm;
+}
+
+u32     L2MMUTable__GetAddressUserPerm(u32 *table, u32 va)
+{
+    u32             perm = 0;
+    L2Descriptor    descriptor = {table[(va << 12) >> 24]};
+
+    switch(L2Descriptor__GetType(descriptor.raw))
+    {
+        case Descriptor_LargePage:
+        {
+            perm = descriptor.largePage.ap >> 1;
+            if (perm)
+            {
+                perm |= (!descriptor.largePage.apx && (descriptor.largePage.ap & 1)) << 1;
+                perm |= (!descriptor.largePage.xn) << 2;
+            }
+            break;
+        }
+        case Descriptor_SmallPage:
+        {
+            perm = descriptor.smallPage.ap >> 1;
+            if (perm)
+            {
+                perm |= (!descriptor.smallPage.apx && (descriptor.smallPage.ap & 1)) << 1;
+                perm |= (!descriptor.smallPage.xn) << 2;
+            }
+            break;
+        }
+        default:
+            break;
+    }
+
+    return perm;
+}
+
+void    KProcessHwInfo__SetMMUTableToRWX(KProcessHwInfo *hwInfo)
+{
+    KObjectMutex    *mutex = KPROCESSHWINFO_GET_PTR(hwInfo, mutex);
+    u32             *table = KPROCESSHWINFO_GET_RVALUE(hwInfo, mmuTableVA);
+
+    KObjectMutex__Acquire(mutex);
+
+    L1MMUTable__RWXForAll(table);
+
+    KObjectMutex__Release(mutex);
+}
+
+u32     KProcessHwInfo__GetPAFromVA(KProcessHwInfo *hwInfo, u32 va)
+{
+    KObjectMutex    *mutex = KPROCESSHWINFO_GET_PTR(hwInfo, mutex);
+    u32             *table = KPROCESSHWINFO_GET_RVALUE(hwInfo, mmuTableVA);
+
+    KObjectMutex__Acquire(mutex);
+
+    u32 pa = L1MMUTable__GetPAFromVA(table, va);
+
+    KObjectMutex__Release(mutex);
+
+    return pa;
+}
+
+u32     KProcessHwInfo__GetAddressUserPerm(KProcessHwInfo *hwInfo, u32 va)
+{
+    KObjectMutex    *mutex = KPROCESSHWINFO_GET_PTR(hwInfo, mutex);
+    u32             *table = KPROCESSHWINFO_GET_RVALUE(hwInfo, mmuTableVA);
+
+    KObjectMutex__Acquire(mutex);
+
+    u32 perm = L1MMUTable__GetAddressUserPerm(table, va);
+
+    KObjectMutex__Release(mutex);
+
+    return perm;
+}
+
+static union
+{
+    u32     raw;
+    struct
+    {
+        u32     xn      : 1;
+        u32     unkn    : 1;
+        u32     cb      : 2;
+        u32     ap      : 2;
+        u32     tex     : 3;
+        u32     apx     : 1;
+        u32     s       : 1;
+        u32     ng      : 1;
+    };
+} g_rwxState;
+
+// This function patch the permissions when memory is mapped in the mmu table (rwx)
+KProcessHwInfo *PatchDescriptorAccessControl(KProcessHwInfo *hwInfo, u32 **outState)
+{
+    KProcess    *process = (KProcess *)((u32)hwInfo - 0x1C);
+    u32 state = **outState;
+    u32 flags =  KPROCESS_GET_RVALUE(process, customFlags);
+
+    if (flags & SignalOnMemLayoutChanges) {
+        svcSignalingEnabled |= 2;
+        *KPROCESS_GET_PTR(process, customFlags) |= MemLayoutChanged;
+    }        
+
+    if (!(flags & ForceRWXPages))
+        return hwInfo;
+
+    g_rwxState.raw = state;
+    g_rwxState.xn = 0;
+    g_rwxState.ap = 3;
+    g_rwxState.apx = 0;
+
+    *outState = &g_rwxState.raw;
+
+    return hwInfo;
+}

k11_extension/source/svc.c

@@ -28,11 +28,11 @@
 #include "synchronization.h"
 #include "svc.h"
 #include "svc/ControlMemory.h"
+#include "svc/CreateThread.h"
 #include "svc/GetHandleInfo.h"
 #include "svc/GetSystemInfo.h"
 #include "svc/GetProcessInfo.h"
 #include "svc/GetThreadInfo.h"
-#include "svc/GetCFWInfo.h"
 #include "svc/ConnectToPort.h"
 #include "svc/SendSyncRequest.h"
 #include "svc/Break.h"
@@ -44,112 +44,98 @@
 #include "svc/MapProcessMemoryEx.h"
 #include "svc/UnmapProcessMemoryEx.h"
 #include "svc/ControlService.h"
+#include "svc/ControlProcess.h"
+#include "svc/ExitProcess.h"
 #include "svc/CopyHandle.h"
 #include "svc/TranslateHandle.h"
+#include "svc/ControlMemoryUnsafe.h"
 
 void *officialSVCs[0x7E] = {NULL};
+void *alteredSvcTable[0x100] = {NULL};
 
-void signalSvcEntry(u8 *pageEnd)
+static Result BreakHook(UserBreakType breakReason, const void* croInfo, u32 croInfoSize)
 {
-    u32 svcId = (u32) *(u8 *)(pageEnd - 0xB5);
     KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
 
-    if(svcId == 0xFE)
+    void *funptr = (debugOfProcess(currentProcess) != NULL) ? officialSVCs[0x3C] : (void *)Break;
-        svcId = *(u32 *)(pageEnd - 0x110 + 8 * 4); // r12 ; note: max theortical SVC atm: 0x3FFFFFFF. We don't support catching svcIds >= 0x100 atm either
+    return ((Result (*)(UserBreakType, const void *, u32))funptr)(breakReason, croInfo, croInfoSize);
+}
+
+void buildAlteredSvcTable(void)
+{
+    memcpy(alteredSvcTable, officialSVCs, 4 * 0x7E);
+
+    alteredSvcTable[0x01] = ControlMemoryHookWrapper;
+    alteredSvcTable[0x03] = ExitProcessHookWrapper;
+
+    if (isN3DS)
+        alteredSvcTable[0x08] = CreateThreadHookWrapper;
+    alteredSvcTable[0x29] = GetHandleInfoHookWrapper;
+    alteredSvcTable[0x2A] = GetSystemInfoHookWrapper;
+    alteredSvcTable[0x2B] = GetProcessInfoHookWrapper;
+    alteredSvcTable[0x2C] = GetThreadInfoHookWrapper;
+    alteredSvcTable[0x2D] = ConnectToPortHookWrapper;
+
+    alteredSvcTable[0x32] = SendSyncRequestHook;
+    alteredSvcTable[0x3C] = BreakHook;
+
+    alteredSvcTable[0x59] = SetGpuProt;
+    alteredSvcTable[0x5A] = SetWifiEnabled;
+
+    alteredSvcTable[0x7B] = Backdoor;
+    alteredSvcTable[0x7C] = KernelSetStateHook;
+
+    // Custom SVCs past that point
+    alteredSvcTable[0x80] = CustomBackdoor;
+
+    alteredSvcTable[0x90] = convertVAToPA;
+    alteredSvcTable[0x91] = flushDataCacheRange;
+    alteredSvcTable[0x92] = flushEntireDataCache;
+    alteredSvcTable[0x93] = invalidateInstructionCacheRange;
+    alteredSvcTable[0x94] = invalidateEntireInstructionCache;
+
+    alteredSvcTable[0xA0] = MapProcessMemoryExWrapper;
+    alteredSvcTable[0xA1] = UnmapProcessMemoryEx;
+    alteredSvcTable[0xA2] = ControlMemoryEx;
+    alteredSvcTable[0xA3] = ControlMemoryUnsafeWrapper;
+
+    alteredSvcTable[0xB0] = ControlService;
+    alteredSvcTable[0xB1] = CopyHandleWrapper;
+    alteredSvcTable[0xB2] = TranslateHandleWrapper;
+    alteredSvcTable[0xB3] = ControlProcess;
+}
+
+void signalSvcEntry(u32 svcId)
+{
+    KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
 
     // Since DBGEVENT_SYSCALL_ENTRY is non blocking, we'll cheat using EXCEVENT_UNDEFINED_SYSCALL (debug->svcId is fortunately an u16!)
-    if(debugOfProcess(currentProcess) != NULL && shouldSignalSyscallDebugEvent(currentProcess, svcId))
+    if(debugOfProcess(currentProcess) != NULL && svcId != 0xFF && shouldSignalSyscallDebugEvent(currentProcess, svcId))
         SignalDebugEvent(DBGEVENT_OUTPUT_STRING, 0xFFFFFFFE, svcId);
 }
 
-void signalSvcReturn(u8 *pageEnd)
+void signalSvcReturn(u32 svcId)
 {
-    u32 svcId = (u32) *(u8 *)(pageEnd - 0xB5);
     KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
-
+    u32      flags = KPROCESS_GET_RVALUE(currentProcess, customFlags);
-    if(svcId == 0xFE)
-        svcId = *(u32 *)(pageEnd - 0x110 + 8 * 4); // r12 ; note: max theortical SVC atm: 0x1FFFFFFF. We don't support catching svcIds >= 0x100 atm either
 
     // Since DBGEVENT_SYSCALL_RETURN is non blocking, we'll cheat using EXCEVENT_UNDEFINED_SYSCALL (debug->svcId is fortunately an u16!)
-    if(debugOfProcess(currentProcess) != NULL && shouldSignalSyscallDebugEvent(currentProcess, svcId))
+    if((svcSignalingEnabled & 1) != 0 && (currentProcess) != NULL && svcId != 0xFF && shouldSignalSyscallDebugEvent(currentProcess, svcId))
         SignalDebugEvent(DBGEVENT_OUTPUT_STRING, 0xFFFFFFFF, svcId);
+
+    if (flags & SignalOnMemLayoutChanges && flags & MemLayoutChanged)
+    {
+        *KPROCESS_GET_PTR(currentProcess, customFlags) = flags & ~MemLayoutChanged;
+        SignalEvent(KPROCESS_GET_RVALUE(currentProcess, onMemoryLayoutChangeEvent));
+        svcSignalingEnabled &= ~2;
+    }
 }
 
 void postprocessSvc(void)
 {
     KThread *currentThread = currentCoreContext->objectContext.currentThread;
-    if(!currentThread->shallTerminate && rosalinaThreadLockPredicate(currentThread))
+    if(!currentThread->shallTerminate && rosalinaThreadLockPredicate(currentThread, rosalinaState & 5))
         rosalinaRescheduleThread(currentThread, true);
 
     officialPostProcessSvc();
 }
-
-void *svcHook(u8 *pageEnd)
-{
-    KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
-
-    u32 svcId = *(u8 *)(pageEnd - 0xB5);
-    if(svcId == 0xFE)
-        svcId = *(u32 *)(pageEnd - 0x110 + 8 * 4); // r12 ; note: max theortical SVC atm: 0x3FFFFFFF. We don't support catching svcIds >= 0x100 atm either
-    switch(svcId)
-    {
-        case 0x01:
-            return ControlMemoryHookWrapper;
-        case 0x29:
-            return GetHandleInfoHookWrapper;
-        case 0x2A:
-            return GetSystemInfoHookWrapper;
-        case 0x2B:
-            return GetProcessInfoHookWrapper;
-        case 0x2C:
-            return GetThreadInfoHookWrapper;
-        case 0x2D:
-            return ConnectToPortHookWrapper;
-        case 0x2E:
-            return GetCFWInfo; // DEPRECATED
-        case 0x32:
-            return SendSyncRequestHook;
-        case 0x3C:
-            return (debugOfProcess(currentProcess) != NULL) ? officialSVCs[0x3C] : (void *)Break;
-        case 0x59:
-            return SetGpuProt;
-        case 0x5A:
-            return SetWifiEnabled;
-        case 0x7B:
-            return Backdoor;
-        case 0x7C:
-            return KernelSetStateHook;
-
-
-        case 0x80:
-            return CustomBackdoor;
-
-        case 0x90:
-            return convertVAToPA;
-        case 0x91:
-            return flushDataCacheRange;
-        case 0x92:
-            return flushEntireDataCache;
-        case 0x93:
-            return invalidateInstructionCacheRange;
-        case 0x94:
-            return invalidateEntireInstructionCache;
-
-        case 0xA0:
-            return MapProcessMemoryEx;
-        case 0xA1:
-            return UnmapProcessMemoryEx;
-        case 0xA2:
-            return ControlMemoryEx;
-
-        case 0xB0:
-            return ControlService;
-        case 0xB1:
-            return CopyHandleWrapper;
-        case 0xB2:
-            return TranslateHandleWrapper;
-
-        default:
-            return (svcId <= 0x7D) ? officialSVCs[svcId] : NULL;
-    }
-}

k11_extension/source/svc/ConnectToPort.c

@@ -42,7 +42,12 @@ Result ConnectToPortHook(Handle *out, const char *name)
     }
     res = ConnectToPort(out, name);
     if(res != 0)
+    {
+        // Prior to 11.0 kernel didn't zero-initialize output handles, and thus
+        // you could accidentaly close things like the KAddressArbiter handle by mistake...
+        *out = 0;
         return res;
+    }
 
     KProcessHandleTable *handleTable = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
     KClientSession *clientSession = (KClientSession *)KProcessHandleTable__ToKAutoObject(handleTable, *out);

k11_extension/source/svc/ControlMemoryUnsafe.c

@@ -0,0 +1,84 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016-2018 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b and 7.c of GPLv3 apply to this file:
+*       * Requiring preservation of specified reasonable legal notices or
+*         author attributions in that material or in the Appropriate Legal
+*         Notices displayed by works containing it.
+*       * Prohibiting misrepresentation of the origin of that material,
+*         or requiring that modified versions of such material be marked in
+*         reasonable ways as different from the original version.
+*/
+
+#include "globals.h"
+#include "memory.h"
+#include "svc/ControlMemoryUnsafe.h"
+
+Result  ControlMemoryUnsafe(u32 *out, u32 addr0, u32 size, MemOp op, MemPerm perm)
+{
+    Result          res = 0;
+    KProcess        *currentProcess = currentCoreContext->objectContext.currentProcess;
+    KProcessHwInfo  *hwInfo = hwInfoOfProcess(currentProcess);
+
+    KAutoObject__AddReference((KAutoObject *)currentProcess);
+
+    size = size >> 12 << 12;
+    switch (op & MEMOP_OP_MASK)
+    {
+        case MEMOP_FREE:
+        {
+            res = doControlMemory(hwInfo, addr0, size >> 12, 0, 0, 0, 0, 0);
+            break;
+        }
+        case MEMOP_COMMIT:
+        {
+            u32 pAddr = 0;
+            u32 state = 0xBB05;
+            u32 region = op & MEMOP_REGION_MASK;
+
+            perm = (perm & 7) | 0x18;
+            if (op & MEMOP_LINEAR)
+            {
+                void *kvAddr = kAlloc(fcramDescriptor, size >> 12, 0, region);
+
+                if (!kvAddr)
+                {
+                    res = 0xD86007F3;
+                    break;
+                }
+
+                memset(kvAddr, 0, size >> 2);
+                flushDataCacheRange(kvAddr, size);
+                pAddr = (u32)kvAddr + 0x40000000;
+                state = 0x3907;
+            }
+
+            res  = doControlMemory(hwInfo, addr0, size >> 12, pAddr, state, perm, 0, region);
+            if (res >= 0 && out)
+                *out = addr0;
+            break;
+        }
+
+        default:
+            res = 0xE0E01BEE;
+            break;
+    }
+
+    ((KAutoObject *)currentProcess)->vtable->DecrementReferenceCount((KAutoObject *)currentProcess);
+
+    return res;
+}

k11_extension/source/svc/ControlProcess.c

@@ -0,0 +1,208 @@
+#include "svc/ControlProcess.h"
+#include "memory.h"
+#include "mmu.h"
+#include "synchronization.h"
+
+typedef bool (*ThreadPredicate)(KThread *thread);
+
+// Lock bit has to be different from Rosalina to avoid unintended unlock when using Rosalina menu
+static void rescheduleThread(KThread *thread, bool lock)
+{
+    KRecursiveLock__Lock(criticalSectionLock);
+
+    u32 oldSchedulingMask = thread->schedulingMask;
+    if(lock)
+        thread->schedulingMask |= 0x20;
+    else
+        thread->schedulingMask &= ~0x20;
+
+    KScheduler__AdjustThread(currentCoreContext->objectContext.currentScheduler, thread, oldSchedulingMask);
+
+    KRecursiveLock__Unlock(criticalSectionLock);
+}
+
+static void lockThread(KThread *thread)
+{
+    KThread *syncThread = synchronizationMutex->owner;
+
+    if(syncThread == NULL || syncThread != thread)
+        rescheduleThread(thread, true);
+}
+
+Result  ControlProcess(Handle processHandle, ProcessOp op, u32 varg2, u32 varg3)
+{
+    Result              res = 0;
+    KProcess            *process;
+    KProcessHandleTable *handleTable = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
+
+    if(processHandle == CUR_PROCESS_HANDLE)
+    {
+        process = currentCoreContext->objectContext.currentProcess;
+        KAutoObject__AddReference((KAutoObject *)process);
+    }
+    else
+        process = KProcessHandleTable__ToKProcess(handleTable, processHandle);
+
+    if(process == NULL)
+        return 0xD8E007F7; // invalid handle
+
+    switch (op)
+    {
+        case PROCESSOP_GET_ALL_HANDLES:
+        {
+            KProcessHandleTable *table = handleTableOfProcess(process);
+            u32                 *originalHandleList = (u32 *)varg2;
+            u32                 count = 0;
+            u32                 searchForToken = varg3;
+            HandleDescriptor    *handleDesc = table->handleTable == NULL ? table->internalTable : table->handleTable;
+
+            for (u32 idx = 0; idx < (u32)table->maxHandleCount; ++idx, ++handleDesc)
+            {
+                if (handleDesc->pointer == NULL)
+                    continue;
+
+                if (searchForToken)
+                {
+                    KClassToken token;
+
+                    handleDesc->pointer->vtable->GetClassToken(&token, handleDesc->pointer);
+                    if (searchForToken != token.flags)
+                        continue;
+                }
+
+                *originalHandleList++ = idx | ((handleDesc->info << 16) >> 1);
+                ++count;
+            }
+            res = count;
+            break;
+        }
+
+        case PROCESSOP_SET_MMU_TO_RWX:
+        {
+            KProcessHwInfo  *hwInfo = hwInfoOfProcess(process);
+
+            *KPROCESS_GET_PTR(process, customFlags) |= ForceRWXPages;
+            KProcessHwInfo__SetMMUTableToRWX(hwInfo);
+            break;
+        }
+        case PROCESSOP_GET_ON_MEMORY_CHANGE_EVENT:
+        {
+            // Only accept current process for this command
+            if (process != currentCoreContext->objectContext.currentProcess)
+            {
+                res = 0xD8E007F7; // invalid handle
+                break;
+            }
+
+            Handle  *onMemoryLayoutChangeEvent = KPROCESS_GET_PTR(process, onMemoryLayoutChangeEvent);
+
+            if (*onMemoryLayoutChangeEvent == 0)
+                res = CreateEvent(onMemoryLayoutChangeEvent, RESET_ONESHOT);
+
+            if (res >= 0)
+            {
+                *KPROCESS_GET_PTR(process, customFlags) |= SignalOnMemLayoutChanges;
+                KAutoObject * event = KProcessHandleTable__ToKAutoObject(handleTable, *onMemoryLayoutChangeEvent);
+
+                createHandleForThisProcess((Handle *)varg2, event);
+                ((KAutoObject *)event)->vtable->DecrementReferenceCount((KAutoObject *)event);
+            }
+
+            break;
+        }
+
+        case PROCESSOP_SIGNAL_ON_EXIT:
+        {
+            *KPROCESS_GET_PTR(process, customFlags) |= SignalOnExit;
+            break;
+        }
+        case PROCESSOP_GET_PA_FROM_VA:
+        {
+            KProcessHwInfo  *hwInfo = hwInfoOfProcess(process);
+
+            u32 pa = KProcessHwInfo__GetPAFromVA(hwInfo, varg3);
+            *(u32 *)varg2 = pa;
+
+            if (pa == 0)
+                res = 0xE0E01BF5; ///< Invalid address
+
+            break;
+        }
+        case PROCESSOP_SCHEDULE_THREADS:
+        {
+            ThreadPredicate threadPredicate = (ThreadPredicate)varg3;
+
+            KRecursiveLock__Lock(criticalSectionLock);
+
+            if (varg2 == 0) // Unlock
+            {
+                for (KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
+                {
+                    KThread *thread = (KThread *)node->key;
+
+                    if ((thread->schedulingMask & 0xF) == 2) // thread is terminating
+                        continue;
+
+                    if (thread->ownerProcess == process && (thread->schedulingMask & 0x20)
+                       && (threadPredicate == NULL || threadPredicate(thread)))
+                        rescheduleThread(thread, false);
+                }
+            }
+            else // Lock
+            {
+                bool currentThreadsFound = false;
+
+                for(KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
+                {
+                    KThread *thread = (KThread *)node->key;
+
+                    if(thread->ownerProcess != process
+                       || (threadPredicate != NULL && !threadPredicate(thread)))
+                        continue;
+
+                    if(thread == coreCtxs[thread->coreId].objectContext.currentThread)
+                        currentThreadsFound = true;
+                    else
+                        lockThread(thread);
+                }
+
+                if(currentThreadsFound)
+                {
+                    for(KLinkedListNode *node = threadList->list.nodes.first; node != (KLinkedListNode *)&threadList->list.nodes; node = node->next)
+                    {
+                        KThread *thread = (KThread *)node->key;
+
+                        if(thread->ownerProcess != process
+                           || (threadPredicate != NULL && !threadPredicate(thread)))
+                            continue;
+
+                        if(!(thread->schedulingMask & 0x20))
+                        {
+                            lockThread(thread);
+                            KRecursiveLock__Lock(criticalSectionLock);
+                            if(thread->coreId != getCurrentCoreID())
+                            {
+                                u32 cpsr = __get_cpsr();
+                                __disable_irq();
+                                coreCtxs[thread->coreId].objectContext.currentScheduler->triggerCrossCoreInterrupt = true;
+                                currentCoreContext->objectContext.currentScheduler->triggerCrossCoreInterrupt = true;
+                                __set_cpsr_cx(cpsr);
+                            }
+                            KRecursiveLock__Unlock(criticalSectionLock);
+                        }
+                    }
+                    KScheduler__TriggerCrossCoreInterrupt(currentCoreContext->objectContext.currentScheduler);
+                }
+            }
+
+            KRecursiveLock__Unlock(criticalSectionLock);
+            break;
+        }
+        default:
+            res = 0xF8C007F4;
+    }
+
+    ((KAutoObject *)process)->vtable->DecrementReferenceCount((KAutoObject *)process);
+
+    return res;
+}

k11_extension/source/svc/ControlService.c

@@ -73,14 +73,11 @@ Result ControlService(ServiceOp op, u32 varg1, u32 varg2)
         {
             char name[12] = { 0 };
             SessionInfo *info = NULL;
-            if(name != NULL)
+            s32 nb = usrToKernelStrncpy(name, (const char *)varg2, 12);
-            {
+            if(nb < 0)
-                s32 nb = usrToKernelStrncpy(name, (const char *)varg2, 12);
+                return 0xD9001814;
-                if(nb < 0)
+            else if(nb == 12 && name[11] != 0)
-                    return 0xD9001814;
+                return 0xE0E0181E;
-                else if(nb == 12 && name[11] != 0)
-                    return 0xE0E0181E;
-            }
 
             info = SessionInfo_FindFirst(name);
 

k11_extension/source/svc/CreateThread.c

@@ -0,0 +1,37 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016-2023 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b and 7.c of GPLv3 apply to this file:
+*       * Requiring preservation of specified reasonable legal notices or
+*         author attributions in that material or in the Appropriate Legal
+*         Notices displayed by works containing it.
+*       * Prohibiting misrepresentation of the origin of that material,
+*         or requiring that modified versions of such material be marked in
+*         reasonable ways as different from the original version.
+*/
+
+#include "svc/CreateThread.h"
+
+Result CreateThreadHook(Handle *outThreadHandle, u32 ep, u32 arg, u32 stackTop, s32 priority, s32 processorId)
+{
+    u32 flags = flagsOfProcess(currentCoreContext->objectContext.currentProcess);
+    if (isN3DS && CONFIG(REDIRECTAPPTHREADS) && !disableThreadRedirection && processorId == 1 && (flags & 0xF00) == 0x100)
+        processorId = 2;
+
+    return CreateThread(outThreadHandle, ep, arg, stackTop, priority, processorId);
+}
+

k11_extension/source/svc/ExitProcess.c

@@ -0,0 +1,32 @@
+#include "svc/ExitProcess.h"
+
+void ExitProcessHook(void) {
+    KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
+    u32      flags = KPROCESS_GET_RVALUE(currentProcess, customFlags);
+
+    if (flags & SignalOnExit)
+    {
+        // Signal that the process is about to be terminated
+        if (PLG_GetStatus() == PLG_CFG_RUNNING)
+            PLG_SignalEvent(PLG_CFG_EXIT_EVENT);
+
+        // Unlock all threads that might be locked
+        {
+            KRecursiveLock__Lock(criticalSectionLock);
+
+            for (KLinkedListNode *node = threadList->list.nodes.first;
+                node != (KLinkedListNode *)&threadList->list.nodes;
+                node = node->next)
+            {
+                KThread *thread = (KThread *)node->key;
+
+                if (thread->ownerProcess == currentProcess && thread->schedulingMask & 0x20)
+                    thread->schedulingMask &= ~0x20;
+            }
+
+            KRecursiveLock__Unlock(criticalSectionLock);
+        }
+    }
+
+    return ((void(*)())officialSVCs[0x3])();
+}

k11_extension/source/svc/GetHandleInfo.c

@@ -29,11 +29,14 @@
 
 Result GetHandleInfoHook(s64 *out, Handle handle, u32 type)
 {
-    if(type == 0x10000) // KDebug and KProcess: get context ID
+    Result res = 0;
+
+    if(type >= 0x10000)
     {
-        KProcessHwInfo *hwInfo;
+        KProcessHwInfo      *hwInfo;
         KProcessHandleTable *handleTable = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
-        KAutoObject *obj;
+        KAutoObject         *obj;
+
         if(handle == CUR_PROCESS_HANDLE)
         {
             obj = (KAutoObject *)(currentCoreContext->objectContext.currentProcess);
@@ -45,18 +48,82 @@ Result GetHandleInfoHook(s64 *out, Handle handle, u32 type)
         if(obj == NULL)
             return 0xD8E007F7;
 
-        if(strcmp(classNameOfAutoObject(obj), "KDebug") == 0)
+        switch (type)
-            hwInfo = hwInfoOfProcess(((KDebug *)obj)->owner);
+        {
-        else if(strcmp(classNameOfAutoObject(obj), "KProcess") == 0)
+            case 0x10000: ///< Get ctx id (should probably move it to GetProcessInfo)
-            hwInfo = hwInfoOfProcess((KProcess *)obj);
+            {
-        else
+                if(strcmp(classNameOfAutoObject(obj), "KDebug") == 0)
-            hwInfo = NULL;
+                    hwInfo = hwInfoOfProcess(((KDebug *)obj)->owner);
+                else if(strcmp(classNameOfAutoObject(obj), "KProcess") == 0)
+                    hwInfo = hwInfoOfProcess((KProcess *)obj);
+                else
+                    hwInfo = NULL;
 
-        *out = hwInfo != NULL ? KPROCESSHWINFO_GET_RVALUE(hwInfo, contextId) : -1;
+                *out = hwInfo != NULL ? KPROCESSHWINFO_GET_RVALUE(hwInfo, contextId) : -1;
+                break;
+            }
+            case 0x10001: ///< Get referenced object flags (token)
+            {
+                KClassToken token;
+
+                obj->vtable->GetClassToken(&token, obj);
+                *out = token.flags;
+                break;
+            }
+            case 0x10002: ///< Get object owner
+            {
+                Handle          hOut;
+                KClassToken     token;
+                KProcess *      owner = NULL;
+
+                obj->vtable->GetClassToken(&token, obj);
+                switch(token.flags)
+                {
+                    case TOKEN_KEVENT:
+                        owner = ((KEvent *)obj)->owner;
+                        break;
+                    case TOKEN_KSEMAPHORE:
+                        owner = ((KSemaphore *)obj)->owner;
+                        break;
+                    case TOKEN_KTIMER:
+                        owner = ((KTimer *)obj)->owner;
+                        break;
+                    case TOKEN_KMUTEX:
+                        owner = ((KMutex *)obj)->owner;
+                        break;
+                    case TOKEN_KDEBUG:
+                        owner = ((KDebug *)obj)->owner;
+                        break;
+                    case TOKEN_KTHREAD:
+                        owner = ((KThread *)obj)->ownerProcess;
+                        break;
+                    case TOKEN_KADDRESSARBITER:
+                        owner = ((KAddressArbiter *)obj)->owner;
+                        break;
+                    case TOKEN_KSHAREDMEMORY:
+                        owner = ((KSharedMemory *)obj)->owner;
+                        break;
+                    default:
+                        break;
+                }
+
+                if (owner == NULL)
+                    res =  0xD8E007F7;
+
+                res = createHandleForThisProcess(&hOut, (KAutoObject *)owner);
+                *out = hOut;
+
+                break;
+            }
+
+            default:
+                res = 0xF8C007F4;
+                break;
+        }
 
         obj->vtable->DecrementReferenceCount(obj);
-        return 0;
+        return res;
     }
-    else
+    
-        return GetHandleInfo(out, handle, type);
+    return GetHandleInfo(out, handle, type);
 }

k11_extension/source/svc/GetProcessInfo.c

@@ -79,6 +79,14 @@ Result GetProcessInfoHook(s64 *out, Handle processHandle, u32 type)
                 *out = ttb & ~((1 << (14 - TTBCR)) - 1);
                 break;
             }
+            case 0x10009:
+            {
+                KProcessHwInfo *hwInfo = hwInfoOfProcess(process);
+                u32 mmusize = KPROCESSHWINFO_GET_RVALUE(hwInfo, mmuTableSize);
+                u32 mmupa = (u32)PA_FROM_VA_PTR(KPROCESSHWINFO_GET_RVALUE(hwInfo, mmuTableVA));
+                *out = (s64)(mmusize | ((s64)mmupa << 32));
+                break;
+            }
             default:
                 res = 0xD8E007ED; // invalid enum value
                 break;

k11_extension/source/svc/GetSystemInfo.c

@@ -37,8 +37,17 @@ Result GetSystemInfoHook(s64 *out, s32 type, s32 param)
     {
         case 0x10000:
         {
-            switch(param)
+            if (param >= 0x400 && param < 0x500) {
+                *out = 0;
+                s32 offset = param - 0x400;
+                s32 toCopy = (s32)sizeof(cfwInfo.launchedPath) - offset;
+                if (toCopy > 8) toCopy = 8;
+                memcpy(out, (u8*)cfwInfo.launchedPath + offset, (toCopy > 0) ? toCopy : 0);
+            }
+            else switch(param)
             {
+                // Please do not use these, except 0, 1, and 0x200
+                // Other types may get removed or reordered without notice
                 case 0:
                     *out = SYSTEM_VERSION(cfwInfo.versionMajor, cfwInfo.versionMinor, cfwInfo.versionBuild);
                     break;
@@ -57,14 +66,72 @@ Result GetSystemInfoHook(s64 *out, s32 type, s32 param)
                 case 5:
                     *out = cfwInfo.bootConfig;
                     break;
-
+                case 6:
+                    *out = cfwInfo.splashDurationMsec;
+                    break;
+                case 7:
+                    *out = (s64)cfwInfo.volumeSliderOverride;
+                    break;
+                case 0x10:
+                    *out = (s64)cfwInfo.autobootTwlTitleId;
+                    break;
+                case 0x11:
+                    *out = cfwInfo.autobootCtrAppmemtype;
+                    break;
+                case 0x80:
+                    *out = fcramDescriptor->appRegion.regionSizeInBytes;
+                    break;
                 case 0x100:
                     *out = (s64)cfwInfo.hbldr3dsxTitleId;
                     break;
                 case 0x101:
                     *out = cfwInfo.rosalinaMenuCombo;
                     break;
-
+                case 0x102:
+                    *out = cfwInfo.topScreenFilter.cct;
+                    break;
+                case 0x103:
+                    *out = (s64)cfwInfo.ntpTzOffetMinutes;
+                    break;
+                case 0x104:
+                    *out = cfwInfo.topScreenFilter.gammaEnc;
+                    break;
+                case 0x105:
+                    *out = cfwInfo.topScreenFilter.contrastEnc;
+                    break;
+                case 0x106:
+                    *out = cfwInfo.topScreenFilter.brightnessEnc;
+                    break;
+                case 0x107:
+                    *out = (s64)cfwInfo.topScreenFilter.invert;
+                    break;
+                case 0x108:
+                    *out = cfwInfo.bottomScreenFilter.cct;
+                    break;
+                case 0x109:
+                    *out = cfwInfo.bottomScreenFilter.gammaEnc;
+                    break;
+                case 0x10A:
+                    *out = cfwInfo.bottomScreenFilter.contrastEnc;
+                    break;
+                case 0x10B:
+                    *out = cfwInfo.bottomScreenFilter.brightnessEnc;
+                    break;
+                case 0x10C:
+                    *out = (s64)cfwInfo.bottomScreenFilter.invert;
+                    break;
+                case 0x10D:
+                    *out = (s64)cfwInfo.topScreenFilter.colorCurveCorrection;
+                    break;
+                case 0x10E:
+                    *out = (s64)cfwInfo.bottomScreenFilter.colorCurveCorrection;
+                    break;
+                case 0x180:
+                    *out = cfwInfo.pluginLoaderFlags;
+                    break;
+                case 0x181:
+                    *out = disableThreadRedirection;
+                    break;
                 case 0x200: // isRelease
                     *out = cfwInfo.flags & 1;
                     break;
@@ -79,10 +146,15 @@ Result GetSystemInfoHook(s64 *out, s32 type, s32 param)
                     break;
 
                 case 0x300: // K11Ext size
-                    *out = (s64)(__end__ - __start__);
+                    *out = (s64)(((u64)kextBasePa << 32) | (u64)(__end__ - __start__));
+                    break;
+
+                case 0x301: // stolen SYSTEM memory size
+                    *out = stolenSystemMemRegionSize;
                     break;
 
                 default:
+                    *out = 0;
                     res = 0xF8C007F4; // not implemented
                     break;
             }
@@ -105,13 +177,16 @@ Result GetSystemInfoHook(s64 *out, s32 type, s32 param)
                         *out = L2C_CTRL & 1;
                         break;
                     default:
+                        *out = 0;
                         res = 0xF8C007F4;
                         break;
                 }
             }
             else
+            {
+                *out = 0;
                 res = 0xF8C007F4;
-
+            }
             break;
         }
 
@@ -128,7 +203,10 @@ Result GetSystemInfoHook(s64 *out, s32 type, s32 param)
                     if((u32)param <= getNumberOfCores())
                         *out = L1MMUTableAddrs[param - 1];
                     else
+                    {
+                        *out = 0;
                         res = 0xF8C007F4;
+                    }
 
                     break;
                 }
@@ -136,6 +214,13 @@ Result GetSystemInfoHook(s64 *out, s32 type, s32 param)
 
             break;
         }
+
+        case 0x20000:
+        {
+            *out = 0;
+            return 1;
+        }
+
         default:
             GetSystemInfo(out, type, param);
             break;

k11_extension/source/svc/KernelSetState.c

@@ -35,6 +35,9 @@
 static u32 nbEnabled = 0;
 static u32 maskedPids[MAX_DEBUG];
 static u32 masks[MAX_DEBUG][8] = {0};
+static bool forceBetterSoc = false;
+
+u8 svcSignalingEnabled = 0;
 
 bool shouldSignalSyscallDebugEvent(KProcess *process, u8 svcId)
 {
@@ -65,6 +68,7 @@ Result SetSyscallDebugEventMask(u32 pid, bool enable, const u32 *mask)
     {
         maskedPids[nbEnabled] = pid;
         memcpy(&masks[nbEnabled++], tmpMask, 32);
+        svcSignalingEnabled |= 1;
     }
     else
     {
@@ -84,6 +88,7 @@ Result SetSyscallDebugEventMask(u32 pid, bool enable, const u32 *mask)
         }
         maskedPids[--nbEnabled] = 0;
         memset(&masks[nbEnabled], 0, 32);
+        svcSignalingEnabled &= ~1;
     }
 
     KRecursiveLock__Unlock(&syscallDebugEventMaskLock);
@@ -97,6 +102,16 @@ Result KernelSetStateHook(u32 type, u32 varg1, u32 varg2, u32 varg3)
 
     switch(type)
     {
+        case 0xA: // Type 10 (ConfigureNew3DSCPU)
+        {
+            if (varg1 & (1 << 2)) // Lock faster speed
+                forceBetterSoc = true;
+            else if (varg1 & (1 << 3)) // Unlock faster speed
+                forceBetterSoc = false;
+            else
+                res = KernelSetState(type, forceBetterSoc ? 3 : varg1, varg2, varg3);
+            break;
+        }
         case 0x10000:
         {
             do
@@ -104,14 +119,22 @@ Result KernelSetStateHook(u32 type, u32 varg1, u32 varg2, u32 varg3)
                 __ldrex((s32 *)&rosalinaState);
             }
             while(__strex((s32 *)&rosalinaState, (s32)(rosalinaState ^ varg1)));
+            __dmb();
 
-            if(rosalinaState & 2)
+            if(rosalinaState & 0x10)
                 hasStartedRosalinaNetworkFuncsOnce = true;
 
-            if(rosalinaState & 1)
+            // 1: all applet/app/dsp/csnd... threads 2: gsp 4: hid/ir
-                rosalinaLockAllThreads();
+            for (u32 v = 4; v != 0; v >>= 1)
-            else if(varg1 & 1)
+            {
-                rosalinaUnlockAllThreads();
+                if (varg1 & v)
+                {
+                    if (rosalinaState & v)
+                        rosalinaLockThreads(v);
+                    else
+                        rosalinaUnlockThreads(v);
+                }
+            }
 
             break;
         }
@@ -178,6 +201,20 @@ Result KernelSetStateHook(u32 type, u32 varg1, u32 varg2, u32 varg3)
             KRecursiveLock__Unlock(&dbgParamsLock);
             break;
         }
+        case 0x10007:
+        {
+            if (signalPluginEvent == NULL && varg1)
+            {
+                KProcessHandleTable *table = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
+                signalPluginEvent = (KEvent *)KProcessHandleTable__ToKAutoObject(table, varg1);
+            }
+            break;
+        }
+        case 0x10080:
+        {
+            disableThreadRedirection = varg1 != 0;
+            break;
+        }
         default:
         {
             res = KernelSetState(type, varg1, varg2, varg3);

k11_extension/source/svc/MapProcessMemoryEx.c

@@ -26,19 +26,61 @@
 
 #include "svc/MapProcessMemoryEx.h"
 
-Result MapProcessMemoryEx(Handle processHandle, void *dst, void *src, u32 size)
+Result  MapProcessMemoryEx(Handle dstProcessHandle, u32 vaDst, Handle srcProcessHandle, u32 vaSrc, u32 size, MapExFlags flags)
 {
+    Result          res = 0;
+    u32             sizeInPage = size >> 12;
+    KLinkedList     list;
+    KProcess        *srcProcess;
+    KProcess        *dstProcess;
     KProcessHandleTable *handleTable = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
-    KProcessHwInfo *currentHwInfo = hwInfoOfProcess(currentCoreContext->objectContext.currentProcess);
-    KProcess *process = KProcessHandleTable__ToKProcess(handleTable, processHandle);
 
-    if(process == NULL)
+    if (dstProcessHandle == CUR_PROCESS_HANDLE)
+    {
+        dstProcess = currentCoreContext->objectContext.currentProcess;
+        KAutoObject__AddReference((KAutoObject *)dstProcess);
+    }
+    else
+        dstProcess = KProcessHandleTable__ToKProcess(handleTable, dstProcessHandle);
+
+    if (dstProcess == NULL)
         return 0xD8E007F7;
 
-    Result res = KProcessHwInfo__MapProcessMemory(currentHwInfo, hwInfoOfProcess(process), dst, src, size >> 12);
+    if (srcProcessHandle == CUR_PROCESS_HANDLE)
+    {
+        srcProcess = currentCoreContext->objectContext.currentProcess;
+        KAutoObject__AddReference((KAutoObject *)srcProcess);
+    }
+    else
+        srcProcess = KProcessHandleTable__ToKProcess(handleTable, srcProcessHandle);
 
-    KAutoObject *obj = (KAutoObject *)process;
+    if (srcProcess == NULL)
-    obj->vtable->DecrementReferenceCount(obj);
+    {
+        res =  0xD8E007F7;
+        goto exit1;
+    }
+
+    KLinkedList__Initialize(&list);
+
+    res = KProcessHwInfo__GetListOfKBlockInfoForVA(hwInfoOfProcess(srcProcess), &list, vaSrc, sizeInPage);
+
+    if (res >= 0)
+    {
+        // Check if the destination address is free and large enough
+        res = KProcessHwInfo__CheckVaState(hwInfoOfProcess(dstProcess), vaDst, size, 0, 0);
+        if (res == 0)
+            res = KProcessHwInfo__MapListOfKBlockInfo(hwInfoOfProcess(dstProcess), vaDst, &list, (flags & MAPEXFLAGS_PRIVATE) ? 0xBB05 : 0x5806, MEMPERM_RW | 0x18, 0);
+    }
+
+    KLinkedList_KBlockInfo__Clear(&list);
+
+    ((KAutoObject *)srcProcess)->vtable->DecrementReferenceCount((KAutoObject *)srcProcess);
+
+exit1:
+    ((KAutoObject *)dstProcess)->vtable->DecrementReferenceCount((KAutoObject *)dstProcess);
+
+    invalidateEntireInstructionCache();
+    flushEntireDataCache();
 
     return res;
 }

k11_extension/source/svc/SendSyncRequest.c

@@ -28,9 +28,16 @@
 #include "svc/SendSyncRequest.h"
 #include "ipc.h"
 
+static inline bool isNdmuWorkaround(const SessionInfo *info, u32 pid)
+{
+    return info != NULL && strcmp(info->name, "ndm:u") == 0 && hasStartedRosalinaNetworkFuncsOnce && pid >= nbSection0Modules;
+}
+
 Result SendSyncRequestHook(Handle handle)
 {
-    KProcessHandleTable *handleTable = handleTableOfProcess(currentCoreContext->objectContext.currentProcess);
+    KProcess *currentProcess = currentCoreContext->objectContext.currentProcess;
+    KProcessHandleTable *handleTable = handleTableOfProcess(currentProcess);
+    u32 pid = idOfProcess(currentProcess);
     KClientSession *clientSession = (KClientSession *)KProcessHandleTable__ToKAutoObject(handleTable, handle);
 
     u32 *cmdbuf = (u32 *)((u8 *)currentCoreContext->objectContext.currentThread->threadLocalStorage + 0x80);
@@ -47,7 +54,7 @@ Result SendSyncRequestHook(Handle handle)
             case 0x10042:
             {
                 SessionInfo *info = SessionInfo_Lookup(clientSession->parentSession);
-                if(info != NULL && strcmp(info->name, "ndm:u") == 0 && hasStartedRosalinaNetworkFuncsOnce)
+                if(isNdmuWorkaround(info, pid))
                 {
                     cmdbuf[0] = 0x10040;
                     cmdbuf[1] = 0;
@@ -87,7 +94,7 @@ Result SendSyncRequestHook(Handle handle)
             case 0x20002:
             {
                 SessionInfo *info = SessionInfo_Lookup(clientSession->parentSession);
-                if(info != NULL && strcmp(info->name, "ndm:u") == 0 && hasStartedRosalinaNetworkFuncsOnce)
+                if(isNdmuWorkaround(info, pid))
                 {
                     cmdbuf[0] = 0x20040;
                     cmdbuf[1] = 0;
@@ -100,7 +107,7 @@ Result SendSyncRequestHook(Handle handle)
             case 0x50100:
             {
                 SessionInfo *info = SessionInfo_Lookup(clientSession->parentSession);
-                if(info != NULL && (strcmp(info->name, "srv:") == 0 || (kernelVersion < SYSTEM_VERSION(2, 39, 4) && strcmp(info->name, "srv:pm") == 0)))
+                if(info != NULL && (strcmp(info->name, "srv:") == 0 || (GET_VERSION_MINOR(kernelVersion) < 39 && strcmp(info->name, "srv:pm") == 0)))
                 {
                     char name[9] = { 0 };
                     memcpy(name, cmdbuf + 1, 8);
@@ -119,6 +126,12 @@ Result SendSyncRequestHook(Handle handle)
                             outClientSession->syncObject.autoObject.vtable->DecrementReferenceCount(&outClientSession->syncObject.autoObject);
                         }
                     }
+                    else
+                    {
+                        // Prior to 11.0 kernel didn't zero-initialize output handles, and thus
+                        // you could accidentaly close things like the KAddressArbiter handle by mistake...
+                        cmdbuf[3] = 0;
+                    }
                 }
 
                 break;
@@ -129,7 +142,7 @@ Result SendSyncRequestHook(Handle handle)
                 if(!hasStartedRosalinaNetworkFuncsOnce)
                     break;
                 SessionInfo *info = SessionInfo_Lookup(clientSession->parentSession);
-                skip = info != NULL && strcmp(info->name, "ndm:u") == 0; // SuspendScheduler
+                skip = isNdmuWorkaround(info, pid); // SuspendScheduler
                 if(skip)
                     cmdbuf[1] = 0;
                 break;
@@ -140,7 +153,7 @@ Result SendSyncRequestHook(Handle handle)
                 if(!hasStartedRosalinaNetworkFuncsOnce)
                     break;
                 SessionInfo *info = SessionInfo_Lookup(clientSession->parentSession);
-                if(info != NULL && strcmp(info->name, "ndm:u") == 0) // ResumeScheduler
+                if(isNdmuWorkaround(info, pid)) // ResumeScheduler
                 {
                     cmdbuf[0] = 0x90040;
                     cmdbuf[1] = 0;
@@ -149,6 +162,43 @@ Result SendSyncRequestHook(Handle handle)
                 break;
             }
 
+            case 0x00C0080: // srv: publishToSubscriber
+            {
+                SessionInfo *info = SessionInfo_Lookup(clientSession->parentSession);
+
+                if (info != NULL && strcmp(info->name, "srv:") == 0 && cmdbuf[1] == 0x1002)
+                {
+                    // Wake up application thread
+                    PLG__WakeAppThread();
+                    cmdbuf[0] = 0xC0040;
+                    cmdbuf[1] = 0;
+                    skip = true;
+                }
+                break;
+            }
+
+            case 0x00D0080: // APT:ReceiveParameter
+            {
+                SessionInfo *info = SessionInfo_Lookup(clientSession->parentSession);
+
+                if (info != NULL && strncmp(info->name, "APT:", 4) == 0 && cmdbuf[1] == 0x300)
+                {
+                    res = SendSyncRequest(handle);
+                    skip = true;
+
+                    if (res >= 0)
+                    {
+                        u32 plgStatus = PLG_GetStatus();
+                        u32 command = cmdbuf[3];
+
+                        if ((plgStatus == PLG_CFG_RUNNING && command == 3) // COMMAND_RESPONSE
+                        || (plgStatus == PLG_CFG_INHOME && (command >= 10 || command <= 12)))  // COMMAND_WAKEUP_BY_EXIT || COMMAND_WAKEUP_BY_PAUSE
+                            PLG_SignalEvent(PLG_CFG_HOME_EVENT);
+                    }
+                }
+                break;
+            }
+
             case 0x4010082:
             {
                 SessionInfo *info = SessionInfo_Lookup(clientSession->parentSession);

k11_extension/source/svc/SetGpuProt.c

@@ -26,7 +26,7 @@
 
 #include "svc/SetGpuProt.h"
 
-Result SetGpuProt(bool prot UNUSED)
+Result SetGpuProt(bool prot CTR_UNUSED)
 {
     return 0;
 }