MochaLite/ios_mcp/source/mcp_loadfile.c

/* Patch for MCP_LoadFile (ioctl 0x53).
 * Also adds a sibling ioctl, 0x64, that allows setting a custom path to a main RPX
 *
 * Reference for most of the types and whatever:
 * https://github.com/exjam/decaf-emu/tree/ios/src/libdecaf/src/ios/mcp
 *
 * This is a proof of concept, and shouldn't be used until it's cleaned up a bit.
 * Co-authored by exjam, Maschell and QuarkTheAwesome
 *
 * Flow of calls:
 * - kernel loads system libraries, app rpx or user calls OSDynLoad
 * - goes to loader.elf, which will call ioctl 0x53
 *   - with fileType = LOAD_FILE_CAFE_OS
 *   - on failure, again with LOAD_FILE_PROCESS_CODE
 *   - on failure, again with LOAD_FILE_SYS_DATA_CODE
 * - each request routes here where we can do whatever
 */

#include "logger.h"
#include "ipc_types.h"
#include <string.h>

typedef enum {
    //Load from the process's code directory (process title id)/code/%s
    LOAD_FILE_PROCESS_CODE = 0,
    //Load from the CafeOS directory (00050010-1000400A)/code/%s
    LOAD_FILE_CAFE_OS = 1,
    //Load from a system data title's content directory (0005001B-x)/content/%s
    LOAD_FILE_SYS_DATA_CONTENT = 2,
    //Load from a system data title's code directory (0005001B-x)/content/%s
    LOAD_FILE_SYS_DATA_CODE = 3,

    LOAD_FILE_FORCE_SIZE = 0xFFFFFFFF,
} MCPFileType;

typedef struct {
    unsigned char unk[0x10];

    unsigned int pos;
    MCPFileType type;
    unsigned int cafe_pid;

    unsigned char unk2[0xC];

    char name[0x40];

    unsigned char unk3[0x12D8 - 0x68];
} MCPLoadFileRequest;
//sizeof(MCPLoadFileRequest) = 0x12D8

int (*const real_MCP_LoadFile)(ipcmessage* msg) = (void*)0x0501CAA8 + 1; //+1 for thumb
int (*const MCP_DoLoadFile)(const char* path, const char* path2, void* outputBuffer, u32 outLength, u32 pos, int* bytesRead, u32 unk) = (void*)0x05017248 + 1;
int (*const MCP_UnknownStuff)(const char* path, u32 pos, void* outputBuffer, u32 outLength, u32 outLength2, u32 unk) = (void*)0x05014CAC + 1;

static int MCP_LoadCustomFile(char* path, ipcmessage* msg, MCPLoadFileRequest* request);
static bool replacerpx = false;
static bool didrpxfirstchunk = false;
static char rpxpath[0x280];

#define log(fmt, ...) log_printf("%s: " fmt, __FUNCTION__, __VA_ARGS__)
#define FAIL_ON(cond, val) \
    if (cond) { \
        log(#cond " (%08X)", val); \
        return -29; \
    }

int _MCP_LoadFile_patch(ipcmessage* msg) {
    FAIL_ON(!msg->ioctl.buffer_in, 0);
    FAIL_ON(msg->ioctl.length_in != 0x12D8, msg->ioctl.length_in);
    FAIL_ON(!msg->ioctl.buffer_io, 0);
    FAIL_ON(!msg->ioctl.length_io, 0);

    MCPLoadFileRequest* request = (MCPLoadFileRequest*)msg->ioctl.buffer_in;
    log("msg->ioctl.buffer_io = %p, msg->ioctl.length_io = 0x%X\n", msg->ioctl.buffer_io, msg->ioctl.length_io);
    log("request->type = %d, request->pos = %d, request->name = \"%s\"\n", request->type, request->pos, request->name);

    if (request->type == LOAD_FILE_CAFE_OS &&
        request->name[0] == '*') {
        char path[0x40];

    /*  Translate request->name to a path by replacing * with / */
        for (int i = 0; i < 0x40; ++i) {
            if (request->name[i] == '*') {
                path[i] = '/';
            } else {
                path[i] = request->name[i];
            }
        }

        int result = MCP_LoadCustomFile(path, msg, request);
        if (result >= 0) return result;
    } else if (replacerpx) {
    /*  RPX replacement!
        Only replace this chunk if:
        - replacerpx is true (replace the next rpx to be loaded)
        - this file is an rpx
        and either of the following:
        - we haven't read the first chunk yet
        - this is not the first chunk

        The goal here is only to replace an rpx once. Reading at pos = 0 signifies a
        new rpx load - these conditions detect that. */
        char* extension = request->name + strlen(request->name) - 3;
        if (extension[0] == 'r' &&
            extension[1] == 'p' &&
            extension[2] == 'x') {

            if (!didrpxfirstchunk || request->pos > 0) {
                int result = MCP_LoadCustomFile(rpxpath, msg, request);
                if (result >= 0) {
                    if (request->pos == 0) didrpxfirstchunk = true;
                    return result;
                }
            } else {
            /*  This is the second time reading the first chunk of an rpx.
                Therefore we have already replaced the rpx we were asked to. */
                replacerpx = false;
            }
        }
    }

    return real_MCP_LoadFile(msg);
}

static int MCP_LoadCustomFile(char* path, ipcmessage* msg, MCPLoadFileRequest* request) {
    log("Load custom path \"%s\"\n", path);

/*  TODO: If this fails, try last argument as 1 */
    int bytesRead = 0;
    int result = MCP_DoLoadFile(path, NULL, msg->ioctl.buffer_io, msg->ioctl.length_io, request->pos, &bytesRead, 0);
    log("MCP_DoLoadFile returned %d, bytesRead = %d\n", result, bytesRead);

    if (result >= 0) {
        if (!bytesRead) {
            return 0;
        }

    /*  TODO: If this fails, try last argument as 1 */
        result = MCP_UnknownStuff(path, request->pos, msg->ioctl.buffer_io, msg->ioctl.length_io, msg->ioctl.length_io, 0);
        log("MCP_UnknownStuff returned %d\n", result);

        if (result >= 0) {
            return bytesRead;
        }
    }
    return result;
}

/*  RPX replacement! Call this ioctl to replace the next loaded RPX with an arbitrary path.
    DO NOT RETURN 0, this affects the codepaths back in the IOSU code */
int _MCP_ioctl100_patch(ipcmessage* msg) {
/*  Give some method to detect this ioctl's prescence, even if the other args are bad */
    if (msg->ioctl.buffer_io && msg->ioctl.length_io >= sizeof(u32)) {
        *(u32*)msg->ioctl.buffer_io = 1;
    }

    FAIL_ON(!msg->ioctl.buffer_in, 0);
    FAIL_ON(!msg->ioctl.length_in, 0);
    FAIL_ON(msg->ioctl.length_in > sizeof(rpxpath) - 1, msg->ioctl.length_in);

    strncpy(rpxpath, (const char*)msg->ioctl.buffer_in, sizeof(rpxpath) - 1);
    rpxpath[sizeof(rpxpath) - 1] = '\0';

    replacerpx = true;
    didrpxfirstchunk = false;

    log("Will load %s for next title\n", rpxpath);

/*  Signal that all went well */
    if (msg->ioctl.buffer_io && msg->ioctl.length_io >= sizeof(u32)) {
        *(u32*)msg->ioctl.buffer_io = 2;
    }
    return 1;
}
Add types, enums and whatever to MCP_LoadFile patch 2018-05-09 02:34:44 +02:00			`/* Patch for MCP_LoadFile (ioctl 0x53).`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00			`* Also adds a sibling ioctl, 0x64, that allows setting a custom path to a main RPX`
Add types, enums and whatever to MCP_LoadFile patch 2018-05-09 02:34:44 +02:00			`*`
			`* Reference for most of the types and whatever:`
			`* https://github.com/exjam/decaf-emu/tree/ios/src/libdecaf/src/ios/mcp`
			`*`
			`* This is a proof of concept, and shouldn't be used until it's cleaned up a bit.`
Add @exjam's MCP_LoadFile patch, allowing loading rpls from anywhere 2018-05-10 13:20:53 +02:00			`* Co-authored by exjam, Maschell and QuarkTheAwesome`
Add types, enums and whatever to MCP_LoadFile patch 2018-05-09 02:34:44 +02:00			`*`
			`* Flow of calls:`
			`* - kernel loads system libraries, app rpx or user calls OSDynLoad`
			`* - goes to loader.elf, which will call ioctl 0x53`
			`* - with fileType = LOAD_FILE_CAFE_OS`
			`* - on failure, again with LOAD_FILE_PROCESS_CODE`
			`* - on failure, again with LOAD_FILE_SYS_DATA_CODE`
			`* - each request routes here where we can do whatever`
			`*/`

Add @exjam's MCP_LoadFile patch, allowing loading rpls from anywhere 2018-05-10 13:20:53 +02:00			`#include "logger.h"`
Add types, enums and whatever to MCP_LoadFile patch 2018-05-09 02:34:44 +02:00			`#include "ipc_types.h"`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00			`#include <string.h>`
Add types, enums and whatever to MCP_LoadFile patch 2018-05-09 02:34:44 +02:00
			`typedef enum {`
			`//Load from the process's code directory (process title id)/code/%s`
			`LOAD_FILE_PROCESS_CODE = 0,`
			`//Load from the CafeOS directory (00050010-1000400A)/code/%s`
			`LOAD_FILE_CAFE_OS = 1,`
			`//Load from a system data title's content directory (0005001B-x)/content/%s`
			`LOAD_FILE_SYS_DATA_CONTENT = 2,`
			`//Load from a system data title's code directory (0005001B-x)/content/%s`
			`LOAD_FILE_SYS_DATA_CODE = 3,`
Fix enum size, MCPLoadFileRequest->type works now 2018-05-11 08:01:06 +02:00
			`LOAD_FILE_FORCE_SIZE = 0xFFFFFFFF,`
Add types, enums and whatever to MCP_LoadFile patch 2018-05-09 02:34:44 +02:00			`} MCPFileType;`

			`typedef struct {`
			`unsigned char unk[0x10];`

			`unsigned int pos;`
			`MCPFileType type;`
			`unsigned int cafe_pid;`

			`unsigned char unk2[0xC];`

			`char name[0x40];`

			`unsigned char unk3[0x12D8 - 0x68];`
Add @exjam's MCP_LoadFile patch, allowing loading rpls from anywhere 2018-05-10 13:20:53 +02:00			`} MCPLoadFileRequest;`
Add types, enums and whatever to MCP_LoadFile patch 2018-05-09 02:34:44 +02:00			`//sizeof(MCPLoadFileRequest) = 0x12D8`

			`int (const real_MCP_LoadFile)(ipcmessage msg) = (void*)0x0501CAA8 + 1; //+1 for thumb`
Add @exjam's MCP_LoadFile patch, allowing loading rpls from anywhere 2018-05-10 13:20:53 +02:00			`int (const MCP_DoLoadFile)(const char path, const char* path2, void* outputBuffer, u32 outLength, u32 pos, int* bytesRead, u32 unk) = (void*)0x05017248 + 1;`
			`int (const MCP_UnknownStuff)(const char path, u32 pos, void* outputBuffer, u32 outLength, u32 outLength2, u32 unk) = (void*)0x05014CAC + 1;`
Add types, enums and whatever to MCP_LoadFile patch 2018-05-09 02:34:44 +02:00
Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`static int MCP_LoadCustomFile(char* path, ipcmessage* msg, MCPLoadFileRequest* request);`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00			`static bool replacerpx = false;`
			`static bool didrpxfirstchunk = false;`
			`static char rpxpath[0x280];`

Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`#define log(fmt, ...) log_printf("%s: " fmt, __FUNCTION__, __VA_ARGS__)`
			`#define FAIL_ON(cond, val) \`
			`if (cond) { \`
			`log(#cond " (%08X)", val); \`
			`return -29; \`
Add @exjam's MCP_LoadFile patch, allowing loading rpls from anywhere 2018-05-10 13:20:53 +02:00			`}`

Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`int _MCP_LoadFile_patch(ipcmessage* msg) {`
			`FAIL_ON(!msg->ioctl.buffer_in, 0);`
			`FAIL_ON(msg->ioctl.length_in != 0x12D8, msg->ioctl.length_in);`
			`FAIL_ON(!msg->ioctl.buffer_io, 0);`
			`FAIL_ON(!msg->ioctl.length_io, 0);`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00
Add @exjam's MCP_LoadFile patch, allowing loading rpls from anywhere 2018-05-10 13:20:53 +02:00			`MCPLoadFileRequest* request = (MCPLoadFileRequest*)msg->ioctl.buffer_in;`
Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`log("msg->ioctl.buffer_io = %p, msg->ioctl.length_io = 0x%X\n", msg->ioctl.buffer_io, msg->ioctl.length_io);`
			`log("request->type = %d, request->pos = %d, request->name = \"%s\"\n", request->type, request->pos, request->name);`
Add @exjam's MCP_LoadFile patch, allowing loading rpls from anywhere 2018-05-10 13:20:53 +02:00
Fix enum size, MCPLoadFileRequest->type works now 2018-05-11 08:01:06 +02:00			`if (request->type == LOAD_FILE_CAFE_OS &&`
			`request->name[0] == '*') {`
Add @exjam's MCP_LoadFile patch, allowing loading rpls from anywhere 2018-05-10 13:20:53 +02:00			`char path[0x40];`

Fix enum size, MCPLoadFileRequest->type works now 2018-05-11 08:01:06 +02:00			`/* Translate request->name to a path by replacing * with / */`
Add @exjam's MCP_LoadFile patch, allowing loading rpls from anywhere 2018-05-10 13:20:53 +02:00			`for (int i = 0; i < 0x40; ++i) {`
			`if (request->name[i] == '*') {`
			`path[i] = '/';`
			`} else {`
			`path[i] = request->name[i];`
			`}`
			`}`

Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`int result = MCP_LoadCustomFile(path, msg, request);`
			`if (result >= 0) return result;`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00			`} else if (replacerpx) {`
Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`/* RPX replacement!`
			`Only replace this chunk if:`
			`- replacerpx is true (replace the next rpx to be loaded)`
			`- this file is an rpx`
			`and either of the following:`
			`- we haven't read the first chunk yet`
			`- this is not the first chunk`

			`The goal here is only to replace an rpx once. Reading at pos = 0 signifies a`
			`new rpx load - these conditions detect that. */`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00			`char* extension = request->name + strlen(request->name) - 3;`
			`if (extension[0] == 'r' &&`
			`extension[1] == 'p' &&`
			`extension[2] == 'x') {`

Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`if (!didrpxfirstchunk \|\| request->pos > 0) {`
			`int result = MCP_LoadCustomFile(rpxpath, msg, request);`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00			`if (result >= 0) {`
Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`if (request->pos == 0) didrpxfirstchunk = true;`
			`return result;`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00			`}`
			`} else {`
			`/* This is the second time reading the first chunk of an rpx.`
			`Therefore we have already replaced the rpx we were asked to. */`
			`replacerpx = false;`
			`}`
			`}`
Add @exjam's MCP_LoadFile patch, allowing loading rpls from anywhere 2018-05-10 13:20:53 +02:00			`}`

Add types, enums and whatever to MCP_LoadFile patch 2018-05-09 02:34:44 +02:00			`return real_MCP_LoadFile(msg);`
Add stub MCP_LoadFile patch - It works! 2018-05-08 12:17:40 +02:00			`}`
Add stub ioctl 0x64, doesn't do much yet 2018-05-31 13:11:20 +02:00
Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`static int MCP_LoadCustomFile(char* path, ipcmessage* msg, MCPLoadFileRequest* request) {`
			`log("Load custom path \"%s\"\n", path);`

			`/* TODO: If this fails, try last argument as 1 */`
			`int bytesRead = 0;`
			`int result = MCP_DoLoadFile(path, NULL, msg->ioctl.buffer_io, msg->ioctl.length_io, request->pos, &bytesRead, 0);`
			`log("MCP_DoLoadFile returned %d, bytesRead = %d\n", result, bytesRead);`

			`if (result >= 0) {`
			`if (!bytesRead) {`
			`return 0;`
			`}`

			`/* TODO: If this fails, try last argument as 1 */`
			`result = MCP_UnknownStuff(path, request->pos, msg->ioctl.buffer_io, msg->ioctl.length_io, msg->ioctl.length_io, 0);`
			`log("MCP_UnknownStuff returned %d\n", result);`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00
Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`if (result >= 0) {`
			`return bytesRead;`
			`}`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00			`}`
Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`return result;`
			`}`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00
Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`/* RPX replacement! Call this ioctl to replace the next loaded RPX with an arbitrary path.`
			`DO NOT RETURN 0, this affects the codepaths back in the IOSU code */`
			`int _MCP_ioctl100_patch(ipcmessage* msg) {`
			`/* Give some method to detect this ioctl's prescence, even if the other args are bad */`
			`if (msg->ioctl.buffer_io && msg->ioctl.length_io >= sizeof(u32)) {`
			`(u32)msg->ioctl.buffer_io = 1;`
ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00			`}`

Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`FAIL_ON(!msg->ioctl.buffer_in, 0);`
			`FAIL_ON(!msg->ioctl.length_in, 0);`
			`FAIL_ON(msg->ioctl.length_in > sizeof(rpxpath) - 1, msg->ioctl.length_in);`

ioctl64: Add arbitrary RPX replacement (first draft) Just call ioctl 0x64 (100) with your path in the buffer and the next rpx to be loaded will be replaced with yours! 2018-06-01 13:09:51 +02:00			`strncpy(rpxpath, (const char*)msg->ioctl.buffer_in, sizeof(rpxpath) - 1);`
			`rpxpath[sizeof(rpxpath) - 1] = '\0';`

			`replacerpx = true;`
			`didrpxfirstchunk = false;`
Add stub ioctl 0x64, doesn't do much yet 2018-05-31 13:11:20 +02:00
Minor refactoring/cleanup/consolidation whatever 2018-06-04 11:54:50 +02:00			`log("Will load %s for next title\n", rpxpath);`

			`/* Signal that all went well */`
			`if (msg->ioctl.buffer_io && msg->ioctl.length_io >= sizeof(u32)) {`
			`(u32)msg->ioctl.buffer_io = 2;`
			`}`
Add stub ioctl 0x64, doesn't do much yet 2018-05-31 13:11:20 +02:00			`return 1;`
			`}`