2020-04-28 15:07:52 +02:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <string>
|
|
|
|
|
|
|
|
|
|
#include <coreinit/cache.h>
|
|
|
|
|
|
2020-06-21 00:04:10 +02:00
|
|
|
#include <coreinit/ios.h>
|
|
|
|
|
|
2020-04-28 15:07:52 +02:00
|
|
|
|
|
|
|
|
#include "whb/log.h"
|
|
|
|
|
#include "whb/log_udp.h"
|
|
|
|
|
#include "ios_exploit.h"
|
|
|
|
|
|
|
|
|
|
extern "C" uint64_t _SYSGetSystemApplicationTitleId(int);
|
|
|
|
|
|
|
|
|
|
int main(int argc, char **argv) {
|
|
|
|
|
WHBLogUdpInit();
|
|
|
|
|
WHBLogPrintf("Hello from mocha");
|
|
|
|
|
unsigned long long sysmenuIdUll = _SYSGetSystemApplicationTitleId(0);
|
2020-06-21 00:04:10 +02:00
|
|
|
|
2020-06-20 23:43:44 +02:00
|
|
|
memcpy((void *) 0xF417FFF0, &sysmenuIdUll, 8);
|
|
|
|
|
DCStoreRange((void *) 0xF417FFF0, 0x8);
|
2020-04-28 15:07:52 +02:00
|
|
|
|
|
|
|
|
ExecuteIOSExploit();
|
2020-06-21 00:04:10 +02:00
|
|
|
|
|
|
|
|
// When the kernel exploit is set up successfully, we signal the ios to move on.
|
|
|
|
|
int mcpFd = IOS_Open("/dev/mcp", (IOSOpenMode) 0);
|
|
|
|
|
if (mcpFd >= 0) {
|
|
|
|
|
int in = 0xFD;//IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED;
|
|
|
|
|
int out = 0;
|
2021-04-04 22:33:22 +02:00
|
|
|
IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out));
|
2020-06-21 00:04:10 +02:00
|
|
|
|
2021-04-04 22:33:22 +02:00
|
|
|
in = 0xFA;//IPC_CUSTOM_START_MCP_THREAD;
|
|
|
|
|
out = 0;
|
2020-06-21 00:04:10 +02:00
|
|
|
IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out));
|
|
|
|
|
IOS_Close(mcpFd);
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-28 15:07:52 +02:00
|
|
|
WHBLogPrintf("Bye from mocha");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
