MochaPayload/source/main.cpp

#include "common/ipc_defs.h"
#include "ios_exploit.h"
#include <coreinit/cache.h>
#include <coreinit/debug.h>
#include <coreinit/ios.h>
#include <coreinit/thread.h>
#include <cstdio>
#include <cstring>
#include <mocha/commands.h>
#include <sysapp/title.h>

static void StartMCPThreadIfMochaAlreadyRunning() {
    // start /dev/iosuhax and wupserver if mocha is already running
    int mcpFd = IOS_Open("/dev/mcp", (IOSOpenMode) 0);
    if (mcpFd >= 0) {
        int in  = IPC_CUSTOM_START_MCP_THREAD;
        int out = 0;
        if (IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out)) == IOS_ERROR_OK) {
            // give /dev/iosuhax a chance to start.
            OSSleepTicks(OSMillisecondsToTicks(100));
        }
        IOS_Close(mcpFd);
    }
}

int main(int argc, char **argv) {
    if (argc >= 1) {
        if (strncmp(argv[0], "fs:/", 4) == 0) {
            strncpy((char *) 0xF417FEF0, argv[0], 0xFF);
            DCStoreRange((void *) 0xF417FEF0, 0x100);
        }
    }
    uint64_t sysmenuIdUll = _SYSGetSystemApplicationTitleId(SYSTEM_APP_ID_WII_U_MENU);
    memcpy((void *) 0xF417FFF0, &sysmenuIdUll, 8);
    DCStoreRange((void *) 0xF417FFF0, 0x8);

    StartMCPThreadIfMochaAlreadyRunning();

    ExecuteIOSExploit();

    // When the kernel exploit is set up successfully, we signal the ios to move on.
    int mcpFd = IOS_Open("/dev/mcp", (IOSOpenMode) 0);
    if (mcpFd >= 0) {
        int in  = IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED;
        int out = 0;
        IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out));

        in  = IPC_CUSTOM_START_MCP_THREAD;
        out = 0;
        IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out));
        IOS_Close(mcpFd);
    }
    return 0;
}
Use latest wut version 2022-07-25 15:20:17 +02:00			`#include "common/ipc_defs.h"`
			`#include "ios_exploit.h"`
first commit 2020-04-28 15:07:52 +02:00			`#include <coreinit/cache.h>`
Use latest wut version 2022-07-25 15:20:17 +02:00			`#include <coreinit/debug.h>`
Replace men.rpx with .rpx from sd card when reloading the iosu/ppc. Fixes returning from the settings. 2020-06-21 00:04:10 +02:00			`#include <coreinit/ios.h>`
Avoid exploiting the iosu when mocha is already running 2023-11-25 17:55:10 +01:00			`#include <coreinit/thread.h>`
Format the code via clang-format 2022-02-04 14:23:22 +01:00			`#include <cstdio>`
			`#include <cstring>`
Add initial libmocha support 2022-07-25 15:22:17 +02:00			`#include <mocha/commands.h>`
Some code cleanup 2021-04-04 23:51:23 +02:00			`#include <sysapp/title.h>`
first commit 2020-04-28 15:07:52 +02:00
Avoid exploiting the iosu when mocha is already running 2023-11-25 17:55:10 +01:00			`static void StartMCPThreadIfMochaAlreadyRunning() {`
			`// start /dev/iosuhax and wupserver if mocha is already running`
			`int mcpFd = IOS_Open("/dev/mcp", (IOSOpenMode) 0);`
			`if (mcpFd >= 0) {`
			`int in = IPC_CUSTOM_START_MCP_THREAD;`
			`int out = 0;`
			`if (IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out)) == IOS_ERROR_OK) {`
			`// give /dev/iosuhax a chance to start.`
			`OSSleepTicks(OSMillisecondsToTicks(100));`
			`}`
			`IOS_Close(mcpFd);`
			`}`
			`}`

first commit 2020-04-28 15:07:52 +02:00			`int main(int argc, char **argv) {`
Preserve environment path, fix returns values of custom IOCTL, 2021-12-28 15:30:53 +01:00			`if (argc >= 1) {`
			`if (strncmp(argv[0], "fs:/", 4) == 0) {`
			`strncpy((char *) 0xF417FEF0, argv[0], 0xFF);`
ios_exploit: Fix address for DCStoreRange 2023-03-11 17:06:07 +01:00			`DCStoreRange((void *) 0xF417FEF0, 0x100);`
Preserve environment path, fix returns values of custom IOCTL, 2021-12-28 15:30:53 +01:00			`}`
			`}`
Use latest wut version 2022-07-25 15:20:17 +02:00			`uint64_t sysmenuIdUll = _SYSGetSystemApplicationTitleId(SYSTEM_APP_ID_WII_U_MENU);`
Formatting 2020-06-20 23:43:44 +02:00			`memcpy((void *) 0xF417FFF0, &sysmenuIdUll, 8);`
			`DCStoreRange((void *) 0xF417FFF0, 0x8);`
first commit 2020-04-28 15:07:52 +02:00
Avoid exploiting the iosu when mocha is already running 2023-11-25 17:55:10 +01:00			`StartMCPThreadIfMochaAlreadyRunning();`

first commit 2020-04-28 15:07:52 +02:00			`ExecuteIOSExploit();`
Replace men.rpx with .rpx from sd card when reloading the iosu/ppc. Fixes returning from the settings. 2020-06-21 00:04:10 +02:00
			`// When the kernel exploit is set up successfully, we signal the ios to move on.`
			`int mcpFd = IOS_Open("/dev/mcp", (IOSOpenMode) 0);`
			`if (mcpFd >= 0) {`
Format the code via clang-format 2022-02-04 14:23:22 +01:00			`int in = IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED;`
Replace men.rpx with .rpx from sd card when reloading the iosu/ppc. Fixes returning from the settings. 2020-06-21 00:04:10 +02:00			`int out = 0;`
Use ipc call to start mcp thread immediately 2021-04-04 22:33:22 +02:00			`IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out));`
Replace men.rpx with .rpx from sd card when reloading the iosu/ppc. Fixes returning from the settings. 2020-06-21 00:04:10 +02:00
Format the code via clang-format 2022-02-04 14:23:22 +01:00			`in = IPC_CUSTOM_START_MCP_THREAD;`
Use ipc call to start mcp thread immediately 2021-04-04 22:33:22 +02:00			`out = 0;`
Replace men.rpx with .rpx from sd card when reloading the iosu/ppc. Fixes returning from the settings. 2020-06-21 00:04:10 +02:00			`IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out));`
			`IOS_Close(mcpFd);`
			`}`
first commit 2020-04-28 15:07:52 +02:00			`return 0;`
			`}`