mirror of
https://github.com/wiiu-env/MochaPayload.git
synced 2024-12-22 22:21:52 +01:00
Fix sd access patch
This commit is contained in:
parent
3df156eb97
commit
46921d3771
@ -50,7 +50,7 @@ void instant_patches_setup(void) {
|
||||
*(volatile u32 *) 0x1070FAEC = 0xEAFFFFF9;
|
||||
|
||||
int (*_iosMapSharedUserExecution)(void *descr) = (void *) 0x08124F88;
|
||||
|
||||
|
||||
// patch kernel dev node registration
|
||||
*(volatile u32 *) 0x081430B4 = 1;
|
||||
|
||||
@ -74,7 +74,6 @@ void instant_patches_setup(void) {
|
||||
*(volatile u32 *) (0x0501dd78 - 0x05000000 + 0x081C0000) = (volatile u32 *) THUMB_BL(0x0501dd78, MCP_ReadCOSXml_patch);
|
||||
*(volatile u32 *) (0x051105ce - 0x05000000 + 0x081C0000) = (volatile u32 *) THUMB_BL(0x051105ce, MCP_ReadCOSXml_patch);
|
||||
|
||||
|
||||
// patch default title id to system menu
|
||||
*(volatile u32 *) mcp_data_phys(0x050B817C) = *(volatile u32 *) 0x0017FFF0;
|
||||
*(volatile u32 *) mcp_data_phys(0x050B8180) = *(volatile u32 *) 0x0017FFF4;
|
||||
@ -84,11 +83,6 @@ void instant_patches_setup(void) {
|
||||
|
||||
// set zero to start thread directly on first title change
|
||||
*(volatile u32 *) (0x050BC580 - 0x05000000 + 0x081C0000) = 0;
|
||||
// down display launch image at this state
|
||||
*(volatile u32 *) (_text_start - 4 - 0x05100000 + 0x13D80000) = 0;
|
||||
|
||||
// patch the read position for the cos xml's p4.mask(ios_fs) to read 0xFFFFFFFFFFFFFFFF
|
||||
*(volatile u32 *) (0x05002BBE - 0x05000000 + 0x081C0000) = (volatile u32 *) THUMB_BL(0x05002BBE, patch_SD_access_check);
|
||||
|
||||
ios_map_shared_info_t map_info;
|
||||
map_info.paddr = 0x050BD000 - 0x05000000 + 0x081C0000;
|
||||
|
@ -43,8 +43,6 @@ void mcp_run_patches(u32 ios_elf_start) {
|
||||
|
||||
section_write_word(ios_elf_start, 0x05056718, ARM_BL(0x05056718, _text_start));
|
||||
|
||||
section_write_word(ios_elf_start, 0x05002BBE, THUMB_BL(0x05002BBE, patch_SD_access_check));
|
||||
|
||||
u32 patch_count = (u32) (((u8 *) mcp_patches_table_end) - ((u8 *) mcp_patches_table)) / sizeof(patch_table_t);
|
||||
patch_table_entries(ios_elf_start, mcp_patches_table, patch_count);
|
||||
|
||||
|
@ -17,18 +17,4 @@ int _startMainThread(void) {
|
||||
ipc_init();
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void patch_SD_access_check(void) {
|
||||
__asm__ volatile(
|
||||
".thumb\n"
|
||||
//clobbered instructions
|
||||
"add r0, r7, r2\n"
|
||||
//app.permissions.r2.mask seems to be 0xFFFFFFFFFFFFFFFF for every application
|
||||
"ldr r1, =0x32\n"
|
||||
"sub r3, r3, #7\n"
|
||||
"strb r1, [r3]\n"
|
||||
//this instruction was also clobbered but we use r1 so we do it after our patch stuff
|
||||
"movs r1, #0\n"
|
||||
"bx lr");
|
||||
}
|
||||
}
|
@ -166,6 +166,9 @@ int _MCP_ReadCOSXml_patch(uint32_t u1, uint32_t u2, MCPPPrepareTitleInfo *xmlDat
|
||||
int (*const real_MCP_ReadCOSXml_patch)(uint32_t u1, uint32_t u2, MCPPPrepareTitleInfo *xmlData) = (void *) 0x050024ec + 1; //+1 for thumb
|
||||
|
||||
int res = real_MCP_ReadCOSXml_patch(u1, u2, xmlData);
|
||||
|
||||
// Give us sd access!
|
||||
xmlData->permissions[4].mask = 0xFFFFFFFFFFFFFFFF;
|
||||
|
||||
// if we replace the RPX we want to increase the max_codesize and give us full permission!
|
||||
if (replace_valid) {
|
||||
|
Loading…
Reference in New Issue
Block a user