Fix sd access patch

2024-09-30 00:28:34 +02:00 · 2021-02-14 15:28:56 +01:00 · 2021-02-14 15:28:56 +01:00 · 46921d3771
commit 46921d3771
parent 3df156eb97
4 changed files with 5 additions and 24 deletions
--- a/source/ios_kernel/source/instant_patches.c
+++ b/source/ios_kernel/source/instant_patches.c
@ -50,7 +50,7 @@ void instant_patches_setup(void) {
    *(volatile u32 *) 0x1070FAEC = 0xEAFFFFF9;

    int (*_iosMapSharedUserExecution)(void *descr) = (void *) 0x08124F88;
-
+ 
    // patch kernel dev node registration
    *(volatile u32 *) 0x081430B4 = 1;

@ -74,7 +74,6 @@ void instant_patches_setup(void) {
    *(volatile u32 *) (0x0501dd78 - 0x05000000 + 0x081C0000) = (volatile u32 *) THUMB_BL(0x0501dd78, MCP_ReadCOSXml_patch);
    *(volatile u32 *) (0x051105ce - 0x05000000 + 0x081C0000) = (volatile u32 *) THUMB_BL(0x051105ce, MCP_ReadCOSXml_patch);

-
    // patch default title id to system menu
    *(volatile u32 *) mcp_data_phys(0x050B817C) = *(volatile u32 *) 0x0017FFF0;
    *(volatile u32 *) mcp_data_phys(0x050B8180) = *(volatile u32 *) 0x0017FFF4;
@ -84,11 +83,6 @@ void instant_patches_setup(void) {

    // set zero to start thread directly on first title change
    *(volatile u32 *) (0x050BC580 - 0x05000000 + 0x081C0000) = 0;
-    // down display launch image at this state
-    *(volatile u32 *) (_text_start - 4 - 0x05100000 + 0x13D80000) = 0;
-
-    // patch the read position for the cos xml's p4.mask(ios_fs) to read 0xFFFFFFFFFFFFFFFF
-    *(volatile u32 *) (0x05002BBE - 0x05000000 + 0x081C0000) = (volatile u32 *) THUMB_BL(0x05002BBE, patch_SD_access_check);

    ios_map_shared_info_t map_info;
    map_info.paddr = 0x050BD000 - 0x05000000 + 0x081C0000;
--- a/source/ios_kernel/source/ios_mcp_patches.c
+++ b/source/ios_kernel/source/ios_mcp_patches.c
@ -43,8 +43,6 @@ void mcp_run_patches(u32 ios_elf_start) {

    section_write_word(ios_elf_start, 0x05056718, ARM_BL(0x05056718, _text_start));

-    section_write_word(ios_elf_start, 0x05002BBE, THUMB_BL(0x05002BBE, patch_SD_access_check));
-
    u32 patch_count = (u32) (((u8 *) mcp_patches_table_end) - ((u8 *) mcp_patches_table)) / sizeof(patch_table_t);
    patch_table_entries(ios_elf_start, mcp_patches_table, patch_count);

--- a/source/ios_mcp/source/main.c
+++ b/source/ios_mcp/source/main.c
@ -17,18 +17,4 @@ int _startMainThread(void) {
        ipc_init();
    }
    return 0;
-}
-
-void patch_SD_access_check(void) {
-    __asm__ volatile(
-    ".thumb\n"
-    //clobbered instructions
-    "add r0, r7, r2\n"
-    //app.permissions.r2.mask seems to be 0xFFFFFFFFFFFFFFFF for every application
-    "ldr r1, =0x32\n"
-    "sub r3, r3, #7\n"
-    "strb r1, [r3]\n"
-    //this instruction was also clobbered but we use r1 so we do it after our patch stuff
-    "movs r1, #0\n"
-    "bx lr");
-}
+}
--- a/source/ios_mcp/source/mcp_loadfile.c
+++ b/source/ios_mcp/source/mcp_loadfile.c
@ -166,6 +166,9 @@ int _MCP_ReadCOSXml_patch(uint32_t u1, uint32_t u2, MCPPPrepareTitleInfo *xmlDat
    int (*const real_MCP_ReadCOSXml_patch)(uint32_t u1, uint32_t u2, MCPPPrepareTitleInfo *xmlData) = (void *) 0x050024ec + 1; //+1 for thumb

    int res = real_MCP_ReadCOSXml_patch(u1, u2, xmlData);
+        
+    // Give us sd access!
+    xmlData->permissions[4].mask = 0xFFFFFFFFFFFFFFFF;

    // if we replace the RPX we want to increase the max_codesize and give us full permission!
    if (replace_valid) {