mirror of
https://github.com/wiiu-env/MochaPayload.git
synced 2024-12-23 06:31:51 +01:00
Avoid exploiting the iosu when mocha is already running
This commit is contained in:
parent
962c388fe3
commit
48e1540f7a
@ -122,6 +122,13 @@ void kernel_run_patches(u32 ios_elf_start) {
|
||||
section_write(ios_elf_start, (u32) __KERNEL_CODE_START, __KERNEL_CODE_START, __KERNEL_CODE_END - __KERNEL_CODE_START);
|
||||
section_write_word(ios_elf_start, 0x0812A120, ARM_BL(0x0812A120, kernel_launch_ios));
|
||||
|
||||
// patch kernel dev node registration flag. Should be 1 anyway but this doesn't hurt.
|
||||
section_write_word(ios_elf_start, 0x081430B4, 1);
|
||||
|
||||
// patch IOS_SetResourceManagerRegistrationDisabled to always keep it enabled
|
||||
section_write_word(ios_elf_start, 0x0812581c, 0xe3a02001);
|
||||
section_write_word(ios_elf_start, 0x08125820, 0xe1a00000);
|
||||
|
||||
section_write(ios_elf_start, 0x08140DE0, KERNEL_MCP_IOMAPPINGS_STRUCT, sizeof(KERNEL_MCP_IOMAPPINGS_STRUCT));
|
||||
|
||||
// patch /dev/odm IOCTL 0x06 to return the disc key if in_buf[0] > 2.
|
||||
|
@ -3,6 +3,7 @@
|
||||
#include <coreinit/cache.h>
|
||||
#include <coreinit/debug.h>
|
||||
#include <coreinit/ios.h>
|
||||
#include <coreinit/thread.h>
|
||||
#include <cstdio>
|
||||
#include <cstring>
|
||||
#include <mocha/commands.h>
|
||||
@ -10,6 +11,20 @@
|
||||
#include <whb/log.h>
|
||||
#include <whb/log_udp.h>
|
||||
|
||||
static void StartMCPThreadIfMochaAlreadyRunning() {
|
||||
// start /dev/iosuhax and wupserver if mocha is already running
|
||||
int mcpFd = IOS_Open("/dev/mcp", (IOSOpenMode) 0);
|
||||
if (mcpFd >= 0) {
|
||||
int in = IPC_CUSTOM_START_MCP_THREAD;
|
||||
int out = 0;
|
||||
if (IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out)) == IOS_ERROR_OK) {
|
||||
// give /dev/iosuhax a chance to start.
|
||||
OSSleepTicks(OSMillisecondsToTicks(100));
|
||||
}
|
||||
IOS_Close(mcpFd);
|
||||
}
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
WHBLogUdpInit();
|
||||
WHBLogPrintf("Hello from mocha");
|
||||
@ -20,11 +35,12 @@ int main(int argc, char **argv) {
|
||||
DCStoreRange((void *) 0xF417FEF0, 0x100);
|
||||
}
|
||||
}
|
||||
|
||||
uint64_t sysmenuIdUll = _SYSGetSystemApplicationTitleId(SYSTEM_APP_ID_WII_U_MENU);
|
||||
memcpy((void *) 0xF417FFF0, &sysmenuIdUll, 8);
|
||||
DCStoreRange((void *) 0xF417FFF0, 0x8);
|
||||
|
||||
StartMCPThreadIfMochaAlreadyRunning();
|
||||
|
||||
ExecuteIOSExploit();
|
||||
|
||||
// When the kernel exploit is set up successfully, we signal the ios to move on.
|
||||
|
Loading…
Reference in New Issue
Block a user