The-Homebrew-Cloud/MochaPayload
2
0
Fork 0
mirror of https://github.com/wiiu-env/MochaPayload.git synced 2024-11-10 18:25:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid exploiting the iosu when mocha is already running

Browse Source
This commit is contained in:
Maschell 2023-11-25 17:55:10 +01:00
parent 962c388fe3
commit 48e1540f7a
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source/ios_kernel/source/kernel_patches.c
View File

@ -122,6 +122,13 @@ void kernel_run_patches(u32 ios_elf_start) {
section_write(ios_elf_start, (u32) __KERNEL_CODE_START, __KERNEL_CODE_START, __KERNEL_CODE_END - __KERNEL_CODE_START);
section_write_word(ios_elf_start, 0x0812A120, ARM_BL(0x0812A120, kernel_launch_ios));
// patch kernel dev node registration flag. Should be 1 anyway but this doesn't hurt.
section_write_word(ios_elf_start, 0x081430B4, 1);
// patch IOS_SetResourceManagerRegistrationDisabled to always keep it enabled
section_write_word(ios_elf_start, 0x0812581c, 0xe3a02001);
section_write_word(ios_elf_start, 0x08125820, 0xe1a00000);
section_write(ios_elf_start, 0x08140DE0, KERNEL_MCP_IOMAPPINGS_STRUCT, sizeof(KERNEL_MCP_IOMAPPINGS_STRUCT));
// patch /dev/odm IOCTL 0x06 to return the disc key if in_buf[0] > 2.

18
source/main.cpp
View File

@ -3,6 +3,7 @@
#include <coreinit/cache.h>
#include <coreinit/debug.h>
#include <coreinit/ios.h>
#include <coreinit/thread.h>
#include <cstdio>
#include <cstring>
#include <mocha/commands.h>
@ -10,6 +11,20 @@
#include <whb/log.h>
#include <whb/log_udp.h>
static void StartMCPThreadIfMochaAlreadyRunning() {
// start /dev/iosuhax and wupserver if mocha is already running
int mcpFd = IOS_Open("/dev/mcp", (IOSOpenMode) 0);
if (mcpFd >= 0) {
int in = IPC_CUSTOM_START_MCP_THREAD;
int out = 0;
if (IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out)) == IOS_ERROR_OK) {
// give /dev/iosuhax a chance to start.
OSSleepTicks(OSMillisecondsToTicks(100));
}
IOS_Close(mcpFd);
}
}
int main(int argc, char **argv) {
WHBLogUdpInit();
WHBLogPrintf("Hello from mocha");
@ -20,11 +35,12 @@ int main(int argc, char **argv) {
DCStoreRange((void *) 0xF417FEF0, 0x100);
}
}
uint64_t sysmenuIdUll = _SYSGetSystemApplicationTitleId(SYSTEM_APP_ID_WII_U_MENU);
memcpy((void *) 0xF417FFF0, &sysmenuIdUll, 8);
DCStoreRange((void *) 0xF417FFF0, 0x8);
StartMCPThreadIfMochaAlreadyRunning();
ExecuteIOSExploit();
// When the kernel exploit is set up successfully, we signal the ios to move on.