From 48e1540f7ac5852cc976cb3db25d001ae1680738 Mon Sep 17 00:00:00 2001
From: Maschell <Maschell@gmx.de>
Date: Sat, 25 Nov 2023 17:55:10 +0100
Subject: [PATCH] Avoid exploiting the iosu when mocha is already running

---
 source/ios_kernel/source/kernel_patches.c |  7 +++++++
 source/main.cpp                           | 18 +++++++++++++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/source/ios_kernel/source/kernel_patches.c b/source/ios_kernel/source/kernel_patches.c
index 87f1d41..50239cc 100644
--- a/source/ios_kernel/source/kernel_patches.c
+++ b/source/ios_kernel/source/kernel_patches.c
@@ -122,6 +122,13 @@ void kernel_run_patches(u32 ios_elf_start) {
     section_write(ios_elf_start, (u32) __KERNEL_CODE_START, __KERNEL_CODE_START, __KERNEL_CODE_END - __KERNEL_CODE_START);
     section_write_word(ios_elf_start, 0x0812A120, ARM_BL(0x0812A120, kernel_launch_ios));
 
+    // patch kernel dev node registration flag. Should be 1 anyway but this doesn't hurt.
+    section_write_word(ios_elf_start, 0x081430B4, 1);
+
+    // patch IOS_SetResourceManagerRegistrationDisabled to always keep it enabled
+    section_write_word(ios_elf_start, 0x0812581c, 0xe3a02001);
+    section_write_word(ios_elf_start, 0x08125820, 0xe1a00000);
+
     section_write(ios_elf_start, 0x08140DE0, KERNEL_MCP_IOMAPPINGS_STRUCT, sizeof(KERNEL_MCP_IOMAPPINGS_STRUCT));
 
     // patch /dev/odm IOCTL 0x06 to return the disc key if in_buf[0] > 2.
diff --git a/source/main.cpp b/source/main.cpp
index 35e6b7c..560c0a5 100644
--- a/source/main.cpp
+++ b/source/main.cpp
@@ -3,6 +3,7 @@
 #include <coreinit/cache.h>
 #include <coreinit/debug.h>
 #include <coreinit/ios.h>
+#include <coreinit/thread.h>
 #include <cstdio>
 #include <cstring>
 #include <mocha/commands.h>
@@ -10,6 +11,20 @@
 #include <whb/log.h>
 #include <whb/log_udp.h>
 
+static void StartMCPThreadIfMochaAlreadyRunning() {
+    // start /dev/iosuhax and wupserver if mocha is already running
+    int mcpFd = IOS_Open("/dev/mcp", (IOSOpenMode) 0);
+    if (mcpFd >= 0) {
+        int in  = IPC_CUSTOM_START_MCP_THREAD;
+        int out = 0;
+        if (IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out)) == IOS_ERROR_OK) {
+            // give /dev/iosuhax a chance to start.
+            OSSleepTicks(OSMillisecondsToTicks(100));
+        }
+        IOS_Close(mcpFd);
+    }
+}
+
 int main(int argc, char **argv) {
     WHBLogUdpInit();
     WHBLogPrintf("Hello from mocha");
@@ -20,11 +35,12 @@ int main(int argc, char **argv) {
             DCStoreRange((void *) 0xF417FEF0, 0x100);
         }
     }
-
     uint64_t sysmenuIdUll = _SYSGetSystemApplicationTitleId(SYSTEM_APP_ID_WII_U_MENU);
     memcpy((void *) 0xF417FFF0, &sysmenuIdUll, 8);
     DCStoreRange((void *) 0xF417FFF0, 0x8);
 
+    StartMCPThreadIfMochaAlreadyRunning();
+
     ExecuteIOSExploit();
 
     // When the kernel exploit is set up successfully, we signal the ios to move on.