mirror of
https://github.com/wiiu-env/MochaPayload.git
synced 2024-11-22 07:59:16 +01:00
Preserve environment path, fix returns values of custom IOCTL,
This commit is contained in:
parent
780b276460
commit
6b5f2650c4
@ -227,5 +227,6 @@ typedef struct {
|
||||
#define IPC_CUSTOM_LOAD_CUSTOM_RPX 0xFC
|
||||
#define IPC_CUSTOM_META_XML_READ 0xFB
|
||||
#define IPC_CUSTOM_START_USB_LOGGING 0xFA
|
||||
#define IPC_CUSTOM_COPY_ENVIRONMENT_PATH 0xF9
|
||||
|
||||
#define LOAD_FILE_TARGET_SD_CARD 0
|
||||
|
@ -320,7 +320,6 @@ static void uhs_exploit_init(int dev_uhs_0_handle) {
|
||||
payloads->size = sizeof(ios_mcp);
|
||||
memcpy(payloads->data, ios_mcp, payloads->size);
|
||||
|
||||
|
||||
pretend_root_hub[33] = 0x500000;
|
||||
pretend_root_hub[78] = 0;
|
||||
|
||||
|
@ -64,7 +64,7 @@ void instant_patches_setup(void) {
|
||||
// fix 10 minute timeout that crashes MCP after 10 minutes of booting
|
||||
*(volatile u32 *) (0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF; // NEW_TIMEOUT
|
||||
|
||||
kernel_memset((void *) (0x050BD000 - 0x05000000 + 0x081C0000), 0, 0x3000);
|
||||
kernel_memset((void *) (0x050BD000 - 0x05000000 + 0x081C0000), 0, 0x2F00);
|
||||
|
||||
// allow custom bootLogoTex and bootMovie.h264
|
||||
*(volatile u32 *) (0xE0030D68 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0
|
||||
@ -83,7 +83,7 @@ void instant_patches_setup(void) {
|
||||
|
||||
*(volatile u32 *) (0x0501dd78 - 0x05000000 + 0x081C0000) = THUMB_BL(0x0501dd78, MCP_ReadCOSXml_patch);
|
||||
*(volatile u32 *) (0x051105ce - 0x05000000 + 0x081C0000) = THUMB_BL(0x051105ce, MCP_ReadCOSXml_patch);
|
||||
|
||||
|
||||
// give us bsp::ee:read permission for PPC
|
||||
*(volatile u32 *) (0xe6044db0 - 0xe6042000 + 0x13d02000) = 0x000001F0;
|
||||
|
||||
@ -96,6 +96,11 @@ void instant_patches_setup(void) {
|
||||
*(volatile u32 *) mcp_data_phys(0x050B817C) = *(volatile u32 *) 0x0017FFF0;
|
||||
*(volatile u32 *) mcp_data_phys(0x050B8180) = *(volatile u32 *) 0x0017FFF4;
|
||||
|
||||
// Place the environment path at the end of our .text section.
|
||||
for (int i = 0; i < 0x100; i += 4) {
|
||||
*(volatile u32 *) (0x05119F00 - 0x05100000 + 0x13D80000 + i) = *(volatile u32 *) (0x0017FEF0 + i);
|
||||
}
|
||||
|
||||
// force check USB storage on load
|
||||
*(volatile u32 *) acp_phys(0xE012202C) = 0x00000001; // find USB flag
|
||||
|
||||
|
@ -39,7 +39,9 @@ u32 mcp_get_phys_code_base(void) {
|
||||
void mcp_run_patches(u32 ios_elf_start) {
|
||||
// write ios_mcp code and bss
|
||||
section_write_bss(ios_elf_start, _bss_start, _bss_end - _bss_start);
|
||||
section_write(ios_elf_start, _text_start, (void *) mcp_get_phys_code_base(), _text_end - _text_start);
|
||||
// We can't use "_text_end" here because we need to copy the full 0x4000 to preserve the envrionmen path which
|
||||
// is at the end of the .text section.
|
||||
section_write(ios_elf_start, _text_start, (void *) mcp_get_phys_code_base(), 0x4000);
|
||||
|
||||
u32 patch_count = (u32) (((u8 *) mcp_patches_table_end) - ((u8 *) mcp_patches_table)) / sizeof(patch_table_t);
|
||||
patch_table_entries(ios_elf_start, mcp_patches_table, patch_count);
|
||||
|
@ -20,3 +20,6 @@ SECTIONS
|
||||
}
|
||||
}
|
||||
|
||||
ASSERT((SIZEOF(.text)) < 0x3F00, "text section is too big");
|
||||
ASSERT((SIZEOF(.bss)) < 0x3000, "bss section is too big");
|
||||
|
||||
|
@ -274,26 +274,33 @@ int _MCP_ioctl100_patch(ipcmessage *msg) {
|
||||
_startMainThread();
|
||||
break;
|
||||
}
|
||||
|
||||
case IPC_CUSTOM_COPY_ENVIRONMENT_PATH: {
|
||||
if (msg->ioctl.buffer_io && msg->ioctl.length_io >= 0x100) {
|
||||
strncpy((char *) msg->ioctl.buffer_io, (void *) 0x05119F00, 0xFF);
|
||||
return 0;
|
||||
} else {
|
||||
return 29;
|
||||
}
|
||||
}
|
||||
case IPC_CUSTOM_START_USB_LOGGING: {
|
||||
if(*((uint32_t*)0x050290dc) == 0x42424242){
|
||||
if (*((uint32_t *) 0x050290dc) == 0x42424242) {
|
||||
// Skip syslog after a reload
|
||||
break;
|
||||
}
|
||||
int handle = svcOpen("/dev/testproc1", 0);
|
||||
if(handle > 0){
|
||||
if (handle > 0) {
|
||||
svcResume(handle);
|
||||
svcClose(handle);
|
||||
}
|
||||
|
||||
|
||||
handle = svcOpen("/dev/usb_syslog", 0);
|
||||
if(handle > 0){
|
||||
if (handle > 0) {
|
||||
svcResume(handle);
|
||||
svcClose(handle);
|
||||
}
|
||||
|
||||
|
||||
// Kill existing syslogs to avoid long catch up
|
||||
uint32_t * bufferPtr = (uint32_t*)(*(uint32_t*)0x05095ecc);
|
||||
uint32_t *bufferPtr = (uint32_t *) (*(uint32_t *) 0x05095ecc);
|
||||
bufferPtr[0] = 0;
|
||||
bufferPtr[1] = 0;
|
||||
|
||||
@ -303,12 +310,7 @@ int _MCP_ioctl100_patch(ipcmessage *msg) {
|
||||
}
|
||||
}
|
||||
} else {
|
||||
return -29;
|
||||
return 29;
|
||||
}
|
||||
|
||||
/* Signal that all went well */
|
||||
if (msg->ioctl.buffer_io && msg->ioctl.length_io >= sizeof(u32)) {
|
||||
msg->ioctl.buffer_io[0] = 2;
|
||||
}
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
#include <cstring>
|
||||
|
||||
#include <cstdio>
|
||||
#include <coreinit/cache.h>
|
||||
#include <coreinit/ios.h>
|
||||
#include <sysapp/title.h>
|
||||
@ -14,6 +14,13 @@ int main(int argc, char **argv) {
|
||||
WHBLogUdpInit();
|
||||
WHBLogPrintf("Hello from mocha");
|
||||
|
||||
if (argc >= 1) {
|
||||
if (strncmp(argv[0], "fs:/", 4) == 0) {
|
||||
strncpy((char *) 0xF417FEF0, argv[0], 0xFF);
|
||||
DCStoreRange((void *) 0xF417EFF0, 0x100);
|
||||
}
|
||||
}
|
||||
|
||||
uint64_t sysmenuIdUll = _SYSGetSystemApplicationTitleId(SYSTEM_APP_ID_HOME_MENU);
|
||||
memcpy((void *) 0xF417FFF0, &sysmenuIdUll, 8);
|
||||
DCStoreRange((void *) 0xF417FFF0, 0x8);
|
||||
|
Loading…
Reference in New Issue
Block a user