From 89792403d4b992b7ee42486e3887996231423ac6 Mon Sep 17 00:00:00 2001
From: Maschell <Maschell@gmx.de>
Date: Sun, 31 Oct 2021 16:20:42 +0100
Subject: [PATCH] Add support for USB Serial logging, add custom IPC to start
 logging.

---
 source/common/ipc_defs.h                   |  1 +
 source/ios_kernel/source/instant_patches.c |  5 +++++
 source/ios_kernel/source/kernel_patches.c  | 16 ++++++++++++++
 source/ios_mcp/source/mcp_loadfile.c       | 25 ++++++++++++++++++++++
 source/ios_mcp/source/svc.h                |  4 ++++
 source/ios_mcp/source/svc.s                | 12 +++++++++++
 6 files changed, 63 insertions(+)

diff --git a/source/common/ipc_defs.h b/source/common/ipc_defs.h
index dc9796a..a65ed98 100644
--- a/source/common/ipc_defs.h
+++ b/source/common/ipc_defs.h
@@ -226,5 +226,6 @@ typedef struct {
 #define IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED   0xFD
 #define IPC_CUSTOM_LOAD_CUSTOM_RPX          0xFC
 #define IPC_CUSTOM_META_XML_READ            0xFB
+#define IPC_CUSTOM_START_USB_LOGGING        0xFA
 
 #define LOAD_FILE_TARGET_SD_CARD            0
diff --git a/source/ios_kernel/source/instant_patches.c b/source/ios_kernel/source/instant_patches.c
index a729ffe..4e50efc 100644
--- a/source/ios_kernel/source/instant_patches.c
+++ b/source/ios_kernel/source/instant_patches.c
@@ -84,6 +84,11 @@ void instant_patches_setup(void) {
     *(volatile u32 *) (0x0501dd78 - 0x05000000 + 0x081C0000) = THUMB_BL(0x0501dd78, MCP_ReadCOSXml_patch);
     *(volatile u32 *) (0x051105ce - 0x05000000 + 0x081C0000) = THUMB_BL(0x051105ce, MCP_ReadCOSXml_patch);
 
+    // Patch MCP debugmode check for syslog
+    *(volatile u32 *) (0x050290d8 - 0x05000000 + 0x081C0000) = 0x20004770;
+    // Patch TEST to allow syslog
+    *(volatile u32 *) (0xe4007828 - 0xe4000000 + 0x13A40000) = 0xe3a00000;
+
     // patch default title id to system menu
     *(volatile u32 *) mcp_data_phys(0x050B817C) = *(volatile u32 *) 0x0017FFF0;
     *(volatile u32 *) mcp_data_phys(0x050B8180) = *(volatile u32 *) 0x0017FFF4;
diff --git a/source/ios_kernel/source/kernel_patches.c b/source/ios_kernel/source/kernel_patches.c
index 6c7893a..ea2d52d 100644
--- a/source/ios_kernel/source/kernel_patches.c
+++ b/source/ios_kernel/source/kernel_patches.c
@@ -121,6 +121,22 @@ void kernel_run_patches(u32 ios_elf_start) {
     section_write_word(ios_elf_start, 0xe22830e0, 0x00000000);
     section_write_word(ios_elf_start, 0xe22b2a78, 0x00000000);
     section_write_word(ios_elf_start, 0xe204fb68, 0xe3a00000);
+    
+    // patch MCP syslog debug mode check
+    section_write_word(ios_elf_start, 0x050290d8, 0x20004770);
+    
+    // Write magic word to disable custom IPC
+    section_write_word(ios_elf_start, 0x050290dc, 0x42424242);
+    
+    // patch TEST debug mode check
+    //section_write_word(ios_elf_start, 0xe4016a78, 0xe3a00000);
+    section_write_word(ios_elf_start, 0xe4007828, 0xe3a00000);
+    
+    // Patch FS to syslog everything
+    section_write_word(ios_elf_start, 0x107F5720, ARM_B(0x107F5720, 0x107F0C84));
+    
+    // Patch MCP to syslog everything
+    section_write_word(ios_elf_start, 0x05055438, ARM_B(0x05055438, 0x0503dcf8));
 
     section_write_word(ios_elf_start, 0x0812CD2C, ARM_B(0x0812CD2C, kernel_syscall_0x81));
 
diff --git a/source/ios_mcp/source/mcp_loadfile.c b/source/ios_mcp/source/mcp_loadfile.c
index b23c48e..33771fa 100644
--- a/source/ios_mcp/source/mcp_loadfile.c
+++ b/source/ios_mcp/source/mcp_loadfile.c
@@ -274,6 +274,31 @@ int _MCP_ioctl100_patch(ipcmessage *msg) {
                 _startMainThread();
                 break;
             }
+
+            case IPC_CUSTOM_START_USB_LOGGING: {
+                if(*((uint32_t*)0x050290dc) == 0x42424242){
+                    // Skip syslog after a reload
+                    break;
+                }
+                int handle = svcOpen("/dev/testproc1", 0);
+                if(handle > 0){
+                    svcResume(handle);
+                    svcClose(handle);
+                }
+                
+                handle = svcOpen("/dev/usb_syslog", 0);
+                if(handle > 0){
+                    svcResume(handle);
+                    svcClose(handle);
+                }
+                
+                // Kill existing syslogs to avoid long catch up
+                uint32_t * bufferPtr = (uint32_t*)(*(uint32_t*)0x05095ecc);
+                bufferPtr[0] = 0;
+                bufferPtr[1] = 0;
+
+                break;
+            }
             default: {
             }
         }
diff --git a/source/ios_mcp/source/svc.h b/source/ios_mcp/source/svc.h
index 4f23088..dde0f19 100644
--- a/source/ios_mcp/source/svc.h
+++ b/source/ios_mcp/source/svc.h
@@ -17,6 +17,10 @@ void svcFree(u32 heapid, void *ptr);
 
 int svcOpen(char *name, int mode);
 
+int svcSuspend(int fd);
+
+int svcResume(int fd);
+
 int svcClose(int fd);
 
 int svcIoctl(int fd, u32 request, void *input_buffer, u32 input_buffer_len, void *output_buffer, u32 output_buffer_len);
diff --git a/source/ios_mcp/source/svc.s b/source/ios_mcp/source/svc.s
index 87518ee..2aac696 100644
--- a/source/ios_mcp/source/svc.s
+++ b/source/ios_mcp/source/svc.s
@@ -62,6 +62,18 @@ svcOpen:
 	.word 0xE7F033F0
 	bx lr
 
+.global svcResume
+.type svcResume, %function
+svcResume:
+	.word 0xe7f043f0
+	bx lr
+    
+.global svcSuspend
+.type svcSuspend, %function
+svcSuspend:
+	.word 0xe7f044f0
+	bx lr
+
 .global svcClose
 .type svcClose, %function
 svcClose: