From d9b6c7d1c28e1db03a3349301de6301ffb30b2d1 Mon Sep 17 00:00:00 2001 From: GaryOderNichts <12049776+GaryOderNichts@users.noreply.github.com> Date: Mon, 18 Mar 2024 21:27:59 +0100 Subject: [PATCH] FSA: Disable access to some raw devices for unlocked clients --- source/ios_fs/source/fsa.h | 66 +++++++++++++++++++++++++++++++++++++ source/ios_fs/source/main.c | 36 +++++--------------- 2 files changed, 74 insertions(+), 28 deletions(-) create mode 100644 source/ios_fs/source/fsa.h diff --git a/source/ios_fs/source/fsa.h b/source/ios_fs/source/fsa.h new file mode 100644 index 0000000..f4e034b --- /dev/null +++ b/source/ios_fs/source/fsa.h @@ -0,0 +1,66 @@ +#pragma once + +#include +#include + +#define FSA_CAPABILITY_ODD_READ (1llu << 0) +#define FSA_CAPABILITY_ODD_WRITE (1llu << 1) +#define FSA_CAPABILITY_ODD_RAW_OPEN (1llu << 2) +#define FSA_CAPABILITY_ODD_MOUNT (1llu << 3) +#define FSA_CAPABILITY_SLCCMPT_READ (1llu << 4) +#define FSA_CAPABILITY_SLCCMPT_WRITE (1llu << 5) +#define FSA_CAPABILITY_SLCCMPT_RAW_OPEN (1llu << 6) +#define FSA_CAPABILITY_SLCCMPT_MOUNT (1llu << 7) +#define FSA_CAPABILITY_SLC_READ (1llu << 8) +#define FSA_CAPABILITY_SLC_WRITE (1llu << 9) +#define FSA_CAPABILITY_SLC_RAW_OPEN (1llu << 10) +#define FSA_CAPABILITY_SLC_MOUNT (1llu << 11) +#define FSA_CAPABILITY_MLC_READ (1llu << 12) +#define FSA_CAPABILITY_MLC_WRITE (1llu << 13) +#define FSA_CAPABILITY_MLC_RAW_OPEN (1llu << 14) +#define FSA_CAPABILITY_MLC_MOUNT (1llu << 15) +#define FSA_CAPABILITY_SDCARD_READ (1llu << 16) +#define FSA_CAPABILITY_SDCARD_WRITE (1llu << 17) +#define FSA_CAPABILITY_SDCARD_RAW_OPEN (1llu << 18) +#define FSA_CAPABILITY_SDCARD_MOUNT (1llu << 19) +#define FSA_CAPABILITY_HFIO_READ (1llu << 20) +#define FSA_CAPABILITY_HFIO_WRITE (1llu << 21) +#define FSA_CAPABILITY_HFIO_RAW_OPEN (1llu << 22) +#define FSA_CAPABILITY_HFIO_MOUNT (1llu << 23) +#define FSA_CAPABILITY_RAMDISK_READ (1llu << 24) +#define FSA_CAPABILITY_RAMDISK_WRITE (1llu << 25) +#define FSA_CAPABILITY_RAMDISK_RAW_OPEN (1llu << 26) +#define FSA_CAPABILITY_RAMDISK_MOUNT (1llu << 27) +#define FSA_CAPABILITY_USB_READ (1llu << 28) +#define FSA_CAPABILITY_USB_WRITE (1llu << 29) +#define FSA_CAPABILITY_USB_RAW_OPEN (1llu << 30) +#define FSA_CAPABILITY_USB_MOUNT (1llu << 31) +#define FSA_CAPABILITY_OTHER_READ (1llu << 32) +#define FSA_CAPABILITY_OTHER_WRITE (1llu << 33) +#define FSA_CAPABILITY_OTHER_RAW_OPEN (1llu << 34) +#define FSA_CAPABILITY_OTHER_MOUNT (1llu << 35) + +typedef struct __attribute__((packed)) { + uint32_t initialized; + uint64_t titleId; + uint32_t processId; + uint32_t groupId; + uint32_t unk0; + uint64_t capabilityMask; + uint8_t unk1[0x4518]; + char unk2[0x280]; + char unk3[0x280]; + void *mutex; +} FSAProcessData; +static_assert(sizeof(FSAProcessData) == 0x4A3C, "FSAProcessData: wrong size"); + +typedef struct __attribute__((packed)) { + uint32_t opened; + FSAProcessData *processData; + char unk0[0x10]; + char unk1[0x90]; + uint32_t unk2; + char work_dir[0x280]; + uint32_t unk3; +} FSAClientHandle; +static_assert(sizeof(FSAClientHandle) == 0x330, "FSAClientHandle: wrong size"); diff --git a/source/ios_fs/source/main.c b/source/ios_fs/source/main.c index 0a4dffb..48bc0a2 100644 --- a/source/ios_fs/source/main.c +++ b/source/ios_fs/source/main.c @@ -1,35 +1,15 @@ +#include "fsa.h" #include "ipc_types.h" -#include #include #include -typedef struct __attribute__((packed)) { - uint32_t initialized; - uint64_t titleId; - uint32_t processId; - uint32_t groupId; - uint32_t unk0; - uint64_t capabilityMask; - uint8_t unk1[0x4518]; - char unk2[0x280]; - char unk3[0x280]; - void *mutex; -} FSAProcessData; -static_assert(sizeof(FSAProcessData) == 0x4A3C, "FSAProcessData: wrong size"); - -typedef struct __attribute__((packed)) { - uint32_t opened; - FSAProcessData *processData; - char unk0[0x10]; - char unk1[0x90]; - uint32_t unk2; - char work_dir[0x280]; - uint32_t unk3; -} FSAClientHandle; -static_assert(sizeof(FSAClientHandle) == 0x330, "FSAClientHandle: wrong size"); - #define PATCHED_CLIENT_HANDLES_MAX_COUNT 0x40 +// Disable raw access to every device except ODD and USB +#define DISABLED_CAPABILITIES \ + (FSA_CAPABILITY_SLCCMPT_RAW_OPEN | FSA_CAPABILITY_SLC_RAW_OPEN | FSA_CAPABILITY_MLC_RAW_OPEN | FSA_CAPABILITY_SDCARD_RAW_OPEN | \ + FSA_CAPABILITY_HFIO_RAW_OPEN | FSA_CAPABILITY_RAMDISK_RAW_OPEN | FSA_CAPABILITY_OTHER_RAW_OPEN) + FSAClientHandle *patchedClientHandles[PATCHED_CLIENT_HANDLES_MAX_COUNT]; int (*const IOS_ResourceReply)(void *, int32_t) = (void *) 0x107f6b4c; @@ -64,7 +44,7 @@ int FSA_IOCTLV_HOOK(ResourceRequest *param_1, uint32_t u2, uint32_t u3) { int toBeRestored = 0; for (int i = 0; i < PATCHED_CLIENT_HANDLES_MAX_COUNT; i++) { if (patchedClientHandles[i] == clientHandle) { - clientHandle->processData->capabilityMask = 0xffffffffffffffffL; + clientHandle->processData->capabilityMask = 0xffffffffffffffffL & ~DISABLED_CAPABILITIES; // printf("IOCTL: Force mask to 0xFFFFFFFFFFFFFFFF for client %08X\n", (uint32_t) clientHandle); toBeRestored = 1; break; @@ -89,7 +69,7 @@ int FSA_IOCTL_HOOK(ResourceRequest *request, uint32_t u2, uint32_t u3, uint32_t for (int i = 0; i < PATCHED_CLIENT_HANDLES_MAX_COUNT; i++) { if (patchedClientHandles[i] == clientHandle) { // printf("IOCTL: Force mask to 0xFFFFFFFFFFFFFFFF for client %08X\n", (uint32_t) clientHandle); - clientHandle->processData->capabilityMask = 0xffffffffffffffffL; + clientHandle->processData->capabilityMask = 0xffffffffffffffffL & ~DISABLED_CAPABILITIES; toBeRestored = 1; break; }