The-Homebrew-Cloud/MochaPayload
2
0
Fork 0
mirror of https://github.com/wiiu-env/MochaPayload.git synced 2024-09-30 00:28:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Some code cleanup

Browse Source
This commit is contained in:
GaryOderNichts 2021-04-04 23:51:23 +02:00 committed by Maschell
parent 38625d2efe
commit fdbca1098a
6 changed files with 19 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source/common/ipc_defs.h
View File

@ -222,11 +222,9 @@ typedef struct {
unsigned char unk3[0x12D8 - 0x68];
} MCPLoadFileRequest;
#define IPC_CUSTOM_LOG_STRING 0xFF
#define IPC_CUSTOM_META_XML_SWAP_REQUIRED 0xFE
#define IPC_CUSTOM_START_MCP_THREAD 0xFE
#define IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED 0xFD
#define IPC_CUSTOM_LOAD_CUSTOM_RPX 0xFC
#define IPC_CUSTOM_META_XML_READ 0xFB
#define IPC_CUSTOM_START_MCP_THREAD 0xFA
#define LOAD_FILE_TARGET_SD_CARD 0

8
source/ios_kernel/source/instant_patches.c
View File

@ -78,11 +78,11 @@ void instant_patches_setup(void) {
// allow any region title launch
*(volatile u32 *) (0xE0030498 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0
*(volatile u32 *) (0x050254D6 - 0x05000000 + 0x081C0000) = (volatile u32 *) THUMB_BL(0x050254D6, MCP_LoadFile_patch);
*(volatile u32 *) (0x05025242 - 0x05000000 + 0x081C0000) = (volatile u32 *) THUMB_BL(0x05025242, MCP_ioctl100_patch);
*(volatile u32 *) (0x050254D6 - 0x05000000 + 0x081C0000) = THUMB_BL(0x050254D6, MCP_LoadFile_patch);
*(volatile u32 *) (0x05025242 - 0x05000000 + 0x081C0000) = THUMB_BL(0x05025242, MCP_ioctl100_patch);
*(volatile u32 *) (0x0501dd78 - 0x05000000 + 0x081C0000) = (volatile u32 *) THUMB_BL(0x0501dd78, MCP_ReadCOSXml_patch);
*(volatile u32 *) (0x051105ce - 0x05000000 + 0x081C0000) = (volatile u32 *) THUMB_BL(0x051105ce, MCP_ReadCOSXml_patch);
*(volatile u32 *) (0x0501dd78 - 0x05000000 + 0x081C0000) = THUMB_BL(0x0501dd78, MCP_ReadCOSXml_patch);
*(volatile u32 *) (0x051105ce - 0x05000000 + 0x081C0000) = THUMB_BL(0x051105ce, MCP_ReadCOSXml_patch);
// patch default title id to system menu
*(volatile u32 *) mcp_data_phys(0x050B817C) = *(volatile u32 *) 0x0017FFF0;

3
source/ios_mcp/source/fsa.c
View File

@ -57,8 +57,7 @@ int FSA_Unmount(int fd, char *path, u32 flags) {
return ret;
}
int FSA_FlushVolume(int fd, char* volume_path)
{
int FSA_FlushVolume(int fd, char* volume_path) {
u8* iobuf = allocIobuf();
u32* inbuf = (u32*)iobuf;
u32* outbuf = (u32*)&iobuf[0x520];

3
source/ios_mcp/source/ipc.c
View File

@ -362,8 +362,7 @@ static int ipc_ioctl(ipcmessage *message) {
message->ioctl.buffer_io[0] = FSA_ChangeMode(fd, path, mode);
break;
}
case IOCTL_FSA_FLUSHVOLUME:
{
case IOCTL_FSA_FLUSHVOLUME: {
int fd = message->ioctl.buffer_in[0];
char *path = ((char *)message->ioctl.buffer_in) + message->ioctl.buffer_in[1];

35
source/ios_mcp/source/mcp_loadfile.c
View File

@ -35,7 +35,6 @@ static bool doWantReplaceRPX = false;
static bool replace_target_device = 0;
static uint32_t rep_filesize = 0;
static uint32_t rep_fileoffset = 0;
static uint32_t gbl_counter = 0;
static char rpxpath[256];
#define log(fmt, ...) log_printf("%s: " fmt, __FUNCTION__, __VA_ARGS__)
@ -234,37 +233,11 @@ int _MCP_ioctl100_patch(ipcmessage *msg) {
int command = msg->ioctl.buffer_in[0];
switch (command) {
case IPC_CUSTOM_LOG_STRING: {
//DEBUG_FUNCTION_LINE("IPC_CUSTOM_LOG_STRING\n");
if (msg->ioctl.length_in > 4) {
char *str_ptr = (char *) &msg->ioctl.buffer_in[0x04 / 0x04];
str_ptr[msg->ioctl.length_in - 0x04 - 1] = 0;
log_printf("%s", str_ptr);
}
return 1;
}
case IPC_CUSTOM_META_XML_SWAP_REQUIRED: {
//DEBUG_FUNCTION_LINE("IPC_CUSTOM_META_XML_SWAP_REQUIRED\n");
/*if(doWantReplaceXML) {
msg->ioctl.buffer_io[0] = 10;
} else {
msg->ioctl.buffer_io[0] = 11;
}
return 1;*/
}
case IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED: {
DEBUG_FUNCTION_LINE("IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED\n");
skipPPCSetup = true;
return 1;
break;
}
/*
case IPC_CUSTOM_GET_AND_INCR_GBL_COUNTER: {
DEBUG_FUNCTION_LINE("IPC_CUSTOM_GET_AND_INCR_GBL_COUNTER\n");
gbl_counter++;
if(msg->ioctl.length_io >= sizeof(ACPMetaXml)) {
return 1;
}*/
case IPC_CUSTOM_META_XML_READ: {
if (msg->ioctl.length_io >= sizeof(ACPMetaXml)) {
DEBUG_FUNCTION_LINE("IPC_CUSTOM_META_XML_READ\n");
@ -272,7 +245,7 @@ int _MCP_ioctl100_patch(ipcmessage *msg) {
strncpy(app_ptr->longname_en, rpxpath, 256 - 1);
strncpy(app_ptr->shortname_en, rpxpath, 256 - 1);
}
return 1;
break;
}
case IPC_CUSTOM_LOAD_CUSTOM_RPX: {
DEBUG_FUNCTION_LINE("IPC_CUSTOM_LOAD_CUSTOM_RPX\n");
@ -294,11 +267,11 @@ int _MCP_ioctl100_patch(ipcmessage *msg) {
DEBUG_FUNCTION_LINE("Will load %s for next title from target: %d (offset %d, filesize %d)\n", rpxpath, target, rep_fileoffset, rep_filesize);
}
return 1;
break;
}
case IPC_CUSTOM_START_MCP_THREAD: {
_startMainThread();
return 1;
break;
}
default: {
}

17
source/main.cpp
View File

@ -3,21 +3,20 @@
#include <string>
#include <coreinit/cache.h>
#include <coreinit/ios.h>
#include <sysapp/title.h>
#include <whb/log.h>
#include <whb/log_udp.h>
#include "whb/log.h"
#include "whb/log_udp.h"
#include "common/ipc_defs.h"
#include "ios_exploit.h"
extern "C" uint64_t _SYSGetSystemApplicationTitleId(int);
int main(int argc, char **argv) {
WHBLogUdpInit();
WHBLogPrintf("Hello from mocha");
unsigned long long sysmenuIdUll = _SYSGetSystemApplicationTitleId(0);
uint64_t sysmenuIdUll = _SYSGetSystemApplicationTitleId(SYSTEM_APP_ID_HOME_MENU);
memcpy((void *) 0xF417FFF0, &sysmenuIdUll, 8);
DCStoreRange((void *) 0xF417FFF0, 0x8);
@ -26,11 +25,11 @@ int main(int argc, char **argv) {
// When the kernel exploit is set up successfully, we signal the ios to move on.
int mcpFd = IOS_Open("/dev/mcp", (IOSOpenMode) 0);
if (mcpFd >= 0) {
int in = 0xFD;//IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED;
int in = IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED;
int out = 0;
IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out));
in = 0xFA;//IPC_CUSTOM_START_MCP_THREAD;
in = IPC_CUSTOM_START_MCP_THREAD;
out = 0;
IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out));
IOS_Close(mcpFd);