-reloading IOS to IOS58 before booting homebrew/devolution

-added AHBPROT patch before reloading to IOS58 (thanks postloader)
2024-11-01 09:05:06 +01:00 · 2012-08-18 13:38:25 +00:00 · 2012-08-18 13:38:25 +00:00 · 09fb55ae74
commit 09fb55ae74
parent bcfae365b1
2 changed files with 38 additions and 2 deletions
--- a/source/loader/alt_ios.cpp
+++ b/source/loader/alt_ios.cpp
@ -25,7 +25,7 @@ extern "C" {extern u8 currentPartition;}
 extern int __Arena2Lo;
 u8 use_port1 = 0;

-#define HAVE_AHBPROT ((*(vu32*)0xcd800064 == 0xFFFFFFFF) ? 1 : 0)
+#define HAVE_AHBPROT	((*(vu32*)0xcd800064 == 0xFFFFFFFF) ? 1 : 0)

 static int load_ehc_module_ex(void)
 {
@ -79,6 +79,36 @@ void load_dip_249()
 	mload_close();
 }

+/* Thanks to postloader for that patch */
+#define MEM2_PROT		0x0D8B420A
+#define ES_MODULE_START	(u16*)0x939F0000
+
+static const u16 ticket_check[] = {
+    0x685B,          // ldr r3,[r3,#4] ; get TMD pointer
+    0x22EC, 0x0052,  // movls r2, 0x1D8
+    0x189B,          // adds r3, r3, r2; add offset of access rights field in TMD
+    0x681B,          // ldr r3, [r3]   ; load access rights (haxxme!)
+    0x4698,          // mov r8, r3     ; store it for the DVD video bitcheck later
+    0x07DB           // lsls r3, r3, #31; check AHBPROT bit
+};
+
+static void PatchAHB()
+{
+	// Disable memory protection
+	write16(MEM2_PROT, 2);
+
+	for(u16 *patchme = ES_MODULE_START; patchme < ES_MODULE_START + 0x4000; patchme++) 
+	{
+		if(!memcmp(patchme, ticket_check, sizeof(ticket_check))) 
+		{
+			// write16/uncached poke doesn't work for this. Go figure.
+			patchme[4] = 0x23FF; // li r3, 0xFF
+			DCFlushRange(patchme + 4, 2);
+			break;
+		}
+	}
+}
+
 bool loadIOS(int ios, bool launch_game, bool emu_channel)
 {
 #ifndef DOLPHIN
@ -99,7 +129,10 @@ bool loadIOS(int ios, bool launch_game, bool emu_channel)
 	USBStorage2_Deinit();
 	mload_close();

-	gprintf("Reloading into IOS %i from %i (AHBPROT: %u)...\n", ios, IOS_GetVersion(), HAVE_AHBPROT);
+	gprintf("Reloading into IOS %i from %i...\n", ios, IOS_GetVersion());
+	if(HAVE_AHBPROT && ios == 58) //IOS58 with AHBPROT patched out for Homebrew
+		PatchAHB();
+
 	ISFS_Deinitialize();
 	bool iosOK = IOS_ReloadIOS(ios) == 0;
 	ISFS_Initialize();
@ -110,6 +143,7 @@ bool loadIOS(int ios, bool launch_game, bool emu_channel)
 	else if(CurrentIOS.Type == IOS_TYPE_WANIN && CurrentIOS.Revision >= 18)
 		load_dip_249();

+	gprintf("AHBPROT after IOS Reload: %u\n", HAVE_AHBPROT);
 	if(!emu_channel)
 	{
 		if(launch_game)
--- a/source/menu/menu_game.cpp
+++ b/source/menu/menu_game.cpp
@ -873,6 +873,7 @@ void CMenu::_launchGC(dir_discHdr *hdr, bool disc)
 	GC_SetLanguage(GClanguage);
 	if(loader == 2)
 	{
+		loadIOS(58, true, true);
 		writeStub();
 		DEVO_Boot();
 	}
@ -904,6 +905,7 @@ void CMenu::_launchHomebrew(const char *filepath, vector<string> arguments)
 	USBStorage2_Deinit();
 	USB_Deinitialize();
 #endif
+	loadIOS(58, true, true);
 	writeStub();
 	BootHomebrew();
 }