diff --git a/source/loader/alt_ios.cpp b/source/loader/alt_ios.cpp index df11cf3b..8e4a3d99 100644 --- a/source/loader/alt_ios.cpp +++ b/source/loader/alt_ios.cpp @@ -25,7 +25,7 @@ extern "C" {extern u8 currentPartition;} extern int __Arena2Lo; u8 use_port1 = 0; -#define HAVE_AHBPROT ((*(vu32*)0xcd800064 == 0xFFFFFFFF) ? 1 : 0) +#define HAVE_AHBPROT ((*(vu32*)0xcd800064 == 0xFFFFFFFF) ? 1 : 0) static int load_ehc_module_ex(void) { @@ -79,6 +79,36 @@ void load_dip_249() mload_close(); } +/* Thanks to postloader for that patch */ +#define MEM2_PROT 0x0D8B420A +#define ES_MODULE_START (u16*)0x939F0000 + +static const u16 ticket_check[] = { + 0x685B, // ldr r3,[r3,#4] ; get TMD pointer + 0x22EC, 0x0052, // movls r2, 0x1D8 + 0x189B, // adds r3, r3, r2; add offset of access rights field in TMD + 0x681B, // ldr r3, [r3] ; load access rights (haxxme!) + 0x4698, // mov r8, r3 ; store it for the DVD video bitcheck later + 0x07DB // lsls r3, r3, #31; check AHBPROT bit +}; + +static void PatchAHB() +{ + // Disable memory protection + write16(MEM2_PROT, 2); + + for(u16 *patchme = ES_MODULE_START; patchme < ES_MODULE_START + 0x4000; patchme++) + { + if(!memcmp(patchme, ticket_check, sizeof(ticket_check))) + { + // write16/uncached poke doesn't work for this. Go figure. + patchme[4] = 0x23FF; // li r3, 0xFF + DCFlushRange(patchme + 4, 2); + break; + } + } +} + bool loadIOS(int ios, bool launch_game, bool emu_channel) { #ifndef DOLPHIN @@ -99,7 +129,10 @@ bool loadIOS(int ios, bool launch_game, bool emu_channel) USBStorage2_Deinit(); mload_close(); - gprintf("Reloading into IOS %i from %i (AHBPROT: %u)...\n", ios, IOS_GetVersion(), HAVE_AHBPROT); + gprintf("Reloading into IOS %i from %i...\n", ios, IOS_GetVersion()); + if(HAVE_AHBPROT && ios == 58) //IOS58 with AHBPROT patched out for Homebrew + PatchAHB(); + ISFS_Deinitialize(); bool iosOK = IOS_ReloadIOS(ios) == 0; ISFS_Initialize(); @@ -110,6 +143,7 @@ bool loadIOS(int ios, bool launch_game, bool emu_channel) else if(CurrentIOS.Type == IOS_TYPE_WANIN && CurrentIOS.Revision >= 18) load_dip_249(); + gprintf("AHBPROT after IOS Reload: %u\n", HAVE_AHBPROT); if(!emu_channel) { if(launch_game) diff --git a/source/menu/menu_game.cpp b/source/menu/menu_game.cpp index f7bbdc94..2c85d393 100644 --- a/source/menu/menu_game.cpp +++ b/source/menu/menu_game.cpp @@ -873,6 +873,7 @@ void CMenu::_launchGC(dir_discHdr *hdr, bool disc) GC_SetLanguage(GClanguage); if(loader == 2) { + loadIOS(58, true, true); writeStub(); DEVO_Boot(); } @@ -904,6 +905,7 @@ void CMenu::_launchHomebrew(const char *filepath, vector arguments) USBStorage2_Deinit(); USB_Deinitialize(); #endif + loadIOS(58, true, true); writeStub(); BootHomebrew(); }