mirror of
https://github.com/Fledge68/WiiFlow_Lite.git
synced 2024-11-24 12:19:16 +01:00
1406 lines
46 KiB
C
1406 lines
46 KiB
C
/*
|
|
* Copyright (C) 2008 Nuke (wiinuke@gmail.com)
|
|
*
|
|
* this file is part of GeckoOS for USB Gecko
|
|
* http://www.usbgecko.com
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*/
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <gccore.h>
|
|
#include <sys/unistd.h>
|
|
|
|
#include "apploader.h"
|
|
#include "patchcode.h"
|
|
#include "memory.h"
|
|
#include "gecko.h"
|
|
#include "../../../source/defines.h"
|
|
|
|
u32 hooktype;
|
|
u8 configbytes[2];
|
|
|
|
extern void patchhook(u32 address, u32 len);
|
|
extern void patchhook2(u32 address, u32 len);
|
|
extern void patchhook3(u32 address, u32 len);
|
|
|
|
extern void multidolpatchone(u32 address, u32 len);
|
|
extern void multidolpatchtwo(u32 address, u32 len);
|
|
|
|
extern void regionfreejap(u32 address, u32 len);
|
|
extern void regionfreeusa(u32 address, u32 len);
|
|
extern void regionfreepal(u32 address, u32 len);
|
|
|
|
extern void removehealthcheck(u32 address, u32 len);
|
|
|
|
extern void copyflagcheck1(u32 address, u32 len);
|
|
extern void copyflagcheck2(u32 address, u32 len);
|
|
extern void copyflagcheck3(u32 address, u32 len);
|
|
extern void copyflagcheck4(u32 address, u32 len);
|
|
extern void copyflagcheck5(u32 address, u32 len);
|
|
|
|
extern void patchupdatecheck(u32 address, u32 len);
|
|
|
|
extern void movedvdhooks(u32 address, u32 len);
|
|
|
|
extern void multidolhook(u32 address);
|
|
extern void langvipatch(u32 address, u32 len, u8 langbyte);
|
|
extern void vipatch(u32 address, u32 len);
|
|
|
|
//static const u32 multidolpatch1[2] = {0x3C03FFB4,0x28004F43};
|
|
//static const u32 multidolpatch2[2] = {0x3F608000, 0x807B0018};
|
|
|
|
//static const u32 healthcheckhook[2] = {0x41810010,0x881D007D};
|
|
//static const u32 updatecheckhook[3] = {0x80650050,0x80850054,0xA0A50058};
|
|
|
|
//static const u32 recoveryhooks[3] = {0xA00100AC,0x5400073E,0x2C00000F};
|
|
|
|
//static const u32 nocopyflag1[3] = {0x540007FF, 0x4182001C, 0x80630068};
|
|
//static const u32 nocopyflag2[3] = {0x540007FF, 0x41820024, 0x387E12E2};
|
|
// this one is for the GH3 and VC saves
|
|
//static const u32 nocopyflag3[5] = {0x2C030000, 0x40820010, 0x88010020, 0x28000002, 0x41820234};
|
|
//static const u32 nocopyflag3[5] = {0x2C030000, 0x41820200,0x48000058,0x38610100};
|
|
// this removes the display warning for no copy VC and GH3 saves
|
|
//static const u32 nocopyflag4[4] = {0x80010008, 0x2C000000, 0x4182000C, 0x3BE00001};
|
|
//static const u32 nocopyflag5[3] = {0x801D0024,0x540007FF,0x41820024};
|
|
|
|
//static const u32 movedvdpatch[3] = {0x2C040000, 0x41820120, 0x3C608109};
|
|
//static const u32 regionfreehooks[5] = {0x7C600774, 0x2C000001, 0x41820030,0x40800010,0x2C000000};
|
|
//static const u32 cIOScode[16] = {0x7f06c378, 0x7f25cb78, 0x387e02c0, 0x4cc63182};
|
|
//static const u32 cIOSblock[16] = {0x2C1800F9, 0x40820008, 0x3B000024};
|
|
//static const u32 fwritepatch[8] = {0x9421FFD0,0x7C0802A6,0x90010034,0xBF210014,0x7C9B2378,0x7CDC3378,0x7C7A1B78,0x7CB92B78}; // bushing fwrite
|
|
static const u32 vipatchcode[3] = {0x4182000C,0x4180001C,0x48000018};
|
|
|
|
const u32 viwiihooks[4] = {0x7CE33B78,0x38870034,0x38A70038,0x38C7004C};
|
|
const u32 kpadhooks[4] = {0x9A3F005E,0x38AE0080,0x389FFFFC,0x7E0903A6};
|
|
const u32 kpadoldhooks[6] = {0x801D0060, 0x901E0060, 0x801D0064, 0x901E0064, 0x801D0068, 0x901E0068};
|
|
const u32 joypadhooks[4] = {0x3AB50001, 0x3A73000C, 0x2C150004, 0x3B18000C};
|
|
const u32 gxdrawhooks[4] = {0x3CA0CC01, 0x38000061, 0x3C804500, 0x98058000};
|
|
const u32 gxflushhooks[4] = {0x90010014, 0x800305FC, 0x2C000000, 0x41820008};
|
|
const u32 ossleepthreadhooks[4] = {0x90A402E0, 0x806502E4, 0x908502E4, 0x2C030000};
|
|
const u32 axnextframehooks[4] = {0x3800000E, 0x7FE3FB78, 0xB0050000, 0x38800080};
|
|
const u32 wpadbuttonsdownhooks[4] = {0x7D6B4A14, 0x816B0010, 0x7D635B78, 0x4E800020};
|
|
const u32 wpadbuttonsdown2hooks[4] = {0x7D6B4A14, 0x800B0010, 0x7C030378, 0x4E800020};
|
|
|
|
const u32 multidolhooks[4] = {0x7C0004AC, 0x4C00012C, 0x7FE903A6, 0x4E800420};
|
|
const u32 multidolchanhooks[4] = {0x4200FFF4, 0x48000004, 0x38800000, 0x4E800020};
|
|
|
|
const u32 langpatch[3] = {0x7C600775, 0x40820010, 0x38000000};
|
|
|
|
//static const u32 oldpatch002[3] = {0x2C000000, 0x40820214, 0x3C608000};
|
|
//static const u32 newpatch002[3] = {0x2C000000, 0x48000214, 0x3C608000};
|
|
|
|
unsigned char sig_fwrite[32] =
|
|
{
|
|
0x94, 0x21, 0xFF, 0xD0,
|
|
0x7C, 0x08, 0x02, 0xA6,
|
|
0x90, 0x01, 0x00, 0x34,
|
|
0xBF, 0x21, 0x00, 0x14,
|
|
0x7C, 0x9B, 0x23, 0x78,
|
|
0x7C, 0xDC, 0x33, 0x78,
|
|
0x7C, 0x7A, 0x1B, 0x78,
|
|
0x7C, 0xB9, 0x2B, 0x78,
|
|
} ;
|
|
|
|
unsigned char patch_fwrite[144] =
|
|
{
|
|
0x7C, 0x85, 0x21, 0xD7, 0x40, 0x81, 0x00, 0x84, 0x3C, 0xE0, 0xCD, 0x00, 0x3D, 0x40, 0xCD, 0x00,
|
|
0x3D, 0x60, 0xCD, 0x00, 0x60, 0xE7, 0x68, 0x14, 0x61, 0x4A, 0x68, 0x24, 0x61, 0x6B, 0x68, 0x20,
|
|
0x38, 0xC0, 0x00, 0x00, 0x7C, 0x06, 0x18, 0xAE, 0x54, 0x00, 0xA0, 0x16, 0x64, 0x08, 0xB0, 0x00,
|
|
0x38, 0x00, 0x00, 0xD0, 0x90, 0x07, 0x00, 0x00, 0x7C, 0x00, 0x06, 0xAC, 0x91, 0x0A, 0x00, 0x00,
|
|
0x7C, 0x00, 0x06, 0xAC, 0x38, 0x00, 0x00, 0x19, 0x90, 0x0B, 0x00, 0x00, 0x7C, 0x00, 0x06, 0xAC,
|
|
0x80, 0x0B, 0x00, 0x00, 0x7C, 0x00, 0x04, 0xAC, 0x70, 0x09, 0x00, 0x01, 0x40, 0x82, 0xFF, 0xF4,
|
|
0x80, 0x0A, 0x00, 0x00, 0x7C, 0x00, 0x04, 0xAC, 0x39, 0x20, 0x00, 0x00, 0x91, 0x27, 0x00, 0x00,
|
|
0x7C, 0x00, 0x06, 0xAC, 0x74, 0x09, 0x04, 0x00, 0x41, 0x82, 0xFF, 0xB8, 0x38, 0xC6, 0x00, 0x01,
|
|
0x7F, 0x86, 0x20, 0x00, 0x40, 0x9E, 0xFF, 0xA0, 0x7C, 0xA3, 0x2B, 0x78, 0x4E, 0x80, 0x00, 0x20,
|
|
};
|
|
|
|
unsigned char sig_setting[40] =
|
|
{
|
|
0x2f, 0x74, 0x69, 0x74,
|
|
0x6c, 0x65, 0x2f, 0x30,
|
|
0x30, 0x30, 0x30, 0x30,
|
|
0x30, 0x30, 0x31, 0x2f,
|
|
0x30, 0x30, 0x30, 0x30,
|
|
0x30, 0x30, 0x30, 0x32,
|
|
0x2f, 0x64, 0x61, 0x74,
|
|
0x61, 0x2f, 0x73, 0x65,
|
|
0x74, 0x74, 0x69, 0x6e,
|
|
0x67, 0x2e, 0x74, 0x78,
|
|
};
|
|
|
|
unsigned char sig_SYSCONF[20] =
|
|
{
|
|
0x2f, 0x73, 0x68, 0x61,
|
|
0x72, 0x65, 0x64, 0x32,
|
|
0x2f, 0x73, 0x79, 0x73,
|
|
0x2f, 0x53, 0x59, 0x53,
|
|
0x43, 0x4f, 0x4e, 0x46,
|
|
};
|
|
|
|
//unsigned char patch_SYSCONF[20] =
|
|
//{
|
|
// 0x2f, 0x74, 0x6d, 0x70,
|
|
// 0x2f, 0x73, 0x79, 0x73,
|
|
// 0x2f, 0x53, 0x59, 0x53,
|
|
// 0x43, 0x4f, 0x4e, 0x46,
|
|
// 0x00, 0x00, 0x00, 0x00,
|
|
//};
|
|
|
|
unsigned char patch_SYSCONF[20] =
|
|
{
|
|
0x2f, 0x73, 0x79, 0x73,
|
|
0x2f, 0x77, 0x69, 0x69,
|
|
0x66, 0x6c, 0x6f, 0x77,
|
|
0x2e, 0x72, 0x65, 0x67,
|
|
0x00, 0x00, 0x00, 0x00,
|
|
};
|
|
|
|
unsigned char patch_setting[44] =
|
|
{
|
|
0x2f, 0x74, 0x6d, 0x70,
|
|
0x2f, 0x73, 0x79, 0x73,
|
|
0x2f, 0x73, 0x65, 0x74,
|
|
0x74, 0x69, 0x6e, 0x67,
|
|
0x2e, 0x74, 0x78, 0x74,
|
|
0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00,
|
|
};
|
|
|
|
const u8 PATTERN[12][2] = {
|
|
{6, 6}, {6, 6}, {6, 6},
|
|
{6, 6}, {6, 6}, {6, 6},
|
|
{6, 6}, {6, 6}, {6, 6},
|
|
{6, 6}, {6, 6}, {6, 6}
|
|
};
|
|
|
|
const u8 PATTERN_AA[12][2] = {
|
|
{3, 2}, {9, 6}, {3, 10},
|
|
{3, 2}, {9, 6}, {3, 10},
|
|
{9, 2}, {3, 6}, {9, 10},
|
|
{9, 2}, {3, 6}, {9, 10}
|
|
};
|
|
|
|
bool dogamehooks(void *addr, u32 len, bool channel)
|
|
{
|
|
/*
|
|
0 No Hook
|
|
1 VBI
|
|
2 KPAD read
|
|
3 Joypad Hook
|
|
4 GXDraw Hook
|
|
5 GXFlush Hook
|
|
6 OSSleepThread Hook
|
|
7 AXNextFrame Hook
|
|
*/
|
|
|
|
void *addr_start = addr;
|
|
void *addr_end = addr+len;
|
|
bool hookpatched = false;
|
|
|
|
while(addr_start < addr_end)
|
|
{
|
|
switch(hooktype)
|
|
{
|
|
case 0x00:
|
|
hookpatched = true;
|
|
break;
|
|
|
|
case 0x01:
|
|
if(memcmp(addr_start, viwiihooks, sizeof(viwiihooks))==0)
|
|
{
|
|
patchhook((u32)addr_start, len);
|
|
hookpatched = true;
|
|
}
|
|
break;
|
|
|
|
case 0x02:
|
|
if(memcmp(addr_start, kpadhooks, sizeof(kpadhooks))==0)
|
|
{
|
|
patchhook((u32)addr_start, len);
|
|
hookpatched = true;
|
|
}
|
|
|
|
if(memcmp(addr_start, kpadoldhooks, sizeof(kpadoldhooks))==0)
|
|
{
|
|
patchhook((u32)addr_start, len);
|
|
hookpatched = true;
|
|
}
|
|
break;
|
|
|
|
case 0x03:
|
|
if(memcmp(addr_start, joypadhooks, sizeof(joypadhooks))==0)
|
|
{
|
|
patchhook((u32)addr_start, len);
|
|
hookpatched = true;
|
|
}
|
|
break;
|
|
|
|
case 0x04:
|
|
if(memcmp(addr_start, gxdrawhooks, sizeof(gxdrawhooks))==0)
|
|
{
|
|
patchhook((u32)addr_start, len);
|
|
hookpatched = true;
|
|
}
|
|
break;
|
|
|
|
case 0x05:
|
|
if(memcmp(addr_start, gxflushhooks, sizeof(gxflushhooks))==0)
|
|
{
|
|
patchhook((u32)addr_start, len);
|
|
hookpatched = true;
|
|
}
|
|
break;
|
|
|
|
case 0x06:
|
|
if(memcmp(addr_start, ossleepthreadhooks, sizeof(ossleepthreadhooks))==0)
|
|
{
|
|
patchhook((u32)addr_start, len);
|
|
hookpatched = true;
|
|
}
|
|
break;
|
|
|
|
case 0x07:
|
|
if(memcmp(addr_start, axnextframehooks, sizeof(axnextframehooks))==0)
|
|
{
|
|
patchhook((u32)addr_start, len);
|
|
hookpatched = true;
|
|
}
|
|
break;
|
|
|
|
case 0x08:
|
|
/* if(memcmp(addr_start, customhook, customhooksize)==0)
|
|
{
|
|
patchhook((u32)addr_start, len);
|
|
hookpatched = true;
|
|
} */
|
|
break;
|
|
}
|
|
if (hooktype != 0)
|
|
{
|
|
if(channel && memcmp(addr_start, multidolchanhooks, sizeof(multidolchanhooks))==0)
|
|
{
|
|
*(((u32*)addr_start)+1) = 0x7FE802A6;
|
|
DCFlushRange(((u32*)addr_start)+1, 4);
|
|
|
|
multidolhook((u32)addr_start+sizeof(multidolchanhooks)-4);
|
|
hookpatched = true;
|
|
}
|
|
else if(!channel && memcmp(addr_start, multidolhooks, sizeof(multidolhooks))==0)
|
|
{
|
|
multidolhook((u32)addr_start+sizeof(multidolhooks)-4);
|
|
hookpatched = true;
|
|
}
|
|
}
|
|
addr_start += 4;
|
|
}
|
|
return hookpatched;
|
|
}
|
|
|
|
void langpatcher(void *addr, u32 len)
|
|
{
|
|
void *addr_start = addr;
|
|
void *addr_end = addr+len;
|
|
|
|
while(addr_start < addr_end)
|
|
{
|
|
if(memcmp(addr_start, langpatch, sizeof(langpatch))==0)
|
|
if(configbytes[0] != 0xCD)
|
|
langvipatch((u32)addr_start, len, configbytes[0]);
|
|
addr_start += 4;
|
|
}
|
|
}
|
|
|
|
void vidolpatcher(void *addr, u32 len)
|
|
{
|
|
void *addr_start = addr;
|
|
void *addr_end = addr+len;
|
|
|
|
while(addr_start < addr_end)
|
|
{
|
|
if(memcmp(addr_start, vipatchcode, sizeof(vipatchcode))==0)
|
|
vipatch((u32)addr_start, len);
|
|
addr_start += 4;
|
|
}
|
|
}
|
|
|
|
void PatchVideoSneek(void *addr, u32 len)
|
|
{
|
|
u8 *addr_start = addr;
|
|
u8 *addr_end = addr+len;
|
|
|
|
while(addr_start < addr_end)
|
|
{
|
|
if(*(vu32*)(addr_start) == 0x3C608000)
|
|
{
|
|
if(((*(vu32*)(addr_start+4) & 0xFC1FFFFF ) == 0x800300CC) && ((*(vu32*)(addr_start+8) >> 24) == 0x54))
|
|
*(vu32*)(addr_start+4) = 0x5400F0BE | ((*(vu32*)(addr_start+4) & 0x3E00000) >> 5);
|
|
}
|
|
addr_start += 4;
|
|
}
|
|
}
|
|
|
|
//giantpune's magic super patch to return to channels
|
|
|
|
static u32 ad[ 4 ] = { 0, 0, 0, 0 };//these variables are global on the off chance the different parts needed
|
|
static u8 found = 0; //to find in the dol are found in different sections of the dol
|
|
static u8 returnToPatched = 0;
|
|
|
|
bool PatchReturnTo( void *Address, int Size, u32 id )
|
|
{
|
|
if( !id || returnToPatched )
|
|
return 0;
|
|
//gprintf("PatchReturnTo( %p, %08x, %08x )\n", Address, Size, id );
|
|
|
|
//new __OSLoadMenu() (SM2.0 and higher)
|
|
u8 SearchPattern[ 12 ] = { 0x38, 0x80, 0x00, 0x02, 0x38, 0x60, 0x00, 0x01, 0x38, 0xa0, 0x00, 0x00 }; //li r4,2
|
|
//li r3,1
|
|
//li r5,0
|
|
//old _OSLoadMenu() (used in launch games)
|
|
u8 SearchPatternB[ 12 ] = { 0x38, 0xC0, 0x00, 0x02, 0x38, 0xA0, 0x00, 0x01, 0x38, 0xE0, 0x00, 0x00 }; //li r6,2
|
|
//li r5,1
|
|
//li r7,0
|
|
//identifier for the safe place
|
|
u8 SearchPattern2[ 12 ] = { 0x4D, 0x65, 0x74, 0x72, 0x6F, 0x77, 0x65, 0x72, 0x6B, 0x73, 0x20, 0x54 }; //"Metrowerks T"
|
|
|
|
u8 oldSDK = 0;
|
|
found = 0;
|
|
|
|
void *Addr = Address;
|
|
void *Addr_end = Address+Size;
|
|
|
|
while (Addr <= Addr_end - 12 )
|
|
{
|
|
//find a safe place or the patch to hang out
|
|
if ( ! ad[ 3 ] && memcmp( Addr, SearchPattern2, 12 ) == 0 )
|
|
{
|
|
ad[ 3 ] = (u32)Addr + 0x30;
|
|
}
|
|
//find __OSLaunchMenu() and remember some addresses in it
|
|
else if ( memcmp( Addr, SearchPattern, 12 )==0 )
|
|
{
|
|
ad[ found++ ] = (u32)Addr;
|
|
}
|
|
else if ( ad[ 0 ] && memcmp( Addr, SearchPattern, 8 )==0 ) //after the first match is found, only search the first 8 bytes for the other 2
|
|
{
|
|
if( !ad[ 1 ] ) ad[ found++ ] = (u32)Addr;
|
|
else if( !ad[ 2 ] ) ad[ found++ ] = (u32)Addr;
|
|
if( found >= 3 )break;
|
|
}
|
|
Addr += 4;
|
|
}
|
|
//check for the older-ass version of the SDK
|
|
if( found < 3 && ad[ 3 ] )
|
|
{
|
|
Addr = Address;
|
|
ad[ 0 ] = 0;
|
|
ad[ 1 ] = 0;
|
|
ad[ 2 ] = 0;
|
|
found = 0;
|
|
oldSDK = 1;
|
|
|
|
while (Addr <= Addr_end - 12 )
|
|
{
|
|
//find __OSLaunchMenu() and remember some addresses in it
|
|
if ( memcmp( Addr, SearchPatternB, 12 )==0 )
|
|
{
|
|
ad[ found++ ] = (u32)Addr;
|
|
}
|
|
else if ( ad[ 0 ] && memcmp( Addr, SearchPatternB, 8 ) == 0 ) //after the first match is found, only search the first 8 bytes for the other 2
|
|
{
|
|
if( !ad[ 1 ] ) ad[ found++ ] = (u32)Addr;
|
|
else if( !ad[ 2 ] ) ad[ found++ ] = (u32)Addr;
|
|
if( found >= 3 )break;
|
|
}
|
|
Addr += 4;
|
|
}
|
|
}
|
|
|
|
//if the function is found
|
|
if( found == 3 && ad[ 3 ] )
|
|
{
|
|
gprintf("patch __OSLaunchMenu( 0x00010001, 0x%08x )\n", id);
|
|
u32 nop = 0x60000000;
|
|
|
|
//the magic that writes the TID to the registers
|
|
u8 jump[ 20 ] = { 0x3C, 0x60, 0x00, 0x01, //lis r3,1
|
|
0x60, 0x63, 0x00, 0x01, //ori r3,r3,1
|
|
0x3C, 0x80, (u8)( id >> 24 ), (u8)( id >> 16 ), //lis r4,(u16)(tid >> 16)
|
|
0x60, 0x84, (u8)( id >> 8 ), (u8)id, //ori r4,r4,(u16)(tid)
|
|
0x4E, 0x80, 0x00, 0x20
|
|
}; //blr
|
|
|
|
if( oldSDK )
|
|
{
|
|
jump[ 1 ] = 0xA0; //3CA00001 //lis r5,1
|
|
jump[ 5 ] = 0xA5; //60A50001 //ori r5,r5,1
|
|
jump[ 9 ] = 0xC0; //3CC0AF1B //lis r6,(u16)(tid >> 16)
|
|
jump[ 13 ] = 0xC6;//60C6F516 //ori r6,r6,(u16)(tid)
|
|
}
|
|
|
|
void* addr = (u32*)ad[ 3 ];
|
|
|
|
//write new stuff to in a unused part of the main.dol
|
|
memcpy( addr, jump, sizeof( jump ) );
|
|
|
|
//ES_GetTicketViews()
|
|
u32 newval = ( ad[ 3 ] - ad[ 0 ] );
|
|
newval &= 0x03FFFFFC;
|
|
newval |= 0x48000001;
|
|
addr = (u32*)ad[ 0 ];
|
|
memcpy( addr, &newval, sizeof( u32 ) ); //bl ad[ 3 ]
|
|
memcpy( addr + 4, &nop, sizeof( u32 ) ); //nop
|
|
//gprintf("\t%08x -> %08x\n", addr, newval );
|
|
|
|
//ES_GetTicketViews() again
|
|
newval = ( ad[ 3 ] - ad[ 1 ] );
|
|
newval &= 0x03FFFFFC;
|
|
newval |= 0x48000001;
|
|
addr = (u32*)ad[ 1 ];
|
|
memcpy( addr, &newval, sizeof( u32 ) ); //bl ad[ 3 ]
|
|
memcpy( addr + 4, &nop, sizeof( u32 ) ); //nop
|
|
//gprintf("\t%08x -> %08x\n", addr, newval );
|
|
|
|
//ES_LaunchTitle()
|
|
newval = ( ad[ 3 ] - ad[ 2 ] );
|
|
newval &= 0x03FFFFFC;
|
|
newval |= 0x48000001;
|
|
addr = (u32*)ad[ 2 ];
|
|
memcpy( addr, &newval, sizeof( u32 ) ); //bl ad[ 3 ]
|
|
memcpy( addr + 4, &nop, sizeof( u32 ) ); //nop
|
|
//gprintf("\t%08x -> %08x\n", addr, newval );
|
|
|
|
returnToPatched = 1;
|
|
}
|
|
|
|
return returnToPatched;
|
|
}
|
|
|
|
void PatchAspectRatio(void *addr, u32 len, u8 aspect)
|
|
{
|
|
if(aspect > 1)
|
|
return;
|
|
|
|
static const u32 aspect_searchpattern1[5] = {
|
|
0x9421FFF0, 0x7C0802A6, 0x38800001, 0x90010014, 0x38610008
|
|
};
|
|
|
|
static const u32 aspect_searchpattern2[15] = {
|
|
0x2C030000, 0x40820010, 0x38000000, 0x98010008, 0x48000018,
|
|
0x88010008, 0x28000001, 0x4182000C, 0x38000000, 0x98010008,
|
|
0x80010014, 0x88610008, 0x7C0803A6, 0x38210010, 0x4E800020
|
|
};
|
|
|
|
u8 *addr_start = (u8 *) addr;
|
|
u8 *addr_end = addr_start + len - sizeof(aspect_searchpattern1) - 4 - sizeof(aspect_searchpattern2);
|
|
|
|
while(addr_start < addr_end)
|
|
{
|
|
if( (memcmp(addr_start, aspect_searchpattern1, sizeof(aspect_searchpattern1)) == 0)
|
|
&& (memcmp(addr_start + 4 + sizeof(aspect_searchpattern1), aspect_searchpattern2, sizeof(aspect_searchpattern2)) == 0))
|
|
{
|
|
*((u32 *)(addr_start+0x44)) = (0x38600000 | aspect);
|
|
break;
|
|
}
|
|
addr_start += 4;
|
|
}
|
|
}
|
|
|
|
void Patch_fwrite(void *Address, int Size)
|
|
{
|
|
u8 *addr_start = (u8*)Address;
|
|
u8 *addr_end = (u8*)(Address + Size) - sizeof(patch_fwrite);
|
|
|
|
while(addr_start < addr_end)
|
|
{
|
|
if(memcmp(addr_start, sig_fwrite, sizeof(sig_fwrite)) == 0)
|
|
memcpy(addr_start, patch_fwrite, sizeof(patch_fwrite));
|
|
addr_start += 4;
|
|
}
|
|
}
|
|
|
|
void PatchCountryStrings(void *Address, int Size)
|
|
{
|
|
u8 SearchPattern[4] = {0x00, 0x00, 0x00, 0x00};
|
|
u8 PatchData[4] = {0x00, 0x00, 0x00, 0x00};
|
|
u8 *Addr = (u8*)Address;
|
|
int wiiregion = CONF_GetRegion();
|
|
|
|
switch(wiiregion)
|
|
{
|
|
case CONF_REGION_JP:
|
|
SearchPattern[0] = 0x00;
|
|
SearchPattern[1] = 'J';
|
|
SearchPattern[2] = 'P';
|
|
break;
|
|
case CONF_REGION_EU:
|
|
SearchPattern[0] = 0x02;
|
|
SearchPattern[1] = 'E';
|
|
SearchPattern[2] = 'U';
|
|
break;
|
|
case CONF_REGION_KR:
|
|
SearchPattern[0] = 0x04;
|
|
SearchPattern[1] = 'K';
|
|
SearchPattern[2] = 'R';
|
|
break;
|
|
case CONF_REGION_CN:
|
|
SearchPattern[0] = 0x05;
|
|
SearchPattern[1] = 'C';
|
|
SearchPattern[2] = 'N';
|
|
break;
|
|
case CONF_REGION_US:
|
|
default:
|
|
SearchPattern[0] = 0x01;
|
|
SearchPattern[1] = 'U';
|
|
SearchPattern[2] = 'S';
|
|
}
|
|
|
|
const char DiscRegion = ((u8*)Disc_ID)[3];
|
|
switch(DiscRegion)
|
|
{
|
|
case 'J':
|
|
PatchData[1] = 'J';
|
|
PatchData[2] = 'P';
|
|
break;
|
|
case 'D':
|
|
case 'F':
|
|
case 'P':
|
|
case 'X':
|
|
case 'Y':
|
|
PatchData[1] = 'E';
|
|
PatchData[2] = 'U';
|
|
break;
|
|
|
|
case 'E':
|
|
default:
|
|
PatchData[1] = 'U';
|
|
PatchData[2] = 'S';
|
|
}
|
|
while (Size >= 4)
|
|
{
|
|
if(Addr[0] == SearchPattern[0] && Addr[1] == SearchPattern[1] && Addr[2] == SearchPattern[2] && Addr[3] == SearchPattern[3])
|
|
{
|
|
//*Addr = PatchData[0];
|
|
Addr += 1;
|
|
*Addr = PatchData[1];
|
|
Addr += 1;
|
|
*Addr = PatchData[2];
|
|
Addr += 1;
|
|
//*Addr = PatchData[3];
|
|
Addr += 1;
|
|
Size -= 4;
|
|
}
|
|
else
|
|
{
|
|
Addr += 4;
|
|
Size -= 4;
|
|
}
|
|
}
|
|
}
|
|
|
|
s32 BlockIOSReload(void)
|
|
{
|
|
/* Open ES Module */
|
|
s32 ESHandle = IOS_Open("/dev/es", 0);
|
|
/* IOS Reload Block */
|
|
static ioctlv block_vector[2] ATTRIBUTE_ALIGN(32);
|
|
static u32 mode ATTRIBUTE_ALIGN(32);
|
|
static u32 ios ATTRIBUTE_ALIGN(32);
|
|
mode = 2;
|
|
block_vector[0].data = &mode;
|
|
block_vector[0].len = sizeof(u32);
|
|
ios = IOS_GetVersion();
|
|
block_vector[1].data = &ios;
|
|
block_vector[1].len = sizeof(u32);
|
|
s32 ret = IOS_Ioctlv(ESHandle, 0xA0, 2, 0, block_vector);
|
|
/* Close ES Module */
|
|
IOS_Close(ESHandle);
|
|
return ret;
|
|
}
|
|
|
|
void PatchRegion(void *Address, int Size)
|
|
{
|
|
u8 *addr_start = (u8*)Address;
|
|
u8 *addr_end = (u8*)(Address + Size);
|
|
|
|
while(addr_start < addr_end)
|
|
{
|
|
if(!memcmp(addr_start, sig_setting, sizeof(sig_setting)))
|
|
{
|
|
gprintf("Patching setting region\n");
|
|
memcpy(addr_start, patch_setting, sizeof(patch_setting));
|
|
}
|
|
if(!memcmp(addr_start, sig_SYSCONF, sizeof(sig_SYSCONF)))
|
|
{
|
|
gprintf("Patching SYSCONF region\n");
|
|
memcpy(addr_start, patch_SYSCONF, sizeof(patch_SYSCONF));
|
|
}
|
|
addr_start += 4;
|
|
}
|
|
}
|
|
|
|
/** Patch URLs for private Servers - Thanks to ULGX **/
|
|
void PrivateServerPatcher(void *addr, u32 len, u8 private_server)
|
|
{
|
|
// Patch protocol https -> http
|
|
char *cur = (char *)addr;
|
|
const char *end = cur + len - 8;
|
|
do
|
|
{
|
|
if (memcmp(cur, "https://", 8) == 0 && cur[8] != 0)
|
|
{
|
|
int len = strlen(cur);
|
|
memmove(cur + 4, cur + 5, len - 5);
|
|
cur[len - 1] = 0;
|
|
cur += len;
|
|
}
|
|
}
|
|
while (++cur < end);
|
|
if(private_server == PRIVSERV_WIIMMFI)
|
|
domainpatcher(addr, len, "wiimmfi.de");
|
|
}
|
|
|
|
void domainpatcher(void *addr, u32 len, const char* domain)
|
|
{
|
|
if(strlen("nintendowifi.net") < strlen(domain))
|
|
return;
|
|
|
|
char *cur = (char *)addr;
|
|
const char *end = cur + len - 16;
|
|
|
|
do
|
|
{
|
|
if (memcmp(cur, "nintendowifi.net", 16) == 0)
|
|
{
|
|
int len = strlen(cur);
|
|
u8 i;
|
|
memcpy(cur, domain, strlen(domain));
|
|
memmove(cur + strlen(domain), cur + 16, len - 16);
|
|
for(i = 16 - strlen(domain); i > 0 ; i--)
|
|
cur[len - i ] = 0;
|
|
cur += len;
|
|
}
|
|
}
|
|
while (++cur < end);
|
|
}
|
|
|
|
/** 480p Pixel Fix Patch by leseratte
|
|
fix for a Nintendo Revolution SDK bug found by Extrems affecting early Wii console when using 480p video mode.
|
|
https://shmups.system11.org/viewtopic.php?p=1361158#p1361158
|
|
https://github.com/ExtremsCorner/libogc-rice/commit/941d687e271fada68c359bbed98bed1fbb454448
|
|
**/
|
|
void PatchFix480p()
|
|
{
|
|
u8 prefix[2] = { 0x4b, 0xff };
|
|
|
|
/// Patch offset: ----------VVVVVVVV
|
|
u32 Pattern_MKW[8] = { 0x38000065, 0x9b810019, 0x38810018, 0x386000e0, 0x98010018, 0x38a00002};
|
|
u32 patches_MKW[2] = { 0x38600003, 0x98610019 };
|
|
/// Used by: MKWii, Wii Play, Need for Speed Nitro, Wii Sports, ...
|
|
|
|
/// Patch offset: ----------------------------------------------VVVVVVVV
|
|
u32 Pattern_NSMB[8] = { 0x38000065, 0x9801001c, 0x3881001c, 0x386000e0, 0x9b81001d, 0x38a00002};
|
|
u32 patches_NSMB[2] = { 0x38a00003, 0x98a1001d };
|
|
/// Used by: New Super Mario Bros, ...
|
|
|
|
/*
|
|
* Code block that is being patched (in MKW):
|
|
*
|
|
* 4bffe30d: bl WaitMicroTime
|
|
* 38000065: li r0, 0x65
|
|
* 9b810019: stb r28, 25(r1) // store the wrong value (1)
|
|
* 38810018: addi r4, r1, 0x18
|
|
* 386000e0: li r3, 0xe0
|
|
* 98010018: stb r0, 24(r1)
|
|
* 38a00002: li r5, 2
|
|
* 4bffe73d: bl __VISendI2CData
|
|
*
|
|
* r28 is a register that is set to 1 at the beginning of the function.
|
|
* However, its contents are used elsewhere as well, so we can't just modify this one function.
|
|
*
|
|
* The following code first searches for one of the patterns above, then replaces the
|
|
* "stb r28, 25(r1)" instruction that stores the wrong value on the stack with a branch instead
|
|
* That branch branches to the injected custom code ("li r3, 3; stb r3, 25(r1)") that stores the
|
|
* correct value (3) instead. At the end of the injected code will be another branch that branches
|
|
* back to the instruction after the one that has been replaced (so, to "addi r4, r1, 0x18").
|
|
* r3 can safely be used as a temporary register because its contents will be replaced immediately
|
|
* afterwards anyways.
|
|
*
|
|
*/
|
|
|
|
void * offset = NULL;
|
|
void * addr = (void*)0x80000000;
|
|
u32 len = 0x900000;
|
|
|
|
void * patch_ptr = 0 ;
|
|
void * a = addr;
|
|
|
|
while ((char*)a < ((char*)addr + len)) {
|
|
if (memcmp(a, &Pattern_MKW, 6 * 4) == 0) {
|
|
// Found pattern?
|
|
if (memcmp(a - 4, &prefix, 2) == 0) {
|
|
if (memcmp(a + 8*4, &prefix, 2) == 0) {
|
|
offset = a + 4;
|
|
//hexdump (a, 30);
|
|
patch_ptr = &patches_MKW;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
else if (memcmp(a, &Pattern_NSMB, 6 * 4) == 0) {
|
|
// Found pattern?
|
|
if (memcmp(a - 4, &prefix, 2) == 0) {
|
|
if (memcmp(a + 8*4, &prefix, 2) == 0) {
|
|
offset = a + 16;
|
|
//hexdump (a, 30);
|
|
patch_ptr = &patches_NSMB;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
a+= 4;
|
|
}
|
|
|
|
|
|
|
|
if (offset == 0) {
|
|
// offset is still 0, we didn't find the pattern, return
|
|
gprintf("Didn't find offset for 480p patch!\n");
|
|
return;
|
|
}
|
|
|
|
// If we are here, we found the offset. Lets grab some space
|
|
// from the heap for our patch
|
|
u32 old_heap_ptr = *(u32*)0x80003110;
|
|
*((u32*)0x80003110) = (old_heap_ptr - 0x20);
|
|
u32 heap_space = old_heap_ptr-0x20;
|
|
|
|
gprintf("Found offset for 480p patch - create branch from 0x%x to heap (0x%x)\n", offset, heap_space);
|
|
//hexdump (offset, 30);
|
|
|
|
memcpy((void*)heap_space, patch_ptr, 8);
|
|
|
|
*((u32*)offset) = 0x48000000 + (((u32)(heap_space) - ((u32)(offset))) & 0x3ffffff);
|
|
*((u32*)((u32)heap_space + 8)) = 0x48000000 + (((u32)((u32)offset + 4) - ((u32)(heap_space + 8))) & 0x3ffffff);
|
|
return;
|
|
}
|
|
|
|
|
|
static inline int GetOpcode(unsigned int* instructionAddr)
|
|
{
|
|
return ((*instructionAddr >> 26) & 0x3f);
|
|
}
|
|
|
|
static inline int GetImmediateDataVal(unsigned int* instructionAddr)
|
|
{
|
|
return (*instructionAddr & 0xffff);
|
|
}
|
|
|
|
static inline int GetLoadTargetReg(unsigned int* instructionAddr)
|
|
{
|
|
return (int)((*instructionAddr >> 21) & 0x1f);
|
|
}
|
|
|
|
static inline int GetComparisonTargetReg(unsigned int* instructionAddr)
|
|
{
|
|
return (int)((*instructionAddr >> 16) & 0x1f);
|
|
}
|
|
|
|
|
|
|
|
u32 do_new_wiimmfi_nonMKWii() {
|
|
// As of February 2021, Wiimmfi requires a special Wiimmfi patcher
|
|
// update which does a bit more than just patch the server adresses.
|
|
// This function is being called by apploader.c, right before
|
|
// jumping to the entry point (only for non-MKWii games on Wiimmfi),
|
|
// and applies all the necessary security fixes to the game.
|
|
|
|
// This function has been implemented by Leseratte. Please don't
|
|
// try to modify it without speaking to the Wiimmfi team because
|
|
// doing so could have unintended side effects.
|
|
|
|
int hasGT2Error = 0;
|
|
char gt2locator[] = { 0x38, 0x61, 0x00, 0x08, 0x38, 0xA0, 0x00, 0x14};
|
|
|
|
unsigned char opCodeChainP2P_v1[22] = { 32, 32, 21, 21, 21, 21, 20, 20, 31, 40, 21, 20, 20, 31, 31, 10, 20, 36, 21, 44, 36, 16 };
|
|
unsigned char opCodeChainP2P_v2[22] = { 32, 32, 21, 21, 20, 21, 20, 21, 31, 40, 21, 20, 20, 31, 31, 10, 20, 36, 21, 44, 36, 16 };
|
|
|
|
unsigned char opCodeChainMASTER_v1[22] = { 21, 21, 21, 21, 40, 20, 20, 20, 20, 31, 31, 14, 31, 20, 21, 44, 21, 36, 36, 18, 11, 16 };
|
|
unsigned char opCodeChainMASTER_v2[22] = { 21, 21, 21, 21, 40, 20, 20, 20, 20, 31, 31, 14, 31, 20, 21, 36, 21, 44, 36, 18, 11, 16 };
|
|
|
|
|
|
int MASTERopcodeChainOffset = 0;
|
|
|
|
char * cur = (char *)0x80004000;
|
|
const char * end = (const char *)0x80900000;
|
|
|
|
// Check if the game needs the new patch.
|
|
do {
|
|
if (memcmp(cur, "<GT2> RECV-0x%02x <- [--------:-----] [pid=%u]", 0x2e) == 0)
|
|
{
|
|
hasGT2Error++;
|
|
}
|
|
} while (++cur < end);
|
|
|
|
cur = (char *)0x80004000;
|
|
|
|
if (hasGT2Error > 1) return 1; // error, this either doesn't exist, or exists once. Can't exist multiple times.
|
|
|
|
int successful_patch_p2p = 0;
|
|
int successful_patch_master = 0;
|
|
|
|
|
|
do {
|
|
|
|
// Patch the User-Agent so Wiimmfi knows this game has been patched.
|
|
// This also identifies patcher (H=WiiFlow Lite) and patch version (=1), please
|
|
// do not change this without talking to Leseratte first.
|
|
if (memcmp(cur, "User-Agent\x00\x00RVL SDK/", 20) == 0) {
|
|
|
|
if (hasGT2Error)
|
|
memcpy(cur + 12, "H-3-1\x00", 6);
|
|
else
|
|
memcpy(cur + 12, "H-3-0\x00", 6);
|
|
|
|
}
|
|
|
|
if (hasGT2Error)
|
|
{
|
|
if (memcmp(cur, >2locator, 8) == 0)
|
|
{
|
|
int found_opcode_chain_P2P_v1 = 1;
|
|
int found_opcode_chain_P2P_v2 = 1;
|
|
|
|
for (int i = 0; i < 22; i++) {
|
|
int offset = (i * 4) + 12;
|
|
if (opCodeChainP2P_v1[i] != (unsigned char)(GetOpcode((unsigned int *)(cur + offset)))) {
|
|
found_opcode_chain_P2P_v1 = 0;
|
|
}
|
|
if (opCodeChainP2P_v2[i] != (unsigned char)(GetOpcode((unsigned int *)(cur + offset)))) {
|
|
found_opcode_chain_P2P_v2 = 0;
|
|
}
|
|
}
|
|
int found_opcode_chain_MASTER;
|
|
for (int dynamic = 0; dynamic < 40; dynamic += 4) {
|
|
found_opcode_chain_MASTER = 1;
|
|
int offset = 0;
|
|
for (int i = 0; i < 22; i++) {
|
|
offset = (i * 4) + 12 + dynamic;
|
|
if (
|
|
(opCodeChainMASTER_v1[i] != (unsigned char)(GetOpcode((unsigned int *)(cur + offset)))) &&
|
|
(opCodeChainMASTER_v2[i] != (unsigned char)(GetOpcode((unsigned int *)(cur + offset))))
|
|
) {
|
|
found_opcode_chain_MASTER = 0;
|
|
}
|
|
}
|
|
|
|
if (found_opcode_chain_MASTER) {
|
|
MASTERopcodeChainOffset = (int)(cur + 12 + dynamic);
|
|
break;
|
|
}
|
|
|
|
}
|
|
if (found_opcode_chain_P2P_v1 || found_opcode_chain_P2P_v2) {
|
|
|
|
if (
|
|
GetImmediateDataVal((unsigned int *)(cur + 0x0c)) == 0x0c &&
|
|
GetImmediateDataVal((unsigned int *)(cur + 0x10)) == 0x18 &&
|
|
GetImmediateDataVal((unsigned int *)(cur + 0x30)) == 0x12 &&
|
|
GetImmediateDataVal((unsigned int *)(cur + 0x48)) == 0x5a &&
|
|
GetImmediateDataVal((unsigned int *)(cur + 0x50)) == 0x0c &&
|
|
GetImmediateDataVal((unsigned int *)(cur + 0x58)) == 0x12 &&
|
|
GetImmediateDataVal((unsigned int *)(cur + 0x5c)) == 0x18 &&
|
|
GetImmediateDataVal((unsigned int *)(cur + 0x60)) == 0x18
|
|
)
|
|
{
|
|
|
|
int loadedDataReg = GetLoadTargetReg((unsigned int *)(cur + 0x14));
|
|
int comparisonDataReg = GetComparisonTargetReg((unsigned int *)(cur + 0x48));
|
|
|
|
if (found_opcode_chain_P2P_v1) {
|
|
|
|
*(int *)(cur + 0x14) = (0x88010011 | (comparisonDataReg << 21));
|
|
*(int *)(cur + 0x18) = (0x28000080 | (comparisonDataReg << 16));
|
|
*(int *)(cur + 0x24) = 0x41810064;
|
|
*(int *)(cur + 0x28) = 0x60000000;
|
|
*(int *)(cur + 0x2c) = 0x60000000;
|
|
*(int *)(cur + 0x34) = (0x3C005A00 | (comparisonDataReg << 21));
|
|
*(int *)(cur + 0x48) = (0x7C000000 | (comparisonDataReg << 16) | (loadedDataReg << 11));
|
|
successful_patch_p2p++;
|
|
}
|
|
if (found_opcode_chain_P2P_v2) {
|
|
|
|
loadedDataReg = 12;
|
|
|
|
*(int *)(cur + 0x14) = (0x88010011 | (comparisonDataReg << 21));
|
|
*(int *)(cur + 0x18) = (0x28000080 | (comparisonDataReg << 16));
|
|
*(int *)(cur + 0x1c) = 0x41810070;
|
|
*(int *)(cur + 0x24) = *(int *)(cur + 0x28);
|
|
*(int *)(cur + 0x28) = (0x8001000c | (loadedDataReg << 21));
|
|
*(int *)(cur + 0x2c) = (0x3C005A00 | (comparisonDataReg << 21));
|
|
*(int *)(cur + 0x34) = (0x7c000000 | (comparisonDataReg << 16) | (loadedDataReg << 11));
|
|
*(int *)(cur + 0x48) = 0x60000000;
|
|
successful_patch_p2p++;
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
else if (found_opcode_chain_MASTER) {
|
|
if (
|
|
GetImmediateDataVal((unsigned int *)(MASTERopcodeChainOffset + 0x10)) == 0x12 &&
|
|
GetImmediateDataVal((unsigned int *)(MASTERopcodeChainOffset + 0x2c)) == 0x04 &&
|
|
|
|
GetImmediateDataVal((unsigned int *)(MASTERopcodeChainOffset + 0x48)) == 0x18 &&
|
|
GetImmediateDataVal((unsigned int *)(MASTERopcodeChainOffset + 0x50)) == 0x00 &&
|
|
GetImmediateDataVal((unsigned int *)(MASTERopcodeChainOffset + 0x54)) == 0x18
|
|
)
|
|
{
|
|
|
|
|
|
int master_patch_version = 0;
|
|
|
|
// Check which version we have:
|
|
if ((GetImmediateDataVal((unsigned int *)(MASTERopcodeChainOffset + 0x3c)) == 0x12 &&
|
|
GetImmediateDataVal((unsigned int *)(MASTERopcodeChainOffset + 0x44)) == 0x0c) ) {
|
|
master_patch_version = 1;
|
|
}
|
|
else if ((GetImmediateDataVal((unsigned int *)(MASTERopcodeChainOffset + 0x3c)) == 0x0c &&
|
|
GetImmediateDataVal((unsigned int *)(MASTERopcodeChainOffset + 0x44)) == 0x12) ) {
|
|
master_patch_version = 2;
|
|
}
|
|
|
|
|
|
if (master_patch_version == 2) {
|
|
// Different opcode order ...
|
|
*(int *)(MASTERopcodeChainOffset + 0x3c) = *(int *)(MASTERopcodeChainOffset + 0x44);
|
|
}
|
|
|
|
if (master_patch_version != 0) {
|
|
int rY = GetComparisonTargetReg((unsigned int *)MASTERopcodeChainOffset);
|
|
int rX = GetLoadTargetReg((unsigned int *)MASTERopcodeChainOffset);
|
|
|
|
*(int *)(MASTERopcodeChainOffset + 0x00) = 0x38000004 | (rX << 21);
|
|
*(int *)(MASTERopcodeChainOffset + 0x04) = 0x7c00042c | (rY << 21) | (3 << 16) | (rX << 11);
|
|
*(int *)(MASTERopcodeChainOffset + 0x14) = 0x9000000c | (rY << 21) | (1 << 16);
|
|
*(int *)(MASTERopcodeChainOffset + 0x18) = 0x88000011 | (rY << 21) | (1 << 16);
|
|
*(int *)(MASTERopcodeChainOffset + 0x28) = 0x28000080 | (rY << 16);
|
|
*(int *)(MASTERopcodeChainOffset + 0x38) = 0x60000000;
|
|
*(int *)(MASTERopcodeChainOffset + 0x44) = 0x41810014;
|
|
successful_patch_master++;
|
|
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
} while (++cur < end);
|
|
|
|
if (hasGT2Error) {
|
|
if (successful_patch_master == 0 || successful_patch_p2p == 0) {
|
|
return 2;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
u32 do_new_wiimmfi() {
|
|
|
|
// As of November 2018, Wiimmfi requires a special Wiimmfi patcher
|
|
// update which does a bit more than just patch the server adresses.
|
|
// This function is being called by apploader.c, right before
|
|
// jumping to the entry point (only for Mario Kart Wii & Wiimmfi),
|
|
// and applies all the necessary new patches to the game.
|
|
// This includes support for the new patcher update plus
|
|
// support for StaticR.rel patching.
|
|
|
|
// This function has been implemented by Leseratte. Please don't
|
|
// try to modify it without speaking to the Wiimmfi team because
|
|
// doing so could have unintended side effects.
|
|
|
|
// Updated in 2021 to add the 51420 error fix.
|
|
|
|
// check region:
|
|
char region = *((char *)(0x80000003));
|
|
char * patched;
|
|
void * patch1_offset, *patch2_offset, *patch3_offset;
|
|
void * errorfix_offset;
|
|
|
|
// define some offsets and variables depending on the region:
|
|
switch (region) {
|
|
case 'P':
|
|
patched = (char*)0x80276054;
|
|
patch1_offset = (void*)0x800ee3a0;
|
|
patch2_offset = (void*)0x801d4efc;
|
|
patch3_offset = (void*)0x801A72E0;
|
|
errorfix_offset = (void*)0x80658ce4;
|
|
break;
|
|
case 'E':
|
|
patched = (char*)0x80271d14;
|
|
patch1_offset = (void*)0x800ee300;
|
|
patch2_offset = (void*)0x801d4e5c;
|
|
patch3_offset = (void*)0x801A7240;
|
|
errorfix_offset = (void*)0x8065485c;
|
|
break;
|
|
case 'J':
|
|
patched = (char*)0x802759f4;
|
|
patch1_offset = (void*)0x800ee2c0;
|
|
patch2_offset = (void*)0x801d4e1c;
|
|
patch3_offset = (void*)0x801A7200;
|
|
errorfix_offset = (void*)0x80658360;
|
|
break;
|
|
case 'K':
|
|
patched = (char*)0x80263E34;
|
|
patch1_offset = (void*)0x800ee418;
|
|
patch2_offset = (void*)0x801d5258;
|
|
patch3_offset = (void*)0x801A763c;
|
|
errorfix_offset = (void*)0x80646ffc;
|
|
break;
|
|
default:
|
|
return -1;
|
|
}
|
|
|
|
if (*patched != '*') return -2; // ISO already patched
|
|
|
|
// This RAM address is set (no asterisk) by all officially
|
|
// updated patchers, so if it is modified, the image is already
|
|
// patched with a new patcher and we don't need to patch anything.
|
|
|
|
// For statistics and easier debugging in case of problems, Wiimmfi
|
|
// wants to know what patcher a game has been patched with, thus,
|
|
// let the game know the exact USB-Loader version. Max length 42
|
|
// chars, padded with whitespace, without null terminator
|
|
char * fmt = "%s v%-50s";
|
|
char patcher[100] = {0};
|
|
snprintf((char *)&patcher, 99, fmt, APP_NAME, APP_VERSION);
|
|
strncpy(patched, (char *)&patcher, 42);
|
|
|
|
// Do the plain old patching with the string search
|
|
PrivateServerPatcher((void*)0x80004000, 0x385200, PRIVSERV_WIIMMFI);
|
|
|
|
// Replace some URLs for Wiimmfi's new update system
|
|
char newURL1[] = "http://ca.nas.wiimmfi.de/ca";
|
|
char newURL2[] = "http://naswii.wiimmfi.de/ac";
|
|
char newURL3P[] = "https://main.nas.wiimmfi.de/pp";
|
|
char newURL3E[] = "https://main.nas.wiimmfi.de/pe";
|
|
char newURL3J[] = "https://main.nas.wiimmfi.de/pj";
|
|
char newURL3K[] = "https://main.nas.wiimmfi.de/pk";
|
|
|
|
|
|
// Write the URLs to the proper place and do some other patching.
|
|
switch (region) {
|
|
case 'P':
|
|
memcpy((void*)0x8027A400, newURL1, sizeof(newURL1));
|
|
memcpy((void*)0x8027A400 + 0x28, newURL2, sizeof(newURL2));
|
|
memcpy((void*)0x8027A400 + 0x4C, newURL3P, sizeof(newURL3P));
|
|
*(u32*)0x802a146c = 0x733a2f2f;
|
|
*(u32*)0x800ecaac = 0x3bc00000;
|
|
break;
|
|
case 'E':
|
|
memcpy((void*)0x802760C0, newURL1, sizeof(newURL1));
|
|
memcpy((void*)0x802760C0 + 0x28, newURL2, sizeof(newURL2));
|
|
memcpy((void*)0x802760C0 + 0x4C, newURL3E, sizeof(newURL3E));
|
|
*(u32*)0x8029D12C = 0x733a2f2f;
|
|
*(u32*)0x800ECA0C = 0x3bc00000;
|
|
break;
|
|
case 'J':
|
|
memcpy((void*)0x80279DA0, newURL1, sizeof(newURL1));
|
|
memcpy((void*)0x80279DA0 + 0x28, newURL2, sizeof(newURL2));
|
|
memcpy((void*)0x80279DA0 + 0x4C, newURL3J, sizeof(newURL3J));
|
|
*(u32*)0x802A0E0C = 0x733a2f2f;
|
|
*(u32*)0x800EC9CC = 0x3bc00000;
|
|
break;
|
|
case 'K':
|
|
memcpy((void*)0x802682B0, newURL1, sizeof(newURL1));
|
|
memcpy((void*)0x802682B0 + 0x28, newURL2, sizeof(newURL2));
|
|
memcpy((void*)0x802682B0 + 0x4C, newURL3K, sizeof(newURL3K));
|
|
*(u32*)0x8028F474 = 0x733a2f2f;
|
|
*(u32*)0x800ECB24 = 0x3bc00000;
|
|
break;
|
|
}
|
|
|
|
// Make some space on heap (0x500) for our custom code.
|
|
u32 old_heap_ptr = *(u32*)0x80003110;
|
|
*((u32*)0x80003110) = (old_heap_ptr - 0x500);
|
|
u32 heap_space = old_heap_ptr-0x500;
|
|
memset((void*)old_heap_ptr-0x500, 0xed, 0x500);
|
|
|
|
// Binary blobs with Wiimmfi patches. Do not modify.
|
|
// Provided by Leseratte on 2018-12-14.
|
|
|
|
int binary[] = { 0x37C849A2, 0x8BC32FA4, 0xC9A34B71, 0x1BCB49A2,
|
|
0x2F119304, 0x5F402684, 0x3E4FDA29, 0x50849A21,
|
|
0xB88B3452, 0x627FC9C1, 0xDC24D119, 0x5844350F,
|
|
0xD893444F, 0x19A588DC, 0x16C91184, 0x0C3E237C,
|
|
0x75906CED, 0x6E68A55E, 0x58791842, 0x072237E9,
|
|
0xAB24906F, 0x0A8BDF21, 0x4D11BE42, 0x1AAEDDC8,
|
|
0x1C42F908, 0x280CF2B2, 0x453A1BA4, 0x9A56C869,
|
|
0x786F108E, 0xE8DF05D2, 0x6DB641EB, 0x6DFC84BB,
|
|
0x7E980914, 0x0D7FB324, 0x23442185, 0xA7744966,
|
|
0x53901359, 0xBF2103CC, 0xC24A4EB7, 0x32049A02,
|
|
0xC1683466, 0xCA93689D, 0xD8245106, 0xA84987CF,
|
|
0xEC9B47C9, 0x6FA688FE, 0x0A4D11A6, 0x8B653C7B,
|
|
0x09D27E30, 0x5B936208, 0x5DD336DE, 0xCD092487,
|
|
0xEF2C6D36, 0x1E09DF2D, 0x75B1BE47, 0xE68A7F22,
|
|
0xB0E5F90D, 0xEC49F216, 0xAD1DCC24, 0xE2B5C841,
|
|
0x066F6F63, 0xF4D90926, 0x299F42CD, 0xA3F125D6,
|
|
0x077B093C, 0xB5721268, 0x1BE424D1, 0xEBC30BF0,
|
|
0x77867BED, 0x4F0C9BCA, 0x3E195930, 0xDC32DE2C,
|
|
0x1865D189, 0x70C67E7A, 0x71FA7329, 0x532233D3,
|
|
0x06D2E87B, 0x6CBEBA7F, 0x99F08532, 0x52FA601C,
|
|
0x05F4B82C, 0x4B64839C, 0xB5C65009, 0x1B8396E3,
|
|
0x0A8B2DAF, 0x0DB85BE6, 0x12F1B71D, 0x186F6E4D,
|
|
0x2870DC2E, 0x5960B8E6, 0x8F4D71BD, 0x0614E3C3,
|
|
0x05E8C725, 0x365D8E3D, 0x74351CDE, 0xE1AB3930,
|
|
0xFEDA721B, 0xE53AE4E9, 0xC3B4C9A6, 0xBAE59346,
|
|
0x6D45269D, 0x634E4D1A, 0x2FD99A30, 0x26393449,
|
|
0xE49768D1, 0x81E1D1A1, 0xFCE1A34A, 0x7EB44697,
|
|
0xEB2F8D2D, 0xCECFE5AF, 0x81BD34B6, 0xB1F1696E,
|
|
0x5E6ED2B2, 0xA473A4A0, 0x41664B70, 0xBF40968A,
|
|
0x662F2CCB, 0xC5DF5B8C, 0xB632B772, 0x74EB6F39,
|
|
0xE017DC71, 0xFDA3B890, 0xE3C9713D, 0xCE53E397,
|
|
0xA12BC743, 0x5AD98EA5, 0xBC721C9F, 0x4568395A,
|
|
0x925E72B4, 0x2D7DE4D7, 0x6777C9C7, 0xD6619396,
|
|
0xA502268A, 0x77884D75, 0xF79E9AF0, 0xE6FC3461,
|
|
0xF07468A5, 0xF866D11D, 0xF90CA342, 0xCF9546FF,
|
|
0x87A48D81, 0x06881A51, 0x309C34D1, 0x79B669CE,
|
|
0xFAADD2D7, 0xC8D7A5D1, 0x89214BE5, 0x1B8396EF,
|
|
0x0A8B2DE9, 0x0D985B06, 0x12F1B711, 0x186F6E57,
|
|
0x2850DC0E, 0x5960B8EA, 0x8F4D71AC, 0x0614E3E3,
|
|
0x05E8C729, 0x365D8E39, 0x74351CFE, 0x518E3943,
|
|
0x4A397268, 0x9D58E4B8, 0xD394C9A2, 0x0E069344,
|
|
0xB522268B, 0x636E4D77, 0x2FF99A37, 0xF6DC346D,
|
|
0xE49268B4, 0x2001D1A0, 0x4929A365, 0x7B764691,
|
|
0xFFC68D49, 0x16A81A53, 0x247A34D2, 0xA1D16967,
|
|
0x4B6DD2D5, 0xDDF4A5B7, 0x454A4B70, 0x0FAE96E2,
|
|
0x0A8A2DC7, 0x0D98A47A, 0x06DCB71D, 0x0CCC6E38,
|
|
0x55F25CFB, 0xB08C1E88, 0xDF4259C9, 0x0714E387,
|
|
0xB00D47AF, 0x7B722975, 0x48BE349A, 0x29CC393C,
|
|
0xEA797228, 0x98986471, 0x3778E1A3, 0xD7626D06,
|
|
0x1567268D, 0x668ECD00, 0xD614F5C8, 0x133037CF,
|
|
0x92F26CF2, 0x00000000, 0x00000000, 0x00000000,
|
|
0x00000000, 0x00000000, 0x00000000, 0x00000000};
|
|
|
|
// Fix for error 51420:
|
|
int patchCodeFix51420[] = {
|
|
0x4800000d, 0x00000000,
|
|
0x00000000, 0x7cc803a6,
|
|
0x80860000, 0x7c041800,
|
|
0x4182004c, 0x80a60004,
|
|
0x38a50001, 0x2c050003,
|
|
0x4182003c, 0x90a60004,
|
|
0x90660000, 0x38610010,
|
|
0x3ca08066, 0x38a58418,
|
|
0x3c808066, 0x38848498,
|
|
0x90a10010, 0x90810014,
|
|
0x3ce08066, 0x38e78ce4,
|
|
0x38e7fef0, 0x7ce903a6,
|
|
0x4e800420, 0x3c80801d,
|
|
0x388415f4, 0x7c8803a6,
|
|
0x4e800021, 0x00000000
|
|
};
|
|
|
|
|
|
// Prepare patching process ....
|
|
int i = 3;
|
|
int idx = 0;
|
|
for (; i < 202; i++) {
|
|
if (i == 67 || i == 82) idx++;
|
|
binary[i] = binary[i] ^ binary[idx];
|
|
binary[idx] = ((binary[idx] << 1) | ((binary[idx] >> (32 - 1)) & ~(-1 << 1)));
|
|
}
|
|
|
|
|
|
// Binary blob needs some changes for regions other than PAL ...
|
|
switch (region) {
|
|
case 'E':
|
|
binary[29] = binary[67];
|
|
binary[37] = binary[68];
|
|
binary[43] = binary[69];
|
|
binary[185] = 0x61295C74;
|
|
binary[189] = 0x61295D40;
|
|
binary[198] = 0x61086F5C;
|
|
|
|
patchCodeFix51420[14] = 0x3ca08065;
|
|
patchCodeFix51420[15] = 0x38a53f90;
|
|
patchCodeFix51420[16] = 0x3c808065;
|
|
patchCodeFix51420[17] = 0x38844010;
|
|
patchCodeFix51420[20] = 0x3ce08065;
|
|
patchCodeFix51420[21] = 0x38e7485c;
|
|
patchCodeFix51420[26] = 0x38841554;
|
|
|
|
break;
|
|
case 'J':
|
|
binary[29] = binary[70];
|
|
binary[37] = binary[71];
|
|
binary[43] = binary[72];
|
|
binary[185] = 0x612997CC;
|
|
binary[189] = 0x61299898;
|
|
binary[198] = 0x61086F1C;
|
|
|
|
patchCodeFix51420[14] = 0x3ca08065;
|
|
patchCodeFix51420[15] = 0x38a57a84;
|
|
patchCodeFix51420[16] = 0x3c808065;
|
|
patchCodeFix51420[17] = 0x38847b04;
|
|
patchCodeFix51420[20] = 0x3ce08065;
|
|
patchCodeFix51420[21] = 0x38e78350;
|
|
patchCodeFix51420[26] = 0x38841514;
|
|
|
|
break;
|
|
case 'K':
|
|
binary[6] = binary[73];
|
|
binary[9] = binary[74];
|
|
binary[11] = binary[75];
|
|
binary[23] = binary[76];
|
|
binary[29] = binary[77];
|
|
binary[33] = binary[78];
|
|
binary[37] = binary[79];
|
|
binary[43] = binary[80];
|
|
binary[63] = binary[81];
|
|
binary[184] = 0x3D208088;
|
|
binary[185] = 0x61298AA4;
|
|
binary[188] = 0x3D208088;
|
|
binary[189] = 0x61298B58;
|
|
binary[198] = 0x61087358;
|
|
|
|
patchCodeFix51420[14] = 0x3ca08064;
|
|
patchCodeFix51420[15] = 0x38a56730;
|
|
patchCodeFix51420[16] = 0x3c808064;
|
|
patchCodeFix51420[17] = 0x388467b0;
|
|
patchCodeFix51420[20] = 0x3ce08064;
|
|
patchCodeFix51420[21] = 0x38e76ffc;
|
|
patchCodeFix51420[26] = 0x38841950;
|
|
|
|
break;
|
|
}
|
|
|
|
// Installing all the patches.
|
|
|
|
memcpy((void*)heap_space, (void*)binary, 820);
|
|
u32 code_offset_1 = heap_space + 12;
|
|
u32 code_offset_2 = heap_space + 88;
|
|
u32 code_offset_3 = heap_space + 92;
|
|
u32 code_offset_4 = heap_space + 264;
|
|
u32 code_offset_5 = heap_space + 328;
|
|
|
|
|
|
*((u32*)patch1_offset) = 0x48000000 + (((u32)(code_offset_1) - ((u32)(patch1_offset))) & 0x3ffffff);
|
|
*((u32*)code_offset_2) = 0x48000000 + (((u32)(patch1_offset + 4) - ((u32)(code_offset_2))) & 0x3ffffff);
|
|
*((u32*)patch2_offset) = 0x48000000 + (((u32)(code_offset_3) - ((u32)(patch2_offset))) & 0x3ffffff);
|
|
*((u32*)code_offset_4) = 0x48000000 + (((u32)(patch2_offset + 4) - ((u32)(code_offset_4))) & 0x3ffffff);
|
|
*((u32*)patch3_offset) = 0x48000000 + (((u32)(code_offset_5) - ((u32)(patch3_offset))) & 0x3ffffff);
|
|
|
|
// Add the 51420 fix:
|
|
memcpy((void*)heap_space + 0x400, (void*)patchCodeFix51420, 0x78);
|
|
*((u32*)errorfix_offset) = 0x48000000 + (((u32)(heap_space + 0x400) - ((u32)(errorfix_offset))) & 0x3ffffff);
|
|
*((u32*)heap_space + 0x400 + 0x74) = 0x48000000 + (((u32)(errorfix_offset + 4) - ((u32)(heap_space + 0x400 + 0x74))) & 0x3ffffff);
|
|
|
|
|
|
// Patches successfully installed
|
|
// returns 0 when all patching is done and game is ready to be booted.
|
|
return 0;
|
|
}
|
|
|
|
// Deflicker filter patching by wiidev (blackb0x @ GBAtemp)
|
|
void patch_vfilters(void *addr, u32 len, u8 *vfilter)
|
|
{
|
|
u8 *addr_start = addr;
|
|
while (len >= sizeof(GXRModeObj))
|
|
{
|
|
GXRModeObj *vidmode = (GXRModeObj *)addr_start;
|
|
if ((memcmp(vidmode->sample_pattern, PATTERN, 24) == 0 || memcmp(vidmode->sample_pattern, PATTERN_AA, 24) == 0) &&
|
|
(vidmode->fbWidth == 640 || vidmode->fbWidth == 608 || vidmode->fbWidth == 512) &&
|
|
(vidmode->field_rendering == 0 || vidmode->field_rendering == 1) &&
|
|
(vidmode->aa == 0 || vidmode->aa == 1))
|
|
{
|
|
gprintf("Replaced vfilter %02x%02x%02x%02x%02x%02x%02x @ %p (GXRModeObj)\n",
|
|
vidmode->vfilter[0], vidmode->vfilter[1], vidmode->vfilter[2], vidmode->vfilter[3],
|
|
vidmode->vfilter[4], vidmode->vfilter[5], vidmode->vfilter[6], addr_start);
|
|
memcpy(vidmode->vfilter, vfilter, 7);
|
|
addr_start += (sizeof(GXRModeObj) - 4);
|
|
len -= (sizeof(GXRModeObj) - 4);
|
|
}
|
|
addr_start += 4;
|
|
len -= 4;
|
|
}
|
|
}
|
|
|
|
void patch_vfilters_rogue(void *addr, u32 len, u8 *vfilter)
|
|
{
|
|
u8 known_vfilters[7][7] = {
|
|
{8, 8, 10, 12, 10, 8, 8},
|
|
{4, 8, 12, 16, 12, 8, 4},
|
|
{7, 7, 12, 12, 12, 7, 7},
|
|
{5, 5, 15, 14, 15, 5, 5},
|
|
{4, 4, 15, 18, 15, 4, 4},
|
|
{4, 4, 16, 16, 16, 4, 4},
|
|
{2, 2, 17, 22, 17, 2, 2}
|
|
};
|
|
u8 *addr_start = addr;
|
|
u8 *addr_end = addr + len - 8;
|
|
while (addr_start <= addr_end)
|
|
{
|
|
u8 known_vfilter[7];
|
|
for (int i = 0; i < 7; i++)
|
|
{
|
|
for (int x = 0; x < 7; x++)
|
|
known_vfilter[x] = known_vfilters[i][x];
|
|
if (!addr_start[7] && memcmp(addr_start, known_vfilter, 7) == 0)
|
|
{
|
|
gprintf("Replaced vfilter %02x%02x%02x%02x%02x%02x%02x @ %p\n", addr_start[0], addr_start[1], addr_start[2],
|
|
addr_start[3], addr_start[4], addr_start[5], addr_start[6], addr_start);
|
|
memcpy(addr_start, vfilter, 7);
|
|
addr_start += 7;
|
|
break;
|
|
}
|
|
}
|
|
addr_start += 1;
|
|
}
|
|
}
|
|
|
|
void deflicker_patch(void *addr, u32 len)
|
|
{
|
|
u32 SearchPattern[18] = {
|
|
0x3D20CC01, 0x39400061, 0x99498000,
|
|
0x2C050000, 0x38800053, 0x39600000,
|
|
0x90098000, 0x38000054, 0x39800000,
|
|
0x508BC00E, 0x99498000, 0x500CC00E,
|
|
0x90698000, 0x99498000, 0x90E98000,
|
|
0x99498000, 0x91098000, 0x41820040};
|
|
u8 *addr_start = addr;
|
|
u8 *addr_end = addr + len - sizeof(SearchPattern);
|
|
while (addr_start <= addr_end)
|
|
{
|
|
if (memcmp(addr_start, SearchPattern, sizeof(SearchPattern)) == 0)
|
|
{
|
|
*((u32 *)addr_start + 17) = 0x48000040; // Change beq to b
|
|
gprintf("Patched GXSetCopyFilter @ %p\n", addr_start);
|
|
return;
|
|
}
|
|
addr_start += 4;
|
|
}
|
|
}
|