The-Homebrew-Cloud/haxchi
2
0
Fork 0
mirror of https://github.com/wiiu-env/haxchi.git synced 2024-06-24 10:16:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

CBHC now comes with a version of wupserver that can be used in for example ftpiiu-everywhere

Browse Source 
updated installer for this new wupserver version
This commit is contained in:
FIX94 2016-12-13 01:22:07 +01:00
parent 02f2c1cbf0
commit a004e5a3fe
23 changed files with 101 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
dsrom/CBHC/Makefile
View File

@ -16,11 +16,16 @@ FIRMWARE = 550
all: clean setup main
$(CURDIR)/payload/arm_kernel_bin.h: $(CURDIR)/payload/arm_user_bin.h
$(CURDIR)/payload/arm_kernel_bin.h: $(CURDIR)/payload/wupserver_bin.h $(CURDIR)/payload/arm_user_bin.h
@$(MAKE) --no-print-directory -C $(CURDIR)/arm_kernel -f $(CURDIR)/arm_kernel/Makefile
@-mkdir -p $(CURDIR)/payload
@cp -p $(CURDIR)/arm_kernel/arm_kernel_bin.h $@
$(CURDIR)/payload/wupserver_bin.h:
@$(MAKE) --no-print-directory -C $(CURDIR)/../../wupserver -f $(CURDIR)/../../wupserver/Makefile
@-mkdir -p $(CURDIR)/payload
@cp -p $(CURDIR)/../../wupserver/wupserver_bin.h $@
$(CURDIR)/payload/arm_user_bin.h:
@$(MAKE) --no-print-directory -C $(CURDIR)/arm_user -f $(CURDIR)/arm_user/Makefile
@-mkdir -p $(CURDIR)/payload
@ -41,4 +46,5 @@ clean:
rm -rf $(build) payload
rm -rf CBHC.elf CBHC.map
$(MAKE) --no-print-directory -C $(CURDIR)/arm_user -f $(CURDIR)/arm_user/Makefile clean
@$(MAKE) --no-print-directory -C $(CURDIR)/../../wupserver -f $(CURDIR)/../../wupserver/Makefile clean
$(MAKE) --no-print-directory -C $(CURDIR)/arm_kernel -f $(CURDIR)/arm_kernel/Makefile clean

24
dsrom/CBHC/arm_kernel/source/main.c
View File

@ -1,6 +1,7 @@
#include "types.h"
#include "utils.h"
#include "../../payload/arm_user_bin.h"
#include "../../payload/wupserver_bin.h"
static const char repairData_set_fault_behavior[] = {
0xE1,0x2F,0xFF,0x1E,0xE9,0x2D,0x40,0x30,0xE5,0x93,0x20,0x00,0xE1,0xA0,0x40,0x00,
@ -88,16 +89,29 @@ int _main()
void * pUserBinDest = (void*)0x101312D0;
kernel_memcpy(pUserBinDest, (void*)pUserBinSource, sizeof(arm_user_bin));
// overwrite mcp_d_r code with wupserver
*(unsigned int*)(0x0510E56C - 0x05100000 + 0x13D80000) = 0x47700000; //bx lr
void * test = (void*)(0x0510E570 - 0x05100000 + 0x13D80000);
kernel_memcpy(test, (void*)wupserver_bin, sizeof(wupserver_bin));
invalidate_dcache((u32)test, sizeof(wupserver_bin));
invalidate_icache();
// replace ioctl 0x62 code with jump to wupserver
*(unsigned int*)(0x05026BA8 - 0x05000000 + 0x081C0000) = 0x47780000; // bx pc
*(unsigned int*)(0x05026BAC - 0x05000000 + 0x081C0000) = 0xE59F1000; // ldr r1, [pc]
*(unsigned int*)(0x05026BB0 - 0x05000000 + 0x081C0000) = 0xE12FFF11; // bx r1
*(unsigned int*)(0x05026BB4 - 0x05000000 + 0x081C0000) = 0x0510E570; // wupserver code
// fix 10 minute timeout that crashes MCP after 10 minutes of booting
*(volatile u32*)(0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF; // NEW_TIMEOUT
*(volatile u32*)(0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF; // NEW_TIMEOUT
// patch cached cert check
*(volatile u32*)(0x05054D6C - 0x05000000 + 0x081C0000) = 0xE3A00000; // mov r0, 0
*(volatile u32*)(0x05054D70 - 0x05000000 + 0x081C0000) = 0xE12FFF1E; // bx lr
*(volatile u32*)(0x05054D6C - 0x05000000 + 0x081C0000) = 0xE3A00000; // mov r0, 0
*(volatile u32*)(0x05054D70 - 0x05000000 + 0x081C0000) = 0xE12FFF1E; // bx lr
// patch cert verification
*(volatile u32*)(0x05052A90 - 0x05000000 + 0x081C0000) = 0xe3a00000; // mov r0, #0
*(volatile u32*)(0x05052A94 - 0x05000000 + 0x081C0000) = 0xe12fff1e; // bx lr
*(volatile u32*)(0x05052A90 - 0x05000000 + 0x081C0000) = 0xE3A00000; // mov r0, #0
*(volatile u32*)(0x05052A94 - 0x05000000 + 0x081C0000) = 0xE12FFF1E; // bx lr
// patch MCP authentication check
*(volatile u32*)(0x05014CAC - 0x05000000 + 0x081C0000) = 0x20004770; // mov r0, #0; bx lr

35
dsrom/CBHC/main.c
View File

@ -36,19 +36,22 @@ static unsigned int getButtonsDown(unsigned int padscore_handle, unsigned int vp
#define FORCE_SYSMENU (VPAD_BUTTON_ZL | VPAD_BUTTON_ZR | VPAD_BUTTON_L | VPAD_BUTTON_R)
#define FORCE_HBL (VPAD_BUTTON_A | VPAD_BUTTON_B | VPAD_BUTTON_X | VPAD_BUTTON_Y)
#define SD_HBL_PATH "/vol/external01/wiiu/apps/homebrew_launcher/homebrew_launcher.elf"
#define SD_MOCHA_PATH "/vol/external01/wiiu/apps/mocha/mocha.elf"
static const char *verChar = "CBHC v1.1 by FIX94";
static const char *verChar = "CBHC v1.2 by FIX94";
#define DEFAULT_DISABLED 0
#define DEFAULT_SYSMENU 1
#define DEFAULT_HBL 2
#define DEFAULT_CFW_IMG 3
#define DEFAULT_MAX 4
#define DEFAULT_MOCHA 3
#define DEFAULT_CFW_IMG 4
#define DEFAULT_MAX 5
static const char *defOpts[DEFAULT_MAX] = {
"DEFAULT_DISABLED",
"DEFAULT_SYSMENU",
"DEFAULT_HBL",
"DEFAULT_MOCHA",
"DEFAULT_CFW_IMG",
};
@ -56,12 +59,14 @@ static const char *bootOpts[DEFAULT_MAX] = {
"Disabled",
"System Menu",
"Homebrew Launcher",
"Mocha CFW",
"fw.img on SD Card",
};
#define LAUNCH_SYSMENU 0
#define LAUNCH_HBL 1
#define LAUNCH_CFW_IMG 2
#define LAUNCH_MOCHA 2
#define LAUNCH_CFW_IMG 3
#define OSScreenEnable(enable) OSScreenEnableEx(0, enable); OSScreenEnableEx(1, enable);
#define OSScreenClearBuffer(tmp) OSScreenClearBufferEx(0, tmp); OSScreenClearBufferEx(1, tmp);
@ -86,9 +91,6 @@ uint32_t __main(void)
OSDynLoad_FindExport(sysapp_handle,0,"_SYSGetSystemApplicationTitleId",&_SYSGetSystemApplicationTitleId);
unsigned long long sysmenu = _SYSGetSystemApplicationTitleId(0);
//set up default hbl path
strcpy((void*)0xF5E70000,SD_HBL_PATH);
unsigned int vpad_handle;
OSDynLoad_Acquire("vpad.rpl", &vpad_handle);
@ -112,6 +114,7 @@ uint32_t __main(void)
else if(((vpad.btns_d|vpad.btns_h) & FORCE_HBL) == FORCE_HBL)
{
// original hbl loader payload
strcpy((void*)0xF5E70000,SD_HBL_PATH);
return 0x01800000;
}
}
@ -298,7 +301,7 @@ uint32_t __main(void)
cbhc_menu: ;
int redraw = 1;
int PosX = 0;
int ListMax = 4;
int ListMax = 5;
int clickT = 0;
while(1)
{
@ -342,7 +345,7 @@ cbhc_menu: ;
if( btnDown & VPAD_BUTTON_A )
{
if(PosX == 3)
if(PosX == 4)
{
cur_autoboot++;
if(cur_autoboot == DEFAULT_MAX)
@ -366,10 +369,12 @@ cbhc_menu: ;
OSScreenPutFont(0, 1, printStr);
__os_snprintf(printStr,64,"%c Boot Homebrew Launcher", 1 == PosX ? '>' : ' ');
OSScreenPutFont(0, 2, printStr);
__os_snprintf(printStr,64,"%c Boot fw.img on SD Card", 2 == PosX ? '>' : ' ');
__os_snprintf(printStr,64,"%c Boot Mocha CFW", 2 == PosX ? '>' : ' ');
OSScreenPutFont(0, 3, printStr);
__os_snprintf(printStr,64,"%c Autoboot: %s", 3 == PosX ? '>' : ' ', bootOpts[cur_autoboot]);
__os_snprintf(printStr,64,"%c Boot fw.img on SD Card", 3 == PosX ? '>' : ' ');
OSScreenPutFont(0, 4, printStr);
__os_snprintf(printStr,64,"%c Autoboot: %s", 4 == PosX ? '>' : ' ', bootOpts[cur_autoboot]);
OSScreenPutFont(0, 5, printStr);
OSScreenFlipBuffers();
redraw = 0;
@ -428,7 +433,15 @@ doIOSUexploit:
IOS_Close(dev_uhs_0_handle);
if(launchmode == LAUNCH_HBL)
{
strcpy((void*)0xF5E70000,SD_HBL_PATH);
return 0x01800000;
}
else if(launchmode == LAUNCH_MOCHA)
{
strcpy((void*)0xF5E70000,SD_MOCHA_PATH);
return 0x01800000;
}
//sysmenu or cfw
if(launchmode == LAUNCH_CFW_IMG)
OSForceFullRelaunch();

6
installer/Makefile
View File

@ -136,9 +136,9 @@ $(CURDIR)/payload/arm_kernel_bin.h: $(CURDIR)/payload/wupserver_bin.h $(CURDIR)
@cp -p $(CURDIR)/arm_kernel/arm_kernel_bin.h $@
$(CURDIR)/payload/wupserver_bin.h:
@$(MAKE) --no-print-directory -C $(CURDIR)/wupserver -f $(CURDIR)/wupserver/Makefile
@$(MAKE) --no-print-directory -C $(CURDIR)/../wupserver -f $(CURDIR)/../wupserver/Makefile
@-mkdir -p $(CURDIR)/payload
@cp -p $(CURDIR)/wupserver/wupserver_bin.h $@
@cp -p $(CURDIR)/../wupserver/wupserver_bin.h $@
$(CURDIR)/payload/arm_user_bin.h:
@$(MAKE) --no-print-directory -C $(CURDIR)/arm_user -f $(CURDIR)/arm_user/Makefile
@ -150,7 +150,7 @@ clean:
@echo clean ...
@rm -fr $(BUILD) $(CURDIR)/*.elf $(CURDIR)/payload
@$(MAKE) --no-print-directory -C $(CURDIR)/arm_user -f $(CURDIR)/arm_user/Makefile clean
@$(MAKE) --no-print-directory -C $(CURDIR)/wupserver -f $(CURDIR)/wupserver/Makefile clean
@$(MAKE) --no-print-directory -C $(CURDIR)/../wupserver -f $(CURDIR)/../wupserver/Makefile clean
@$(MAKE) --no-print-directory -C $(CURDIR)/arm_kernel -f $(CURDIR)/arm_kernel/Makefile clean

6
installer/arm_kernel/source/main.c
View File

@ -89,7 +89,9 @@ int _main()
void * pUserBinDest = (void*)0x101312D0;
kernel_memcpy(pUserBinDest, (void*)pUserBinSource, sizeof(arm_user_bin));
void * test = (void*)(0x05100000 - 0x05100000 + 0x13D80000);
// overwrite mcp_d_r code with wupserver
*(unsigned int*)(0x0510E56C - 0x05100000 + 0x13D80000) = 0x47700000; //bx lr
void * test = (void*)(0x0510E570 - 0x05100000 + 0x13D80000);
kernel_memcpy(test, (void*)wupserver_bin, sizeof(wupserver_bin));
invalidate_dcache((u32)test, sizeof(wupserver_bin));
invalidate_icache();
@ -98,7 +100,7 @@ int _main()
*(unsigned int*)(0x05026BA8 - 0x05000000 + 0x081C0000) = 0x47780000; // bx pc
*(unsigned int*)(0x05026BAC - 0x05000000 + 0x081C0000) = 0xE59F1000; // ldr r1, [pc]
*(unsigned int*)(0x05026BB0 - 0x05000000 + 0x081C0000) = 0xE12FFF11; // bx r1
*(unsigned int*)(0x05026BB4 - 0x05000000 + 0x081C0000) = 0x05100000; // wupserver code
*(unsigned int*)(0x05026BB4 - 0x05000000 + 0x081C0000) = 0x0510E570; // wupserver code
*(unsigned int*)(0x050282AE - 0x05000000 + 0x081C0000) = 0xF031FB43; // bl launch_os_hook

32
installer/src/main.c
View File

@ -125,9 +125,9 @@ int availSort(const void *c1, const void *c2)
void printhdr_noflip()
{
#ifdef CB
println_noflip(0,"CBHC v1.1 by FIX94");
println_noflip(0,"CBHC v1.2 by FIX94");
#else
println_noflip(0,"Haxchi v2.3 by FIX94");
println_noflip(0,"Haxchi v2.3u1 by FIX94");
#endif
println_noflip(1,"Credits to smea, plutoo, yellows8, naehrwert, derrek and dimok");
}
@ -369,19 +369,24 @@ int Menu_Main(void)
int line = 6;
#endif
//will inject our custom mcp code
println(line++,"Doing IOSU Exploit...");
IOSUExploit();
int fsaFd = -1;
int sdMounted = 0;
int sdFd = -1, mlcFd = -1, slcFd = -1;
//done with iosu exploit, take over mcp
if(MCPHookOpen() < 0)
//open up iosuhax
int res = IOSUHAX_Open(NULL);
if(res < 0)
res = MCPHookOpen();
if(res < 0)
{
println(line++,"MCP hook could not be opened!");
goto prgEnd;
println(line++,"Doing IOSU Exploit...");
IOSUExploit();
//done with iosu exploit, take over mcp
if(MCPHookOpen() < 0)
{
println(line++,"MCP hook could not be opened!");
goto prgEnd;
}
}
//mount with full permissions
@ -838,8 +843,11 @@ prgEnd:
println(line++, "Flushed NAND Cache!");
IOSUHAX_FSA_Close(fsaFd);
}
//close out old mcp instance
MCPHookClose();
//close out iosuhax
if(mcp_hook_fd >= 0)
MCPHookClose();
else
IOSUHAX_Close();
sleep(5);
//will do IOSU reboot
OSForceFullRelaunch();

4
release/wiiu/apps/cbhc/meta.xml
View File

@ -2,9 +2,9 @@
<app version="1">
<name>CBHC</name>
<coder>FIX94</coder>
<version>1.1</version>
<version>1.2</version>
<url>https://github.com/FIX94/haxchi</url>
<release_date>20161210200000</release_date>
<release_date>20161213200000</release_date>
<short_description>Coldboot Haxchi Installer</short_description>
<long_description>WARNING! This will install Coldboot Haxchi on your system.
ONLY USE THIS IF YOU ARE WILLING TO TAKE A RISK OF BRICKING YOUR CONSOLE.

4
release/wiiu/apps/haxchi/meta.xml
View File

@ -2,9 +2,9 @@
<app version="1">
<name>Haxchi</name>
<coder>FIX94</coder>
<version>2.3</version>
<version>2.3u1</version>
<url>https://github.com/FIX94/haxchi</url>
<release_date>20161210200000</release_date>
<release_date>20161213200000</release_date>
<short_description>Haxchi Installer</short_description>
<long_description>This will install Haxchi on your system.
</long_description>

6
installer/wupserver/Makefile → wupserver/Makefile
View File

@ -11,7 +11,7 @@ CC = arm-none-eabi-gcc
LINK = arm-none-eabi-ld
AS = arm-none-eabi-as
OBJCOPY = arm-none-eabi-objcopy
CFLAGS += -Wall -mbig-endian -std=c99 -march=armv5 -Os -I$(DEVKITPRO)/libnds/include
CFLAGS += -Wall -mbig-endian -std=c99 -mcpu=arm926ej-s -Os -s -mthumb -I$(DEVKITPRO)/libnds/include
LDFLAGS += --script=ccd00.ld -EB -L"$(DEVKITARM)/arm-none-eabi/lib"
CFILES = $(wildcard source/*.c)
@ -43,13 +43,13 @@ dirs:
$(PROJECTNAME).bin: $(PROJECTNAME).elf
# $(OBJCOPY) -O binary $< $@
$(OBJCOPY) -j .text -j .rodata -O binary $< $@
$(OBJCOPY) -j .text -j .rodata -S -O binary $< $@
$(PROJECTNAME)_bin.h: $(PROJECTNAME).bin
xxd -i $< | sed "s/unsigned/static const unsigned/g;s/$(PROJECTNAME)$*/$(PROJECTNAME)/g" > $@
$(PROJECTNAME).elf: $(OFILES)
$(LINK) $(LDFLAGS) -o $(PROJECTNAME).elf $(sort $(filter-out build/crt0.o, $(OFILES)))
$(LINK) $(LDFLAGS) -o $(PROJECTNAME).elf $(sort $(filter-out build/crt0.o, $(OFILES))) libgcc.a
clean:
@rm -f build/*.o build/*.d

5
installer/wupserver/ccd00.ld → wupserver/ccd00.ld
View File

@ -2,13 +2,13 @@ OUTPUT_ARCH(arm)
MEMORY
{
RAMX (rx) : ORIGIN = 0x05100000, LENGTH = 0x0004000
RAMX (rx) : ORIGIN = 0x0510E570, LENGTH = 0x00015BC
RAMRW (rw!i) : ORIGIN = 0x05089780, LENGTH = 0x00001F00
}
SECTIONS
{
.text : ALIGN(0x100) {
.text : {
build/crt0.o(.init)
*(.text)
*(.rodata)
@ -20,4 +20,3 @@ SECTIONS
}
_bss_end = .;
}

0
installer/wupserver/ccd00.specs → wupserver/ccd00.specs
View File

BIN
wupserver/libgcc.a Normal file
View File

Binary file not shown.

0
installer/wupserver/source/crt0.s → wupserver/source/crt0.s
View File

0
installer/wupserver/source/fsa.c → wupserver/source/fsa.c
View File

0
installer/wupserver/source/fsa.h → wupserver/source/fsa.h
View File

7
installer/wupserver/source/imports.c → wupserver/source/imports.c
View File

@ -21,7 +21,7 @@ void* memcpy(void* dst, const void* src, size_t size)
{
return _memcpy(dst, (void*)src, size);
}
/*
int strlen(const char* str)
{
unsigned int i = 0;
@ -30,7 +30,7 @@ int strlen(const char* str)
}
return i;
}
*/
char* strncpy(char* dst, const char* src, size_t size)
{
int i;
@ -42,8 +42,9 @@ char* strncpy(char* dst, const char* src, size_t size)
return dst;
}
/*
int vsnprintf(char * s, size_t n, const char * format, va_list arg)
{
return ((int (*const)(char*, size_t, const char *, va_list))0x05055C40)(s, n, format, arg);
}
*/

0
installer/wupserver/source/imports.h → wupserver/source/imports.h
View File

13
installer/wupserver/source/ipc.c → wupserver/source/ipc.c
View File

@ -31,6 +31,7 @@
//#include "logger.h"
#include "fsa.h"
#define IOSUHAX_MAGIC_WORD 0x4E696365
#define IOS_ERROR_UNKNOWN_VALUE 0xFFFFFFD6
#define IOS_ERROR_INVALID_ARG 0xFFFFFFE3
#define IOS_ERROR_INVALID_SIZE 0xFFFFFFE9
@ -71,6 +72,7 @@
#define IOCTL_FSA_RAW_CLOSE 0x57
#define IOCTL_FSA_CHANGEMODE 0x58
#define IOCTL_FSA_FLUSHVOLUME 0x59
#define IOCTL_CHECK_IF_IOSUHAX 0x5B
//static u8 threadStack[0x1000] __attribute__((aligned(0x20)));
@ -136,7 +138,7 @@ static int ipc_ioctl(ipcmessage *message)
}
break;
}
case IOCTL_REPEATED_WRITE:
/*case IOCTL_REPEATED_WRITE:
{
if(message->ioctl.length_in < 12)
{
@ -191,7 +193,7 @@ static int ipc_ioctl(ipcmessage *message)
//! TODO: add syscall as on kern_read32
res = IOS_ERROR_NOEXISTS;
break;
}
}*/
//!--------------------------------------------------------------------------------------------------------------
//! FSA handles for better performance
//!--------------------------------------------------------------------------------------------------------------
@ -414,10 +416,15 @@ static int ipc_ioctl(ipcmessage *message)
message->ioctl.buffer_io[0] = FSA_ChangeMode(fd, path, mode);
break;
}
case IOCTL_CHECK_IF_IOSUHAX:
{
message->ioctl.buffer_io[0] = IOSUHAX_MAGIC_WORD;
break;
}
default:
res = IOS_ERROR_INVALID_ARG;
break;
}
}
return res;
}

0
installer/wupserver/source/ipc.h → wupserver/source/ipc.h
View File

0
installer/wupserver/source/ipc_types.h → wupserver/source/ipc_types.h
View File

0
installer/wupserver/source/svc.h → wupserver/source/svc.h
View File

0
installer/wupserver/source/svc.s → wupserver/source/svc.s
View File

0
installer/wupserver/source/types.h → wupserver/source/types.h
View File