The-Homebrew-Cloud/haxchi
2
0
Fork 0
mirror of https://github.com/wiiu-env/haxchi.git synced 2024-09-29 08:28:37 +02:00
Code Issues Packages Projects Releases Wiki Activity
3c6dadb2a6
haxchi/dsrom/CBHC/arm_kernel/source/reload.c
FIX94 3c6dadb2a6 -when starting up the console with system menu autoboot CBHC will now start the menu into mii selection if no default mii is set instead of just using the first mii 
-added system reload patches to CBHC, thanks to dimok for patch location and elf patcher!
2016-12-15 01:51:06 +01:00

87 lines
3.5 KiB
C
Raw Blame History

//kernel relaunch hook, thanks to dimok
#include "types.h"
#include "utils.h"
#include "reload.h"
#include "elf_patcher.h"
#include "wupserver.h"
extern char __file_start, __file_end;
void kernel_launch_ios(u32 launch_address, u32 L, u32 C, u32 H)
{
void (*kernel_launch_bootrom)(u32 launch_address, u32 L, u32 C, u32 H) = (void*)0x0812A050;
if(*(u32*)(launch_address - 0x300 + 0x1AC) == 0x00DFD000)
{
int level = disable_interrupts();
unsigned int control_register = disable_mmu();
u32 ios_elf_start = launch_address + 0x804 - 0x300;
// nop out memcmp hash checks
section_write_word(ios_elf_start, 0x040017E0, 0xE3A00000); // mov r0, #0
section_write_word(ios_elf_start, 0x040019C4, 0xE3A00000); // mov r0, #0
section_write_word(ios_elf_start, 0x04001BB0, 0xE3A00000); // mov r0, #0
section_write_word(ios_elf_start, 0x04001D40, 0xE3A00000); // mov r0, #0
// patch OS launch sig check
section_write_word(ios_elf_start, 0x0500A818, 0x20002000); // mov r0, #0; mov r0, #0
// patch MCP authentication check
section_write_word(ios_elf_start, 0x05014CAC, 0x20004770); // mov r0, #0; bx lr
// jump over overwritten MCP debug thread start function
section_write_word(ios_elf_start, 0x0501FEE0, 0x20002000); //mov r0, #0; mov r0, #0
// fix 10 minute timeout that crashes MCP after 10 minutes of booting
section_write_word(ios_elf_start, 0x05022474, 0xFFFFFFFF); // NEW_TIMEOUT
// replace ioctl 0x62 code with jump to wupserver
section_write_word(ios_elf_start, 0x05026BA8, 0x47780000); // bx pc
section_write_word(ios_elf_start, 0x05026BAC, 0xE59F1000); // ldr r1, [pc]
section_write_word(ios_elf_start, 0x05026BB0, 0xE12FFF11); // bx r1
section_write_word(ios_elf_start, 0x05026BB4, 0x0510E570); // wupserver code
// patch cert verification
section_write_word(ios_elf_start, 0x05052A90, 0xE3A00000); // mov r0, #0
section_write_word(ios_elf_start, 0x05052A94, 0xE12FFF1E); // bx lr
// patch IOSC_VerifyPubkeySign to always succeed
section_write_word(ios_elf_start, 0x05052C44, 0xE3A00000); // mov r0, #0
section_write_word(ios_elf_start, 0x05052C48, 0xE12FFF1E); // bx lr
// patch cached cert check
section_write_word(ios_elf_start, 0x05054D6C, 0xE3A00000); // mov r0, 0
section_write_word(ios_elf_start, 0x05054D70, 0xE12FFF1E); // bx lr
// change system.xml to syshax.xml
section_write_word(ios_elf_start, 0x050600F0, 0x79736861); //ysha
section_write_word(ios_elf_start, 0x050600F4, 0x782E786D); //x.xm
section_write_word(ios_elf_start, 0x05060114, 0x79736861); //ysha
section_write_word(ios_elf_start, 0x05060118, 0x782E786D); //x.xm
// overwrite mcp_d_r code with wupserver
section_write_word(ios_elf_start, 0x0510E56C, 0x47700000); //bx lr
section_write(ios_elf_start, 0x0510E570, get_wupserver_bin(), get_wupserver_bin_len());
// apply IOS ELF launch hook (thanks dimok!)
section_write_word(ios_elf_start, 0x0812A120, ARM_BL(0x0812A120, kernel_launch_ios));
// Put arm_kernel file back where it is now
section_write(ios_elf_start, (u32)&__file_start, &__file_start, &__file_end - &__file_start);
// allow any region title launch
section_write_word(ios_elf_start, 0xE0030498, 0xE3A00000); // mov r0, #0
// allow custom bootLogoTex and bootMovie.h264
section_write_word(ios_elf_start, 0xE0030D68, 0xE3A00000); // mov r0, #0
section_write_word(ios_elf_start, 0xE0030D34, 0xE3A00000); // mov r0, #0
restore_mmu(control_register);
enable_interrupts(level);
}
kernel_launch_bootrom(launch_address, L, C, H);
}
Reference in New Issue View Git Blame Copy Permalink