- removed unnecessary check for loadiine kexploit map which is not required. only kernel_write() is required. now the installer checks if anything was mapped to detect that the kernel exploit was executed already before the launch of the installer.

- added skip of elf files with names that start with '.' or '_' (linux and MAC hidden files) -> Issue #4
This commit is contained in:
dimok789 2016-04-22 15:17:52 +02:00
parent 55e76f8cf7
commit 3a574c3b0a
3 changed files with 9 additions and 22 deletions

View File

@ -348,15 +348,6 @@ void run_kexploit(private_data_t *private_data)
/* Make DRVHAX point to DRVA to ensure a clean exit */
kern_write((void*)(drvhax_addr + 0x48), drva_addr);
//map (mostly unused) memory area to specific MEM2 region
#if (VER<410) //start of region on old FWs
kern_write((void*)(KERN_ADDRESS_TBL + (0x12 * 4)), 0x10000000);
#else //newer FWs use different mappings
kern_write((void*)(KERN_ADDRESS_TBL + (0x12 * 4)), 0x10000000);
#endif
//give that memory area read/write permissions
kern_write((void*)(KERN_ADDRESS_TBL + (0x13 * 4)), 0x28305800);
private_data->MEMFreeToDefaultHeap(thread0);
private_data->MEMFreeToDefaultHeap(thread1);
private_data->MEMFreeToDefaultHeap(thread2);

View File

@ -123,7 +123,7 @@ void __main(void)
OSDynLoad_FindExport(coreinit_handle, 0, "ICInvalidateRange", &private_data.ICInvalidateRange);
OSDynLoad_FindExport(coreinit_handle, 0, "_Exit", &private_data._Exit);
if (private_data.OSEffectiveToPhysical((void *)0xa0000000) != (void *)0x10000000)
if (private_data.OSEffectiveToPhysical((void *)0xa0000000) == (void *)0)
{
run_kexploit(&private_data);
}
@ -158,6 +158,10 @@ void __main(void)
/* Waits for thread exits */
unsigned int t1 = 0x1FFFFFFF;
while(t1--) ;
/* restore kernel memory table to original state */
kern_write((void*)(KERN_ADDRESS_TBL + (0x12 * 4)), 0);
kern_write((void*)(KERN_ADDRESS_TBL + (0x13 * 4)), 0x14000000);
}
/* Prepare for thread startups */
@ -220,10 +224,6 @@ void __main(void)
private_data.MEMFreeToDefaultHeap(thread);
private_data.MEMFreeToDefaultHeap(stack);
/* restore kernel memory table to original state */
kern_write((void*)(KERN_ADDRESS_TBL + (0x12 * 4)), 0);
kern_write((void*)(KERN_ADDRESS_TBL + (0x13 * 4)), 0x14000000);
//! we are done -> exit browser now
private_data._Exit();
}
@ -423,11 +423,7 @@ static void InstallMain(private_data_t *private_data)
unsigned char *main_text = private_data->data_elf + section_offset;
/* Copy main .text to memory */
if(section_offset > 0)
{
SC_0x25_KernelCopyData((void*)(CODE_RW_BASE_OFFSET + main_text_addr), main_text, main_text_len);
//private_data->DCFlushRange((void*)(CODE_RW_BASE_OFFSET + main_text_addr), main_text_len);
//private_data->ICInvalidateRange((void*)(main_text_addr), main_text_len);
}
// get the .rodata section
unsigned int main_rodata_addr = 0;
@ -438,7 +434,6 @@ static void InstallMain(private_data_t *private_data)
unsigned char *main_rodata = private_data->data_elf + section_offset;
/* Copy main rodata to memory */
SC_0x25_KernelCopyData((void*)(DATA_RW_BASE_OFFSET + main_rodata_addr), main_rodata, main_rodata_len);
//private_data->DCFlushRange((void*)(DATA_RW_BASE_OFFSET + main_rodata_addr), main_rodata_len);
}
// get the .data section
@ -450,7 +445,6 @@ static void InstallMain(private_data_t *private_data)
unsigned char *main_data = private_data->data_elf + section_offset;
/* Copy main data to memory */
SC_0x25_KernelCopyData((void*)(DATA_RW_BASE_OFFSET + main_data_addr), main_data, main_data_len);
//private_data->DCFlushRange((void*)(DATA_RW_BASE_OFFSET + main_data_addr), main_data_len);
}
// get the .bss section
@ -462,7 +456,6 @@ static void InstallMain(private_data_t *private_data)
unsigned char *main_bss = private_data->data_elf + section_offset;
/* Copy main data to memory */
SC_0x25_KernelCopyData((void*)(DATA_RW_BASE_OFFSET + main_bss_addr), main_bss, main_bss_len);
//private_data->DCFlushRange((void*)(DATA_RW_BASE_OFFSET + main_bss_addr), main_bss_len);
}
}
@ -509,6 +502,5 @@ static void InstallPatches(private_data_t *private_data)
bufferU32 = 0x48000003 | jump_addr;
SC_0x25_KernelCopyData((void*)(LIB_CODE_RW_BASE_OFFSET + repl_addr), &bufferU32, sizeof(bufferU32));
// flush caches and invalidate instruction cache
//private_data->DCFlushRange((void*)(LIB_CODE_RW_BASE_OFFSET + repl_addr), 4);
private_data->ICInvalidateRange((void*)(repl_addr), 4);
}

View File

@ -60,6 +60,10 @@ HomebrewWindow::HomebrewWindow(int w, int h)
//!if(strcasecmp(dirList.GetFilename(i), "homebrew_launcher.elf") == 0)
//! continue;
//! skip hidden linux and mac files
if(dirList.GetFilename(i)[0] == '.' || dirList.GetFilename(i)[0] == '_')
continue;
int idx = homebrewButtons.size();
homebrewButtons.resize(homebrewButtons.size() + 1);