From 1c32dde5dada839a079a72ce201b06882aab47b3 Mon Sep 17 00:00:00 2001
From: Christopher Roy Bratusek <nano@tuxfamily.org>
Date: Tue, 20 Mar 2012 12:22:52 +0100
Subject: [PATCH] HW_AHBPROT: apply DI2_ReadLimit and NewTrucha patches

---
 installer/wad/0001000154484246.tmd | Bin 592 -> 592 bytes
 source/Tools/RuntimeIOSPatch.c     |  21 ++++++++++++++++-----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/installer/wad/0001000154484246.tmd b/installer/wad/0001000154484246.tmd
index 9809af02dea2dc4d340c1d6db41b7d92c9209388..4e2e3e0e5ced4b8a9586800028cbcaca14f1c094 100644
GIT binary patch
delta 29
lcmcb>a)D)oHIrz=1?L4<Caihd#~;eOSER+|X4HmlD*(bJ4XgkF

delta 29
lcmcb>a)D)oHIpdAq+JJFc3mptHtydMojotN&ur^9O#r$a4D0{^

diff --git a/source/Tools/RuntimeIOSPatch.c b/source/Tools/RuntimeIOSPatch.c
index 8e3c373..9d15a9f 100644
--- a/source/Tools/RuntimeIOSPatch.c
+++ b/source/Tools/RuntimeIOSPatch.c
@@ -8,6 +8,14 @@
 
 #define MEM_PROT 0xD8B420A
 
+const u8 di_readlimit_old[] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x01, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x0A, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00,
+    0x7E, 0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08
+};
+const u8 di_readlimit_patch[] = { 0x7e, 0xd4 };
+
 const u8 isfs_permissions_old[] = { 0x42, 0x8B, 0xD0, 0x01, 0x25, 0x66 };
 const u8 isfs_permissions_patch[] = { 0x42, 0x8B, 0xE0, 0x01, 0x25, 0x66 };
 const u8 setuid_old[] = { 0xD1, 0x2A, 0x1C, 0x39 };
@@ -16,6 +24,7 @@ const u8 es_identify_old[] = { 0x28, 0x03, 0xD1, 0x23 };
 const u8 es_identify_patch[] = { 0x00, 0x00 };
 const u8 hash_old[] = { 0x20, 0x07, 0x4B, 0x0B };
 const u8 hash_patch[] = { 0x00 };
+const u8 new_hash_old[] = { 0x20, 0x07, 0x4B, 0x0B };
 const u8 addticket_vers_check[] = { 0xD2, 0x01, 0x4E, 0x56 };
 const u8 addticket_patch[] = { 0xE0 };
 
@@ -25,7 +34,7 @@ u32 apply_patch(const char *name, const u8 *old, u32 old_size, const u8 *patch,
 	u8 *ptr = (u8 *) 0x93400000;
 	u32 i, found = 0;
 	u8 *start;
-    
+
 	while ((u32) ptr < (0x94000000 - old_size))
 	{
 		if(!memcmp(ptr, old, old_size))
@@ -53,17 +62,19 @@ u32 runtimePatchApply()
 	write16(MEM_PROT, 0);
 	count += apply_patch("Trucha", hash_old,
 		sizeof(hash_old), hash_patch, sizeof(hash_patch), 1);
+	count += apply_patch("New Trucha", new_hash_old,
+		sizeof(new_hash_old), hash_patch, sizeof(hash_patch), 1);
 	count += apply_patch("ES_Identify", es_identify_old,
-		sizeof(es_identify_old), es_identify_patch, sizeof(es_identify_patch),
-		2);
+		sizeof(es_identify_old), es_identify_patch, sizeof(es_identify_patch), 2);
 	count += apply_patch("NAND Permissions", isfs_permissions_old,
 		sizeof(isfs_permissions_old), isfs_permissions_patch,
 		sizeof(isfs_permissions_patch), 0);
 	count += apply_patch("add ticket patch", addticket_vers_check,
-		sizeof(addticket_vers_check), addticket_patch, sizeof(addticket_patch),
-		0);
+		sizeof(addticket_vers_check), addticket_patch, sizeof(addticket_patch), 0);
 	count += apply_patch("ES_SetUID", setuid_old, sizeof(setuid_old),
 		setuid_patch, sizeof(setuid_patch), 0);
+	count += apply_patch("DI ReadLimit", di_readlimit_old, sizeof(di_readlimit_old),
+		di_readlimit_patch, sizeof(di_readlimit_patch), 12);
 	write16(MEM_PROT, 1);
 	return count;
 }