From b34ca867b3b4d699a8067a5f9674c3d1be4df95c Mon Sep 17 00:00:00 2001 From: Pablo Curiel Date: Fri, 5 Jun 2015 18:44:20 -0430 Subject: [PATCH 1/2] 1.5.2: * added SSL module patches made by FIX94 to fix some certificate errors that occur when attempting to connect to a host using a secure connection (DarkMatterCore) --- libruntimeiospatch/CHANGES | 14 ++++++++++ libruntimeiospatch/source/runtimeiospatch.c | 29 ++++++++++++--------- libruntimeiospatch/source/runtimeiospatch.h | 22 +++++++++++----- 3 files changed, 46 insertions(+), 19 deletions(-) diff --git a/libruntimeiospatch/CHANGES b/libruntimeiospatch/CHANGES index cc169ba..67ec321 100644 --- a/libruntimeiospatch/CHANGES +++ b/libruntimeiospatch/CHANGES @@ -1,3 +1,17 @@ +1.5.2: +* added SSL module patches made by FIX94 to fix some certificate errors that occur when attempting to connect to a host using a secure connection (DarkMatterCore) + +1.5.1: +* code clean-up (JoostinOnline) +* add typedef for s32 (JoostinOnline) +* misc minor changes (JoostinOnline) + +1.5: +* add ISFS_SetAttr() patches. (megazig) Forces the ISFS_SetAttr() function to continue instead of returning -102 when you're trying to change the UID/GID of a file. + +1.4: +* fix value for hash_old (spotted by DarkMatterCore) + 1.3: thanks to JoostinOnline/damysteryman * replaced HAVE_ABHPROT by AHBPROT_DISABLED (now public) * removed (now) redundant have_ahbprot() diff --git a/libruntimeiospatch/source/runtimeiospatch.c b/libruntimeiospatch/source/runtimeiospatch.c index ecff8cc..6e27f89 100644 --- a/libruntimeiospatch/source/runtimeiospatch.c +++ b/libruntimeiospatch/source/runtimeiospatch.c @@ -10,6 +10,9 @@ // Copyright (C) 2010 Joseph Jordan // Copyright (C) 2012-2013 damysteryman // Copyright (C) 2012-2013 Christopher Bratusek +// Copyright (C) 2013 DarkMatterCore +// Copyright (C) 2014 megazig +// Copyright (C) 2015 FIX94 #include #include @@ -50,6 +53,16 @@ const u8 addticket_patch[] = { 0xE0 }; const u8 es_set_ahbprot_old[] = { 0x68, 0x5B, 0x22, 0xEC, 0x00, 0x52, 0x18, 0x9B, 0x68, 0x1B, 0x46, 0x98, 0x07, 0xDB }; const u8 es_set_ahbprot_patch[] = { 0x01 }; +/* SSL patches made by FIX94 for Nintendont. Ported to libruntimeiospatch by DarkMatterCore */ +const u8 ssl_patch1_old[] = { 0xFE, 0x0E, 0xE3, 0x50, 0x00, 0x00, 0x05, 0x9F }; +const u8 ssl_patch1_new[] = { 0xFE, 0x0E, 0xE3, 0x28, 0xF1, 0x02, 0x05, 0x9F }; // Fixes SSL error -9 (wrong host) +const u8 ssl_patch2_old[] = { 0x00, 0x00, 0x0A, 0x00, 0x00, 0x09, 0xEA, 0x00 }; +const u8 ssl_patch2_new[] = { 0x00, 0x00, 0xEA, 0x00, 0x00, 0x09, 0xEA, 0x00 }; // Fixes SSL error -10 (part 1) (wrong root cert) +const u8 ssl_patch3_old[] = { 0x00, 0x00, 0x1A, 0x00, 0x00, 0x08, 0xE3, 0xE0 }; +const u8 ssl_patch3_new[] = { 0x00, 0x00, 0xEA, 0x00, 0x00, 0x08, 0xE3, 0xE0 }; // Fixes SSL error -10 (part 2) (wrong root cert) +const u8 ssl_patch4_old[] = { 0x00, 0x00, 0xDA, 0x00, 0x00, 0x16, 0xE7, 0x96 }; +const u8 ssl_patch4_new[] = { 0x00, 0x00, 0xEA, 0x00, 0x00, 0x16, 0xE7, 0x96 }; // Fixes SSL error -11 (wrong client cert) + //Following patches added to iospatch.c by damysteryman, taken from sciifii v5 const u8 MEM2_prot_old[] = { 0xB5, 0x00, 0x4B, 0x09, 0x22, 0x01, 0x80, 0x1A, 0x22, 0xF0 }; const u8 MEM2_prot_patch[] = { 0xB5, 0x00, 0x4B, 0x09, 0x22, 0x00, 0x80, 0x1A, 0x22, 0xF0 }; @@ -72,18 +85,6 @@ const u8 ES_TitleVersionCheck_patch[] = { 0xE0, 0x01, 0x4E, 0x56 }; const u8 ES_TitleDeleteCheck_old[] = { 0xD8, 0x00, 0x4A, 0x04 }; const u8 ES_TitleDeleteCheck_patch[] = { 0xE0, 0x00, 0x4A, 0x04 }; -//Following patches made my damysteryman for use with Wii U's vWii -/*const u8 Kill_AntiSysTitleInstallv2_pt1_old[] = { 0x68, 0x1A, 0x2A, 0x01, 0xD0, 0x05 }; // Make sure that the pt1 -const u8 Kill_AntiSysTitleInstallv2_pt1_patch[] = { 0x68, 0x1A, 0x2A, 0x01, 0x46, 0xC0 }; // patch is applied twice. -dmm -const u8 Kill_AntiSysTitleInstallv2_pt2_old[] = { 0x4B, 0x29, 0x42, 0x9A, 0xD0, 0x02 }; -const u8 Kill_AntiSysTitleInstallv2_pt2_patch[] = { 0x4B, 0x29, 0x42, 0x9A, 0x46, 0xC0 }; -const u8 Kill_AntiSysTitleInstallv2_pt3_old[] = { 0xD0, 0x02, 0x33, 0x06 }; -const u8 Kill_AntiSysTitleInstallv2_pt3_patch[] = { 0x46, 0xC0, 0x33, 0x06 }; -const u8 Kill_AntiSysTitleInstallv2_pt4_old[] = { 0x2C, 0x01, 0xD0, 0x07}; -const u8 Kill_AntiSysTitleInstallv2_pt4_patch[] = { 0x2C, 0x01, 0x46, 0xC0}; -const u8 Kill_AntiSysTitleInstallv2_pt5_old[] = { 0x42, 0x94, 0xD0, 0x03, 0x9C, 0x03 }; -const u8 Kill_AntiSysTitleInstallv2_pt5_patch[] = { 0x42, 0x94, 0x46, 0xC0, 0x9C, 0x03 };*/ - //Following patches made my damysteryman for use with Wii U's vWii const u8 Kill_AntiSysTitleInstallv3_pt1_old[] = { 0x68, 0x1A, 0x2A, 0x01, 0xD0, 0x05 }; // Make sure that the pt1 const u8 Kill_AntiSysTitleInstallv3_pt1_patch[] = { 0x68, 0x1A, 0x2A, 0x01, 0x46, 0xC0 }; // patch is applied twice. -dmm @@ -149,6 +150,10 @@ s32 IosPatch_RUNTIME(bool wii, bool sciifii, bool vwii, bool verbose) { count += apply_patch("es_identify", es_identify_old, sizeof(es_identify_old), es_identify_patch, sizeof(es_identify_patch), 2, verbose); count += apply_patch("hash_check", hash_old, sizeof(hash_old), hash_patch, sizeof(hash_patch), 1, verbose); count += apply_patch("new_hash_check", new_hash_old, sizeof(new_hash_old), hash_patch, sizeof(hash_patch), 1, verbose); + count += apply_patch("ssl_patch1", ssl_patch1_old, sizeof(ssl_patch1_old), ssl_patch1_new, sizeof(ssl_patch1_new), 0, verbose); + count += apply_patch("ssl_patch2", ssl_patch2_old, sizeof(ssl_patch2_old), ssl_patch2_new, sizeof(ssl_patch2_new), 0, verbose); + count += apply_patch("ssl_patch3", ssl_patch3_old, sizeof(ssl_patch3_old), ssl_patch3_new, sizeof(ssl_patch3_new), 0, verbose); + count += apply_patch("ssl_patch4", ssl_patch4_old, sizeof(ssl_patch4_old), ssl_patch4_new, sizeof(ssl_patch4_new), 0, verbose); } if(sciifii) { diff --git a/libruntimeiospatch/source/runtimeiospatch.h b/libruntimeiospatch/source/runtimeiospatch.h index aa4f429..9245eed 100644 --- a/libruntimeiospatch/source/runtimeiospatch.h +++ b/libruntimeiospatch/source/runtimeiospatch.h @@ -7,18 +7,20 @@ // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License 2.0 for more details. -// Copyright (C) 2010 Joseph Jordan -// Copyright (C) 2012 damysteryman -// Copyright (C) 2012 Christopher Bratusek +// Copyright (C) 2010 Joseph Jordan +// Copyright (C) 2012-2013 damysteryman +// Copyright (C) 2012-2013 Christopher Bratusek +// Copyright (C) 2013 DarkMatterCore +// Copyright (C) 2014 megazig +// Copyright (C) 2015 FIX94 - -#ifndef _RUNTIMEIOSPATCH_H_ -#define _RUNTIMEIOSPATCH_H_ +#ifndef __RUNTIMEIOSPATCH_H__ +#define __RUNTIMEIOSPATCH_H__ /** * Version information for Libruntimeiospatch. */ -#define LIB_RUNTIMEIOSPATCH_VERSION "1.3.0" +#define LIB_RUNTIMEIOSPATCH_VERSION "1.5.2" //============================================================================== // HW_RVL header @@ -44,6 +46,12 @@ extern "C" { #endif /* __cplusplus */ +//============================================================================== +// Extra standard declarations +//============================================================================== +typedef signed int s32; +//============================================================================== + //============================================================================== // Patchsets: //============================================================================== From 317ccd8f144b3cf97a63ce9620fe7050ebb127df Mon Sep 17 00:00:00 2001 From: Pablo Curiel Date: Sat, 6 Jun 2015 10:55:19 -0430 Subject: [PATCH 2/2] Reapplied the fixes made by JoostinOnline in later versions of the library, since it appears the revision stored on GitHub was an old one. --- libruntimeiospatch/API | 131 ++++++++++++++++++++ libruntimeiospatch/source/runtimeiospatch.c | 126 +++++++++---------- 2 files changed, 193 insertions(+), 64 deletions(-) create mode 100644 libruntimeiospatch/API diff --git a/libruntimeiospatch/API b/libruntimeiospatch/API new file mode 100644 index 0000000..a4f5074 --- /dev/null +++ b/libruntimeiospatch/API @@ -0,0 +1,131 @@ +libruntimeiospatch function overview +==================================== + +>>>>>>>> libruntimeiospatch 1.3: <<<<<<<< + +===================== =================== +=== ERROR_AHBPROT === === ERROR_PATCH === +===================== =================== + +Use those to catch occuring errors + +****** +if (IosPatch_AHBPROT(false) == ERROR_AHBPROT) + printf("AHBPROT is still enabled!"); + +if (IosPatch_RUNTIME(true, false, false, false) == ERROR_PATCH) + printf("Patching IOS failed!"); + +======================== +=== AHBPROT_DISABLED === +======================== + +Returns true when HW_AHBPROT access can be applied + +****** +If(AHBPROT_DISABLED) { + do_something +} else { + do_something_else +} +****** + +=================================== +=== LIB_RUNTIMEIOSPATCH_VERSION === +=================================== + +Stores printable version of libruntimeiospatch. + +>>>>>>>> libruntimeiospatch 1.1: <<<<<<<< + +===================== +=== IosPatch_FULL === +===================== + +This function combines IosPatch_AHBPROT + IOS_ReloadIOS + IosPatch_RUNTIME + +>> Flags: [bool]wii (whether to apply Wii patches) + [bool]sciifii (whether to apply extra Sciifii patches) + [bool]vwii (whether to apply extra vWii patches) + [bool]verbose (whether to print messages on-screen) + [int]ios (which IOS to reload into) + +>> Return: +-5: no HW_AHBPROT access +-7: patching HW_AHBPROT access failed +>0: success (return equals to number of applied patches) + +****** +If(AHBPROT_DISABLED) { + IosPatch_FULL(true, false, false, false, 58); +} +****** + +>>>>>>>> libruntimeiospatch 1.0: <<<<<<<< + +======================== +=== IosPatch_AHBPROT === +======================== + +This function can be used to keep HW_AHBPROT access when going to reload IOS + +>> Flags: [bool]verbose (whether to print messages on-screen) + +>> Return: +-5: no HW_AHBPROT access +-7: patching HW_AHBPROT access failed +>0: success + +****** +if(AHBPROT_DISABLED) { + s32 ret; + ret = IosPatch_AHBPROT(false); + if (ret) { + IOS_ReloadIOS(36); + } else { + printf("IosPatch_AHBPROT failed."); + } +} +****** + +======================== +=== IosPatch_RUNTIME === +======================== + +This function applies patches on current IOS + +>> Flags: [bool]wii (whether to apply Wii patches) + [bool]sciifii (whether to apply extra Sciifii patches) + [bool]vwii (whether to apply extra vWii patches) + [bool]verbose (whether to print messages on-screen) + +>> Return: +-5: no HW_AHBPROT access +>0: success (return equals to number of applied patches) + +<< Patchsets: +Wii: + * DI Readlimit + * ISFS Permissions + * ES SetUID + * ES SetIdentify + * Hash Check (aka Trucha) + * New Hash Check (aka New Trucha) + +Sciifii: + * MEM2 Prot + * ES OpenTitleContent 1 & 2 + * ES ReadContent Prot + * ES CloseContent + * ES TitleVersionCheck + * ES TitleDeleteCheck + +vWii: + * Kill Anti-SystemTitle-Install 1, 2, 3, 4 & 5 + + +****** +If(AHBPROT_DISABLED) { + IosPatch_RUNTIME(true, false, false, false); +} +****** diff --git a/libruntimeiospatch/source/runtimeiospatch.c b/libruntimeiospatch/source/runtimeiospatch.c index 6e27f89..2c21086 100644 --- a/libruntimeiospatch/source/runtimeiospatch.c +++ b/libruntimeiospatch/source/runtimeiospatch.c @@ -26,8 +26,7 @@ //const u8 check_tmd_patch1[] = { 0x23, 0x01, 0x42, 0x5B }; - -static void disable_memory_protection() { +static inline void disable_memory_protection(void) { write32(MEM_PROT, read32(MEM_PROT) & 0x0000FFFF); } @@ -39,63 +38,69 @@ static const u8 di_readlimit_old[] = { }; static const u8 di_readlimit_patch[] = { 0x7e, 0xd4 }; -const u8 isfs_permissions_old[] = { 0x42, 0x8B, 0xD0, 0x01, 0x25, 0x66 }; -const u8 isfs_permissions_patch[] = { 0x42, 0x8B, 0xE0, 0x01, 0x25, 0x66 }; -const u8 setuid_old[] = { 0xD1, 0x2A, 0x1C, 0x39 }; -const u8 setuid_patch[] = { 0x46, 0xC0 }; -const u8 es_identify_old[] = { 0x28, 0x03, 0xD1, 0x23 }; -const u8 es_identify_patch[] = { 0x00, 0x00 }; -const u8 hash_old[] = { 0x20, 0x07, 0x4B, 0x0B }; -const u8 hash_patch[] = { 0x00 }; -const u8 new_hash_old[] = { 0x20, 0x07, 0x4B, 0x0B }; -const u8 addticket_vers_check[] = { 0xD2, 0x01, 0x4E, 0x56 }; -const u8 addticket_patch[] = { 0xE0 }; -const u8 es_set_ahbprot_old[] = { 0x68, 0x5B, 0x22, 0xEC, 0x00, 0x52, 0x18, 0x9B, 0x68, 0x1B, 0x46, 0x98, 0x07, 0xDB }; -const u8 es_set_ahbprot_patch[] = { 0x01 }; +static const u8 isfs_permissions_old[] = { 0x42, 0x8B, 0xD0, 0x01, 0x25, 0x66 }; +static const u8 isfs_permissions_patch[] = { 0x42, 0x8B, 0xE0, 0x01, 0x25, 0x66 }; +static const u8 setuid_old[] = { 0xD1, 0x2A, 0x1C, 0x39 }; +static const u8 setuid_patch[] = { 0x46, 0xC0 }; +static const u8 es_identify_old[] = { 0x28, 0x03, 0xD1, 0x23 }; +static const u8 es_identify_patch[] = { 0x00, 0x00 }; +static const u8 hash_old[] = { 0x20, 0x07, 0x23, 0xA2 }; +static const u8 hash_patch[] = { 0x00 }; +static const u8 new_hash_old[] = { 0x20, 0x07, 0x4B, 0x0B }; +static const u8 addticket_vers_check[] = { 0xD2, 0x01, 0x4E, 0x56 }; +static const u8 addticket_patch[] = { 0xE0 }; +static const u8 es_set_ahbprot_old[] = { 0x68, 0x5B, 0x22, 0xEC, 0x00, 0x52, 0x18, 0x9B, 0x68, 0x1B, 0x46, 0x98, 0x07, 0xDB }; +static const u8 es_set_ahbprot_patch[] = { 0x01 }; /* SSL patches made by FIX94 for Nintendont. Ported to libruntimeiospatch by DarkMatterCore */ -const u8 ssl_patch1_old[] = { 0xFE, 0x0E, 0xE3, 0x50, 0x00, 0x00, 0x05, 0x9F }; -const u8 ssl_patch1_new[] = { 0xFE, 0x0E, 0xE3, 0x28, 0xF1, 0x02, 0x05, 0x9F }; // Fixes SSL error -9 (wrong host) -const u8 ssl_patch2_old[] = { 0x00, 0x00, 0x0A, 0x00, 0x00, 0x09, 0xEA, 0x00 }; -const u8 ssl_patch2_new[] = { 0x00, 0x00, 0xEA, 0x00, 0x00, 0x09, 0xEA, 0x00 }; // Fixes SSL error -10 (part 1) (wrong root cert) -const u8 ssl_patch3_old[] = { 0x00, 0x00, 0x1A, 0x00, 0x00, 0x08, 0xE3, 0xE0 }; -const u8 ssl_patch3_new[] = { 0x00, 0x00, 0xEA, 0x00, 0x00, 0x08, 0xE3, 0xE0 }; // Fixes SSL error -10 (part 2) (wrong root cert) -const u8 ssl_patch4_old[] = { 0x00, 0x00, 0xDA, 0x00, 0x00, 0x16, 0xE7, 0x96 }; -const u8 ssl_patch4_new[] = { 0x00, 0x00, 0xEA, 0x00, 0x00, 0x16, 0xE7, 0x96 }; // Fixes SSL error -11 (wrong client cert) +static const u8 ssl_patch1_old[] = { 0xFE, 0x0E, 0xE3, 0x50, 0x00, 0x00, 0x05, 0x9F }; +static const u8 ssl_patch1_new[] = { 0xFE, 0x0E, 0xE3, 0x28, 0xF1, 0x02, 0x05, 0x9F }; // Fixes SSL error -9 (wrong host) +static const u8 ssl_patch2_old[] = { 0x00, 0x00, 0x0A, 0x00, 0x00, 0x09, 0xEA, 0x00 }; +static const u8 ssl_patch2_new[] = { 0x00, 0x00, 0xEA, 0x00, 0x00, 0x09, 0xEA, 0x00 }; // Fixes SSL error -10 (part 1) (wrong root cert) +static const u8 ssl_patch3_old[] = { 0x00, 0x00, 0x1A, 0x00, 0x00, 0x08, 0xE3, 0xE0 }; +static const u8 ssl_patch3_new[] = { 0x00, 0x00, 0xEA, 0x00, 0x00, 0x08, 0xE3, 0xE0 }; // Fixes SSL error -10 (part 2) (wrong root cert) +static const u8 ssl_patch4_old[] = { 0x00, 0x00, 0xDA, 0x00, 0x00, 0x16, 0xE7, 0x96 }; +static const u8 ssl_patch4_new[] = { 0x00, 0x00, 0xEA, 0x00, 0x00, 0x16, 0xE7, 0x96 }; // Fixes SSL error -11 (wrong client cert) //Following patches added to iospatch.c by damysteryman, taken from sciifii v5 -const u8 MEM2_prot_old[] = { 0xB5, 0x00, 0x4B, 0x09, 0x22, 0x01, 0x80, 0x1A, 0x22, 0xF0 }; -const u8 MEM2_prot_patch[] = { 0xB5, 0x00, 0x4B, 0x09, 0x22, 0x00, 0x80, 0x1A, 0x22, 0xF0 }; -const u8 ES_OpenTitleContent1_old[] = { 0x9D, 0x05, 0x42, 0x9D, 0xD0, 0x03 }; -const u8 ES_OpenTitleContent1_patch[] = { 0x9D, 0x05, 0x42, 0x9D, 0xE0, 0x03 }; -const u8 ES_OpenTitleContent2_old[] = { 0xD4, 0x01, 0x4C, 0x36, 0xE0, 0x3B }; -const u8 ES_OpenTitleContent2_patch[] = { 0xE0, 0x01, 0x4C, 0x36, 0xE0, 0x3B }; -const u8 ES_ReadContent_old[] = { 0xFC, 0x0F, 0xB5, 0x30, 0x1C, 0x14, 0x1C, 0x1D, 0x4B, - 0x0E, 0x68, 0x9B, 0x2B, 0x00, 0xD0, 0x03, 0x29, 0x00, 0xDB, 0x01, - 0x29, 0x0F, 0xDD, 0x01 }; -const u8 ES_ReadContent_patch[] = { 0xFC, 0x0F, 0xB5, 0x30, 0x1C, 0x14, 0x1C, 0x1D, 0x4B, - 0x0E, 0x68, 0x9B, 0x2B, 0x00, 0x46, 0xC0, 0x29, 0x00, 0x46, 0xC0, - 0x29, 0x0F, 0xE0, 0x01 }; -const u8 ES_CloseContent_old[] = { 0xB5, 0x10, 0x4B, 0x10, 0x68, 0x9B, 0x2B, 0x00, 0xD0, - 0x03, 0x29, 0x00, 0xDB, 0x01, 0x29, 0x0F, 0xDD, 0x01 }; -const u8 ES_CloseContent_patch[] = { 0xB5, 0x10, 0x4B, 0x10, 0x68, 0x9B, 0x2B, 0x00, 0x46, - 0xC0, 0x29, 0x00, 0x46, 0xC0, 0x29, 0x0F, 0xE0, 0x01 }; -const u8 ES_TitleVersionCheck_old[] = { 0xD2, 0x01, 0x4E, 0x56 }; -const u8 ES_TitleVersionCheck_patch[] = { 0xE0, 0x01, 0x4E, 0x56 }; -const u8 ES_TitleDeleteCheck_old[] = { 0xD8, 0x00, 0x4A, 0x04 }; -const u8 ES_TitleDeleteCheck_patch[] = { 0xE0, 0x00, 0x4A, 0x04 }; +static const u8 MEM2_prot_old[] = { 0xB5, 0x00, 0x4B, 0x09, 0x22, 0x01, 0x80, 0x1A, 0x22, 0xF0 }; +static const u8 MEM2_prot_patch[] = { 0xB5, 0x00, 0x4B, 0x09, 0x22, 0x00, 0x80, 0x1A, 0x22, 0xF0 }; +static const u8 ES_OpenTitleContent1_old[] = { 0x9D, 0x05, 0x42, 0x9D, 0xD0, 0x03 }; +static const u8 ES_OpenTitleContent1_patch[] = { 0x9D, 0x05, 0x42, 0x9D, 0xE0, 0x03 }; +static const u8 ES_OpenTitleContent2_old[] = { 0xD4, 0x01, 0x4C, 0x36, 0xE0, 0x3B }; +static const u8 ES_OpenTitleContent2_patch[] = { 0xE0, 0x01, 0x4C, 0x36, 0xE0, 0x3B }; +static const u8 ES_ReadContent_old[] = { 0xFC, 0x0F, 0xB5, 0x30, 0x1C, 0x14, 0x1C, 0x1D, 0x4B, + 0x0E, 0x68, 0x9B, 0x2B, 0x00, 0xD0, 0x03, 0x29, 0x00, 0xDB, 0x01, + 0x29, 0x0F, 0xDD, 0x01 }; +static const u8 ES_ReadContent_patch[] = { 0xFC, 0x0F, 0xB5, 0x30, 0x1C, 0x14, 0x1C, 0x1D, 0x4B, + 0x0E, 0x68, 0x9B, 0x2B, 0x00, 0x46, 0xC0, 0x29, 0x00, 0x46, 0xC0, + 0x29, 0x0F, 0xE0, 0x01 }; +static const u8 ES_CloseContent_old[] = { 0xB5, 0x10, 0x4B, 0x10, 0x68, 0x9B, 0x2B, 0x00, 0xD0, + 0x03, 0x29, 0x00, 0xDB, 0x01, 0x29, 0x0F, 0xDD, 0x01 }; +static const u8 ES_CloseContent_patch[] = { 0xB5, 0x10, 0x4B, 0x10, 0x68, 0x9B, 0x2B, 0x00, 0x46, + 0xC0, 0x29, 0x00, 0x46, 0xC0, 0x29, 0x0F, 0xE0, 0x01 }; +static const u8 ES_TitleVersionCheck_old[] = { 0xD2, 0x01, 0x4E, 0x56 }; +static const u8 ES_TitleVersionCheck_patch[] = { 0xE0, 0x01, 0x4E, 0x56 }; +static const u8 ES_TitleDeleteCheck_old[] = { 0xD8, 0x00, 0x4A, 0x04 }; +static const u8 ES_TitleDeleteCheck_patch[] = { 0xE0, 0x00, 0x4A, 0x04 }; -//Following patches made my damysteryman for use with Wii U's vWii -const u8 Kill_AntiSysTitleInstallv3_pt1_old[] = { 0x68, 0x1A, 0x2A, 0x01, 0xD0, 0x05 }; // Make sure that the pt1 -const u8 Kill_AntiSysTitleInstallv3_pt1_patch[] = { 0x68, 0x1A, 0x2A, 0x01, 0x46, 0xC0 }; // patch is applied twice. -dmm -const u8 Kill_AntiSysTitleInstallv3_pt2_old[] = { 0xD0, 0x02, 0x33, 0x06, 0x42, 0x9A, 0xD1, 0x01 }; // Make sure that the pt2 patch -const u8 Kill_AntiSysTitleInstallv3_pt2_patch[] = { 0x46, 0xC0, 0x33, 0x06, 0x42, 0x9A, 0xE0, 0x01 }; // is also applied twice. -dmm -const u8 Kill_AntiSysTitleInstallv3_pt3_old[] = { 0x68, 0xFB, 0x2B, 0x00, 0xDB, 0x01 }; -const u8 Kill_AntiSysTitleInstallv3_pt3_patch[] = { 0x68, 0xFB, 0x2B, 0x00, 0xDB, 0x10 }; +//Following set of patches made by damysteryman for use with Wii U's vWii +static const u8 Kill_AntiSysTitleInstallv3_pt1_old[] = { 0x68, 0x1A, 0x2A, 0x01, 0xD0, 0x05 }; // Make sure that the pt1 +static const u8 Kill_AntiSysTitleInstallv3_pt1_patch[] = { 0x68, 0x1A, 0x2A, 0x01, 0x46, 0xC0 }; // patch is applied twice. -dmm +static const u8 Kill_AntiSysTitleInstallv3_pt2_old[] = { 0xD0, 0x02, 0x33, 0x06, 0x42, 0x9A, 0xD1, 0x01 }; // Make sure that the pt2 patch +static const u8 Kill_AntiSysTitleInstallv3_pt2_patch[] = { 0x46, 0xC0, 0x33, 0x06, 0x42, 0x9A, 0xE0, 0x01 }; // is also applied twice. -dmm +static const u8 Kill_AntiSysTitleInstallv3_pt3_old[] = { 0x68, 0xFB, 0x2B, 0x00, 0xDB, 0x01 }; +static const u8 Kill_AntiSysTitleInstallv3_pt3_patch[] = { 0x68, 0xFB, 0x2B, 0x00, 0xDB, 0x10 }; -static u32 apply_patch(char *name, const u8 *old, u32 old_size, const u8 *patch, u32 patch_size, u32 patch_offset, bool verbose) { +/* ISFS_SetAttr patches made by megazig */ +static const u8 isfs_setattr_pt1_old[] = { 0x42, 0xAB, 0xD0, 0x02, 0x20, 0x66 }; +static const u8 isfs_setattr_pt1_patch[] = { 0x42, 0xAB, 0xE0, 0x02, 0x20, 0x66 }; +static const u8 isfs_setattr_pt2_old[] = { 0x2D, 0x00, 0xD0, 0x02, 0x20, 0x66 }; +static const u8 isfs_setattr_pt2_patch[] = { 0x2D, 0x00, 0xE0, 0x02, 0x20, 0x66 }; + +static u8 apply_patch(const char *name, const u8 *old, u32 old_size, const u8 *patch, size_t patch_size, u32 patch_offset, bool verbose) { u8 *ptr_start = (u8*)*((u32*)0x80003134), *ptr_end = (u8*)0x94000000; - u32 found = 0; + u8 found = 0; if(verbose) printf(" Patching %-30s", name); u8 *location = NULL; @@ -125,7 +130,6 @@ static u32 apply_patch(char *name, const u8 *old, u32 old_size, const u8 *patch, s32 IosPatch_AHBPROT(bool verbose) { if (AHBPROT_DISABLED) { disable_memory_protection(); - //return apply_patch("set_ahbprot", check_tmd_old, sizeof(check_tmd_old), check_tmd_patch, sizeof(check_tmd_patch), 6, verbose); s32 ret = apply_patch("es_set_ahbprot", es_set_ahbprot_old, sizeof(es_set_ahbprot_old), es_set_ahbprot_patch, sizeof(es_set_ahbprot_patch), 25, verbose); if (ret) return ret; @@ -142,14 +146,15 @@ s32 IosPatch_RUNTIME(bool wii, bool sciifii, bool vwii, bool verbose) { disable_memory_protection(); if(wii) { - if(verbose) - printf(">> Applying standard Wii patches:\n"); + if(verbose) printf(">> Applying standard Wii patches:\n"); count += apply_patch("di_readlimit", di_readlimit_old, sizeof(di_readlimit_old), di_readlimit_patch, sizeof(di_readlimit_patch), 12, verbose); count += apply_patch("isfs_permissions", isfs_permissions_old, sizeof(isfs_permissions_old), isfs_permissions_patch, sizeof(isfs_permissions_patch), 0, verbose); count += apply_patch("es_setuid", setuid_old, sizeof(setuid_old), setuid_patch, sizeof(setuid_patch), 0, verbose); count += apply_patch("es_identify", es_identify_old, sizeof(es_identify_old), es_identify_patch, sizeof(es_identify_patch), 2, verbose); count += apply_patch("hash_check", hash_old, sizeof(hash_old), hash_patch, sizeof(hash_patch), 1, verbose); count += apply_patch("new_hash_check", new_hash_old, sizeof(new_hash_old), hash_patch, sizeof(hash_patch), 1, verbose); + count += apply_patch("isfs_setattr_pt1", isfs_setattr_pt1_old, sizeof(isfs_setattr_pt1_old), isfs_setattr_pt1_patch, sizeof(isfs_setattr_pt1_patch), 0, verbose); + count += apply_patch("isfs_setattr_pt2", isfs_setattr_pt2_old, sizeof(isfs_setattr_pt2_old), isfs_setattr_pt2_patch, sizeof(isfs_setattr_pt2_patch), 0, verbose); count += apply_patch("ssl_patch1", ssl_patch1_old, sizeof(ssl_patch1_old), ssl_patch1_new, sizeof(ssl_patch1_new), 0, verbose); count += apply_patch("ssl_patch2", ssl_patch2_old, sizeof(ssl_patch2_old), ssl_patch2_new, sizeof(ssl_patch2_new), 0, verbose); count += apply_patch("ssl_patch3", ssl_patch3_old, sizeof(ssl_patch3_old), ssl_patch3_new, sizeof(ssl_patch3_new), 0, verbose); @@ -157,8 +162,7 @@ s32 IosPatch_RUNTIME(bool wii, bool sciifii, bool vwii, bool verbose) { } if(sciifii) { - if(verbose) - printf(">> Applying Sciifii patches:\n"); + if(verbose) printf(">> Applying Sciifii patches:\n"); count += apply_patch("MEM2_prot", MEM2_prot_old, sizeof(MEM2_prot_old), MEM2_prot_patch, sizeof(MEM2_prot_patch), 0, verbose); count += apply_patch("ES_OpenTitleContent1", ES_OpenTitleContent1_old, sizeof(ES_OpenTitleContent1_old), ES_OpenTitleContent1_patch, sizeof(ES_OpenTitleContent1_patch), 0, verbose); count += apply_patch("ES_OpenTitleContent2", ES_OpenTitleContent2_old, sizeof(ES_OpenTitleContent2_old), ES_OpenTitleContent2_patch, sizeof(ES_OpenTitleContent2_patch), 0, verbose); @@ -169,13 +173,7 @@ s32 IosPatch_RUNTIME(bool wii, bool sciifii, bool vwii, bool verbose) { } if(vwii) { - if(verbose) - printf(">> Applying vWii patches:\n"); - /*count += apply_patch("Kill_AntiSysTitleInstallv2_pt1", Kill_AntiSysTitleInstallv2_pt1_old, sizeof(Kill_AntiSysTitleInstallv2_pt1_old), Kill_AntiSysTitleInstallv2_pt1_patch, sizeof(Kill_AntiSysTitleInstallv2_pt1_patch), 0, verbose); - count += apply_patch("Kill_AntiSysTitleInstallv2_pt2", Kill_AntiSysTitleInstallv2_pt2_old, sizeof(Kill_AntiSysTitleInstallv2_pt2_old), Kill_AntiSysTitleInstallv2_pt2_patch, sizeof(Kill_AntiSysTitleInstallv2_pt2_patch), 0, verbose); - count += apply_patch("Kill_AntiSysTitleInstallv2_pt3", Kill_AntiSysTitleInstallv2_pt3_old, sizeof(Kill_AntiSysTitleInstallv2_pt3_old), Kill_AntiSysTitleInstallv2_pt3_patch, sizeof(Kill_AntiSysTitleInstallv2_pt3_patch), 0, verbose); - count += apply_patch("Kill_AntiSysTitleInstallv2_pt4", Kill_AntiSysTitleInstallv2_pt4_old, sizeof(Kill_AntiSysTitleInstallv2_pt4_old), Kill_AntiSysTitleInstallv2_pt4_patch, sizeof(Kill_AntiSysTitleInstallv2_pt4_patch), 0, verbose); - count += apply_patch("Kill_AntiSysTitleInstallv2_pt5", Kill_AntiSysTitleInstallv2_pt5_old, sizeof(Kill_AntiSysTitleInstallv2_pt5_old), Kill_AntiSysTitleInstallv2_pt5_patch, sizeof(Kill_AntiSysTitleInstallv2_pt5_patch), 0, verbose);*/ + if(verbose) printf(">> Applying vWii patches:\n"); count += apply_patch("Kill_AntiSysTitleInstallv3_pt1", Kill_AntiSysTitleInstallv3_pt1_old, sizeof(Kill_AntiSysTitleInstallv3_pt1_old), Kill_AntiSysTitleInstallv3_pt1_patch, sizeof(Kill_AntiSysTitleInstallv3_pt1_patch), 0, verbose); count += apply_patch("Kill_AntiSysTitleInstallv3_pt2", Kill_AntiSysTitleInstallv3_pt2_old, sizeof(Kill_AntiSysTitleInstallv3_pt2_old), Kill_AntiSysTitleInstallv3_pt2_patch, sizeof(Kill_AntiSysTitleInstallv3_pt2_patch), 0, verbose); count += apply_patch("Kill_AntiSysTitleInstallv3_pt3", Kill_AntiSysTitleInstallv3_pt3_old, sizeof(Kill_AntiSysTitleInstallv3_pt3_old), Kill_AntiSysTitleInstallv3_pt3_patch, sizeof(Kill_AntiSysTitleInstallv3_pt3_patch), 0, verbose);