mirror of
https://github.com/wiidev/usbloadergx.git
synced 2024-11-22 11:19:17 +01:00
Rewrite RCE fix and 23400 fix
This commit is contained in:
parent
c6d2efd765
commit
c1e8ea5ca8
@ -67,7 +67,6 @@ static const u32 wpadbuttonsdown2hooks[4] = {0x7D6B4A14, 0x800B0010, 0x7C030378,
|
|||||||
static const u32 multidolhooks[4] = {0x7C0004AC, 0x4C00012C, 0x7FE903A6, 0x4E800420};
|
static const u32 multidolhooks[4] = {0x7C0004AC, 0x4C00012C, 0x7FE903A6, 0x4E800420};
|
||||||
static const u32 multidolchanhooks[4] = {0x4200FFF4, 0x48000004, 0x38800000, 0x4E800020};
|
static const u32 multidolchanhooks[4] = {0x4200FFF4, 0x48000004, 0x38800000, 0x4E800020};
|
||||||
static const u32 langpatch[3] = {0x7C600775, 0x40820010, 0x38000000};
|
static const u32 langpatch[3] = {0x7C600775, 0x40820010, 0x38000000};
|
||||||
static const u8 GCT_Header[8] = {0x00, 0xD0, 0xC0, 0xDE, 0x00, 0xD0, 0xC0, 0xDE};
|
|
||||||
|
|
||||||
//---------------------------------------------------------------------------------
|
//---------------------------------------------------------------------------------
|
||||||
void dogamehooks(u32 hooktype, void *addr, u32 len)
|
void dogamehooks(u32 hooktype, void *addr, u32 len)
|
||||||
@ -579,124 +578,91 @@ int LoadGameConfig(const char *CheatFilepath)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int ocarina_patch_mkw(u8 *gameid)
|
int ocarina_patch(u8 *gameid)
|
||||||
{
|
{
|
||||||
// Thanks to Seeky for the gecko codes
|
// Thanks to Seeky for the MKWii gecko codes
|
||||||
u8 GCT_RCE_Patch[24] =
|
// Thanks to InvoxiPlayGames for the gecko codes for the 23400 fix.
|
||||||
{
|
// Reimplemented by Leseratte without the need for a code handler.
|
||||||
0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF,
|
|
||||||
0x20, 0x07, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
0xF0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
|
||||||
};
|
|
||||||
|
|
||||||
switch (gameid[3])
|
u32 * patch_addr = 0;
|
||||||
{
|
char * patched = 0;
|
||||||
case 'P':
|
|
||||||
GCT_RCE_Patch[1] = 0x89;
|
|
||||||
GCT_RCE_Patch[2] = 0xA1;
|
|
||||||
GCT_RCE_Patch[3] = 0x94;
|
|
||||||
break;
|
|
||||||
case 'E':
|
|
||||||
GCT_RCE_Patch[1] = 0x89;
|
|
||||||
GCT_RCE_Patch[2] = 0x5A;
|
|
||||||
GCT_RCE_Patch[3] = 0xC4;
|
|
||||||
break;
|
|
||||||
case 'J':
|
|
||||||
GCT_RCE_Patch[1] = 0x89;
|
|
||||||
GCT_RCE_Patch[2] = 0x92;
|
|
||||||
GCT_RCE_Patch[3] = 0xF4;
|
|
||||||
break;
|
|
||||||
case 'K':
|
|
||||||
GCT_RCE_Patch[1] = 0x88;
|
|
||||||
GCT_RCE_Patch[2] = 0x85;
|
|
||||||
GCT_RCE_Patch[3] = 0xCC;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (code_buf != NULL)
|
// Patch error 23400 for CoD (Black Ops, Reflex, MW3) and Rock Band 3 / The Beatles
|
||||||
{
|
|
||||||
gprintf("Loading %s with RCE patch & other cheats.\n", gameid);
|
|
||||||
code_buf = (u8 *)MEM2_realloc(code_buf, code_size + 16);
|
|
||||||
memcpy(code_buf + code_size - 8, GCT_RCE_Patch, sizeof(GCT_RCE_Patch));
|
|
||||||
code_size = code_size + 16;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
// No cheats were loaded
|
|
||||||
gprintf("Loading %s with RCE patch.\n", gameid);
|
|
||||||
code_buf = (u8 *)MEM2_alloc(32);
|
|
||||||
if (code_buf)
|
|
||||||
{
|
|
||||||
memcpy(code_buf, GCT_Header, sizeof(GCT_Header));
|
|
||||||
memcpy(code_buf + 8, GCT_RCE_Patch, sizeof(GCT_RCE_Patch));
|
|
||||||
code_size = 32;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return code_size;
|
|
||||||
}
|
|
||||||
|
|
||||||
int ocarina_patch_games(u8 *gameid)
|
|
||||||
{
|
|
||||||
// Thanks to InvoxiPlayGames for the gecko codes
|
|
||||||
u8 GCT_Con_Patch[16] =
|
|
||||||
{
|
|
||||||
0x04, 0x00, 0x00, 0x00, 0x41, 0x41, 0x41, 0x41,
|
|
||||||
0xF0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
|
||||||
};
|
|
||||||
|
|
||||||
if (memcmp(gameid, "SC7", 3) == 0)
|
if (memcmp(gameid, "SC7", 3) == 0)
|
||||||
{
|
{
|
||||||
GCT_Con_Patch[1] = 0x23;
|
gprintf("Patching error 23400 for game %s\n", gameid);
|
||||||
GCT_Con_Patch[2] = 0xC9;
|
*(u32 *)0x8023c954 = 0x41414141;
|
||||||
GCT_Con_Patch[3] = 0x54;
|
|
||||||
}
|
|
||||||
else if (memcmp(gameid, "RJA", 3) == 0)
|
|
||||||
{
|
|
||||||
GCT_Con_Patch[1] = 0x1B;
|
|
||||||
GCT_Con_Patch[2] = 0x83;
|
|
||||||
GCT_Con_Patch[3] = 0x8C;
|
|
||||||
}
|
|
||||||
else if (memcmp(gameid, "SM8", 3) == 0)
|
|
||||||
{
|
|
||||||
GCT_Con_Patch[1] = 0x23;
|
|
||||||
GCT_Con_Patch[2] = 0x8C;
|
|
||||||
GCT_Con_Patch[3] = 0x74;
|
|
||||||
}
|
|
||||||
else if (memcmp(gameid, "SZB", 3) == 0)
|
|
||||||
{
|
|
||||||
GCT_Con_Patch[1] = 0x8E;
|
|
||||||
GCT_Con_Patch[2] = 0x3B;
|
|
||||||
GCT_Con_Patch[3] = 0x20;
|
|
||||||
}
|
|
||||||
else if (memcmp(gameid, "R9J", 3) == 0)
|
|
||||||
{
|
|
||||||
GCT_Con_Patch[1] = 0x8D;
|
|
||||||
GCT_Con_Patch[2] = 0x69;
|
|
||||||
GCT_Con_Patch[3] = 0x34;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (code_buf != NULL)
|
else if (memcmp(gameid, "RJA", 3) == 0)
|
||||||
{
|
{
|
||||||
gprintf("Loading %s with error 23400 patch & other cheats.\n", gameid);
|
gprintf("Patching error 23400 for game %s\n", gameid);
|
||||||
code_buf = (u8 *)MEM2_realloc(code_buf, code_size + 8);
|
*(u32 *)0x801b838c = 0x41414141;
|
||||||
memcpy(code_buf + code_size - 8, GCT_Con_Patch, sizeof(GCT_Con_Patch));
|
|
||||||
code_size = code_size + 8;
|
|
||||||
}
|
}
|
||||||
else
|
|
||||||
|
else if (memcmp(gameid, "SM8", 3) == 0)
|
||||||
{
|
{
|
||||||
// No cheats were loaded
|
gprintf("Patching error 23400 for game %s\n", gameid);
|
||||||
gprintf("Loading %s with error 23400 patch.\n", gameid);
|
*(u32 *)0x80238c74 = 0x41414141;
|
||||||
code_buf = (u8 *)MEM2_alloc(24);
|
}
|
||||||
if (code_buf)
|
|
||||||
|
else if (memcmp(gameid, "SZB", 3) == 0)
|
||||||
{
|
{
|
||||||
memcpy(code_buf, GCT_Header, sizeof(GCT_Header));
|
gprintf("Patching error 23400 for game %s\n", gameid);
|
||||||
memcpy(code_buf + 8, GCT_Con_Patch, sizeof(GCT_Con_Patch));
|
*(u32 *)0x808e3b20 = 0x41414141;
|
||||||
code_size = 24;
|
}
|
||||||
|
|
||||||
|
else if (memcmp(gameid, "R9J", 3) == 0)
|
||||||
|
{
|
||||||
|
gprintf("Patching error 23400 for game %s\n", gameid);
|
||||||
|
*(u32 *)0x808d6934 = 0x41414141;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Patch RCE vulnerability in MKWii.
|
||||||
|
else if (memcmp(gameid, "RMC", 3) == 0)
|
||||||
|
{
|
||||||
|
switch (gameid[3]) {
|
||||||
|
|
||||||
|
case 'P':
|
||||||
|
patched = (char *)0x80276054;
|
||||||
|
patch_addr = (u32 *)0x8089a194;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'E':
|
||||||
|
patched = (char *)0x80271d14;
|
||||||
|
patch_addr = (u32 *)0x80895ac4;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'J':
|
||||||
|
patched = (char *)0x802759f4;
|
||||||
|
patch_addr = (u32 *)0x808992f4;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'K':
|
||||||
|
patched = (char *)0x80263E34;
|
||||||
|
patch_addr = (u32 *)0x808885cc;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
gprintf("NOT patching RCE vulnerability due to invalid game ID: %s\n", gameid);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (*patched != '*') {
|
||||||
|
gprintf("Game is already Wiimmfi-patched, don't apply the RCE fix\n");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
gprintf("Patching RCE vulnerability for game ID %s\n", gameid);
|
||||||
|
|
||||||
|
for (int i = 0; i < 7; i++) {
|
||||||
|
*patch_addr++ = 0xff;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return code_size;
|
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int ocarina_load_code(const char *CheatFilepath, u8 *gameid)
|
int ocarina_load_code(const char *CheatFilepath, u8 *gameid)
|
||||||
|
@ -36,8 +36,7 @@ void langpatcher(void *addr, u32 len, u8 languageChoice);
|
|||||||
void vidolpatcher(void *addr, u32 len);
|
void vidolpatcher(void *addr, u32 len);
|
||||||
void patchdebug(void *addr, u32 len);
|
void patchdebug(void *addr, u32 len);
|
||||||
int LoadGameConfig(const char *CheatFilepath);
|
int LoadGameConfig(const char *CheatFilepath);
|
||||||
int ocarina_patch_mkw(u8 *gameid);
|
int ocarina_patch(u8 *gameid);
|
||||||
int ocarina_patch_games(u8 *gameid);
|
|
||||||
int ocarina_load_code(const char *CheatFilepath, u8 *gameid);
|
int ocarina_load_code(const char *CheatFilepath, u8 *gameid);
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
|
@ -334,20 +334,11 @@ int GameBooter::BootGame(struct discHdr *gameHdr)
|
|||||||
if (ocarinaChoice)
|
if (ocarinaChoice)
|
||||||
ocarina_load_code(Settings.Cheatcodespath, gameHeader.id);
|
ocarina_load_code(Settings.Cheatcodespath, gameHeader.id);
|
||||||
|
|
||||||
//! Patch MKW RCE vulnerability
|
//! Disable private server for games that still have official servers.
|
||||||
if (PrivServChoice != PRIVSERV_WIIMMFI && memcmp(gameHeader.id, "RMC", 3) == 0)
|
|
||||||
{
|
|
||||||
ocarinaChoice = 1;
|
|
||||||
ocarina_patch_mkw(gameHeader.id);
|
|
||||||
}
|
|
||||||
|
|
||||||
//! Patch error 23400 for a few games with dedicated servers
|
|
||||||
if (memcmp(gameHeader.id, "SC7", 3) == 0 || memcmp(gameHeader.id, "RJA", 3) == 0 ||
|
if (memcmp(gameHeader.id, "SC7", 3) == 0 || memcmp(gameHeader.id, "RJA", 3) == 0 ||
|
||||||
memcmp(gameHeader.id, "SM8", 3) == 0 || memcmp(gameHeader.id, "SZB", 3) == 0 || memcmp(gameHeader.id, "R9J", 3) == 0)
|
memcmp(gameHeader.id, "SM8", 3) == 0 || memcmp(gameHeader.id, "SZB", 3) == 0 || memcmp(gameHeader.id, "R9J", 3) == 0)
|
||||||
{
|
{
|
||||||
ocarinaChoice = 1;
|
|
||||||
PrivServChoice = PRIVSERV_OFF; // Private server patching causes error 20100
|
PrivServChoice = PRIVSERV_OFF; // Private server patching causes error 20100
|
||||||
ocarina_patch_games(gameHeader.id);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
//! Force hooktype if not selected but Ocarina is enabled
|
//! Force hooktype if not selected but Ocarina is enabled
|
||||||
@ -473,6 +464,14 @@ int GameBooter::BootGame(struct discHdr *gameHdr)
|
|||||||
if(patchFix480pChoice)
|
if(patchFix480pChoice)
|
||||||
PatchFix480p();
|
PatchFix480p();
|
||||||
|
|
||||||
|
//! If we're NOT on Wiimmfi, patch the known RCE vulnerability in MKWii.
|
||||||
|
//! Wiimmfi will handle that on its own through the update payload.
|
||||||
|
//! This will also patch error 23400 for a couple games that still have official servers.
|
||||||
|
if (PrivServChoice != PRIVSERV_WIIMMFI)
|
||||||
|
{
|
||||||
|
ocarina_patch(gameHeader.id);
|
||||||
|
}
|
||||||
|
|
||||||
//! New Wiimmfi patch should be loaded last, after the codehandler, just before the call to the entry point
|
//! New Wiimmfi patch should be loaded last, after the codehandler, just before the call to the entry point
|
||||||
if (PrivServChoice == PRIVSERV_WIIMMFI && memcmp(gameHeader.id, "RMC", 3) == 0 )
|
if (PrivServChoice == PRIVSERV_WIIMMFI && memcmp(gameHeader.id, "RMC", 3) == 0 )
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user