The-Homebrew-Cloud
/
wiiu-nanddumper-payload
mirror of https://github.com/wiiu-env/wiiu-nanddumper-payload.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dump the full slc and slccmpt to the files sd:/slc.bin and sd:/slccmpt.bin 

Changed the menu
This commit is contained in:
koolkdev 2017-03-26 00:07:34 +03:00
parent 8b8a031ab2
commit f0a616873c
19 changed files with 245 additions and 545 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ios_fs/source/devices.c
View File

@ -5,6 +5,10 @@
#include "sdio.h"
#include "text.h"
extern char io_buffer_spare[0x42000];
extern unsigned long io_buffer_spare_pos;
extern int io_buffer_spare_status;
void * getMdDeviceById(int deviceId)
{
if(deviceId == DEVICE_ID_SDCARD_PATCHED)
@ -148,3 +152,16 @@ int slcWrite2_patch(void *physical_device_info, u32 offset_high, u32 offset_low,
return slcReadWrite_patch(physical_device_info, SDIO_WRITE, offset_low, cnt, block_size, data_outptr, callback, callback_parameter);
}
int eccCheck_patch(void *buffer, char* spare_ecc, char* calculated_ecc, int ecc_length)
{
if (io_buffer_spare_status || io_buffer_spare_pos > sizeof(io_buffer_spare) || io_buffer_spare_pos+0x840 > sizeof(io_buffer_spare)) {
io_buffer_spare_status = -1;
return 0;
}
memcpy(io_buffer_spare+io_buffer_spare_pos, buffer, 0x800);
io_buffer_spare_pos += 0x800;
memcpy(io_buffer_spare+io_buffer_spare_pos, spare_ecc - 0x30, 0x40);
io_buffer_spare_pos += 0x40;
return 0;
}

2
ios_fs/source/devices.h
View File

@ -10,7 +10,7 @@
#define SDIO_BYTES_PER_SECTOR 512
#define MLC_BYTES_PER_SECTOR 512
#define SLC_BYTES_PER_SECTOR 2048
#define SLC_BYTES_PER_SECTOR (2048+64)
#define SLC_BASE_SECTORS (0x000500)
#define SLCCMPT_BASE_SECTORS (0x100500)

177
ios_fs/source/dumper.c
View File

@ -4,13 +4,19 @@
#include "devices.h"
#include "sdio.h"
#include "mlcio.h"
#include "fat32_format.h"
#include "sd_fat.h"
#include "text.h"
#include "hardware_registers.h"
#include "svc.h"
#define IO_BUFFER_SIZE 0x40000
#define IO_BUFFER_SPARE_SIZE (IO_BUFFER_SIZE+0x2000)
// the IO buffer is put behind everything else because there is no access to this region from IOS-FS it seems
unsigned char io_buffer[0x40000] __attribute__((aligned(0x40))) __attribute__((section(".io_buffer")));
unsigned char io_buffer[IO_BUFFER_SIZE] __attribute__((aligned(0x40))) __attribute__((section(".io_buffer")));
unsigned char io_buffer_spare[IO_BUFFER_SPARE_SIZE] __attribute__((aligned(0x40))) __attribute__((section(".io_buffer")));
unsigned long io_buffer_spare_pos;
int io_buffer_spare_status;
//! this one is required for the read function
static void slc_read_callback(int result, int priv)
@ -32,7 +38,7 @@ static int srcRead(void* deviceHandle, void *data_ptr, u32 offset, u32 sectors,
return readResult;
}
void slc_dump(void *deviceHandle, const char* device, u32 base_sectors, int y_offset)
int slc_dump(void *deviceHandle, const char* device, const char* filename, int y_offset)
{
//also create a mutex for synchronization with end of operation...
int sync_mutex = FS_SVC_CREATEMUTEX(1, 1);
@ -44,66 +50,54 @@ void slc_dump(void *deviceHandle, const char* device, u32 base_sectors, int y_of
u32 offset = 0;
int readResult = 0;
int writeResult = 0;
int retry = 0;
u32 readSize = sizeof(io_buffer) / SLC_BYTES_PER_SECTOR;
int result = -1;
u32 readSize = IO_BUFFER_SPARE_SIZE / SLC_BYTES_PER_SECTOR;
FS_SLEEP(1000);
FL_FILE *file = fl_fopen(filename, "w");
if (!file) {
_printf(20, y_offset, "Failed to open %s for writing", filename);
goto error;
}
do
{
// don't print single steps in between, just if they have an error or every 0x80 sectors
if((readSize == (sizeof(io_buffer) / SLC_BYTES_PER_SECTOR)) || (retry > 0))
{
_printf(20, y_offset, "%s = %08X / 40000, read code %08X, write code %08X, retry %d", device, offset, readResult, writeResult, retry);
}
_printf(20, y_offset, "%s = %05X / 40000", device, offset);
//! set flash erased byte to buffer
FS_MEMSET(io_buffer, 0xff, sizeof(io_buffer));
FS_MEMSET(io_buffer_spare, 0xff, IO_BUFFER_SPARE_SIZE);
io_buffer_spare_status = 0;
io_buffer_spare_pos = 0;
//readResult = readSlc(io_buffer, offset, (sizeof(io_buffer) / SLC_BYTES_PER_SECTOR), deviceHandle);
readResult = srcRead(deviceHandle, io_buffer, offset, readSize, result_array);
//! retry 2 times as there are read failures in several places
if((readResult != 0) && (retry < 2))
{
readSize = 1;
FS_SLEEP(10);
retry++;
}
else
{
retry = 0;
while(1)
{
FS_SLEEP(10);
writeResult = sdcard_readwrite(SDIO_WRITE, io_buffer, (readSize * (SLC_BYTES_PER_SECTOR / SDIO_BYTES_PER_SECTOR)), SDIO_BYTES_PER_SECTOR, base_sectors, NULL, DEVICE_ID_SDCARD_PATCHED);
if((writeResult == 0) || (retry >= 2))
{
retry = 0;
base_sectors += (readSize * (SLC_BYTES_PER_SECTOR / SDIO_BYTES_PER_SECTOR));
offset += readSize;
// if we did single sector reads and got to a point where we can do multiple reads -> switch to multiple sector reads
if((offset % (sizeof(io_buffer) / SLC_BYTES_PER_SECTOR)) == 0)
{
readSize = sizeof(io_buffer) / SLC_BYTES_PER_SECTOR;
}
break;
}
else
{
retry++;
}
}
}
if (readResult || io_buffer_spare_status || io_buffer_spare_pos != IO_BUFFER_SPARE_SIZE) {
_printf(20, y_offset+10, "Failed to read flash block. read result: 0x%08X spare status: 0x%08X spare pos: 0x%08X", readResult, io_buffer_spare_status, io_buffer_spare_pos);
goto error;
}
//FS_SLEEP(10);
writeResult = fl_fwrite(io_buffer_spare, 1, readSize * SLC_BYTES_PER_SECTOR, file);
if (writeResult != readSize * SLC_BYTES_PER_SECTOR) {
_printf(20, y_offset + 10, "%s: Failed to write %d bytes to file %s (result: %d)!", device, readSize * SLC_BYTES_PER_SECTOR, file, filename, writeResult);
goto error;
}
offset += readSize;
}
while (offset < SLC_SECTOR_COUNT);
result = 0;
error:
FS_SVC_DESTROYMUTEX(sync_mutex);
if (file) {
fl_fclose(file);
}
// last print to show "done"
_printf(20, y_offset, "%s = %08X / 40000, read code %08X, write code %08X, retry %d", device, offset, readResult, writeResult, retry);
_printf(20, y_offset, "%s = %05X / 40000", device, offset);
return result;
}
void mlc_dump(u32 base_sector, u32 mlc_end)
@ -130,8 +124,8 @@ void mlc_dump(u32 base_sector, u32 mlc_end)
}
//! set flash erased byte to buffer
FS_MEMSET(io_buffer, 0xff, sizeof(io_buffer));
mlc_result = sdcard_readwrite(SDIO_READ, io_buffer, (sizeof(io_buffer) / MLC_BYTES_PER_SECTOR), MLC_BYTES_PER_SECTOR, offset, &callback_result, DEVICE_ID_MLC);
FS_MEMSET(io_buffer, 0xff, IO_BUFFER_SIZE);
mlc_result = sdcard_readwrite(SDIO_READ, io_buffer, (IO_BUFFER_SIZE / MLC_BYTES_PER_SECTOR), MLC_BYTES_PER_SECTOR, offset, &callback_result, DEVICE_ID_MLC);
if((mlc_result == 0) && (callback_result != 0))
{
@ -147,11 +141,11 @@ void mlc_dump(u32 base_sector, u32 mlc_end)
}
else
{
write_result = sdcard_readwrite(SDIO_WRITE, io_buffer, (sizeof(io_buffer) / MLC_BYTES_PER_SECTOR), SDIO_BYTES_PER_SECTOR, base_sector + offset, NULL, DEVICE_ID_SDCARD_PATCHED);
write_result = sdcard_readwrite(SDIO_WRITE, io_buffer, (IO_BUFFER_SIZE / MLC_BYTES_PER_SECTOR), SDIO_BYTES_PER_SECTOR, base_sector + offset, NULL, DEVICE_ID_SDCARD_PATCHED);
if((write_result == 0) || (retry >= 5))
{
retry = 0;
offset += (sizeof(io_buffer) / MLC_BYTES_PER_SECTOR);
offset += (IO_BUFFER_SIZE / MLC_BYTES_PER_SECTOR);
}
else
{
@ -180,24 +174,7 @@ int check_nand_type(void)
}
}
int check_nand_dump(void)
{
u32 mlc_sector_count = FS_MMC_MLC_STRUCT[0x30/4];
int signature_correct = 0;
sdio_nand_signature_sector_t * sign_sect = (sdio_nand_signature_sector_t*)io_buffer;
memset(sign_sect, 0, SDIO_BYTES_PER_SECTOR);
sdcard_readwrite(SDIO_READ, sign_sect, 1, SDIO_BYTES_PER_SECTOR, NAND_DUMP_SIGNATURE_SECTOR, NULL, DEVICE_ID_SDCARD_PATCHED);
signature_correct = (sign_sect->signature == NAND_DUMP_SIGNATURE);
memset(io_buffer, 0, SDIO_BYTES_PER_SECTOR);
sdcard_readwrite(SDIO_READ, io_buffer, 1, SDIO_BYTES_PER_SECTOR, 0, NULL, DEVICE_ID_SDCARD_PATCHED);
return signature_correct && CheckFAT32PartitionOffset(io_buffer, MLC_BASE_SECTORS + mlc_sector_count);
}
static void wait_format_confirmation(void)
/*static void wait_format_confirmation(void)
{
int timeout = 600;
//"Press the POWER button SD then , else the console will reboot in %u seconds."
@ -223,16 +200,23 @@ static void wait_format_confirmation(void)
// clear the lines
clearLine(30, 0x000000FF);
clearLine(40, 0x000000FF);
}
}*/
void dump_nand_complete()
{
wait_format_confirmation();
_printf(20, 30, "Init SD card....");
if ( InitSDCardFAT32() != 0 ) {
FS_SLEEP(3000);
svcShutdown(SHUTDOWN_TYPE_REBOOT);
}
_printf(20, 30, "Init SD card.... Success!");
mlc_init();
//wait_format_confirmation();
//mlc_init();
FS_SLEEP(1000);
int nand_type = check_nand_type();
/*int nand_type = check_nand_type();
u32 sdio_sector_count = FS_MMC_SDCARD_STRUCT[0x30/4];
u32 mlc_sector_count = FS_MMC_MLC_STRUCT[0x30/4];
u32 fat32_partition_offset = (MLC_BASE_SECTORS + mlc_sector_count);
@ -250,31 +234,36 @@ void dump_nand_complete()
{
FS_SLEEP(3000);
svcShutdown(SHUTDOWN_TYPE_REBOOT);
}
}*/
slc_dump(FS_SLC_PHYS_DEV_STRUCT, "slc ", SLC_BASE_SECTORS, 50);
slc_dump(FS_SLCCMPT_PHYS_DEV_STRUCT, "slccmpt", SLCCMPT_BASE_SECTORS, 60);
mlc_dump(MLC_BASE_SECTORS, mlc_sector_count);
//! write marker to SD card from which we can auto detect NAND dump
//! we can actually use that for settings
sdio_nand_signature_sector_t * sign_sect = (sdio_nand_signature_sector_t*)io_buffer;
memset(sign_sect, 0, SDIO_BYTES_PER_SECTOR);
sign_sect->signature = NAND_DUMP_SIGNATURE;
sign_sect->nand_descriptions[0].nand_type = NAND_DESC_TYPE_SLC;
sign_sect->nand_descriptions[0].base_sector = SLC_BASE_SECTORS;
sign_sect->nand_descriptions[0].sector_count = SLC_SECTOR_COUNT * (SLC_BYTES_PER_SECTOR / SDIO_BYTES_PER_SECTOR);
sign_sect->nand_descriptions[1].nand_type = NAND_DESC_TYPE_SLCCMPT;
sign_sect->nand_descriptions[1].base_sector = SLCCMPT_BASE_SECTORS;
sign_sect->nand_descriptions[1].sector_count = SLC_SECTOR_COUNT * (SLC_BYTES_PER_SECTOR / SDIO_BYTES_PER_SECTOR);
sign_sect->nand_descriptions[2].nand_type = NAND_DESC_TYPE_MLC;
sign_sect->nand_descriptions[2].base_sector = MLC_BASE_SECTORS;
sign_sect->nand_descriptions[2].sector_count = mlc_sector_count * (MLC_BYTES_PER_SECTOR / SDIO_BYTES_PER_SECTOR);
sdcard_readwrite(SDIO_WRITE, io_buffer, 1, SDIO_BYTES_PER_SECTOR, NAND_DUMP_SIGNATURE_SECTOR, NULL, DEVICE_ID_SDCARD_PATCHED);
int * dumpSlc = (int *)(0x107f8200 - 4);
int * dumpSlccmpt = (int *)(0x107f8200 - 8);
int * dumpMlc = (int *)(0x107f8200 - 12);
int offset_y = 50;
if (*dumpSlc) {
if (slc_dump(FS_SLC_PHYS_DEV_STRUCT, "slc ", "/slc.bin", offset_y))
goto error;
offset_y += 10;
}
if (*dumpSlccmpt) {
if (slc_dump(FS_SLCCMPT_PHYS_DEV_STRUCT, "slccmpt", "/slccmpt.bin", 60))
goto error;
offset_y += 10;
}
if (*dumpMlc) {
// TODO
//mlc_dump(MLC_BASE_SECTORS, mlc_sector_count);
offset_y += 10;
}
_printf(20, 80, "Complete! -> rebooting into sysNAND...");
FS_SLEEP(3000);
svcShutdown(SHUTDOWN_TYPE_REBOOT);
error:
_printf(20, 80, "Error! -> rebooting into sysNAND...");
FS_SLEEP(3000);
svcShutdown(SHUTDOWN_TYPE_REBOOT);
}

9
ios_fs/source/dumper.h
View File

@ -2,13 +2,12 @@
#define _DUMPER_H_
//! debug dumps
void dump_syslog();
void dump_data(void* data_ptr, u32 size);
void dump_lots_data(u8* addr, u32 size);
//void dump_syslog();
//void dump_data(void* data_ptr, u32 size);
//void dump_lots_data(u8* addr, u32 size);
int check_nand_type(void);
int check_nand_dump(void);
void slc_dump(int deviceId, const char* format, u32 base_sectors);
void slc_dump(int deviceId, const char* format, char* filename);
void mlc_dump(u32 base_sector, u32 mlc_end);
void dump_nand_complete();

326
ios_fs/source/fat32_format.c
View File

@ -1,326 +0,0 @@
#include <stdio.h>
#include "types.h"
#include "imports.h"
#include "devices.h"
#include "sdio.h"
#include "text.h"
extern unsigned char io_buffer[0x40000];
#define PARTITION_TYPE_FAT32 0x0c
#define MAX_PARTITIONS 32 /* Maximum number of partitions that can be found */
#define MAX_MOUNTS 10 /* Maximum number of mounts available at one time */
#define MAX_SYMLINK_DEPTH 10 /* Maximum search depth when resolving symbolic links */
#define MBR_SIGNATURE 0x55AA
#define EBR_SIGNATURE MBR_SIGNATURE
#define PARTITION_BOOTABLE 0x80 /* Bootable (active) */
#define PARTITION_NONBOOTABLE 0x00 /* Non-bootable */
#define PARTITION_TYPE_GPT 0xEE /* Indicates that a GPT header is available */
typedef struct _PARTITION_RECORD {
u8 status; /* Partition status; see above */
u8 chs_start[3]; /* Cylinder-head-sector address to first block of partition */
u8 type; /* Partition type; see above */
u8 chs_end[3]; /* Cylinder-head-sector address to last block of partition */
u32 lba_start; /* Local block address to first sector of partition */
u32 block_count; /* Number of blocks in partition */
} __attribute__((__packed__)) PARTITION_RECORD;
typedef struct _MASTER_BOOT_RECORD {
u8 code_area[446]; /* Code area; normally empty */
PARTITION_RECORD partitions[4]; /* 4 primary partitions */
u16 signature; /* MBR signature; 0xAA55 */
} __attribute__((__packed__)) MASTER_BOOT_RECORD;
typedef struct tagFAT_BOOTSECTOR32
{
// Common fields.
u8 sJmpBoot[3];
u8 sOEMName[8];
u16 wBytsPerSec;
u8 bSecPerClus;
u16 wRsvdSecCnt;
u8 bNumFATs;
u16 wRootEntCnt;
u16 wTotSec16;
u8 bMedia;
u16 wFATSz16;
u16 wSecPerTrk;
u16 wNumHeads;
u32 dHiddSec;
u32 dTotSec32;
// Fat 32/16 only
u32 dFATSz32;
u16 wExtFlags;
u16 wFSVer;
u32 dRootClus;
u16 wFSInfo;
u16 wBkBootSec;
u8 Reserved[12];
u8 bDrvNum;
u8 Reserved1;
u8 bBootSig; // == 0x29 if next three fields are ok
u32 dBS_VolID;
u8 sVolLab[11];
u8 sBS_FilSysType[8];
} __attribute__((__packed__)) FAT_BOOTSECTOR32;
typedef struct {
u32 dLeadSig;
u8 sReserved1[480];
u32 dStrucSig;
u32 dFree_Count;
u32 dNxt_Free;
u8 sReserved2[12];
u32 dTrailSig;
} __attribute__((__packed__)) FAT_FSINFO;
static inline u8 get_sectors_per_cluster (u64 DiskSizeBytes)
{
u8 ret = 0x01; // 1 sector per cluster
u32 DiskSizeMB = DiskSizeBytes/(1024*1024);
// 512 MB to 8,191 MB 4 KB
if (DiskSizeMB > 512)
ret = 0x8;
// 8,192 MB to 16,383 MB 8 KB
if (DiskSizeMB > 8192)
ret = 0x10;
// 16,384 MB to 32,767 MB 16 KB
if (DiskSizeMB > 16384)
ret = 0x20; // ret = 0x20;
// Larger than 32,768 MB 32 KB
if (DiskSizeMB > 32768)
ret = 0x40; // ret = 0x40;
return ret;
}
static inline u32 MakeVolumeID()
{
// we dont have time yet so for now its fixed
//time_t rawtime = time(0);
//struct tm * timeinfo = localtime(&rawtime);
//u16 hi = le16(timeinfo->tm_mday + (timeinfo->tm_mon << 8) + (timeinfo->tm_sec << 8));
//u16 lo = le16((timeinfo->tm_hour << 8) + timeinfo->tm_min + timeinfo->tm_year + 1900);
u16 hi = 0x0BAD;
u16 lo = 0xBABE;
return (lo + (hi << 16));
}
int FormatToFAT32(u32 lba, u32 sec_count)
{
if(sec_count < 0xFFFF)
{
_printf(20, 40, "Not enough sectors for FAT32");
return -1;
}
int BytesPerSect = SDIO_BYTES_PER_SECTOR;
u16 ReservedSectCount = 32;
u8 NumFATs = 2;
memset(io_buffer, 0, BytesPerSect*18);
FAT_BOOTSECTOR32 * FAT32BootSect = (FAT_BOOTSECTOR32 *) (io_buffer+16*BytesPerSect);
FAT_FSINFO * FAT32FsInfo = (FAT_FSINFO*) (io_buffer+17*BytesPerSect);
// fill out the boot sector and fs info
FAT32BootSect->sJmpBoot[0] = 0xEB;
FAT32BootSect->sJmpBoot[1] = 0x5A;
FAT32BootSect->sJmpBoot[2] = 0x90;
memcpy(FAT32BootSect->sOEMName, "MSWIN4.1", 8);
FAT32BootSect->wBytsPerSec = le16(BytesPerSect);
u8 SectorsPerCluster = get_sectors_per_cluster((u64) sec_count * (u64) BytesPerSect);
FAT32BootSect->bSecPerClus = SectorsPerCluster;
FAT32BootSect->wRsvdSecCnt = le16(ReservedSectCount);
FAT32BootSect->bNumFATs = NumFATs;
FAT32BootSect->wRootEntCnt = 0;
FAT32BootSect->wTotSec16 = 0;
FAT32BootSect->bMedia = 0xF8;
FAT32BootSect->wFATSz16 = 0;
FAT32BootSect->wSecPerTrk = le16(63); //SectorsPerTrack;
FAT32BootSect->wNumHeads = le16(255); //TracksPerCylinder;
FAT32BootSect->dHiddSec = le32(lba); //HiddenSectors;
FAT32BootSect->dTotSec32 = le32(sec_count);
// This is based on
// http://hjem.get2net.dk/rune_moeller_barnkob/filesystems/fat.html
u32 FatSize = (4*(sec_count-ReservedSectCount)/((SectorsPerCluster*BytesPerSect)+(4*NumFATs)))+1;
FAT32BootSect->dFATSz32 = le32(FatSize);
FAT32BootSect->wExtFlags = 0;
FAT32BootSect->wFSVer = 0;
FAT32BootSect->dRootClus = le32(2);
FAT32BootSect->wFSInfo = le16(1);
FAT32BootSect->wBkBootSec = le16(6); //BackupBootSect
FAT32BootSect->bDrvNum = 0x80;
FAT32BootSect->Reserved1 = 0;
FAT32BootSect->bBootSig = 0x29;
FAT32BootSect->dBS_VolID = MakeVolumeID();
memcpy(FAT32BootSect->sVolLab, "NO NAME ", 11);
memcpy(FAT32BootSect->sBS_FilSysType, "FAT32 ", 8);
((u8 *)FAT32BootSect)[510] = 0x55; //Boot Record Signature
((u8 *)FAT32BootSect)[511] = 0xAA; //Boot Record Signature
// FSInfo sect signatures
FAT32FsInfo->dLeadSig = le32(0x41615252);
FAT32FsInfo->dStrucSig = le32(0x61417272);
FAT32FsInfo->dTrailSig = le32(0xaa550000);
((u8 *)FAT32FsInfo)[510] = 0x55; //Boot Record Signature
((u8 *)FAT32FsInfo)[511] = 0xAA; //Boot Record Signature
// First FAT Sector
u32 FirstSectOfFat[3];
FirstSectOfFat[0] = le32(0x0ffffff8); // Reserved cluster 1 media id in low byte
FirstSectOfFat[1] = le32(0x0fffffff); // Reserved cluster 2 EOC
FirstSectOfFat[2] = le32(0x0fffffff); // end of cluster chain for root dir
u32 UserAreaSize = sec_count - ReservedSectCount - (NumFATs*FatSize);
u32 ClusterCount = UserAreaSize/SectorsPerCluster;
if (ClusterCount > 0x0FFFFFFF)
{
_printf(20, 40, "This drive has more than 2^28 clusters. Partition might be too small.");
return -1;
}
if (ClusterCount < 65536)
{
_printf(20, 40, "FAT32 must have at least 65536 clusters");
return -1;
}
u32 FatNeeded = (ClusterCount * 4 + (BytesPerSect-1))/BytesPerSect;
if (FatNeeded > FatSize)
{
_printf(20, 40, "This drive is too big, %u > %u", FatNeeded, FatSize);
return -1;
}
// fix up the FSInfo sector
FAT32FsInfo->dFree_Count = le32((UserAreaSize/SectorsPerCluster)-1);
FAT32FsInfo->dNxt_Free = le32(3); // clusters 0-1 resered, we used cluster 2 for the root dir
/** Now all is done and we start writting **/
// First zero out ReservedSect + FatSize * NumFats + SectorsPerCluster
u32 SystemAreaSize = (ReservedSectCount+(NumFATs*FatSize) + SectorsPerCluster);
u32 done = 0;
// Read the first sector on the device
while(SystemAreaSize > 0)
{
int write = SystemAreaSize < 16 ? SystemAreaSize : 16;
int result = sdcard_readwrite(SDIO_WRITE, io_buffer, write, SDIO_BYTES_PER_SECTOR, lba+done, NULL, DEVICE_ID_SDCARD_PATCHED);
if(result != 0)
{
_printf(20, 40, "Cannot write to the drive.");
return -1;
}
SystemAreaSize -= write;
done += write;
}
for (int i = 0; i < 2; i++)
{
u32 SectorStart = (i == 0) ? lba : lba+6; //BackupBootSect
int result = sdcard_readwrite(SDIO_WRITE, FAT32BootSect, 1, SDIO_BYTES_PER_SECTOR, SectorStart, NULL, DEVICE_ID_SDCARD_PATCHED);
if(result != 0)
{
_printf(20, 40, "Cannot write to the drive.");
return -1;
}
result = sdcard_readwrite(SDIO_WRITE, FAT32FsInfo, 1, SDIO_BYTES_PER_SECTOR, SectorStart+1, NULL, DEVICE_ID_SDCARD_PATCHED);
if(result != 0)
{
_printf(20, 40, "Cannot write to the drive.");
return -1;
}
}
memcpy(io_buffer, FirstSectOfFat, sizeof(FirstSectOfFat));
// Write the first fat sector in the right places
for (int i = 0; i < NumFATs; i++)
{
u32 SectorStart = lba + ReservedSectCount + (i * FatSize);
int result = sdcard_readwrite(SDIO_WRITE, io_buffer, 1, SDIO_BYTES_PER_SECTOR, SectorStart, NULL, DEVICE_ID_SDCARD_PATCHED);
if(result != 0)
{
_printf(20, 40, "Cannot write to the drive.");
return -1;
}
}
return 0;
}
int CheckFAT32PartitionOffset(u8 * mbr_buf, u32 partition_offset)
{
MASTER_BOOT_RECORD *mbr = (MASTER_BOOT_RECORD*)mbr_buf;
return (mbr->signature == MBR_SIGNATURE) && (le32(mbr->partitions[0].lba_start) >= partition_offset);
}
int FormatSDCard(u32 partition_offset, u32 total_sectors)
{
_printf(20, 40, "Formatting SD card....");
MASTER_BOOT_RECORD *mbr = (MASTER_BOOT_RECORD*)io_buffer;
memset(mbr, 0, SDIO_BYTES_PER_SECTOR);
int result = sdcard_readwrite(SDIO_READ, mbr, 1, SDIO_BYTES_PER_SECTOR, 0, NULL, DEVICE_ID_SDCARD_PATCHED);
if(result != 0)
{
_printf(20, 40, "SD card read failed %i", result);
return result;
}
u32 lba_start = partition_offset;
result = FormatToFAT32(lba_start, total_sectors - partition_offset);
if(result != 0)
return result;
memset(mbr, 0, sizeof(MASTER_BOOT_RECORD));
mbr->signature = MBR_SIGNATURE;
// setup primary FAT32 partition
mbr->partitions[0].status = PARTITION_BOOTABLE; // set activate
mbr->partitions[0].chs_start[0] = mbr->partitions[0].chs_end[0] = 0xFE;
mbr->partitions[0].chs_start[1] = mbr->partitions[0].chs_end[1] = 0xFF;
mbr->partitions[0].chs_start[2] = mbr->partitions[0].chs_end[2] = 0xFF;
mbr->partitions[0].type = PARTITION_TYPE_FAT32;
mbr->partitions[0].lba_start = le32(lba_start);
mbr->partitions[0].block_count = le32((total_sectors - partition_offset));
result = sdcard_readwrite(SDIO_WRITE, mbr, 1, SDIO_BYTES_PER_SECTOR, 0, NULL, DEVICE_ID_SDCARD_PATCHED);
if(result != 0)
{
_printf(20, 40, "SD card write failed %i", result);
}
else
{
_printf(20, 40, "Format of SD card finished successfully", result);
}
return result;
}

7
ios_fs/source/fat32_format.h
View File

@ -1,7 +0,0 @@
#ifndef _FAT32_FORMAT_H_
#define _FAT32_FORMAT_H_
int CheckFAT32PartitionOffset(u8 * mbr, u32 partition_offset);
int FormatSDCard(u32 partition_offset, u32 total_sectors);
#endif // _FAT32_FORMAT_H_

12
ios_fs/source/main.c
View File

@ -23,12 +23,12 @@ void createDevThread_entry(int initialization_type)
if(initialization_type == 0x01) // unknown but after SLC init no read/write done at this point yet
{
if(check_nand_dump() == 0)
{
clearScreen(0x000000FF);
_printf(20, 20, "welcome to redNAND!");
//if(check_nand_dump() == 0)
//{
clearScreen(0x000000FF);
_printf(20, 20, "welcome to NAND dumper!");
dump_nand_complete();
}
dump_nand_complete();
//}
}
}

4
ios_kernel/source/instant_patches.c
View File

@ -48,7 +48,7 @@ void instant_patches_setup(void)
*(volatile u32*)0x1070FAE8 = 0x05812070;
*(volatile u32*)0x1070FAEC = 0xEAFFFFF9;
if(cfw_config.noIosReload)
/*if(cfw_config.noIosReload)
{
int (*_iosMapSharedUserExecution)(void *descr) = (void*)0x08124F88;
@ -98,5 +98,5 @@ void instant_patches_setup(void)
map_info.type = 3; // 0 = undefined, 1 = kernel only, 2 = read only, 3 = read write
map_info.cached = 0xFFFFFFFF;
_iosMapSharedUserExecution(&map_info);
}
}*/
}

8
ios_kernel/source/ios_fs_patches.c
View File

@ -24,6 +24,7 @@
#include "types.h"
#include "elf_patcher.h"
#include "ios_fs_patches.h"
#include "config.h"
#include "../../ios_fs/ios_fs_syms.h"
#define FS_PHYS_DIFF 0
@ -39,6 +40,7 @@
#define FS_SLC_READ2 0x107B98FC
#define FS_SLC_WRITE1 0x107B9870
#define FS_SLC_WRITE2 0x107B97E4
#define FS_SLC_ECC_CHECK 0x107BAD38
#define FS_MLC_READ1 0x107DC760
#define FS_MLC_READ2 0x107DCDE4
#define FS_MLC_WRITE1 0x107DC0C0
@ -74,6 +76,12 @@ void fs_run_patches(u32 ios_elf_start)
section_write_word(ios_elf_start, FS_SLC_WRITE1, ARM_B(FS_SLC_WRITE1, slcWrite1_patch));
section_write_word(ios_elf_start, FS_SLC_WRITE2, ARM_B(FS_SLC_WRITE2, slcWrite2_patch));
section_write_word(ios_elf_start, FS_SLC_ECC_CHECK, ARM_B(FS_SLC_ECC_CHECK, eccCheck_patch));
section_write_word(ios_elf_start, (_text_start - 4), cfw_config.dumpSlc);
section_write_word(ios_elf_start, (_text_start - 8), cfw_config.dumpSlccmpt);
section_write_word(ios_elf_start, (_text_start - 12), cfw_config.dumpMlc);
//section_write_word(ios_elf_start, FS_USB_READ, ARM_B(FS_USB_READ, usbRead_patch));
//section_write_word(ios_elf_start, FS_USB_WRITE, ARM_B(FS_USB_WRITE, usbWrite_patch));

6
ios_kernel/source/ios_mcp_patches.c
View File

@ -46,13 +46,13 @@ void mcp_run_patches(u32 ios_elf_start)
section_write_word(ios_elf_start, 0x05056718, ARM_BL(0x05056718, _text_start));
if(cfw_config.syshaxXml)
/*if(cfw_config.syshaxXml)
{
section_write(ios_elf_start, 0x050600DC, "/vol/system/config/syshax.xml", 0x20);
section_write(ios_elf_start, 0x050600FC, "/vol/system_slc/config/syshax.xml", 0x24);
}
}*/
section_write_word(ios_elf_start, (_text_start - 4), cfw_config.launchImage);
//section_write_word(ios_elf_start, (_text_start - 4), cfw_config.launchImage);
u32 patch_count = (u32)(((u8*)mcp_patches_table_end) - ((u8*)mcp_patches_table)) / sizeof(patch_table_t);
patch_table_entries(ios_elf_start, mcp_patches_table, patch_count);

16
ios_kernel/source/kernel_patches.c
View File

@ -102,13 +102,13 @@ void kernel_launch_ios(u32 launch_address, u32 L, u32 C, u32 H)
mcp_run_patches(ios_elf_start);
kernel_run_patches(ios_elf_start);
if(cfw_config.redNAND)
{
fs_run_patches(ios_elf_start);
//if(cfw_config.redNAND)
//{
fs_run_patches(ios_elf_start);
if(cfw_config.seeprom_red)
bsp_run_patches(ios_elf_start);
}
// if(cfw_config.seeprom_red)
// bsp_run_patches(ios_elf_start);
//}
restore_mmu(control_register);
enable_interrupts(level);
@ -130,11 +130,11 @@ void kernel_run_patches(u32 ios_elf_start)
section_write_word(ios_elf_start, 0x0812CD2C, ARM_B(0x0812CD2C, kernel_syscall_0x81));
if(cfw_config.redNAND && cfw_config.otp_red)
/*if(cfw_config.redNAND && cfw_config.otp_red)
{
section_write(ios_elf_start, (u32)otp_buffer, otp_buffer, 0x400);
section_write_word(ios_elf_start, 0x08120248, ARM_B(0x08120248, kernel_read_otp_internal));
}
}*/
u32 patch_count = (u32)(((u8*)kernel_patches_table_end) - ((u8*)kernel_patches_table)) / sizeof(patch_table_t);
patch_table_entries(ios_elf_start, kernel_patches_table, patch_count);

28
ios_kernel/source/main.c
View File

@ -99,26 +99,26 @@ int _main()
kernel_memcpy((void*)USB_PHYS_CODE_BASE, payloads->data, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
if(cfw_config.redNAND)
{
kernel_memcpy((void*)fs_get_phys_code_base(), payloads->data, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
//if(cfw_config.redNAND)
//{
kernel_memcpy((void*)fs_get_phys_code_base(), payloads->data, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
if(cfw_config.seeprom_red)
{
kernel_memcpy((void*)bsp_get_phys_code_base(), payloads->data, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
}
}
// if(cfw_config.seeprom_red)
// {
// kernel_memcpy((void*)bsp_get_phys_code_base(), payloads->data, payloads->size);
// payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
// }
//}
kernel_memcpy((void*)mcp_get_phys_code_base(), payloads->data, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
if(cfw_config.launchImage)
/*if(cfw_config.launchImage)
{
kernel_memcpy((void*)MCP_LAUNCH_IMG_PHYS_ADDR, payloads->data, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
}
}*/
// run all instant patches as necessary
instant_patches_setup();
@ -133,10 +133,10 @@ int _main()
enable_interrupts(level);
if(cfw_config.redNAND)
/*if(cfw_config.redNAND)
{
redirection_setup();
}
}*/
return 0;
}

4
ios_kernel/source/redirection_setup.c
View File

@ -59,7 +59,7 @@ void redirection_setup(void)
}
}
if(cfw_config.seeprom_red)
/*if(cfw_config.seeprom_red)
{
bsp_init_seeprom_buffer(seepromDumpBaseSector, seepromDumpFound);
@ -83,7 +83,7 @@ void redirection_setup(void)
infoSector->nand_descriptions[4].sector_count = 2;
writeInfoSector++;
}
}
}*/
if(writeInfoSector > 0)
{

4
ios_mcp/source/main.c
View File

@ -232,11 +232,11 @@ int _startMainThread(void)
{
threadsStarted = 1;
int * launchImageConfigured = (int *)(0x05116000 - 4);
/*int * launchImageConfigured = (int *)(0x05116000 - 4);
if(*launchImageConfigured != 0)
{
drawSplashScreen();
}
}*/
int threadId = svcCreateThread(_main, 0, (u32*)(0x050BD000 + 0x1000), 0x1000, 0x78, 1);
if(threadId >= 0)

29
src/cfw_config.c
View File

@ -76,18 +76,21 @@ static int split_string(const char *string, char splitChar, char *left, char *ri
void default_config(cfw_config_t * config)
{
memset(config, 0, sizeof(cfw_config_t));
config->viewMode = 0;
config->directLaunch = 0;
config->launchImage = 1;
config->noIosReload = 0;
config->launchSysMenu = 1;
config->redNAND = 0;
config->seeprom_red = 0;
config->otp_red = 0;
config->syshaxXml = 0;
//config->viewMode = 0;
//config->directLaunch = 0;
//config->launchImage = 1;
//config->noIosReload = 0;
//config->launchSysMenu = 1;
//config->redNAND = 0;
//config->seeprom_red = 0;
//config->otp_red = 0;
//config->syshaxXml = 0;
config->dumpSlc = 1;
config->dumpSlccmpt = 1;
config->dumpMlc = 0;
}
int read_config(cfw_config_t * config)
/*int read_config(cfw_config_t * config)
{
FILE *pFile = fopen(CONFIG_PATH, "rb");
if(!pFile)
@ -127,9 +130,9 @@ int read_config(cfw_config_t * config)
fclose(pFile);
return 0;
}
}*/
int write_config(cfw_config_t * config)
/*int write_config(cfw_config_t * config)
{
CreateSubfolder(APP_PATH);
@ -149,4 +152,4 @@ int write_config(cfw_config_t * config)
fprintf(pFile, "syshaxXml=%i\n", config->syshaxXml);
fclose(pFile);
return 0;
}
}*/

31
src/cfw_config.h
View File

@ -24,25 +24,28 @@
#ifndef CFW_CONFIG_H_
#define CFW_CONFIG_H_
#define APP_VERSION "v0.2"
#define APP_PATH "sd:/wiiu/apps/mocha"
#define CONFIG_PATH (APP_PATH "/config.ini")
//#define APP_VERSION "v0.2"
//#define APP_PATH "sd:/wiiu/apps/mocha"
//#define CONFIG_PATH (APP_PATH "/config.ini")
typedef struct
{
int viewMode;
int directLaunch;
int launchImage;
int noIosReload;
int launchSysMenu;
int redNAND;
int seeprom_red;
int otp_red;
int syshaxXml;
//int viewMode;
//int directLaunch;
//int launchImage;
//int noIosReload;
//int launchSysMenu;
//int redNAND;
//int seeprom_red;
//int otp_red;
//int syshaxXml;
int dumpSlc;
int dumpSlccmpt;
int dumpMlc;
} cfw_config_t;
void default_config(cfw_config_t * config);
int read_config(cfw_config_t * config);
int write_config(cfw_config_t * config);
//int read_config(cfw_config_t * config);
//int write_config(cfw_config_t * config);
#endif

28
src/ios_exploit.c
View File

@ -324,25 +324,25 @@ static void uhs_exploit_init(int dev_uhs_0_handle, cfw_config_t * config)
memcpy(payloads->data, ios_usb_bin, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
if(config->redNAND)
{
payloads->size = sizeof(ios_fs_bin);
memcpy(payloads->data, ios_fs_bin, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
//if(config->redNAND)
//{
payloads->size = sizeof(ios_fs_bin);
memcpy(payloads->data, ios_fs_bin, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
if(config->seeprom_red)
{
payloads->size = sizeof(ios_bsp_bin);
memcpy(payloads->data, ios_bsp_bin, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
}
}
// if(config->seeprom_red)
// {
// payloads->size = sizeof(ios_bsp_bin);
// memcpy(payloads->data, ios_bsp_bin, payloads->size);
// payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
// }
//}
payloads->size = sizeof(ios_mcp_bin);
memcpy(payloads->data, ios_mcp_bin, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
if(config->launchImage)
/*if(config->launchImage)
{
FILE *pFile = fopen(APP_PATH "/launch_image.tga", "rb");
if(pFile)
@ -360,7 +360,7 @@ static void uhs_exploit_init(int dev_uhs_0_handle, cfw_config_t * config)
memcpy(payloads->data, launch_image_tga, payloads->size);
payloads = (payload_info_t*)( ((char*)payloads) + ALIGN4(sizeof(payload_info_t) + payloads->size) );
}
}
}*/
pretend_root_hub[33] = 0x500000;
pretend_root_hub[78] = 0;

42
src/main.c
View File

@ -48,7 +48,7 @@ int Menu_Main(void)
}
VPADInit();
int forceMenu = 0;
/*int forceMenu = 0;
{
VPADData vpad;
@ -59,20 +59,20 @@ int Menu_Main(void)
{
forceMenu = (vpad.btns_d | vpad.btns_h) & VPAD_BUTTON_B;
}
}
}*/
mount_sd_fat("sd");
//mount_sd_fat("sd");
cfw_config_t config;
default_config(&config);
read_config(&config);
//read_config(&config);
int launch = 1;
if(forceMenu || config.directLaunch == 0)
{
launch = ShowMenu(&config);
}
//if(forceMenu || config.directLaunch == 0)
//{
launch = ShowMenu(&config);
//}
int returnCode = 0;
@ -81,22 +81,22 @@ int Menu_Main(void)
int res = ExecuteIOSExploit(&config);
if(res == 0)
{
if(config.noIosReload == 0)
{
OSForceFullRelaunch();
SYSLaunchMenu();
returnCode = EXIT_RELAUNCH_ON_LOAD;
}
else if(config.launchSysMenu)
{
SYSLaunchMenu();
exitToHBLOnLaunch = 1;
returnCode = EXIT_RELAUNCH_ON_LOAD;
}
//if(config.noIosReload == 0)
//{
OSForceFullRelaunch();
SYSLaunchMenu();
returnCode = EXIT_RELAUNCH_ON_LOAD;
//}
//else if(config.launchSysMenu)
//{
// SYSLaunchMenu();
// exitToHBLOnLaunch = 1;
// returnCode = EXIT_RELAUNCH_ON_LOAD;
//}
}
}
unmount_sd_fat("sd");
//unmount_sd_fat("sd");
return returnCode;
}

40
src/menu.c
View File

@ -36,8 +36,9 @@
#include "dynamic_libs/socket_functions.h"
#include "cfw_config.h"
#define MAX_CONFIG_SETTINGS_EXPERT 9
#define MAX_CONFIG_SETTINGS_DEFAULT (MAX_CONFIG_SETTINGS_EXPERT - 3)
#define MAX_CONFIG_SETTINGS 2
//#define MAX_CONFIG_SETTINGS_EXPERT 9
//#define MAX_CONFIG_SETTINGS_DEFAULT (MAX_CONFIG_SETTINGS_EXPERT - 3)
#define TEXT_SEL(x, text1, text2) ((x) ? (text1) : (text2))
@ -47,7 +48,7 @@ struct {
const char *disabled;
} selection_options[] =
{
{ "Config view mode", "expert", "default" },
/*{ "Config view mode", "expert", "default" },
{ "Skip this menu on launch", "on", "off" },
{ "Show launch image", "on", "off" },
{ "Don't relaunch OS", "on", "off" },
@ -55,7 +56,10 @@ struct {
{ "redNAND", "on", "off" },
{ "SEEPROM redirection", "on", "off" },
{ "OTP redirection", "on", "off" },
{ "Use syshax.xml (coldboothax)", "on", "off" },
{ "Use syshax.xml (coldboothax)", "on", "off" },*/
{ "Dump SLC", "yes", "no" },
{ "Dump SLCCMPT", "yes", "no" },
{ "Dump MLC", "yes", "no" },
};
static void console_print_pos(int x, int y, const char *format, ...)
@ -109,7 +113,7 @@ int ShowMenu(cfw_config_t * currentConfig)
cfw_config_t config;
memcpy(&config, currentConfig, sizeof(cfw_config_t));
int max_config_item = config.viewMode ? MAX_CONFIG_SETTINGS_EXPERT : MAX_CONFIG_SETTINGS_DEFAULT;
int max_config_item = MAX_CONFIG_SETTINGS; //config.viewMode ? MAX_CONFIG_SETTINGS_EXPERT : MAX_CONFIG_SETTINGS_DEFAULT;
while(1)
{
@ -149,6 +153,15 @@ int ShowMenu(cfw_config_t * currentConfig)
switch(selected)
{
case 0:
config.dumpSlc = !config.dumpSlc;
break;
case 1:
config.dumpSlccmpt = !config.dumpSlccmpt;
break;
case 2:
config.dumpMlc = !config.dumpMlc;
break;
/*case 0:
config.viewMode = !config.viewMode;
max_config_item = config.viewMode ? MAX_CONFIG_SETTINGS_EXPERT : MAX_CONFIG_SETTINGS_DEFAULT;
break;
@ -175,12 +188,12 @@ int ShowMenu(cfw_config_t * currentConfig)
break;
case 8:
config.syshaxXml = !config.syshaxXml;
break;
break;*/
default:
break;
}
if(!config.viewMode)
/*if(!config.viewMode)
{
config.syshaxXml = 0;
@ -204,7 +217,7 @@ int ShowMenu(cfw_config_t * currentConfig)
{
config.seeprom_red = 0;
config.otp_red = 0;
}
}*/
initScreen = 1;
}
@ -215,16 +228,16 @@ int ShowMenu(cfw_config_t * currentConfig)
OSScreenClearBufferEx(0, 0);
OSScreenClearBufferEx(1, 0);
console_print_pos(x_offset, 1, " -- MOCHA CFW %s by Dimok --", APP_VERSION);
console_print_pos(x_offset, 1, " -- NAND Dumper --");
console_print_pos(x_offset, 3, "Select your options and press A to launch.");
console_print_pos(x_offset, 4, "Press HOME to exit back to HBL.");
console_print_pos(x_offset, 5, "Hold B on start to force enter this menu");
//console_print_pos(x_offset, 5, "Hold B on start to force enter this menu");
int y_offset = 6;
int option_count = sizeof(selection_options) / sizeof(selection_options[0]);
int idx;
int * configPtr = &config.viewMode;
int * configPtr = &config.dumpSlc;
for(idx = 0; idx < option_count && idx < max_config_item; idx++)
{
@ -233,6 +246,7 @@ int ShowMenu(cfw_config_t * currentConfig)
TEXT_SEL(configPtr[idx], " ", "<"), selection_options[idx].disabled, TEXT_SEL(configPtr[idx], " ", ">"));
}
console_print_pos(x_offset, 15, "Based on mocha CFW by Dimok.");
console_print_pos(x_offset, 16, "Credits go to everyone who contributed to Wii U scene publicly.");
console_print_pos(x_offset, 17, "Special thanks to smealum, plutoo, yellows8, naehrwert and derrek.");
@ -249,11 +263,11 @@ int ShowMenu(cfw_config_t * currentConfig)
OSScreenShutdown();
free(screenBuffer);
if(memcmp(currentConfig, &config, sizeof(cfw_config_t)) != 0)
/*if(memcmp(currentConfig, &config, sizeof(cfw_config_t)) != 0)
{
memcpy(currentConfig, &config, sizeof(cfw_config_t));
write_config(currentConfig);
}
}*/
return launch;
}