forked from CTCaer/hekate
Merge pull request #51 from rajkosto/kip1patching
Add KIP1 patching support (with 2 FS patches included)
This commit is contained in:
commit
e9d1256df8
1
Makefile
1
Makefile
@ -12,6 +12,7 @@ OBJS = $(addprefix $(BUILD)/, \
|
||||
main.o \
|
||||
config.o \
|
||||
btn.o \
|
||||
blz.o \
|
||||
clock.o \
|
||||
cluster.o \
|
||||
fuse.o \
|
||||
|
@ -33,6 +33,7 @@ There are four possible type of entries. "**[ ]**": Boot entry, "**{ }**": Capti
|
||||
| secmon={SD path} | Replaces the security monitor binary |
|
||||
| kernel={SD path} | Replaces the kernel binary |
|
||||
| kip1={SD path} | Replaces/Adds kernel initial process. Multiple can be set. |
|
||||
| kip1patch=patchname| Enables a kip1 patch. Specify with multiple lines and/or as CSV. Implemented patches right now are nosigchk,nogc |
|
||||
| fullsvcperm=1 | Disables SVC verification |
|
||||
| debugmode=1 | Enables Debug mode |
|
||||
|
||||
|
97
ipl/blz.c
Normal file
97
ipl/blz.c
Normal file
@ -0,0 +1,97 @@
|
||||
/*
|
||||
* Copyright (c) 2018 rajkosto
|
||||
* Copyright (c) 2018 SciresM
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "blz.h"
|
||||
|
||||
const blz_footer* blz_get_footer(const unsigned char* compData, unsigned int compDataLen, blz_footer* outFooter)
|
||||
{
|
||||
if (compDataLen < sizeof(blz_footer))
|
||||
return NULL;
|
||||
|
||||
const blz_footer* srcFooter = (const blz_footer*)&compData[compDataLen-sizeof(blz_footer)];
|
||||
if (outFooter != NULL)
|
||||
memcpy(outFooter, srcFooter, sizeof(blz_footer)); //must be a memcpy because no umaligned accesses on ARMv4
|
||||
|
||||
return srcFooter;
|
||||
}
|
||||
|
||||
//from https://github.com/SciresM/hactool/blob/master/kip.c which is exactly how kernel does it, thanks SciresM!
|
||||
int blz_uncompress_inplace(unsigned char* dataBuf, unsigned int compSize, const blz_footer* footer)
|
||||
{
|
||||
u32 addl_size = footer->addl_size;
|
||||
u32 header_size = footer->header_size;
|
||||
u32 cmp_and_hdr_size = footer->cmp_and_hdr_size;
|
||||
|
||||
unsigned char* cmp_start = &dataBuf[compSize] - cmp_and_hdr_size;
|
||||
u32 cmp_ofs = cmp_and_hdr_size - header_size;
|
||||
u32 out_ofs = cmp_and_hdr_size + addl_size;
|
||||
|
||||
while (out_ofs)
|
||||
{
|
||||
unsigned char control = cmp_start[--cmp_ofs];
|
||||
for (unsigned int i=0; i<8; i++)
|
||||
{
|
||||
if (control & 0x80)
|
||||
{
|
||||
if (cmp_ofs < 2)
|
||||
return 0; //out of bounds
|
||||
|
||||
cmp_ofs -= 2;
|
||||
u16 seg_val = ((unsigned int)(cmp_start[cmp_ofs+1]) << 8) | cmp_start[cmp_ofs];
|
||||
u32 seg_size = ((seg_val >> 12) & 0xF) + 3;
|
||||
u32 seg_ofs = (seg_val & 0x0FFF) + 3;
|
||||
if (out_ofs < seg_size) // Kernel restricts segment copy to stay in bounds.
|
||||
seg_size = out_ofs;
|
||||
|
||||
out_ofs -= seg_size;
|
||||
|
||||
for (unsigned int j = 0; j < seg_size; j++)
|
||||
cmp_start[out_ofs + j] = cmp_start[out_ofs + j + seg_ofs];
|
||||
}
|
||||
else
|
||||
{
|
||||
// Copy directly.
|
||||
if (cmp_ofs < 1)
|
||||
return 0; //out of bounds
|
||||
|
||||
cmp_start[--out_ofs] = cmp_start[--cmp_ofs];
|
||||
}
|
||||
control <<= 1;
|
||||
if (out_ofs == 0) // blz works backwards, so if it reaches byte 0, it's done
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int blz_uncompress_srcdest(const unsigned char* compData, unsigned int compDataLen, unsigned char* dstData, unsigned int dstSize)
|
||||
{
|
||||
blz_footer footer;
|
||||
const blz_footer* compFooterPtr = blz_get_footer(compData, compDataLen, &footer);
|
||||
if (compFooterPtr == NULL)
|
||||
return 0;
|
||||
|
||||
//decompression must be done in-place, so need to copy the relevant compressed data first
|
||||
unsigned int numCompBytes = (const unsigned char*)(compFooterPtr)-compData;
|
||||
memcpy(dstData, compData, numCompBytes);
|
||||
memset(&dstData[numCompBytes], 0, dstSize-numCompBytes);
|
||||
|
||||
return blz_uncompress_inplace(dstData, compDataLen, &footer);
|
||||
}
|
36
ipl/blz.h
Normal file
36
ipl/blz.h
Normal file
@ -0,0 +1,36 @@
|
||||
/*
|
||||
* Copyright (c) 2018 rajkosto
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#ifndef _BLZ_H_
|
||||
#define _BLZ_H_
|
||||
|
||||
#include "types.h"
|
||||
|
||||
typedef struct _blz_footer
|
||||
{
|
||||
u32 cmp_and_hdr_size;
|
||||
u32 header_size;
|
||||
u32 addl_size;
|
||||
} blz_footer;
|
||||
|
||||
//returns pointer to footer in compData if present, additionally copies it to outFooter if not NULL
|
||||
const blz_footer* blz_get_footer(const unsigned char* compData, unsigned int compDataLen, blz_footer* outFooter);
|
||||
//returns 0 on failure
|
||||
int blz_uncompress_inplace(unsigned char* dataBuf, unsigned int compSize, const blz_footer* footer);
|
||||
//returns 0 on failure
|
||||
int blz_uncompress_srcdest(const unsigned char* compData, unsigned int compDataLen, unsigned char* dstData, unsigned int dstSize);
|
||||
|
||||
#endif
|
1928
ipl/hekate_logos.h
1928
ipl/hekate_logos.h
File diff suppressed because it is too large
Load Diff
41
ipl/hos.c
41
ipl/hos.c
@ -65,6 +65,7 @@ typedef struct _launch_ctxt_t
|
||||
void *kernel;
|
||||
u32 kernel_size;
|
||||
link_t kip1_list;
|
||||
char* kip1_patches;
|
||||
|
||||
int svcperm;
|
||||
int debugmode;
|
||||
@ -382,6 +383,35 @@ static int _config_atmosphere(launch_ctxt_t *ctxt, const char *value)
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int _config_kip1patch(launch_ctxt_t *ctxt, const char *value)
|
||||
{
|
||||
if (value == NULL)
|
||||
return 0;
|
||||
|
||||
int valueLen = strlen(value);
|
||||
if (valueLen == 0)
|
||||
return 0;
|
||||
|
||||
if (ctxt->kip1_patches == NULL)
|
||||
{
|
||||
ctxt->kip1_patches = malloc(valueLen+1);
|
||||
memcpy(ctxt->kip1_patches, value, valueLen);
|
||||
ctxt->kip1_patches[valueLen] = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
char* oldAlloc = ctxt->kip1_patches;
|
||||
int oldSize = strlen(oldAlloc);
|
||||
ctxt->kip1_patches = malloc(oldSize+1+valueLen+1);
|
||||
memcpy(ctxt->kip1_patches, oldAlloc, oldSize);
|
||||
free(oldAlloc); oldAlloc = NULL;
|
||||
ctxt->kip1_patches[oldSize++] = ',';
|
||||
memcpy(&ctxt->kip1_patches[oldSize], value, valueLen);
|
||||
ctxt->kip1_patches[oldSize+valueLen] = 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
typedef struct _cfg_handler_t
|
||||
{
|
||||
const char *key;
|
||||
@ -393,6 +423,7 @@ static const cfg_handler_t _config_handlers[] = {
|
||||
{ "secmon", _config_secmon },
|
||||
{ "kernel", _config_kernel },
|
||||
{ "kip1", _config_kip1 },
|
||||
{ "kip1patch", _config_kip1patch },
|
||||
{ "fullsvcperm", _config_svcperm },
|
||||
{ "debugmode", _config_debugmode },
|
||||
{ "atmosphere", _config_atmosphere },
|
||||
@ -417,6 +448,7 @@ static void _free_launch_components(launch_ctxt_t *ctxt)
|
||||
free(ctxt->warmboot);
|
||||
free(ctxt->secmon);
|
||||
free(ctxt->kernel);
|
||||
free(ctxt->kip1_patches);
|
||||
}
|
||||
|
||||
int hos_launch(ini_sec_t *cfg)
|
||||
@ -536,6 +568,15 @@ int hos_launch(ini_sec_t *cfg)
|
||||
LIST_FOREACH_ENTRY(merge_kip_t, mki, &ctxt.kip1_list, link)
|
||||
pkg2_merge_kip(&kip1_info, (pkg2_kip1_t *)mki->kip1);
|
||||
|
||||
// Patch kip1s in memory if needed
|
||||
const char* unappliedPatch = pkg2_patch_kips(&kip1_info, ctxt.kip1_patches);
|
||||
if (unappliedPatch != NULL)
|
||||
{
|
||||
gfx_printf(&gfx_con, "%kREQUESTED PATCH '%s' NOT APPLIED!%k\n", 0xFFFF0000, unappliedPatch, 0xFFCCCCCC);
|
||||
sd_unmount(); //just exiting is not enough until pkg2_patch_kips stops modifying the string passed into it
|
||||
while(1) {} //MUST stop here, because if user requests 'nogc' but it's not applied, their GC controller gets updated!
|
||||
}
|
||||
|
||||
// Rebuild and encrypt package2.
|
||||
pkg2_build_encrypt((void *)0xA9800000, ctxt.kernel, ctxt.kernel_size, &kip1_info);
|
||||
gfx_printf(&gfx_con, "Rebuilt and loaded package2\n");
|
||||
|
10
ipl/main.c
10
ipl/main.c
@ -52,7 +52,7 @@
|
||||
#include "pkg1.h"
|
||||
#include "pkg2.h"
|
||||
#include "mmc.h"
|
||||
#include "lz.h"
|
||||
#include "blz.h"
|
||||
#include "max17050.h"
|
||||
#include "bq24193.h"
|
||||
#include "config.h"
|
||||
@ -1777,7 +1777,7 @@ void launch_firmware()
|
||||
{
|
||||
#ifdef MENU_LOGO_ENABLE
|
||||
Kc_MENU_LOGO = (u8 *)malloc(0x6000);
|
||||
LZ_Uncompress(Kc_MENU_LOGOlz, Kc_MENU_LOGO, SZ_MENU_LOGOLZ);
|
||||
blz_uncompress_srcdest(Kc_MENU_LOGO_blz, SZ_MENU_LOGO_BLZ, Kc_MENU_LOGO, SZ_MENU_LOGO);
|
||||
#endif //MENU_LOGO_ENABLE
|
||||
EPRINTF("Failed to launch firmware.");
|
||||
}
|
||||
@ -1933,7 +1933,7 @@ void auto_launch_firmware()
|
||||
else
|
||||
{
|
||||
BOOTLOGO = (void *)malloc(0x4000);
|
||||
LZ_Uncompress(BOOTLOGO_LZ, BOOTLOGO, SZ_BOOTLOGO_LZ);
|
||||
blz_uncompress_srcdest(BOOTLOGO_BLZ, SZ_BOOTLOGO_BLZ, BOOTLOGO, SZ_BOOTLOGO);
|
||||
gfx_set_rect_grey(&gfx_ctxt, BOOTLOGO, X_BOOTLOGO, Y_BOOTLOGO, 326, 544);
|
||||
free(BOOTLOGO);
|
||||
}
|
||||
@ -1958,7 +1958,7 @@ void auto_launch_firmware()
|
||||
// Failed to launch firmware.
|
||||
#ifdef MENU_LOGO_ENABLE
|
||||
Kc_MENU_LOGO = (u8 *)malloc(ALIGN(SZ_MENU_LOGO, 0x10));
|
||||
LZ_Uncompress(Kc_MENU_LOGOlz, Kc_MENU_LOGO, SZ_MENU_LOGOLZ);
|
||||
blz_uncompress_srcdest(Kc_MENU_LOGO_blz, SZ_MENU_LOGO_BLZ, Kc_MENU_LOGO, SZ_MENU_LOGO);
|
||||
#endif //MENU_LOGO_ENABLE
|
||||
}
|
||||
|
||||
@ -2597,7 +2597,7 @@ void ipl_main()
|
||||
|
||||
#ifdef MENU_LOGO_ENABLE
|
||||
Kc_MENU_LOGO = (u8 *)malloc(0x6000);
|
||||
LZ_Uncompress(Kc_MENU_LOGOlz, Kc_MENU_LOGO, SZ_MENU_LOGOLZ);
|
||||
blz_uncompress_srcdest(Kc_MENU_LOGO_blz, SZ_MENU_LOGO_BLZ, Kc_MENU_LOGO, SZ_MENU_LOGO);
|
||||
#endif //MENU_LOGO_ENABLE
|
||||
|
||||
gfx_con_init(&gfx_con, &gfx_ctxt);
|
||||
|
448
ipl/pkg2.c
448
ipl/pkg2.c
@ -21,11 +21,15 @@
|
||||
#include "arm64.h"
|
||||
#include "heap.h"
|
||||
#include "se.h"
|
||||
#include "blz.h"
|
||||
|
||||
#include "gfx.h"
|
||||
|
||||
/*#include "gfx.h"
|
||||
extern gfx_ctxt_t gfx_ctxt;
|
||||
extern gfx_con_t gfx_con;
|
||||
#define DPRINTF(...) gfx_printf(&gfx_con, __VA_ARGS__)*/
|
||||
|
||||
/*#include "util.h"
|
||||
#define DPRINTF(...) gfx_printf(&gfx_con, __VA_ARGS__)
|
||||
#define DEBUG_PRINTING*/
|
||||
#define DPRINTF(...)
|
||||
|
||||
//TODO: Replace hardcoded AArch64 instructions with instruction macros.
|
||||
@ -221,6 +225,192 @@ static const pkg2_kernel_id_t _pkg2_kernel_ids[] =
|
||||
{ 0, 0 } //End.
|
||||
};
|
||||
|
||||
enum kip_offset_section
|
||||
{
|
||||
KIP_TEXT = 0,
|
||||
KIP_RODATA = 1,
|
||||
KIP_DATA = 2,
|
||||
KIP_BSS = 3,
|
||||
KIP_UNKSEC1 = 4,
|
||||
KIP_UNKSEC2 = 5
|
||||
};
|
||||
|
||||
#define KIP_PATCH_SECTION_SHIFT (29)
|
||||
#define KIP_PATCH_SECTION_MASK (7 << KIP_PATCH_SECTION_SHIFT)
|
||||
#define KIP_PATCH_OFFSET_MASK (~KIP_PATCH_SECTION_MASK)
|
||||
#define GET_KIP_PATCH_SECTION(x) ((x >> KIP_PATCH_SECTION_SHIFT) & 7)
|
||||
#define GET_KIP_PATCH_OFFSET(x) (x & KIP_PATCH_OFFSET_MASK)
|
||||
#define KPS(x) ((u32)(x) << KIP_PATCH_SECTION_SHIFT)
|
||||
|
||||
static kip1_patch_t _fs_nosigchk_100[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0x194A0, 4, "\xBA\x09\x00\x94", "\xE0\x03\x1F\x2A" },
|
||||
{ KPS(KIP_TEXT) | 0x3A79C, 4, "\xE0\x06\x00\x36", "\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patchset_t _fs_patches_100[] =
|
||||
{
|
||||
{ "nosigchk", _fs_nosigchk_100 },
|
||||
{ "nogc", NULL },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patch_t _fs_nosigchk_200[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0x15DF4, 4, "\xBC\x0A\x00\x94", "\xE0\x03\x1F\x2A" },
|
||||
{ KPS(KIP_TEXT) | 0x3F720, 4, "\x00\x06\x00\x36", "\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patchset_t _fs_patches_200[] =
|
||||
{
|
||||
{ "nosigchk", _fs_nosigchk_200 },
|
||||
{ "nogc", NULL },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patch_t _fs_nosigchk_210[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0x15F64, 4, "\xDF\x0A\x00\x94", "\xE0\x03\x1F\x2A" },
|
||||
{ KPS(KIP_TEXT) | 0x3FAF8, 4, "\x00\x06\x00\x36", "\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patchset_t _fs_patches_210[] =
|
||||
{
|
||||
{ "nosigchk", _fs_nosigchk_210 },
|
||||
{ "nogc", NULL },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patch_t _fs_nosigchk_300[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0x18E24, 4, "\x52\x0C\x00\x94", "\xE0\x03\x1F\x2A" },
|
||||
{ KPS(KIP_TEXT) | 0x49EC8, 4, "\x40\x04\x00\x36", "\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patchset_t _fs_patches_300[] =
|
||||
{
|
||||
{ "nosigchk", _fs_nosigchk_300 },
|
||||
{ "nogc", NULL },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patch_t _fs_nosigchk_30x[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0x18E90, 4, "\x52\x0C\x00\x94", "\xE0\x03\x1F\x2A" },
|
||||
{ KPS(KIP_TEXT) | 0x49F34, 4, "\xE0\x03\x00\x36", "\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patchset_t _fs_patches_30x[] =
|
||||
{
|
||||
{ "nosigchk", _fs_nosigchk_30x },
|
||||
{ "nogc", NULL },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patch_t _fs_nosigchk_4xx[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0x1C4FC, 4, "\x3C\x2F\x00\x94", "\xE0\x03\x1F\x2A" },
|
||||
{ KPS(KIP_TEXT) | 0x57934, 4, "\xE0\x02\x00\x36", "\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patch_t _fs_nogc_40x[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0xA3458, 4, "\x14\x40\x80\x72", "\x14\x80\x80\x72" },
|
||||
{ KPS(KIP_TEXT) | 0xAAC98, 8, "\x80\x02\xA0\x52\x40\x40\x91\x72", "\xE0\x03\x1F\x2A\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patchset_t _fs_patches_40x[] =
|
||||
{
|
||||
{ "nosigchk", _fs_nosigchk_4xx },
|
||||
{ "nogc", _fs_nogc_40x },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patch_t _fs_nogc_410[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0xA34BC, 4, "\x14\x40\x80\x72", "\x14\x80\x80\x72" },
|
||||
{ KPS(KIP_TEXT) | 0xAACFC, 8, "\x80\x02\xA0\x52\x40\x40\x91\x72", "\xE0\x03\x1F\x2A\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patchset_t _fs_patches_410[] =
|
||||
{
|
||||
{ "nosigchk", _fs_nosigchk_4xx },
|
||||
{ "nogc", _fs_nogc_410 },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patch_t _fs_nosigchk_50x[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0x22DDC, 4, "\x7D\x3E\x00\x94", "\xE0\x03\x1F\x2A" },
|
||||
{ KPS(KIP_TEXT) | 0x7D490, 4, "\x40\x03\x00\x36", "\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patch_t _fs_nogc_50x[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0xCF3C4, 4, "\x14\x40\x80\x52", "\x14\x80\x80\x52" },
|
||||
{ KPS(KIP_TEXT) | 0xD74FC, 8, "\x40\x40\x91\x52\x80\x02\xA0\x72", "\xE0\x03\x1F\x2A\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patchset_t _fs_patches_50x[] =
|
||||
{
|
||||
{ "nosigchk", _fs_nosigchk_50x },
|
||||
{ "nogc", _fs_nogc_50x },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patch_t _fs_nosigchk_510[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0x22E0C, 4, "\x85\x3E\x00\x94", "\xE0\x03\x1F\x2A" },
|
||||
{ KPS(KIP_TEXT) | 0x7D860, 4, "\x40\x03\x00\x36", "\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patch_t _fs_nogc_510[] =
|
||||
{
|
||||
{ KPS(KIP_TEXT) | 0xCF794, 4, "\x14\x40\x80\x52", "\x14\x80\x80\x52" },
|
||||
{ KPS(KIP_TEXT) | 0xD78CC, 8, "\x40\x40\x91\x52\x80\x02\xA0\x72", "\xE0\x03\x1F\x2A\x1F\x20\x03\xD5" },
|
||||
{ 0, 0, NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_patchset_t _fs_patches_510[] =
|
||||
{
|
||||
{ "nosigchk", _fs_nosigchk_510 },
|
||||
{ "nogc", _fs_nogc_510 },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
static kip1_id_t _kip_ids[] =
|
||||
{
|
||||
{ "FS", "\xde\x9f\xdd\xa4\x08\x5d\xd5\xfe\x68\xdc\xb2\x0b\x41\x09\x5b\xb4", _fs_patches_100 }, // FS 1.0.0
|
||||
{ "FS", "\xfc\x3e\x80\x99\x1d\xca\x17\x96\x4a\x12\x1f\x04\xb6\x1b\x17\x5e", _fs_patches_100 }, // FS 1.0.0 "exfat"
|
||||
{ "FS", "\xcd\x7b\xbe\x18\xd6\x13\x0b\x28\xf6\x2f\x19\xfa\x79\x45\x53\x5b", _fs_patches_200 }, // FS 2.0.0
|
||||
{ "FS", "\xe7\x66\x92\xdf\xaa\x04\x20\xe9\xfd\xd6\x8e\x43\x63\x16\x18\x18", _fs_patches_200 }, // FS 2.0.0 exfat
|
||||
{ "FS", "\x0d\x70\x05\x62\x7b\x07\x76\x7c\x0b\x96\x3f\x9a\xff\xdd\xe5\x66", _fs_patches_210 }, // FS 2.1.0
|
||||
{ "FS", "\xdb\xd8\x5f\xca\xcc\x19\x3d\xa8\x30\x51\xc6\x64\xe6\x45\x2d\x32", _fs_patches_210 }, // FS 2.1.0 exfat
|
||||
{ "FS", "\xa8\x6d\xa5\xe8\x7e\xf1\x09\x7b\x23\xda\xb5\xb4\xdb\xba\xef\xe7", _fs_patches_300 }, // FS 3.0.0
|
||||
{ "FS", "\x98\x1c\x57\xe7\xf0\x2f\x70\xf7\xbc\xde\x75\x31\x81\xd9\x01\xa6", _fs_patches_300 }, // FS 3.0.0 exfat
|
||||
{ "FS", "\x57\x39\x7c\x06\x3f\x10\xb6\x31\x3f\x4d\x83\x76\x53\xcc\xc3\x71", _fs_patches_30x }, // FS 3.0.1
|
||||
{ "FS", "\x07\x30\x99\xd7\xc6\xad\x7d\x89\x83\xbc\x7a\xdd\x93\x2b\xe3\xd1", _fs_patches_30x }, // FS 3.0.1 exfat
|
||||
{ "FS", "\x06\xe9\x07\x19\x59\x5a\x01\x0c\x62\x46\xff\x70\x94\x6f\x10\xfb", _fs_patches_40x }, // FS 4.0.1
|
||||
{ "FS", "\x54\x9b\x0f\x8d\x6f\x72\xc4\xe9\xf3\xfd\x1f\x19\xea\xce\x4a\x5a", _fs_patches_40x }, // FS 4.0.1 exfat
|
||||
{ "FS", "\x80\x96\xaf\x7c\x6a\x35\xaa\x82\x71\xf3\x91\x69\x95\x41\x3b\x0b", _fs_patches_410 }, // FS 4.1.0
|
||||
{ "FS", "\x02\xd5\xab\xaa\xfd\x20\xc8\xb0\x63\x3a\xa0\xdb\xae\xe0\x37\x7e", _fs_patches_410 }, // FS 4.1.0 exfat
|
||||
{ "FS", "\xa6\xf2\x7a\xd9\xac\x7c\x73\xad\x41\x9b\x63\xb2\x3e\x78\x5a\x0c", _fs_patches_50x }, // FS 5.0.0
|
||||
{ "FS", "\xce\x3e\xcb\xa2\xf2\xf0\x62\xf5\x75\xf8\xf3\x60\x84\x2b\x32\xb4", _fs_patches_50x }, // FS 5.0.0 exfat
|
||||
{ "FS", "\x76\xf8\x74\x02\xc9\x38\x7c\x0f\x0a\x2f\xab\x1b\x45\xce\xbb\x93", _fs_patches_510 }, // FS 5.1.0
|
||||
{ "FS", "\x10\xb2\xd8\x16\x05\x48\x85\x99\xdf\x22\x42\xcb\x6b\xac\x2d\xf1", _fs_patches_510 }, // FS 5.1.0 exfat
|
||||
};
|
||||
|
||||
const pkg2_kernel_id_t *pkg2_identify(u32 id)
|
||||
{
|
||||
for (u32 i = 0; _pkg2_kernel_ids[i].crc32c_id; i++)
|
||||
@ -292,6 +482,258 @@ void pkg2_merge_kip(link_t *info, pkg2_kip1_t *kip1)
|
||||
pkg2_add_kip(info, kip1);
|
||||
}
|
||||
|
||||
int pkg2_decompress_kip(pkg2_kip1_info_t* ki, u32 sectsToDecomp)
|
||||
{
|
||||
u32 compClearMask = ~sectsToDecomp;
|
||||
if ((ki->kip1->flags & compClearMask) == ki->kip1->flags)
|
||||
return 0; //already decompressed, nothing to do
|
||||
|
||||
pkg2_kip1_t hdr;
|
||||
memcpy(&hdr, ki->kip1, sizeof(hdr));
|
||||
|
||||
unsigned int newKipSize = sizeof(hdr);
|
||||
for (u32 sectIdx=0; sectIdx<KIP1_NUM_SECTIONS; sectIdx++)
|
||||
{
|
||||
u32 sectCompBit = 1u << sectIdx;
|
||||
//for compressed, cant get actual decompressed size without doing it, so use safe "output size"
|
||||
if (sectIdx < 3 && (sectsToDecomp & sectCompBit) && (hdr.flags & sectCompBit))
|
||||
newKipSize += hdr.sections[sectIdx].size_decomp;
|
||||
else
|
||||
newKipSize += hdr.sections[sectIdx].size_comp;
|
||||
}
|
||||
|
||||
pkg2_kip1_t* newKip = malloc(newKipSize);
|
||||
unsigned char* dstDataPtr = newKip->data;
|
||||
const unsigned char* srcDataPtr = ki->kip1->data;
|
||||
for (u32 sectIdx=0; sectIdx<KIP1_NUM_SECTIONS; sectIdx++)
|
||||
{
|
||||
u32 sectCompBit = 1u << sectIdx;
|
||||
//easy copy path for uncompressed or ones we dont want to uncompress
|
||||
if (sectIdx >= 3 || !(sectsToDecomp & sectCompBit) || !(hdr.flags & sectCompBit))
|
||||
{
|
||||
unsigned int dataSize = hdr.sections[sectIdx].size_comp;
|
||||
if (dataSize == 0)
|
||||
continue;
|
||||
|
||||
memcpy(dstDataPtr, srcDataPtr, dataSize);
|
||||
srcDataPtr += dataSize;
|
||||
dstDataPtr += dataSize;
|
||||
continue;
|
||||
}
|
||||
|
||||
unsigned int compSize = hdr.sections[sectIdx].size_comp;
|
||||
unsigned int outputSize = hdr.sections[sectIdx].size_decomp;
|
||||
gfx_printf(&gfx_con, "Decomping %s KIP1 sect %d of size %d...\n", (const char*)hdr.name, sectIdx, compSize);
|
||||
if (blz_uncompress_srcdest(srcDataPtr, compSize, dstDataPtr, outputSize) == 0)
|
||||
{
|
||||
gfx_printf(&gfx_con, "%kERROR decomping sect %d of %s KIP!%k\n", 0xFFFF0000, sectIdx, (char*)hdr.name, 0xFFCCCCCC);
|
||||
free(newKip);
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
DPRINTF("Done! Decompressed size is %d!\n", outputSize);
|
||||
}
|
||||
hdr.sections[sectIdx].size_comp = outputSize;
|
||||
srcDataPtr += compSize;
|
||||
dstDataPtr += outputSize;
|
||||
}
|
||||
|
||||
hdr.flags &= compClearMask;
|
||||
memcpy(newKip, &hdr, sizeof(hdr));
|
||||
newKipSize = dstDataPtr-(unsigned char*)(newKip);
|
||||
|
||||
free(ki->kip1);
|
||||
ki->kip1 = newKip;
|
||||
ki->size = newKipSize;
|
||||
return 0;
|
||||
}
|
||||
|
||||
const char* pkg2_patch_kips(link_t *info, char* patchNames)
|
||||
{
|
||||
if (patchNames == NULL || patchNames[0] == 0)
|
||||
return NULL;
|
||||
|
||||
static const u32 MAX_NUM_PATCHES_REQUESTED = sizeof(u32)*8;
|
||||
char* patches[MAX_NUM_PATCHES_REQUESTED];
|
||||
|
||||
u32 numPatches=1;
|
||||
patches[0] = patchNames;
|
||||
{
|
||||
for (char* p = patchNames; *p != 0; p++)
|
||||
{
|
||||
if (*p == ',')
|
||||
{
|
||||
*p = 0;
|
||||
patches[numPatches++] = p+1;
|
||||
if (numPatches >= MAX_NUM_PATCHES_REQUESTED)
|
||||
return "too_many_patches";
|
||||
}
|
||||
else if (*p >= 'A' && *p <= 'Z')
|
||||
*p += 0x20;
|
||||
}
|
||||
}
|
||||
|
||||
u32 patchesApplied = 0; //bitset over patches
|
||||
for (u32 i=0; i<numPatches; i++)
|
||||
{
|
||||
//eliminate leading spaces
|
||||
for (const char* p=patches[i]; *p!=0; p++)
|
||||
{
|
||||
if (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\n')
|
||||
patches[i]++;
|
||||
else
|
||||
break;
|
||||
}
|
||||
int valueLen = strlen(patches[i]);
|
||||
if (valueLen == 0)
|
||||
continue;
|
||||
|
||||
//eliminate trailing spaces
|
||||
for (int chIdx=valueLen-1; chIdx>=0; chIdx--)
|
||||
{
|
||||
const char* p = patches[i] + chIdx;
|
||||
if (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\n')
|
||||
valueLen = chIdx;
|
||||
else
|
||||
break;
|
||||
}
|
||||
patches[i][valueLen] = 0;
|
||||
|
||||
DPRINTF("Requested patch: '%s'\n", patches[i]);
|
||||
}
|
||||
|
||||
u32 shaBuf[32/sizeof(u32)];
|
||||
LIST_FOREACH_ENTRY(pkg2_kip1_info_t, ki, info, link)
|
||||
{
|
||||
shaBuf[0] = 0; //sha256 for this kip not yet calculated
|
||||
for (u32 currKipIdx=0; currKipIdx<(sizeof(_kip_ids)/sizeof(_kip_ids[0])); currKipIdx++)
|
||||
{
|
||||
if (strncmp((const char*)ki->kip1->name, _kip_ids[currKipIdx].name, sizeof(ki->kip1->name)) != 0)
|
||||
continue;
|
||||
|
||||
u32 bitsAffected = 0;
|
||||
kip1_patchset_t* currPatchset = _kip_ids[currKipIdx].patchset;
|
||||
while (currPatchset != NULL && currPatchset->name != NULL)
|
||||
{
|
||||
for (u32 i=0; i<numPatches; i++)
|
||||
{
|
||||
if (strcmp(currPatchset->name, patches[i]) != 0)
|
||||
{
|
||||
bitsAffected = i+1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
currPatchset++;
|
||||
}
|
||||
|
||||
// dont bother even hashing this KIP if we dont have any patches enabled for it
|
||||
if (bitsAffected == 0)
|
||||
continue;
|
||||
|
||||
if (shaBuf[0] == 0)
|
||||
{
|
||||
if (!se_calc_sha256(shaBuf, ki->kip1, ki->size))
|
||||
memset(shaBuf, 0, sizeof(shaBuf));
|
||||
}
|
||||
|
||||
if (memcmp(shaBuf, _kip_ids[currKipIdx].hash, sizeof(_kip_ids[0].hash)) != 0)
|
||||
continue;
|
||||
|
||||
//find out which sections are affected by the enabled patches, to know which to decompress
|
||||
bitsAffected = 0;
|
||||
currPatchset = _kip_ids[currKipIdx].patchset;
|
||||
while (currPatchset != NULL && currPatchset->name != NULL)
|
||||
{
|
||||
if (currPatchset->patches != NULL)
|
||||
{
|
||||
for (u32 currEnabIdx=0; currEnabIdx<numPatches; currEnabIdx++)
|
||||
{
|
||||
if (strcmp(currPatchset->name, patches[currEnabIdx]))
|
||||
continue;
|
||||
|
||||
for (const kip1_patch_t* currPatch=currPatchset->patches; currPatch != NULL && currPatch->length != 0; currPatch++)
|
||||
bitsAffected |= 1u << GET_KIP_PATCH_SECTION(currPatch->offset);
|
||||
}
|
||||
}
|
||||
currPatchset++;
|
||||
}
|
||||
|
||||
// got patches to apply to this kip, have to decompress it
|
||||
#ifdef DEBUG_PRINTING
|
||||
u32 preDecompTime = get_tmr_us();
|
||||
#endif
|
||||
if (pkg2_decompress_kip(ki, bitsAffected))
|
||||
return (const char*)ki->kip1->name; //failed to decompress
|
||||
|
||||
#ifdef DEBUG_PRINTING
|
||||
u32 postDecompTime = get_tmr_us();
|
||||
if (!se_calc_sha256(shaBuf, ki->kip1, ki->size))
|
||||
memset(shaBuf, 0, sizeof(shaBuf));
|
||||
|
||||
DPRINTF("%dms %s KIP1 size %d hash %08X\n", (postDecompTime-preDecompTime)/1000, ki->kip1->name, (int)ki->size, __builtin_bswap32(shaBuf[0]));
|
||||
#endif
|
||||
|
||||
currPatchset = _kip_ids[currKipIdx].patchset;
|
||||
while (currPatchset != NULL && currPatchset->name != NULL)
|
||||
{
|
||||
for (u32 currEnabIdx=0; currEnabIdx<numPatches; currEnabIdx++)
|
||||
{
|
||||
if (strcmp(currPatchset->name, patches[currEnabIdx]))
|
||||
continue;
|
||||
|
||||
u32 appliedMask = 1u << currEnabIdx;
|
||||
if (currPatchset->patches == NULL)
|
||||
{
|
||||
gfx_printf(&gfx_con, "Patch '%s' not necessary for %s KIP1\n", currPatchset->name, (const char*)ki->kip1->name);
|
||||
patchesApplied |= appliedMask;
|
||||
break;
|
||||
}
|
||||
|
||||
unsigned char* kipSectData = ki->kip1->data;
|
||||
for (u32 currSectIdx=0; currSectIdx<KIP1_NUM_SECTIONS; currSectIdx++)
|
||||
{
|
||||
if (bitsAffected & (1u << currSectIdx))
|
||||
{
|
||||
gfx_printf(&gfx_con, "Applying patch '%s' on %s KIP1 sect %d\n", currPatchset->name, (const char*)ki->kip1->name, currSectIdx);
|
||||
for (const kip1_patch_t* currPatch=currPatchset->patches;currPatch != NULL && currPatch->length != 0; currPatch++)
|
||||
{
|
||||
if (GET_KIP_PATCH_SECTION(currPatch->offset) != currSectIdx)
|
||||
continue;
|
||||
|
||||
u32 currOffset = GET_KIP_PATCH_OFFSET(currPatch->offset);
|
||||
if (memcmp(&kipSectData[currOffset], currPatch->srcData, currPatch->length) != 0)
|
||||
{
|
||||
gfx_printf(&gfx_con, "%kDATA MISMATCH FOR PATCH AT OFFSET 0x%x!!!%k\n", 0xFFFF0000, currOffset, 0xFFCCCCCC);
|
||||
return currPatchset->name; //MUST stop here as kip is likely corrupt
|
||||
}
|
||||
else
|
||||
{
|
||||
DPRINTF("Patching %d bytes at offset 0x%x\n", currPatch->length, currOffset);
|
||||
memcpy(&kipSectData[currOffset], currPatch->dstData, currPatch->length);
|
||||
}
|
||||
}
|
||||
}
|
||||
kipSectData += ki->kip1->sections[currSectIdx].size_comp;
|
||||
}
|
||||
|
||||
patchesApplied |= appliedMask;
|
||||
break;
|
||||
}
|
||||
currPatchset++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (u32 i=0; i<numPatches; i++)
|
||||
{
|
||||
if ((patchesApplied & (1u << i)) == 0)
|
||||
return patches[i];
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
pkg2_hdr_t *pkg2_decrypt(void *data)
|
||||
{
|
||||
u8 *pdata = (u8 *)data;
|
||||
|
22
ipl/pkg2.h
22
ipl/pkg2.h
@ -113,11 +113,33 @@ typedef struct _pkg2_kernel_id_t
|
||||
kernel_patch_t *kernel_patchset;
|
||||
} pkg2_kernel_id_t;
|
||||
|
||||
typedef struct _kip1_patch_t
|
||||
{
|
||||
u32 offset; //section+offset of patch to apply
|
||||
u32 length; //in bytes, 0 means last patch
|
||||
const char* srcData; //that must match
|
||||
const char* dstData; //that it gets replaced by
|
||||
} kip1_patch_t;
|
||||
|
||||
typedef struct _kip1_patchset_t
|
||||
{
|
||||
const char* name; //NULL means end
|
||||
kip1_patch_t* patches; //NULL means not necessary
|
||||
} kip1_patchset_t;
|
||||
|
||||
typedef struct _kip1_id_t
|
||||
{
|
||||
const char* name;
|
||||
u8 hash[16];
|
||||
kip1_patchset_t* patchset;
|
||||
} kip1_id_t;
|
||||
|
||||
void pkg2_parse_kips(link_t *info, pkg2_hdr_t *pkg2);
|
||||
int pkg2_has_kip(link_t *info, u64 tid);
|
||||
void pkg2_replace_kip(link_t *info, u64 tid, pkg2_kip1_t *kip1);
|
||||
void pkg2_add_kip(link_t *info, pkg2_kip1_t *kip1);
|
||||
void pkg2_merge_kip(link_t *info, pkg2_kip1_t *kip1);
|
||||
const char* pkg2_patch_kips(link_t *info, char* patchNames);
|
||||
|
||||
const pkg2_kernel_id_t *pkg2_identify(u32 id);
|
||||
pkg2_hdr_t *pkg2_decrypt(void *data);
|
||||
|
@ -10,6 +10,12 @@ verification=2
|
||||
[Stock (SVC perms)]
|
||||
fullsvcperm=1
|
||||
debugmode=1
|
||||
|
||||
[Stock (Prevent GC access)]
|
||||
kip1patch=nogc
|
||||
|
||||
[Stock (Allow unsigned NCA)]
|
||||
kip1patch=nosigchk
|
||||
{ }
|
||||
|
||||
{-- Custom Firmwares --}
|
||||
|
Loading…
Reference in New Issue
Block a user