diff --git a/emunand/emuCode.s b/emunand/emuCode.s index 0013447..868a600 100644 --- a/emunand/emuCode.s +++ b/emunand/emuCode.s @@ -1,9 +1,9 @@ .nds -sdmmc equ 0x080D86F0 +sdmmc equ 0x080F0AB0 -.create "emunand.bin", 0x0801A4C0 -.org 0x0801A4C0 +.create "emunand.bin", 0x0801A5C0 +.org 0x0801A5C0 .arm nand_sd: ; Original code that still needs to be executed. diff --git a/source/crypto.c b/source/crypto.c index 0c5e023..0168e4c 100644 --- a/source/crypto.c +++ b/source/crypto.c @@ -387,12 +387,12 @@ void arm9loader(void *armHdr){ aes((void *)(armHdr+0x800), (void *)(armHdr+0x800), size/AES_BLOCK_SIZE, CTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL); //Set keys 0x19..0x1F keyXs - u8* decKey = (void *)((uintptr_t)armHdr+0x8A824); + u8* decKey = (void *)((uintptr_t)armHdr+0x89824); aes_use_keyslot(0x11); for(slot = 0x19; slot < 0x20; slot++) { aes_setkey(0x11, (u8*)key2, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL); - aes(decKey, (void *)((uintptr_t)armHdr+0x8A814), 1, NULL, AES_ECB_DECRYPT_MODE, 0); + aes(decKey, (void *)((uintptr_t)armHdr+0x89814), 1, NULL, AES_ECB_DECRYPT_MODE, 0); aes_setkey(slot, (u8*)decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL); - *(u8 *)((void *)((uintptr_t)armHdr+0x8A814+0xF)) += 1; + *(u8 *)((void *)((uintptr_t)armHdr+0x89814+0xF)) += 1; } } \ No newline at end of file diff --git a/source/emunand.c b/source/emunand.c index e561b84..2da99cb 100644 --- a/source/emunand.c +++ b/source/emunand.c @@ -8,34 +8,14 @@ #include "fatfs/ff.h" #include "fatfs/sdmmc/sdmmc.h" -typedef struct emunand { - u32 offset; - u32 header; - const char* name; -} emunand; +static u8 *temp = (u8*)0x24300000; -emunand emunands[] = { - {.offset = 1, .header = 1, .name = "redNAND"}, - {.offset = 0, .header = 0x1D7800, .name = "Toshiba GW/MT"}, - {.offset = 0, .header = 0x1DD000, .name = "Samsung GW/MT"}, - {.offset = 0, .header = 0x26C000, .name = "Samsung N3DS GW"}, - {.offset = 0, .header = 0x3B0000, .name = "Unknown N3DS GW"}, - {.offset = 0, .header = 0, .name = 0}, -}; - -static u8 *temp = (u8 *)0x24300000; - -u8 getEmunand(u32 *off, u32 *head){ - u8 ret = 0; - for(int i = 0; emunands[i].name; i++){ - if (sdmmc_sdcard_readsectors(emunands[i].header, 1, temp) == 0) { - if (*(u32 *)(temp + 0x100) == NCSD_MAGIC) { - *off = (u32)&emunands[i].offset; - *head = (u32)&emunands[i].header; - ret = 1; - break; - } +void getEmunand(u32 *off, u32 *head){ + u32 nandSize = getMMCDevice(0)->total_size; + if (sdmmc_sdcard_readsectors(nandSize, 1, temp) == 0) { + if (*(u32*)(temp + 0x100) == NCSD_MAGIC) { + *off = 0; + *head = nandSize; } } - return ret; } \ No newline at end of file diff --git a/source/emunand.h b/source/emunand.h index af5a5d4..1f8ded9 100644 --- a/source/emunand.h +++ b/source/emunand.h @@ -11,6 +11,6 @@ #define NCSD_MAGIC (0x4453434E) -u8 getEmunand(u32 *off, u32 *head); +void getEmunand(u32 *off, u32 *head); #endif \ No newline at end of file diff --git a/source/firm.c b/source/firm.c index 559c855..4b9a811 100644 --- a/source/firm.c +++ b/source/firm.c @@ -12,7 +12,6 @@ #include "crypto.h" const firmHeader *firmLocation = (firmHeader *)0x24000000; -const u32 firmSize = 0xF3000; firmSectionHeader *section; u32 emuOffset = 0; u32 emuHeader = 0; @@ -20,7 +19,7 @@ u32 emuHeader = 0; //Load firm into FCRAM void loadFirm(void){ //Read FIRM from SD card and write to FCRAM - fileRead((u8*)firmLocation, "/rei/firmware.bin", firmSize); + fileRead((u8*)firmLocation, "/rei/firmware.bin", 0); section = firmLocation->section; arm9loader((u8*)firmLocation + section[2].offset); } @@ -33,11 +32,12 @@ void loadEmu(void){ fileRead(code, "/rei/emunand/emunand.bin", 0); u32 *pos_offset = memsearch(code, "NAND", 0x218, 4); u32 *pos_header = memsearch(code, "NCSD", 0x218, 4); + getEmunand(&emuOffset, &emuHeader); if (pos_offset && pos_header) { *pos_offset = emuOffset; *pos_header = emuHeader; } - + //Add emunand hooks memcpy((u8*)emuHook(1), nandRedir, sizeof(nandRedir)); memcpy((u8*)emuHook(2), nandRedir, sizeof(nandRedir)); @@ -48,7 +48,7 @@ void patchFirm(){ //Part1: Set MPU for payload area memcpy((u8*)mpuCode(), mpu, sizeof(mpu)); - + //Part2: Disable signature checks memcpy((u8*)sigPatch(1), sigPat1, sizeof(sigPat1)); memcpy((u8*)sigPatch(2), sigPat2, sizeof(sigPat2)); diff --git a/source/patches.c b/source/patches.c index b6f5bb4..f66c074 100644 --- a/source/patches.c +++ b/source/patches.c @@ -8,8 +8,8 @@ #define FIRM 0x24000000 -#define KERNEL9 (FIRM + 0x68000) -#define PROC9 (FIRM + 0x7ED00) +#define KERNEL9 (FIRM + 0x68400) +#define PROC9 (FIRM + 0x7F100) #define K9_ADDR 0x08006000 #define P9_ADDR 0x08028000 @@ -27,7 +27,7 @@ u8 mpu[0x2C] = { //MPU shit 0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x1C, 0x00, 0x00, 0x00, 0x02, 0x08 }; -u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA4, 0x01, 0x08}; //Branch to emunand function +u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA5, 0x01, 0x08}; //Branch to emunand function /* * Sig checks @@ -38,8 +38,8 @@ u8 sigPat2[4] = {0x00, 0x20, 0x70, 0x47}; /* * Arm9 thread */ -u8 th1[4] = {0x2C, 0xF0, 0x9F, 0xE5}; //ldr pc, =0x0801A6E0 -u8 th2[4] = {0xE0, 0xA6, 0x01, 0x08}; //0x0801A6E0 +u8 th1[4] = {0x2C, 0xF0, 0x9F, 0xE5}; //ldr pc, =0x0801A7E0 +u8 th2[4] = {0xE0, 0xA7, 0x01, 0x08}; //0x0801A7E0 @@ -49,12 +49,12 @@ u8 th2[4] = {0xE0, 0xA6, 0x01, 0x08}; //0x0801A6E0 //Where the emunand code is stored in firm u32 emuCode(void){ - return KERNEL9 + (0x0801A4C0 - K9_ADDR); + return KERNEL9 + (0x0801A5C0 - K9_ADDR); } //Where thread code is stored in firm u32 threadCode(void){ - return KERNEL9 + (0x0801A6E0 - K9_ADDR); + return KERNEL9 + (0x0801A7E0 - K9_ADDR); } //Area of MPU setting code @@ -65,20 +65,20 @@ u32 mpuCode(void){ //Offsets to redirect to thread code u32 threadHook(u8 val){ return val == 1 ? - PROC9 + (0x08086140 - P9_ADDR): - PROC9 + (0x08086174 - P9_ADDR); + PROC9 + (0x08085198 - P9_ADDR): + PROC9 + (0x080851CC - P9_ADDR); } //Offsets to redirect to Emunand code u32 emuHook(u8 val){ //latest only return val == 1 ? - PROC9 + (0x0807882C - P9_ADDR): - PROC9 + (0x0807886C - P9_ADDR); + PROC9 + (0x08077B40 - P9_ADDR): + PROC9 + (0x08077B80 - P9_ADDR); } //Offsets to redirect to thread code u32 sigPatch(u8 val){ return val == 1 ? - PROC9 + (0x080632B8 - P9_ADDR) : - PROC9 + (0x0805D628 - P9_ADDR); + PROC9 + (0x08062B08 - P9_ADDR) : + PROC9 + (0x0805C31C - P9_ADDR); } \ No newline at end of file diff --git a/thread/3ds.ld b/thread/3ds.ld index fc4ba24..ddd375e 100644 --- a/thread/3ds.ld +++ b/thread/3ds.ld @@ -6,7 +6,7 @@ ENTRY(_start) SECTIONS { - . = 0x0801A6E0; + . = 0x0801A7E0; start_addr = .; .text.start : { *(.text.start) } .text : { *(.text) *(.text*) } diff --git a/thread/source/FS.s b/thread/source/FS.s index 416d268..23e200c 100644 --- a/thread/source/FS.s +++ b/thread/source/FS.s @@ -11,7 +11,7 @@ .type fopen9, %function fopen9: push {r0-r6, lr} - ldr r4, =0x0805B181 + ldr r4, =0x08059D0D blx r4 pop {r0-r6, pc} .pool @@ -21,7 +21,7 @@ .type fwrite9, %function fwrite9: push {r4, lr} - ldr r4, =0x0805C4D1 + ldr r4, =0x0805B20D blx r4 pop {r4, pc} .pool @@ -31,7 +31,7 @@ .type fread9, %function fread9: push {r4, lr} - ldr r4, =0x0804D855 + ldr r4, =0x0804CC15 blx r4 pop {r4, pc} .pool @@ -41,7 +41,7 @@ .type fclose9, %function fclose9: push {r4, lr} - ldr r4, =0x08053CF9 + ldr r4, =0x08052DA1 blx r4 pop {r4, pc} .pool @@ -51,7 +51,7 @@ .type fsize9, %function fsize9: push {r4, lr} - ldr r4, =0x0805C2CD + ldr r4, =0x0805B0E9 blx r4 pop {r4, pc} .pool \ No newline at end of file diff --git a/thread/source/_start.s b/thread/source/_start.s index 2221370..0359814 100644 --- a/thread/source/_start.s +++ b/thread/source/_start.s @@ -16,5 +16,5 @@ _start: ldr r4, =0x1 svc 0x8 pop {r0-r12 , lr} - ldr r0, =0x80CB028 - ldr pc, =0x08086144 \ No newline at end of file + ldr r0, =0x80E3408 + ldr pc, =0x0808519C \ No newline at end of file