diff --git a/source/crypto.c b/source/crypto.c index 8ac28da..2edf820 100755 --- a/source/crypto.c +++ b/source/crypto.c @@ -4,11 +4,6 @@ #include "memory.h" #include "fatfs/sdmmc/sdmmc.h" -//Nand key#2 (0x12C10) -u8 key2[0x10] = { - 0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0 -}; - /**************************************************************** * Crypto Libs ****************************************************************/ @@ -232,16 +227,20 @@ void aes(void* dst, const void* src, u32 blockCount, void* iv, u32 mode, u32 ivM * Nand/FIRM Crypto stuff ****************************************************************/ +//Nand key#2 (0x12C10) +u8 key2[0x10] = { + 0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0 +}; + //Get Nand CTR key -void getNandCTR(u8 *buf, u8 console) { - u8 *addr = console ? (u8*)0x080D8BBC : (u8*)0x080D797C; - u8 keyLen = 0x10; //CTR length - addr += 0x0F; - while (keyLen --) { *(buf++) = *(addr--); } +void getNandCTR(u8 *buf, u8 console){ + u8 *addr = (console ? (u8*)0x080D8BBC : (u8*)0x080D797C) + 0x0F; + for(u8 keyLen = 0x10; keyLen; keyLen--) + *(buf++) = *(addr--); } //Read firm0 from NAND and write to buffer -void nandFirm0(u8 *outbuf, const u32 size, u8 console){ +void nandFirm0(u8 *outbuf, u32 size, u8 console){ u8 CTR[0x10]; getNandCTR(CTR, console); aes_advctr(CTR, 0x0B130000/0x10, AES_INPUT_BE | AES_INPUT_NORMAL); @@ -287,12 +286,13 @@ void decArm9Bin(void *armHdr, u8 mode){ //Sets the N3DS 9.6 KeyXs void setKeyXs(void *armHdr){ + void *keyData = armHdr+0x89814; + void *decKey = keyData+0x10; + //Set keys 0x19..0x1F keyXs aes_setkey(0x11, key2, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL); aes_use_keyslot(0x11); for(u8 slot = 0x19; slot < 0x20; slot++){ - void *keyData = armHdr+0x89814; - void *decKey = keyData+0x10; aes(decKey, keyData, 1, NULL, AES_ECB_DECRYPT_MODE, 0); aes_setkey(slot, decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL); *(u8*)(keyData+0xF) += 1; diff --git a/source/crypto.h b/source/crypto.h index 34c56d1..945755e 100755 --- a/source/crypto.h +++ b/source/crypto.h @@ -49,7 +49,7 @@ #define AES_KEYY 2 //NAND/FIRM stuff -void nandFirm0(u8 *outbuf, const u32 size, u8 console); +void nandFirm0(u8 *outbuf, u32 size, u8 console); void decArm9Bin(void *armHdr, u8 mode); void setKeyXs(void *armHdr); diff --git a/source/draw.c b/source/draw.c index 0b5926a..5402ed0 100644 --- a/source/draw.c +++ b/source/draw.c @@ -23,7 +23,7 @@ void shutdownLCD(void){ *(vu32*)0x10202014 = 0; //Wait for the ARM11 entrypoint to be set - while (!*arm11); + while(!*arm11); //Jump to it ((void (*)())*arm11)(); } @@ -36,7 +36,7 @@ void clearScreen(void){ void loadSplash(void){ //Check if it's a no-screen-init A9LH boot via PDN_GPU_CNT - if (*(u8*)0x10141200 == 0x1) return; + if(*(u8*)0x10141200 == 0x1) return; clearScreen(); if(!fileRead(fb->top_left, "/rei/splash.bin", 0x46500)) return; u64 i = 0xFFFFFF; while(--i) __asm("mov r0, r0"); //Less Ghetto sleep func diff --git a/source/emunand.c b/source/emunand.c index 3f103ea..6aaaee8 100644 --- a/source/emunand.c +++ b/source/emunand.c @@ -12,8 +12,8 @@ static u8 *temp = (u8*)0x24300000; void getEmunandSect(u32 *off, u32 *head){ u32 nandSize = getMMCDevice(0)->total_size; - if (sdmmc_sdcard_readsectors(nandSize, 1, temp) == 0) { - if (*(u32*)(temp + 0x100) == NCSD_MAGIC) { + if(sdmmc_sdcard_readsectors(nandSize, 1, temp) == 0){ + if(*(u32*)(temp + 0x100) == NCSD_MAGIC){ *off = 0; *head = nandSize; } @@ -26,17 +26,17 @@ void getSDMMC(void *pos, u32 *off, u32 size){ *off = (u32)memsearch(pos, pattern, size, 4) - 1; //Get DCD values - unsigned char buf[4]; - int p; + u8 buf[4], + p; u32 addr = 0, additive = 0; - memcpy((void*)buf, (void*)(*off+0x0A), 4); + memcpy(buf, (void *)(*off+0x0A), 4); for (p = 0; p < 4; p++) addr |= ((u32) buf[p]) << (8 * p); - memcpy((void*)buf, (void*)(*off+0x0E), 4); + memcpy(buf, (void *)(*off+0x0E), 4); for (p = 0; p < 4; p++) additive |= ((u32) buf[p]) << (8 * p); //Return result - *off = addr + additive; + *off = addr + additive; } void getEmuRW(void *pos, u32 size, u32 *readOff, u32 *writeOff){ diff --git a/source/firm.c b/source/firm.c index dc3a22d..05f853e 100755 --- a/source/firm.c +++ b/source/firm.c @@ -31,7 +31,7 @@ void setupCFW(void){ //Retrieve the last booted FIRM via CFG_BOOTENV u8 previousFirm = *(u8*)0x10010000; u8 overrideConfig = 0; - char lastConfigPath[] = "rei/lastbootcfg"; + const char lastConfigPath[] = "rei/lastbootcfg"; //Detect the console being used if(PDN_MPCORE_CFG == 1) console = 0; @@ -49,7 +49,7 @@ void setupCFW(void){ //If booting with A9LH and it's a MCU reboot, try to force boot options if(a9lhBoot && previousFirm && fileExists(lastConfigPath)){ u8 tempConfig; - fileRead((u8*)&tempConfig, lastConfigPath, 1); + fileRead(&tempConfig, lastConfigPath, 1); //Always force a sysNAND boot when quitting AGB_FIRM if(previousFirm == 0x7) { @@ -77,7 +77,7 @@ void setupCFW(void){ //Write the current boot options on A9LH if(a9lhBoot){ u8 tempConfig = (mode | (emuNAND << 1)) & 0x3; - fileWrite((u8*)&tempConfig, lastConfigPath, 1); + fileWrite(&tempConfig, lastConfigPath, 1); } } @@ -105,8 +105,8 @@ u8 loadFirm(void){ } //Load FIRM from SD else{ - char *path = usePatchedFirm ? firmPathPatched : - (mode ? "/rei/firmware.bin" : "/rei/firmware90.bin"); + const char *path = usePatchedFirm ? firmPathPatched : + (mode ? "/rei/firmware.bin" : "/rei/firmware90.bin"); firmSize = fileSize(path); if(!firmSize) return 0; fileRead((u8*)firmLocation, path, firmSize); @@ -135,20 +135,19 @@ u8 loadEmu(void){ emuCodeOffset = 0; //Read emunand code from SD - char path[] = "/rei/emunand/emunand.bin"; + const char path[] = "/rei/emunand/emunand.bin"; u32 size = fileSize(path); if(!size) return 0; if(!console || !mode) nandRedir[5] = 0xA4; //Find offset for emuNAND code from the offset in nandRedir - u8 *emuCodeTmp = &nandRedir[4]; - emuCodeOffset = *(u32*)emuCodeTmp - (u32)section[2].address + + emuCodeOffset = *(u32 *)(nandRedir + 4) - (u32)section[2].address + section[2].offset + (u32)firmLocation; fileRead((u8*)emuCodeOffset, path, size); //Find and patch emunand related offsets - u32 *pos_sdmmc = memsearch((u32*)emuCodeOffset, "SDMC", size, 4); - u32 *pos_offset = memsearch((u32*)emuCodeOffset, "NAND", size, 4); - u32 *pos_header = memsearch((u32*)emuCodeOffset, "NCSD", size, 4); + u32 *pos_sdmmc = (u32 *)memsearch((u32*)emuCodeOffset, "SDMC", size, 4); + u32 *pos_offset = (u32 *)memsearch((u32*)emuCodeOffset, "NAND", size, 4); + u32 *pos_header = (u32 *)memsearch((u32*)emuCodeOffset, "NCSD", size, 4); getSDMMC(firmLocation, &sdmmcOffset, firmSize); getEmunandSect(&emuOffset, &emuHeader); getEmuRW(firmLocation, firmSize, &emuRead, &emuWrite); @@ -159,16 +158,16 @@ u8 loadEmu(void){ //Patch emuNAND code in memory for O3DS and 9.0 N3DS if(!console || !mode){ - u32 *pos_instr = memsearch((u32*)emuCodeOffset, "\xA6\x01\x08\x30", size, 4); - memcpy((u8*)pos_instr, emuInstr, sizeof(emuInstr)); + void *pos_instr = memsearch((u32*)emuCodeOffset, "\xA6\x01\x08\x30", size, 4); + memcpy(pos_instr, emuInstr, sizeof(emuInstr)); } //Add emunand hooks - memcpy((u8*)emuRead, nandRedir, sizeof(nandRedir)); - memcpy((u8*)emuWrite, nandRedir, sizeof(nandRedir)); + memcpy((void *)emuRead, nandRedir, sizeof(nandRedir)); + memcpy((void *)emuWrite, nandRedir, sizeof(nandRedir)); //Set MPU for emu code region - memcpy((u8*)mpuOffset, mpu, sizeof(mpu)); + memcpy((void *)mpuOffset, mpu, sizeof(mpu)); return 1; } @@ -187,7 +186,7 @@ u8 patchFirm(void){ //Patch FIRM partitions writes on SysNAND to protect A9LH u32 writeOffset = 0; getFIRMWrite(firmLocation, firmSize, &writeOffset); - memcpy((u8*)writeOffset, FIRMblock, sizeof(FIRMblock)); + memcpy((void *)writeOffset, FIRMblock, sizeof(FIRMblock)); } //Disable signature checks @@ -195,8 +194,8 @@ u8 patchFirm(void){ sigOffset2 = 0; getSignatures(firmLocation, firmSize, &sigOffset, &sigOffset2); - memcpy((u8*)sigOffset, sigPat1, sizeof(sigPat1)); - memcpy((u8*)sigOffset2, sigPat2, sizeof(sigPat2)); + memcpy((void *)sigOffset, sigPat1, sizeof(sigPat1)); + memcpy((void *)sigOffset2, sigPat2, sizeof(sigPat2)); //Patch ARM9 entrypoint on N3DS to skip arm9loader if(console){ @@ -210,21 +209,21 @@ u8 patchFirm(void){ fOpenOffset = 0; //Read reboot code from SD - char path[] = "/rei/reboot/reboot.bin"; + const char path[] = "/rei/reboot/reboot.bin"; u32 size = fileSize(path); if(!size) return 0; getReboot(firmLocation, firmSize, &rebootOffset); fileRead((u8*)rebootOffset, path, size); //Calculate the fOpen offset and put it in the right location - u32 *pos_fopen = memsearch((u32*)rebootOffset, "OPEN", size, 4); + u32 *pos_fopen = (u32 *)memsearch((u32*)rebootOffset, "OPEN", size, 4); getfOpen(firmLocation, firmSize, &fOpenOffset); *pos_fopen = fOpenOffset; //Patch path for emuNAND-patched FIRM if(emuNAND){ - u32 *pos_path = memsearch((u32*)rebootOffset, L"sy", size, 4); - memcpy((u8*)pos_path, L"emu", 5); + void *pos_path = memsearch((u32*)rebootOffset, L"sy", size, 4); + memcpy(pos_path, L"emu", 5); } } diff --git a/source/main.c b/source/main.c index 532513f..baffd7f 100644 --- a/source/main.c +++ b/source/main.c @@ -14,8 +14,8 @@ u8 main(){ mountSD(); loadSplash(); setupCFW(); - if (!loadFirm()) return 0; - if (!patchFirm()) return 0; + if(!loadFirm()) return 0; + if(!patchFirm()) return 0; launchFirm(); return 1; } \ No newline at end of file diff --git a/source/memory.c b/source/memory.c index 2e6bf8e..4769dfe 100644 --- a/source/memory.c +++ b/source/memory.c @@ -7,33 +7,31 @@ #include "memory.h" void memcpy(void *dest, const void *src, u32 size){ - u32 i; for (i = 0; i < size; i++) { - char *destc = (char *)dest; - const char *srcc = (const char *)src; + u8 *destc = (u8 *)dest; + const u8 *srcc = (const u8 *)src; + for(u32 i = 0; i < size; i++) destc[i] = srcc[i]; - } } void memset(void *dest, int filler, u32 size){ - u32 i; for (i = 0; i < size; i++) { - char *destc = (char *)dest; - destc[i] = filler; - } + u8 *destc = (u8 *)dest; + for(u32 i = 0; i < size; i++) + destc[i] = (u8)filler; } int memcmp(const void *buf1, const void *buf2, u32 size){ - u32 i; for (i = 0; i < size; i++) { - const char *buf1c = (const char *)buf1; - const char *buf2c = (const char *)buf2; + const u8 *buf1c = (const u8 *)buf1; + const u8 *buf2c = (const u8 *)buf2; + for(u32 i = 0; i < size; i++){ int cmp = buf1c[i] - buf2c[i]; - if (cmp) return cmp; + if(cmp) return cmp; } return 0; } void *memsearch(void *start_pos, void *search, u32 size, u32 size_search){ - for (void *pos = start_pos + size - size_search; pos >= start_pos; pos--) { - if (memcmp(pos, search, size_search) == 0) return pos; + for(void *pos = start_pos + size - size_search; pos >= start_pos; pos--){ + if(memcmp(pos, search, size_search) == 0) return pos; } return NULL; } \ No newline at end of file diff --git a/source/patches.c b/source/patches.c index 4060bcc..df1edfa 100644 --- a/source/patches.c +++ b/source/patches.c @@ -11,9 +11,6 @@ * Patches **************************************************/ -/* -* MPU -*/ u8 mpu[0x2C] = { //MPU shit 0x03, 0x00, 0x36, 0x00, 0x00, 0x00, 0x10, 0x10, 0x01, 0x00, 0x00, 0x01, 0x03, 0x00, 0x36, 0x00, 0x00, 0x00, 0x00, 0x20, 0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x20, 0x00, 0x00, 0x00, 0x00, 0x08, @@ -22,12 +19,11 @@ u8 mpu[0x2C] = { //MPU shit u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA5, 0x01, 0x08}; //Branch to emunand function -/* -* Sig checks -*/ u8 sigPat1[2] = {0x00, 0x20}; u8 sigPat2[4] = {0x00, 0x20, 0x70, 0x47}; + u8 FIRMblock[4] = {0x00, 0x20, 0xC0, 0x46}; + u8 emuInstr[5] = {0xA5, 0x01, 0x08, 0x30, 0xA5}; /**************************************************