Beispiel #1
0
s32 menu_cb_run (s32 idx, void *param) {
	s32 fail_stage;

	/* we're kinda screwed if the exploit fails
	   and soc has been deinitialized. not sure
	   whether cleaning up here improves existing
	   problems with using sockets either */
	soc_exit();
	printf("[+] Running ARM9 payload\n");	
	fail_stage = firm_reboot();

	char *msg;
	switch (fail_stage) {
		case 1:
			msg = "[!] ARM11 exploit failed";
			break;
		case 2:
			msg = "[!] ARM9 exploit failed";
			break;
		default:
			msg = "[!] Unexpected error";
	}
	printf("%s\n", msg);
	return 1;
}
Beispiel #2
0
s32 main (void) {
	gfxInitDefault();
	consoleInit(GFX_BOTTOM, NULL);
	if (brahma_init()) {
		printf(" ");
		load_arm9_payload_from_mem (starter_bin, starter_bin_size);
		printf("%08X\n", firm_reboot ());
		brahma_exit();
	} 
	gfxExit();
	return 0;
}
Beispiel #3
0
s32 main (void) {
	// Initialize services
	//gfxInitDefault();
	//gfxSwapBuffers(); 
	Result res;
	gfxInitDefault();
	gfxSwapBuffers(); 
	
	
	consoleInit(GFX_TOP,NULL);
	//printf("miniPasta2\n\n");

	res=suInit();
	printf("su init: %08X\n",res);

	//res=khaxInit();
	//printf("khax init: %08X\n",res);
	
	res=brahma_init();
	printf("brahma init: %08X\n",res);
	
    load_arm9_payload_from_mem (arm9payload_bin, arm9payload_bin_size);
	printf("payload loaded to RAM\n");
	
	res=firm_reboot();	
	printf("firm reboot: %08X\n",res);
	
	while (aptMainLoop())
	{
		//Scan all the inputs. This should be done once for each frame
		hidScanInput();

		//hidKeysDown returns information about which buttons have been just pressed (and they weren't in the previous frame)
		u32 kDown = hidKeysDown();

		if (kDown & KEY_START) break; // break in order to return to hbmenu

		// Flush and swap framebuffers
		gfxFlushBuffers();
		gfxSwapBuffers();

		//Wait for VBlank
		gspWaitForVBlank();
	}
	
	
	
	gfxExit();
	// Return to hbmenu
	return 0;
}
Beispiel #4
0
s32 main (void) {
	// Initialize services
	gfxInitDefault();
	gfxSwapBuffers(); 
	//consoleInit(GFX_TOP,NULL);
	
	brahma_init();
	
	
    load_arm9_payload_from_mem (arm9payload_bin, arm9payload_bin_size);
	firm_reboot();	
	
	gfxExit();
	// Return to hbmenu
	return 0;
}
Beispiel #5
0
s32 main (void) {
    // Initialize services
    gfxInitDefault();

    // Make sure the settings applied by gfxInitDefault come into effect
    gfxSwapBuffers();

    // Memory for the arm9 payload
    u32 payload_size = 0x10000;
    void *payload = malloc(payload_size);
    if (!payload) goto error;

    int rc;

    // Load the arm9 payload into memory
    FILE *file = fopen("/" LAUNCHER_PATH, "r");
    if (!file) goto error;
    rc = fseek(file, 0x12000, SEEK_SET);
    if (rc != 0) goto error;
    fread(payload, payload_size, 1, file);
    if (ferror(file) != 0) goto error;
    fclose(file);

    if (brahma_init()) {
        rc = load_arm9_payload_from_mem(payload, payload_size);
        if (rc != 1) goto error;
        firm_reboot();
        brahma_exit();
    }

    free(payload);

    gfxExit();
    // Return to hbmenu
    return 0;

error:
    consoleInit(GFX_BOTTOM, NULL);
    printf("An error occurred while loading the payload.\nMake sure your launcher is located at:\n/" LAUNCHER_PATH);
    wait_any_key();

    if (payload) free(payload);

    gfxExit();
    return 1;
}
Beispiel #6
0
int load_bin(char *path, long offset) {

    if (brahma_init()) {
        if (load_arm9_payload_offset(path, (u32) offset, 0x10000) != 1) {
            debug("Err: Couldn't load arm9 payload...\n");
            return -1;
        }
        firm_reboot();
        brahma_exit();

    } else {
        debug("Err: Couldn't init brahma...\n");
        return -1;
    }

    return 0;
}
Beispiel #7
0
s32 quick_boot_firm (s32 load_from_disk) {
	if (load_from_disk)
		load_arm9_payload_from_mem(payload_bin, payload_bin_size);
	firm_reboot();	
}
int menu_netloaderarm9(void) {

    s32 sockfd;
    struct sockaddr_in sa;
    s32 clientfd;
    struct sockaddr_in client_addr;
    s32 addrlen = sizeof(client_addr);
    s32 sflags = 0;

    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
        debug("Err: socket");
        return -1;
    }

    bzero(&sa, sizeof(sa));
    sa.sin_family = AF_INET;
    sa.sin_port = htons(BRAHMA_NETWORK_PORT);
    sa.sin_addr.s_addr = gethostid();

    if (bind(sockfd, (struct sockaddr *) &sa, sizeof(sa)) != 0) {
        debug("Err: bind");
        close(sockfd);
        return -1;
    }

    if (listen(sockfd, 1) != 0) {
        debug("Err: listen()");
        close(sockfd);
        return -1;
    }

    char msg[256];
    sprintf(msg,
            "NetLoader Active - waiting for arm9\n\n"
                    "IP: %s, Port: %d\n\nPress B to cancel\n",
            inet_ntoa(sa.sin_addr), BRAHMA_NETWORK_PORT);
    drawBg();
    gfxDrawTextf(GFX_TOP, GFX_LEFT, &fontDefault, MENU_MIN_X + 16, MENU_MIN_Y + 16, msg);
    gfxSwap();

    sflags = fcntl(sockfd, F_GETFL);
    if (sflags == -1) {
        debug("Err: fcntl() (1)\n");
        close(sockfd);
    }
    fcntl(sockfd, F_SETFL, sflags | O_NONBLOCK);

    while (aptMainLoop()) {

        hidScanInput();
        if (hidKeysDown() & KEY_B) {
            close(sockfd);
            return -1;
        }

        clientfd = accept(sockfd, (struct sockaddr *) &client_addr, &addrlen);
        svcSleepThread(100000000);
        if (clientfd > 0)
            break;
    }

    s32 recvd;
    u32 total = 0;
    u8 *arm9_buf = memalign(0x1000, ARM9_PAYLOAD_MAX_SIZE);

    while ((recvd = recv(clientfd, arm9_buf + total,
                         ARM9_PAYLOAD_MAX_SIZE - total, 0)) != 0) {
        if (recvd != -1) {
            total += recvd;
            drawBg();
            gfxDrawTextf(GFX_TOP, GFX_LEFT, &fontDefault, MENU_MIN_X + 16, MENU_MIN_Y + 16, "%i", total);
            gfxSwap();
        }
        if (total >= ARM9_PAYLOAD_MAX_SIZE) {
            debug("Err: invalid payload size\n");
            close(clientfd);
            close(sockfd);
            free(arm9_buf);
            return -1;
        }
    }

    fcntl(sockfd, F_SETFL, sflags & ~O_NONBLOCK);
    close(clientfd);
    close(sockfd);

    gfxExit();

    brahma_init();
    if (load_arm9_payload_from_mem(arm9_buf, total) != 1) {
        debug("Err: Couldn't load arm9 payload...\n");
        return -1;
    }
    firm_reboot();
    brahma_exit();
}
Beispiel #9
0
//Boot command
s32 quick_boot_firm(s32 load_from_disk) {
	if (load_from_disk)
		load_arm9_payload("/3ds/PastaCFW/loader.bin");
	firm_reboot();
}
Beispiel #10
0
int main(void)
{
	// First allocate the buffer for the Linux image + DTB
	void *linux_buffer = linearAlloc(LINUX_BUFFER_SIZE);
	memset(linux_buffer, 0, LINUX_BUFFER_SIZE);

	// Initialize services
	gfxInitDefault();
	gfxSwapBuffers();

	consoleInit(GFX_BOTTOM, NULL);

	printf("Linux loader by xerpi\n\n");

	if (brahma_init()) {

		printf("[+] Opening the linux image...\n");

		FILE *zImage = fopen(LINUXIMAGE_FILENAME, "rb");

		printf("[+] fopen returned: %p\n", zImage);

		if (zImage == NULL) {
			printf("[+] Error opening the Linux zImage\n"
				"Press any key to reboot.");
			wait_any_key();
			firm_reboot();
		}

		//Load the kernel image code to ZIMAGE_ADDR
		unsigned int n = 0;
		unsigned int linux_bin_size = 0;

		while ((n = fread(fcram_phys2linear(linux_buffer, ZIMAGE_ADDR)+linux_bin_size, 1, 0x10000, zImage)) > 0) {
			linux_bin_size += n;
		}

		fclose(zImage);

		printf("[+] Loaded kernel:\n");
		printf("[+]     address: %p,\n", ZIMAGE_ADDR);
		printf("[+]     size:    0x%08X bytes\n", linux_bin_size);

		//Load the device tree to PARAMS_TMP_ADDR
		printf("\n[+] Opening " DTB_FILENAME "\n");

		FILE *dtb = fopen(DTB_FILENAME, "rb");

		printf("[+] FileOpen returned: %p\n", dtb);

		if (dtb == NULL) {
			printf("[+] Error opening " DTB_FILENAME "\n"
				"Press any key to reboot.");
			wait_any_key();
			firm_reboot();
		}

		n = 0;
		unsigned int dtb_bin_size = 0;
		while ((n = fread(fcram_phys2linear(linux_buffer, PARAMS_TMP_ADDR)+dtb_bin_size, 1, 0x10000, dtb)) > 0) {
			dtb_bin_size += n;
		}

		fclose(dtb);

		//Load the arm9linuxfw to ARM9LINUXFW_TMP_ADDR
		printf("\n[+] Opening " ARM9LINUXFW_FILENAME "\n");

		FILE *arm9fw = fopen(ARM9LINUXFW_FILENAME, "rb");

		printf("[+] FileOpen returned: %p\n", arm9fw);

		if (arm9fw != NULL) {
			n = 0;
			unsigned int arm9fw_bin_size = 0;
			while ((n = fread(fcram_phys2linear(linux_buffer, ARM9LINUXFW_TMP_ADDR)+arm9fw_bin_size, 1, 0x10000, arm9fw)) > 0) {
				arm9fw_bin_size += n;
			}

			fclose(arm9fw);

			printf("[+] Loaded " ARM9LINUXFW_FILENAME ":\n");
			printf("[+]     temp address: %p,\n", ARM9LINUXFW_TMP_ADDR);
			printf("[+]     dest address: %p,\n", ARM9LINUXFW_ADDR);
			printf("[+]     size:    0x%08X bytes\n", arm9fw_bin_size);

			// Store the arm9linuxfw size to *ARM9LINUXFW_SIZE_ADDR
			*(unsigned int *)fcram_phys2linear(linux_buffer, ARM9LINUXFW_SIZE_ADDR) = arm9fw_bin_size;
		} else {
			printf("\n\n[+] WARNING " ARM9LINUXFW_FILENAME " not found!\n\n");
			// Store a 0 size to *ARM9LINUXFW_SIZE_ADDR
			*(unsigned int *)fcram_phys2linear(linux_buffer, ARM9LINUXFW_SIZE_ADDR) = 0;
		}

		// Store the DTB size to *PARAMS_SIZE_ADDR
		*(unsigned int *)fcram_phys2linear(linux_buffer, PARAMS_SIZE_ADDR) = dtb_bin_size;

		GSPGPU_FlushDataCache(fcram_phys2linear(linux_buffer, ZIMAGE_ADDR), linux_bin_size);
		GSPGPU_FlushDataCache(fcram_phys2linear(linux_buffer, PARAMS_ADDR), dtb_bin_size);
		GSPGPU_FlushDataCache(fcram_phys2linear(linux_buffer, PARAMS_SIZE_ADDR), sizeof(unsigned int));
		GSPGPU_FlushDataCache(fcram_phys2linear(linux_buffer, ARM9LINUXFW_SIZE_ADDR), sizeof(unsigned int));

		printf("[+] Loading Linux Payloads...\n");

		unsigned int linux_payloads_size = (u32)&linux_payloads_end - (u32)&linux_payloads_start;

		printf("[+]     size %i\n", linux_payloads_size);

		load_arm9_payload_from_mem(&linux_payloads_start, linux_payloads_size);

		flush_dcache();

		//soc_init();
		//soc_exit();

		//wait_any_key();

		printf("[+] Running ARM9 payload\n");
		firm_reboot();

		//soc_exit();
		brahma_exit();

	} else {
		printf("* BRAHMA *\n\n[!]Not enough memory\n");
		wait_any_key();
	}

	linearFree(linux_buffer);

	gfxExit();
	// Return to hbmenu
	return 0;
}