Result osGetSystemVersionDataString(OS_VersionBin *nver_versionbin, OS_VersionBin *cver_versionbin, char *sysverstr, u32 sysverstr_maxsize) { Result ret=0; OS_VersionBin nver_versionbin_tmp, cver_versionbin_tmp; if(nver_versionbin==NULL)nver_versionbin = &nver_versionbin_tmp; if(cver_versionbin==NULL)cver_versionbin = &cver_versionbin_tmp; ret = osGetSystemVersionData(nver_versionbin, cver_versionbin); if(R_FAILED(ret))return ret; snprintf(sysverstr, sysverstr_maxsize, "%u.%u.%u-%u%c\n", cver_versionbin->mainver, cver_versionbin->minor, cver_versionbin->build, nver_versionbin->mainver, nver_versionbin->region); return 0; }
int main() { gfxInitDefault(); gfxSet3D(false); PrintConsole topConsole, botConsole; consoleInit(GFX_TOP, &topConsole); consoleInit(GFX_BOTTOM, &botConsole); consoleSelect(&topConsole); consoleClear(); state_t current_state = STATE_NONE; state_t next_state = STATE_INITIALIZE; FS_ProductInfo product_info; char exploitname[64] = {0}; char titlename[64] = {0}; char versiondir[64] = {0}; char displayversion[64] = {0}; u32 flags_bitmask = 0; static char top_text[2048]; char top_text_tmp[256]; top_text[0] = '\0'; int firmware_version[6] = {0}; int firmware_selected_value = 0; int selected_slot = 0; int selected_version = 0; u32 selected_remaster = 0; AM_TitleEntry update_title; bool update_exists = false; int version_maxnum = 0; void* payload_buffer = NULL; size_t payload_size = 0; u64 program_id = 0; while(aptMainLoop()) { hidScanInput(); if(hidKeysDown() & KEY_START) break; // transition function if(next_state != current_state) { memset(top_text_tmp, 0, sizeof(top_text_tmp)); switch(next_state) { case STATE_INITIALIZE: strncat(top_text, "Initializing... You may press START at any time\nto return to menu.\n\n", sizeof(top_text) - 1); break; case STATE_INITIAL: strncat(top_text, "Welcome to sploit_installer: SALT edition!\nPlease proceed with caution, as you might lose\ndata if you don't.\n\nPress A to continue.\n\n", sizeof(top_text) - 1); break; case STATE_SELECT_VERSION: snprintf(top_text_tmp, sizeof(top_text_tmp) - 1, "Auto-detected %s version: %s\nD-Pad to select, A to continue.\n\n", titlename, displayversion); break; case STATE_SELECT_SLOT: snprintf(top_text_tmp, sizeof(top_text_tmp) - 1, "Please select the savegame slot %s will be\ninstalled to. D-Pad to select, A to continue.\n", exploitname); break; case STATE_SELECT_FIRMWARE: strncat(top_text, "Please select your console's firmware version.\nOnly select NEW 3DS if you own a New 3DS (XL).\nD-Pad to select, A to continue.\n", sizeof(top_text) - 1); break; case STATE_DOWNLOAD_PAYLOAD: snprintf(top_text, sizeof(top_text) - 1, "%s\n\n\nDownloading payload...\n", top_text); break; case STATE_COMPRESS_PAYLOAD: strncat(top_text, "Processing payload...\n", sizeof(top_text) - 1); break; case STATE_INSTALL_PAYLOAD: strncat(top_text, "Installing payload...\n\n", sizeof(top_text) - 1); break; case STATE_INSTALLED_PAYLOAD: snprintf(top_text_tmp, sizeof(top_text_tmp) - 1, "Done!\n%s was successfully installed.", exploitname); break; case STATE_ERROR: strncat(top_text, "Looks like something went wrong. :(\n", sizeof(top_text) - 1); break; default: break; } if(top_text_tmp[0]) strncat(top_text, top_text_tmp, sizeof(top_text) - 1); current_state = next_state; } consoleSelect(&topConsole); printf("\x1b[0;%dHsploit_installer: SALT edition\n\n\n", (50 - 31) / 2); printf(top_text); // state function switch(current_state) { case STATE_INITIALIZE: { fsInit(); // get an fs:USER session as the game Result ret = srvGetServiceHandleDirect(&save_session, "fs:USER"); if(R_SUCCEEDED(ret)) ret = FSUSER_Initialize(save_session); if(R_FAILED(ret)) { snprintf(status, sizeof(status) - 1, "Failed to get game fs:USER session.\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } ret = httpcInit(0); if(R_FAILED(ret)) { snprintf(status, sizeof(status) - 1, "Failed to initialize httpc.\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } OS_VersionBin nver_versionbin, cver_versionbin; ret = osGetSystemVersionData(&nver_versionbin, &cver_versionbin); if(R_FAILED(ret)) { snprintf(status, sizeof(status) - 1, "Failed to get the system version.\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } ret = cfguInit(); if(R_FAILED(ret)) { snprintf(status, sizeof(status) - 1, "Failed to initialize cfgu.\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } u8 region = 0; ret = CFGU_SecureInfoGetRegion(®ion); if(R_FAILED(ret)) { snprintf(status, sizeof(status) - 1, "Failed to get the system region.\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } cfguExit(); bool is_new3ds = false; APT_CheckNew3DS(&is_new3ds); firmware_version[0] = is_new3ds; firmware_version[5] = region; firmware_version[1] = cver_versionbin.mainver; firmware_version[2] = cver_versionbin.minor; firmware_version[3] = cver_versionbin.build; firmware_version[4] = nver_versionbin.mainver; u32 pid = 0; ret = svcGetProcessId(&pid, CUR_PROCESS_HANDLE); if(R_FAILED(ret)) { snprintf(status, sizeof(status) - 1, "Failed to get the process ID for the current process.\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } ret = FSUSER_GetProductInfo(&product_info, pid); selected_remaster = product_info.remasterVersion; if(R_FAILED(ret)) { snprintf(status, sizeof(status) - 1, "Failed to get the product info for the current process.\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } ret = APT_GetProgramID(&program_id); if(R_FAILED(ret)) { snprintf(status, sizeof(status) - 1, "Failed to get the program ID for the current process.\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } u64 update_program_id = 0; if(((program_id >> 32) & 0xFFFF) == 0) update_program_id = program_id | 0x0000000E00000000ULL; if(update_program_id) { ret = amInit(); if(R_FAILED(ret)) { snprintf(status, sizeof(status) - 1, "Failed to initialize AM.\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } ret = AM_GetTitleInfo(1, 1, &update_program_id, &update_title); amExit(); if(R_SUCCEEDED(ret)) update_exists = true; } ret = romfsInit(); if(R_FAILED(ret)) { snprintf(status, sizeof(status) - 1, "Failed to initialize romfs for this application (romfsInit()).\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } ret = load_exploitlist_config("romfs:/exploitlist_config", &program_id, exploitname, titlename, &flags_bitmask); if(ret) { snprintf(status, sizeof(status) - 1, "Failed to select the exploit.\n Error code: %08lX", ret); if(ret == 1) strncat(status, " Failed to\nopen the config file in romfs.", sizeof(status) - 1); if(ret == 2) strncat(status, " This title is not supported.", sizeof(status) - 1); next_state = STATE_ERROR; break; } int version_index = 0; u32 this_remaster = 0; char this_displayversion[64] = {0}; while(true) { ret = load_exploitversion(exploitname, &program_id, version_index, &this_remaster, this_displayversion); if(ret) break; if(this_remaster == selected_remaster) { strncpy(displayversion, this_displayversion, 63); selected_version = version_index; } version_index++; } if(version_index == 0) { snprintf(status, sizeof(status) - 1, "Failed to read remaster versions from config."); next_state = STATE_ERROR; break; } version_maxnum = version_index - 1; next_state = STATE_INITIAL; } break; case STATE_INITIAL: { if(hidKeysDown() & KEY_A) { if(version_maxnum != 0) next_state = STATE_SELECT_VERSION; else if(flags_bitmask & 0x10) next_state = STATE_SELECT_FIRMWARE; else next_state = STATE_SELECT_SLOT; } } break; case STATE_SELECT_VERSION: { if(hidKeysDown() & KEY_UP) selected_version++; if(hidKeysDown() & KEY_DOWN) selected_version--; if(hidKeysDown() & KEY_A) { if(flags_bitmask & 0x10) next_state = STATE_SELECT_FIRMWARE; else next_state = STATE_SELECT_SLOT; } if(selected_version < 0) selected_version = 0; if(selected_version > version_maxnum) selected_version = version_maxnum; Result ret = load_exploitversion(exploitname, &program_id, selected_version, &selected_remaster, displayversion); if(ret) { snprintf(status, sizeof(status) - 1, "Failed to read remaster version from config."); next_state = STATE_ERROR; break; } printf((selected_version >= version_maxnum) ? " \n" : " ^\n"); printf(" Selected version: %s \n", displayversion); printf((!selected_version) ? " \n" : " v\n"); } break; case STATE_SELECT_SLOT: { if(hidKeysDown() & KEY_UP) selected_slot++; if(hidKeysDown() & KEY_DOWN) selected_slot--; if(hidKeysDown() & KEY_A) next_state = STATE_SELECT_FIRMWARE; if(selected_slot < 0) selected_slot = 0; if(selected_slot > 2) selected_slot = 2; printf((selected_slot >= 2) ? " \n" : " ^\n"); printf(" Selected slot: %d \n", selected_slot + 1); printf((!selected_slot) ? " \n" : " v\n"); } break; case STATE_SELECT_FIRMWARE: { if(hidKeysDown() & KEY_LEFT) firmware_selected_value--; if(hidKeysDown() & KEY_RIGHT) firmware_selected_value++; if(firmware_selected_value < 0) firmware_selected_value = 0; if(firmware_selected_value > 5) firmware_selected_value = 5; if(hidKeysDown() & KEY_UP) firmware_version[firmware_selected_value]++; if(hidKeysDown() & KEY_DOWN) firmware_version[firmware_selected_value]--; int firmware_maxnum = 256; if(firmware_selected_value == 0) firmware_maxnum = 2; if(firmware_selected_value == 5) firmware_maxnum = 7; if(firmware_version[firmware_selected_value] < 0) firmware_version[firmware_selected_value] = 0; if(firmware_version[firmware_selected_value] >= firmware_maxnum) firmware_version[firmware_selected_value] = firmware_maxnum - 1; if(hidKeysDown() & KEY_A) next_state = STATE_DOWNLOAD_PAYLOAD; int offset = 26; if(firmware_selected_value) { offset += 7; for(int i = 1; i < firmware_selected_value; i++) { offset += 2; if(firmware_version[i] >= 10) offset++; } } printf((firmware_version[firmware_selected_value] < firmware_maxnum - 1) ? "%*s^%*s" : "%*s-%*s", offset, " ", 50 - offset - 1, " "); printf(" Selected firmware: %s %d-%d-%d-%d %s \n", firmware_version[0] ? "New3DS" : "Old3DS", firmware_version[1], firmware_version[2], firmware_version[3], firmware_version[4], regions[firmware_version[5]]); printf((firmware_version[firmware_selected_value] > 0) ? "%*sv%*s" : "%*s-%*s", offset, " ", 50 - offset - 1, " "); } break; case STATE_DOWNLOAD_PAYLOAD: { httpcContext context; static char in_url[512]; static char out_url[512]; snprintf(in_url, sizeof(in_url) - 1, "http://smea.mtheall.com/get_payload.php?version=%s-%d-%d-%d-%d-%s", firmware_version[0] ? "NEW" : "OLD", firmware_version[1], firmware_version[2], firmware_version[3], firmware_version[4], regions[firmware_version[5]]); char user_agent[64]; snprintf(user_agent, sizeof(user_agent) - 1, "salt_sploit_installer-%s", exploitname); Result ret = get_redirect(in_url, out_url, 512, user_agent); if(R_FAILED(ret)) { sprintf(status, "Failed to grab payload url\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } ret = httpcOpenContext(&context, HTTPC_METHOD_GET, out_url, 0); if(R_FAILED(ret)) { sprintf(status, "Failed to open http context\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } ret = download_file(&context, &payload_buffer, &payload_size, user_agent); if(R_FAILED(ret)) { sprintf(status, "Failed to download payload\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } if(flags_bitmask & 0x1) next_state = STATE_COMPRESS_PAYLOAD; else next_state = STATE_INSTALL_PAYLOAD; } break; case STATE_COMPRESS_PAYLOAD: payload_buffer = BLZ_Code(payload_buffer, payload_size, &payload_size, BLZ_NORMAL); next_state = STATE_INSTALL_PAYLOAD; break; case STATE_INSTALL_PAYLOAD: { u32 selected_remaster_version = 0; Result ret = load_exploitconfig(exploitname, &program_id, selected_remaster, update_exists ? &update_title.version : NULL, &selected_remaster_version, versiondir, displayversion); if(ret) { snprintf(status, sizeof(status) - 1, "Failed to find your version of\n%s in the config / config loading failed.\n Error code: %08lX", titlename, ret); if(ret == 1) strncat(status, " Failed to\nopen the config file in romfs.", sizeof(status) - 1); if(ret == 2 || ret == 4) strncat(status, " The romfs config file is invalid.", sizeof(status) - 1); if(ret == 3) { snprintf(status, sizeof(status) - 1, "this update-title version (v%u) of %s is not compatible with %s, sorry\n", update_title.version, titlename, exploitname); next_state = STATE_ERROR; break; } if(ret == 5) { snprintf(status, sizeof(status) - 1, "this remaster version (%04lX) of %s is not compatible with %s, sorry\n", selected_remaster_version, titlename, exploitname); next_state = STATE_ERROR; break; } next_state = STATE_ERROR; break; } if(flags_bitmask & 0x8) { fsUseSession(save_session); Result ret = FSUSER_FormatSaveData(ARCHIVE_SAVEDATA, (FS_Path){PATH_EMPTY, 1, (u8*)""}, 0x200, 10, 10, 11, 11, true); fsEndUseSession(); if(ret) { sprintf(status, "Failed to format savedata.\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } } if(flags_bitmask & 0x2) { Result ret = parsecopy_saveconfig(versiondir, firmware_version[0], selected_slot); if(ret) { sprintf(status, "Failed to install the savefiles with romfs %s savedir.\n Error code: %08lX", firmware_version[0] == 0?"Old3DS" : "New3DS", ret); next_state = STATE_ERROR; break; } } if(flags_bitmask & 0x4) { Result ret = parsecopy_saveconfig(versiondir, 2, selected_slot); if(ret) { sprintf(status, "Failed to install the savefiles with romfs %s savedir.\n Error code: %08lX", "common", ret); next_state = STATE_ERROR; break; } } } { Result ret; if(payload_embed.enabled) { void* buffer = NULL; size_t size = 0; ret = read_savedata(payload_embed.path, &buffer, &size); if(ret) { sprintf(status, "Failed to embed payload\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } if((payload_embed.offset + payload_size + sizeof(u32)) >= size) { sprintf(status, "Failed to embed payload (too large)\n 0x%X >= 0x%X", (payload_embed.offset + payload_size + sizeof(u32)), size); next_state = STATE_ERROR; break; } *(u32*)(buffer + payload_embed.offset) = payload_size; memcpy(buffer + payload_embed.offset + sizeof(u32), payload_buffer, payload_size); ret = write_savedata(payload_embed.path, buffer, size); free(buffer); } else ret = write_savedata("/payload.bin", payload_buffer, payload_size); if(ret) { sprintf(status, "Failed to install payload\n Error code: %08lX", ret); next_state = STATE_ERROR; break; } next_state = STATE_INSTALLED_PAYLOAD; } break; case STATE_INSTALLED_PAYLOAD: next_state = STATE_NONE; break; default: break; } consoleSelect(&botConsole); printf("\x1b[0;0H Current status:\n %s\n", status); gspWaitForVBlank(); } if(payload_buffer) free(payload_buffer); romfsExit(); httpcExit(); svcCloseHandle(save_session); fsExit(); gfxExit(); return 0; }
Result load_hblauncher() { Result ret = 0; u8 region=0; u8 new3dsflag = 0; OS_VersionBin nver_versionbin; OS_VersionBin cver_versionbin; u32 payloadsize = 0, payloadsize_aligned = 0; u32 payload_src = 0; char payload_sysver[32]; char payloadurl[0x80]; char payload_sdpath[0x80]; void (*funcptr)(u32*, u32*) = NULL; u32 *paramblk = NULL; memset(&nver_versionbin, 0, sizeof(OS_VersionBin)); memset(&cver_versionbin, 0, sizeof(OS_VersionBin)); memset(payload_sysver, 0, sizeof(payload_sysver)); memset(payloadurl, 0, sizeof(payloadurl)); memset(payload_sdpath, 0, sizeof(payload_sdpath)); printf("Getting system-version/system-info etc...\n"); ret = cfguInit(); if(ret!=0) { printf("Failed to init cfgu: 0x%08x.\n", (unsigned int)ret); return ret; } ret = CFGU_SecureInfoGetRegion(®ion); if(ret!=0) { printf("Failed to get region from cfgu: 0x%08x.\n", (unsigned int)ret); return ret; } if(region>=7) { printf("Region value from cfgu is invalid: 0x%02x.\n", (unsigned int)region); ret = -9; return ret; } cfguExit(); APT_CheckNew3DS(&new3dsflag); ret = osGetSystemVersionData(&nver_versionbin, &cver_versionbin); if(ret!=0) { printf("Failed to load the system-version: 0x%08x.\n", (unsigned int)ret); return ret; } snprintf(payload_sysver, sizeof(payload_sysver)-1, "%s-%d-%d-%d-%d-%s", new3dsflag?"NEW":"OLD", cver_versionbin.mainver, cver_versionbin.minor, cver_versionbin.build, nver_versionbin.mainver, regionids_table[region]); snprintf(payloadurl, sizeof(payloadurl)-1, "http://smea.mtheall.com/get_payload.php?version=%s", payload_sysver); snprintf(payload_sdpath, sizeof(payload_sdpath)-1, "sdmc:/hblauncherloader_otherapp_payload_%s.bin", payload_sysver); printf("Detected system-version: %s %d.%d.%d-%d %s\n", new3dsflag?"New3DS":"Old3DS", cver_versionbin.mainver, cver_versionbin.minor, cver_versionbin.build, nver_versionbin.mainver, regionids_table[region]); memset(filebuffer, 0, filebuffer_maxsize); hidScanInput(); if((hidKeysHeld() & KEY_X) == 0) { printf("Since the X button isn't pressed, this will now check for the otherapp payload on SD, with the following filepath: %s\n", payload_sdpath); ret = loadsd_payload(payload_sdpath, &payloadsize); } else { printf("Skipping SD payload load-attempt since the X button is pressed.\n"); ret = 1; } if(ret==0) { printf("The otherapp payload for this app already exists on SD, that will be used instead of downloading the payload via HTTP.\n"); payload_src = 0; } else { printf("Requesting the actual payload URL with HTTP...\n"); ret = http_getactual_payloadurl(payloadurl, payloadurl, sizeof(payloadurl)); if(ret!=0) { printf("Failed to request the actual payload URL: 0x%08x.\n", (unsigned int)ret); printf("If the server isn't down, and the HTTP request was actually done, this may mean your system-version or region isn't supported by the hblauncher-payload currently.\n"); return ret; } printf("Downloading the actual payload with HTTP...\n"); ret = http_download_payload(payloadurl, &payloadsize); if(ret!=0) { printf("Failed to download the actual payload with HTTP: 0x%08x.\n", (unsigned int)ret); printf("If the server isn't down, and the HTTP request was actually done, this may mean your system-version or region isn't supported by the hblauncher-payload currently.\n"); return ret; } if(ret==0)payload_src = 1; } printf("Initializing payload data etc...\n"); payloadsize_aligned = (payloadsize + 0xfff) & ~0xfff; if(payloadsize_aligned > PAYLOAD_TEXTMAXSIZE) { printf("Invalid payload size: 0x%08x.\n", (unsigned int)payloadsize); ret = -3; return ret; } if(payload_src) { hidScanInput(); if(hidKeysHeld() & KEY_Y) { printf("Saving the downloaded payload to SD since the Y button is pressed...\n"); ret = savesd_payload(payload_sdpath, payloadsize); if(ret!=0) { printf("Payload saving failed: 0x%08x.\n", (unsigned int)ret); } else { printf("Payload saving was successful.\n"); } } else { printf("Skipping saving the downloaded payload to SD since the Y button isn't pressed.\n"); } } memcpy(PAYLOAD_TEXTADDR, filebuffer, payloadsize_aligned); memset(filebuffer, 0, filebuffer_maxsize); ret = svcFlushProcessDataCache(0xffff8001, PAYLOAD_TEXTADDR, payloadsize_aligned);//Flush dcache for the payload which was copied into .text. Since that area was never executed, icache shouldn't be an issue. if(ret!=0) { printf("svcFlushProcessDataCache failed: 0x%08x.\n", (unsigned int)ret); return ret; } paramblk = linearMemAlign(0x10000, 0x1000); if(paramblk==NULL) { ret = 0xfe; printf("Failed to alloc the paramblk.\n"); return ret; } httpcExit(); memset(paramblk, 0, 0x10000); paramblk[0x1c>>2] = (u32)gxlowcmd_4; paramblk[0x20>>2] = (u32)gsp_flushdcache; paramblk[0x48>>2] = 0x8d;//flags paramblk[0x58>>2] = (u32)&gspGpuHandle; printf("Jumping into the payload...\n"); funcptr = (void*)PAYLOAD_TEXTADDR; funcptr(paramblk, (u32*)(0x10000000-0x1000)); ret = 0xff; printf("The payload returned back into the app, this should *never* happen with the actual hblauncher-payload.\n"); return ret; }