Exemplo n.º 1
0
int CheckInstallationData(){
	File file;
	char str[64];

	switch (getMpInfo()) {
		case MPINFO_CTR:
			getFirmPath(str, TID_CTR_NATIVE_FIRM);
			if(!FileOpen(&file, str, 0)) return -1;
			FileClose(&file);

			getFirmPath(str, TID_CTR_TWL_FIRM);
			if(!FileOpen(&file, str, 0)) return -2;
			FileClose(&file);

			getFirmPath(str, TID_CTR_AGB_FIRM);
			if(!FileOpen(&file, str, 0)) return -3;
			FileClose(&file);

			if(!FileOpen(&file, "rxTools/data/data.bin", 0)) return -4;
			FileRead(&file, str, 32, 0);
			FileClose(&file);
			if(memcmp(str, __DATE__, 11)) return -5;
			if(memcmp(&str[12], __TIME__, 8)) return -5;

			return 0;

		case MPINFO_KTR:
			getFirmPath(str, TID_KTR_NATIVE_FIRM);
			if(!FileOpen(&file, str, 0)) return -1;
			FileClose(&file);

		default:
			return 0;
	}
}
Exemplo n.º 2
0
unsigned int checkEmuNAND() {
	uint8_t *check = (uint8_t *)0x26000000;
	int isn3ds = 0;
	if (getMpInfo() == MPINFO_KTR)isn3ds = 1;

	sdmmc_sdcard_readsectors(isn3ds ? 0x4D800000 /0x200 : 0x3AF00000 / 0x200, 1, check);
	if (*((char *)check + 0x100) == 'N' && *((char *)check + 0x101) == 'C' && *((char *)check + 0x102) == 'S' && *((char *)check + 0x103) == 'D') {
		return isn3ds ? 0x4D800000 : 0x3AF00000;
	} else {
		sdmmc_sdcard_readsectors(isn3ds ? 0x76000000 /0x200 : 0x3BA00000 / 0x200, 1, check);
		if (*((char *)check + 0x100) == 'N' && *((char *)check + 0x101) == 'C' && *((char *)check + 0x102) == 'S' && *((char *)check + 0x103) == 'D') {
			return isn3ds ? 0x76000000 : 0x3BA00000;
		} else {
			return 0;
		}
	}
}
Exemplo n.º 3
0
void nand_readsectors(uint32_t sector_no, uint32_t numsectors, uint8_t *out, unsigned int partition) {
	PartitionInfo info;
	uint8_t myCtr[16];
	if (partition == CTRNAND && getMpInfo() == MPINFO_KTR) partition = KTR_CTRNAND; //SWITCH TO KTR_CTRNAND IF ON N3DS
	for (int i = 0; i < 16; i++) { myCtr[i] = NANDCTR[i]; }
	info.ctr = myCtr; info.buffer = out; info.size = numsectors * 0x200; info.keyY = NULL;
	add_ctr(info.ctr, partition / 16);
	switch (partition) {
		case TWLN	  : info.keyslot = 0x3; break;
		case TWLP	  : info.keyslot = 0x3; break;
		case AGB_SAVE : info.keyslot = 0x7; break;
		case FIRM0    : info.keyslot = 0x6; break;
		case FIRM1    : info.keyslot = 0x6; break;
		case CTRNAND  : info.keyslot = 0x4; break;
		case KTR_CTRNAND: info.keyslot = 0x5; break;
	}
	add_ctr(info.ctr, sector_no * 0x20);
	sdmmc_nand_readsectors(sector_no + partition / 0x200, numsectors, out);
	DecryptPartition(&info);
}
Exemplo n.º 4
0
//Just patches signatures check, loads in sysnand
int PastaMode(){
	/*PastaMode is ready for n3ds BUT there's an unresolved bug which affects nand reading functions, like nand_readsectors(0, 0xF0000 / 0x200, firm, FIRM0);*/

	uint8_t* firm = (void*)FIRM_ADDR;
	nand_readsectors(0, 0xF0000 / 0x200, firm, FIRM0);
	if (strncmp((char*)firm, "FIRM", 4))
		nand_readsectors(0, 0xF0000 / 0x200, firm, FIRM1);

	if(getMpInfo() == MPINFO_CTR)
	{
		//o3ds patches
		unsigned char sign1[] = { 0xC1, 0x17, 0x49, 0x1C, 0x31, 0xD0, 0x68, 0x46, 0x01, 0x78, 0x40, 0x1C, 0x00, 0x29, 0x10, 0xD1 };
		unsigned char sign2[] = { 0xC0, 0x1C, 0x76, 0xE7, 0x20, 0x00, 0x74, 0xE7, 0x22, 0xF8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F };
		unsigned char patch1[] = { 0x00, 0x20, 0x4E, 0xB0, 0x70, 0xBD };
		unsigned char patch2[] = { 0x00, 0x20 };

		for (int i = 0; i < 0xF0000; i++){
			if (!memcmp(firm + i, sign1, 16)){
				memcpy(firm + i, patch1, 6);
			}
			if (!memcmp(firm + i, sign2, 16)){
				memcpy(firm + i, patch2, 2);
			}
		}
	}
	else
	{
		//new 3ds patches
		decryptFirmKtrArm9((void *)FIRM_ADDR);
		uint8_t patch0[] = { 0x00, 0x20, 0x3B, 0xE0 };
        uint8_t patch1[] = { 0x00, 0x20, 0x08, 0xE0 };
        memcpy((uint32_t*)(FIRM_ADDR + 0xB39D8), patch0, 4);
		memcpy((uint32_t*)(FIRM_ADDR + 0xB9204), patch1, 4);
	}

	return loadExecReboot();
}
Exemplo n.º 5
0
uint8_t* decryptFirmTitleNcch(uint8_t* title, size_t *size)
{
	const size_t sector = 512;
	const size_t header = 512;
	ctr_ncchheader NCCH;
	uint8_t CTR[16];
	PartitionInfo INFO;
	NCCH = *((ctr_ncchheader*)title);
	if(memcmp(NCCH.magic, "NCCH", 4) != 0) return NULL;
	ncch_get_counter(NCCH, CTR, 2);
	INFO.ctr = CTR; INFO.buffer = title + getle32(NCCH.exefsoffset)*sector; INFO.keyY = NCCH.signature; INFO.size = getle32(NCCH.exefssize)*sector; INFO.keyslot = 0x2C;
	DecryptPartition(&INFO);

	if (size != NULL)
		*size = INFO.size - header;

	uint8_t* firm = (uint8_t*)(INFO.buffer + header);

	if (getMpInfo() == MPINFO_KTR)
	    if (decryptFirmKtrArm9(firm))
			return NULL;

	return firm;
}
Exemplo n.º 6
0
static void *findCounter(void)
{
	uint32_t i;

	if (getMpInfo() == MPINFO_KTR) {
		if (*(uint32_t *)fsCounter9Ktr == 0x5C980) {
			sysver = 9;
			return (void *)(fsCounter9Ktr + 0x30);
		}
	} else {
		for (i = 0; i < sizeof(fsCountersCtr) / sizeof(uintptr_t); i++)
			if (*(uint32_t *)fsCountersCtr[i] == 0x5C980) {
				sysver = i + 3;
				return (void *)(fsCountersCtr[i] + 0x30);
			}
	}

	// If value not in previous list start memory scanning (test range)
	for (i = 0x080D8FFC; i > 0x08000000; i -= sizeof(uint32_t))
		if (((uint32_t *)i)[0] == 0x5C980 && ((uint32_t *)i)[1] == 0x800005C9)
			return (void *)(i + 0x30);

	return NULL;
}
Exemplo n.º 7
0
//Just patches signatures check, loads in sysnand
int DevMode(){
	/*DevMode is ready for n3ds BUT there's an unresolved bug which affects nand reading functions, like nand_readsectors(0, 0xF0000 / 0x200, firm, FIRM0);*/

	uint8_t* firm = (void*)0x24000000;
	nand_readsectors(0, 0xF0000 / 0x200, firm, FIRM0);
	if (strncmp((char*)firm, "FIRM", 4))
		nand_readsectors(0, 0xF0000 / 0x200, firm, FIRM1);

	if(getMpInfo() == MPINFO_CTR)
	{
		//o3ds patches
		unsigned char sign1[] = { 0xC1, 0x17, 0x49, 0x1C, 0x31, 0xD0, 0x68, 0x46, 0x01, 0x78, 0x40, 0x1C, 0x00, 0x29, 0x10, 0xD1 };
		unsigned char sign2[] = { 0xC0, 0x1C, 0x76, 0xE7, 0x20, 0x00, 0x74, 0xE7, 0x22, 0xF8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F };
		unsigned char patch1[] = { 0x00, 0x20, 0x4E, 0xB0, 0x70, 0xBD };
		unsigned char patch2[] = { 0x00, 0x20 };

		for (int i = 0; i < 0xF0000; i++){
			if (!memcmp(firm + i, sign1, 16)){
				memcpy(firm + i, patch1, 6);
			}
			if (!memcmp(firm + i, sign2, 16)){
				memcpy(firm + i, patch2, 2);
			}
		}
	}
	else
	{
		//new 3ds patches
		uint8_t patch1[] = { 0x6D, 0x20, 0xCE, 0x77 };
		uint8_t patch2[] = { 0x5A, 0xC5, 0x73, 0xC1 };
		memcpy((uint32_t*)0x08052FD8, patch1, 4);
		memcpy((uint32_t*)0x08058804, patch2, 4);
	}

	return loadExecReboot();
}
Exemplo n.º 8
0
int rxMode(int emu)
{
	if (!checkEmuNAND() && emu)
	{
		ConsoleInit();
		ConsoleSetTitle(L"EMUNAND NOT FOUND!");
		print(L"The emunand was not found on\n");
		print(L"your SDCard. \n");
		print(L"\n");
		print(L"Press A to boot SYSNAND\n");
		ConsoleShow();
		WaitForButton(BUTTON_A);
		emu = 0;
		char s[32];
		sprintf(s, "/rxTools/Theme/%u/boot.bin", cfgs[CFG_THEME].val.i);
		DrawBottomSplash(s);
	}

	static const char patchNandPrefix[] = ".patch.p9.nand";
	unsigned int cur, offset, shstrSize;
	char path[64], shstrtab[512], *sh_name;
	const char *platformDir;
	const wchar_t *msg;
	int r, sector;
	void *p;
	Elf32_Ehdr ehdr;
	Elf32_Shdr shdr;
	FIL fd, keyxFd;
	UINT br, fsz;

	setAgbBios();

	getFirmPath(path, getMpInfo() == MPINFO_KTR ?
		TID_KTR_NATIVE_FIRM : TID_CTR_NATIVE_FIRM);
    strcpy(path + strlen(path) - 4, "orig.bin");
	r = loadFirm(path, &fsz);
	if (r) {
		msg = L"Failed to load NATIVE_FIRM: %d\n"
			L"Reboot rxTools and try again.\n";
		goto fail;
	}

	r = getMpInfo();
	switch (r) {
		case MPINFO_KTR:
			platformDir = "ktr";
			break;

		case MPINFO_CTR:
			platformDir = "ctr";
			break;

		default:
			msg = L"Unknown Platform: %d";
			goto fail;
	}

	sprintf(path, SYS_PATH "/patches/%s/native_firm.elf", platformDir);
	r = f_open(&fd, path, FA_READ);
	if (r != FR_OK)
		goto patchFail;

	r = f_read(&fd, &ehdr, sizeof(ehdr), &br);
	if (r != FR_OK)
		goto patchFail;

	r = f_lseek(&fd, ehdr.e_shoff + ehdr.e_shstrndx * sizeof(Elf32_Shdr));
	if (r != FR_OK)
		goto patchFail;

	r = f_read(&fd, &shdr, sizeof(shdr), &br);
	if (r != FR_OK)
		goto patchFail;

	r = f_lseek(&fd, shdr.sh_offset);
	if (r != FR_OK)
		goto patchFail;

	r = f_read(&fd, shstrtab, shdr.sh_size > sizeof(shstrtab) ?
		sizeof(shstrtab) : shdr.sh_size, &shstrSize);
	if (r != FR_OK)
		goto patchFail;

	if (emu) {
		sector = checkEmuNAND();
		if (sector == 0) {
			msg = L"Failed to find EmuNAND.\n"
				L"Check your EmuNAND.\n";
			goto fail;
		}
	} else
		sector = 0;

	cur = ehdr.e_shoff;
	for (; ehdr.e_shnum; ehdr.e_shnum--, cur += sizeof(shdr)) {
		if (f_lseek(&fd, cur) != FR_OK)
			continue;

		if (f_read(&fd, &shdr, sizeof(shdr), &br) != FR_OK)
			continue;

		if (!(shdr.sh_flags & SHF_ALLOC) || shdr.sh_name >= shstrSize)
			continue;

		offset = locateSecInFirm(&shdr, (FirmHdr *)FIRM_ADDR);
		if (offset == 0)
			continue;

		p = (void *)(FIRM_ADDR + offset);
		sh_name = shstrtab + shdr.sh_name;

		if (!strcmp(sh_name, ".rodata.keyx")) {
			if (sysver >= 7)
				continue;

			if (f_open(&keyxFd, "slot0x25KeyX.bin", FA_READ) != FR_OK)
				continue;

			f_read(&keyxFd, p, shdr.sh_size, &br);
			f_close(&keyxFd);
		} else if (!strcmp(sh_name, ".rodata.nand.sector")) {
			if (sector)
				*(uint32_t *)p = (sector / 0x200) - 1;
		} else if (!strcmp(sh_name, ".rodata.label")) {
			*(uint32_t *)p = sector ? 'E-XR' : 'S-XR';
		} else if (shdr.sh_type == SHT_PROGBITS
			&& (sector || memcmp(sh_name, patchNandPrefix, sizeof(patchNandPrefix) - 1))
			&& (sysver < 7 || strcmp(sh_name, ".patch.p9.keyx")))
		{
			if (f_lseek(&fd, shdr.sh_offset) != FR_OK)
				continue;

			f_read(&fd, p, shdr.sh_size, &br);
		}
	}

	getFirmPath(path, getMpInfo() == MPINFO_KTR ?
		TID_KTR_NATIVE_FIRM : TID_CTR_NATIVE_FIRM);
	f_open(&fd, path, FA_WRITE | FA_CREATE_ALWAYS);
	f_write(&fd, (void *)FIRM_ADDR, fsz, &br);
	f_close(&fd);

	r = loadExecReboot(); // This won't return if it succeeds.
	msg = L"Failed to load reboot.bin: %d\n"
		L"Check your installation.\n";

fail:
	ConsoleInit();
	ConsoleSetTitle(L"rxMode");
	print(msg, r);
	print(L"\n");
	print(strings[STR_PRESS_BUTTON_ACTION],
		strings[STR_BUTTON_A], strings[STR_CONTINUE]);
	ConsoleShow();
	WaitForButton(BUTTON_A);

	return r;

patchFail:
	msg = L"Failed to load native_firm.elf: %d\n"
		L"Check your installation.\n";
	goto fail;
}
Exemplo n.º 9
0
int rxMode(int emu)
{
	wchar_t path[64];
	const char *shstrtab;
	const wchar_t *msg;
	uint8_t keyx[16];
	uint32_t tid;
	int r, sector;
	Elf32_Ehdr *ehdr;
	Elf32_Shdr *shdr, *btm;
	void *keyxArg;
	FIL fd;
	UINT br, fsz;

	if (emu) {
		sector = checkEmuNAND();
		if (sector == 0) {
			ConsoleInit();
			ConsoleSetTitle(L"EMUNAND NOT FOUND!");
			print(L"The emunand was not found on\n");
			print(L"your SDCard. \n");
			print(L"\n");
			print(L"Press A to boot SYSNAND\n");
			ConsoleShow();

			WaitForButton(BUTTON_A);

			swprintf(path, _MAX_LFN, L"/rxTools/Theme/%u/boot.bin",
				cfgs[CFG_THEME].val.i);
			DrawBottomSplash(path);
		}
	} else
		sector = 0;

	r = getMpInfo();
	switch (r) {
		case MPINFO_KTR:
			tid = TID_KTR_NATIVE_FIRM;
			break;

		case MPINFO_CTR:
			tid = TID_CTR_NATIVE_FIRM;
			break;

		default:
			msg = L"Unknown Platform: %d";
			goto fail;
	}

	setAgbBios();

	if (sysver < 7 && f_open(&fd, _T("slot0x25KeyX.bin"), FA_READ) == FR_OK) {
		f_read(&fd, keyx, sizeof(keyx), &br);
		f_close(&fd);
		keyxArg = keyx;
	} else
		keyxArg = NULL;

	getFirmPath(path, tid);
	r = loadFirm(path, &fsz);
	if (r) {
		msg = L"Failed to load NATIVE_FIRM: %d\n"
			L"Reboot rxTools and try again.\n";
		goto fail;
	}

	((FirmHdr *)FIRM_ADDR)->arm9Entry = 0x0801B01C;

	getFirmPatchPath(path, tid);
	r = f_open(&fd, path, FA_READ);
	if (r != FR_OK)
		goto patchFail;

	r = f_read(&fd, (void *)PATCH_ADDR, PATCH_SIZE, &br);
	if (r != FR_OK)
		goto patchFail;

	f_close(&fd);

	ehdr = (void *)PATCH_ADDR;
	shdr = (void *)(PATCH_ADDR + ehdr->e_shoff);
	shstrtab = (char *)PATCH_ADDR + shdr[ehdr->e_shstrndx].sh_offset;
	for (btm = shdr + ehdr->e_shnum; shdr != btm; shdr++) {
		if (!strcmp(shstrtab + shdr->sh_name, ".patch.p9.reboot.body")) {
			execReboot(sector, keyxArg, ehdr->e_entry, shdr);
			__builtin_unreachable();
		}
	}

	msg = L".patch.p9.reboot.body not found\n"
		L"Please check your installation.\n";
fail:
	ConsoleInit();
	ConsoleSetTitle(L"rxMode");
	print(msg, r);
	print(L"\n");
	print(strings[STR_PRESS_BUTTON_ACTION],
		strings[STR_BUTTON_A], strings[STR_CONTINUE]);
	ConsoleShow();
	WaitForButton(BUTTON_A);

	return r;

patchFail:
	msg = L"Failed to load the patch: %d\n"
		L"Check your installation.\n";
	goto fail;
}
Exemplo n.º 10
0
__attribute__((section(".text.start"), noreturn)) void _start()
{
	static const TCHAR fontPath[] = _T("") SYS_PATH "/" FONT_NAME;
	void *fontBuf;
	UINT btr, br;
	int r;
	FIL f;

	// Enable TMIO IRQ
	*(volatile uint32_t *)0x10001000 = 0x00010000;

	preloadStringsA();

	
	if (!FSInit()) {
		DrawString(BOT_SCREEN, strings[STR_FAILED],
			BOT_SCREEN_WIDTH / 2, SCREEN_HEIGHT - FONT_HEIGHT, RED, BLACK);
		while (1);
	}

	
	set_loglevel(ll_info);
	log(ll_info, "Initializing rxTools...");
	

	setConsole();

	fontIsLoaded = 0;
	r = f_open(&f, fontPath, FA_READ);
	if (r == FR_OK) {
		btr = f_size(&f);
		fontBuf = __builtin_alloca(btr);
		r = f_read(&f, fontBuf, btr, &br);
		if (r == FR_OK)
			fontIsLoaded = 1;

		f_close(&f);
		fontaddr = fontBuf;
	}

	if (fontIsLoaded)
		preloadStringsU();
	else
		warn(L"Failed to load " FONT_NAME ": %d\n", r);

	if (getMpInfo() == MPINFO_KTR)
    {
        r = initN3DSKeys();
        if (r != FR_OK) {
            warn(L"Failed to load keys for N3DS\n"
            "  Code: %d\n"
            "  RxMode will not boot. Please\n"
            "  include key_0x16.bin and\n"
            "  key_0x1B.bin at the root of your\n"
            "  SD card.\n", r);
            InputWait();
            goto postinstall;
        }
    }


	install();
	postinstall:
	readCfg();

	log(ll_info, "Done...");

	r = loadStrings();
	if (r)
		warn(L"Failed to load strings: %d\n", r);

	drawTop();

	//Default boot check
	if (cfgs[CFG_DEFAULT].val.i && HID_STATE & BUTTON_L1)
		{
			if(cfgs[CFG_DEFAULT].val.i == 3) PastaMode();
			else rxMode(cfgs[CFG_DEFAULT].val.i - 1);
		}

	if (sysver < 7) {
		r = initKeyX();
		if (r != FR_OK)
			warn(L"Failed to load key X for slot 0x25\n"
				"  Code: %d\n"
				"  If your firmware version is less\n"
				"  than 7.X, some titles decryption\n"
				"  will fail, and some EmuNANDs\n"
				"  will not boot.\n", r);
	}

	if (warned) {
		warn(strings[STR_PRESS_BUTTON_ACTION],
			strings[STR_BUTTON_A], strings[STR_CONTINUE]);
		WaitForButton(BUTTON_A);
	}

	OpenAnimation();
	mainLoop();
}
Exemplo n.º 11
0
int InstallData(char* drive){
	static const FirmInfo agb_info = { 0x8B800, 0x4CE00, 0x08006800, 0xD600, 0xE200, 0x08020000};
	static const FirmInfo twl_info = { 0x153600, 0x4D200, 0x08006800, 0xD600, 0xE200, 0x08020000};
	FIL firmfile;
	unsigned int progressWidth, progressX;
	wchar_t progressbar[8] = {0,};
	wchar_t *progress = progressbar;
	int i;

	progressWidth = getMpInfo() == MPINFO_CTR ? 7 : 3;
	progressX = (BOT_SCREEN_WIDTH - progressWidth * FONT_WIDTH) / 2;

	for (i = 0; i < progressWidth; i++)
		wcscat(progressbar, strings[STR_PROGRESS]);
	print(L"%ls", progressbar);
	ConsolePrevLine();

	//Create the workdir
	sprintf(tmpstr, "%s:%s", drive, DATAFOLDER);
	f_mkdir(tmpstr);

	//Read firmware data
	if (f_open(&firmfile, "firmware.bin", FA_READ | FA_OPEN_EXISTING) != FR_OK) return CONF_NOFIRMBIN;
	wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
	progress += wcslen(strings[STR_PROGRESS_OK]);
	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	//Create decrypted native_firm
	f_read(&firmfile, WORKBUF, NAT_SIZE, &tmpu32);
	uint8_t* n_firm = decryptFirmTitle(WORKBUF, NAT_SIZE, 0x00000002, 1);
	wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
	progress += wcslen(strings[STR_PROGRESS_OK]);
	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	getFirmPath(tmpstr, getMpInfo() == MPINFO_KTR ?
		TID_KTR_NATIVE_FIRM : TID_CTR_NATIVE_FIRM);
	if(FileOpen(&tempfile, tmpstr, 1)){
		FileWrite(&tempfile, n_firm, NAT_SIZE, 0);
		FileClose(&tempfile);
	}else {
		f_close(&firmfile);
		return CONF_ERRNFIRM;
	}
	wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
	progress += wcslen(strings[STR_PROGRESS_OK]);
	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	if (getMpInfo() != MPINFO_CTR)
		goto end;

	//Create AGB patched firmware
	f_read(&firmfile, WORKBUF, AGB_SIZE, &tmpu32);
	uint8_t* a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202, 1);
	if (!a_firm && checkEmuNAND())
	{
		/* Try to get the Title Key from the EmuNAND */
		a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202, 2);
		if (!a_firm) {
			/* If we cannot decrypt it from firmware.bin because of titlekey messed up,
			it probably means that AGB has been modified in some way. */
			//So we read it from his installed ncch...
			FindApp(0x00040138, 0x00000202, 1);
			char* path = getContentAppPath();
			if (!FileOpen(&tempfile, path, 0) && checkEmuNAND())
			{
				/* Try with EmuNAND */
				FindApp(0x00040138, 0x00000202, 2);
				path = getContentAppPath();
				if (!FileOpen(&tempfile, path, 0))
				{
					f_close(&firmfile);
					return CONF_ERRNFIRM;
				}
			}

			FileRead(&tempfile, WORKBUF, AGB_SIZE, 0);
			FileClose(&tempfile);
			a_firm = decryptFirmTitleNcch(WORKBUF, AGB_SIZE);
		}
	}

	if (a_firm) {
		if (applyPatch(a_firm, "/rxTools/system/patches/ctr/agb_firm.elf", &agb_info))
			return CONF_ERRPATCH;

		getFirmPath(tmpstr, TID_CTR_TWL_FIRM);
		if(FileOpen(&tempfile, tmpstr, 1)){
			FileWrite(&tempfile, a_firm, AGB_SIZE, 0);
			FileClose(&tempfile);
		}else {
			f_close(&firmfile);
			return CONF_ERRNFIRM;
		}
		wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
		progress += wcslen(strings[STR_PROGRESS_OK]);
	} else {
		wcsncpy(progress, strings[STR_PROGRESS_FAIL], wcslen(strings[STR_PROGRESS_FAIL]));
		progress += wcslen(strings[STR_PROGRESS_FAIL]); //If we get here, then we'll play without AGB, lol
	}

	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	//Create TWL patched firmware
	f_read(&firmfile, WORKBUF, TWL_SIZE, &tmpu32);
	uint8_t* t_firm = decryptFirmTitle(WORKBUF, TWL_SIZE, 0x00000102, 1);
	if(t_firm){
		if (applyPatch(t_firm, "/rxTools/system/patches/ctr/twl_firm.elf", &twl_info))
			return CONF_ERRPATCH;

		getFirmPath(tmpstr, TID_CTR_TWL_FIRM);
		if(FileOpen(&tempfile, tmpstr, 1)){
			FileWrite(&tempfile, t_firm, TWL_SIZE, 0);
			FileClose(&tempfile);
			//FileCopy("0004013800000102.bin", tmpstr);
		}else {
			f_close(&firmfile);
			return CONF_ERRNFIRM;
		}
		wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
		progress += wcslen(strings[STR_PROGRESS_OK]);
	}else{
		wcsncpy(progress, strings[STR_PROGRESS_FAIL], wcslen(strings[STR_PROGRESS_FAIL]));
		progress += wcslen(strings[STR_PROGRESS_FAIL]);
	}
	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	sprintf(tmpstr, "%s:%s/data.bin", drive, DATAFOLDER);
	if(FileOpen(&tempfile, tmpstr, 1)){
		FileWrite(&tempfile, __DATE__, 12, 0);
		FileWrite(&tempfile, __TIME__, 9, 12);
		FileClose(&tempfile);
	}else {
		f_close(&firmfile);
		return CONF_CANTOPENFILE;
	}
	wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
	progress += wcslen(strings[STR_PROGRESS_OK]);
	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

end:
	f_close(&firmfile);
	return 0;
}
Exemplo n.º 12
0
int rxMode(int emu)
{
    const Elf32_Addr line = 32;
    wchar_t path[64];
    const char *shstrtab;
    const wchar_t *msg;
    uint8_t keyx[16];
    uint32_t tid;
    int r, sector;
    Elf32_Ehdr *ehdr;
    Elf32_Shdr *shdr, *btmShdr;
    Elf32_Addr cur, btm;
    void *keyxArg;
    FIL fd;
    UINT br, fsz;

    if (emu) {
        sector = checkEmuNAND();
        if (sector == 0) {
            ConsoleInit();
            ConsoleSetTitle(L"EMUNAND NOT FOUND!");
            print(L"The emunand was not found on\n");
            print(L"your SDCard. \n");
            print(L"\n");
            print(L"Press A to boot SYSNAND\n");
            ConsoleShow();

            WaitForButton(BUTTON_A);

            swprintf(path, _MAX_LFN, L"/rxTools/Theme/%u/boot.bin",
                     cfgs[CFG_THEME].val.i);
            DrawBottomSplash(path);
        }
    } else
        sector = 0;

    r = getMpInfo();
    switch (r) {
    case MPINFO_KTR:
        tid = TID_KTR_NATIVE_FIRM;
        break;

    case MPINFO_CTR:
        tid = TID_CTR_NATIVE_FIRM;
        break;

    default:
        msg = L"Unknown Platform: %d";
        goto fail;
    }

    setAgbBios();

    if (sysver < 7 && f_open(&fd, _T("slot0x25KeyX.bin"), FA_READ) == FR_OK) {
        f_read(&fd, keyx, sizeof(keyx), &br);
        f_close(&fd);
        keyxArg = keyx;
    } else
        keyxArg = NULL;

    getFirmPath(path, tid);
    r = loadFirm(path, &fsz);
    if (r) {
        msg = L"Failed to load NATIVE_FIRM: %d\n"
              L"Reboot rxTools and try again.\n";
        goto fail;
    }

    ((FirmHdr *)FIRM_ADDR)->arm9Entry = 0x0801B01C;

    getFirmPatchPath(path, tid);
    r = f_open(&fd, path, FA_READ);
    if (r != FR_OK)
        goto patchFail;

    r = f_read(&fd, (void *)PATCH_ADDR, PATCH_SIZE, &br);
    if (r != FR_OK)
        goto patchFail;

    f_close(&fd);

    ehdr = (void *)PATCH_ADDR;
    shdr = (void *)(PATCH_ADDR + ehdr->e_shoff);
    shstrtab = (char *)PATCH_ADDR + shdr[ehdr->e_shstrndx].sh_offset;
    for (btmShdr = shdr + ehdr->e_shnum; shdr != btmShdr; shdr++) {
        if (!strcmp(shstrtab + shdr->sh_name, ".patch.p9.reboot.body")) {
            memcpy((void *)ehdr->e_entry,
                   (void *)(PATCH_ADDR + shdr->sh_offset),
                   shdr->sh_size);

            // Drain write buffer
            __asm__ volatile ("mcr p15, 0, %0, c7, c10, 4" :: "r"(0));

            cur = ehdr->e_entry & ~(line - 1);
            btm = ehdr->e_entry + shdr->sh_size;
            while (cur < btm) {
                __asm__ volatile (
                    // Clean Dcache
                    "mcr p15, 0, %0, c7, c10, 1\n\t"

                    // Flush Icache
                    "mcr p15, 0, %0, c7, c5, 1"
                    :: "r"(cur));

                cur += line;
            }

            ((void (*)(uint32_t, void *, uintptr_t))ehdr->e_entry)(
                sector, keyxArg, 0x1FFFFFF8);

            __builtin_unreachable();
        }
    }
Exemplo n.º 13
0
static size_t getNandSize()
{
	return getMpInfo() == MPINFO_KTR ? 0x4D800000 : 0x3AF00000;
}
Exemplo n.º 14
0
void DumpNandPartitions(){
	ConsoleSetTitle(strings[STR_DUMP], strings[STR_NAND_PARTITIONS]);
	int isEmuNand = SYS_NAND;
	if(checkEmuNAND() && (isEmuNand = NandSwitch()) == UNK_NAND) return;
	isEmuNand--;
	ConsoleInit();
	ConsoleSetTitle(strings[STR_DUMP], strings[STR_NAND_PARTITIONS]);
	print(strings[STR_PROCESSING], isEmuNand ? strings[STR_EMUNAND] : strings[STR_SYSNAND]);
	wchar_t* p_name[] = {
		L"twln.bin", L"twlp.bin", L"agb_save.bin",
		L"firm0.bin", L"firm1.bin", L"ctrnand.bin"
	};
	wchar_t* p_descr[] = { strings[STR_TWLN], strings[STR_TWLP], strings[STR_AGB_SAVE], strings[STR_FIRM0], strings[STR_FIRM1], strings[STR_CTRNAND] };
	unsigned int p_size[] = { 0x08FB5200, 0x020B6600, 0x00030000, 0x00400000, 0x00400000, getMpInfo() == MPINFO_KTR ? 0x41D2D200 : 0x2F3E3600 };
	unsigned int p_addr[] = { TWLN, TWLP, AGB_SAVE, FIRM0, FIRM1, CTRNAND };
	int sect_row = 0x80;

	wchar_t tmp[_MAX_LFN];
	for(int i = 3; i < 6; i++){		//Cutting out twln, twlp and agb_save. Todo: Properly decrypt them
		File out;
		swprintf(tmp, _MAX_LFN, L"rxTools/nand/%ls%ls", isEmuNand ? L"emu_" : L"", p_name[i]);
		FileOpen(&out, tmp, 1);
		print(strings[STR_DUMPING], p_descr[i], tmp);
		ConsoleShow();

		for(int j = 0; j*0x200 < p_size[i]; j += sect_row){
			swprintf(tmp, _MAX_LFN, L"%08X / %08X", j*0x200, p_size[i]);
			int x, y;
			ConsoleGetXY(&x, &y);
			y += FONT_HEIGHT * 3;
			x += FONT_HWIDTH*2;
			ConsoleShow();
			DrawString(BOT_SCREEN, tmp, x, y, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

			if(isEmuNand) emunand_readsectors(j, sect_row, BUF1, p_addr[i]);
			else nand_readsectors(j, sect_row, BUF1, p_addr[i]);
			FileWrite(&out, BUF1, sect_row*0x200, j*0x200);
		}
		FileClose(&out);
	}
	print(strings[STR_PRESS_BUTTON_ACTION], strings[STR_BUTTON_A], strings[STR_CONTINUE]);
	ConsoleShow();
	WaitForButton(BUTTON_A);
}
Exemplo n.º 15
0
			DrawString(BOT_SCREEN, tmp, x, y, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

			if(isEmuNand) emunand_readsectors(j, sect_row, BUF1, p_addr[i]);
			else nand_readsectors(j, sect_row, BUF1, p_addr[i]);
			FileWrite(&out, BUF1, sect_row*0x200, j*0x200);
		}
		FileClose(&out);
	}
	print(strings[STR_PRESS_BUTTON_ACTION], strings[STR_BUTTON_A], strings[STR_CONTINUE]);
	ConsoleShow();
	WaitForButton(BUTTON_A);
}

void GenerateNandXorpads(){

	PadInfo myInfo = { .keyslot = getMpInfo() == MPINFO_KTR ? 0x5 : 0x4, .setKeyY = 0, .size_mb = getMpInfo() == MPINFO_KTR ? 1055 : 758, .filename = L"rxTools/nand.fat16.xorpad" };
	GetNANDCTR(myInfo.CTR); add_ctr(myInfo.CTR, 0xB93000);

	ConsoleInit();
	ConsoleSetTitle(strings[STR_GENERATE], strings[STR_NAND_XORPAD]);
	print(strings[STR_DUMPING], strings[STR_NAND_XORPAD], myInfo.filename);
	ConsoleShow();
	CreatePad(&myInfo, 0);

	print(strings[STR_PRESS_BUTTON_ACTION], strings[STR_BUTTON_A], strings[STR_CONTINUE]);
	ConsoleShow();
	WaitForButton(BUTTON_A);
}

void DumpNANDSystemTitles(){
	ConsoleSetTitle(strings[STR_DUMP], strings[STR_SYSTEM_TITLES]);