gnmmarechal/SafeA9LHInstaller
1
0
Fork 1
mirror of https://github.com/AuroraWright/SafeA9LHInstaller.git synced 2025-06-26 13:42:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move loader to itcm, use unprot boot9 code for caches, use 4 bytes inside the payload for the magic

Browse Source
This commit is contained in:
Aurora 2016-10-30 22:40:47 +01:00
parent 5ded6aa619
commit 4a3a351301
8 changed files with 26 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
loader/linker.ld
View File

@ -1,7 +1,7 @@
ENTRY(_start) ENTRY(_start)
SECTIONS SECTIONS
{ {
. = 0x80F0000; . = 0x1FF8000;
.text.start : { *(.text.start) } .text.start : { *(.text.start) }
.text : { *(.text) } .text : { *(.text) }
.data : { *(.data) } .data : { *(.data) }

27
loader/source/cache.h
View File

@ -1,27 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
*/
#pragma once
#include "types.h"
void flushCaches(void);

54
loader/source/cache.s
View File

@ -1,54 +0,0 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@ the Free Software Foundation, either version 3 of the License, or
@ (at your option) any later version.
@
@ This program is distributed in the hope that it will be useful,
@ but WITHOUT ANY WARRANTY; without even the implied warranty of
@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@ GNU General Public License for more details.
@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
@ reasonable legal notices or author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
.text
.arm
.align 4
.global flushCaches
.type flushCaches, %function
flushCaches:
@ Clean and flush data cache
@ Adpated from http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0155a/ch03s03s05.html ,
@ and https://github.com/gemarcano/libctr9_io/blob/master/src/ctr_system_ARM.c#L39 as well
@ Note: ARM's example is actually for a 8KB DCache (which is what the 3DS has)
@ Implemented in bootROM at address 0xffff0830
mov r1, #0 @ segment counter
outer_loop:
mov r0, #0 @ line counter
inner_loop:
orr r2, r1, r0 @ generate segment and line address
mcr p15, 0, r2, c7, c14, 2 @ clean and flush the line
add r0, #0x20 @ increment to next line
cmp r0, #0x400
bne inner_loop
add r1, #0x40000000
cmp r1, #0
bne outer_loop
mcr p15, 0, r1, c7, c10, 4 @ drain write buffer
@ Flush instruction cache
mcr p15, 0, r1, c7, c5, 0
bx lr

11
loader/source/main.c
View File

@ -20,7 +20,6 @@
* Notices displayed by works containing it. * Notices displayed by works containing it.
*/ */
#include "cache.h"
#include "memory.h" #include "memory.h"
#include "../build/bundled.h" #include "../build/bundled.h"
@ -42,12 +41,12 @@ void main(void)
{ {
ownArm11(); ownArm11();
vu32 *magic = (vu32 *)0x25000000; vu32 *payloadAddress = (vu32 *)0x23F00000;
magic[0] = 0xABADCAFE; payloadAddress[1] = 0xDEADCAFE;
magic[1] = 0xDEADCAFE;
//Ensure that all memory transfers have completed and that the caches have been flushed //Ensure that all memory transfers have completed and that the caches have been flushed
flushCaches(); ((void (*)())0xFFFF0830)();
((void (*)())0xFFFF0AB4)();
((void (*)())0x23F00000)(); ((void (*)())payloadAddress)();
} }

13
loader/source/start.s
View File

@ -39,9 +39,6 @@ _start:
bic r0, #(1<<0) @ - mpu disable bic r0, #(1<<0) @ - mpu disable
mcr p15, 0, r0, c1, c0, 0 @ write control register mcr p15, 0, r0, c1, c0, 0 @ write control register
@ Flush caches
bl flushCaches
@ Give read/write access to all the memory regions @ Give read/write access to all the memory regions
ldr r0, =0x3333333 ldr r0, =0x3333333
mcr p15, 0, r0, c5, c0, 2 @ write data access mcr p15, 0, r0, c5, c0, 2 @ write data access
@ -69,10 +66,14 @@ _start:
mcr p15, 0, r8, c2, c0, 0 @ Data cacheable 0, 2, 4 mcr p15, 0, r8, c2, c0, 0 @ Data cacheable 0, 2, 4
mcr p15, 0, r8, c2, c0, 1 @ Inst cacheable 0, 2, 4 mcr p15, 0, r8, c2, c0, 1 @ Inst cacheable 0, 2, 4
@ Enable caches / MPU / ITCM @ Flush caches
ldr r0, =0xFFFF0830
blx r0
ldr r0, =0xFFFF0AB4
blx r0
@ Enable caches / MPU
mrc p15, 0, r0, c1, c0, 0 @ read control register mrc p15, 0, r0, c1, c0, 0 @ read control register
orr r0, r0, #(1<<18) @ - ITCM enable
orr r0, r0, #(1<<13) @ - alternate exception vectors enable
orr r0, r0, #(1<<12) @ - instruction cache enable orr r0, r0, #(1<<12) @ - instruction cache enable
orr r0, r0, #(1<<2) @ - data cache enable orr r0, r0, #(1<<2) @ - data cache enable
orr r0, r0, #(1<<0) @ - mpu enable orr r0, r0, #(1<<0) @ - mpu enable

10
source/installer.c
View File

@ -50,8 +50,7 @@ u32 posY;
void main(void) void main(void)
{ {
vu32 *magic = (vu32 *)0x25000000; bool isOtpless = ISA9LH && magic == 0xDEADCAFE;
bool isOtpless = ISA9LH && magic[0] == 0xABADCAFE && magic[1] == 0xDEADCAFE;
initScreens(); initScreens();
@ -71,7 +70,6 @@ void main(void)
} }
else else
{ {
magic[0] = magic[1] = 0;
posY = drawString("Finalizing install...", 10, posY + SPACING_Y, COLOR_WHITE); posY = drawString("Finalizing install...", 10, posY + SPACING_Y, COLOR_WHITE);
pressed = 0; pressed = 0;
} }
@ -258,8 +256,10 @@ static inline void installer(bool isOtpless)
if(!ISA9LH && ISN3DS) if(!ISA9LH && ISN3DS)
{ {
*(vu32 *)0x80FD0FC = 0xEAFFCBBF; //B 0x80F0000 const u8 ldrAndBranch[] = {0x00, 0x00, 0x9F, 0xE5, 0x10, 0xFF, 0x2F, 0xE1, 0x00, 0x80, 0xFF, 0x01};
memcpy((void *)0x80F0000, loader_bin, loader_bin_size);
memcpy((void *)0x80FD0FC, ldrAndBranch, sizeof(ldrAndBranch));
memcpy((void *)0x1FF8000, loader_bin, loader_bin_size);
writeFirm((u8 *)FIRM0_100_OFFSET, false, FIRM0100_SIZE); writeFirm((u8 *)FIRM0_100_OFFSET, false, FIRM0100_SIZE);

1
source/installer.h
View File

@ -23,6 +23,7 @@
#define MAX_STAGE1_SIZE 0x1E70 #define MAX_STAGE1_SIZE 0x1E70
#define MAX_STAGE2_SIZE 0x89A00 #define MAX_STAGE2_SIZE 0x89A00
extern u32 magic;
extern const u8 key2s[5][AES_BLOCK_SIZE]; extern const u8 key2s[5][AES_BLOCK_SIZE];
static inline void installer(bool isOtpless); static inline void installer(bool isOtpless);

7
source/start.s
View File

@ -24,6 +24,13 @@
.align 4 .align 4
.global _start .global _start
_start: _start:
b start
.global magic
magic:
.word 0
start:
@ Disable interrupts @ Disable interrupts
mrs r0, cpsr mrs r0, cpsr
orr r0, #0x1C0 orr r0, #0x1C0