1
0
Fork 0
mirror of https://github.com/CTCaer/hekate.git synced 2024-11-29 21:12:06 +00:00

[HOS] Add full 8.0.0 support

Additionally, allow pkg1 to be dumped if unknown fw version.
This commit is contained in:
ctcaer@gmail.com 2019-04-21 17:37:12 +03:00
parent 8eb5ee867d
commit fd0dc04953
8 changed files with 176 additions and 56 deletions

View file

@ -50,6 +50,8 @@ void dump_packages12()
if (!sd_mount()) if (!sd_mount())
return; return;
char path[64];
u8 *pkg1 = (u8 *)calloc(1, 0x40000); u8 *pkg1 = (u8 *)calloc(1, 0x40000);
u8 *warmboot = (u8 *)calloc(1, 0x40000); u8 *warmboot = (u8 *)calloc(1, 0x40000);
u8 *secmon = (u8 *)calloc(1, 0x40000); u8 *secmon = (u8 *)calloc(1, 0x40000);
@ -74,13 +76,18 @@ void dump_packages12()
// Read package1. // Read package1.
sdmmc_storage_read(&storage, 0x100000 / NX_EMMC_BLOCKSIZE, 0x40000 / NX_EMMC_BLOCKSIZE, pkg1); sdmmc_storage_read(&storage, 0x100000 / NX_EMMC_BLOCKSIZE, 0x40000 / NX_EMMC_BLOCKSIZE, pkg1);
const pkg1_id_t *pkg1_id = pkg1_identify(pkg1); const pkg1_id_t *pkg1_id = pkg1_identify(pkg1);
const pk11_hdr_t *hdr = (pk11_hdr_t *)(pkg1 + pkg1_id->pkg11_off + 0x20);
if (!pkg1_id) if (!pkg1_id)
{ {
gfx_con.fntsz = 8;
EPRINTF("Unknown pkg1 version for reading\nTSEC firmware."); EPRINTF("Unknown pkg1 version for reading\nTSEC firmware.");
// Dump package1.
emmcsn_path_impl(path, "/pkg1", "pkg1_enc.bin", &storage);
if (sd_save_to_file(pkg1, 0x40000, path))
goto out_free;
gfx_puts("\nEnc pkg1 dumped to pkg1_enc.bin\n");
goto out_free; goto out_free;
} }
const pk11_hdr_t *hdr = (pk11_hdr_t *)(pkg1 + pkg1_id->pkg11_off + 0x20);
kb = pkg1_id->kb; kb = pkg1_id->kb;
@ -120,8 +127,6 @@ void dump_packages12()
if (kb <= KB_FIRMWARE_VERSION_600) if (kb <= KB_FIRMWARE_VERSION_600)
pkg1_decrypt(pkg1_id, pkg1); pkg1_decrypt(pkg1_id, pkg1);
char path[64];
if (kb <= KB_FIRMWARE_VERSION_620) if (kb <= KB_FIRMWARE_VERSION_620)
{ {
pkg1_unpack(warmboot, secmon, loader, pkg1_id, pkg1); pkg1_unpack(warmboot, secmon, loader, pkg1_id, pkg1);
@ -204,8 +209,14 @@ void dump_packages12()
// Dump INI1. // Dump INI1.
emmcsn_path_impl(path, "/pkg2", "ini1.bin", &storage); emmcsn_path_impl(path, "/pkg2", "ini1.bin", &storage);
if (sd_save_to_file(pkg2_hdr->data + pkg2_hdr->sec_size[PKG2_SEC_KERNEL], u32 ini1_off = pkg2_hdr->sec_size[PKG2_SEC_KERNEL];
pkg2_hdr->sec_size[PKG2_SEC_INI1], path)) u32 ini1_size = pkg2_hdr->sec_size[PKG2_SEC_INI1];
if (!ini1_size)
{
ini1_off = *(u32 *)(pkg2_hdr->data + PKG2_NEWKERN_INI1_START);
ini1_size = *(u32 *)(pkg2_hdr->data + PKG2_NEWKERN_INI1_END) - *(u32 *)(pkg2_hdr->data + PKG2_NEWKERN_INI1_START);
}
if (sd_save_to_file(pkg2_hdr->data + ini1_off, ini1_size, path))
goto out; goto out;
gfx_puts("INI1 dumped to ini1.bin\n"); gfx_puts("INI1 dumped to ini1.bin\n");

View file

@ -488,6 +488,8 @@ int hos_launch(ini_sec_t *cfg)
gfx_printf("Loaded warmboot and secmon\n"); gfx_printf("Loaded warmboot and secmon\n");
// Read package2. // Read package2.
if (!strcmp(ctxt.pkg1_id->id, "20190314172056"))
ctxt.new_pkg2 = true;
u8 *bootConfigBuf = _read_emmc_pkg2(&ctxt); u8 *bootConfigBuf = _read_emmc_pkg2(&ctxt);
if (!bootConfigBuf) if (!bootConfigBuf)
return 0; return 0;
@ -515,7 +517,14 @@ int hos_launch(ini_sec_t *cfg)
if (!ctxt.stock && (ctxt.svcperm || ctxt.debugmode || ctxt.atmosphere)) if (!ctxt.stock && (ctxt.svcperm || ctxt.debugmode || ctxt.atmosphere))
{ {
u32 kernel_crc32 = crc32c(ctxt.kernel, ctxt.kernel_size); u32 kernel_crc32;
// New Kernel with INI1 takes long to hash with crc32c. Hash kernel only.
if (!ctxt.new_pkg2)
kernel_crc32 = crc32c(ctxt.kernel, ctxt.kernel_size);
else
kernel_crc32 = crc32c(ctxt.kernel + PKG2_NEWKERN_START,
*(u32 *)(ctxt.kernel + PKG2_NEWKERN_INI1_START) - PKG2_NEWKERN_START);
ctxt.pkg2_kernel_id = pkg2_identify(kernel_crc32); ctxt.pkg2_kernel_id = pkg2_identify(kernel_crc32);
// In case a kernel patch option is set; allows to disable SVC verification or/and enable debug mode. // In case a kernel patch option is set; allows to disable SVC verification or/and enable debug mode.
@ -560,7 +569,7 @@ int hos_launch(ini_sec_t *cfg)
} }
// Rebuild and encrypt package2. // Rebuild and encrypt package2.
pkg2_build_encrypt((void *)PKG2_LOAD_ADDR, ctxt.kernel, ctxt.kernel_size, &kip1_info); pkg2_build_encrypt((void *)PKG2_LOAD_ADDR, ctxt.kernel, ctxt.kernel_size, &kip1_info, ctxt.new_pkg2);
gfx_printf("Rebuilt & loaded pkg2\n"); gfx_printf("Rebuilt & loaded pkg2\n");

View file

@ -51,6 +51,7 @@ typedef struct _launch_ctxt_t
void *pkg2; void *pkg2;
u32 pkg2_size; u32 pkg2_size;
bool new_pkg2;
void *kernel; void *kernel;
u32 kernel_size; u32 kernel_size;
link_t kip1_list; link_t kip1_list;

View file

@ -143,6 +143,7 @@ static const pkg1_id_t _pkg1_ids[] = {
{ "20181107105733", 6, 0x0E00, 0x6FE0, { 1, 2, 0 }, 0x4002B000, 0x4003D800, false, _secmon_620_patchset, _warmboot_4_patchset }, //6.2.0 { "20181107105733", 6, 0x0E00, 0x6FE0, { 1, 2, 0 }, 0x4002B000, 0x4003D800, false, _secmon_620_patchset, _warmboot_4_patchset }, //6.2.0
{ "20181218175730", 7, 0x0F00, 0x6FE0, { 1, 2, 0 }, 0x40030000, 0x4003E000, false, NULL, _warmboot_4_patchset }, //7.0.0 { "20181218175730", 7, 0x0F00, 0x6FE0, { 1, 2, 0 }, 0x40030000, 0x4003E000, false, NULL, _warmboot_4_patchset }, //7.0.0
{ "20190208150037", 7, 0x0F00, 0x6FE0, { 1, 2, 0 }, 0x40030000, 0x4003E000, false, NULL, _warmboot_4_patchset }, //7.0.1 { "20190208150037", 7, 0x0F00, 0x6FE0, { 1, 2, 0 }, 0x40030000, 0x4003E000, false, NULL, _warmboot_4_patchset }, //7.0.1
{ "20190314172056", 7, 0x0E00, 0x6FE0, { 1, 2, 0 }, 0x40030000, 0x4003E000, false, NULL, _warmboot_4_patchset }, //8.0.0
{ NULL } //End. { NULL } //End.
}; };

View file

@ -43,6 +43,7 @@
#define FREE_CODE_OFF_1ST_500 0x5C020 #define FREE_CODE_OFF_1ST_500 0x5C020
#define FREE_CODE_OFF_1ST_600 0x5EE00 #define FREE_CODE_OFF_1ST_600 0x5EE00
#define FREE_CODE_OFF_1ST_700 0x5FEC0 #define FREE_CODE_OFF_1ST_700 0x5FEC0
#define FREE_CODE_OFF_1ST_800 0x607F0
#define ID_SND_OFF_100 0x23CC0 #define ID_SND_OFF_100 0x23CC0
#define ID_SND_OFF_200 0x3F134 #define ID_SND_OFF_200 0x3F134
@ -52,6 +53,7 @@
#define ID_SND_OFF_500 0x2AD34 #define ID_SND_OFF_500 0x2AD34
#define ID_SND_OFF_600 0x2BB8C #define ID_SND_OFF_600 0x2BB8C
#define ID_SND_OFF_700 0x2D044 #define ID_SND_OFF_700 0x2D044
#define ID_SND_OFF_800 0x2F1FC
#define ID_RCV_OFF_100 0x219F0 #define ID_RCV_OFF_100 0x219F0
#define ID_RCV_OFF_200 0x3D1A8 #define ID_RCV_OFF_200 0x3D1A8
@ -61,6 +63,7 @@
#define ID_RCV_OFF_500 0x28DAC #define ID_RCV_OFF_500 0x28DAC
#define ID_RCV_OFF_600 0x29B6C #define ID_RCV_OFF_600 0x29B6C
#define ID_RCV_OFF_700 0x2B23C #define ID_RCV_OFF_700 0x2B23C
#define ID_RCV_OFF_800 0x2D424
static u32 PRC_ID_SND_100[] = static u32 PRC_ID_SND_100[] =
{ {
@ -98,17 +101,7 @@ static u32 PRC_ID_RCV_300[] =
0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA
}; };
static u32 PRC_ID_SND_302[] = #define FREE_CODE_OFF_2ND_302 (FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_300) + sizeof(u32))
{
0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B,
0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA
};
#define FREE_CODE_OFF_2ND_302 (FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_302) + sizeof(u32))
static u32 PRC_ID_RCV_302[] =
{
0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148,
0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA
};
static u32 PRC_ID_SND_400[] = static u32 PRC_ID_SND_400[] =
{ {
@ -162,6 +155,8 @@ static u32 PRC_ID_RCV_700[] =
0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0
}; };
#define FREE_CODE_OFF_2ND_800 (FREE_CODE_OFF_1ST_800 + sizeof(PRC_ID_SND_700) + sizeof(u32))
// Include kernel patches here, so we can utilize pkg1 id // Include kernel patches here, so we can utilize pkg1 id
KERNEL_PATCHSET_DEF(_kernel_1_patchset, KERNEL_PATCHSET_DEF(_kernel_1_patchset,
{ SVC_VERIFY_DS, 0x3764C, _NOP(), NULL }, // Disable SVC verifications { SVC_VERIFY_DS, 0x3764C, _NOP(), NULL }, // Disable SVC verifications
@ -210,13 +205,13 @@ KERNEL_PATCHSET_DEF(_kernel_302_patchset,
{ DEBUG_MODE_EN, 0x48414, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch { DEBUG_MODE_EN, 0x48414, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch
// Atmosphère kernel patches. // Atmosphère kernel patches.
{ ATM_GEN_PATCH, ID_SND_OFF_302, _B(ID_SND_OFF_302, FREE_CODE_OFF_1ST_302), NULL}, // Send process id branch. { ATM_GEN_PATCH, ID_SND_OFF_302, _B(ID_SND_OFF_302, FREE_CODE_OFF_1ST_302), NULL}, // Send process id branch.
{ ATM_ARR_PATCH, FREE_CODE_OFF_1ST_302, sizeof(PRC_ID_SND_302) >> 2, PRC_ID_SND_302}, // Send process id code. { ATM_ARR_PATCH, FREE_CODE_OFF_1ST_302, sizeof(PRC_ID_SND_300) >> 2, PRC_ID_SND_300}, // Send process id code.
{ ATM_GEN_PATCH, FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_302), // Branch back and skip 1 instruction. { ATM_GEN_PATCH, FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_300), // Branch back and skip 1 instruction.
_B(FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_302), ID_SND_OFF_302 + sizeof(u32)), NULL}, _B(FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_300), ID_SND_OFF_302 + sizeof(u32)), NULL},
{ ATM_GEN_PATCH, ID_RCV_OFF_302, _B(ID_RCV_OFF_302, FREE_CODE_OFF_2ND_302), NULL}, // Receive process id branch. { ATM_GEN_PATCH, ID_RCV_OFF_302, _B(ID_RCV_OFF_302, FREE_CODE_OFF_2ND_302), NULL}, // Receive process id branch.
{ ATM_ARR_PATCH, FREE_CODE_OFF_2ND_302, sizeof(PRC_ID_RCV_302) >> 2, PRC_ID_RCV_302}, // Receive process id code. { ATM_ARR_PATCH, FREE_CODE_OFF_2ND_302, sizeof(PRC_ID_RCV_300) >> 2, PRC_ID_RCV_300}, // Receive process id code.
{ ATM_GEN_PATCH, FREE_CODE_OFF_2ND_302 + sizeof(PRC_ID_RCV_302), // Branch back and skip 1 instruction. { ATM_GEN_PATCH, FREE_CODE_OFF_2ND_302 + sizeof(PRC_ID_RCV_300), // Branch back and skip 1 instruction.
_B(FREE_CODE_OFF_2ND_302 + sizeof(PRC_ID_RCV_302), ID_RCV_OFF_302 + sizeof(u32)), NULL} _B(FREE_CODE_OFF_2ND_302 + sizeof(PRC_ID_RCV_300), ID_RCV_OFF_302 + sizeof(u32)), NULL}
); );
KERNEL_PATCHSET_DEF(_kernel_4_patchset, KERNEL_PATCHSET_DEF(_kernel_4_patchset,
@ -278,6 +273,21 @@ KERNEL_PATCHSET_DEF(_kernel_7_patchset,
_B(FREE_CODE_OFF_2ND_700 + sizeof(PRC_ID_RCV_700), ID_RCV_OFF_700 + sizeof(u32) * 4), NULL} _B(FREE_CODE_OFF_2ND_700 + sizeof(PRC_ID_RCV_700), ID_RCV_OFF_700 + sizeof(u32) * 4), NULL}
); );
KERNEL_PATCHSET_DEF(_kernel_8_patchset,
{ SVC_GENERIC, 0x3FAD0, _NOP(), NULL }, // Allow same process on svcControlCodeMemory.
{ SVC_VERIFY_DS, 0x4D15C, _NOP(), NULL }, // Disable SVC verifications
{ DEBUG_MODE_EN, 0x5BFAC, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch
// Atmosphère kernel patches.
{ ATM_GEN_PATCH, ID_SND_OFF_800, _B(ID_SND_OFF_800, FREE_CODE_OFF_1ST_800), NULL}, // Send process id branch.
{ ATM_ARR_PATCH, FREE_CODE_OFF_1ST_800, sizeof(PRC_ID_RCV_700) >> 2, PRC_ID_RCV_700}, // Send process id code.
{ ATM_GEN_PATCH, FREE_CODE_OFF_1ST_800 + sizeof(PRC_ID_RCV_700), // Branch back and skip 4 instructions.
_B(FREE_CODE_OFF_1ST_800 + sizeof(PRC_ID_RCV_700), ID_SND_OFF_800 + sizeof(u32) * 4), NULL},
{ ATM_GEN_PATCH, ID_RCV_OFF_800, _B(ID_RCV_OFF_800, FREE_CODE_OFF_2ND_800), NULL}, // Receive process id branch.
{ ATM_ARR_PATCH, FREE_CODE_OFF_2ND_800, sizeof(PRC_ID_RCV_700) >> 2, PRC_ID_RCV_700}, // Receive process id code.
{ ATM_GEN_PATCH, FREE_CODE_OFF_2ND_800 + sizeof(PRC_ID_RCV_700), // Branch back and skip 4 instructions.
_B(FREE_CODE_OFF_2ND_800 + sizeof(PRC_ID_RCV_700), ID_RCV_OFF_800 + sizeof(u32) * 4), NULL}
);
static const pkg2_kernel_id_t _pkg2_kernel_ids[] = static const pkg2_kernel_id_t _pkg2_kernel_ids[] =
{ {
{ 0x427f2647, _kernel_1_patchset }, //1.0.0 { 0x427f2647, _kernel_1_patchset }, //1.0.0
@ -288,6 +298,7 @@ static const pkg2_kernel_id_t _pkg2_kernel_ids[] =
{ 0xf3c363f2, _kernel_5_patchset }, //5.0.0 - 5.1.0 { 0xf3c363f2, _kernel_5_patchset }, //5.0.0 - 5.1.0
{ 0x64ce1a44, _kernel_6_patchset }, //6.0.0 - 6.2.0 { 0x64ce1a44, _kernel_6_patchset }, //6.0.0 - 6.2.0
{ 0x908175e1, _kernel_7_patchset }, //7.0.0 { 0x908175e1, _kernel_7_patchset }, //7.0.0
{ 0x22832de4, _kernel_8_patchset }, //8.0.0. Kernel only.
{ 0, 0 } //End. { 0, 0 } //End.
}; };
@ -539,6 +550,48 @@ static kip1_patchset_t _fs_patches_700_exfat[] =
{ NULL, NULL } { NULL, NULL }
}; };
static kip1_patch_t _fs_nosigchk_800[] =
{
{ KPS(KIP_TEXT) | 0x7630C, 4, "\x51\x44\x00\x94", "\xE0\x03\x1F\x2A" },
{ KPS(KIP_TEXT) | 0xF49A4, 4, "\xC0\x03\x00\x36", "\x1F\x20\x03\xD5" },
{ 0, 0, NULL, NULL }
};
static kip1_patch_t _fs_nosigchk_800_exfat[] =
{
{ KPS(KIP_TEXT) | 0x818BC, 4, "\x51\x44\x00\x94", "\xE0\x03\x1F\x2A" },
{ KPS(KIP_TEXT) | 0xFFF54, 4, "\xC0\x03\x00\x36", "\x1F\x20\x03\xD5" },
{ 0, 0, NULL, NULL }
};
static kip1_patch_t _fs_nogc_800[] =
{
{ KPS(KIP_TEXT) | 0x136800, 8, "\xF4\x4F\xBE\xA9\xFD\x7B\x01\xA9", "\xE0\x03\x1F\x2A\xC0\x03\x5F\xD6" },
{ KPS(KIP_TEXT) | 0x15EB94, 4, "\x14\x40\x80\x52", "\x14\x80\x80\x52" },
{ 0, 0, NULL, NULL }
};
static kip1_patch_t _fs_nogc_800_exfat[] =
{
{ KPS(KIP_TEXT) | 0x141DB0, 8, "\xF4\x4F\xBE\xA9\xFD\x7B\x01\xA9", "\xE0\x03\x1F\x2A\xC0\x03\x5F\xD6" },
{ KPS(KIP_TEXT) | 0x16A144, 4, "\x14\x40\x80\x52", "\x14\x80\x80\x52" },
{ 0, 0, NULL, NULL }
};
static kip1_patchset_t _fs_patches_800[] =
{
{ "nosigchk", _fs_nosigchk_800 },
{ "nogc", _fs_nogc_800 },
{ NULL, NULL }
};
static kip1_patchset_t _fs_patches_800_exfat[] =
{
{ "nosigchk", _fs_nosigchk_800_exfat },
{ "nogc", _fs_nogc_800_exfat },
{ NULL, NULL }
};
// SHA256 hashes. // SHA256 hashes.
static kip1_id_t _kip_ids[] = static kip1_id_t _kip_ids[] =
{ {
@ -565,7 +618,9 @@ static kip1_id_t _kip_ids[] =
{ "FS", "\x3a\x57\x4d\x43\x61\x86\x19\x1d\x17\x88\xeb\x2c\x0f\x07\x6b\x11", _fs_patches_600 }, // FS 6.0.0-5.0 { "FS", "\x3a\x57\x4d\x43\x61\x86\x19\x1d\x17\x88\xeb\x2c\x0f\x07\x6b\x11", _fs_patches_600 }, // FS 6.0.0-5.0
{ "FS", "\x33\x05\x53\xf6\xb5\xfb\x55\xc4\xc2\xd7\xb7\x36\x24\x02\x76\xb3", _fs_patches_600_exfat }, // FS 6.0.0-5.0 exfat { "FS", "\x33\x05\x53\xf6\xb5\xfb\x55\xc4\xc2\xd7\xb7\x36\x24\x02\x76\xb3", _fs_patches_600_exfat }, // FS 6.0.0-5.0 exfat
{ "FS", "\x2A\xDB\xE9\x7E\x9B\x5F\x41\x77\x9E\xC9\x5F\xFE\x26\x99\xC9\x33", _fs_patches_700 }, // FS 7.0.0 { "FS", "\x2A\xDB\xE9\x7E\x9B\x5F\x41\x77\x9E\xC9\x5F\xFE\x26\x99\xC9\x33", _fs_patches_700 }, // FS 7.0.0
{ "FS", "\x2C\xCE\x65\x9C\xEC\x53\x6A\x8E\x4D\x91\xF3\xBE\x4B\x74\xBE\xD3", _fs_patches_700_exfat } // FS 7.0.0 exfat { "FS", "\x2C\xCE\x65\x9C\xEC\x53\x6A\x8E\x4D\x91\xF3\xBE\x4B\x74\xBE\xD3", _fs_patches_700_exfat }, // FS 7.0.0 exfat
{ "FS", "\xB2\xF5\x17\x6B\x35\x48\x36\x4D\x07\x9A\x29\xB1\x41\xA2\x3B\x06", _fs_patches_800 }, // FS 8.0.0
{ "FS", "\xDB\xD9\x41\xC0\xC5\x3C\x52\xCC\xF7\x20\x2C\x84\xD8\xE0\xF7\x80", _fs_patches_800_exfat } // FS 8.0.0 exfat
}; };
const pkg2_kernel_id_t *pkg2_identify(u32 id) const pkg2_kernel_id_t *pkg2_identify(u32 id)
@ -586,7 +641,16 @@ static u32 _pkg2_calc_kip1_size(pkg2_kip1_t *kip1)
void pkg2_parse_kips(link_t *info, pkg2_hdr_t *pkg2) void pkg2_parse_kips(link_t *info, pkg2_hdr_t *pkg2)
{ {
u8 *ptr = pkg2->data + pkg2->sec_size[PKG2_SEC_KERNEL]; u8 *ptr;
// Check for new pkg2
if (!pkg2->sec_size[PKG2_SEC_INI1])
{
u32 kernel_ini1_off = *(u32 *)(pkg2->data + PKG2_NEWKERN_INI1_START);
ptr = pkg2->data + kernel_ini1_off;
}
else
ptr = pkg2->data + pkg2->sec_size[PKG2_SEC_KERNEL];
pkg2_ini1_t *ini1 = (pkg2_ini1_t *)ptr; pkg2_ini1_t *ini1 = (pkg2_ini1_t *)ptr;
ptr += sizeof(pkg2_ini1_t); ptr += sizeof(pkg2_ini1_t);
@ -927,31 +991,8 @@ DPRINTF("sec %d has size %08X\n", i, hdr->sec_size[i]);
return hdr; return hdr;
} }
void pkg2_build_encrypt(void *dst, void *kernel, u32 kernel_size, link_t *kips_info) static u32 _pkg2_ini1_build(u8 *pdst, pkg2_hdr_t *hdr, link_t *kips_info, bool new_pkg2)
{ {
u8 *pdst = (u8 *)dst;
// Signature.
memset(pdst, 0, 0x100);
pdst += 0x100;
// Header.
pkg2_hdr_t *hdr = (pkg2_hdr_t *)pdst;
memset(hdr, 0, sizeof(pkg2_hdr_t));
pdst += sizeof(pkg2_hdr_t);
hdr->magic = PKG2_MAGIC;
hdr->base = 0x10000000;
DPRINTF("kernel @ %08X (%08X)\n", (u32)kernel, kernel_size);
// Kernel.
memcpy(pdst, kernel, kernel_size);
hdr->sec_size[PKG2_SEC_KERNEL] = kernel_size;
hdr->sec_off[PKG2_SEC_KERNEL] = 0x10000000;
se_aes_crypt_ctr(8, pdst, kernel_size, pdst, kernel_size, &hdr->sec_ctr[PKG2_SEC_KERNEL * 0x10]);
pdst += kernel_size;
DPRINTF("kernel encrypted\n");
// INI1.
u32 ini1_size = sizeof(pkg2_ini1_t); u32 ini1_size = sizeof(pkg2_ini1_t);
pkg2_ini1_t *ini1 = (pkg2_ini1_t *)pdst; pkg2_ini1_t *ini1 = (pkg2_ini1_t *)pdst;
memset(ini1, 0, sizeof(pkg2_ini1_t)); memset(ini1, 0, sizeof(pkg2_ini1_t));
@ -966,9 +1007,60 @@ DPRINTF("adding kip1 '%s' @ %08X (%08X)\n", ki->kip1->name, (u32)ki->kip1, ki->s
ini1->num_procs++; ini1->num_procs++;
} }
ini1->size = ini1_size; ini1->size = ini1_size;
if (!new_pkg2)
{
hdr->sec_size[PKG2_SEC_INI1] = ini1_size; hdr->sec_size[PKG2_SEC_INI1] = ini1_size;
hdr->sec_off[PKG2_SEC_INI1] = 0x14080000; hdr->sec_off[PKG2_SEC_INI1] = 0x14080000;
se_aes_crypt_ctr(8, ini1, ini1_size, ini1, ini1_size, &hdr->sec_ctr[PKG2_SEC_INI1 * 0x10]); se_aes_crypt_ctr(8, ini1, ini1_size, ini1, ini1_size, &hdr->sec_ctr[PKG2_SEC_INI1 * 0x10]);
}
else
{
hdr->sec_size[PKG2_SEC_INI1] = 0;
hdr->sec_off[PKG2_SEC_INI1] = 0;
}
return ini1_size;
}
void pkg2_build_encrypt(void *dst, void *kernel, u32 kernel_size, link_t *kips_info, bool new_pkg2)
{
u8 *pdst = (u8 *)dst;
// Signature.
memset(pdst, 0, 0x100);
pdst += 0x100;
// Header.
pkg2_hdr_t *hdr = (pkg2_hdr_t *)pdst;
memset(hdr, 0, sizeof(pkg2_hdr_t));
pdst += sizeof(pkg2_hdr_t);
hdr->magic = PKG2_MAGIC;
if (!new_pkg2)
hdr->base = 0x10000000;
else
hdr->base = 0x60000;
DPRINTF("kernel @ %08X (%08X)\n", (u32)kernel, kernel_size);
// Kernel.
memcpy(pdst, kernel, kernel_size);
if (!new_pkg2)
hdr->sec_off[PKG2_SEC_KERNEL] = 0x10000000;
else
{
// Set new INI1 offset to kernel.
*(u32 *)(pdst + PKG2_NEWKERN_INI1_START) = kernel_size;
kernel_size += _pkg2_ini1_build(pdst + kernel_size, hdr, kips_info, new_pkg2);
hdr->sec_off[PKG2_SEC_KERNEL] = 0x60000;
}
hdr->sec_size[PKG2_SEC_KERNEL] = kernel_size;
se_aes_crypt_ctr(8, pdst, kernel_size, pdst, kernel_size, &hdr->sec_ctr[PKG2_SEC_KERNEL * 0x10]);
pdst += kernel_size;
DPRINTF("kernel encrypted\n");
// INI1.
u32 ini1_size = 0;
if (!new_pkg2)
ini1_size = _pkg2_ini1_build(pdst, hdr, kips_info, new_pkg2);
DPRINTF("INI1 encrypted\n"); DPRINTF("INI1 encrypted\n");
//Encrypt header. //Encrypt header.

View file

@ -1,6 +1,6 @@
/* /*
* Copyright (c) 2018 naehrwert * Copyright (c) 2018 naehrwert
* Copyright (C) 2018 CTCaer * Copyright (C) 2018-2019 CTCaer
* *
* This program is free software; you can redistribute it and/or modify it * This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License, * under the terms and conditions of the GNU General Public License,
@ -27,6 +27,9 @@
#define PKG2_SEC_INI1 1 #define PKG2_SEC_INI1 1
#define INI1_MAGIC 0x31494E49 #define INI1_MAGIC 0x31494E49
#define PKG2_NEWKERN_INI1_START 0x168
#define PKG2_NEWKERN_INI1_END 0x170
#define PKG2_NEWKERN_START 0x800
typedef struct _kernel_patch_t typedef struct _kernel_patch_t
{ {
@ -145,6 +148,6 @@ const char* pkg2_patch_kips(link_t *info, char* patchNames);
const pkg2_kernel_id_t *pkg2_identify(u32 id); const pkg2_kernel_id_t *pkg2_identify(u32 id);
pkg2_hdr_t *pkg2_decrypt(void *data); pkg2_hdr_t *pkg2_decrypt(void *data);
void pkg2_build_encrypt(void *dst, void *kernel, u32 kernel_size, link_t *kips_info); void pkg2_build_encrypt(void *dst, void *kernel, u32 kernel_size, link_t *kips_info, bool new_pkg2);
#endif #endif

View file

@ -109,6 +109,8 @@ void config_exosphere(const char *id, u32 kb, void *warmboot, bool stock)
break; break;
default: default:
exoFwNo = kb + 1; exoFwNo = kb + 1;
if (!strcmp(id, "20190314172056"))
exoFwNo++; // ATM_TARGET_FW_800.
break; break;
} }

View file

@ -1036,6 +1036,7 @@ void sdmmc_end(sdmmc_t *sdmmc)
if (sdmmc->id == SDMMC_1) if (sdmmc->id == SDMMC_1)
{ {
gpio_output_enable(GPIO_PORT_E, GPIO_PIN_4, GPIO_OUTPUT_DISABLE); gpio_output_enable(GPIO_PORT_E, GPIO_PIN_4, GPIO_OUTPUT_DISABLE);
max77620_regulator_enable(REGULATOR_LDO2, 0);
msleep(1); // To power cycle min 1ms without power is needed. msleep(1); // To power cycle min 1ms without power is needed.
} }