Merge remote-tracking branch 'official/master' into dev

2b-zipper · Jan 3, 2025 · bccf127 · bccf127
2 parents ca70ebb + 043e2d2
commit bccf127
Show file tree

Hide file tree

Showing 18 changed files with 453 additions and 47 deletions.
diff --git a/arm9/source/emunand.c b/arm9/source/emunand.c
@@ -111,6 +111,23 @@ void locateEmuNand(FirmwareSource *nandType, u32 *emunandIndex, bool configureCt
     else *nandType = FIRMWARE_SYSNAND;
 }
 
+static inline u32 getProtoSdmmc(u32 *sdmmc, u32 firmVersion)
+{
+    switch(firmVersion)
+    {
+        case 243: // SDK 0.9.x (0.9.7?)
+            *sdmmc = (0x080AAA28 + 0x4e0);
+            break;
+        case 238: // SDK 0.10
+            *sdmmc = (0x080BEA70 + 0x690);
+            break;
+        default:
+            return 1;
+    }
+
+    return 0;
+}
+
 static inline u32 getOldSdmmc(u32 *sdmmc, u32 firmVersion)
 {
     switch(firmVersion)
@@ -166,6 +183,111 @@ static inline u32 patchNandRw(u8 *pos, u32 size, u32 hookAddr)
     return 0;
 }
 
+static inline u32 patchProtoNandRw(u8 *pos, u32 size, u32 hookAddr, u32 hookCidAddr)
+{
+    //Look for read/write code
+    static const u8 pattern[] = {
+        0x03, 0x00, 0x51, 0xE3, // cmp r1, #3
+        0x02, 0xC0, 0xA0, 0xE1, // mov r12, r2
+        0x04, 0x00, 0x80, 0xE2, // add r0, r0, #4
+    };
+
+    u32 *writeOffset = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(writeOffset == NULL) return 1;
+
+    u32 *readOffset = (u32 *)memsearch((u8 *)(writeOffset + 3), pattern, 0x400, sizeof(pattern));
+
+    if(readOffset == NULL) return 1;
+
+    // Find the sdmmc mount/init(?) function
+    static const u8 mount_pattern[] = {
+        0x20, 0x00, 0x84, 0xE2, // add r0, r4, 0x20
+        0x01, 0x20, 0xA0, 0xE3, // mov r2, #1
+        0x00, 0x10, 0xA0, 0xE3, // mov r1, #0
+    };
+    u32* mountOffset = (u32*) memsearch(pos, mount_pattern, size, sizeof(mount_pattern));
+    if (mountOffset == NULL) return 1;
+
+    // Find the sdmmc read cid function.
+    static const u8 readcid_pattern[] = {
+        0x31, 0xFF, 0x2F, 0xE1, // blx r1
+        0x20, 0x60, 0x9F, 0xE5, // ldr r6, [pc, #0x20] // =failing_result
+        0x00, 0x00, 0x50, 0xE3, // cmp r0, #0
+    };
+    u32* readCidOffset = (u32*) memsearch(pos, readcid_pattern, size, sizeof(readcid_pattern));
+    if (readCidOffset == NULL) return 1;
+    readCidOffset -= 5;
+
+    mountOffset[1] = 0xe3a02000; // mov r2, #0 // sd-card
+
+    readOffset[0] = writeOffset[0] = 0xe52de004; // push {lr}
+    readOffset[1] = writeOffset[1] = 0xe59fc000; // ldr r12, [pc, #0]
+    readOffset[2] = writeOffset[2] = 0xe12fff3c; // blx r12
+    readOffset[3] = writeOffset[3] = hookAddr;
+
+    readCidOffset[0] = 0xe59fc000; // ldr r12, [pc, #0]
+    readCidOffset[1] = 0xe12fff3c; // blx r12
+    readCidOffset[2] = hookCidAddr;
+
+    // Read the emmc cid into the place hook will copy it from
+    sdmmc_get_cid(1, emunandPatchNandCid);
+
+    return 0;
+}
+
+static inline u32 patchProtoNandRw238(u8 *pos, u32 size, u32 hookAddr, u32 hookCidAddr)
+{
+    //Look for read/write code
+    static const u8 pattern[] = {
+        0x03, 0x00, 0x50, 0xE3, // cmp r0, #3
+        0x00, 0x00, 0xA0, 0x13, // movne r0, #0
+        0x01, 0x00, 0xA0, 0x03, // moveq r0, #1
+    };
+
+    u32 *writeOffset = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(writeOffset == NULL) return 1;
+
+    u32 *readOffset = (u32 *)memsearch((u8 *)(writeOffset + 3), pattern, 0x400, sizeof(pattern));
+
+    if(readOffset == NULL) return 1;
+
+    // Find the mmc static ctor...
+    static const u8 mount_pattern[] = {
+        0x08, // last byte of some ptr to something in P9
+        0x01, 0x01, 0x00, 0x00, // emmc controller id
+    };
+    u8* mountOffset = (u8*) memsearch(pos, mount_pattern, size, sizeof(mount_pattern));
+    if (mountOffset == NULL) return 1;
+    mountOffset++;
+
+    // Find the sdmmc read cid function.
+    static const u8 readcid_pattern[] = {
+        0x31, 0xFF, 0x2F, 0xE1, // blx r1
+        0x20, 0x60, 0x9F, 0xE5, // ldr r6, [pc, #0x20] // =failing_result
+        0x00, 0x00, 0x50, 0xE3, // cmp r0, #0
+    };
+    u32* readCidOffset = (u32*) memsearch(pos, readcid_pattern, size, sizeof(readcid_pattern));
+    if (readCidOffset == NULL) return 1;
+    readCidOffset -= 5;
+
+    *(u32*)mountOffset = 0x300; // sd card
+
+    readOffset[0] = writeOffset[0] = 0xe59fc000; // ldr r12, [pc, #0]
+    readOffset[1] = writeOffset[1] = 0xe12fff3c; // blx r12
+    readOffset[2] = writeOffset[2] = hookAddr;
+
+    readCidOffset[0] = 0xe59fc000; // ldr r12, [pc, #0]
+    readCidOffset[1] = 0xe12fff3c; // blx r12
+    readCidOffset[2] = hookCidAddr;
+
+    // Read the emmc cid into the place hook will copy it from
+    sdmmc_get_cid(1, emunandPatchNandCid);
+
+    return 0;
+}
+
 u32 patchEmuNand(u8 *process9Offset, u32 process9Size, u32 firmVersion)
 {
     u32 ret = 0;
@@ -184,3 +306,33 @@ u32 patchEmuNand(u8 *process9Offset, u32 process9Size, u32 firmVersion)
 
     return ret;
 }
+
+u32 patchProtoEmuNand(u8 *process9Offset, u32 process9Size)
+{
+    extern u32 firmProtoVersion;
+    u32 ret = 0;
+
+    // Add the data of the found EmuNAND
+    emunandPatchNandOffset = emuOffset;
+    emunandPatchNcsdHeaderOffset = emuHeader;
+
+    // Find and add the SDMMC struct
+    u32 sdmmc;
+    ret += getProtoSdmmc(&sdmmc, firmProtoVersion);
+    if(!ret) emunandPatchSdmmcStructPtr = sdmmc;
+
+    // Add EmuNAND hooks
+    switch (firmProtoVersion) {
+        case 243: // SDK 0.9.x (0.9.7?)
+            ret += patchProtoNandRw(process9Offset, process9Size, (u32)emunandProtoPatch, (u32)emunandProtoCidPatch);
+            break;
+        case 238: // SDK 0.10.x
+            ret += patchProtoNandRw238(process9Offset, process9Size, (u32)emunandProtoPatch238, (u32)emunandProtoCidPatch);
+            break;
+        default:
+            ret++;
+            break;
+    }
+
+    return ret;
+}
diff --git a/arm9/source/emunand.h b/arm9/source/emunand.h
@@ -39,3 +39,4 @@ extern u32 emuOffset,
 
 void locateEmuNand(FirmwareSource *nandType, u32 *emunandIndex, bool configureCtrNandParams);
 u32 patchEmuNand(u8 *process9Offset, u32 process9Size, u32 firmVersion);
+u32 patchProtoEmuNand(u8 *process9Offset, u32 process9Size);
diff --git a/arm9/source/emunand_patch.s b/arm9/source/emunand_patch.s
@@ -45,19 +45,150 @@ emunandPatch:
 
 .pool
 
+_emunandPatchEnd:
+
+.global emunandProtoPatch
+emunandProtoPatch:
+    @ Save registers
+    push {r0-r3}
+
+    @ If we're already trying to access the SD, return
+    ldr r2, [r0, #4]
+    ldr r1, emunandPatchSdmmcStructPtr
+    cmp r2, r1
+    beq _out
+
+    ldrb r2, [r1, #0xc] @ Get sdmc->m_isInitialised
+    cmp r2, #0 @ Is initialised?
+    beq _pastSdmc @ if not, use "NAND" object, patched elsewhere to access SD
+    str r1, [r0, #4] @ Set object to be SD
+    _pastSdmc:
+    ldr r2, [r0, #8] @ Get sector to read
+    cmp r2, #0 @ For GW compatibility, see if we're trying to read the ncsd header (sector 0)
+
+    ldr r3, emunandPatchNandOffset
+    add r2, r3 @ Add the offset to the NAND in the SD
+
+    ldreq r3, emunandPatchNcsdHeaderOffset
+    addeq r2, r3 @ If we're reading the ncsd header, add the offset of that sector
+
+    str r2, [r0, #8] @ Store sector to read
+
+    _out:
+        @ Restore registers
+        pop {r0-r3}
+        @ Execute original code that got patched.
+        cmp r1, #3
+        mov r12, r2
+        add r0, r0, #4
+        movne r1, #0
+        moveq r1, #1
+        @ r2 about to be overwritten, so it's free to use here.
+        @ Save off our return address and restore lr.
+        mov r2, lr
+        pop {lr}
+        @ r2+0 is return address (patched movne r1, #0)
+        @ r2+4 is moveq r1, #1
+        @ r2+8 is the following instruction (mov r2, r3)
+        add r2, #8
+        bx r2
+
+.global emunandProtoCidPatch
+emunandProtoCidPatch:
+    @ If we're already trying to access the SD, return
+    ldr r4, emunandPatchSdmmcStructPtr
+    cmp r0, r4
+    beq _cid_return
+
+    @ Trying to access nand, so copy the NAND cid into r1
+    adr r4, emunandPatchNandCid
+    ldr r2, [r4, #0]
+    ldr r3, [r4, #4]
+    ldr r5, [r4, #8]
+    ldr r6, [r4, #0xc]
+    str r2, [r1, #0]
+    str r3, [r1, #4]
+    str r5, [r1, #8]
+    str r6, [r1, #0xc]
+    @ And return from whence we came
+    mov r0, #0
+    pop {r4-r6, pc}
+
+    _cid_return:
+        @ Execute original code that got patched.
+        mov r4, r0
+        ldr r0, [r0]
+        mov r5, r1
+        @ lr+0 is return address (patched mov r5, r1)
+        @ lr+4 is following instruction (ldr r1, [r0,#8])
+        add lr, #4
+        bx lr
+
+.global emunandProtoPatch238
+emunandProtoPatch238:
+    @ Save registers
+    push {r0-r3}
+
+    @ If we're already trying to access the SD, return
+    ldr r2, [r4, #4]
+    ldr r1, emunandPatchSdmmcStructPtr
+    cmp r2, r1
+    beq _out238
+
+    ldr r2, [r1, #0x24] @ Get sdmc->m_someObjInitedLater
+    cmp r2, #0 @ Is initialised?
+    beq _pastSdmc238 @ if not, use "NAND" object, patched elsewhere to access SD
+    str r1, [r4, #4] @ Set object to be SD
+    _pastSdmc238:
+
+    ldr r2, [r4, #8] @ Get sector to read
+    cmp r2, #0 @ For GW compatibility, see if we're trying to read the ncsd header (sector 0)
+
+    ldr r3, emunandPatchNandOffset
+    add r2, r3 @ Add the offset to the NAND in the SD
+
+    ldreq r3, emunandPatchNcsdHeaderOffset
+    addeq r2, r3 @ If we're reading the ncsd header, add the offset of that sector
+
+    str r2, [r4, #8] @ Store sector to read
+
+    _out238:
+        @ Restore registers
+        pop {r0-r3}
+        @ Execute original code that got patched.
+        cmp r0, #3
+        movne r0, #0
+        moveq r0, #1
+        @ r1 about to be overwritten, so it's free to use here.
+        @ Save off our return address.
+        mov r1, lr
+        @ r1+0 is return address (patched moveq r1, #1)
+        @ r1+4 is tst r0, #0xff or sub sp, sp, #0xc
+        add r1, #4
+        bx r1
+
+.pool
+
 .global emunandPatchSdmmcStructPtr
 .global emunandPatchNandOffset
 .global emunandPatchNcsdHeaderOffset
+.global emunandPatchNandCid
 
+_emunandPatchBssStart:
 emunandPatchSdmmcStructPtr:     .word   0 @ Pointer to sdmmc struct
 emunandPatchNandOffset:         .word   0 @ For rednand this should be 1
 emunandPatchNcsdHeaderOffset:   .word   0 @ Depends on nand manufacturer + emunand type (GW/RED)
+emunandPatchNandCid:                      @ Store emmc cid here, to override "sdmc's" when trying to read emmc's
+    .word 0,0,0,0 
+_emunandPatchBssEnd:
 
 .pool
 .balign 4
 
-_emunandPatchEnd:
-
 .global emunandPatchSize
 emunandPatchSize:
     .word _emunandPatchEnd - emunandPatch
+
+.global emunandPatchBssSize
+emunandPatchBssSize:
+    .word _emunandPatchBssEnd - _emunandPatchBssStart
Original file line number	Diff line number	Diff line change
Expand Up		@@ -39,3 +39,4 @@ extern u32 emuOffset,

		void locateEmuNand(FirmwareSource nandType, u32 emunandIndex, bool configureCtrNandParams);
		u32 patchEmuNand(u8 *process9Offset, u32 process9Size, u32 firmVersion);
		u32 patchProtoEmuNand(u8 *process9Offset, u32 process9Size);