├── .gitattributes ├── .gitignore ├── Makefile ├── README.md ├── common ├── pack_tool_src │ ├── Makefile │ ├── include │ │ └── types.h │ └── source │ │ ├── main.c │ │ └── polarssl │ │ ├── aes.c │ │ ├── aes.h │ │ ├── arc4.h │ │ ├── asn1.h │ │ ├── asn1write.h │ │ ├── base64.c │ │ ├── base64.h │ │ ├── bignum.c │ │ ├── bignum.h │ │ ├── blowfish.h │ │ ├── bn_mul.h │ │ ├── camellia.h │ │ ├── certs.h │ │ ├── cipher.h │ │ ├── cipher_wrap.h │ │ ├── config.h │ │ ├── ctr_drbg.h │ │ ├── debug.h │ │ ├── des.h │ │ ├── dhm.h │ │ ├── entropy.h │ │ ├── entropy_poll.h │ │ ├── error.h │ │ ├── gcm.h │ │ ├── havege.h │ │ ├── md.c │ │ ├── md.h │ │ ├── md2.h │ │ ├── md4.h │ │ ├── md5.c │ │ ├── md5.h │ │ ├── md_wrap.c │ │ ├── md_wrap.h │ │ ├── net.h │ │ ├── openssl.h │ │ ├── padlock.c │ │ ├── padlock.h │ │ ├── pbkdf2.h │ │ ├── pem.h │ │ ├── pkcs11.h │ │ ├── pkcs12.h │ │ ├── pkcs5.h │ │ ├── rsa.c │ │ ├── rsa.h │ │ ├── sha1.c │ │ ├── sha1.h │ │ ├── sha2.c │ │ ├── sha2.h │ │ ├── sha4.c │ │ ├── sha4.h │ │ ├── ssl.h │ │ ├── ssl_cache.h │ │ ├── timing.h │ │ ├── version.h │ │ ├── x509.h │ │ ├── x509write.h │ │ └── xtea.h ├── payload_stage1.ld ├── payload_stage1.specs ├── payload_stage2.ld ├── payload_stage2.specs └── sector_generator.py ├── data_input └── .place_here ├── license.txt ├── payload_installer ├── Makefile ├── brahma2 │ ├── Makefile │ ├── include │ │ ├── brahma.h │ │ ├── exploitdata.h │ │ ├── hid.h │ │ ├── menus.h │ │ ├── sochlp.h │ │ ├── textmenu.h │ │ └── utils.h │ └── source │ │ ├── arm11.s │ │ ├── arm9.s │ │ ├── brahma.c │ │ ├── hid.c │ │ ├── libkhax │ │ ├── khax.h │ │ ├── khaxinit.cpp │ │ └── khaxinternal.h │ │ ├── main.c │ │ ├── menus.c │ │ ├── sochlp.c │ │ ├── textmenu.c │ │ └── utils.s └── installer │ ├── Makefile │ ├── bootstrap.ld │ ├── bootstrap.specs │ └── source │ ├── _start.s │ ├── common.h │ ├── fatfs │ ├── diskio.c │ ├── diskio.h │ ├── ff.c │ ├── ff.h │ ├── ffconf.h │ ├── fs.c │ ├── fs.h │ ├── integer.h │ └── option │ │ ├── cc932.c │ │ ├── cc936.c │ │ ├── cc949.c │ │ ├── cc950.c │ │ ├── ccsbcs.c │ │ ├── syscall.c │ │ └── unicode.c │ ├── main.c │ ├── screen.c │ ├── screen.h │ └── system │ ├── crypto.c │ ├── crypto.h │ ├── delay.h │ ├── delay.s │ ├── draw.c │ ├── draw.h │ ├── font.h │ ├── hid.c │ ├── hid.h │ ├── i2c.c │ ├── i2c.h │ ├── nand.c │ ├── nand.h │ ├── sdmmc.c │ └── sdmmc.h ├── payload_stage1 ├── Makefile └── source │ ├── _start.s │ ├── common.h │ ├── delay.h │ ├── delay.s │ ├── flush.h │ ├── flush.s │ ├── main.c │ ├── sdmmc.c │ └── sdmmc.h ├── payload_stage2 ├── Makefile ├── label.txt └── source │ ├── _start.s │ ├── common.h │ ├── delay.h │ ├── delay.s │ ├── fatfs │ ├── diskio.c │ ├── diskio.h │ ├── ff.c │ ├── ff.h │ ├── ffconf.h │ ├── integer.h │ └── option │ │ ├── cc932.c │ │ ├── cc936.c │ │ ├── cc949.c │ │ ├── cc950.c │ │ ├── ccsbcs.c │ │ ├── syscall.c │ │ └── unicode.c │ ├── flush.h │ ├── flush.s │ ├── hid.c │ ├── hid.h │ ├── i2c.c │ ├── i2c.h │ ├── main.c │ ├── screen.c │ ├── screen.h │ ├── sdmmc.c │ └── sdmmc.h └── screen_init ├── Makefile ├── screen_init.ld ├── screen_init.specs └── source └── screen_init └── screen_init.c /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | 7 | # Standard to msysgit 8 | *.doc diff=astextplain 9 | *.DOC diff=astextplain 10 | *.docx diff=astextplain 11 | *.DOCX diff=astextplain 12 | *.dot diff=astextplain 13 | *.DOT diff=astextplain 14 | *.pdf diff=astextplain 15 | *.PDF diff=astextplain 16 | *.rtf diff=astextplain 17 | *.RTF diff=astextplain 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | CMakeLists.txt 3 | 4 | data_input/*.bin 5 | data_input/*.firm 6 | common/*.exe 7 | playload_installer/brahma2/data 8 | 9 | # Output 10 | data_output 11 | *.3dsx 12 | *.elf 13 | *.o 14 | *.bin 15 | build 16 | 17 | *.bat 18 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | .PHONY : all hax stage2_update firm0 firm1 sector screen_init stage2 installer clean 2 | 3 | TARGET = arm9loaderhax 4 | PYTHON = python 5 | INDIR = data_input 6 | OUTDIR = data_output 7 | PACKTOOL = common/pack_tool 8 | 9 | all : $(OUTDIR) hax installer 10 | 11 | hax : $(OUTDIR) firm0 firm1 sector screen_init stage2 package 12 | @cd payload_installer/installer && make TARGET=../../$(OUTDIR)/$(TARGET) 13 | 14 | stage2_update: $(OUTDIR) $(PACKTOOL) stage2 15 | @$(PACKTOOL) null null null $(OUTDIR)/stage0x5C000.bin 16 | @dd if=payload_stage2/label.txt of=arm9loaderhax.pack bs=32 seek=1 conv=notrunc 17 | @mv arm9loaderhax.pack $(OUTDIR)/arm9loaderhax.pack 18 | @rm -f $(OUTDIR)/stage0x5C000.bin 19 | 20 | $(OUTDIR): 21 | @[ -d $(OUTDIR) ] || mkdir -p $(OUTDIR) 22 | 23 | firm0: 24 | @cd payload_stage1 && make 25 | @cp $(INDIR)/new3ds90.firm $(OUTDIR)/firm0.bin 26 | @dd if=payload_stage1/payload_stage1.bin of=$(OUTDIR)/firm0.bin bs=1 seek=984464 conv=notrunc 27 | 28 | firm1: 29 | @cp $(INDIR)/new3ds10.firm $(OUTDIR)/firm1.bin 30 | 31 | sector: 32 | @$(PYTHON) common/sector_generator.py $(INDIR)/secret_sector.bin $(INDIR)/otp.bin $(OUTDIR)/sector.bin 33 | 34 | screen_init: 35 | @[ -d payload_stage2/data ] || mkdir -p payload_stage2/data 36 | $(MAKE) -C screen_init 37 | @cp screen_init/screen_init.bin payload_stage2/data/ 38 | 39 | stage2: screen_init 40 | @cp screen_init/screen_init.bin payload_stage2/data 41 | @$(MAKE) -C payload_stage2 42 | @cp payload_stage2/payload_stage2.bin $(OUTDIR)/stage0x5C000.bin 43 | 44 | package: $(PACKTOOL) 45 | @$(PACKTOOL) $(OUTDIR)/firm0.bin $(OUTDIR)/firm1.bin $(OUTDIR)/sector.bin $(OUTDIR)/stage0x5C000.bin 46 | @mv arm9loaderhax.pack $(OUTDIR)/arm9loaderhax.pack 47 | @rm -f $(OUTDIR)/firm0.bin $(OUTDIR)/firm1.bin $(OUTDIR)/sector.bin $(OUTDIR)/stage0x5C000.bin 48 | 49 | $(PACKTOOL): 50 | @echo Building pack_tool... 51 | @cd $(PACKTOOL)_src && make 52 | 53 | installer: 54 | @mkdir -p payload_installer/brahma2/data/ 55 | @cd payload_installer && make TARGET=../$(OUTDIR)/$(TARGET) 56 | 57 | clean: 58 | @echo clean... 59 | @$(MAKE) -C payload_stage1 clean 60 | @$(MAKE) -C screen_init clean 61 | @$(MAKE) -C payload_stage2 clean 62 | @$(MAKE) -C payload_installer clean TARGET=../$(TARGET) 63 | rm -rf data_output 64 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Arm9LoaderHax for Nintendo 3DS 2 | 3 | ## Explanation 4 | 5 | This is my personal implementation of the arm9loaderhax exploit, documented [here](http://3dbrew.org/wiki/3DS_System_Flaws) and also presented [in this conference](https://media.ccc.de/v/32c3-7240-console_hacking), which provides ARM9 code execution directly at the console boot, exploiting a vulnerability present in 9.6+ version of New3DS arm9loader. 6 | 7 | It works on both New and OLD 3DS. 8 | 9 | This exploit was found by **plutoo** and **yellows8**, i do not own the idea, just the implementation of it. 10 | 11 | Screen_init was implemented by [**dark-samus** pull request](https://github.com/delebile/arm9loaderhax/pull/9) (thank you!). 12 | 13 | ## Usage 14 | 15 | Once you installed the exploit, it will launch the **arm9loaderhax.bin** file from the root of your SD card directly as the console boots. 16 | 17 | If the file is not found, the console will shut down. 18 | 19 | 20 | ## Installation 21 | 22 | After the compilation you'll have three files in the **data_output** directory: 23 | 24 | * arm9loaderhax.3dsx 25 | * arm9loaderhax.bin 26 | * arm9loaderhax.pack 27 | 28 | The *.pack* file contains all the content that will be installed (in case of a full package, your console-unique data too), and has to be placed in the root of your SD card. 29 | 30 | The *.bin* file is an indipendent payload that can be launched from Brahma2, CakeHax, Arm9LoaderHax itself (mainly for update the exploit), and so on. 31 | It is the installeing software, once you find your way to launch it, just follow the instruction. 32 | 33 | The *.3dsx* file is a pre-buildt Brahma2 3dsx that can be launched on consoles with firmware below 9.2 through the Homebrew Launcher. 34 | It is a loader for the *.bin* file, wich is included in the 3dsx. 35 | 36 | ## Software Update 37 | 38 | When some essential parts of the software will be released, you'll be able to update your setup with the installer by using *.pack* files that i will provide in future releases. 39 | 40 | 41 | ## Setup 42 | ####**Required Files** 43 | Some files are needed in order to make the setup compilable, be sure to put the following files in the **data_input** folder, you have to find them on your own: 44 | 45 | | Name | Description | SHA-256 | 46 | | ------------- |---------------| ------| 47 | | **new3ds10.firm**| New3DS NATIVE_FIRM from system version 10.2.| d253c1cc0a5ffac6b383dac1827cfb3b2d3d566c6a1a8e5254e389c2950623e5 | 48 | | **new3ds90.firm**|New3DS NATIVE_FIRM from system version 9.0.|d7be76e1813f398dcea85572d0c058f7954761a1d5ea03b5eb5047ac63ac5d6b | 49 | |**secret_sector.bin**|The New 3DS secret 0x96 key sector.| 82f2730d2c2da3f30165f987fdccac5cbab24b4e5f65c981cd7be6f438e6d9d3 | 50 | |**otp.bin**|A dump of your console OTP data from region 0x10012000-0x10012100. Using other console's OTP will result in a brick.| | 51 | 52 | ####**Required Enviroment** 53 | 54 | * devkitARM r45 55 | * libctru (ver. 1.0.0) 56 | * Python with PyCcrypto (2.7 or 3.x should work) 57 | * GCC or MinGW (Only needed to compile the buildt-in tool, you can download [a pre-compiled windows build here](https://mega.nz/#!j0RkxLjb!4Am-3yDAR9g4VDxY93pWhXVYNDiylSW1cKJntOLfDWU), place it in **common** folder) 58 | 59 | ####**Compilation Modes** 60 | 61 | * **make** : This will compile all the files 62 | * **make hax** : This will skip the 3DSX installer compilation 63 | * **make stage2_update** : This will generate an updater pack with only the secondary payload, mainly for updating the exploit files. 64 | 65 | ## Credits 66 | 67 | *Copyright 2016, Jason Dellaluce* 68 | 69 | 70 | *Licensed under GPLv2 or any later version, refer to the license.txt file included.* 71 | 72 | * Smealum and contributors for libctru 73 | * Normmatt for sdmmc.c and .h, and also for .ld files and the log from XDS by ichfly that provided us some of the information needed to get screen init 74 | * Christophe Devine for the SHA codes 75 | * Archshift for i2c.c and .h 76 | * Megazig for crypto.c and .h 77 | * Patois for original BRAHMA code 78 | * Smealum, Derrek, Plutoo for publishing the exploit 79 | * Yellows8 and Plutoo as ideators of it 80 | * [3dbrew community](http://3dbrew.org/) 81 | * bilis/b1l1s for his screen init code, and work on inegrating it into stage 2 82 | * dark_samus for work on integrating screen init into stage 2 83 | -------------------------------------------------------------------------------- /common/pack_tool_src/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY : all clean 2 | 3 | all: 4 | @gcc source/*.c source/polarssl/*.c -o ../pack_tool -I source -I include -std=c99 -Wall -g 5 | 6 | clean: 7 | @rm -f ../pack_tool -------------------------------------------------------------------------------- /common/pack_tool_src/include/types.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | typedef unsigned char u8; 4 | typedef unsigned short u16; 5 | typedef unsigned int u32; 6 | typedef unsigned long long u64; 7 | 8 | typedef signed char s8; 9 | typedef signed short s16; 10 | typedef signed int s32; 11 | typedef signed long long s64; 12 | 13 | typedef s32 result; 14 | 15 | typedef enum 16 | { 17 | RES_OK = 0, 18 | RES_GENERAL_ERROR, 19 | RES_BAD_PARAMETER, 20 | RES_FILE_ERROR, 21 | } errors; -------------------------------------------------------------------------------- /common/pack_tool_src/source/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "types.h" 5 | #include "polarssl/sha2.h" 6 | 7 | #define STOCK_INFO "Full Installation Pack" 8 | 9 | char packEntryName[][32] = 10 | { 11 | "Firm0", 12 | "Firm1", 13 | "KeySector", 14 | "Secondary Payload" 15 | }; 16 | 17 | typedef struct 18 | { 19 | unsigned int offset; 20 | unsigned int size; 21 | unsigned int sector; 22 | unsigned int crypt; 23 | unsigned char hash[32]; 24 | } packEntry; 25 | 26 | typedef struct 27 | { 28 | unsigned char hash[32]; 29 | char info[32]; 30 | packEntry entry[4]; 31 | } packHeader; 32 | 33 | unsigned int fsize(FILE* file) 34 | { 35 | long cur = ftell(file); 36 | fseek(file, 0, SEEK_END); 37 | unsigned int size = ftell(file); 38 | fseek(file, cur, SEEK_SET); 39 | return size; 40 | } 41 | 42 | int main(int argc, char** argv) 43 | { 44 | printf("Arm9LoaderHax Installer Pack Tool - Delebile\n\n"); 45 | if(argc == 5) 46 | { 47 | FILE *content[4], *out; 48 | packHeader header; 49 | u8* buffer; 50 | sha2_context sha; 51 | 52 | memset((void*)&header, 0, sizeof(packHeader)); 53 | content[0] = fopen(argv[1], "rb"); 54 | content[1] = fopen(argv[2], "rb"); 55 | content[2] = fopen(argv[3], "rb"); 56 | content[3] = fopen(argv[4], "rb"); 57 | printf("Contents : \n"); 58 | for(int i = 0; i < 4; i++) 59 | { 60 | if(content[i]) printf(" %s\n", packEntryName[i]); 61 | } 62 | 63 | printf("Packing... "); 64 | out = fopen("arm9loaderhax.pack", "wb"); 65 | fwrite(&header, 1, sizeof(packHeader), out); 66 | while((ftell(out) % 0x200) != 0) fputc(0x00, out); 67 | for(int i = 0; i < 4; i++) 68 | { 69 | if(content[i]) 70 | { 71 | header.entry[i].size = fsize(content[i]); 72 | while((header.entry[i].size % 0x200) != 0) header.entry[i].size++; 73 | header.entry[i].offset = ftell(out); 74 | switch(i) 75 | { 76 | case 0: // firm0 77 | { 78 | header.entry[i].crypt = 1; 79 | header.entry[i].sector = 0x0B130000/0x200; 80 | break; 81 | } 82 | case 1: // firm1 83 | { 84 | header.entry[i].crypt = 1; 85 | header.entry[i].sector = 0x0B530000/0x200; 86 | break; 87 | } 88 | case 2: // sector 89 | { 90 | header.entry[i].crypt = 0; 91 | header.entry[i].sector = 0x96; 92 | break; 93 | } 94 | case 3: // stage2 payload 95 | { 96 | header.entry[i].crypt = 0; 97 | header.entry[i].sector = 0x5C000; 98 | break; 99 | } 100 | } 101 | fseek(out, 0, SEEK_END); 102 | buffer = (u8*) malloc (header.entry[i].size); 103 | fread((void*)buffer, 1, header.entry[i].size, content[i]); 104 | sha2_starts(&sha, 0); 105 | sha2_update(&sha, buffer, header.entry[i].size); 106 | sha2_finish(&sha, header.entry[i].hash); 107 | 108 | fwrite((void*)buffer, 1, header.entry[i].size, out); 109 | free(buffer); 110 | fclose(content[i]); 111 | } 112 | } 113 | memcpy(header.info, STOCK_INFO, 32); 114 | fseek(out, 0, SEEK_SET); 115 | fwrite(&header, 1, sizeof(packHeader), out); 116 | fclose(out); 117 | 118 | out = fopen("arm9loaderhax.pack", "rb+"); 119 | u32 totSize = fsize(out); 120 | buffer = (u8*) malloc (totSize); 121 | fread(buffer, 1, totSize, out); 122 | 123 | sha2_starts(&sha, 0); 124 | sha2_update(&sha, buffer + 0x20, totSize - 0x20); 125 | sha2_finish(&sha, header.hash); 126 | 127 | fseek(out, 0, SEEK_SET); 128 | fwrite(&header, 1, sizeof(packHeader), out); 129 | fclose(out); 130 | printf("Done!\n"); 131 | } 132 | else 133 | { 134 | printf("ERROR : Missing %d arguments!\n", 5 - argc); 135 | printf("Usage : \n"); 136 | printf("If you want to exclude some files from the pack, just type 'null'\nas path for that file.\n\n"); 137 | } 138 | 139 | return 0; 140 | } -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/arc4.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file arc4.h 3 | * 4 | * \brief The ARCFOUR stream cipher 5 | * 6 | * Copyright (C) 2006-2013, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_ARC4_H 28 | #define POLARSSL_ARC4_H 29 | 30 | #include "polarssl/config.h" 31 | 32 | #include 33 | 34 | #if !defined(POLARSSL_ARC4_ALT) 35 | // Regular implementation 36 | // 37 | 38 | /** 39 | * \brief ARC4 context structure 40 | */ 41 | typedef struct 42 | { 43 | int x; /*!< permutation index */ 44 | int y; /*!< permutation index */ 45 | unsigned char m[256]; /*!< permutation table */ 46 | } 47 | arc4_context; 48 | 49 | #ifdef __cplusplus 50 | extern "C" { 51 | #endif 52 | 53 | /** 54 | * \brief ARC4 key schedule 55 | * 56 | * \param ctx ARC4 context to be initialized 57 | * \param key the secret key 58 | * \param keylen length of the key 59 | */ 60 | void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen ); 61 | 62 | /** 63 | * \brief ARC4 cipher function 64 | * 65 | * \param ctx ARC4 context 66 | * \param length length of the input data 67 | * \param input buffer holding the input data 68 | * \param output buffer for the output data 69 | * 70 | * \return 0 if successful 71 | */ 72 | int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input, 73 | unsigned char *output ); 74 | 75 | #ifdef __cplusplus 76 | } 77 | #endif 78 | 79 | #else /* POLARSSL_ARC4_ALT */ 80 | #include "polarssl/arc4_alt.h" 81 | #endif /* POLARSSL_ARC4_ALT */ 82 | 83 | #ifdef __cplusplus 84 | extern "C" { 85 | #endif 86 | 87 | /** 88 | * \brief Checkup routine 89 | * 90 | * \return 0 if successful, or 1 if the test failed 91 | */ 92 | int arc4_self_test( int verbose ); 93 | 94 | #ifdef __cplusplus 95 | } 96 | #endif 97 | 98 | #endif /* arc4.h */ 99 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/asn1write.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file asn1write.h 3 | * 4 | * \brief ASN.1 buffer writing functionality 5 | * 6 | * Copyright (C) 2006-2012, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_ASN1_WRITE_H 28 | #define POLARSSL_ASN1_WRITE_H 29 | 30 | #include "polarssl/asn1.h" 31 | 32 | #define ASN1_CHK_ADD(g, f) if( ( ret = f ) < 0 ) return( ret ); else g += ret 33 | 34 | int asn1_write_len( unsigned char **p, unsigned char *start, size_t len ); 35 | int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag ); 36 | int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X ); 37 | int asn1_write_null( unsigned char **p, unsigned char *start ); 38 | int asn1_write_oid( unsigned char **p, unsigned char *start, char *oid ); 39 | int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, char *algorithm_oid ); 40 | int asn1_write_int( unsigned char **p, unsigned char *start, int val ); 41 | int asn1_write_printable_string( unsigned char **p, unsigned char *start, 42 | char *text ); 43 | int asn1_write_ia5_string( unsigned char **p, unsigned char *start, 44 | char *text ); 45 | 46 | #endif /* POLARSSL_ASN1_WRITE_H */ 47 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/base64.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file base64.h 3 | * 4 | * \brief RFC 1521 base64 encoding/decoding 5 | * 6 | * Copyright (C) 2006-2010, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_BASE64_H 28 | #define POLARSSL_BASE64_H 29 | 30 | #include 31 | #include 32 | 33 | #define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */ 34 | #define POLARSSL_ERR_BASE64_INVALID_CHARACTER -0x002C /**< Invalid character in input. */ 35 | 36 | #ifdef __cplusplus 37 | extern "C" { 38 | #endif 39 | 40 | /** 41 | * \brief Encode a buffer into base64 format 42 | * 43 | * \param dst destination buffer 44 | * \param dlen size of the buffer 45 | * \param src source buffer 46 | * \param slen amount of data to be encoded 47 | * 48 | * \return 0 if successful, or POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL. 49 | * *dlen is always updated to reflect the amount 50 | * of data that has (or would have) been written. 51 | * 52 | * \note Call this function with *dlen = 0 to obtain the 53 | * required buffer size in *dlen 54 | */ 55 | int base64_encode( unsigned char *dst, size_t *dlen, 56 | const unsigned char *src, size_t slen ); 57 | 58 | /** 59 | * \brief Decode a base64-formatted buffer 60 | * 61 | * \param dst destination buffer 62 | * \param dlen size of the buffer 63 | * \param src source buffer 64 | * \param slen amount of data to be decoded 65 | * 66 | * \return 0 if successful, POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL, or 67 | * POLARSSL_ERR_BASE64_INVALID_CHARACTER if the input data is 68 | * not correct. *dlen is always updated to reflect the amount 69 | * of data that has (or would have) been written. 70 | * 71 | * \note Call this function with *dlen = 0 to obtain the 72 | * required buffer size in *dlen 73 | */ 74 | int base64_decode( unsigned char *dst, size_t *dlen, 75 | const unsigned char *src, size_t slen ); 76 | 77 | /** 78 | * \brief Checkup routine 79 | * 80 | * \return 0 if successful, or 1 if the test failed 81 | */ 82 | int base64_self_test( int verbose ); 83 | 84 | #ifdef __cplusplus 85 | } 86 | #endif 87 | 88 | #endif /* base64.h */ 89 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/certs.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file certs.h 3 | * 4 | * \brief Sample certificates and DHM parameters for testing 5 | * 6 | * Copyright (C) 2006-2010, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_CERTS_H 28 | #define POLARSSL_CERTS_H 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif 33 | 34 | extern const char test_ca_crt[]; 35 | extern const char test_ca_key[]; 36 | extern const char test_ca_pwd[]; 37 | extern const char test_srv_crt[]; 38 | extern const char test_srv_key[]; 39 | extern const char test_cli_crt[]; 40 | extern const char test_cli_key[]; 41 | extern const char test_dhm_params[]; 42 | 43 | #ifdef __cplusplus 44 | } 45 | #endif 46 | 47 | #endif /* certs.h */ 48 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/cipher_wrap.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file cipher_wrap.h 3 | * 4 | * \brief Cipher wrappers. 5 | * 6 | * \author Adriaan de Jong 7 | * 8 | * Copyright (C) 2006-2012, Brainspark B.V. 9 | * 10 | * This file is part of PolarSSL (http://www.polarssl.org) 11 | * Lead Maintainer: Paul Bakker 12 | * 13 | * All rights reserved. 14 | * 15 | * This program is free software; you can redistribute it and/or modify 16 | * it under the terms of the GNU General Public License as published by 17 | * the Free Software Foundation; either version 2 of the License, or 18 | * (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License along 26 | * with this program; if not, write to the Free Software Foundation, Inc., 27 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 28 | */ 29 | #ifndef POLARSSL_CIPHER_WRAP_H 30 | #define POLARSSL_CIPHER_WRAP_H 31 | 32 | #include "polarssl/config.h" 33 | #include "polarssl/cipher.h" 34 | 35 | #ifdef __cplusplus 36 | extern "C" { 37 | #endif 38 | 39 | #if defined(POLARSSL_AES_C) 40 | 41 | extern const cipher_info_t aes_128_cbc_info; 42 | extern const cipher_info_t aes_192_cbc_info; 43 | extern const cipher_info_t aes_256_cbc_info; 44 | 45 | #if defined(POLARSSL_CIPHER_MODE_CFB) 46 | extern const cipher_info_t aes_128_cfb128_info; 47 | extern const cipher_info_t aes_192_cfb128_info; 48 | extern const cipher_info_t aes_256_cfb128_info; 49 | #endif /* POLARSSL_CIPHER_MODE_CFB */ 50 | 51 | #if defined(POLARSSL_CIPHER_MODE_CTR) 52 | extern const cipher_info_t aes_128_ctr_info; 53 | extern const cipher_info_t aes_192_ctr_info; 54 | extern const cipher_info_t aes_256_ctr_info; 55 | #endif /* POLARSSL_CIPHER_MODE_CTR */ 56 | 57 | #endif /* defined(POLARSSL_AES_C) */ 58 | 59 | #if defined(POLARSSL_CAMELLIA_C) 60 | 61 | extern const cipher_info_t camellia_128_cbc_info; 62 | extern const cipher_info_t camellia_192_cbc_info; 63 | extern const cipher_info_t camellia_256_cbc_info; 64 | 65 | #if defined(POLARSSL_CIPHER_MODE_CFB) 66 | extern const cipher_info_t camellia_128_cfb128_info; 67 | extern const cipher_info_t camellia_192_cfb128_info; 68 | extern const cipher_info_t camellia_256_cfb128_info; 69 | #endif /* POLARSSL_CIPHER_MODE_CFB */ 70 | 71 | #if defined(POLARSSL_CIPHER_MODE_CTR) 72 | extern const cipher_info_t camellia_128_ctr_info; 73 | extern const cipher_info_t camellia_192_ctr_info; 74 | extern const cipher_info_t camellia_256_ctr_info; 75 | #endif /* POLARSSL_CIPHER_MODE_CTR */ 76 | 77 | #endif /* defined(POLARSSL_CAMELLIA_C) */ 78 | 79 | #if defined(POLARSSL_DES_C) 80 | 81 | extern const cipher_info_t des_cbc_info; 82 | extern const cipher_info_t des_ede_cbc_info; 83 | extern const cipher_info_t des_ede3_cbc_info; 84 | 85 | #endif /* defined(POLARSSL_DES_C) */ 86 | 87 | #if defined(POLARSSL_BLOWFISH_C) 88 | extern const cipher_info_t blowfish_cbc_info; 89 | 90 | #if defined(POLARSSL_CIPHER_MODE_CFB) 91 | extern const cipher_info_t blowfish_cfb64_info; 92 | #endif /* POLARSSL_CIPHER_MODE_CFB */ 93 | 94 | #if defined(POLARSSL_CIPHER_MODE_CTR) 95 | extern const cipher_info_t blowfish_ctr_info; 96 | #endif /* POLARSSL_CIPHER_MODE_CTR */ 97 | #endif /* defined(POLARSSL_BLOWFISH_C) */ 98 | 99 | #if defined(POLARSSL_CIPHER_NULL_CIPHER) 100 | extern const cipher_info_t null_cipher_info; 101 | #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ 102 | 103 | #ifdef __cplusplus 104 | } 105 | #endif 106 | 107 | #endif /* POLARSSL_CIPHER_WRAP_H */ 108 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/debug.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file debug.h 3 | * 4 | * \brief Debug functions 5 | * 6 | * Copyright (C) 2006-2011, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_DEBUG_H 28 | #define POLARSSL_DEBUG_H 29 | 30 | #include "polarssl/config.h" 31 | #include "polarssl/ssl.h" 32 | 33 | #if defined(POLARSSL_DEBUG_C) 34 | 35 | #define SSL_DEBUG_MSG( level, args ) \ 36 | debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args ); 37 | 38 | #define SSL_DEBUG_RET( level, text, ret ) \ 39 | debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret ); 40 | 41 | #define SSL_DEBUG_BUF( level, text, buf, len ) \ 42 | debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len ); 43 | 44 | #define SSL_DEBUG_MPI( level, text, X ) \ 45 | debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X ); 46 | 47 | #define SSL_DEBUG_CRT( level, text, crt ) \ 48 | debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt ); 49 | 50 | #else 51 | 52 | #define SSL_DEBUG_MSG( level, args ) do { } while( 0 ) 53 | #define SSL_DEBUG_RET( level, text, ret ) do { } while( 0 ) 54 | #define SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 ) 55 | #define SSL_DEBUG_MPI( level, text, X ) do { } while( 0 ) 56 | #define SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 ) 57 | 58 | #endif 59 | 60 | #ifdef __cplusplus 61 | extern "C" { 62 | #endif 63 | 64 | char *debug_fmt( const char *format, ... ); 65 | 66 | void debug_print_msg( const ssl_context *ssl, int level, 67 | const char *file, int line, const char *text ); 68 | 69 | void debug_print_ret( const ssl_context *ssl, int level, 70 | const char *file, int line, 71 | const char *text, int ret ); 72 | 73 | void debug_print_buf( const ssl_context *ssl, int level, 74 | const char *file, int line, const char *text, 75 | unsigned char *buf, size_t len ); 76 | 77 | void debug_print_mpi( const ssl_context *ssl, int level, 78 | const char *file, int line, 79 | const char *text, const mpi *X ); 80 | 81 | void debug_print_crt( const ssl_context *ssl, int level, 82 | const char *file, int line, 83 | const char *text, const x509_cert *crt ); 84 | 85 | #ifdef __cplusplus 86 | } 87 | #endif 88 | 89 | #endif /* debug.h */ 90 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/entropy.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file entropy.h 3 | * 4 | * \brief Entropy accumulator implementation 5 | * 6 | * Copyright (C) 2006-2013, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_ENTROPY_H 28 | #define POLARSSL_ENTROPY_H 29 | 30 | #include 31 | 32 | #include "polarssl/config.h" 33 | 34 | #include "polarssl/sha4.h" 35 | #if defined(POLARSSL_HAVEGE_C) 36 | #include "polarssl/havege.h" 37 | #endif 38 | 39 | #define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */ 40 | #define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */ 41 | #define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */ 42 | 43 | #if !defined(POLARSSL_CONFIG_OPTIONS) 44 | #define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 45 | #define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 46 | #endif /* !POLARSSL_CONFIG_OPTIONS */ 47 | 48 | #define ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ 49 | 50 | #define ENTROPY_SOURCE_MANUAL ENTROPY_MAX_SOURCES 51 | 52 | #ifdef __cplusplus 53 | extern "C" { 54 | #endif 55 | 56 | /** 57 | * \brief Entropy poll callback pointer 58 | * 59 | * \param data Callback-specific data pointer 60 | * \param output Data to fill 61 | * \param len Maximum size to provide 62 | * \param olen The actual amount of bytes put into the buffer (Can be 0) 63 | * 64 | * \return 0 if no critical failures occurred, 65 | * POLARSSL_ERR_ENTROPY_SOURCE_FAILED otherwise 66 | */ 67 | typedef int (*f_source_ptr)(void *, unsigned char *, size_t, size_t *); 68 | 69 | /** 70 | * \brief Entropy source state 71 | */ 72 | typedef struct 73 | { 74 | f_source_ptr f_source; /**< The entropy source callback */ 75 | void * p_source; /**< The callback data pointer */ 76 | size_t size; /**< Amount received */ 77 | size_t threshold; /**< Minimum level required before release */ 78 | } 79 | source_state; 80 | 81 | /** 82 | * \brief Entropy context structure 83 | */ 84 | typedef struct 85 | { 86 | sha4_context accumulator; 87 | int source_count; 88 | source_state source[ENTROPY_MAX_SOURCES]; 89 | #if defined(POLARSSL_HAVEGE_C) 90 | havege_state havege_data; 91 | #endif 92 | } 93 | entropy_context; 94 | 95 | /** 96 | * \brief Initialize the context 97 | * 98 | * \param ctx Entropy context to initialize 99 | */ 100 | void entropy_init( entropy_context *ctx ); 101 | 102 | /** 103 | * \brief Adds an entropy source to poll 104 | * 105 | * \param ctx Entropy context 106 | * \param f_source Entropy function 107 | * \param p_source Function data 108 | * \param threshold Minimum required from source before entropy is released 109 | * ( with entropy_func() ) 110 | * 111 | * \return 0 if successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES 112 | */ 113 | int entropy_add_source( entropy_context *ctx, 114 | f_source_ptr f_source, void *p_source, 115 | size_t threshold ); 116 | 117 | /** 118 | * \brief Trigger an extra gather poll for the accumulator 119 | * 120 | * \param ctx Entropy context 121 | * 122 | * \return 0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED 123 | */ 124 | int entropy_gather( entropy_context *ctx ); 125 | 126 | /** 127 | * \brief Retrieve entropy from the accumulator (Max ENTROPY_BLOCK_SIZE) 128 | * 129 | * \param data Entropy context 130 | * \param output Buffer to fill 131 | * \param len Length of buffer 132 | * 133 | * \return 0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED 134 | */ 135 | int entropy_func( void *data, unsigned char *output, size_t len ); 136 | 137 | /** 138 | * \brief Add data to the accumulator manually 139 | * 140 | * \param ctx Entropy context 141 | * \param data Data to add 142 | * \param len Length of data 143 | * 144 | * \return 0 if successful 145 | */ 146 | int entropy_update_manual( entropy_context *ctx, 147 | const unsigned char *data, size_t len ); 148 | 149 | #ifdef __cplusplus 150 | } 151 | #endif 152 | 153 | #endif /* entropy.h */ 154 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/entropy_poll.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file entropy_poll.h 3 | * 4 | * \brief Platform-specific and custom entropy polling functions 5 | * 6 | * Copyright (C) 2006-2011, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_ENTROPY_POLL_H 28 | #define POLARSSL_ENTROPY_POLL_H 29 | 30 | #include 31 | 32 | #include "polarssl/config.h" 33 | 34 | #ifdef __cplusplus 35 | extern "C" { 36 | #endif 37 | 38 | /* 39 | * Default thresholds for built-in sources 40 | */ 41 | #define ENTROPY_MIN_PLATFORM 128 /**< Minimum for platform source */ 42 | #define ENTROPY_MIN_HAVEGE 128 /**< Minimum for HAVEGE */ 43 | #define ENTROPY_MIN_HARDCLOCK 32 /**< Minimum for hardclock() */ 44 | 45 | #if !defined(POLARSSL_NO_PLATFORM_ENTROPY) 46 | /** 47 | * \brief Platform-specific entropy poll callback 48 | */ 49 | int platform_entropy_poll( void *data, 50 | unsigned char *output, size_t len, size_t *olen ); 51 | #endif 52 | 53 | #if defined(POLARSSL_HAVEGE_C) 54 | /** 55 | * \brief HAVEGE based entropy poll callback 56 | * 57 | * Requires an HAVEGE state as its data pointer. 58 | */ 59 | int havege_poll( void *data, 60 | unsigned char *output, size_t len, size_t *olen ); 61 | #endif 62 | 63 | #if defined(POLARSSL_TIMING_C) 64 | /** 65 | * \brief hardclock-based entropy poll callback 66 | */ 67 | int hardclock_poll( void *data, 68 | unsigned char *output, size_t len, size_t *olen ); 69 | #endif 70 | 71 | #ifdef __cplusplus 72 | } 73 | #endif 74 | 75 | #endif /* entropy_poll.h */ 76 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/error.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file error.h 3 | * 4 | * \brief Error to string translation 5 | * 6 | * Copyright (C) 2006-2010, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_ERROR_H 28 | #define POLARSSL_ERROR_H 29 | 30 | #include 31 | 32 | /** 33 | * Error code layout. 34 | * 35 | * Currently we try to keep all error codes within the negative space of 16 36 | * bytes signed integers to support all platforms (-0x0000 - -0x8000). In 37 | * addition we'd like to give two layers of information on the error if 38 | * possible. 39 | * 40 | * For that purpose the error codes are segmented in the following manner: 41 | * 42 | * 16 bit error code bit-segmentation 43 | * 44 | * 1 bit - Intentionally not used 45 | * 3 bits - High level module ID 46 | * 5 bits - Module-dependent error code 47 | * 6 bits - Low level module errors 48 | * 1 bit - Intentionally not used 49 | * 50 | * Low-level module errors (0x007E-0x0002) 51 | * 52 | * Module Nr Codes assigned 53 | * MPI 7 0x0002-0x0010 54 | * GCM 2 0x0012-0x0014 55 | * BLOWFISH 2 0x0016-0x0018 56 | * AES 2 0x0020-0x0022 57 | * CAMELLIA 2 0x0024-0x0026 58 | * XTEA 1 0x0028-0x0028 59 | * BASE64 2 0x002A-0x002C 60 | * PADLOCK 1 0x0030-0x0030 61 | * DES 1 0x0032-0x0032 62 | * CTR_DBRG 3 0x0034-0x003A 63 | * ENTROPY 3 0x003C-0x0040 64 | * NET 11 0x0042-0x0056 65 | * ASN1 7 0x0060-0x006C 66 | * MD2 1 0x0070-0x0070 67 | * MD4 1 0x0072-0x0072 68 | * MD5 1 0x0074-0x0074 69 | * SHA1 1 0x0076-0x0076 70 | * SHA2 1 0x0078-0x0078 71 | * SHA4 1 0x007A-0x007A 72 | * 73 | * High-level module nr (3 bits - 0x1...-0x8...) 74 | * Name ID Nr of Errors 75 | * PEM 1 9 76 | * PKCS#12 1 4 (Started from top) 77 | * X509 2 23 78 | * DHM 3 6 79 | * PKCS5 3 4 (Started from top) 80 | * RSA 4 9 81 | * MD 5 4 82 | * CIPHER 6 5 83 | * SSL 6 2 (Started from top) 84 | * SSL 7 31 85 | * 86 | * Module dependent error code (5 bits 0x.08.-0x.F8.) 87 | */ 88 | 89 | #ifdef __cplusplus 90 | extern "C" { 91 | #endif 92 | 93 | /** 94 | * \brief Translate a PolarSSL error code into a string representation, 95 | * Result is truncated if necessary and always includes a terminating 96 | * null byte. 97 | * 98 | * \param errnum error code 99 | * \param buffer buffer to place representation in 100 | * \param buflen length of the buffer 101 | */ 102 | void error_strerror( int errnum, char *buffer, size_t buflen ); 103 | 104 | #ifdef __cplusplus 105 | } 106 | #endif 107 | 108 | #endif /* error.h */ 109 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/havege.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file havege.h 3 | * 4 | * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion 5 | * 6 | * Copyright (C) 2006-2010, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_HAVEGE_H 28 | #define POLARSSL_HAVEGE_H 29 | 30 | #include 31 | 32 | #define COLLECT_SIZE 1024 33 | 34 | /** 35 | * \brief HAVEGE state structure 36 | */ 37 | typedef struct 38 | { 39 | int PT1, PT2, offset[2]; 40 | int pool[COLLECT_SIZE]; 41 | int WALK[8192]; 42 | } 43 | havege_state; 44 | 45 | #ifdef __cplusplus 46 | extern "C" { 47 | #endif 48 | 49 | /** 50 | * \brief HAVEGE initialization 51 | * 52 | * \param hs HAVEGE state to be initialized 53 | */ 54 | void havege_init( havege_state *hs ); 55 | 56 | /** 57 | * \brief HAVEGE rand function 58 | * 59 | * \param p_rng A HAVEGE state 60 | * \param output Buffer to fill 61 | * \param len Length of buffer 62 | * 63 | * \return 0 64 | */ 65 | int havege_random( void *p_rng, unsigned char *output, size_t len ); 66 | 67 | #ifdef __cplusplus 68 | } 69 | #endif 70 | 71 | #endif /* havege.h */ 72 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/md2.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file md2.h 3 | * 4 | * \brief MD2 message digest algorithm (hash function) 5 | * 6 | * Copyright (C) 2006-2013, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_MD2_H 28 | #define POLARSSL_MD2_H 29 | 30 | #include "polarssl/config.h" 31 | 32 | #include 33 | 34 | #define POLARSSL_ERR_MD2_FILE_IO_ERROR -0x0070 /**< Read/write error in file. */ 35 | 36 | #if !defined(POLARSSL_MD2_ALT) 37 | // Regular implementation 38 | // 39 | 40 | /** 41 | * \brief MD2 context structure 42 | */ 43 | typedef struct 44 | { 45 | unsigned char cksum[16]; /*!< checksum of the data block */ 46 | unsigned char state[48]; /*!< intermediate digest state */ 47 | unsigned char buffer[16]; /*!< data block being processed */ 48 | 49 | unsigned char ipad[16]; /*!< HMAC: inner padding */ 50 | unsigned char opad[16]; /*!< HMAC: outer padding */ 51 | size_t left; /*!< amount of data in buffer */ 52 | } 53 | md2_context; 54 | 55 | #ifdef __cplusplus 56 | extern "C" { 57 | #endif 58 | 59 | /** 60 | * \brief MD2 context setup 61 | * 62 | * \param ctx context to be initialized 63 | */ 64 | void md2_starts( md2_context *ctx ); 65 | 66 | /** 67 | * \brief MD2 process buffer 68 | * 69 | * \param ctx MD2 context 70 | * \param input buffer holding the data 71 | * \param ilen length of the input data 72 | */ 73 | void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen ); 74 | 75 | /** 76 | * \brief MD2 final digest 77 | * 78 | * \param ctx MD2 context 79 | * \param output MD2 checksum result 80 | */ 81 | void md2_finish( md2_context *ctx, unsigned char output[16] ); 82 | 83 | #ifdef __cplusplus 84 | } 85 | #endif 86 | 87 | #else /* POLARSSL_MD2_ALT */ 88 | #include "polarssl/md2_alt.h" 89 | #endif /* POLARSSL_MD2_ALT */ 90 | 91 | #ifdef __cplusplus 92 | extern "C" { 93 | #endif 94 | 95 | /** 96 | * \brief Output = MD2( input buffer ) 97 | * 98 | * \param input buffer holding the data 99 | * \param ilen length of the input data 100 | * \param output MD2 checksum result 101 | */ 102 | void md2( const unsigned char *input, size_t ilen, unsigned char output[16] ); 103 | 104 | /** 105 | * \brief Output = MD2( file contents ) 106 | * 107 | * \param path input file name 108 | * \param output MD2 checksum result 109 | * 110 | * \return 0 if successful, or POLARSSL_ERR_MD2_FILE_IO_ERROR 111 | */ 112 | int md2_file( const char *path, unsigned char output[16] ); 113 | 114 | /** 115 | * \brief MD2 HMAC context setup 116 | * 117 | * \param ctx HMAC context to be initialized 118 | * \param key HMAC secret key 119 | * \param keylen length of the HMAC key 120 | */ 121 | void md2_hmac_starts( md2_context *ctx, const unsigned char *key, size_t keylen ); 122 | 123 | /** 124 | * \brief MD2 HMAC process buffer 125 | * 126 | * \param ctx HMAC context 127 | * \param input buffer holding the data 128 | * \param ilen length of the input data 129 | */ 130 | void md2_hmac_update( md2_context *ctx, const unsigned char *input, size_t ilen ); 131 | 132 | /** 133 | * \brief MD2 HMAC final digest 134 | * 135 | * \param ctx HMAC context 136 | * \param output MD2 HMAC checksum result 137 | */ 138 | void md2_hmac_finish( md2_context *ctx, unsigned char output[16] ); 139 | 140 | /** 141 | * \brief MD2 HMAC context reset 142 | * 143 | * \param ctx HMAC context to be reset 144 | */ 145 | void md2_hmac_reset( md2_context *ctx ); 146 | 147 | /** 148 | * \brief Output = HMAC-MD2( hmac key, input buffer ) 149 | * 150 | * \param key HMAC secret key 151 | * \param keylen length of the HMAC key 152 | * \param input buffer holding the data 153 | * \param ilen length of the input data 154 | * \param output HMAC-MD2 result 155 | */ 156 | void md2_hmac( const unsigned char *key, size_t keylen, 157 | const unsigned char *input, size_t ilen, 158 | unsigned char output[16] ); 159 | 160 | /** 161 | * \brief Checkup routine 162 | * 163 | * \return 0 if successful, or 1 if the test failed 164 | */ 165 | int md2_self_test( int verbose ); 166 | 167 | #ifdef __cplusplus 168 | } 169 | #endif 170 | 171 | #endif /* md2.h */ 172 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/md4.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file md4.h 3 | * 4 | * \brief MD4 message digest algorithm (hash function) 5 | * 6 | * Copyright (C) 2006-2013, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_MD4_H 28 | #define POLARSSL_MD4_H 29 | 30 | #include "polarssl/config.h" 31 | 32 | #include 33 | 34 | #ifdef _MSC_VER 35 | #include 36 | typedef UINT32 uint32_t; 37 | #else 38 | #include 39 | #endif 40 | 41 | #define POLARSSL_ERR_MD4_FILE_IO_ERROR -0x0072 /**< Read/write error in file. */ 42 | 43 | #if !defined(POLARSSL_MD4_ALT) 44 | // Regular implementation 45 | // 46 | 47 | /** 48 | * \brief MD4 context structure 49 | */ 50 | typedef struct 51 | { 52 | uint32_t total[2]; /*!< number of bytes processed */ 53 | uint32_t state[4]; /*!< intermediate digest state */ 54 | unsigned char buffer[64]; /*!< data block being processed */ 55 | 56 | unsigned char ipad[64]; /*!< HMAC: inner padding */ 57 | unsigned char opad[64]; /*!< HMAC: outer padding */ 58 | } 59 | md4_context; 60 | 61 | #ifdef __cplusplus 62 | extern "C" { 63 | #endif 64 | 65 | /** 66 | * \brief MD4 context setup 67 | * 68 | * \param ctx context to be initialized 69 | */ 70 | void md4_starts( md4_context *ctx ); 71 | 72 | /** 73 | * \brief MD4 process buffer 74 | * 75 | * \param ctx MD4 context 76 | * \param input buffer holding the data 77 | * \param ilen length of the input data 78 | */ 79 | void md4_update( md4_context *ctx, const unsigned char *input, size_t ilen ); 80 | 81 | /** 82 | * \brief MD4 final digest 83 | * 84 | * \param ctx MD4 context 85 | * \param output MD4 checksum result 86 | */ 87 | void md4_finish( md4_context *ctx, unsigned char output[16] ); 88 | 89 | #ifdef __cplusplus 90 | } 91 | #endif 92 | 93 | #else /* POLARSSL_MD4_ALT */ 94 | #include "polarssl/md4_alt.h" 95 | #endif /* POLARSSL_MD4_ALT */ 96 | 97 | #ifdef __cplusplus 98 | extern "C" { 99 | #endif 100 | 101 | /** 102 | * \brief Output = MD4( input buffer ) 103 | * 104 | * \param input buffer holding the data 105 | * \param ilen length of the input data 106 | * \param output MD4 checksum result 107 | */ 108 | void md4( const unsigned char *input, size_t ilen, unsigned char output[16] ); 109 | 110 | /** 111 | * \brief Output = MD4( file contents ) 112 | * 113 | * \param path input file name 114 | * \param output MD4 checksum result 115 | * 116 | * \return 0 if successful, or POLARSSL_ERR_MD4_FILE_IO_ERROR 117 | */ 118 | int md4_file( const char *path, unsigned char output[16] ); 119 | 120 | /** 121 | * \brief MD4 HMAC context setup 122 | * 123 | * \param ctx HMAC context to be initialized 124 | * \param key HMAC secret key 125 | * \param keylen length of the HMAC key 126 | */ 127 | void md4_hmac_starts( md4_context *ctx, const unsigned char *key, size_t keylen ); 128 | 129 | /** 130 | * \brief MD4 HMAC process buffer 131 | * 132 | * \param ctx HMAC context 133 | * \param input buffer holding the data 134 | * \param ilen length of the input data 135 | */ 136 | void md4_hmac_update( md4_context *ctx, const unsigned char *input, size_t ilen ); 137 | 138 | /** 139 | * \brief MD4 HMAC final digest 140 | * 141 | * \param ctx HMAC context 142 | * \param output MD4 HMAC checksum result 143 | */ 144 | void md4_hmac_finish( md4_context *ctx, unsigned char output[16] ); 145 | 146 | /** 147 | * \brief MD4 HMAC context reset 148 | * 149 | * \param ctx HMAC context to be reset 150 | */ 151 | void md4_hmac_reset( md4_context *ctx ); 152 | 153 | /** 154 | * \brief Output = HMAC-MD4( hmac key, input buffer ) 155 | * 156 | * \param key HMAC secret key 157 | * \param keylen length of the HMAC key 158 | * \param input buffer holding the data 159 | * \param ilen length of the input data 160 | * \param output HMAC-MD4 result 161 | */ 162 | void md4_hmac( const unsigned char *key, size_t keylen, 163 | const unsigned char *input, size_t ilen, 164 | unsigned char output[16] ); 165 | 166 | /** 167 | * \brief Checkup routine 168 | * 169 | * \return 0 if successful, or 1 if the test failed 170 | */ 171 | int md4_self_test( int verbose ); 172 | 173 | #ifdef __cplusplus 174 | } 175 | #endif 176 | 177 | #endif /* md4.h */ 178 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/md_wrap.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file md_wrap.h 3 | * 4 | * \brief Message digest wrappers. 5 | * 6 | * \author Adriaan de Jong 7 | * 8 | * Copyright (C) 2006-2011, Brainspark B.V. 9 | * 10 | * This file is part of PolarSSL (http://www.polarssl.org) 11 | * Lead Maintainer: Paul Bakker 12 | * 13 | * All rights reserved. 14 | * 15 | * This program is free software; you can redistribute it and/or modify 16 | * it under the terms of the GNU General Public License as published by 17 | * the Free Software Foundation; either version 2 of the License, or 18 | * (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License along 26 | * with this program; if not, write to the Free Software Foundation, Inc., 27 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 28 | */ 29 | #ifndef POLARSSL_MD_WRAP_H 30 | #define POLARSSL_MD_WRAP_H 31 | 32 | #include "polarssl/config.h" 33 | #include "polarssl/md.h" 34 | 35 | #ifdef __cplusplus 36 | extern "C" { 37 | #endif 38 | 39 | #if defined(POLARSSL_MD2_C) 40 | extern const md_info_t md2_info; 41 | #endif 42 | #if defined(POLARSSL_MD4_C) 43 | extern const md_info_t md4_info; 44 | #endif 45 | #if defined(POLARSSL_MD5_C) 46 | extern const md_info_t md5_info; 47 | #endif 48 | #if defined(POLARSSL_SHA1_C) 49 | extern const md_info_t sha1_info; 50 | #endif 51 | #if defined(POLARSSL_SHA2_C) 52 | extern const md_info_t sha224_info; 53 | extern const md_info_t sha256_info; 54 | #endif 55 | #if defined(POLARSSL_SHA4_C) 56 | extern const md_info_t sha384_info; 57 | extern const md_info_t sha512_info; 58 | #endif 59 | 60 | #ifdef __cplusplus 61 | } 62 | #endif 63 | 64 | #endif /* POLARSSL_MD_WRAP_H */ 65 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/padlock.c: -------------------------------------------------------------------------------- 1 | /* 2 | * VIA PadLock support functions 3 | * 4 | * Copyright (C) 2006-2010, Brainspark B.V. 5 | * 6 | * This file is part of PolarSSL (http://www.polarssl.org) 7 | * Lead Maintainer: Paul Bakker 8 | * 9 | * All rights reserved. 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License along 22 | * with this program; if not, write to the Free Software Foundation, Inc., 23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 24 | */ 25 | /* 26 | * This implementation is based on the VIA PadLock Programming Guide: 27 | * 28 | * http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/ 29 | * programming_guide.pdf 30 | */ 31 | 32 | #include "polarssl/config.h" 33 | 34 | #if defined(POLARSSL_PADLOCK_C) 35 | 36 | #include "polarssl/padlock.h" 37 | 38 | #if defined(POLARSSL_HAVE_X86) 39 | 40 | /* 41 | * PadLock detection routine 42 | */ 43 | int padlock_supports( int feature ) 44 | { 45 | static int flags = -1; 46 | int ebx, edx; 47 | 48 | if( flags == -1 ) 49 | { 50 | __asm__( "movl %%ebx, %0 \n" \ 51 | "movl $0xC0000000, %%eax \n" \ 52 | "cpuid \n" \ 53 | "cmpl $0xC0000001, %%eax \n" \ 54 | "movl $0, %%edx \n" \ 55 | "jb unsupported \n" \ 56 | "movl $0xC0000001, %%eax \n" \ 57 | "cpuid \n" \ 58 | "unsupported: \n" \ 59 | "movl %%edx, %1 \n" \ 60 | "movl %2, %%ebx \n" 61 | : "=m" (ebx), "=m" (edx) 62 | : "m" (ebx) 63 | : "eax", "ecx", "edx" ); 64 | 65 | flags = edx; 66 | } 67 | 68 | return( flags & feature ); 69 | } 70 | 71 | /* 72 | * PadLock AES-ECB block en(de)cryption 73 | */ 74 | int padlock_xcryptecb( aes_context *ctx, 75 | int mode, 76 | const unsigned char input[16], 77 | unsigned char output[16] ) 78 | { 79 | int ebx; 80 | uint32_t *rk; 81 | uint32_t *blk; 82 | uint32_t *ctrl; 83 | unsigned char buf[256]; 84 | 85 | rk = ctx->rk; 86 | blk = PADLOCK_ALIGN16( buf ); 87 | memcpy( blk, input, 16 ); 88 | 89 | ctrl = blk + 4; 90 | *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 ); 91 | 92 | __asm__( "pushfl; popfl \n" \ 93 | "movl %%ebx, %0 \n" \ 94 | "movl $1, %%ecx \n" \ 95 | "movl %2, %%edx \n" \ 96 | "movl %3, %%ebx \n" \ 97 | "movl %4, %%esi \n" \ 98 | "movl %4, %%edi \n" \ 99 | ".byte 0xf3,0x0f,0xa7,0xc8\n" \ 100 | "movl %1, %%ebx \n" 101 | : "=m" (ebx) 102 | : "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk) 103 | : "ecx", "edx", "esi", "edi" ); 104 | 105 | memcpy( output, blk, 16 ); 106 | 107 | return( 0 ); 108 | } 109 | 110 | /* 111 | * PadLock AES-CBC buffer en(de)cryption 112 | */ 113 | int padlock_xcryptcbc( aes_context *ctx, 114 | int mode, 115 | size_t length, 116 | unsigned char iv[16], 117 | const unsigned char *input, 118 | unsigned char *output ) 119 | { 120 | int ebx; 121 | size_t count; 122 | uint32_t *rk; 123 | uint32_t *iw; 124 | uint32_t *ctrl; 125 | unsigned char buf[256]; 126 | 127 | if( ( (long) input & 15 ) != 0 || 128 | ( (long) output & 15 ) != 0 ) 129 | return( POLARSSL_ERR_PADLOCK_DATA_MISALIGNED ); 130 | 131 | rk = ctx->rk; 132 | iw = PADLOCK_ALIGN16( buf ); 133 | memcpy( iw, iv, 16 ); 134 | 135 | ctrl = iw + 4; 136 | *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + (mode^1) - 10 ) << 9 ); 137 | 138 | count = (length + 15) >> 4; 139 | 140 | __asm__( "pushfl; popfl \n" \ 141 | "movl %%ebx, %0 \n" \ 142 | "movl %2, %%ecx \n" \ 143 | "movl %3, %%edx \n" \ 144 | "movl %4, %%ebx \n" \ 145 | "movl %5, %%esi \n" \ 146 | "movl %6, %%edi \n" \ 147 | "movl %7, %%eax \n" \ 148 | ".byte 0xf3,0x0f,0xa7,0xd0\n" \ 149 | "movl %1, %%ebx \n" 150 | : "=m" (ebx) 151 | : "m" (ebx), "m" (count), "m" (ctrl), 152 | "m" (rk), "m" (input), "m" (output), "m" (iw) 153 | : "eax", "ecx", "edx", "esi", "edi" ); 154 | 155 | memcpy( iv, iw, 16 ); 156 | 157 | return( 0 ); 158 | } 159 | 160 | #endif 161 | 162 | #endif 163 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/padlock.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file padlock.h 3 | * 4 | * \brief VIA PadLock ACE for HW encryption/decryption supported by some processors 5 | * 6 | * Copyright (C) 2006-2010, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_PADLOCK_H 28 | #define POLARSSL_PADLOCK_H 29 | 30 | #include "polarssl/aes.h" 31 | 32 | #define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */ 33 | 34 | #if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) 35 | 36 | #ifndef POLARSSL_HAVE_X86 37 | #define POLARSSL_HAVE_X86 38 | #endif 39 | 40 | #ifdef _MSC_VER 41 | #include 42 | typedef INT32 int32_t; 43 | #else 44 | #include 45 | #endif 46 | 47 | 48 | #define PADLOCK_RNG 0x000C 49 | #define PADLOCK_ACE 0x00C0 50 | #define PADLOCK_PHE 0x0C00 51 | #define PADLOCK_PMM 0x3000 52 | 53 | #define PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15)) 54 | 55 | #ifdef __cplusplus 56 | extern "C" { 57 | #endif 58 | 59 | /** 60 | * \brief PadLock detection routine 61 | * 62 | * \param The feature to detect 63 | * 64 | * \return 1 if CPU has support for the feature, 0 otherwise 65 | */ 66 | int padlock_supports( int feature ); 67 | 68 | /** 69 | * \brief PadLock AES-ECB block en(de)cryption 70 | * 71 | * \param ctx AES context 72 | * \param mode AES_ENCRYPT or AES_DECRYPT 73 | * \param input 16-byte input block 74 | * \param output 16-byte output block 75 | * 76 | * \return 0 if success, 1 if operation failed 77 | */ 78 | int padlock_xcryptecb( aes_context *ctx, 79 | int mode, 80 | const unsigned char input[16], 81 | unsigned char output[16] ); 82 | 83 | /** 84 | * \brief PadLock AES-CBC buffer en(de)cryption 85 | * 86 | * \param ctx AES context 87 | * \param mode AES_ENCRYPT or AES_DECRYPT 88 | * \param length length of the input data 89 | * \param iv initialization vector (updated after use) 90 | * \param input buffer holding the input data 91 | * \param output buffer holding the output data 92 | * 93 | * \return 0 if success, 1 if operation failed 94 | */ 95 | int padlock_xcryptcbc( aes_context *ctx, 96 | int mode, 97 | size_t length, 98 | unsigned char iv[16], 99 | const unsigned char *input, 100 | unsigned char *output ); 101 | 102 | #ifdef __cplusplus 103 | } 104 | #endif 105 | 106 | #endif /* HAVE_X86 */ 107 | 108 | #endif /* padlock.h */ 109 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/pbkdf2.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pbkdf2.h 3 | * 4 | * \brief Password-Based Key Derivation Function 2 (from PKCS#5) 5 | * DEPRECATED: use pkcs5.h instead. 6 | * 7 | * \author Mathias Olsson 8 | * 9 | * Copyright (C) 2006-2012, Brainspark B.V. 10 | * 11 | * This file is part of PolarSSL (http://www.polarssl.org) 12 | * Lead Maintainer: Paul Bakker 13 | * 14 | * All rights reserved. 15 | * 16 | * This program is free software; you can redistribute it and/or modify 17 | * it under the terms of the GNU General Public License as published by 18 | * the Free Software Foundation; either version 2 of the License, or 19 | * (at your option) any later version. 20 | * 21 | * This program is distributed in the hope that it will be useful, 22 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 23 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 24 | * GNU General Public License for more details. 25 | * 26 | * You should have received a copy of the GNU General Public License along 27 | * with this program; if not, write to the Free Software Foundation, Inc., 28 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 29 | */ 30 | #ifndef POLARSSL_PBKDF2_H 31 | #define POLARSSL_PBKDF2_H 32 | 33 | #include 34 | 35 | #include "polarssl/md.h" 36 | 37 | #ifdef _MSC_VER 38 | #include 39 | typedef UINT32 uint32_t; 40 | #else 41 | #include 42 | #endif 43 | 44 | #define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA -0x007C /**< Bad input parameters to function. */ 45 | 46 | #ifdef __cplusplus 47 | extern "C" { 48 | #endif 49 | 50 | /** 51 | * \brief PKCS#5 PBKDF2 using HMAC 52 | * DEPRECATED: Use pkcs5_pbkdf2_hmac() instead! 53 | * 54 | * \param ctx Generic HMAC context 55 | * \param password Password to use when generating key 56 | * \param plen Length of password 57 | * \param salt Salt to use when generating key 58 | * \param slen Length of salt 59 | * \param iteration_count Iteration count 60 | * \param key_length Length of generated key 61 | * \param output Generated key. Must be at least as big as key_length 62 | * 63 | * \returns 0 on success, or a PolarSSL error code if verification fails. 64 | */ 65 | int pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, 66 | size_t plen, const unsigned char *salt, size_t slen, 67 | unsigned int iteration_count, 68 | uint32_t key_length, unsigned char *output ); 69 | 70 | /** 71 | * \brief Checkup routine 72 | * DEPRECATED: Use pkcs5_self_test() instead! 73 | * 74 | * \return 0 if successful, or 1 if the test failed 75 | */ 76 | int pbkdf2_self_test( int verbose ); 77 | 78 | #ifdef __cplusplus 79 | } 80 | #endif 81 | 82 | #endif /* pbkdf2.h */ 83 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/pem.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pem.h 3 | * 4 | * \brief Privacy Enhanced Mail (PEM) decoding 5 | * 6 | * Copyright (C) 2006-2013, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_PEM_H 28 | #define POLARSSL_PEM_H 29 | 30 | #include 31 | 32 | /** 33 | * \name PEM Error codes 34 | * These error codes are returned in case of errors reading the 35 | * PEM data. 36 | * \{ 37 | */ 38 | #define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 /**< No PEM header or footer found. */ 39 | #define POLARSSL_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */ 40 | #define POLARSSL_ERR_PEM_MALLOC_FAILED -0x1180 /**< Failed to allocate memory. */ 41 | #define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */ 42 | #define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 /**< Unsupported key encryption algorithm. */ 43 | #define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */ 44 | #define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */ 45 | #define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */ 46 | #define POLARSSL_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Bad input parameters to function. */ 47 | /* \} name */ 48 | 49 | /** 50 | * \brief PEM context structure 51 | */ 52 | typedef struct 53 | { 54 | unsigned char *buf; /*!< buffer for decoded data */ 55 | size_t buflen; /*!< length of the buffer */ 56 | unsigned char *info; /*!< buffer for extra header information */ 57 | } 58 | pem_context; 59 | 60 | #ifdef __cplusplus 61 | extern "C" { 62 | #endif 63 | 64 | /** 65 | * \brief PEM context setup 66 | * 67 | * \param ctx context to be initialized 68 | */ 69 | void pem_init( pem_context *ctx ); 70 | 71 | /** 72 | * \brief Read a buffer for PEM information and store the resulting 73 | * data into the specified context buffers. 74 | * 75 | * \param ctx context to use 76 | * \param header header string to seek and expect 77 | * \param footer footer string to seek and expect 78 | * \param data source data to look in 79 | * \param pwd password for decryption (can be NULL) 80 | * \param pwdlen length of password 81 | * \param use_len destination for total length used (set after header is 82 | * correctly read, so unless you get 83 | * POLARSSL_ERR_PEM_BAD_INPUT_DATA or 84 | * POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is 85 | * the length to skip) 86 | * 87 | * \return 0 on success, ior a specific PEM error code 88 | */ 89 | int pem_read_buffer( pem_context *ctx, char *header, char *footer, 90 | const unsigned char *data, 91 | const unsigned char *pwd, 92 | size_t pwdlen, size_t *use_len ); 93 | 94 | /** 95 | * \brief PEM context memory freeing 96 | * 97 | * \param ctx context to be freed 98 | */ 99 | void pem_free( pem_context *ctx ); 100 | 101 | #ifdef __cplusplus 102 | } 103 | #endif 104 | 105 | #endif /* pem.h */ 106 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/pkcs5.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pkcs#5.h 3 | * 4 | * \brief PKCS#5 functions 5 | * 6 | * \author Mathias Olsson 7 | * 8 | * Copyright (C) 2006-2013, Brainspark B.V. 9 | * 10 | * This file is part of PolarSSL (http://www.polarssl.org) 11 | * Lead Maintainer: Paul Bakker 12 | * 13 | * All rights reserved. 14 | * 15 | * This program is free software; you can redistribute it and/or modify 16 | * it under the terms of the GNU General Public License as published by 17 | * the Free Software Foundation; either version 2 of the License, or 18 | * (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License along 26 | * with this program; if not, write to the Free Software Foundation, Inc., 27 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 28 | */ 29 | #ifndef POLARSSL_PKCS5_H 30 | #define POLARSSL_PKCS5_H 31 | 32 | #include 33 | 34 | #include "polarssl/asn1.h" 35 | #include "polarssl/md.h" 36 | 37 | #ifdef _MSC_VER 38 | #include 39 | typedef UINT32 uint32_t; 40 | #else 41 | #include 42 | #endif 43 | 44 | #define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA -0x3f80 /**< Bad input parameters to function. */ 45 | #define POLARSSL_ERR_PKCS5_INVALID_FORMAT -0x3f00 /**< Unexpected ASN.1 data. */ 46 | #define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE -0x3e80 /**< Requested encryption or digest alg not available. */ 47 | #define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH -0x3e00 /**< Given private key password does not allow for correct decryption. */ 48 | 49 | #define PKCS5_DECRYPT 0 50 | #define PKCS5_ENCRYPT 1 51 | 52 | /* 53 | * PKCS#5 OIDs 54 | */ 55 | #define OID_PKCS5 "\x2a\x86\x48\x86\xf7\x0d\x01\x05" 56 | #define OID_PKCS5_PBES2 OID_PKCS5 "\x0d" 57 | #define OID_PKCS5_PBKDF2 OID_PKCS5 "\x0c" 58 | 59 | /* 60 | * Encryption Algorithm OIDs 61 | */ 62 | #define OID_DES_CBC "\x2b\x0e\x03\x02\x07" 63 | #define OID_DES_EDE3_CBC "\x2a\x86\x48\x86\xf7\x0d\x03\x07" 64 | 65 | /* 66 | * Digest Algorithm OIDs 67 | */ 68 | #define OID_HMAC_SHA1 "\x2a\x86\x48\x86\xf7\x0d\x02\x07" 69 | 70 | #ifdef __cplusplus 71 | extern "C" { 72 | #endif 73 | 74 | /** 75 | * \brief PKCS#5 PBES2 function 76 | * 77 | * \param pbe_params the ASN.1 algorithm parameters 78 | * \param mode either PKCS5_DECRYPT or PKCS5_ENCRYPT 79 | * \param pwd password to use when generating key 80 | * \param plen length of password 81 | * \param data data to process 82 | * \param datalen length of data 83 | * \param output output buffer 84 | * 85 | * \returns 0 on success, or a PolarSSL error code if verification fails. 86 | */ 87 | int pkcs5_pbes2( asn1_buf *pbe_params, int mode, 88 | const unsigned char *pwd, size_t pwdlen, 89 | const unsigned char *data, size_t datalen, 90 | unsigned char *output ); 91 | 92 | /** 93 | * \brief PKCS#5 PBKDF2 using HMAC 94 | * 95 | * \param ctx Generic HMAC context 96 | * \param password Password to use when generating key 97 | * \param plen Length of password 98 | * \param salt Salt to use when generating key 99 | * \param slen Length of salt 100 | * \param iteration_count Iteration count 101 | * \param key_length Length of generated key 102 | * \param output Generated key. Must be at least as big as key_length 103 | * 104 | * \returns 0 on success, or a PolarSSL error code if verification fails. 105 | */ 106 | int pkcs5_pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, 107 | size_t plen, const unsigned char *salt, size_t slen, 108 | unsigned int iteration_count, 109 | uint32_t key_length, unsigned char *output ); 110 | 111 | /** 112 | * \brief Checkup routine 113 | * 114 | * \return 0 if successful, or 1 if the test failed 115 | */ 116 | int pkcs5_self_test( int verbose ); 117 | 118 | #ifdef __cplusplus 119 | } 120 | #endif 121 | 122 | #endif /* pkcs5.h */ 123 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/ssl_cache.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ssl_cache.h 3 | * 4 | * \brief SSL session cache implementation 5 | * 6 | * Copyright (C) 2006-2013, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_SSL_CACHE_H 28 | #define POLARSSL_SSL_CACHE_H 29 | 30 | #include "polarssl/ssl.h" 31 | 32 | #if !defined(POLARSSL_CONFIG_OPTIONS) 33 | #define SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */ 34 | #define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */ 35 | #endif /* !POLARSSL_CONFIG_OPTIONS */ 36 | 37 | #ifdef __cplusplus 38 | extern "C" { 39 | #endif 40 | 41 | typedef struct _ssl_cache_context ssl_cache_context; 42 | typedef struct _ssl_cache_entry ssl_cache_entry; 43 | 44 | /** 45 | * \brief This structure is used for storing cache entries 46 | */ 47 | struct _ssl_cache_entry 48 | { 49 | time_t timestamp; /*!< entry timestamp */ 50 | ssl_session session; /*!< entry session */ 51 | x509_buf peer_cert; /*!< entry peer_cert */ 52 | ssl_cache_entry *next; /*!< chain pointer */ 53 | }; 54 | 55 | /** 56 | * \brief Cache context 57 | */ 58 | struct _ssl_cache_context 59 | { 60 | ssl_cache_entry *chain; /*!< start of the chain */ 61 | int timeout; /*!< cache entry timeout */ 62 | int max_entries; /*!< maximum entries */ 63 | }; 64 | 65 | /** 66 | * \brief Initialize an SSL cache context 67 | * 68 | * \param cache SSL cache context 69 | */ 70 | void ssl_cache_init( ssl_cache_context *cache ); 71 | 72 | /** 73 | * \brief Cache get callback implementation 74 | * 75 | * \param data SSL cache context 76 | * \param session session to retrieve entry for 77 | */ 78 | int ssl_cache_get( void *data, ssl_session *session ); 79 | 80 | /** 81 | * \brief Cache set callback implementation 82 | * 83 | * \param data SSL cache context 84 | * \param session session to store entry for 85 | */ 86 | int ssl_cache_set( void *data, const ssl_session *session ); 87 | 88 | /** 89 | * \brief Set the cache timeout 90 | * (Default: SSL_CACHE_DEFAULT_TIMEOUT (1 day)) 91 | * 92 | * A timeout of 0 indicates no timeout. 93 | * 94 | * \param cache SSL cache context 95 | * \param timeout cache entry timeout 96 | */ 97 | void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout ); 98 | 99 | /** 100 | * \brief Set the cache timeout 101 | * (Default: SSL_CACHE_DEFAULT_MAX_ENTRIES (50)) 102 | * 103 | * \param cache SSL cache context 104 | * \param max cache entry maximum 105 | */ 106 | void ssl_cache_set_max_entries( ssl_cache_context *cache, int max ); 107 | 108 | /** 109 | * \brief Free referenced items in a cache context and clear memory 110 | * 111 | * \param cache SSL cache context 112 | */ 113 | void ssl_cache_free( ssl_cache_context *cache ); 114 | 115 | #ifdef __cplusplus 116 | } 117 | #endif 118 | 119 | #endif /* ssl_cache.h */ 120 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/timing.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file timing.h 3 | * 4 | * \brief Portable interface to the CPU cycle counter 5 | * 6 | * Copyright (C) 2006-2010, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_TIMING_H 28 | #define POLARSSL_TIMING_H 29 | 30 | /** 31 | * \brief timer structure 32 | */ 33 | struct hr_time 34 | { 35 | unsigned char opaque[32]; 36 | }; 37 | 38 | #ifdef __cplusplus 39 | extern "C" { 40 | #endif 41 | 42 | extern volatile int alarmed; 43 | 44 | /** 45 | * \brief Return the CPU cycle counter value 46 | */ 47 | unsigned long hardclock( void ); 48 | 49 | /** 50 | * \brief Return the elapsed time in milliseconds 51 | * 52 | * \param val points to a timer structure 53 | * \param reset if set to 1, the timer is restarted 54 | */ 55 | unsigned long get_timer( struct hr_time *val, int reset ); 56 | 57 | /** 58 | * \brief Setup an alarm clock 59 | * 60 | * \param seconds delay before the "alarmed" flag is set 61 | */ 62 | void set_alarm( int seconds ); 63 | 64 | /** 65 | * \brief Sleep for a certain amount of time 66 | * 67 | * \param milliseconds delay in milliseconds 68 | */ 69 | void m_sleep( int milliseconds ); 70 | 71 | #ifdef __cplusplus 72 | } 73 | #endif 74 | 75 | #endif /* timing.h */ 76 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/version.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file version.h 3 | * 4 | * \brief Run-time version information 5 | * 6 | * Copyright (C) 2006-2012, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | /* 28 | * This set of compile-time defines and run-time variables can be used to 29 | * determine the version number of the PolarSSL library used. 30 | */ 31 | #ifndef POLARSSL_VERSION_H 32 | #define POLARSSL_VERSION_H 33 | 34 | #include "polarssl/config.h" 35 | 36 | /** 37 | * The version number x.y.z is split into three parts. 38 | * Major, Minor, Patchlevel 39 | */ 40 | #define POLARSSL_VERSION_MAJOR 1 41 | #define POLARSSL_VERSION_MINOR 2 42 | #define POLARSSL_VERSION_PATCH 8 43 | 44 | /** 45 | * The single version number has the following structure: 46 | * MMNNPP00 47 | * Major version | Minor version | Patch version 48 | */ 49 | #define POLARSSL_VERSION_NUMBER 0x01020800 50 | #define POLARSSL_VERSION_STRING "1.2.8" 51 | #define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.2.8" 52 | 53 | #if defined(POLARSSL_VERSION_C) 54 | 55 | /** 56 | * Get the version number. 57 | * 58 | * \return The constructed version number in the format 59 | * MMNNPP00 (Major, Minor, Patch). 60 | */ 61 | unsigned int version_get_number( void ); 62 | 63 | /** 64 | * Get the version string ("x.y.z"). 65 | * 66 | * \param string The string that will receive the value. 67 | * (Should be at least 9 bytes in size) 68 | */ 69 | void version_get_string( char *string ); 70 | 71 | /** 72 | * Get the full version string ("PolarSSL x.y.z"). 73 | * 74 | * \param string The string that will receive the value. 75 | * (Should be at least 18 bytes in size) 76 | */ 77 | void version_get_string_full( char *string ); 78 | 79 | #endif /* POLARSSL_VERSION_C */ 80 | 81 | #endif /* version.h */ 82 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/x509write.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file x509write.h 3 | * 4 | * \brief X509 buffer writing functionality 5 | * 6 | * Copyright (C) 2006-2012, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_X509_WRITE_H 28 | #define POLARSSL_X509_WRITE_H 29 | 30 | #include "polarssl/rsa.h" 31 | 32 | typedef struct _x509_req_name 33 | { 34 | char oid[128]; 35 | char name[128]; 36 | 37 | struct _x509_req_name *next; 38 | } 39 | x509_req_name; 40 | 41 | int x509_write_pubkey_der( unsigned char *buf, size_t size, rsa_context *rsa ); 42 | int x509_write_key_der( unsigned char *buf, size_t size, rsa_context *rsa ); 43 | int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa, 44 | x509_req_name *req_name, int hash_id ); 45 | 46 | #endif /* POLARSSL_X509_WRITE_H */ 47 | -------------------------------------------------------------------------------- /common/pack_tool_src/source/polarssl/xtea.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file xtea.h 3 | * 4 | * \brief XTEA block cipher (32-bit) 5 | * 6 | * Copyright (C) 2006-2013, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_XTEA_H 28 | #define POLARSSL_XTEA_H 29 | 30 | #include "polarssl/config.h" 31 | 32 | #include 33 | 34 | #ifdef _MSC_VER 35 | #include 36 | typedef UINT32 uint32_t; 37 | #else 38 | #include 39 | #endif 40 | 41 | #define XTEA_ENCRYPT 1 42 | #define XTEA_DECRYPT 0 43 | 44 | #define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */ 45 | 46 | #if !defined(POLARSSL_XTEA_ALT) 47 | // Regular implementation 48 | // 49 | 50 | /** 51 | * \brief XTEA context structure 52 | */ 53 | typedef struct 54 | { 55 | uint32_t k[4]; /*!< key */ 56 | } 57 | xtea_context; 58 | 59 | #ifdef __cplusplus 60 | extern "C" { 61 | #endif 62 | 63 | /** 64 | * \brief XTEA key schedule 65 | * 66 | * \param ctx XTEA context to be initialized 67 | * \param key the secret key 68 | */ 69 | void xtea_setup( xtea_context *ctx, unsigned char key[16] ); 70 | 71 | /** 72 | * \brief XTEA cipher function 73 | * 74 | * \param ctx XTEA context 75 | * \param mode XTEA_ENCRYPT or XTEA_DECRYPT 76 | * \param input 8-byte input block 77 | * \param output 8-byte output block 78 | * 79 | * \return 0 if successful 80 | */ 81 | int xtea_crypt_ecb( xtea_context *ctx, 82 | int mode, 83 | unsigned char input[8], 84 | unsigned char output[8] ); 85 | 86 | /** 87 | * \brief XTEA CBC cipher function 88 | * 89 | * \param ctx XTEA context 90 | * \param mode XTEA_ENCRYPT or XTEA_DECRYPT 91 | * \param length the length of input, multiple of 8 92 | * \param iv initialization vector for CBC mode 93 | * \param input input block 94 | * \param output output block 95 | * 96 | * \return 0 if successful, 97 | * POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0 98 | */ 99 | int xtea_crypt_cbc( xtea_context *ctx, 100 | int mode, 101 | size_t length, 102 | unsigned char iv[8], 103 | unsigned char *input, 104 | unsigned char *output); 105 | 106 | #ifdef __cplusplus 107 | } 108 | #endif 109 | 110 | #else /* POLARSSL_XTEA_ALT */ 111 | #include "polarssl/xtea_alt.h" 112 | #endif /* POLARSSL_XTEA_ALT */ 113 | 114 | #ifdef __cplusplus 115 | extern "C" { 116 | #endif 117 | 118 | /** 119 | * \brief Checkup routine 120 | * 121 | * \return 0 if successful, or 1 if the test failed 122 | */ 123 | int xtea_self_test( int verbose ); 124 | 125 | #ifdef __cplusplus 126 | } 127 | #endif 128 | 129 | #endif /* xtea.h */ 130 | -------------------------------------------------------------------------------- /common/payload_stage1.ld: -------------------------------------------------------------------------------- 1 | OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm") 2 | OUTPUT_ARCH(arm) 3 | ENTRY(_start) 4 | 5 | MEMORY 6 | { 7 | /* ram : ORIGIN = 0x0808FB90, LENGTH = 0x5k */ 8 | ram : ORIGIN = 0x00, LENGTH = 0x5k 9 | } 10 | 11 | SECTIONS 12 | { 13 | .init : 14 | { 15 | __text_start = . ; 16 | KEEP (*(.init)) 17 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 18 | } >ram = 0xff 19 | .plt : { *(.plt) } >ram = 0xff 20 | 21 | .text.start : /* ALIGN (4): */ 22 | { 23 | *(.text.start) 24 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 25 | } >ram = 0xff 26 | 27 | .text : /* ALIGN (4): */ 28 | { 29 | *(.text .stub .text.* .gnu.linkonce.t.*) 30 | KEEP (*(.text.*personality*)) 31 | /* .gnu.warning sections are handled specially by elf32.em. */ 32 | *(.gnu.warning) 33 | *(.glue_7t) *(.glue_7) *(.vfp11_veneer) 34 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 35 | } >ram = 0xff 36 | 37 | .fini : 38 | { 39 | KEEP (*(.fini)) 40 | } >ram =0xff 41 | 42 | __text_end = . ; 43 | 44 | .rodata : 45 | { 46 | *(.rodata) 47 | *all.rodata*(*) 48 | *(.roda) 49 | *(.rodata.*) 50 | *(.gnu.linkonce.r*) 51 | SORT(CONSTRUCTORS) 52 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 53 | } >ram = 0xff 54 | 55 | .ARM.extab : { *(.ARM.extab* .gnu.linkonce.armextab.*) } >ram 56 | __exidx_start = .; 57 | .ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) } >ram 58 | __exidx_end = .; 59 | 60 | /* Ensure the __preinit_array_start label is properly aligned. We 61 | could instead move the label definition inside the section, but 62 | the linker would then create the section even if it turns out to 63 | be empty, which isn't pretty. */ 64 | . = ALIGN(32 / 8); 65 | PROVIDE (__preinit_array_start = .); 66 | .preinit_array : { KEEP (*(.preinit_array)) } >ram = 0xff 67 | PROVIDE (__preinit_array_end = .); 68 | PROVIDE (__init_array_start = .); 69 | .init_array : { KEEP (*(.init_array)) } >ram = 0xff 70 | PROVIDE (__init_array_end = .); 71 | PROVIDE (__fini_array_start = .); 72 | .fini_array : { KEEP (*(.fini_array)) } >ram = 0xff 73 | PROVIDE (__fini_array_end = .); 74 | 75 | .ctors : 76 | { 77 | /* gcc uses crtbegin.o to find the start of the constructors, so 78 | we make sure it is first. Because this is a wildcard, it 79 | doesn't matter if the user does not actually link against 80 | crtbegin.o; the linker won't look for a file to match a 81 | wildcard. The wildcard also means that it doesn't matter which 82 | directory crtbegin.o is in. */ 83 | KEEP (*crtbegin.o(.ctors)) 84 | KEEP (*(EXCLUDE_FILE (*crtend.o) .ctors)) 85 | KEEP (*(SORT(.ctors.*))) 86 | KEEP (*(.ctors)) 87 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 88 | } >ram = 0xff 89 | 90 | .dtors : 91 | { 92 | KEEP (*crtbegin.o(.dtors)) 93 | KEEP (*(EXCLUDE_FILE (*crtend.o) .dtors)) 94 | KEEP (*(SORT(.dtors.*))) 95 | KEEP (*(.dtors)) 96 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 97 | } >ram = 0xff 98 | 99 | .eh_frame : 100 | { 101 | KEEP (*(.eh_frame)) 102 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 103 | } >ram = 0xff 104 | 105 | .gcc_except_table : 106 | { 107 | *(.gcc_except_table) 108 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 109 | } >ram = 0xff 110 | .jcr : { KEEP (*(.jcr)) } >ram = 0 111 | .got : { 112 | __got_start = .; 113 | *(.got.plt) *(.got) 114 | } >ram = 0 115 | __got_end = .; 116 | 117 | .data ALIGN(4) : { 118 | __data_start = ABSOLUTE(.); 119 | *(.data) 120 | *(.data.*) 121 | *(.gnu.linkonce.d*) 122 | CONSTRUCTORS 123 | . = ALIGN(4); 124 | __data_end = ABSOLUTE(.) ; 125 | } >ram = 0xff 126 | 127 | .bss ALIGN(4) : 128 | { 129 | __bss_start = ABSOLUTE(.); 130 | __bss_start__ = ABSOLUTE(.); 131 | *(.dynbss) 132 | *(.gnu.linkonce.b*) 133 | *(.bss*) 134 | *(COMMON) 135 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 136 | __bss_end__ = ABSOLUTE(.); 137 | __end__ = ABSOLUTE(.); 138 | } >ram 139 | 140 | .stack 0x80000 : { _stack = .; *(.stack) } 141 | } 142 | -------------------------------------------------------------------------------- /common/payload_stage1.specs: -------------------------------------------------------------------------------- 1 | %rename link old_link 2 | 3 | *link: 4 | %(old_link) -T ../../common/payload_stage1.ld%s 5 | 6 | -------------------------------------------------------------------------------- /common/payload_stage2.ld: -------------------------------------------------------------------------------- 1 | OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm") 2 | OUTPUT_ARCH(arm) 3 | ENTRY(_start) 4 | 5 | MEMORY 6 | { 7 | ram : ORIGIN = 0x00, LENGTH = 0x10000K 8 | } 9 | 10 | SECTIONS 11 | { 12 | .init : 13 | { 14 | __text_start = . ; 15 | KEEP (*(.init)) 16 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 17 | } >ram = 0xff 18 | .plt : { *(.plt) } >ram = 0xff 19 | 20 | .text.start : /* ALIGN (4): */ 21 | { 22 | *(.text.start) 23 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 24 | } >ram = 0xff 25 | 26 | .text : /* ALIGN (4): */ 27 | { 28 | *(.text .stub .text.* .gnu.linkonce.t.*) 29 | KEEP (*(.text.*personality*)) 30 | /* .gnu.warning sections are handled specially by elf32.em. */ 31 | *(.gnu.warning) 32 | *(.glue_7t) *(.glue_7) *(.vfp11_veneer) 33 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 34 | } >ram = 0xff 35 | 36 | .fini : 37 | { 38 | KEEP (*(.fini)) 39 | } >ram =0xff 40 | 41 | __text_end = . ; 42 | 43 | .rodata : 44 | { 45 | *(.rodata) 46 | *all.rodata*(*) 47 | *(.roda) 48 | *(.rodata.*) 49 | *(.gnu.linkonce.r*) 50 | SORT(CONSTRUCTORS) 51 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 52 | } >ram = 0xff 53 | 54 | .ARM.extab : { *(.ARM.extab* .gnu.linkonce.armextab.*) } >ram 55 | __exidx_start = .; 56 | .ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) } >ram 57 | __exidx_end = .; 58 | 59 | /* Ensure the __preinit_array_start label is properly aligned. We 60 | could instead move the label definition inside the section, but 61 | the linker would then create the section even if it turns out to 62 | be empty, which isn't pretty. */ 63 | . = ALIGN(32 / 8); 64 | PROVIDE (__preinit_array_start = .); 65 | .preinit_array : { KEEP (*(.preinit_array)) } >ram = 0xff 66 | PROVIDE (__preinit_array_end = .); 67 | PROVIDE (__init_array_start = .); 68 | .init_array : { KEEP (*(.init_array)) } >ram = 0xff 69 | PROVIDE (__init_array_end = .); 70 | PROVIDE (__fini_array_start = .); 71 | .fini_array : { KEEP (*(.fini_array)) } >ram = 0xff 72 | PROVIDE (__fini_array_end = .); 73 | 74 | .ctors : 75 | { 76 | /* gcc uses crtbegin.o to find the start of the constructors, so 77 | we make sure it is first. Because this is a wildcard, it 78 | doesn't matter if the user does not actually link against 79 | crtbegin.o; the linker won't look for a file to match a 80 | wildcard. The wildcard also means that it doesn't matter which 81 | directory crtbegin.o is in. */ 82 | KEEP (*crtbegin.o(.ctors)) 83 | KEEP (*(EXCLUDE_FILE (*crtend.o) .ctors)) 84 | KEEP (*(SORT(.ctors.*))) 85 | KEEP (*(.ctors)) 86 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 87 | } >ram = 0xff 88 | 89 | .dtors : 90 | { 91 | KEEP (*crtbegin.o(.dtors)) 92 | KEEP (*(EXCLUDE_FILE (*crtend.o) .dtors)) 93 | KEEP (*(SORT(.dtors.*))) 94 | KEEP (*(.dtors)) 95 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 96 | } >ram = 0xff 97 | 98 | .eh_frame : 99 | { 100 | KEEP (*(.eh_frame)) 101 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 102 | } >ram = 0xff 103 | 104 | .gcc_except_table : 105 | { 106 | *(.gcc_except_table) 107 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 108 | } >ram = 0xff 109 | .jcr : { KEEP (*(.jcr)) } >ram = 0 110 | .got : { 111 | __got_start = .; 112 | *(.got.plt) *(.got) 113 | } >ram = 0 114 | __got_end = .; 115 | 116 | .data ALIGN(4) : { 117 | __data_start = ABSOLUTE(.); 118 | *(.data) 119 | *(.data.*) 120 | *(.gnu.linkonce.d*) 121 | CONSTRUCTORS 122 | . = ALIGN(4); 123 | __data_end = ABSOLUTE(.) ; 124 | } >ram = 0xff 125 | 126 | .bss ALIGN(4) : 127 | { 128 | __bss_start = ABSOLUTE(.); 129 | __bss_start__ = ABSOLUTE(.); 130 | *(.dynbss) 131 | *(.gnu.linkonce.b*) 132 | *(.bss*) 133 | *(COMMON) 134 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 135 | __bss_end__ = ABSOLUTE(.); 136 | __end__ = ABSOLUTE(.); 137 | } >ram 138 | 139 | .stack 0x80000 : { _stack = .; *(.stack) } 140 | } 141 | -------------------------------------------------------------------------------- /common/payload_stage2.specs: -------------------------------------------------------------------------------- 1 | %rename link old_link 2 | 3 | *link: 4 | %(old_link) -T ../../common/payload_stage2.ld%s 5 | 6 | -------------------------------------------------------------------------------- /common/sector_generator.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from __future__ import print_function 4 | from Crypto.Cipher import AES 5 | from Crypto.Hash import SHA256 6 | from Crypto.Util import Counter 7 | from ctypes import * 8 | import struct 9 | import sys 10 | 11 | #http://www.falatic.com/index.php/108/python-and-bitwise-rotation 12 | rol = lambda val, r_bits, max_bits: \ 13 | (val << r_bits%max_bits) & (2**max_bits-1) | \ 14 | ((val & (2**max_bits-1)) >> (max_bits-(r_bits%max_bits))) 15 | 16 | ror = lambda val, r_bits, max_bits: \ 17 | ((val & (2**max_bits-1)) >> r_bits%max_bits) | \ 18 | (val << (max_bits-(r_bits%max_bits)) & (2**max_bits-1)) 19 | 20 | def to_bytes(num): 21 | numarr = bytearray() 22 | tmp = num 23 | while len(numarr) < 16: 24 | numarr.append(tmp & 0xFF) 25 | tmp >>= 8 26 | return bytes(numarr[::-1]) 27 | 28 | with open(sys.argv[1], "rb") as sectorFile: 29 | secretSector = sectorFile.read(0x200) 30 | 31 | with open(sys.argv[2], "rb") as otpFile: 32 | hash = SHA256.new() 33 | otpData = otpFile.read(0x90) 34 | hash.update(otpData) 35 | keyX = ''.join(hash.hexdigest()[0:32]) 36 | keyY = ''.join(hash.hexdigest()[32:64]) 37 | normalKey = rol((rol(int(keyX, 16), 2, 128) ^ int(keyY, 16)) + 0x1FF9E9AAC5FE0408024591DC5D52768A, 87, 128) 38 | print(normalKey) 39 | ecbmode = AES.new(to_bytes(normalKey), AES.MODE_ECB) 40 | 41 | with open(sys.argv[3], "wb") as outFile: 42 | for x in range(0, 0x20): 43 | outFile.seek(x*0x10) 44 | if x == 1 : 45 | outFile.write(ecbmode.encrypt(to_bytes(int('0824D3CB4AE94D624DAA526047C59394', 16)))) 46 | else : 47 | outFile.write(ecbmode.encrypt(secretSector[x*0x10:(x+1)*0x10])) 48 | -------------------------------------------------------------------------------- /data_input/.place_here: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jasondellaluce/arm9loaderhax/ae297e879b14edc17183bbbe9cf4abf4d916fc46/data_input/.place_here -------------------------------------------------------------------------------- /payload_installer/Makefile: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------------------- 2 | .SUFFIXES: 3 | #--------------------------------------------------------------------------------- 4 | 5 | ifeq ($(strip $(DEVKITARM)),) 6 | $(error "Please set DEVKITARM in your environment. export DEVKITARM=devkitARM") 7 | endif 8 | 9 | #--------------------------------------------------------------------------------- 10 | export TARGET := payload_installer 11 | EXPLOITDIR := brahma2 12 | LOADERDIR := installer 13 | 14 | # Targets 15 | .PHONY: clean all 16 | 17 | all: 18 | @echo build ... 19 | @cd $(LOADERDIR) && make OUTPUT=../../$(EXPLOITDIR)/data/starter 20 | @cd $(EXPLOITDIR) && make OUTPUT=../../$(TARGET) 21 | @cp $(EXPLOITDIR)/data/starter.bin $(TARGET).bin 22 | @rm -f *.elf $(TARGET).elf 23 | @echo done!! 24 | 25 | clean: 26 | @echo clean ... 27 | @cd $(LOADERDIR) && make clean OUTPUT=../../$(EXPLOITDIR)/data/starter 28 | @cd $(EXPLOITDIR) && make clean OUTPUT=../../$(TARGET) 29 | @rm -f *.elf *.3dsx *.smdh -------------------------------------------------------------------------------- /payload_installer/brahma2/include/brahma.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "exploitdata.h" 4 | 5 | u32 brahma_init (void); 6 | u32 brahma_exit (void); 7 | s32 load_arm9_payload_offset (char *filename, u32 offset, u32 max_psize); 8 | s32 load_arm9_payload_from_mem (u8* data, u32 dsize); 9 | void redirect_codeflow (u32 *dst_addr, u32 *src_addr); 10 | s32 map_arm9_payload (void); 11 | s32 map_arm11_payload (void); 12 | void exploit_arm9_race_condition (void); 13 | s32 get_exploit_data (struct exploit_data *data); 14 | s32 firm_reboot (); 15 | 16 | #define BRAHMA_NETWORK_PORT 80 17 | 18 | #define ARM_JUMPOUT 0xE51FF004 // LDR PC, [PC, -#04] 19 | #define ARM_RET 0xE12FFF1E // BX LR 20 | #define ARM_NOP 0xE1A00000 // NOP 21 | 22 | extern void *arm11_start; 23 | extern void *arm11_end; 24 | extern void *arm9_start; 25 | extern void *arm9_end; 26 | -------------------------------------------------------------------------------- /payload_installer/brahma2/include/exploitdata.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define SYS_MODEL_NONE 0 4 | #define SYS_MODEL_OLD_3DS 1 5 | #define SYS_MODEL_NEW_3DS 2 6 | 7 | #define PA_EXC_HANDLER_BASE 0x1FFF4000 8 | #define PA_FCRAM_BASE 0x20000000 9 | #define OFFS_FCRAM_MAPPED_FIRM 0x04000000 10 | #define OFFS_FCRAM_ARM9_PAYLOAD 0x03F00000 11 | #define OFFS_EXC_HANDLER_UNUSED 0xC80 12 | #if OFFS_FCRAM_ARM9_PAYLOAD >= OFFS_FCRAM_MAPPED_FIRM 13 | #error ERRROR: Invalid ARM9 payload offset 14 | #endif 15 | #define ARM9_PAYLOAD_MAX_SIZE (OFFS_FCRAM_MAPPED_FIRM - OFFS_FCRAM_ARM9_PAYLOAD) 16 | 17 | /* any changes to this structure must also be applied to 18 | the data structure following the 'arm11_globals_start' 19 | label of arm11.s */ 20 | struct arm11_shared_data { 21 | u32 va_pdn_regs; 22 | u32 va_pxi_regs; 23 | u32 va_hook1_ret; 24 | }; 25 | 26 | struct exploit_data { 27 | 28 | u32 firm_version; 29 | u32 sys_model; // mask 30 | 31 | u32 va_patch_hook1; 32 | u32 va_patch_hook2; 33 | u32 va_hook1_ret; 34 | 35 | u32 va_fcram_base; 36 | u32 va_exc_handler_base_W; 37 | u32 va_exc_handler_base_X; 38 | u32 va_kernelsetstate; 39 | 40 | u32 va_pdn_regs; 41 | u32 va_pxi_regs; 42 | }; 43 | 44 | // add all vulnerable systems below 45 | static const struct exploit_data supported_systems[] = { 46 | { 47 | 0x022E0000, // FIRM version 48 | SYS_MODEL_NEW_3DS, // model 49 | 0xDFFE7A50, // VA of 1st hook for firmlaunch 50 | 0xDFFF4994, // VA of 2nd hook for firmlaunch 51 | 0xFFF28A58, // VA of return address from 1st hook 52 | 0xE0000000, // VA of FCRAM 53 | 0xDFFF4000, // VA of lower mapped exception handler base 54 | 0xFFFF0000, // VA of upper mapped exception handler base 55 | 0xFFF158F8, // VA of the KernelSetState syscall (upper mirror) 56 | 0xFFFBE000, // VA PDN registers 57 | 0xFFFC0000 // VA PXI registers 58 | }, 59 | { 60 | 0x022C0600, // FIRM version 61 | SYS_MODEL_NEW_3DS, // model 62 | 0xDFFE7A50, // VA of 1st hook for firmlaunch 63 | 0xDFFF4994, // VA of 2nd hook for firmlaunch 64 | 0xFFF28A58, // VA of return address from 1st hook 65 | 0xE0000000, // VA of FCRAM 66 | 0xDFFF4000, // VA of lower mapped exception handler base 67 | 0xFFFF0000, // VA of upper mapped exception handler base 68 | 0xFFF158F8, // VA of the KernelSetState syscall (upper mirror) 69 | 0xFFFBE000, // VA PDN registers 70 | 0xFFFC0000 // VA PXI registers 71 | }, 72 | { 73 | 0x02220000, 74 | SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS, 75 | 0xEFFE4DD4, 76 | 0xEFFF497C, 77 | 0xFFF84DDC, 78 | 0xF0000000, 79 | 0xEFFF4000, 80 | 0xFFFF0000, 81 | 0xFFF748C4, 82 | 0xFFFD0000, 83 | 0xFFFD2000 84 | }, 85 | { 86 | 0x02230600, 87 | SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS, 88 | 0xEFFE55BC, 89 | 0xEFFF4978, 90 | 0xFFF765C4, 91 | 0xF0000000, 92 | 0xEFFF4000, 93 | 0xFFFF0000, 94 | 0xFFF64B94, 95 | 0xFFFD0000, 96 | 0xFFFD2000 97 | }, 98 | { 99 | 0x022E0000, 100 | SYS_MODEL_OLD_3DS, 101 | 0xDFFE59D0, 102 | 0xDFFF4974, 103 | 0xFFF279D8, 104 | 0xE0000000, 105 | 0xDFFF4000, 106 | 0xFFFF0000, 107 | 0xFFF151C0, 108 | 0xFFFC2000, 109 | 0xFFFC4000 110 | }, 111 | { 112 | 0x022C0600, 113 | SYS_MODEL_OLD_3DS, 114 | 0xDFFE4F28, 115 | 0xDFFF4974, 116 | 0xFFF66F30, 117 | 0xE0000000, 118 | 0xDFFF4000, 119 | 0xFFFF0000, 120 | 0xFFF54BAC, 121 | 0xFFFBE000, 122 | 0xFFFC0000 123 | }, 124 | { 125 | 0x02280000, 126 | SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS, 127 | 0xEFFE5B30, 128 | 0xEFFF4978, 129 | 0xFFF76B38, 130 | 0xF0000000, 131 | 0xEFFF4000, 132 | 0xFFFF0000, 133 | 0xFFF64AAC, 134 | 0xFFFD0000, 135 | 0xFFFD2000 136 | }, 137 | { 138 | 0x02270400, 139 | SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS, 140 | 0xEFFE5B34, 141 | 0xEFFF4978, 142 | 0xFFF76B3C, 143 | 0xF0000000, 144 | 0xEFFF4000, 145 | 0xFFFF0000, 146 | 0xFFF64AB0, 147 | 0xFFFD0000, 148 | 0xFFFD2000 149 | }, 150 | { 151 | 0x02250000, 152 | SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS, 153 | 0xEFFE5AE8, 154 | 0xEFFF4978, 155 | 0xFFF76AF0, 156 | 0xF0000000, 157 | 0xEFFF4000, 158 | 0xFFFF0000, 159 | 0xFFF64A78, 160 | 0xFFFD0000, 161 | 0xFFFD2000 162 | }, 163 | { 164 | 0x02260000, 165 | SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS, 166 | 0xEFFE5AE8, 167 | 0xEFFF4978, 168 | 0xFFF76AF0, 169 | 0xF0000000, 170 | 0xEFFF4000, 171 | 0xFFFF0000, 172 | 0xFFF64A78, 173 | 0xFFFD0000, 174 | 0xFFFD2000 175 | }, 176 | { 177 | 0x02240000, 178 | SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS, 179 | 0xEFFE55B8, 180 | 0xEFFF4978, 181 | 0xFFF765C0, 182 | 0xF0000000, 183 | 0xEFFF4000, 184 | 0xFFFF0000, 185 | 0xFFF64B90, 186 | 0xFFFD0000, 187 | 0xFFFD2000 188 | } 189 | }; 190 | -------------------------------------------------------------------------------- /payload_installer/brahma2/include/hid.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | u32 wait_key (void); 4 | void wait_any_key (void); 5 | -------------------------------------------------------------------------------- /payload_installer/brahma2/include/menus.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "textmenu.h" 4 | 5 | #define BRAHMADIR "/brahma/" 6 | 7 | s32 print_menu (s32 idx, struct menu_t *menu); 8 | s32 print_file_list (s32 idx, struct menu_t *menu); 9 | s32 print_main_menu (s32 idx, struct menu_t *menu); 10 | 11 | s32 get_filename (s32 idx, char *buf, u32 size); 12 | 13 | s32 menu_cb_load (s32 idx, void *param); 14 | s32 menu_cb_choose_file (s32 idx, void *param); 15 | s32 menu_cb_run (s32 idx, void *param); 16 | s32 menu_cb_recv (s32 idx, void *param); 17 | s32 menu_cb_patch_svc (s32 idx, void *param); 18 | 19 | static const struct menu_t g_main_menu = { 20 | 3, 21 | { 22 | {"Load ARM9 payload", &menu_cb_choose_file}, 23 | {"Receive ARM9 payload", &menu_cb_recv}, 24 | {"Run ARM9 payload", &menu_cb_run} 25 | } 26 | }; 27 | 28 | static const struct menu_t g_file_list = { 29 | 10, 30 | { 31 | {"Slot 0", &menu_cb_load}, 32 | {"Slot 1", &menu_cb_load}, 33 | {"Slot 2", &menu_cb_load}, 34 | {"Slot 3", &menu_cb_load}, 35 | {"Slot 4", &menu_cb_load}, 36 | {"Slot 5", &menu_cb_load}, 37 | {"Slot 6", &menu_cb_load}, 38 | {"Slot 7", &menu_cb_load}, 39 | {"Slot 8", &menu_cb_load}, 40 | {"Slot 9", &menu_cb_load} 41 | } 42 | }; 43 | -------------------------------------------------------------------------------- /payload_installer/brahma2/include/sochlp.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define SOC_ALIGN 0x1000 4 | #define SOC_BUFFERSIZE 0x100000 5 | 6 | u32 soc_init (void); 7 | u32 soc_exit (void); 8 | 9 | static u32 *SOC_buffer = 0; 10 | -------------------------------------------------------------------------------- /payload_installer/brahma2/include/textmenu.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | typedef int menu_func_t (s32, void *); 4 | 5 | typedef struct menu_elem_t { 6 | const char *name; 7 | menu_func_t *func; 8 | } _menu_elem_t; 9 | 10 | typedef struct menu_t { 11 | s32 element_count; 12 | struct menu_elem_t element[]; 13 | } _menu_t; 14 | 15 | s32 menu_get_element_count (struct menu_t *menu); 16 | s32 menu_is_valid_index (s32 idx, struct menu_t *menu); 17 | s32 menu_update_index (s32 idx, struct menu_t *menu); 18 | const char *menu_get_element_name (s32 idx, struct menu_t *menu); 19 | menu_func_t *menu_get_element_function (s32 idx, struct menu_t *menu); 20 | s32 menu_execute_function (s32 idx, struct menu_t *menu, void *param); 21 | -------------------------------------------------------------------------------- /payload_installer/brahma2/include/utils.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | void InvalidateEntireInstructionCache (void); 4 | void CleanEntireDataCache (void); 5 | void dsb(void); 6 | void DisableInterrupts (void); 7 | void EnableInterrupts (void); 8 | void InvalidateEntireDataCache (void); 9 | -------------------------------------------------------------------------------- /payload_installer/brahma2/source/arm11.s: -------------------------------------------------------------------------------- 1 | .arm 2 | .align 4 3 | .code 32 4 | .text 5 | 6 | .global arm11_start 7 | arm11_start: 8 | B hook1 9 | B hook2 10 | 11 | hook1: 12 | STMFD SP!, {R0-R12,LR} 13 | 14 | MOV R0, #64 15 | BL delay 16 | 17 | MOV R0, #0 18 | BL pxi_send 19 | 20 | BL pxi_sync 21 | 22 | MOV R0, #0x10000 23 | BL pxi_send 24 | 25 | BL pxi_recv 26 | BL pxi_recv 27 | BL pxi_recv 28 | 29 | MOV R0, #2 30 | BL pdn_send 31 | 32 | MOV R0, #0 33 | BL pdn_send 34 | 35 | LDMFD SP!, {R0-R12,LR} 36 | 37 | LDR R0, var_44836 38 | STR R0, [R1] 39 | LDR PC, va_hook1_ret 40 | 41 | var_44836: .long 0x44836 42 | 43 | @ copy hijack_arm9 routine and execute 44 | hook2: 45 | ADR R0, hijack_arm9 46 | ADR R1, hijack_arm9_end 47 | LDR R2, pa_hijack_arm9_dst 48 | MOV R4, R2 49 | BL copy_mem 50 | MOV r0, #0 51 | MCR p15, 0, r0, c7, c10, 0 @ Clean data cache 52 | MCR p15, 0, r0, c7, c10, 4 @ Drain write buffer 53 | MCR p15, 0, r0, c7, c5, 0 @ Flush instruction cache 54 | BX R4 55 | 56 | @ exploits a race condition in order 57 | @ to take control over the arm9 core 58 | hijack_arm9: 59 | @ init 60 | LDR R0, pa_arm11_code 61 | MOV R1, #0 62 | STR R1, [R0] 63 | 64 | @ load physical addresses 65 | LDR R10, pa_firm_header 66 | LDR R9, pa_arm9_payload 67 | LDR R8, pa_io_mem 68 | 69 | @ send pxi cmd 0x44846 70 | LDR R1, pa_pxi_regs 71 | LDR R2, some_pxi_cmd 72 | STR R2, [R1, #8] 73 | 74 | wait_arm9_loop: 75 | LDRB R0, [R8] 76 | ANDS R0, R0, #1 77 | BNE wait_arm9_loop 78 | 79 | @ overwrite orig entry point with FCRAM addr 80 | @ this exploits the race condition bug 81 | STR R9, [R10, #0x0C] 82 | 83 | LDR R0, pa_arm11_code 84 | wait_arm11_loop: 85 | LDR R1, [r0] 86 | CMP R1, #0 87 | BEQ wait_arm11_loop 88 | BX R1 89 | 90 | pa_hijack_arm9_dst: .long 0x1FFFFC00 91 | pa_arm11_code: .long 0x1FFFFFF8 92 | pa_pxi_regs: .long 0x10163000 93 | some_pxi_cmd: .long 0x44846 94 | pa_firm_header: .long 0x24000000 95 | pa_arm9_payload: .long 0x23F00000 96 | pa_io_mem: .long 0x10140000 97 | hijack_arm9_end: 98 | 99 | copy_mem: 100 | SUB R3, R1, R0 101 | MOV R1, R3,ASR#2 102 | CMP R1, #0 103 | BLE locret_FFFF0AC0 104 | MOVS R1, R3,LSL#29 105 | SUB R0, R0, #4 106 | SUB R1, R2, #4 107 | BPL loc_FFFF0AA0 108 | LDR R2, [R0,#4]! 109 | STR R2, [R1,#4]! 110 | loc_FFFF0AA0: 111 | MOVS R2, R3,ASR#3 112 | BEQ locret_FFFF0AC0 113 | loc_FFFF0AA8: 114 | LDR R3, [R0,#4] 115 | SUBS R2, R2, #1 116 | STR R3, [R1,#4] 117 | LDR R3, [R0,#8]! 118 | STR R3, [R1,#8]! 119 | BNE loc_FFFF0AA8 120 | locret_FFFF0AC0: 121 | BX LR 122 | 123 | pdn_send: 124 | LDR R1, va_pdn_regs 125 | STRB R0, [R1, #0x230] 126 | BX LR 127 | 128 | pxi_send: 129 | LDR R1, va_pxi_regs 130 | loc_1020D0: 131 | LDRH R2, [R1,#4] 132 | TST R2, #2 133 | BNE loc_1020D0 134 | STR R0, [R1,#8] 135 | 136 | MOV R0, #4 137 | delay: 138 | MOV R1, #0 139 | MCR p15, 0, r1, c7, c10, 0 140 | MCR p15, 0, r1, c7, c10, 4 141 | loop: 142 | SUBS R0, #1 143 | BGT loop 144 | BX LR 145 | 146 | pxi_recv: 147 | LDR R0, va_pxi_regs 148 | loc_1020FC: 149 | LDRH R1, [R0,#4] 150 | TST R1, #0x100 151 | BNE loc_1020FC 152 | LDR R0, [R0,#0xC] 153 | BX LR 154 | 155 | pxi_sync: 156 | LDR R0, va_pxi_regs 157 | LDRB R1, [R0,#3] 158 | ORR R1, R1, #0x40 159 | STRB R1, [R0,#3] 160 | BX LR 161 | 162 | .global arm11_end 163 | arm11_end: 164 | 165 | .global arm11_globals_start 166 | arm11_globals_start: 167 | 168 | va_pdn_regs: .long 0 169 | va_pxi_regs: .long 0 170 | va_hook1_ret: .long 0 171 | 172 | .global arm11_globals_end 173 | arm11_globals_end: 174 | -------------------------------------------------------------------------------- /payload_installer/brahma2/source/arm9.s: -------------------------------------------------------------------------------- 1 | .arm 2 | .align 4 3 | .code 32 4 | .text 5 | 6 | @ default ARM9 payload, simply launches FIRM (reboots without clearing mem) 7 | .global arm9_start 8 | arm9_start: 9 | B skipvars 10 | 11 | @ offs 4, will contain backup copy of FIRM ARM9 12 | @ entry point so execution can be returned to FIRM 13 | pa_arm9_entrypoint_backup: .long 0xFFFF0000 14 | 15 | skipvars: 16 | STMFD SP!, {R0-R12,LR} 17 | 18 | @ insert your funky stuff here 19 | LDMFD SP!, {R0-R12,LR} 20 | 21 | LDR PC, pa_arm9_entrypoint_backup 22 | 23 | .global arm9_end 24 | arm9_end: 25 | -------------------------------------------------------------------------------- /payload_installer/brahma2/source/hid.c: -------------------------------------------------------------------------------- 1 | #include <3ds.h> 2 | 3 | /* loop until key is pressed */ 4 | u32 wait_key (void) { 5 | hidScanInput(); 6 | u32 old_kDown, kDown; 7 | old_kDown = hidKeysDown(); 8 | 9 | while (aptMainLoop()) { 10 | gspWaitForVBlank(); 11 | 12 | hidScanInput(); 13 | kDown = hidKeysDown(); 14 | if (kDown != old_kDown) 15 | break; 16 | 17 | gfxFlushBuffers(); 18 | gfxSwapBuffers(); 19 | } 20 | return kDown; 21 | } 22 | 23 | /* convenience function */ 24 | void wait_any_key (void) { 25 | printf("\n\nPress key to continue\n"); 26 | wait_key(); 27 | } 28 | -------------------------------------------------------------------------------- /payload_installer/brahma2/source/libkhax/khax.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include <3ds.h> 4 | 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #endif 8 | 9 | // Initialize and do the initial pwning of the ARM11 kernel. 10 | Result khaxInit(); 11 | // Shut down libkhax 12 | Result khaxExit(); 13 | 14 | #ifdef __cplusplus 15 | } 16 | #endif 17 | -------------------------------------------------------------------------------- /payload_installer/brahma2/source/main.c: -------------------------------------------------------------------------------- 1 | #include <3ds.h> 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include "brahma.h" 7 | #include "hid.h" 8 | #include "menus.h" 9 | #include "sochlp.h" 10 | 11 | extern u8 starter_bin[]; 12 | extern u32 starter_bin_size; 13 | 14 | s32 main (void) { 15 | gfxInitDefault(); 16 | consoleInit(GFX_BOTTOM, NULL); 17 | if (brahma_init()) { 18 | printf(" "); 19 | load_arm9_payload_from_mem (starter_bin, starter_bin_size); 20 | printf("%08X\n", firm_reboot ()); 21 | brahma_exit(); 22 | } 23 | gfxExit(); 24 | return 0; 25 | } -------------------------------------------------------------------------------- /payload_installer/brahma2/source/menus.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include <3ds.h> 3 | #include "menus.h" 4 | 5 | s32 print_menu (s32 idx, struct menu_t *menu) { 6 | s32 i; 7 | s32 newidx; 8 | s32 count = menu_get_element_count(menu); 9 | 10 | newidx = menu_update_index(idx, menu); 11 | for (i=0; id_name; 41 | } 42 | else { 43 | filename = "---"; 44 | } 45 | if (newidx == i) 46 | printf("[ %s ] %s\n", menu_get_element_name(i, menu), filename); 47 | else 48 | printf(" %s %s\n", menu_get_element_name(i, menu), filename); 49 | } 50 | closedir(dp); 51 | } 52 | else { 53 | printf("[!] Could not open '%s'\n", BRAHMADIR); 54 | } 55 | 56 | printf("===========================\n\n"); 57 | printf("A: Confirm\n"); 58 | printf("B: Back\n"); 59 | 60 | return newidx; 61 | } 62 | 63 | s32 print_main_menu (s32 idx, struct menu_t *menu) { 64 | s32 newidx = 0; 65 | consoleClear(); 66 | 67 | printf("\n* BRAHMA II *\n\n\n"); 68 | printf("===========================\n"); 69 | newidx = print_menu(idx, menu); 70 | printf("===========================\n\n"); 71 | printf("A: Confirm\n"); 72 | printf("B: Exit\n"); 73 | 74 | return newidx; 75 | } 76 | 77 | s32 get_filename (s32 idx, char *buf, u32 size) { 78 | DIR *dp; 79 | struct dirent *entry; 80 | s32 result = 0; 81 | s32 numfiles = 0; 82 | 83 | if((dp = opendir(BRAHMADIR)) && buf && size) { 84 | while((entry = readdir(dp)) != NULL) { 85 | if (numfiles == idx) { 86 | snprintf(buf, size-1, "%s%s", BRAHMADIR, entry->d_name); 87 | result = 1; 88 | break; 89 | } 90 | numfiles++; 91 | } 92 | closedir(dp); 93 | } 94 | return result; 95 | } 96 | 97 | s32 menu_cb_recv (s32 idx, void *param) { 98 | return recv_arm9_payload(); 99 | } 100 | 101 | s32 menu_cb_load(s32 idx, void *param) { 102 | char filename[256]; 103 | s32 result = 0; 104 | 105 | if (param) { 106 | if (get_filename(*(u32 *)param, &filename, sizeof(filename))) { 107 | printf("[+] Loading %s\n", filename); 108 | result = load_arm9_payload_offset(filename, 0, 0); 109 | } 110 | } 111 | return result; 112 | } 113 | 114 | s32 menu_cb_choose_file (s32 idx, void *param) { 115 | s32 curidx = idx; 116 | s32 loaded = 0; 117 | 118 | while (aptMainLoop()) { 119 | gspWaitForVBlank(); 120 | 121 | curidx = print_file_list(curidx, &g_file_list); 122 | u32 kDown = wait_key(); 123 | 124 | if (kDown & KEY_B) { 125 | break; 126 | } 127 | else if (kDown & KEY_A) { 128 | consoleClear(); 129 | loaded = menu_execute_function(curidx, &g_file_list, &curidx); 130 | printf("%s\n", loaded? "[+] Success":"[!] Failure"); 131 | wait_any_key(); 132 | if (loaded) 133 | break; 134 | } 135 | else if (kDown & KEY_UP) { 136 | curidx--; 137 | } 138 | else if (kDown & KEY_DOWN) { 139 | curidx++; 140 | } 141 | gfxFlushBuffers(); 142 | gfxSwapBuffers(); 143 | } 144 | return 0; 145 | } 146 | 147 | s32 menu_cb_run (s32 idx, void *param) { 148 | s32 fail_stage; 149 | 150 | /* we're kinda screwed if the exploit fails 151 | and soc has been deinitialized. not sure 152 | whether cleaning up here improves existing 153 | problems with using sockets either */ 154 | soc_exit(); 155 | printf("[+] Running ARM9 payload\n"); 156 | fail_stage = firm_reboot(); 157 | 158 | char *msg; 159 | switch (fail_stage) { 160 | case 1: 161 | msg = "[!] ARM11 exploit failed"; 162 | break; 163 | case 2: 164 | msg = "[!] ARM9 exploit failed"; 165 | break; 166 | default: 167 | msg = "[!] Unexpected error"; 168 | } 169 | printf("%s\n", msg); 170 | return 1; 171 | } 172 | -------------------------------------------------------------------------------- /payload_installer/brahma2/source/sochlp.c: -------------------------------------------------------------------------------- 1 | #include <3ds.h> 2 | #include "sochlp.h" 3 | 4 | u32 soc_init (void) { 5 | Result ret; 6 | u32 result = 0; 7 | 8 | SOC_buffer = (u32*)memalign(SOC_ALIGN, SOC_BUFFERSIZE); 9 | if (SOC_buffer != 0) { 10 | ret = socInit(SOC_buffer, SOC_BUFFERSIZE); 11 | if (ret == 0) { 12 | result = 1; 13 | } else { 14 | free(SOC_buffer); 15 | } 16 | } 17 | return result; 18 | } 19 | 20 | u32 soc_exit (void) { 21 | if (SOC_buffer) { 22 | socExit(); 23 | free(SOC_buffer); 24 | SOC_buffer = 0; 25 | } 26 | return 0; 27 | } 28 | -------------------------------------------------------------------------------- /payload_installer/brahma2/source/textmenu.c: -------------------------------------------------------------------------------- 1 | #include <3ds.h> 2 | #include "textmenu.h" 3 | 4 | s32 menu_get_element_count (struct menu_t *menu) { 5 | s32 i = 0; 6 | 7 | if (menu) { 8 | i = menu->element_count; 9 | } 10 | return i; 11 | } 12 | 13 | s32 menu_is_valid_index (s32 idx, struct menu_t *menu) { 14 | return (menu != 0 && (idx >= 0 && idx < menu_get_element_count(menu))); 15 | } 16 | 17 | s32 menu_update_index (s32 idx, struct menu_t *menu) { 18 | s32 newidx = 0; 19 | s32 count = menu_get_element_count(menu); 20 | 21 | newidx = idx < 0 ? count - 1 : idx >= count ? 0 : idx; 22 | 23 | return newidx; 24 | } 25 | 26 | const char *menu_get_element_name (s32 idx, struct menu_t *menu) { 27 | return menu_is_valid_index(idx, menu) ? menu->element[idx].name : 0; 28 | } 29 | 30 | menu_func_t *menu_get_element_function (s32 idx, struct menu_t *menu) { 31 | return menu_is_valid_index(idx, menu) ? menu->element[idx].func : 0; 32 | } 33 | 34 | s32 menu_execute_function (s32 idx, struct menu_t *menu, void *param) { 35 | s32 result = 0; 36 | menu_func_t *f; 37 | 38 | if (menu_is_valid_index(idx, menu)) { 39 | f = menu_get_element_function(idx, menu); 40 | if (f) 41 | result = f(idx, param); 42 | } 43 | 44 | return result; 45 | } 46 | -------------------------------------------------------------------------------- /payload_installer/brahma2/source/utils.s: -------------------------------------------------------------------------------- 1 | .arm 2 | .align 4 3 | .code 32 4 | .text 5 | 6 | .global InvalidateEntireInstructionCache 7 | .type InvalidateEntireInstructionCache, %function 8 | InvalidateEntireInstructionCache: 9 | mov r0, #0 10 | mcr p15, 0, r0, c7, c5, 0 11 | bx lr 12 | 13 | .global CleanEntireDataCache 14 | .type CleanEntireDataCache, %function 15 | CleanEntireDataCache: 16 | mov r0, #0 17 | mcr p15, 0, r0, c7, c10, 0 18 | bx lr 19 | 20 | .global dsb 21 | .type dsb, %function 22 | dsb: 23 | mov r0, #0 24 | mcr p15, 0, r0, c7, c10, 4 25 | bx lr 26 | 27 | .global DisableInterrupts 28 | .type DisableInterrupts, %function 29 | DisableInterrupts: 30 | mrs r0, cpsr 31 | CPSID I 32 | bx lr 33 | 34 | .global EnableInterrupts 35 | .type EnableInterrupts, %function 36 | EnableInterrupts: 37 | msr cpsr_cx, r0 38 | bx lr 39 | -------------------------------------------------------------------------------- /payload_installer/installer/bootstrap.ld: -------------------------------------------------------------------------------- 1 | OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm") 2 | OUTPUT_ARCH(arm) 3 | ENTRY(_start) 4 | 5 | MEMORY 6 | { 7 | ram : ORIGIN = 0x23F00000, LENGTH = 128K 8 | } 9 | 10 | SECTIONS 11 | { 12 | .init : 13 | { 14 | __text_start = . ; 15 | KEEP (*(.init)) 16 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 17 | } >ram = 0xff 18 | .plt : { *(.plt) } >ram = 0xff 19 | 20 | .text.start : /* ALIGN (4): */ 21 | { 22 | *(.text.start) 23 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 24 | } >ram = 0xff 25 | 26 | .text : /* ALIGN (4): */ 27 | { 28 | *(.text .stub .text.* .gnu.linkonce.t.*) 29 | KEEP (*(.text.*personality*)) 30 | /* .gnu.warning sections are handled specially by elf32.em. */ 31 | *(.gnu.warning) 32 | *(.glue_7t) *(.glue_7) *(.vfp11_veneer) 33 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 34 | } >ram = 0xff 35 | 36 | .fini : 37 | { 38 | KEEP (*(.fini)) 39 | } >ram =0xff 40 | 41 | __text_end = . ; 42 | 43 | .rodata : 44 | { 45 | *(.rodata) 46 | *all.rodata*(*) 47 | *(.roda) 48 | *(.rodata.*) 49 | *(.gnu.linkonce.r*) 50 | SORT(CONSTRUCTORS) 51 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 52 | } >ram = 0xff 53 | 54 | .ARM.extab : { *(.ARM.extab* .gnu.linkonce.armextab.*) } >ram 55 | __exidx_start = .; 56 | .ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) } >ram 57 | __exidx_end = .; 58 | 59 | /* Ensure the __preinit_array_start label is properly aligned. We 60 | could instead move the label definition inside the section, but 61 | the linker would then create the section even if it turns out to 62 | be empty, which isn't pretty. */ 63 | . = ALIGN(32 / 8); 64 | PROVIDE (__preinit_array_start = .); 65 | .preinit_array : { KEEP (*(.preinit_array)) } >ram = 0xff 66 | PROVIDE (__preinit_array_end = .); 67 | PROVIDE (__init_array_start = .); 68 | .init_array : { KEEP (*(.init_array)) } >ram = 0xff 69 | PROVIDE (__init_array_end = .); 70 | PROVIDE (__fini_array_start = .); 71 | .fini_array : { KEEP (*(.fini_array)) } >ram = 0xff 72 | PROVIDE (__fini_array_end = .); 73 | 74 | .ctors : 75 | { 76 | /* gcc uses crtbegin.o to find the start of the constructors, so 77 | we make sure it is first. Because this is a wildcard, it 78 | doesn't matter if the user does not actually link against 79 | crtbegin.o; the linker won't look for a file to match a 80 | wildcard. The wildcard also means that it doesn't matter which 81 | directory crtbegin.o is in. */ 82 | KEEP (*crtbegin.o(.ctors)) 83 | KEEP (*(EXCLUDE_FILE (*crtend.o) .ctors)) 84 | KEEP (*(SORT(.ctors.*))) 85 | KEEP (*(.ctors)) 86 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 87 | } >ram = 0xff 88 | 89 | .dtors : 90 | { 91 | KEEP (*crtbegin.o(.dtors)) 92 | KEEP (*(EXCLUDE_FILE (*crtend.o) .dtors)) 93 | KEEP (*(SORT(.dtors.*))) 94 | KEEP (*(.dtors)) 95 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 96 | } >ram = 0xff 97 | 98 | .eh_frame : 99 | { 100 | KEEP (*(.eh_frame)) 101 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 102 | } >ram = 0xff 103 | 104 | .gcc_except_table : 105 | { 106 | *(.gcc_except_table) 107 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 108 | } >ram = 0xff 109 | .jcr : { KEEP (*(.jcr)) } >ram = 0 110 | .got : { *(.got.plt) *(.got) } >ram = 0 111 | 112 | .data ALIGN(4) : { 113 | __data_start = ABSOLUTE(.); 114 | *(.data) 115 | *(.data.*) 116 | *(.gnu.linkonce.d*) 117 | CONSTRUCTORS 118 | . = ALIGN(4); 119 | __data_end = ABSOLUTE(.) ; 120 | } >ram = 0xff 121 | 122 | .bss ALIGN(4) : 123 | { 124 | __bss_start = ABSOLUTE(.); 125 | __bss_start__ = ABSOLUTE(.); 126 | *(.dynbss) 127 | *(.gnu.linkonce.b*) 128 | *(.bss*) 129 | *(COMMON) 130 | . = ALIGN(4); /* REQUIRED. LD is flaky without it. */ 131 | __bss_end__ = ABSOLUTE(.); 132 | __end__ = ABSOLUTE(.); 133 | } >ram 134 | 135 | .stack 0x80000 : { _stack = .; *(.stack) } 136 | } 137 | -------------------------------------------------------------------------------- /payload_installer/installer/bootstrap.specs: -------------------------------------------------------------------------------- 1 | %rename link old_link 2 | 3 | *link: 4 | %(old_link) -T ../bootstrap.ld%s 5 | 6 | -------------------------------------------------------------------------------- /payload_installer/installer/source/_start.s: -------------------------------------------------------------------------------- 1 | .section .text.start 2 | .align 4 3 | .global _start 4 | _start: 5 | @ Change the stack pointer 6 | mov sp, #0x27000000 7 | 8 | @ Give read/write access to all the memory regions 9 | ldr r5, =0x33333333 10 | mcr p15, 0, r5, c5, c0, 2 @ write data access 11 | mcr p15, 0, r5, c5, c0, 3 @ write instruction access 12 | 13 | @ Sets MPU permissions and cache settings 14 | ldr r0, =0xFFFF001D @ ffff0000 32k 15 | ldr r1, =0x01FF801D @ 01ff8000 32k 16 | ldr r2, =0x08000027 @ 08000000 1M 17 | ldr r3, =0x10000021 @ 10000000 128k 18 | ldr r4, =0x10100025 @ 10100000 512k 19 | ldr r5, =0x20000035 @ 20000000 128M 20 | ldr r6, =0x1FF00027 @ 1FF00000 1M 21 | ldr r7, =0x1800002D @ 18000000 8M 22 | mov r10, #0x25 23 | mov r11, #0x25 24 | mov r12, #0x25 25 | mcr p15, 0, r0, c6, c0, 0 26 | mcr p15, 0, r1, c6, c1, 0 27 | mcr p15, 0, r2, c6, c2, 0 28 | mcr p15, 0, r3, c6, c3, 0 29 | mcr p15, 0, r4, c6, c4, 0 30 | mcr p15, 0, r5, c6, c5, 0 31 | mcr p15, 0, r6, c6, c6, 0 32 | mcr p15, 0, r7, c6, c7, 0 33 | mcr p15, 0, r10, c3, c0, 0 @ Write bufferable 0, 2, 5 34 | mcr p15, 0, r11, c2, c0, 0 @ Data cacheable 0, 2, 5 35 | mcr p15, 0, r12, c2, c0, 1 @ Inst cacheable 0, 2, 5 36 | 37 | @ Enable caches 38 | mrc p15, 0, r4, c1, c0, 0 @ read control register 39 | orr r4, r4, #(1<<18) @ - itcm enable 40 | orr r4, r4, #(1<<12) @ - instruction cache enable 41 | orr r4, r4, #(1<<2) @ - data cache enable 42 | orr r4, r4, #(1<<0) @ - mpu enable 43 | mcr p15, 0, r4, c1, c0, 0 @ write control register 44 | 45 | @ Flush caches 46 | mov r5, #0 47 | mcr p15, 0, r5, c7, c5, 0 @ flush I-cache 48 | mcr p15, 0, r5, c7, c6, 0 @ flush D-cache 49 | mcr p15, 0, r5, c7, c10, 4 @ drain write buffer 50 | 51 | @ Fixes mounting of SDMC 52 | ldr r0, =0x10000020 53 | mov r1, #0x340 54 | str r1, [r0] 55 | 56 | bl main 57 | 58 | .die: 59 | b .die -------------------------------------------------------------------------------- /payload_installer/installer/source/common.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | #define u8 uint8_t 11 | #define u16 uint16_t 12 | #define u32 uint32_t 13 | #define u64 uint64_t 14 | 15 | #define vu8 volatile u8 16 | #define vu16 volatile u16 17 | #define vu32 volatile u32 18 | #define vu64 volatile u64 19 | 20 | #define max(a,b) \ 21 | ({ __typeof__ (a) _a = (a); \ 22 | __typeof__ (b) _b = (b); \ 23 | _a > _b ? _a : _b; }) 24 | #define min(a,b) \ 25 | ({ __typeof__ (a) _a = (a); \ 26 | __typeof__ (b) _b = (b); \ 27 | _a < _b ? _a : _b; }) 28 | 29 | // Internals 30 | #include "screen.h" 31 | #include "system/delay.h" 32 | #include "system/hid.h" 33 | #include "system/i2c.h" 34 | #include "system/sdmmc.h" 35 | #include "system/draw.h" 36 | #include "system/crypto.h" 37 | #include "system/nand.h" 38 | #include "fatfs/ff.h" 39 | #include "fatfs/fs.h" 40 | 41 | #define isNew3DS (*((volatile u32*)0x10140FFC) == 7) 42 | #define isColdBoot (*((volatile u32*)0x10010000) == 0) 43 | -------------------------------------------------------------------------------- /payload_installer/installer/source/fatfs/diskio.c: -------------------------------------------------------------------------------- 1 | /*-----------------------------------------------------------------------*/ 2 | /* Low level disk I/O module skeleton for FatFs (C)ChaN, 2013 */ 3 | /*-----------------------------------------------------------------------*/ 4 | /* If a working storage control module is available, it should be */ 5 | /* attached to the FatFs via a glue function rather than modifying it. */ 6 | /* This is an example of glue functions to attach various exsisting */ 7 | /* storage control module to the FatFs module with a defined API. */ 8 | /*-----------------------------------------------------------------------*/ 9 | 10 | #include "diskio.h" /* FatFs lower layer API */ 11 | #include "../common.h" 12 | 13 | /* Definitions of physical drive number for each media */ 14 | #define ATA 0 15 | #define MMC 1 16 | #define USB 2 17 | 18 | 19 | /*-----------------------------------------------------------------------*/ 20 | /* Inidialize a Drive */ 21 | /*-----------------------------------------------------------------------*/ 22 | 23 | DSTATUS disk_initialize ( 24 | BYTE pdrv /* Physical drive nmuber (0..) */ 25 | ) 26 | { 27 | sdmmc_sdcard_init(); 28 | return RES_OK; 29 | } 30 | 31 | 32 | 33 | /*-----------------------------------------------------------------------*/ 34 | /* Get Disk Status */ 35 | /*-----------------------------------------------------------------------*/ 36 | 37 | DSTATUS disk_status ( 38 | BYTE pdrv /* Physical drive nmuber (0..) */ 39 | ) 40 | { 41 | return RES_OK; // Stubbed 42 | } 43 | 44 | 45 | 46 | /*-----------------------------------------------------------------------*/ 47 | /* Read Sector(s) */ 48 | /*-----------------------------------------------------------------------*/ 49 | 50 | DRESULT disk_read ( 51 | BYTE pdrv, /* Physical drive nmuber (0..) */ 52 | BYTE *buff, /* Data buffer to store read data */ 53 | DWORD sector, /* Sector address (LBA) */ 54 | UINT count /* Number of sectors to read (1..128) */ 55 | ) 56 | { 57 | switch(pdrv){ 58 | case 0: 59 | if (sdmmc_sdcard_readsectors(sector,count,(BYTE *)buff)) 60 | return RES_PARERR; 61 | break; 62 | case 1: 63 | if (nandReadSectors(sector,count,(BYTE *)buff,CTRNAND)) 64 | return RES_PARERR; 65 | break; 66 | } 67 | return RES_OK; 68 | } 69 | 70 | 71 | 72 | /*-----------------------------------------------------------------------*/ 73 | /* Write Sector(s) */ 74 | /*-----------------------------------------------------------------------*/ 75 | 76 | #if _USE_WRITE 77 | DRESULT disk_write ( 78 | BYTE pdrv, /* Physical drive nmuber (0..) */ 79 | const BYTE *buff, /* Data to be written */ 80 | DWORD sector, /* Sector address (LBA) */ 81 | UINT count /* Number of sectors to write (1..128) */ 82 | ) 83 | { 84 | switch(pdrv){ 85 | case 0: 86 | if (sdmmc_sdcard_writesectors(sector,count,(BYTE *)buff)) 87 | return RES_PARERR; 88 | break; 89 | case 1: 90 | if (nandWriteSectors(sector,count,(BYTE *)buff,CTRNAND)) 91 | return RES_PARERR; 92 | break; 93 | } 94 | return RES_OK; 95 | } 96 | #endif 97 | 98 | 99 | /*-----------------------------------------------------------------------*/ 100 | /* Miscellaneous Functions */ 101 | /*-----------------------------------------------------------------------*/ 102 | 103 | #if _USE_IOCTL 104 | DRESULT disk_ioctl ( 105 | BYTE pdrv, /* Physical drive nmuber (0..) */ 106 | BYTE cmd, /* Control code */ 107 | void *buff /* Buffer to send/receive control data */ 108 | ) 109 | { 110 | return RES_OK; 111 | //return RES_PARERR; // Stubbed 112 | } 113 | #endif 114 | -------------------------------------------------------------------------------- /payload_installer/installer/source/fatfs/diskio.h: -------------------------------------------------------------------------------- 1 | /*-----------------------------------------------------------------------/ 2 | / Low level disk interface modlue include file (C)ChaN, 2013 / 3 | /-----------------------------------------------------------------------*/ 4 | 5 | #ifndef _DISKIO_DEFINED 6 | #define _DISKIO_DEFINED 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | #define _USE_WRITE 1 /* 1: Enable disk_write function */ 13 | #define _USE_IOCTL 1 /* 1: Enable disk_ioctl fucntion */ 14 | 15 | #include "integer.h" 16 | 17 | 18 | /* Status of Disk Functions */ 19 | typedef BYTE DSTATUS; 20 | 21 | /* Results of Disk Functions */ 22 | typedef enum { 23 | RES_OK = 0, /* 0: Successful */ 24 | RES_ERROR, /* 1: R/W Error */ 25 | RES_WRPRT, /* 2: Write Protected */ 26 | RES_NOTRDY, /* 3: Not Ready */ 27 | RES_PARERR /* 4: Invalid Parameter */ 28 | } DRESULT; 29 | 30 | 31 | /*---------------------------------------*/ 32 | /* Prototypes for disk control functions */ 33 | 34 | 35 | DSTATUS disk_initialize (BYTE pdrv); 36 | DSTATUS disk_status (BYTE pdrv); 37 | DRESULT disk_read (BYTE pdrv, BYTE* buff, DWORD sector, UINT count); 38 | DRESULT disk_write (BYTE pdrv, const BYTE* buff, DWORD sector, UINT count); 39 | DRESULT disk_ioctl (BYTE pdrv, BYTE cmd, void* buff); 40 | 41 | 42 | /* Disk Status Bits (DSTATUS) */ 43 | 44 | #define STA_NOINIT 0x01 /* Drive not initialized */ 45 | #define STA_NODISK 0x02 /* No medium in the drive */ 46 | #define STA_PROTECT 0x04 /* Write protected */ 47 | 48 | 49 | /* Command code for disk_ioctrl fucntion */ 50 | 51 | /* Generic command (used by FatFs) */ 52 | #define CTRL_SYNC 0 /* Flush disk cache (for write functions) */ 53 | #define GET_SECTOR_COUNT 1 /* Get media size (for only f_mkfs()) */ 54 | #define GET_SECTOR_SIZE 2 /* Get sector size (for multiple sector size (_MAX_SS >= 1024)) */ 55 | #define GET_BLOCK_SIZE 3 /* Get erase block size (for only f_mkfs()) */ 56 | #define CTRL_ERASE_SECTOR 4 /* Force erased a block of sectors (for only _USE_ERASE) */ 57 | 58 | /* Generic command (not used by FatFs) */ 59 | #define CTRL_POWER 5 /* Get/Set power status */ 60 | #define CTRL_LOCK 6 /* Lock/Unlock media removal */ 61 | #define CTRL_EJECT 7 /* Eject media */ 62 | #define CTRL_FORMAT 8 /* Create physical format on the media */ 63 | 64 | /* MMC/SDC specific ioctl command */ 65 | #define MMC_GET_TYPE 10 /* Get card type */ 66 | #define MMC_GET_CSD 11 /* Get CSD */ 67 | #define MMC_GET_CID 12 /* Get CID */ 68 | #define MMC_GET_OCR 13 /* Get OCR */ 69 | #define MMC_GET_SDSTAT 14 /* Get SD status */ 70 | 71 | /* ATA/CF specific ioctl command */ 72 | #define ATA_GET_REV 20 /* Get F/W revision */ 73 | #define ATA_GET_MODEL 21 /* Get model name */ 74 | #define ATA_GET_SN 22 /* Get serial number */ 75 | 76 | #ifdef __cplusplus 77 | } 78 | #endif 79 | 80 | #endif 81 | -------------------------------------------------------------------------------- /payload_installer/installer/source/fatfs/fs.c: -------------------------------------------------------------------------------- 1 | #include "fs.h" 2 | #include "../common.h" 3 | 4 | #define MAX_FILES 100 5 | 6 | fsFile fileBuf[MAX_FILES]; 7 | static FATFS sdmcfs, nandfs; 8 | 9 | void keysInit() 10 | { 11 | if(isNew3DS) 12 | { 13 | // CTRNAND Keyslot 0x05 initialization 14 | u8 nKeyY[16] = {0x4D, 0x80, 0x4F, 0x4E, 0x99, 0x90, 0x19, 0x46, 0x13, 0xA2, 0x04, 0xAC, 0x58, 0x44, 0x60, 0xBE}; 15 | aes_setkey(5, (u8*)nKeyY, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL); 16 | } 17 | } 18 | 19 | void fsInit() 20 | { 21 | keysInit(); 22 | sdmmc_sdcard_init(); 23 | f_mount(&sdmcfs, "sdmc:", 0); 24 | f_mount(&nandfs, "nand:", 0); 25 | for(int i = 0; i < MAX_FILES; i++) 26 | { 27 | fileBuf[i].active = 0; 28 | } 29 | } 30 | 31 | void fsExit() 32 | { 33 | f_mount(0, "sdmc:", 0); 34 | f_mount(0, "nand:", 0); 35 | for(int i = 0; i < MAX_FILES; i++) 36 | { 37 | fileBuf[i].active = 0; 38 | } 39 | } 40 | 41 | fsFile* fsOpen(char* path, int flag) 42 | { 43 | fsFile* ret = 0; 44 | for(int i = 0; i < MAX_FILES; i++) 45 | { 46 | if(fileBuf[i].active == 0) 47 | { 48 | fileBuf[i].active = 1; 49 | ret = &fileBuf[i]; 50 | break; 51 | } 52 | } 53 | if(ret) 54 | { 55 | if(f_open(&ret->file, path, flag) != FR_OK) 56 | { 57 | ret = 0; 58 | } 59 | } 60 | return ret; 61 | } 62 | 63 | void fsClose(fsFile* file) 64 | { 65 | if(file) 66 | { 67 | file->active = 0; 68 | f_close(&file->file); 69 | } 70 | } 71 | 72 | void fsSeek(fsFile* file, unsigned int off) 73 | { 74 | f_lseek(&file->file, off); 75 | } 76 | 77 | unsigned int fsRead(void* ptr, unsigned int size, unsigned int nmemb, fsFile* file) 78 | { 79 | unsigned int bytes = 0; 80 | f_read(&file->file, ptr, size*nmemb, &bytes); 81 | return bytes; 82 | } 83 | 84 | unsigned int fsWrite(void* ptr, unsigned int size, unsigned int nmemb, fsFile* file) 85 | { 86 | unsigned int bytes = 0; 87 | f_write(&file->file, ptr, size*nmemb, &bytes); 88 | return bytes; 89 | } 90 | 91 | unsigned int fsGetSize(fsFile* file) 92 | { 93 | return file->file.fsize; 94 | } 95 | -------------------------------------------------------------------------------- /payload_installer/installer/source/fatfs/fs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ff.h" 4 | 5 | typedef struct{ 6 | FIL file; 7 | unsigned char active; 8 | } fsFile; 9 | 10 | void fsInit(); 11 | void fsExit(); 12 | fsFile* fsOpen(char* path, int flag); 13 | void fsClose(fsFile* file); 14 | unsigned int fsRead(void* ptr, unsigned int size, unsigned int nmemb, fsFile* file); 15 | unsigned int fsWrite(void* ptr, unsigned int size, unsigned int nmemb, fsFile* file); 16 | void fsSeek(fsFile* file, unsigned int off); 17 | unsigned int fsGetSize(fsFile* file); -------------------------------------------------------------------------------- /payload_installer/installer/source/fatfs/integer.h: -------------------------------------------------------------------------------- 1 | /*-------------------------------------------*/ 2 | /* Integer type definitions for FatFs module */ 3 | /*-------------------------------------------*/ 4 | 5 | #ifndef _FF_INTEGER 6 | #define _FF_INTEGER 7 | 8 | #ifdef _WIN32 /* FatFs development platform */ 9 | 10 | #include 11 | #include 12 | 13 | #else /* Embedded platform */ 14 | 15 | /* This type MUST be 8 bit */ 16 | typedef unsigned char BYTE; 17 | 18 | /* These types MUST be 16 bit */ 19 | typedef short SHORT; 20 | typedef unsigned short WORD; 21 | typedef unsigned short WCHAR; 22 | 23 | /* These types MUST be 16 bit or 32 bit */ 24 | typedef int INT; 25 | typedef unsigned int UINT; 26 | 27 | /* These types MUST be 32 bit */ 28 | typedef long LONG; 29 | typedef unsigned long DWORD; 30 | 31 | #endif 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /payload_installer/installer/source/fatfs/option/syscall.c: -------------------------------------------------------------------------------- 1 | /*------------------------------------------------------------------------*/ 2 | /* Sample code of OS dependent controls for FatFs */ 3 | /* (C)ChaN, 2014 */ 4 | /*------------------------------------------------------------------------*/ 5 | 6 | 7 | #include "../ff.h" 8 | 9 | 10 | #if _FS_REENTRANT 11 | /*------------------------------------------------------------------------*/ 12 | /* Create a Synchronization Object 13 | /*------------------------------------------------------------------------*/ 14 | /* This function is called in f_mount() function to create a new 15 | / synchronization object, such as semaphore and mutex. When a 0 is returned, 16 | / the f_mount() function fails with FR_INT_ERR. 17 | */ 18 | 19 | int ff_cre_syncobj ( /* !=0:Function succeeded, ==0:Could not create due to any error */ 20 | BYTE vol, /* Corresponding logical drive being processed */ 21 | _SYNC_t *sobj /* Pointer to return the created sync object */ 22 | ) 23 | { 24 | int ret; 25 | 26 | 27 | *sobj = CreateMutex(NULL, FALSE, NULL); /* Win32 */ 28 | ret = (int)(*sobj != INVALID_HANDLE_VALUE); 29 | 30 | // *sobj = SyncObjects[vol]; /* uITRON (give a static created sync object) */ 31 | // ret = 1; /* The initial value of the semaphore must be 1. */ 32 | 33 | // *sobj = OSMutexCreate(0, &err); /* uC/OS-II */ 34 | // ret = (int)(err == OS_NO_ERR); 35 | 36 | // *sobj = xSemaphoreCreateMutex(); /* FreeRTOS */ 37 | // ret = (int)(*sobj != NULL); 38 | 39 | return ret; 40 | } 41 | 42 | 43 | 44 | /*------------------------------------------------------------------------*/ 45 | /* Delete a Synchronization Object */ 46 | /*------------------------------------------------------------------------*/ 47 | /* This function is called in f_mount() function to delete a synchronization 48 | / object that created with ff_cre_syncobj function. When a 0 is returned, 49 | / the f_mount() function fails with FR_INT_ERR. 50 | */ 51 | 52 | int ff_del_syncobj ( /* !=0:Function succeeded, ==0:Could not delete due to any error */ 53 | _SYNC_t sobj /* Sync object tied to the logical drive to be deleted */ 54 | ) 55 | { 56 | int ret; 57 | 58 | 59 | ret = CloseHandle(sobj); /* Win32 */ 60 | 61 | // ret = 1; /* uITRON (nothing to do) */ 62 | 63 | // OSMutexDel(sobj, OS_DEL_ALWAYS, &err); /* uC/OS-II */ 64 | // ret = (int)(err == OS_NO_ERR); 65 | 66 | // vSemaphoreDelete(sobj); /* FreeRTOS */ 67 | // ret = 1; 68 | 69 | return ret; 70 | } 71 | 72 | 73 | 74 | /*------------------------------------------------------------------------*/ 75 | /* Request Grant to Access the Volume */ 76 | /*------------------------------------------------------------------------*/ 77 | /* This function is called on entering file functions to lock the volume. 78 | / When a 0 is returned, the file function fails with FR_TIMEOUT. 79 | */ 80 | 81 | int ff_req_grant ( /* 1:Got a grant to access the volume, 0:Could not get a grant */ 82 | _SYNC_t sobj /* Sync object to wait */ 83 | ) 84 | { 85 | int ret; 86 | 87 | ret = (int)(WaitForSingleObject(sobj, _FS_TIMEOUT) == WAIT_OBJECT_0); /* Win32 */ 88 | 89 | // ret = (int)(wai_sem(sobj) == E_OK); /* uITRON */ 90 | 91 | // OSMutexPend(sobj, _FS_TIMEOUT, &err)); /* uC/OS-II */ 92 | // ret = (int)(err == OS_NO_ERR); 93 | 94 | // ret = (int)(xSemaphoreTake(sobj, _FS_TIMEOUT) == pdTRUE); /* FreeRTOS */ 95 | 96 | return ret; 97 | } 98 | 99 | 100 | 101 | /*------------------------------------------------------------------------*/ 102 | /* Release Grant to Access the Volume */ 103 | /*------------------------------------------------------------------------*/ 104 | /* This function is called on leaving file functions to unlock the volume. 105 | */ 106 | 107 | void ff_rel_grant ( 108 | _SYNC_t sobj /* Sync object to be signaled */ 109 | ) 110 | { 111 | ReleaseMutex(sobj); /* Win32 */ 112 | 113 | // sig_sem(sobj); /* uITRON */ 114 | 115 | // OSMutexPost(sobj); /* uC/OS-II */ 116 | 117 | // xSemaphoreGive(sobj); /* FreeRTOS */ 118 | } 119 | 120 | #endif 121 | 122 | 123 | 124 | 125 | #if _USE_LFN == 3 /* LFN with a working buffer on the heap */ 126 | /*------------------------------------------------------------------------*/ 127 | /* Allocate a memory block */ 128 | /*------------------------------------------------------------------------*/ 129 | /* If a NULL is returned, the file function fails with FR_NOT_ENOUGH_CORE. 130 | */ 131 | 132 | void* ff_memalloc ( /* Returns pointer to the allocated memory block */ 133 | UINT msize /* Number of bytes to allocate */ 134 | ) 135 | { 136 | return malloc(msize); /* Allocate a new memory block with POSIX API */ 137 | } 138 | 139 | 140 | /*------------------------------------------------------------------------*/ 141 | /* Free a memory block */ 142 | /*------------------------------------------------------------------------*/ 143 | 144 | void ff_memfree ( 145 | void* mblock /* Pointer to the memory block to free */ 146 | ) 147 | { 148 | free(mblock); /* Discard the memory block with POSIX API */ 149 | } 150 | 151 | #endif 152 | -------------------------------------------------------------------------------- /payload_installer/installer/source/fatfs/option/unicode.c: -------------------------------------------------------------------------------- 1 | #include "../ff.h" 2 | 3 | #if _USE_LFN != 0 4 | 5 | #if _CODE_PAGE == 932 /* Japanese Shift_JIS */ 6 | #include "cc932.c" 7 | #elif _CODE_PAGE == 936 /* Simplified Chinese GBK */ 8 | #include "cc936.c" 9 | #elif _CODE_PAGE == 949 /* Korean */ 10 | #include "cc949.c" 11 | #elif _CODE_PAGE == 950 /* Traditional Chinese Big5 */ 12 | #include "cc950.c" 13 | #else /* Small character-set */ 14 | #include "ccsbcs.c" 15 | #endif 16 | 17 | #endif 18 | -------------------------------------------------------------------------------- /payload_installer/installer/source/main.c: -------------------------------------------------------------------------------- 1 | #include "common.h" 2 | #include "screen.h" 3 | 4 | static char packEntryName[4][32] = 5 | { 6 | "Hacked Firm0", 7 | "Legit Firm1", 8 | "Hacked KeySector", 9 | "Secondary Payload" 10 | }; 11 | 12 | static unsigned char fixedHashes[2][32] = 13 | { 14 | { 15 | 0xA8, 0x51, 0xD6, 0x54, 0x6E, 0x43, 0xB5, 0x3D, 16 | 0x70, 0x93, 0xCB, 0x6E, 0x54, 0x74, 0x92, 0x60, 17 | 0xFE, 0x0F, 0xD0, 0x36, 0x60, 0xD4, 0x92, 0xAB, 18 | 0x51, 0xA3, 0x20, 0xBE, 0xBA, 0x34, 0xE4, 0x4A 19 | }, 20 | { 21 | 0xD2, 0x53, 0xC1, 0xCC, 0x0A, 0x5F, 0xFA, 0xC6, 22 | 0xB3, 0x83, 0xDA, 0xC1, 0x82, 0x7C, 0xFB, 0x3B, 23 | 0x2D, 0x3D, 0x56, 0x6C, 0x6A, 0x1A, 0x8E, 0x52, 24 | 0x54, 0xE3, 0x89, 0xC2, 0x95, 0x06, 0x23, 0xE5 25 | } 26 | }; 27 | 28 | typedef struct 29 | { 30 | unsigned int offset; 31 | unsigned int size; 32 | unsigned int sector; 33 | unsigned int crypt; 34 | unsigned char hash[32]; 35 | } packEntry; 36 | 37 | typedef struct 38 | { 39 | unsigned char hash[32]; 40 | char info[32]; 41 | packEntry entry[4]; 42 | } packHeader; 43 | 44 | int checkRegionHash(void* buf, size_t size, void* sha256) 45 | { 46 | unsigned char calc[32]; 47 | sha(calc, buf, size, SHA_256_MODE); 48 | if(memcmp(calc, sha256, 32) == 0) return 0; 49 | return 1; 50 | } 51 | 52 | int ctrCryptoTest() 53 | { 54 | int res = 0; 55 | u8 *tmp = (u8*)0x2000E000; 56 | 57 | nandReadSectors(0, 1, (void*)tmp, FIRM0); 58 | if(*((u32*)((void*)tmp)) == 0x4D524946) res++; 59 | nandReadSectors(0, 1, (void*)tmp, FIRM1); 60 | if(*((u32*)((void*)tmp)) == 0x4D524946) res++; 61 | return res; 62 | } 63 | 64 | int packAnalyze(void* buf, size_t size) 65 | { 66 | u8* buffer = (u8*)buf; 67 | packHeader* header = (packHeader*)buf; 68 | if(!checkRegionHash((void*)(buffer + 32), size - 32, (void*)header->hash)) 69 | { 70 | Debug("%s", header->info); 71 | int valid = 0; 72 | for(int i = 0; i < 4; i++) 73 | { 74 | if(header->entry[i].size > 0) 75 | { 76 | if(!checkRegionHash((void*)(buffer + header->entry[i].offset), header->entry[i].size, (void*)header->entry[i].hash)) 77 | { 78 | if(i < 2) 79 | { 80 | if(i == 0 || memcmp((void*)fixedHashes[i], (void*)header->entry[i].hash, 32) == 0) 81 | { 82 | Debug(" [GOOD] %s", packEntryName[i]); 83 | } 84 | else 85 | { 86 | Debug(" [FAIL] %s", packEntryName[i]); 87 | valid++; 88 | } 89 | } 90 | else 91 | { 92 | Debug(" [GOOD] %s", packEntryName[i]); 93 | } 94 | } 95 | else 96 | { 97 | Debug(" [FAIL] %s", packEntryName[i]); 98 | valid++; 99 | } 100 | } 101 | } 102 | if(!valid) 103 | { 104 | Debug(""); 105 | Debug("The listed content will be installed on your"); 106 | Debug("%s console. Be sure to not remove", isNew3DS ? "New 3DS" : "Old 3DS"); 107 | Debug("your SD card during the installation process"); 108 | Debug("and that the pack you're using contains your"); 109 | Debug("console-specific necessary data, otherwise you"); 110 | Debug("risk permanently BRICKING your console."); 111 | Debug(""); 112 | Debug("Press START to continue, or B to abort..."); 113 | Debug(""); 114 | while(1) 115 | { 116 | u32 key = waitHid(); 117 | if(key & BUTTON_START) return 0; 118 | if(key & BUTTON_B) return 2; 119 | } 120 | } 121 | else 122 | { 123 | Debug("ERROR : %d content files are corrupted!", valid); 124 | } 125 | } 126 | else 127 | { 128 | Debug("ERROR : Package main hash check failed!"); 129 | } 130 | return 1; 131 | } 132 | 133 | void arm9LoaderHaxInstall() 134 | { 135 | DebugClear(); 136 | Debug("Arm9LoaderHax Exploit Installer - Delebile"); 137 | Debug(""); 138 | 139 | fsFile *packFile = fsOpen("sdmc:/arm9loaderhax.pack", 1); 140 | if(packFile) 141 | { 142 | u8* packBuf = (u8*)0x24000000; 143 | u32 packSize = fsGetSize(packFile); 144 | fsRead((void*)packBuf, 1, packSize, packFile); 145 | fsClose(packFile); 146 | int res = packAnalyze(packBuf, packSize); 147 | if(!res) 148 | { 149 | if(ctrCryptoTest()) 150 | { 151 | packHeader* header = (packHeader*)packBuf; 152 | for(int i = 0; i < 4; i++) 153 | { 154 | if(header->entry[i].size > 0) 155 | { 156 | if(header->entry[i].crypt && i < 2) 157 | { 158 | Debug("Install : %s...", packEntryName[i]); 159 | nandWriteSectors(0, (header->entry[i].size >> 9), packBuf + header->entry[i].offset, (nandRegion)(header->entry[i].sector << 9)); 160 | } 161 | else 162 | { 163 | Debug("Install : %s...", packEntryName[i]); 164 | sdmmc_nand_writesectors(header->entry[i].sector, (header->entry[i].size >> 9), packBuf + header->entry[i].offset); 165 | } 166 | } 167 | } 168 | } 169 | else 170 | { 171 | Debug("ERROR : Could not decrypt NAND properly!"); 172 | } 173 | } 174 | else if(res == 1) 175 | { 176 | Debug("ERROR : The installation pack is corrupted!"); 177 | } 178 | } 179 | else 180 | { 181 | Debug("ERROR : Cannot open \"arm9loaderhax.pack\"!"); 182 | } 183 | 184 | Debug(" "); 185 | Debug("Press A to exit..."); 186 | while(1) 187 | { 188 | u32 key = waitHid(); 189 | if(key & BUTTON_A) return; 190 | } 191 | } 192 | 193 | int main() 194 | { 195 | screenInit(); 196 | fsInit(); 197 | 198 | arm9LoaderHaxInstall(); 199 | 200 | fsExit(); 201 | i2cWriteRegister(I2C_DEV_MCU, 0x20, (u8)(1<<0)); 202 | return 0; 203 | } 204 | -------------------------------------------------------------------------------- /payload_installer/installer/source/screen.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | void screenInit(); 4 | void screenExit(); -------------------------------------------------------------------------------- /payload_installer/installer/source/system/crypto.h: -------------------------------------------------------------------------------- 1 | // From http://github.com/b1l1s/ctr 2 | 3 | #ifndef __CRYPTO_H 4 | #define __CRYPTO_H 5 | 6 | #include 7 | #include "common.h" 8 | 9 | #define FIRM_TYPE_ARM9 0 10 | #define FIRM_TYPE_ARM11 1 11 | 12 | #define MEDIA_UNITS 0x200 13 | 14 | #define NCCH_MAGIC (0x4843434E) 15 | #define NCSD_MAGIC (0x4453434E) 16 | #define FIRM_MAGIC (0x4D524946) 17 | #define ARM9BIN_MAGIC (0x47704770) 18 | 19 | /**************************AES****************************/ 20 | #define REG_AESCNT ((volatile u32*)0x10009000) 21 | #define REG_AESBLKCNT ((volatile u32*)0x10009004) 22 | #define REG_AESWRFIFO ((volatile u32*)0x10009008) 23 | #define REG_AESRDFIFO ((volatile u32*)0x1000900C) 24 | #define REG_AESKEYSEL ((volatile u8 *)0x10009010) 25 | #define REG_AESKEYCNT ((volatile u8 *)0x10009011) 26 | #define REG_AESCTR ((volatile u32*)0x10009020) 27 | 28 | #define REG_AESKEYFIFO ((volatile u32*)0x10009100) 29 | #define REG_AESKEYXFIFO ((volatile u32*)0x10009104) 30 | #define REG_AESKEYYFIFO ((volatile u32*)0x10009108) 31 | 32 | #define AES_CCM_DECRYPT_MODE (0u << 27) 33 | #define AES_CCM_ENCRYPT_MODE (1u << 27) 34 | #define AES_CTR_MODE (2u << 27) 35 | #define AES_CTR_MODE (2u << 27) 36 | #define AES_CBC_DECRYPT_MODE (4u << 27) 37 | #define AES_CBC_ENCRYPT_MODE (5u << 27) 38 | #define AES_ECB_DECRYPT_MODE (6u << 27) 39 | #define AES_ECB_ENCRYPT_MODE (7u << 27) 40 | #define AES_ALL_MODES (7u << 27) 41 | 42 | #define AES_CNT_START 0x80000000 43 | #define AES_CNT_INPUT_ORDER 0x02000000 44 | #define AES_CNT_OUTPUT_ORDER 0x01000000 45 | #define AES_CNT_INPUT_ENDIAN 0x00800000 46 | #define AES_CNT_OUTPUT_ENDIAN 0x00400000 47 | #define AES_CNT_FLUSH_READ 0x00000800 48 | #define AES_CNT_FLUSH_WRITE 0x00000400 49 | 50 | #define AES_INPUT_BE (AES_CNT_INPUT_ENDIAN) 51 | #define AES_INPUT_LE 0 52 | #define AES_INPUT_NORMAL (AES_CNT_INPUT_ORDER) 53 | #define AES_INPUT_REVERSED 0 54 | 55 | #define AES_CNT_CTRNAND_MODE (AES_CTR_MODE | AES_CNT_INPUT_ORDER | AES_CNT_OUTPUT_ORDER | AES_CNT_INPUT_ENDIAN | AES_CNT_OUTPUT_ENDIAN) 56 | #define AES_CNT_TWLNAND_MODE AES_CTR_MODE 57 | 58 | #define AES_TEMP_KEYSLOT 0x11 59 | 60 | #define AES_BLOCK_SIZE 0x10 61 | 62 | #define AES_KEYCNT_WRITE (1 << 0x7) 63 | #define AES_KEYNORMAL 0 64 | #define AES_KEYX 1 65 | #define AES_KEYY 2 66 | 67 | /**************************SHA****************************/ 68 | #define REG_SHA_CNT ((volatile u32*)0x1000A000) 69 | #define REG_SHA_BLKCNT ((volatile u32*)0x1000A004) 70 | #define REG_SHA_HASH ((volatile u32*)0x1000A040) 71 | #define REG_SHA_INFIFO ((volatile u32*)0x1000A080) 72 | 73 | #define SHA_CNT_STATE 0x00000003 74 | #define SHA_CNT_UNK2 0x00000004 75 | #define SHA_CNT_OUTPUT_ENDIAN 0x00000008 76 | #define SHA_CNT_MODE 0x00000030 77 | #define SHA_CNT_ENABLE 0x00010000 78 | #define SHA_CNT_ACTIVE 0x00020000 79 | 80 | #define SHA_HASH_READY 0x00000000 81 | #define SHA_NORMAL_ROUND 0x00000001 82 | #define SHA_FINAL_ROUND 0x00000002 83 | 84 | #define SHA_OUTPUT_BE SHA_CNT_OUTPUT_ENDIAN 85 | #define SHA_OUTPUT_LE 0 86 | 87 | #define SHA_256_MODE 0 88 | #define SHA_224_MODE 0x00000010 89 | #define SHA_1_MODE 0x00000020 90 | 91 | #define SHA_256_HASH_SIZE (256 / 8) 92 | #define SHA_224_HASH_SIZE (224 / 8) 93 | #define SHA_1_HASH_SIZE (160 / 8) 94 | 95 | /**************************RSA****************************/ 96 | #define REG_RSA_CNT ((volatile u32*)0x1000B000) 97 | #define REG_RSA_SLOT0 ((volatile u32*)0x1000B100) 98 | #define REG_RSA_SLOT1 ((volatile u32*)0x1000B110) 99 | #define REG_RSA_SLOT2 ((volatile u32*)0x1000B120) 100 | #define REG_RSA_SLOT3 ((volatile u32*)0x1000B130) 101 | #define REG_RSA_EXPFIFO ((volatile u32*)0x1000B200) 102 | #define REG_RSA_MOD_END ((volatile u32*)0x1000B500) 103 | #define REG_RSA_TXT_END ((volatile u32*)0x1000B900) 104 | 105 | #define RSA_CNT_START 0x00000001 106 | #define RSA_CNT_KEYSLOTS 0x000000F0 107 | #define RSA_CNT_IO_ENDIAN 0x00000100 108 | #define RSA_CNT_IO_ORDER 0x00000200 109 | 110 | #define RSA_SLOTCNT_KEY_SET 0x00000001 111 | #define RSA_SLOTCNT_WPROTECT 0x00000002 // Write protect 112 | 113 | #define RSA_IO_BE RSA_CNT_IO_ENDIAN 114 | #define RSA_IO_LE 0 115 | #define RSA_IO_NORMAL RSA_CNT_IO_ORDER 116 | #define RSA_IO_REVERSED 0 117 | 118 | #define RSA_TEMP_KEYSLOT 0 119 | 120 | #define RSA_1024_MODE 0x20 121 | #define RSA_2048_MODE 0x40 122 | 123 | //Crypto Libs 124 | void aes_setkey(u8 keyslot, const void* key, u32 keyType, u32 mode); 125 | void aes_use_keyslot(u8 keyslot); 126 | void aes(void* dst, const void* src, u32 blockCount, void* iv, u32 mode, u32 ivMode); 127 | void aes_setiv(const void* iv, u32 mode); 128 | void aes_advctr(void* ctr, u32 val, u32 mode); 129 | void aes_change_ctrmode(void* ctr, u32 fromMode, u32 toMode); 130 | void aes_batch(void* dst, const void* src, u32 blockCount); 131 | void sha(void* res, const void* src, u32 size, u32 mode); 132 | void rsa_setkey(u32 keyslot, const void* mod, const void* exp, u32 mode); 133 | void rsa_use_keyslot(u32 keyslot); 134 | int rsa_verify(const void* data, u32 size, const void* sig, u32 mode); 135 | void xor(u8 *dest, u8 *data1, u8 *data2, u32 size); 136 | 137 | #endif /*__CRYPTO_H*/ 138 | -------------------------------------------------------------------------------- /payload_installer/installer/source/system/delay.h: -------------------------------------------------------------------------------- 1 | // Copyright 2014 Normmatt 2 | // Licensed under GPLv2 or any later version 3 | // Refer to the license.txt file included. 4 | 5 | #pragma once 6 | 7 | #include "common.h" 8 | 9 | void ioDelay(u32 us); 10 | -------------------------------------------------------------------------------- /payload_installer/installer/source/system/delay.s: -------------------------------------------------------------------------------- 1 | // Copyright 2014 Normmatt 2 | // Licensed under GPLv2 or any later version 3 | // Refer to the license.txt file included. 4 | 5 | .arm 6 | .global ioDelay 7 | .type ioDelay STT_FUNC 8 | 9 | @ioDelay ( u32 us ) 10 | ioDelay: 11 | ldr r1, =0x18000000 @ VRAM 12 | 1: 13 | @ Loop doing uncached reads from VRAM to make loop timing more reliable 14 | ldr r2, [r1] 15 | subs r0, #1 16 | bgt 1b 17 | bx lr 18 | 19 | .arm 20 | .global waitcycles 21 | .type waitcycles STT_FUNC 22 | 23 | @waitcycles ( u32 us ) 24 | waitcycles: 25 | PUSH {R0-R2,LR} 26 | STR R0, [SP,#4] 27 | waitcycles_loop: 28 | LDR R3, [SP,#4] 29 | SUBS R2, R3, #1 30 | STR R2, [SP,#4] 31 | CMP R3, #0 32 | BNE waitcycles_loop 33 | POP {R0-R2,PC} 34 | 35 | -------------------------------------------------------------------------------- /payload_installer/installer/source/system/draw.h: -------------------------------------------------------------------------------- 1 | // Copyright 2013 Normmatt 2 | // Licensed under GPLv2 or any later version 3 | // Refer to the license.txt file included. 4 | 5 | #pragma once 6 | 7 | #include "common.h" 8 | 9 | #define BYTES_PER_PIXEL 3 10 | #define SCREEN_HEIGHT 240 11 | #define SCREEN_WIDTH_TOP 400 12 | #define SCREEN_WIDTH_BOT 320 13 | 14 | #define RGB(r,g,b) (r<<24|b<<16|g<<8|r) 15 | 16 | #define COLOR_BLACK RGB(0x00, 0x00, 0x00) 17 | #define COLOR_WHITE RGB(0xFF, 0xFF, 0xFF) 18 | #define COLOR_RED RGB(0xFF, 0x00, 0x00) 19 | #define COLOR_GREEN RGB(0x00, 0xFF, 0x00) 20 | #define COLOR_BLUE RGB(0xFF, 0x00, 0xFF) 21 | #define COLOR_GREY RGB(0x77, 0x77, 0x77) 22 | #define COLOR_PURPLE RGB(0x66, 0x00, 0xFF) 23 | #define COLOR_TRANSPARENT RGB(0xFF, 0x00, 0xEF) // otherwise known as 'super fuchsia' 24 | 25 | #define TOP_SCREEN0 (u8*)*((u32*)(0x23FFFE00)) 26 | #define BOT_SCREEN0 (u8*)*((u32*)(0x23FFFE08)) 27 | #define TOP_SCREEN1 TOP_SCREEN0 28 | #define BOT_SCREEN1 BOT_SCREEN0 29 | 30 | 31 | void ClearScreen(unsigned char *screen, int width, int color); 32 | void ClearScreenFull(bool clear_top, bool clear_bottom); 33 | 34 | void DrawCharacter(unsigned char *screen, int character, int x, int y, int color, int bgcolor); 35 | void DrawString(unsigned char *screen, const char *str, int x, int y, int color, int bgcolor); 36 | void DrawStringF(int x, int y, bool use_top, const char *format, ...); 37 | 38 | void DebugClear(); 39 | void Debug(const char *format, ...); 40 | 41 | void ShowProgress(u64 current, u64 total); 42 | -------------------------------------------------------------------------------- /payload_installer/installer/source/system/hid.c: -------------------------------------------------------------------------------- 1 | #include "hid.h" 2 | 3 | u32 waitHid() { 4 | u32 pad_state_old = HID_STATE; 5 | while (true) { 6 | u32 pad_state = HID_STATE; 7 | if (pad_state ^ pad_state_old) 8 | return ~pad_state; 9 | } 10 | } 11 | 12 | u32 getHid() 13 | { 14 | return ~HID_STATE; 15 | } 16 | -------------------------------------------------------------------------------- /payload_installer/installer/source/system/hid.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "common.h" 4 | 5 | #define HID_STATE (*(volatile u32*)0x10146000) 6 | 7 | #define BUTTON_A (1 << 0) 8 | #define BUTTON_B (1 << 1) 9 | #define BUTTON_SELECT (1 << 2) 10 | #define BUTTON_START (1 << 3) 11 | #define BUTTON_RIGHT (1 << 4) 12 | #define BUTTON_LEFT (1 << 5) 13 | #define BUTTON_UP (1 << 6) 14 | #define BUTTON_DOWN (1 << 7) 15 | #define BUTTON_R1 (1 << 8) 16 | #define BUTTON_L1 (1 << 9) 17 | #define BUTTON_X (1 << 10) 18 | #define BUTTON_Y (1 << 11) 19 | 20 | u32 waitHid(); 21 | u32 getHid(); 22 | -------------------------------------------------------------------------------- /payload_installer/installer/source/system/i2c.c: -------------------------------------------------------------------------------- 1 | #include "i2c.h" 2 | 3 | //----------------------------------------------------------------------------- 4 | 5 | static const struct { u8 bus_id, reg_addr; } dev_data[] = { 6 | {0, 0x4A}, {0, 0x7A}, {0, 0x78}, 7 | {1, 0x4A}, {1, 0x78}, {1, 0x2C}, 8 | {1, 0x2E}, {1, 0x40}, {1, 0x44}, 9 | {2, 0xD6}, {2, 0xD0}, {2, 0xD2}, 10 | {2, 0xA4}, {2, 0x9A}, {2, 0xA0}, 11 | }; 12 | 13 | const inline u8 i2cGetDeviceBusId(u8 device_id) { 14 | return dev_data[device_id].bus_id; 15 | } 16 | 17 | const inline u8 i2cGetDeviceRegAddr(u8 device_id) { 18 | return dev_data[device_id].reg_addr; 19 | } 20 | 21 | //----------------------------------------------------------------------------- 22 | 23 | static vu8* const reg_data_addrs[] = { 24 | (vu8*)(I2C1_REG_OFF + I2C_REG_DATA), 25 | (vu8*)(I2C2_REG_OFF + I2C_REG_DATA), 26 | (vu8*)(I2C3_REG_OFF + I2C_REG_DATA), 27 | }; 28 | 29 | inline vu8* const i2cGetDataReg(u8 bus_id) { 30 | return reg_data_addrs[bus_id]; 31 | } 32 | 33 | //----------------------------------------------------------------------------- 34 | 35 | static vu8* const reg_cnt_addrs[] = { 36 | (vu8*)(I2C1_REG_OFF + I2C_REG_CNT), 37 | (vu8*)(I2C2_REG_OFF + I2C_REG_CNT), 38 | (vu8*)(I2C3_REG_OFF + I2C_REG_CNT), 39 | }; 40 | 41 | inline vu8* const i2cGetCntReg(u8 bus_id) { 42 | return reg_cnt_addrs[bus_id]; 43 | } 44 | 45 | //----------------------------------------------------------------------------- 46 | 47 | inline void i2cWaitBusy(u8 bus_id) { 48 | while (*i2cGetCntReg(bus_id) & 0x80); 49 | } 50 | 51 | inline bool i2cGetResult(u8 bus_id) { 52 | i2cWaitBusy(bus_id); 53 | return (*i2cGetCntReg(bus_id) >> 4) & 1; 54 | } 55 | 56 | void i2cStop(u8 bus_id, u8 arg0) { 57 | *i2cGetCntReg(bus_id) = (arg0 << 5) | 0xC0; 58 | i2cWaitBusy(bus_id); 59 | *i2cGetCntReg(bus_id) = 0xC5; 60 | } 61 | 62 | //----------------------------------------------------------------------------- 63 | 64 | bool i2cSelectDevice(u8 bus_id, u8 dev_reg) { 65 | i2cWaitBusy(bus_id); 66 | *i2cGetDataReg(bus_id) = dev_reg; 67 | *i2cGetCntReg(bus_id) = 0xC2; 68 | return i2cGetResult(bus_id); 69 | } 70 | 71 | bool i2cSelectRegister(u8 bus_id, u8 reg) { 72 | i2cWaitBusy(bus_id); 73 | *i2cGetDataReg(bus_id) = reg; 74 | *i2cGetCntReg(bus_id) = 0xC0; 75 | return i2cGetResult(bus_id); 76 | } 77 | 78 | //----------------------------------------------------------------------------- 79 | 80 | u8 i2cReadRegister(u8 dev_id, u8 reg) { 81 | u8 bus_id = i2cGetDeviceBusId(dev_id); 82 | u8 dev_addr = i2cGetDeviceRegAddr(dev_id); 83 | 84 | for (size_t i = 0; i < 8; i++) { 85 | if (i2cSelectDevice(bus_id, dev_addr) && i2cSelectRegister(bus_id, reg)) { 86 | if (i2cSelectDevice(bus_id, dev_addr | 1)) { 87 | i2cWaitBusy(bus_id); 88 | i2cStop(bus_id, 1); 89 | i2cWaitBusy(bus_id); 90 | return *i2cGetDataReg(bus_id); 91 | } 92 | } 93 | *i2cGetCntReg(bus_id) = 0xC5; 94 | i2cWaitBusy(bus_id); 95 | } 96 | return 0xff; 97 | } 98 | 99 | bool i2cReadRegisterBuffer(unsigned int dev_id, int reg, u8* buffer, size_t buf_size) { 100 | u8 bus_id = i2cGetDeviceBusId(dev_id); 101 | u8 dev_addr = i2cGetDeviceRegAddr(dev_id); 102 | 103 | size_t j = 0; 104 | while (!i2cSelectDevice(bus_id, dev_addr) 105 | || !i2cSelectRegister(bus_id, reg) 106 | || !i2cSelectDevice(bus_id, dev_addr | 1)) 107 | { 108 | i2cWaitBusy(bus_id); 109 | *i2cGetCntReg(bus_id) = 0xC5; 110 | i2cWaitBusy(bus_id); 111 | if (++j >= 8) 112 | return false; 113 | } 114 | 115 | if (buf_size != 1) { 116 | for (int i = 0; i < buf_size - 1; i++) { 117 | i2cWaitBusy(bus_id); 118 | *i2cGetCntReg(bus_id) = 0xF0; 119 | i2cWaitBusy(bus_id); 120 | buffer[i] = *i2cGetDataReg(bus_id); 121 | } 122 | } 123 | 124 | i2cWaitBusy(bus_id); 125 | *i2cGetCntReg(bus_id) = 0xE1; 126 | i2cWaitBusy(bus_id); 127 | *buffer = *i2cGetDataReg(bus_id); 128 | return true; 129 | } 130 | 131 | bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data) { 132 | u8 bus_id = i2cGetDeviceBusId(dev_id); 133 | u8 dev_addr = i2cGetDeviceRegAddr(dev_id); 134 | 135 | for (int i = 0; i < 8; i++) { 136 | if (i2cSelectDevice(bus_id, dev_addr) && i2cSelectRegister(bus_id, reg)) { 137 | i2cWaitBusy(bus_id); 138 | *i2cGetDataReg(bus_id) = data; 139 | *i2cGetCntReg(bus_id) = 0xC1; 140 | i2cStop(bus_id, 0); 141 | if (i2cGetResult(bus_id)) 142 | return true; 143 | } 144 | *i2cGetCntReg(bus_id) = 0xC5; 145 | i2cWaitBusy(bus_id); 146 | } 147 | 148 | return false; 149 | } -------------------------------------------------------------------------------- /payload_installer/installer/source/system/i2c.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "common.h" 4 | 5 | #define I2C1_REG_OFF 0x10161000 6 | #define I2C2_REG_OFF 0x10144000 7 | #define I2C3_REG_OFF 0x10148000 8 | 9 | #define I2C_REG_DATA 0 10 | #define I2C_REG_CNT 1 11 | #define I2C_REG_CNTEX 2 12 | #define I2C_REG_SCL 4 13 | 14 | #define I2C_DEV_MCU 3 15 | #define I2C_DEV_GYRO 10 16 | #define I2C_DEV_IR 13 17 | 18 | const u8 i2cGetDeviceBusId(u8 device_id); 19 | const u8 i2cGetDeviceRegAddr(u8 device_id); 20 | 21 | vu8* const i2cGetDataReg(u8 bus_id); 22 | vu8* const i2cGetCntReg(u8 bus_id); 23 | 24 | void i2cWaitBusy(u8 bus_id); 25 | bool i2cGetResult(u8 bus_id); 26 | u8 i2cGetData(u8 bus_id); 27 | void i2cStop(u8 bus_id, u8 arg0); 28 | 29 | bool i2cSelectDevice(u8 bus_id, u8 dev_reg); 30 | bool i2cSelectRegister(u8 bus_id, u8 reg); 31 | 32 | u8 i2cReadRegister(u8 dev_id, u8 reg); 33 | bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data); 34 | 35 | bool i2cReadRegisterBuffer(unsigned int dev_id, int reg, u8* buffer, size_t buf_size); -------------------------------------------------------------------------------- /payload_installer/installer/source/system/nand.c: -------------------------------------------------------------------------------- 1 | #include "nand.h" 2 | 3 | static u8 ctrCtr[0x10], twlCtr[0x10], curCtr[0x10], firstTime = 1; 4 | 5 | u32 nandGetCtr(u8* ctr, u32 offset) 6 | { 7 | if(firstTime) 8 | { 9 | u8 cid[0x10], sha1sum[20]; 10 | sdmmc_get_cid( 1, (uint32_t*)cid); 11 | sha(ctrCtr, cid, 0x10, SHA_256_MODE); 12 | sha(sha1sum, cid, 0x10, SHA_1_MODE); 13 | for(u32 i = 0; i < 0x10; i++) 14 | { 15 | twlCtr[i] = sha1sum[15-i]; 16 | } 17 | firstTime = 0; 18 | } 19 | memcpy(ctr, offset >= 0x0B100000 ? ctrCtr : twlCtr, 0x10); 20 | aes_advctr(ctr, offset >> 4, AES_INPUT_BE | AES_INPUT_NORMAL); 21 | return 0; 22 | } 23 | 24 | void nandCrypt(u32 sector_no, u32 numsectors, u8 *out, nandRegion section) 25 | { 26 | u8 keyslot = 0; 27 | switch(section) 28 | { 29 | case TWLN: keyslot = 3; break; 30 | case TWLP: keyslot = 3; break; 31 | case AGBSAVE: keyslot = 7; break; 32 | case FIRM0: keyslot = 6; break; 33 | case FIRM1: keyslot = 6; break; 34 | case CTRNAND: keyslot = 4; break; 35 | case NEWCTR: keyslot = 5; break; 36 | } 37 | memset((void*)curCtr, 0x00, 0x10); 38 | nandGetCtr(curCtr, (u32)section + (sector_no << 9)); 39 | aes_setiv(curCtr, AES_INPUT_BE | AES_INPUT_NORMAL); 40 | aes_use_keyslot(keyslot); 41 | aes(out, out, (numsectors << 9) >> 4, curCtr, AES_CNT_CTRNAND_MODE, AES_INPUT_BE | AES_INPUT_NORMAL); 42 | } 43 | 44 | int nandReadSectors(u32 sector_no, u32 numsectors, u8 *out, nandRegion section) 45 | { 46 | if(section == CTRNAND && isNew3DS) section = NEWCTR; 47 | int ret = sdmmc_nand_readsectors(sector_no + ((u32)section >> 9), numsectors, out); 48 | nandCrypt(sector_no, numsectors, out, (u32)section); 49 | return ret; 50 | } 51 | 52 | int nandWriteSectors(u32 sector_no, u32 numsectors, u8 *out, nandRegion section) 53 | { 54 | if(section == CTRNAND && isNew3DS) section = NEWCTR; 55 | nandCrypt(sector_no, numsectors, out, (u32)section); 56 | int ret = sdmmc_nand_writesectors(sector_no + ((u32)section >> 9), numsectors, out); 57 | nandCrypt(sector_no, numsectors, out, (u32)section); 58 | return ret; 59 | } 60 | -------------------------------------------------------------------------------- /payload_installer/installer/source/system/nand.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "common.h" 4 | 5 | typedef enum{ 6 | TWLN = 0x00012E00, 7 | TWLP = 0x09011A00, 8 | AGBSAVE = 0x0B100000, 9 | FIRM0 = 0x0B130000, 10 | FIRM1 = 0x0B530000, 11 | CTRNAND = 0x0B95CA00, 12 | NEWCTR = 0x0B95AE00 13 | } nandRegion; 14 | 15 | u32 nandGetCtr(u8* ctr, u32 offset); 16 | void nandCrypt(u32 sector_no, u32 numsectors, u8 *out, nandRegion section); 17 | int nandReadSectors(u32 sector_no, u32 numsectors, u8 *out, nandRegion section); 18 | int nandWriteSectors(u32 sector_no, u32 numsectors, u8 *out, nandRegion section); -------------------------------------------------------------------------------- /payload_stage1/source/_start.s: -------------------------------------------------------------------------------- 1 | .section .text.start 2 | .align 4 3 | .global _start 4 | .extern flush_all_caches 5 | 6 | _start: 7 | @ Disable IRQ 8 | mrs r0, cpsr 9 | orr r0, r0, #0x80 10 | msr cpsr_c, r0 11 | 12 | @ Change the stack pointer 13 | mov sp, #0x27000000 14 | 15 | @ Set up relocation register (r9) 16 | @ this instruction is 16 bytes away from the start, takes into account the 8 17 | @ bytes PC is ahead, meaning pc - 24 == start in memory 18 | sub r9, pc, #24 19 | 20 | @ Disable caches and MPU 21 | ldr r0, =disable_mpu_and_caching 22 | add r0, r0, r9 23 | blx r0 24 | 25 | @ Flush caches 26 | ldr r0, =flush_all_caches 27 | add r0, r0, r9 28 | blx r0 29 | 30 | @ Setup GOT table (just in case) 31 | ldr r0, =__got_start 32 | ldr r1, =__got_end 33 | mov r2, r9 34 | 35 | ldr r3, =relocate_section 36 | add r3, r3, r9 37 | blx r3 38 | 39 | @ Set MPU table 40 | ldr r0, =setup_mpu_table 41 | add r0, r0, r9 42 | blx r0 43 | 44 | @ Enable caches and MPU 45 | ldr r0, =enable_mpu_and_caching 46 | add r0, r0, r9 47 | blx r0 48 | 49 | ldr r0, =main 50 | add r0, r0, r9 51 | blx r0 52 | 53 | .die: 54 | b .die 55 | 56 | disable_mpu_and_caching: 57 | @ Disable caches and MPU 58 | mrc p15, 0, r0, c1, c0, 0 @ read control register 59 | bic r0, r0, #(1<<12) @ - instruction cache enable 60 | bic r0, r0, #(1<<2) @ - data cache enable 61 | bic r0, r0, #(1<<0) @ - mpu enable 62 | mcr p15, 0, r0, c1, c0, 0 @ write control register 63 | 64 | bx lr 65 | 66 | enable_mpu_and_caching: 67 | @ Enable caches and MPU 68 | mrc p15, 0, r0, c1, c0, 0 @ read control register 69 | orr r0, r0, #(1<<12) @ - instruction cache enable 70 | orr r0, r0, #(1<<2) @ - data cache enable 71 | orr r0, r0, #(1<<0) @ - mpu enable 72 | mcr p15, 0, r0, c1, c0, 0 @ write control register 73 | 74 | bx lr 75 | 76 | setup_mpu_table: 77 | push {r4-r7} 78 | @ Set MPU permissions and cache settings 79 | ldr r0, =0xFFFF001D @ ffff0000 32k 80 | ldr r1, =0x01FF801D @ 01ff8000 32k 81 | ldr r2, =0x08000027 @ 08000000 1M 82 | ldr r3, =0x10000021 @ 10000000 128k 83 | ldr r4, =0x10100025 @ 10100000 512k 84 | ldr r5, =0x20000035 @ 20000000 128M 85 | ldr r6, =0x1FF00027 @ 1FF00000 1M 86 | ldr r7, =0x1800002D @ 18000000 8M 87 | mcr p15, 0, r0, c6, c0, 0 88 | mcr p15, 0, r1, c6, c1, 0 89 | mcr p15, 0, r2, c6, c2, 0 90 | mcr p15, 0, r3, c6, c3, 0 91 | mcr p15, 0, r4, c6, c4, 0 92 | mcr p15, 0, r5, c6, c5, 0 93 | mcr p15, 0, r6, c6, c6, 0 94 | mcr p15, 0, r7, c6, c7, 0 95 | mov r0, #0x25 96 | mcr p15, 0, r0, c2, c0, 0 @ data cacheable 97 | mcr p15, 0, r0, c2, c0, 1 @ instruction cacheable 98 | mcr p15, 0, r0, c3, c0, 0 @ data bufferable 99 | 100 | @ Give read/write access to all the memory regions 101 | ldr r0, =0x33333333 102 | mcr p15, 0, r0, c5, c0, 2 @ write data access 103 | mcr p15, 0, r0, c5, c0, 3 @ write instruction access 104 | 105 | pop {r4-r7} 106 | bx lr 107 | 108 | @ r0 - region start 109 | @ r1 - region end 110 | @ r2 - relocation base (usually starting PC address) 111 | relocate_section: 112 | add r0, r0, r2 113 | add r1, r1, r2 114 | 115 | .Lreloc_init: 116 | cmp r0, r1 117 | beq .Lrelocinit_done 118 | ldr r3, [r0] 119 | add r3, r2, r3 120 | str r3, [r0], #4 121 | b .Lreloc_init 122 | .Lrelocinit_done: 123 | 124 | bx lr 125 | 126 | -------------------------------------------------------------------------------- /payload_stage1/source/common.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | #define u8 uint8_t 11 | #define u16 uint16_t 12 | #define u32 uint32_t 13 | #define u64 uint64_t 14 | 15 | #define vu8 volatile u8 16 | #define vu16 volatile u16 17 | #define vu32 volatile u32 18 | #define vu64 volatile u64 19 | 20 | #define max(a,b) \ 21 | ({ __typeof__ (a) _a = (a); \ 22 | __typeof__ (b) _b = (b); \ 23 | _a > _b ? _a : _b; }) 24 | #define min(a,b) \ 25 | ({ __typeof__ (a) _a = (a); \ 26 | __typeof__ (b) _b = (b); \ 27 | _a < _b ? _a : _b; }) 28 | -------------------------------------------------------------------------------- /payload_stage1/source/delay.h: -------------------------------------------------------------------------------- 1 | // Copyright 2014 Normmatt 2 | // Licensed under GPLv2 or any later version 3 | // Refer to the license.txt file included. 4 | 5 | #pragma once 6 | 7 | #include "common.h" 8 | 9 | void ioDelay(u32 us); 10 | -------------------------------------------------------------------------------- /payload_stage1/source/delay.s: -------------------------------------------------------------------------------- 1 | // Copyright 2014 Normmatt 2 | // Licensed under GPLv2 or any later version 3 | // Refer to the license.txt file included. 4 | 5 | .arm 6 | .global ioDelay 7 | .type ioDelay STT_FUNC 8 | 9 | @ioDelay ( u32 us ) 10 | ioDelay: 11 | ldr r1, =0x18000000 @ VRAM 12 | 1: 13 | @ Loop doing uncached reads from VRAM to make loop timing more reliable 14 | ldr r2, [r1] 15 | subs r0, #1 16 | bgt 1b 17 | bx lr 18 | -------------------------------------------------------------------------------- /payload_stage1/source/flush.h: -------------------------------------------------------------------------------- 1 | #ifndef FLUSH_H_ 2 | #define FLUSH_H_ 3 | 4 | void flush_all_caches(void); 5 | 6 | #endif//FLUSH_H_ 7 | 8 | -------------------------------------------------------------------------------- /payload_stage1/source/flush.s: -------------------------------------------------------------------------------- 1 | .arm 2 | .global flush_all_caches 3 | .type flush_all_caches STT_FUNC 4 | 5 | @void flush_all_caches(void) 6 | flush_all_caches: 7 | push {lr} 8 | @ Flush caches 9 | ldr r0, =0xFFFF0830 @ Nintendo's flush function in unprot. bootrom 10 | blx r0 11 | 12 | @ flush instruction cache, it's not flushed by Nintendo's function 13 | mov r0, #0 14 | mcr p15, 0, r0, c7, c5, 0 15 | 16 | pop {lr} 17 | bx lr 18 | 19 | -------------------------------------------------------------------------------- /payload_stage1/source/main.c: -------------------------------------------------------------------------------- 1 | #include "common.h" 2 | #include "sdmmc.h" 3 | #include "flush.h" 4 | 5 | int main() 6 | { 7 | // Initialize sdcard and nand 8 | *(vu32*)0x10000020 = 0; 9 | *(vu32*)0x10000020 = 0x340; 10 | sdmmc_sdcard_init(); 11 | sdmmc_nand_readsectors(0x5C000, 0x20, (u8*)0x08006000); 12 | flush_all_caches(); 13 | // Jump to secondary payload 14 | ((void (*)())0x08006000)(); 15 | 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /payload_stage1/source/sdmmc.h: -------------------------------------------------------------------------------- 1 | // Copyright 2014 Normmatt 2 | // Licensed under GPLv2 or any later version 3 | // Refer to the license.txt file included. 4 | 5 | #pragma once 6 | 7 | #include "common.h" 8 | 9 | #define SDMMC_BASE 0x10006000u 10 | 11 | #define REG_SDCMD 0x00 12 | #define REG_SDPORTSEL 0x02 13 | #define REG_SDCMDARG 0x04 14 | #define REG_SDCMDARG0 0x04 15 | #define REG_SDCMDARG1 0x06 16 | #define REG_SDSTOP 0x08 17 | #define REG_SDBLKCOUNT 0x0a 18 | 19 | #define REG_SDRESP0 0x0c 20 | #define REG_SDRESP1 0x0e 21 | #define REG_SDRESP2 0x10 22 | #define REG_SDRESP3 0x12 23 | #define REG_SDRESP4 0x14 24 | #define REG_SDRESP5 0x16 25 | #define REG_SDRESP6 0x18 26 | #define REG_SDRESP7 0x1a 27 | 28 | #define REG_SDSTATUS0 0x1c 29 | #define REG_SDSTATUS1 0x1e 30 | 31 | #define REG_SDIRMASK0 0x20 32 | #define REG_SDIRMASK1 0x22 33 | #define REG_SDCLKCTL 0x24 34 | 35 | #define REG_SDBLKLEN 0x26 36 | #define REG_SDOPT 0x28 37 | #define REG_SDFIFO 0x30 38 | 39 | #define REG_SDDATACTL 0xd8 40 | #define REG_SDRESET 0xe0 41 | #define REG_SDPROTECTED 0xf6 //bit 0 determines if sd is protected or not? 42 | 43 | #define REG_SDDATACTL32 0x100 44 | #define REG_SDBLKLEN32 0x104 45 | #define REG_SDBLKCOUNT32 0x108 46 | #define REG_SDFIFO32 0x10C 47 | 48 | #define REG_CLK_AND_WAIT_CTL 0x138 49 | #define REG_RESET_SDIO 0x1e0 50 | 51 | #define TMIO_STAT0_CMDRESPEND 0x0001 52 | #define TMIO_STAT0_DATAEND 0x0004 53 | #define TMIO_STAT0_CARD_REMOVE 0x0008 54 | #define TMIO_STAT0_CARD_INSERT 0x0010 55 | #define TMIO_STAT0_SIGSTATE 0x0020 56 | #define TMIO_STAT0_WRPROTECT 0x0080 57 | #define TMIO_STAT0_CARD_REMOVE_A 0x0100 58 | #define TMIO_STAT0_CARD_INSERT_A 0x0200 59 | #define TMIO_STAT0_SIGSTATE_A 0x0400 60 | #define TMIO_STAT1_CMD_IDX_ERR 0x0001 61 | #define TMIO_STAT1_CRCFAIL 0x0002 62 | #define TMIO_STAT1_STOPBIT_ERR 0x0004 63 | #define TMIO_STAT1_DATATIMEOUT 0x0008 64 | #define TMIO_STAT1_RXOVERFLOW 0x0010 65 | #define TMIO_STAT1_TXUNDERRUN 0x0020 66 | #define TMIO_STAT1_CMDTIMEOUT 0x0040 67 | #define TMIO_STAT1_RXRDY 0x0100 68 | #define TMIO_STAT1_TXRQ 0x0200 69 | #define TMIO_STAT1_ILL_FUNC 0x2000 70 | #define TMIO_STAT1_CMD_BUSY 0x4000 71 | #define TMIO_STAT1_ILL_ACCESS 0x8000 72 | 73 | //Comes from TWLSDK mongoose.tef DWARF info 74 | #define SDMC_NORMAL 0x00000000 75 | #define SDMC_ERR_COMMAND 0x00000001 76 | #define SDMC_ERR_CRC 0x00000002 77 | #define SDMC_ERR_END 0x00000004 78 | #define SDMC_ERR_TIMEOUT 0x00000008 79 | #define SDMC_ERR_FIFO_OVF 0x00000010 80 | #define SDMC_ERR_FIFO_UDF 0x00000020 81 | #define SDMC_ERR_WP 0x00000040 82 | #define SDMC_ERR_ABORT 0x00000080 83 | #define SDMC_ERR_FPGA_TIMEOUT 0x00000100 84 | #define SDMC_ERR_PARAM 0x00000200 85 | #define SDMC_ERR_R1_STATUS 0x00000800 86 | #define SDMC_ERR_NUM_WR_SECTORS 0x00001000 87 | #define SDMC_ERR_RESET 0x00002000 88 | #define SDMC_ERR_ILA 0x00004000 89 | #define SDMC_ERR_INFO_DETECT 0x00008000 90 | 91 | #define SDMC_STAT_ERR_UNKNOWN 0x00080000 92 | #define SDMC_STAT_ERR_CC 0x00100000 93 | #define SDMC_STAT_ERR_ECC_FAILED 0x00200000 94 | #define SDMC_STAT_ERR_CRC 0x00800000 95 | #define SDMC_STAT_ERR_OTHER 0xf9c70008 96 | 97 | #define TMIO_MASK_ALL 0x837f031d 98 | 99 | #define TMIO_MASK_GW (TMIO_STAT1_ILL_ACCESS | TMIO_STAT1_CMDTIMEOUT | TMIO_STAT1_TXUNDERRUN | TMIO_STAT1_RXOVERFLOW | \ 100 | TMIO_STAT1_DATATIMEOUT | TMIO_STAT1_STOPBIT_ERR | TMIO_STAT1_CRCFAIL | TMIO_STAT1_CMD_IDX_ERR) 101 | 102 | #define TMIO_MASK_READOP (TMIO_STAT1_RXRDY | TMIO_STAT1_DATAEND) 103 | #define TMIO_MASK_WRITEOP (TMIO_STAT1_TXRQ | TMIO_STAT1_DATAEND) 104 | 105 | typedef struct mmcdevice { 106 | u8* data; 107 | u32 size; 108 | u32 error; 109 | u16 stat0; 110 | u16 stat1; 111 | u32 ret[4]; 112 | u32 initarg; 113 | u32 isSDHC; 114 | u32 clk; 115 | u32 SDOPT; 116 | u32 devicenumber; 117 | u32 total_size; //size in sectors of the device 118 | u32 res; 119 | } mmcdevice; 120 | 121 | /*int sdmmc_sdcard_init(); 122 | void sdmmc_sdcard_readsector(uint32_t sector_no, void *out); 123 | void sdmmc_sdcard_readsectors(uint32_t sector_no, uint32_t numsectors, void *out); 124 | void sdmmc_sdcard_writesector(uint32_t sector_no, void *in); 125 | void sdmmc_sdcard_writesectors(uint32_t sector_no, uint32_t numsectors, void *in); 126 | void sdmmc_blktransferinit();*/ 127 | 128 | int sdmmc_sdcard_init(); 129 | 130 | int sdmmc_nand_readsectors(u32 sector_no, u32 numsectors, u8 *out); 131 | int sdmmc_nand_writesectors(u32 sector_no, u32 numsectors, u8 *in); 132 | 133 | mmcdevice *getMMCDevice(int drive); 134 | 135 | void InitSDMMC(); 136 | int Nand_Init(); 137 | 138 | -------------------------------------------------------------------------------- /payload_stage2/label.txt: -------------------------------------------------------------------------------- 1 | A9LH Secondary Payload Update -------------------------------------------------------------------------------- /payload_stage2/source/_start.s: -------------------------------------------------------------------------------- 1 | .section .text.start 2 | .align 4 3 | .arm 4 | .global _start 5 | .extern flush_all_caches 6 | _start: 7 | _init: 8 | 9 | @ Set up GOT 10 | sub r9, pc, #8 11 | ldr r0, =__got_start 12 | ldr r1, =__got_end 13 | mov r2, r9 14 | 15 | ldr r3, =relocate_section 16 | add r3, r3, r9 17 | blx r3 18 | 19 | ldr r0, =main 20 | add r0, r0, r9 21 | blx r0 22 | 23 | .die: 24 | b .die 25 | 26 | @ r0 - region start 27 | @ r1 - region end 28 | @ r2 - relocation base (usually starting PC address) 29 | relocate_section: 30 | add r0, r0, r2 31 | add r1, r1, r2 32 | 33 | .Lreloc_init: 34 | cmp r0, r1 35 | beq .Lrelocinit_done 36 | ldr r3, [r0] 37 | add r3, r2, r3 38 | str r3, [r0], #4 39 | b .Lreloc_init 40 | .Lrelocinit_done: 41 | 42 | bx lr 43 | -------------------------------------------------------------------------------- /payload_stage2/source/common.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | #define u8 uint8_t 11 | #define u16 uint16_t 12 | #define u32 uint32_t 13 | #define u64 uint64_t 14 | 15 | #define vu8 volatile u8 16 | #define vu16 volatile u16 17 | #define vu32 volatile u32 18 | #define vu64 volatile u64 19 | 20 | #define max(a,b) \ 21 | ({ __typeof__ (a) _a = (a); \ 22 | __typeof__ (b) _b = (b); \ 23 | _a > _b ? _a : _b; }) 24 | #define min(a,b) \ 25 | ({ __typeof__ (a) _a = (a); \ 26 | __typeof__ (b) _b = (b); \ 27 | _a < _b ? _a : _b; }) 28 | 29 | inline char* strupper(const char* str) { 30 | char* buffer = (char*)malloc(strlen(str) + 1); 31 | for (int i = 0; i < strlen(str); ++i) 32 | buffer[i] = toupper((unsigned)str[i]); 33 | return buffer; 34 | } 35 | 36 | inline char* strlower(const char* str) { 37 | char* buffer = (char*)malloc(strlen(str) + 1); 38 | for (int i = 0; i < strlen(str); ++i) 39 | buffer[i] = tolower((unsigned)str[i]); 40 | return buffer; 41 | } 42 | -------------------------------------------------------------------------------- /payload_stage2/source/delay.h: -------------------------------------------------------------------------------- 1 | // Copyright 2014 Normmatt 2 | // Licensed under GPLv2 or any later version 3 | // Refer to the license.txt file included. 4 | 5 | #pragma once 6 | 7 | #include "common.h" 8 | 9 | void ioDelay(u32 us); 10 | -------------------------------------------------------------------------------- /payload_stage2/source/delay.s: -------------------------------------------------------------------------------- 1 | // Copyright 2014 Normmatt 2 | // Licensed under GPLv2 or any later version 3 | // Refer to the license.txt file included. 4 | 5 | .arm 6 | .global ioDelay 7 | .type ioDelay STT_FUNC 8 | 9 | @ioDelay ( u32 us ) 10 | ioDelay: 11 | ldr r1, =0x18000000 @ VRAM 12 | 1: 13 | @ Loop doing uncached reads from VRAM to make loop timing more reliable 14 | ldr r2, [r1] 15 | subs r0, #1 16 | bgt 1b 17 | bx lr 18 | -------------------------------------------------------------------------------- /payload_stage2/source/fatfs/diskio.c: -------------------------------------------------------------------------------- 1 | /*-----------------------------------------------------------------------*/ 2 | /* Low level disk I/O module skeleton for FatFs (C)ChaN, 2013 */ 3 | /*-----------------------------------------------------------------------*/ 4 | /* If a working storage control module is available, it should be */ 5 | /* attached to the FatFs via a glue function rather than modifying it. */ 6 | /* This is an example of glue functions to attach various exsisting */ 7 | /* storage control module to the FatFs module with a defined API. */ 8 | /*-----------------------------------------------------------------------*/ 9 | 10 | #include "diskio.h" /* FatFs lower layer API */ 11 | #include "../sdmmc.h" 12 | 13 | /* Definitions of physical drive number for each media */ 14 | #define ATA 0 15 | #define MMC 1 16 | #define USB 2 17 | 18 | static DSTATUS status; 19 | 20 | /*-----------------------------------------------------------------------*/ 21 | /* Inidialize a Drive */ 22 | /*-----------------------------------------------------------------------*/ 23 | 24 | DSTATUS disk_initialize ( 25 | BYTE pdrv /* Physical drive nmuber (0..) */ 26 | ) 27 | { 28 | int result = sdmmc_sdcard_init(); 29 | if (result) 30 | { 31 | status = STA_NOINIT; 32 | } 33 | status = RES_OK; 34 | return status; 35 | } 36 | 37 | 38 | 39 | /*-----------------------------------------------------------------------*/ 40 | /* Get Disk Status */ 41 | /*-----------------------------------------------------------------------*/ 42 | 43 | DSTATUS disk_status ( 44 | BYTE pdrv /* Physical drive nmuber (0..) */ 45 | ) 46 | { 47 | return status; 48 | } 49 | 50 | 51 | 52 | /*-----------------------------------------------------------------------*/ 53 | /* Read Sector(s) */ 54 | /*-----------------------------------------------------------------------*/ 55 | 56 | DRESULT disk_read ( 57 | BYTE pdrv, /* Physical drive nmuber (0..) */ 58 | BYTE *buff, /* Data buffer to store read data */ 59 | DWORD sector, /* Sector address (LBA) */ 60 | UINT count /* Number of sectors to read (1..128) */ 61 | ) 62 | { 63 | if (!status) 64 | { 65 | switch(pdrv){ 66 | case 0: 67 | if (sdmmc_sdcard_readsectors(sector,count,(u8*)buff)) 68 | return RES_PARERR; 69 | break; 70 | } 71 | return RES_OK; 72 | } 73 | return RES_NOTRDY; 74 | } 75 | 76 | 77 | 78 | /*-----------------------------------------------------------------------*/ 79 | /* Write Sector(s) */ 80 | /*-----------------------------------------------------------------------*/ 81 | 82 | #if _USE_WRITE 83 | DRESULT disk_write ( 84 | BYTE pdrv, /* Physical drive nmuber (0..) */ 85 | const BYTE *buff, /* Data to be written */ 86 | DWORD sector, /* Sector address (LBA) */ 87 | UINT count /* Number of sectors to write (1..128) */ 88 | ) 89 | { 90 | if (!status) 91 | { 92 | switch(pdrv){ 93 | case 0: 94 | if (sdmmc_sdcard_writesectors(sector,count,(u8*)buff)) 95 | return RES_PARERR; 96 | break; 97 | } 98 | return RES_OK; 99 | } 100 | return RES_NOTRDY; 101 | } 102 | #endif 103 | 104 | 105 | /*-----------------------------------------------------------------------*/ 106 | /* Miscellaneous Functions */ 107 | /*-----------------------------------------------------------------------*/ 108 | 109 | #if _USE_IOCTL 110 | DRESULT disk_ioctl ( 111 | BYTE pdrv, /* Physical drive nmuber (0..) */ 112 | BYTE cmd, /* Control code */ 113 | void *buff /* Buffer to send/receive control data */ 114 | ) 115 | { 116 | if (!status) 117 | return RES_OK; 118 | return RES_NOTRDY; 119 | } 120 | #endif 121 | -------------------------------------------------------------------------------- /payload_stage2/source/fatfs/diskio.h: -------------------------------------------------------------------------------- 1 | /*-----------------------------------------------------------------------/ 2 | / Low level disk interface modlue include file (C)ChaN, 2013 / 3 | /-----------------------------------------------------------------------*/ 4 | 5 | #ifndef _DISKIO_DEFINED 6 | #define _DISKIO_DEFINED 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | #define _USE_WRITE 1 /* 1: Enable disk_write function */ 13 | #define _USE_IOCTL 1 /* 1: Enable disk_ioctl fucntion */ 14 | 15 | #include "integer.h" 16 | 17 | 18 | /* Status of Disk Functions */ 19 | typedef BYTE DSTATUS; 20 | 21 | /* Results of Disk Functions */ 22 | typedef enum { 23 | RES_OK = 0, /* 0: Successful */ 24 | RES_ERROR, /* 1: R/W Error */ 25 | RES_WRPRT, /* 2: Write Protected */ 26 | RES_NOTRDY, /* 3: Not Ready */ 27 | RES_PARERR /* 4: Invalid Parameter */ 28 | } DRESULT; 29 | 30 | 31 | /*---------------------------------------*/ 32 | /* Prototypes for disk control functions */ 33 | 34 | 35 | DSTATUS disk_initialize (BYTE pdrv); 36 | DSTATUS disk_status (BYTE pdrv); 37 | DRESULT disk_read (BYTE pdrv, BYTE* buff, DWORD sector, UINT count); 38 | DRESULT disk_write (BYTE pdrv, const BYTE* buff, DWORD sector, UINT count); 39 | DRESULT disk_ioctl (BYTE pdrv, BYTE cmd, void* buff); 40 | 41 | 42 | /* Disk Status Bits (DSTATUS) */ 43 | 44 | #define STA_NOINIT 0x01 /* Drive not initialized */ 45 | #define STA_NODISK 0x02 /* No medium in the drive */ 46 | #define STA_PROTECT 0x04 /* Write protected */ 47 | 48 | 49 | /* Command code for disk_ioctrl fucntion */ 50 | 51 | /* Generic command (used by FatFs) */ 52 | #define CTRL_SYNC 0 /* Flush disk cache (for write functions) */ 53 | #define GET_SECTOR_COUNT 1 /* Get media size (for only f_mkfs()) */ 54 | #define GET_SECTOR_SIZE 2 /* Get sector size (for multiple sector size (_MAX_SS >= 1024)) */ 55 | #define GET_BLOCK_SIZE 3 /* Get erase block size (for only f_mkfs()) */ 56 | #define CTRL_ERASE_SECTOR 4 /* Force erased a block of sectors (for only _USE_ERASE) */ 57 | 58 | /* Generic command (not used by FatFs) */ 59 | #define CTRL_POWER 5 /* Get/Set power status */ 60 | #define CTRL_LOCK 6 /* Lock/Unlock media removal */ 61 | #define CTRL_EJECT 7 /* Eject media */ 62 | #define CTRL_FORMAT 8 /* Create physical format on the media */ 63 | 64 | /* MMC/SDC specific ioctl command */ 65 | #define MMC_GET_TYPE 10 /* Get card type */ 66 | #define MMC_GET_CSD 11 /* Get CSD */ 67 | #define MMC_GET_CID 12 /* Get CID */ 68 | #define MMC_GET_OCR 13 /* Get OCR */ 69 | #define MMC_GET_SDSTAT 14 /* Get SD status */ 70 | 71 | /* ATA/CF specific ioctl command */ 72 | #define ATA_GET_REV 20 /* Get F/W revision */ 73 | #define ATA_GET_MODEL 21 /* Get model name */ 74 | #define ATA_GET_SN 22 /* Get serial number */ 75 | 76 | #ifdef __cplusplus 77 | } 78 | #endif 79 | 80 | #endif 81 | -------------------------------------------------------------------------------- /payload_stage2/source/fatfs/integer.h: -------------------------------------------------------------------------------- 1 | /*-------------------------------------------*/ 2 | /* Integer type definitions for FatFs module */ 3 | /*-------------------------------------------*/ 4 | 5 | #ifndef _FF_INTEGER 6 | #define _FF_INTEGER 7 | 8 | #ifdef _WIN32 /* FatFs development platform */ 9 | 10 | #include 11 | #include 12 | 13 | #else /* Embedded platform */ 14 | 15 | /* This type MUST be 8 bit */ 16 | typedef unsigned char BYTE; 17 | 18 | /* These types MUST be 16 bit */ 19 | typedef short SHORT; 20 | typedef unsigned short WORD; 21 | typedef unsigned short WCHAR; 22 | 23 | /* These types MUST be 16 bit or 32 bit */ 24 | typedef int INT; 25 | typedef unsigned int UINT; 26 | 27 | /* These types MUST be 32 bit */ 28 | typedef long LONG; 29 | typedef unsigned long DWORD; 30 | 31 | #endif 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /payload_stage2/source/fatfs/option/syscall.c: -------------------------------------------------------------------------------- 1 | /*------------------------------------------------------------------------*/ 2 | /* Sample code of OS dependent controls for FatFs */ 3 | /* (C)ChaN, 2014 */ 4 | /*------------------------------------------------------------------------*/ 5 | 6 | 7 | #include "../ff.h" 8 | 9 | 10 | #if _FS_REENTRANT 11 | /*------------------------------------------------------------------------*/ 12 | /* Create a Synchronization Object 13 | /*------------------------------------------------------------------------*/ 14 | /* This function is called in f_mount() function to create a new 15 | / synchronization object, such as semaphore and mutex. When a 0 is returned, 16 | / the f_mount() function fails with FR_INT_ERR. 17 | */ 18 | 19 | int ff_cre_syncobj ( /* !=0:Function succeeded, ==0:Could not create due to any error */ 20 | BYTE vol, /* Corresponding logical drive being processed */ 21 | _SYNC_t *sobj /* Pointer to return the created sync object */ 22 | ) 23 | { 24 | int ret; 25 | 26 | 27 | *sobj = CreateMutex(NULL, FALSE, NULL); /* Win32 */ 28 | ret = (int)(*sobj != INVALID_HANDLE_VALUE); 29 | 30 | // *sobj = SyncObjects[vol]; /* uITRON (give a static created sync object) */ 31 | // ret = 1; /* The initial value of the semaphore must be 1. */ 32 | 33 | // *sobj = OSMutexCreate(0, &err); /* uC/OS-II */ 34 | // ret = (int)(err == OS_NO_ERR); 35 | 36 | // *sobj = xSemaphoreCreateMutex(); /* FreeRTOS */ 37 | // ret = (int)(*sobj != NULL); 38 | 39 | return ret; 40 | } 41 | 42 | 43 | 44 | /*------------------------------------------------------------------------*/ 45 | /* Delete a Synchronization Object */ 46 | /*------------------------------------------------------------------------*/ 47 | /* This function is called in f_mount() function to delete a synchronization 48 | / object that created with ff_cre_syncobj function. When a 0 is returned, 49 | / the f_mount() function fails with FR_INT_ERR. 50 | */ 51 | 52 | int ff_del_syncobj ( /* !=0:Function succeeded, ==0:Could not delete due to any error */ 53 | _SYNC_t sobj /* Sync object tied to the logical drive to be deleted */ 54 | ) 55 | { 56 | int ret; 57 | 58 | 59 | ret = CloseHandle(sobj); /* Win32 */ 60 | 61 | // ret = 1; /* uITRON (nothing to do) */ 62 | 63 | // OSMutexDel(sobj, OS_DEL_ALWAYS, &err); /* uC/OS-II */ 64 | // ret = (int)(err == OS_NO_ERR); 65 | 66 | // vSemaphoreDelete(sobj); /* FreeRTOS */ 67 | // ret = 1; 68 | 69 | return ret; 70 | } 71 | 72 | 73 | 74 | /*------------------------------------------------------------------------*/ 75 | /* Request Grant to Access the Volume */ 76 | /*------------------------------------------------------------------------*/ 77 | /* This function is called on entering file functions to lock the volume. 78 | / When a 0 is returned, the file function fails with FR_TIMEOUT. 79 | */ 80 | 81 | int ff_req_grant ( /* 1:Got a grant to access the volume, 0:Could not get a grant */ 82 | _SYNC_t sobj /* Sync object to wait */ 83 | ) 84 | { 85 | int ret; 86 | 87 | ret = (int)(WaitForSingleObject(sobj, _FS_TIMEOUT) == WAIT_OBJECT_0); /* Win32 */ 88 | 89 | // ret = (int)(wai_sem(sobj) == E_OK); /* uITRON */ 90 | 91 | // OSMutexPend(sobj, _FS_TIMEOUT, &err)); /* uC/OS-II */ 92 | // ret = (int)(err == OS_NO_ERR); 93 | 94 | // ret = (int)(xSemaphoreTake(sobj, _FS_TIMEOUT) == pdTRUE); /* FreeRTOS */ 95 | 96 | return ret; 97 | } 98 | 99 | 100 | 101 | /*------------------------------------------------------------------------*/ 102 | /* Release Grant to Access the Volume */ 103 | /*------------------------------------------------------------------------*/ 104 | /* This function is called on leaving file functions to unlock the volume. 105 | */ 106 | 107 | void ff_rel_grant ( 108 | _SYNC_t sobj /* Sync object to be signaled */ 109 | ) 110 | { 111 | ReleaseMutex(sobj); /* Win32 */ 112 | 113 | // sig_sem(sobj); /* uITRON */ 114 | 115 | // OSMutexPost(sobj); /* uC/OS-II */ 116 | 117 | // xSemaphoreGive(sobj); /* FreeRTOS */ 118 | } 119 | 120 | #endif 121 | 122 | 123 | 124 | 125 | #if _USE_LFN == 3 /* LFN with a working buffer on the heap */ 126 | /*------------------------------------------------------------------------*/ 127 | /* Allocate a memory block */ 128 | /*------------------------------------------------------------------------*/ 129 | /* If a NULL is returned, the file function fails with FR_NOT_ENOUGH_CORE. 130 | */ 131 | 132 | void* ff_memalloc ( /* Returns pointer to the allocated memory block */ 133 | UINT msize /* Number of bytes to allocate */ 134 | ) 135 | { 136 | return malloc(msize); /* Allocate a new memory block with POSIX API */ 137 | } 138 | 139 | 140 | /*------------------------------------------------------------------------*/ 141 | /* Free a memory block */ 142 | /*------------------------------------------------------------------------*/ 143 | 144 | void ff_memfree ( 145 | void* mblock /* Pointer to the memory block to free */ 146 | ) 147 | { 148 | free(mblock); /* Discard the memory block with POSIX API */ 149 | } 150 | 151 | #endif 152 | -------------------------------------------------------------------------------- /payload_stage2/source/fatfs/option/unicode.c: -------------------------------------------------------------------------------- 1 | #include "../ff.h" 2 | 3 | #if _USE_LFN != 0 4 | 5 | #if _CODE_PAGE == 932 /* Japanese Shift_JIS */ 6 | #include "cc932.c" 7 | #elif _CODE_PAGE == 936 /* Simplified Chinese GBK */ 8 | #include "cc936.c" 9 | #elif _CODE_PAGE == 949 /* Korean */ 10 | #include "cc949.c" 11 | #elif _CODE_PAGE == 950 /* Traditional Chinese Big5 */ 12 | #include "cc950.c" 13 | #else /* Small character-set */ 14 | #include "ccsbcs.c" 15 | #endif 16 | 17 | #endif 18 | -------------------------------------------------------------------------------- /payload_stage2/source/flush.h: -------------------------------------------------------------------------------- 1 | #ifndef FLUSH_H_ 2 | #define FLUSH_H_ 3 | 4 | void flush_all_caches(void); 5 | 6 | #endif//FLUSH_H_ 7 | 8 | -------------------------------------------------------------------------------- /payload_stage2/source/flush.s: -------------------------------------------------------------------------------- 1 | .arm 2 | .global flush_all_caches 3 | .type flush_all_caches STT_FUNC 4 | 5 | @void flush_all_caches(void) 6 | flush_all_caches: 7 | push {lr} 8 | @ Flush caches 9 | ldr r0, =0xFFFF0830 @ Nintendo's flush function in unprot. bootrom 10 | blx r0 11 | 12 | @ flush instruction cache, it's not flushed by Nintendo's function 13 | mov r0, #0 14 | mcr p15, 0, r0, c7, c5, 0 15 | 16 | pop {lr} 17 | bx lr 18 | 19 | -------------------------------------------------------------------------------- /payload_stage2/source/hid.c: -------------------------------------------------------------------------------- 1 | #include "hid.h" 2 | 3 | u32 waitHid() { 4 | u32 pad_state_old = HID_STATE; 5 | while (true) { 6 | u32 pad_state = HID_STATE; 7 | if (pad_state ^ pad_state_old) 8 | return ~pad_state; 9 | } 10 | } 11 | 12 | u32 getHid() 13 | { 14 | return ~HID_STATE; 15 | } 16 | -------------------------------------------------------------------------------- /payload_stage2/source/hid.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "common.h" 4 | 5 | #define HID_STATE (*(volatile u32*)0x10146000) 6 | 7 | #define BUTTON_A (1 << 0) 8 | #define BUTTON_B (1 << 1) 9 | #define BUTTON_SELECT (1 << 2) 10 | #define BUTTON_START (1 << 3) 11 | #define BUTTON_RIGHT (1 << 4) 12 | #define BUTTON_LEFT (1 << 5) 13 | #define BUTTON_UP (1 << 6) 14 | #define BUTTON_DOWN (1 << 7) 15 | #define BUTTON_R1 (1 << 8) 16 | #define BUTTON_L1 (1 << 9) 17 | #define BUTTON_X (1 << 10) 18 | #define BUTTON_Y (1 << 11) 19 | 20 | u32 waitHid(); 21 | u32 getHid(); 22 | -------------------------------------------------------------------------------- /payload_stage2/source/i2c.c: -------------------------------------------------------------------------------- 1 | #include "i2c.h" 2 | 3 | //----------------------------------------------------------------------------- 4 | 5 | static const struct { u8 bus_id, reg_addr; } dev_data[] = { 6 | {0, 0x4A}, {0, 0x7A}, {0, 0x78}, 7 | {1, 0x4A}, {1, 0x78}, {1, 0x2C}, 8 | {1, 0x2E}, {1, 0x40}, {1, 0x44}, 9 | {2, 0xD6}, {2, 0xD0}, {2, 0xD2}, 10 | {2, 0xA4}, {2, 0x9A}, {2, 0xA0}, 11 | }; 12 | 13 | const inline u8 i2cGetDeviceBusId(u8 device_id) { 14 | return dev_data[device_id].bus_id; 15 | } 16 | 17 | const inline u8 i2cGetDeviceRegAddr(u8 device_id) { 18 | return dev_data[device_id].reg_addr; 19 | } 20 | 21 | //----------------------------------------------------------------------------- 22 | 23 | static vu8* const reg_data_addrs[] = { 24 | (vu8*)(I2C1_REG_OFF + I2C_REG_DATA), 25 | (vu8*)(I2C2_REG_OFF + I2C_REG_DATA), 26 | (vu8*)(I2C3_REG_OFF + I2C_REG_DATA), 27 | }; 28 | 29 | inline vu8* const i2cGetDataReg(u8 bus_id) { 30 | return reg_data_addrs[bus_id]; 31 | } 32 | 33 | //----------------------------------------------------------------------------- 34 | 35 | static vu8* const reg_cnt_addrs[] = { 36 | (vu8*)(I2C1_REG_OFF + I2C_REG_CNT), 37 | (vu8*)(I2C2_REG_OFF + I2C_REG_CNT), 38 | (vu8*)(I2C3_REG_OFF + I2C_REG_CNT), 39 | }; 40 | 41 | inline vu8* const i2cGetCntReg(u8 bus_id) { 42 | return reg_cnt_addrs[bus_id]; 43 | } 44 | 45 | //----------------------------------------------------------------------------- 46 | 47 | inline void i2cWaitBusy(u8 bus_id) { 48 | while (*i2cGetCntReg(bus_id) & 0x80); 49 | } 50 | 51 | inline bool i2cGetResult(u8 bus_id) { 52 | i2cWaitBusy(bus_id); 53 | return (*i2cGetCntReg(bus_id) >> 4) & 1; 54 | } 55 | 56 | void i2cStop(u8 bus_id, u8 arg0) { 57 | *i2cGetCntReg(bus_id) = (arg0 << 5) | 0xC0; 58 | i2cWaitBusy(bus_id); 59 | *i2cGetCntReg(bus_id) = 0xC5; 60 | } 61 | 62 | //----------------------------------------------------------------------------- 63 | 64 | bool i2cSelectDevice(u8 bus_id, u8 dev_reg) { 65 | i2cWaitBusy(bus_id); 66 | *i2cGetDataReg(bus_id) = dev_reg; 67 | *i2cGetCntReg(bus_id) = 0xC2; 68 | return i2cGetResult(bus_id); 69 | } 70 | 71 | bool i2cSelectRegister(u8 bus_id, u8 reg) { 72 | i2cWaitBusy(bus_id); 73 | *i2cGetDataReg(bus_id) = reg; 74 | *i2cGetCntReg(bus_id) = 0xC0; 75 | return i2cGetResult(bus_id); 76 | } 77 | 78 | //----------------------------------------------------------------------------- 79 | 80 | u8 i2cReadRegister(u8 dev_id, u8 reg) { 81 | u8 bus_id = i2cGetDeviceBusId(dev_id); 82 | u8 dev_addr = i2cGetDeviceRegAddr(dev_id); 83 | 84 | for (size_t i = 0; i < 8; i++) { 85 | if (i2cSelectDevice(bus_id, dev_addr) && i2cSelectRegister(bus_id, reg)) { 86 | if (i2cSelectDevice(bus_id, dev_addr | 1)) { 87 | i2cWaitBusy(bus_id); 88 | i2cStop(bus_id, 1); 89 | i2cWaitBusy(bus_id); 90 | return *i2cGetDataReg(bus_id); 91 | } 92 | } 93 | *i2cGetCntReg(bus_id) = 0xC5; 94 | i2cWaitBusy(bus_id); 95 | } 96 | return 0xff; 97 | } 98 | 99 | bool i2cReadRegisterBuffer(unsigned int dev_id, int reg, u8* buffer, size_t buf_size) { 100 | u8 bus_id = i2cGetDeviceBusId(dev_id); 101 | u8 dev_addr = i2cGetDeviceRegAddr(dev_id); 102 | 103 | size_t j = 0; 104 | while (!i2cSelectDevice(bus_id, dev_addr) 105 | || !i2cSelectRegister(bus_id, reg) 106 | || !i2cSelectDevice(bus_id, dev_addr | 1)) 107 | { 108 | i2cWaitBusy(bus_id); 109 | *i2cGetCntReg(bus_id) = 0xC5; 110 | i2cWaitBusy(bus_id); 111 | if (++j >= 8) 112 | return false; 113 | } 114 | 115 | if (buf_size != 1) { 116 | for (int i = 0; i < buf_size - 1; i++) { 117 | i2cWaitBusy(bus_id); 118 | *i2cGetCntReg(bus_id) = 0xF0; 119 | i2cWaitBusy(bus_id); 120 | buffer[i] = *i2cGetDataReg(bus_id); 121 | } 122 | } 123 | 124 | i2cWaitBusy(bus_id); 125 | *i2cGetCntReg(bus_id) = 0xE1; 126 | i2cWaitBusy(bus_id); 127 | *buffer = *i2cGetDataReg(bus_id); 128 | return true; 129 | } 130 | 131 | bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data) { 132 | u8 bus_id = i2cGetDeviceBusId(dev_id); 133 | u8 dev_addr = i2cGetDeviceRegAddr(dev_id); 134 | 135 | for (int i = 0; i < 8; i++) { 136 | if (i2cSelectDevice(bus_id, dev_addr) && i2cSelectRegister(bus_id, reg)) { 137 | i2cWaitBusy(bus_id); 138 | *i2cGetDataReg(bus_id) = data; 139 | *i2cGetCntReg(bus_id) = 0xC1; 140 | i2cStop(bus_id, 0); 141 | if (i2cGetResult(bus_id)) 142 | return true; 143 | } 144 | *i2cGetCntReg(bus_id) = 0xC5; 145 | i2cWaitBusy(bus_id); 146 | } 147 | 148 | return false; 149 | } -------------------------------------------------------------------------------- /payload_stage2/source/i2c.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "common.h" 4 | 5 | #define I2C1_REG_OFF 0x10161000 6 | #define I2C2_REG_OFF 0x10144000 7 | #define I2C3_REG_OFF 0x10148000 8 | 9 | #define I2C_REG_DATA 0 10 | #define I2C_REG_CNT 1 11 | #define I2C_REG_CNTEX 2 12 | #define I2C_REG_SCL 4 13 | 14 | #define I2C_DEV_MCU 3 15 | #define I2C_DEV_GYRO 10 16 | #define I2C_DEV_IR 13 17 | 18 | const u8 i2cGetDeviceBusId(u8 device_id); 19 | const u8 i2cGetDeviceRegAddr(u8 device_id); 20 | 21 | vu8* const i2cGetDataReg(u8 bus_id); 22 | vu8* const i2cGetCntReg(u8 bus_id); 23 | 24 | void i2cWaitBusy(u8 bus_id); 25 | bool i2cGetResult(u8 bus_id); 26 | u8 i2cGetData(u8 bus_id); 27 | void i2cStop(u8 bus_id, u8 arg0); 28 | 29 | bool i2cSelectDevice(u8 bus_id, u8 dev_reg); 30 | bool i2cSelectRegister(u8 bus_id, u8 reg); 31 | 32 | u8 i2cReadRegister(u8 dev_id, u8 reg); 33 | bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data); 34 | 35 | bool i2cReadRegisterBuffer(unsigned int dev_id, int reg, u8* buffer, size_t buf_size); -------------------------------------------------------------------------------- /payload_stage2/source/main.c: -------------------------------------------------------------------------------- 1 | #include "common.h" 2 | #include "i2c.h" 3 | #include "fatfs/ff.h" 4 | #include "screen.h" 5 | #include "hid.h" 6 | #include "flush.h" 7 | 8 | #define PAYLOAD_ADDRESS 0x23F00000 9 | #define A11_PAYLOAD_LOC 0x1FFF4C80 //keep in mind this needs to be changed in the ld script for screen_init too 10 | #define A11_ENTRY 0x1FFFFFF8 11 | 12 | extern u8 screen_init_bin[]; 13 | extern u32 screen_init_bin_size; 14 | 15 | static inline void* copy_memory(void *dst, void *src, size_t amount) 16 | { 17 | void *result = dst; 18 | while (amount--) 19 | { 20 | *((char*)(dst++)) = *((char*)(src++)); 21 | } 22 | return result; 23 | } 24 | 25 | static void ownArm11() 26 | { 27 | copy_memory((void*)A11_PAYLOAD_LOC, screen_init_bin, screen_init_bin_size); 28 | *(vu32 *)A11_ENTRY = 1; 29 | *((u32*)0x1FFAED80) = 0xE51FF004; 30 | *((u32*)0x1FFAED84) = A11_PAYLOAD_LOC; 31 | *((u8*)0x1FFFFFF0) = 2; 32 | 33 | //AXIWRAM isn't cached, so this should just work 34 | while(*(volatile uint32_t *)A11_ENTRY); 35 | } 36 | 37 | int main() 38 | { 39 | FATFS fs; 40 | FIL payload; 41 | 42 | f_mount(&fs, "0:", 0); //This never fails due to deferred mounting 43 | if(f_open(&payload, "arm9loaderhax.bin", FA_READ | FA_OPEN_EXISTING) == FR_OK) 44 | { 45 | setFramebuffers(); 46 | ownArm11(); 47 | clearScreens(); 48 | turnOnBacklight(); 49 | 50 | unsigned int br; 51 | f_read(&payload, (void*)PAYLOAD_ADDRESS, f_size(&payload), &br); 52 | flush_all_caches(); 53 | ((void (*)(void))PAYLOAD_ADDRESS)(); 54 | } 55 | 56 | i2cWriteRegister(I2C_DEV_MCU, 0x20, (u8)(1<<0)); 57 | return 0; 58 | } 59 | 60 | -------------------------------------------------------------------------------- /payload_stage2/source/screen.c: -------------------------------------------------------------------------------- 1 | #include "screen.h" 2 | #include "i2c.h" 3 | 4 | #define TOP_SCREEN_SIZE (400 * 240 * 3 / 4) 5 | #define BOT_SCREEN_SIZE (320 * 240 * 3 / 4) 6 | 7 | void setFramebuffers(void) 8 | { 9 | //Gateway 10 | *(vu32*)0x80FFFC0 = 0x18300000; // framebuffer 1 top left 11 | *(vu32*)0x80FFFC4 = 0x18300000; // framebuffer 2 top left 12 | *(vu32*)0x80FFFC8 = 0x18300000; // framebuffer 1 top right 13 | *(vu32*)0x80FFFCC = 0x18300000; // framebuffer 2 top right 14 | *(vu32*)0x80FFFD0 = 0x18346500; // framebuffer 1 bottom 15 | *(vu32*)0x80FFFD4 = 0x18346500; // framebuffer 2 bottom 16 | *(vu32*)0x80FFFD8 = 1; // framebuffer select top 17 | *(vu32*)0x80FFFDC = 1; // framebuffer select bottom 18 | 19 | //CakeBrah 20 | *(vu32*)0x23FFFE00 = 0x18300000; 21 | *(vu32*)0x23FFFE04 = 0x18300000; 22 | *(vu32*)0x23FFFE08 = 0x18346500; 23 | } 24 | 25 | void clearScreens(void) 26 | { 27 | for(u32 i = 0; i < (TOP_SCREEN_SIZE); i++) 28 | { 29 | *((vu32*)0x18300000 + i) = 0; 30 | } 31 | 32 | for(u32 i = 0; i < (BOT_SCREEN_SIZE); i++) 33 | { 34 | *((vu32*)0x18346500 + i) = 0; 35 | } 36 | } 37 | 38 | void turnOnBacklight(void) 39 | { 40 | i2cWriteRegister(3, 0x22, 0x2A); // 0x2A -> boot into firm with no backlight 41 | } 42 | -------------------------------------------------------------------------------- /payload_stage2/source/screen.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | void setFramebuffers(void); 4 | void clearScreens(void); 5 | void turnOnBacklight(void); 6 | 7 | -------------------------------------------------------------------------------- /screen_init/Makefile: -------------------------------------------------------------------------------- 1 | export PATH := $(DEVKITARM)/bin:$(PATH) 2 | 3 | CC=arm-none-eabi-gcc 4 | CP=arm-none-eabi-g++ 5 | OC=arm-none-eabi-objcopy 6 | LD=arm-none-eabi-ld 7 | MV=mv -f 8 | RM=rm -rf 9 | 10 | LIBNAME=screen_init 11 | ELFNAME=$(LIBNAME).elf 12 | BINNAME=$(LIBNAME).bin 13 | DATNAME=$(LIBNAME).dat 14 | 15 | SRC_DIR:=source/$(LIBNAME) 16 | OBJ_DIR:=obj/$(LIBNAME) 17 | LIB_DIR:=lib 18 | DEP_DIR:=obj/$(LIBNAME) 19 | 20 | LIBS= 21 | CFLAGS=-std=gnu99 -Os -g -mword-relocations -fomit-frame-pointer -ffast-math 22 | C9FLAGS=-mcpu=arm946e-s -march=armv5te -mlittle-endian 23 | C11FLAGS=-mcpu=mpcore -mlittle-endian 24 | LDFLAGS=$(LIBS) 25 | OCFLAGS=--set-section-flags .bss=alloc,load,contents 26 | 27 | OBJS:=$(patsubst $(SRC_DIR)/%.c, $(OBJ_DIR)/%.o, $(wildcard $(SRC_DIR)/*.c)) 28 | OBJS+=$(patsubst $(SRC_DIR)/%.s, $(OBJ_DIR)/%.o, $(wildcard $(SRC_DIR)/*.s)) 29 | OBJS+=$(patsubst $(SRC_DIR)/%.S, $(OBJ_DIR)/%.o, $(wildcard $(SRC_DIR)/*.S)) 30 | 31 | OUT_DIR= obj/$(LIBNAME) 32 | 33 | .PHONY: clean 34 | 35 | all: screen_init.bin 36 | 37 | screen_init.bin: $(OBJS) 38 | $(CC) -nostartfiles --specs=$(LIBNAME).specs $(OBJS) $(LDFLAGS) -o $(ELFNAME) 39 | $(OC) $(OCFLAGS) -O binary $(ELFNAME) $(BINNAME) 40 | 41 | obj/%.o: source/%.c | dirs 42 | @echo Compiling $< 43 | $(CC) -c $(CFLAGS) $(C11FLAGS) $< -o $@ 44 | 45 | obj/%.o: source/%.s | dirs 46 | @echo Compiling $< 47 | $(CC) -c $(CFLAGS) $(C11FLAGS) $< -o $@ 48 | 49 | obj/%.o: source/%.S | dirs 50 | @echo Compiling $< 51 | $(CC) -c $(CFLAGS) $(C11FLAGS) $< -o $@ 52 | 53 | dirs: ${OUT_DIR} 54 | 55 | ${OUT_DIR}: 56 | mkdir -p ${OUT_DIR} 57 | 58 | clean: 59 | rm -rf *.elf *.bin obj/* 60 | -------------------------------------------------------------------------------- /screen_init/screen_init.ld: -------------------------------------------------------------------------------- 1 | OUTPUT_ARCH(arm) 2 | ENTRY(a11Entry) 3 | SECTIONS 4 | { 5 | . = 0x1FFF4C80; 6 | .text : { 7 | *(.text.start) 8 | *(.text) 9 | } 10 | .data : { 11 | *(.data) 12 | } 13 | .bss : { 14 | *(.bss COMMON) 15 | } 16 | .rodata : { 17 | *(.rodata) 18 | } 19 | . = ALIGN(4); 20 | _stack = . + 0x100; 21 | } 22 | -------------------------------------------------------------------------------- /screen_init/screen_init.specs: -------------------------------------------------------------------------------- 1 | %rename link old_link 2 | 3 | *link: 4 | %(old_link) -T screen_init.ld%s 5 | -------------------------------------------------------------------------------- /screen_init/source/screen_init/screen_init.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define BRIGHTNESS 0x39 4 | #define FB_TOP_LEFT 0x18300000 5 | #define FB_TOP_RIGHT 0x18300000 6 | #define FB_BOTTOM 0x18346500 7 | 8 | static inline void regSet(); 9 | 10 | void __attribute__ ((naked)) a11Entry() 11 | { 12 | __asm__ ( 13 | "CPSID aif\n\t" //Disable interrupts 14 | "ldr r0,=_stack\n\t" 15 | "mov sp, r0" 16 | ); 17 | 18 | regSet(); 19 | } 20 | 21 | static inline void regSet() 22 | { 23 | volatile uint32_t *entry = (uint32_t *)0x1FFFFFF8; 24 | 25 | *(volatile uint32_t*)0x10141200 = 0x1007F; 26 | *(volatile uint32_t*)0x10202014 = 0x00000001; 27 | *(volatile uint32_t*)0x1020200C &= 0xFFFEFFFE; 28 | 29 | *(volatile uint32_t*)0x10202240 = BRIGHTNESS; 30 | *(volatile uint32_t*)0x10202A40 = BRIGHTNESS; 31 | *(volatile uint32_t*)0x10202244 = 0x1023E; 32 | *(volatile uint32_t*)0x10202A44 = 0x1023E; 33 | 34 | // Top screen 35 | *(volatile uint32_t*)0x10400400 = 0x000001c2; 36 | *(volatile uint32_t*)0x10400404 = 0x000000d1; 37 | *(volatile uint32_t*)0x10400408 = 0x000001c1; 38 | *(volatile uint32_t*)0x1040040c = 0x000001c1; 39 | *(volatile uint32_t*)0x10400410 = 0x00000000; 40 | *(volatile uint32_t*)0x10400414 = 0x000000cf; 41 | *(volatile uint32_t*)0x10400418 = 0x000000d1; 42 | *(volatile uint32_t*)0x1040041c = 0x01c501c1; 43 | *(volatile uint32_t*)0x10400420 = 0x00010000; 44 | *(volatile uint32_t*)0x10400424 = 0x0000019d; 45 | *(volatile uint32_t*)0x10400428 = 0x00000002; 46 | *(volatile uint32_t*)0x1040042c = 0x00000192; 47 | *(volatile uint32_t*)0x10400430 = 0x00000192; 48 | *(volatile uint32_t*)0x10400434 = 0x00000192; 49 | *(volatile uint32_t*)0x10400438 = 0x00000001; 50 | *(volatile uint32_t*)0x1040043c = 0x00000002; 51 | *(volatile uint32_t*)0x10400440 = 0x01960192; 52 | *(volatile uint32_t*)0x10400444 = 0x00000000; 53 | *(volatile uint32_t*)0x10400448 = 0x00000000; 54 | *(volatile uint32_t*)0x1040045C = 0x00f00190; 55 | *(volatile uint32_t*)0x10400460 = 0x01c100d1; 56 | *(volatile uint32_t*)0x10400464 = 0x01920002; 57 | *(volatile uint32_t*)0x10400468 = 0x18300000; 58 | *(volatile uint32_t*)0x10400470 = 0x80341; 59 | *(volatile uint32_t*)0x10400474 = 0x00010501; 60 | *(volatile uint32_t*)0x10400478 = 0; 61 | *(volatile uint32_t*)0x10400490 = 0x000002D0; 62 | *(volatile uint32_t*)0x1040049C = 0x00000000; 63 | 64 | // Disco register 65 | for(volatile uint32_t i = 0; i < 256; i++) 66 | *(volatile uint32_t*)0x10400484 = 0x10101 * i; 67 | 68 | // Bottom screen 69 | *(volatile uint32_t*)0x10400500 = 0x000001c2; 70 | *(volatile uint32_t*)0x10400504 = 0x000000d1; 71 | *(volatile uint32_t*)0x10400508 = 0x000001c1; 72 | *(volatile uint32_t*)0x1040050c = 0x000001c1; 73 | *(volatile uint32_t*)0x10400510 = 0x000000cd; 74 | *(volatile uint32_t*)0x10400514 = 0x000000cf; 75 | *(volatile uint32_t*)0x10400518 = 0x000000d1; 76 | *(volatile uint32_t*)0x1040051c = 0x01c501c1; 77 | *(volatile uint32_t*)0x10400520 = 0x00010000; 78 | *(volatile uint32_t*)0x10400524 = 0x0000019d; 79 | *(volatile uint32_t*)0x10400528 = 0x00000052; 80 | *(volatile uint32_t*)0x1040052c = 0x00000192; 81 | *(volatile uint32_t*)0x10400530 = 0x00000192; 82 | *(volatile uint32_t*)0x10400534 = 0x0000004f; 83 | *(volatile uint32_t*)0x10400538 = 0x00000050; 84 | *(volatile uint32_t*)0x1040053c = 0x00000052; 85 | *(volatile uint32_t*)0x10400540 = 0x01980194; 86 | *(volatile uint32_t*)0x10400544 = 0x00000000; 87 | *(volatile uint32_t*)0x10400548 = 0x00000011; 88 | *(volatile uint32_t*)0x1040055C = 0x00f00140; 89 | *(volatile uint32_t*)0x10400560 = 0x01c100d1; 90 | *(volatile uint32_t*)0x10400564 = 0x01920052; 91 | *(volatile uint32_t*)0x10400568 = 0x18300000 + 0x46500; 92 | *(volatile uint32_t*)0x10400570 = 0x80301; 93 | *(volatile uint32_t*)0x10400574 = 0x00010501; 94 | *(volatile uint32_t*)0x10400578 = 0; 95 | *(volatile uint32_t*)0x10400590 = 0x000002D0; 96 | *(volatile uint32_t*)0x1040059C = 0x00000000; 97 | 98 | // Disco register 99 | for(volatile uint32_t i = 0; i < 256; i++) 100 | *(volatile uint32_t*)0x10400584 = 0x10101 * i; 101 | 102 | *(volatile uint32_t*)0x10400468 = FB_TOP_LEFT; 103 | *(volatile uint32_t*)0x1040046c = FB_TOP_LEFT; 104 | *(volatile uint32_t*)0x10400494 = FB_TOP_RIGHT; 105 | *(volatile uint32_t*)0x10400498 = FB_TOP_RIGHT; 106 | *(volatile uint32_t*)0x10400568 = FB_BOTTOM; 107 | *(volatile uint32_t*)0x1040056c = FB_BOTTOM; 108 | 109 | // Reset the entry 110 | *entry = 0; 111 | 112 | // Wait for entry to be set 113 | while(!*entry); 114 | 115 | // Jump 116 | ((void (*)())*entry)(); 117 | } 118 | 119 | --------------------------------------------------------------------------------