Hacking RPC Syscall Command

BullyWiiPlaza · Mar 21, 2017

I tried to make a command to execute Cafe OS syscalls on demand via the following C code:

Code:

void performSystemCall(int value) {
    asm(
    "li 0, %0\n"
            "sc\n"
            "blr\n"
    : // No output
    :"r"(value) // Input
    :"0" // Overwritten register
    );
}

Code:

case COMMAND_SYS_CALL: {
    ret = recvwait(bss, clientfd, buffer, 4);
    ASSERT_FUNCTION_SUCCEEDED(ret, "recvwait (syscall)")

    int value = ((int *) buffer)[0];
    performSystemCall(value);

    break;
}

However, when it is called using e.g. value 0x6700 (which is request fast exit) the console crashes with an Exception DSI:

Code:

public void executeSystemCall(SystemCall systemCall) throws IOException
{
    try (CloseableReentrantLock ignored = reentrantLock.acquire())
    {
        sendCommand(Command.SYSTEM_CALL);
        int value = systemCall.getValue();
        dataSender.writeInt(value);
        dataSender.flush();
    }
}

According to CosmoCortney this should open the home menu.

Any ideas? My inline assembly might be wrong. I followed the documentation from here.

Thanks!

@QuarkTheAwesome
@FIX94
@dimok
@NWPlayer123
@Maschell
@gudenaurock

BullyWiiPlaza · Mar 29, 2017

This is no longer that important because it can be circumvented by this but I'm still curious why the inline assembly crashes here while clearly the assembly code itself is fine and doesn't crash.

Hacking RPC Syscall Command

Nintendo Hacking <3

Nintendo Hacking <3

Similar threads

Popular threads in this forum