Hacking [IDEA] Launch a minimal CFW (like SaltFW) if no arm9loaderhax binary is found on SD

Pokéidiot

Well-Known Member
OP
Member
Joined
Dec 6, 2015
Messages
244
Trophies
0
Location
\n?
XP
199
Country
Brazil
Was looking at arm9loaderhax source code, and on the stage2 payload I found the code of which loads the arm9loaderhax.bin file into memory, and then jumps into it. Thing is, load a hardcoded binary if the SD is not present or arm9loaderhax.bin is not found. I have a code for this, but I don't want to risk my console testing it.

Code:
/* delebile's version of a9lh */
/* main.c of stage2 payload */
/* only the part that loads a9lh.bin*/


#include "HardcodedBinary.h"

// ...
void loadHarcodedBinary() // call if SD mount failed or a9lh.bin not found
{
    ownArm11();
    clearScreen();
    screenInit();
    // HC_PAYLOAD_ADDRESS
    // HC_PAYLOAD
    // HC_PAYLOAD_SIZE
    // defined on HardcodedBinary.h
    memcpy(HC_PAYLOAD_ADDRESS, HC_PAYLOAD, HC_PAYLOAD_SIZE)
    ((void (*)())HC_PAYLOAD_ADDRESS)();
}
int main()
{
    // ...
    FATFS fs;
    FIL payload;
    unsigned int br;
  
    f_mount(&fs, "0:", 0);
    if (FS == NULL)
    {
        loadHardcodedBinary();
    }      
    if(f_open(&payload, "arm9loaderhax.bin", FA_READ | FA_OPEN_EXISTING) == FR_OK)
    {
        ownArm11();
        clearScreen();
        screenInit();

        f_read(&payload, (void*)PAYLOAD_ADDRESS, PAYLOAD_SIZE, &br);
        ((void (*)())PAYLOAD_ADDRESS)();
    }
    else
    {
        loadHardcodedBinary();
    }
    // ...
}
 
Last edited by Pokéidiot,
  • Like
Reactions: Davidosky99

daxtsu

Well-Known Member
Member
Joined
Jun 9, 2007
Messages
5,627
Trophies
2
XP
5,191
Country
Antarctica
Ideally this could be expanded to load arm9loaderhax.bin from CTRNAND, or maybe even one of the TWL partitions, but I've not had any luck getting NAND partitions to mount from stage 2, with no idea why (it works a few milliseconds later when CFWs like Salt run, but why not as a stage 2? I just don't get it). Another possibility is to put the CFW payload as a stage 3, reading a few sectors from raw NAND, but eh, being able to use GodMode9 to change it out at will would be really handy.
 

Pokéidiot

Well-Known Member
OP
Member
Joined
Dec 6, 2015
Messages
244
Trophies
0
Location
\n?
XP
199
Country
Brazil
I'm just picking the code and checking what I can change to make it better. Have no idea of how I can mount CTRNAND, so there's nothing much I can do instead of hardcoding a binary. I will compile this, and send to anyone that wants to test it when I have time to do it.
 

daxtsu

Well-Known Member
Member
Joined
Jun 9, 2007
Messages
5,627
Trophies
2
XP
5,191
Country
Antarctica
I'm just picking the code and checking what I can change to make it better. Have no idea of how I can mount CTRNAND, so there's nothing much I can do instead of hardcoding a binary. I will compile this, and send to anyone that wants to test it when I have time to do it.

It would be a matter of just borrowing or adapting NAND mounting and reading code from Luma, since it has it all there, but it won't work as it is, for unknown (to me) reasons. I don't think anyone's figured out why yet, though, or if they have, it's still certainly a mystery to me.
 

Zan'

2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F
Member
Joined
Oct 8, 2015
Messages
387
Trophies
0
Age
32
XP
271
Country
Okay this might be stupid or impossible.
But would it be possible to store the A9LH CFW Data on the NAND chip and read from there instead of the SD?
After all it's just like an internal hard drive.
This would basically eliminate the need for an sd to boot the cfw since it gets loaded from the always existing nand chip and not from the sd.
(The Nand Chip has more space than it needs anyway.)
 

daxtsu

Well-Known Member
Member
Joined
Jun 9, 2007
Messages
5,627
Trophies
2
XP
5,191
Country
Antarctica
Okay this might be stupid or impossible.
But would it be possible to store the A9LH CFW Data on the NAND chip and read from there instead of the SD?
After all it's just like an internal hard drive.
This would basically eliminate the need for an sd to boot the cfw since it gets loaded from the always existing nand chip and not from the sd.
(The Nand Chip has more space than it needs anyway.)

That's what I was suggesting a post or so above, but as I said, it's currently not possible for some reason. CTRNAND fails to mount while running stage2, but not a9lh.bin. It's weird.
 

Pokéidiot

Well-Known Member
OP
Member
Joined
Dec 6, 2015
Messages
244
Trophies
0
Location
\n?
XP
199
Country
Brazil
Hmm. Loading a binary from CTRNAND would be VERY nice, and FBI 2.x.x can access CTRNAND files. Let's see:
Load things from CTRNAND and write a homebrew that update them. Like CFW and recovery tools (decrypt9, emunand9, hourglass9, etc).
 
  • Like
Reactions: daxtsu

Zan'

2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F
Member
Joined
Oct 8, 2015
Messages
387
Trophies
0
Age
32
XP
271
Country
That's what I was suggesting a post or so above, but as I said, it's currently not possible for some reason. CTRNAND fails to mount while running stage2, but not a9lh.bin. It's weird.
Sorry, I didn't read that. But if it errors it might be due to the filesystem? (At least that's what came to my mind after thinking about it)
I am not to experienced with working on CFW, so I am not sure how it reads and what can be done exacty. But I guess I'll try to get into it and try to be helpful.

--------------------- MERGED ---------------------------

Okay, I just built my stage2 code. Who wants it, PM me
What does your stage2 code do differently?
 

daxtsu

Well-Known Member
Member
Joined
Jun 9, 2007
Messages
5,627
Trophies
2
XP
5,191
Country
Antarctica
Sorry, I didn't read that. But if it errors it might be due to the filesystem? (At least that's what came to my mind after thinking about it)
I am not to experienced with working on CFW, so I am not sure how it reads and what can be done exacty. But I guess I'll try to get into it and try to be helpful.

The best guess I can come up with is that the NAND chip is "busy" or not ready just after stage 2 begins running, so maybe inserting a delay before trying to mount it is required.
 
  • Like
Reactions: Zan'

phalk

Handheld Maniac
Member
Joined
Apr 23, 2009
Messages
588
Trophies
1
Age
36
XP
2,074
Country
Brazil
The problem with a hardcoded binary is that everytime you might need to change the payload (update reasons) you would have to reinstall A9LH, am I wrong?
 

Pokéidiot

Well-Known Member
OP
Member
Joined
Dec 6, 2015
Messages
244
Trophies
0
Location
\n?
XP
199
Country
Brazil
Code:
void prep()
{
    ownArm11();
    clearScreen();
    screenInit();
}
void jump2Bin()
{
    // Jumps to loaded binary
    ((void (*)())PAYLOAD_ADDRESS)();
}
// Loads a binary
void loadBin()
{
    // setups
    FIL payload;
    unsigned int br;
    // try to open the file
    if (f_open(&payload, "arm9loaderhax.bin", FA_READ | FA_OPEN_EXISTING) == FR_OK)
    {
        prep();    // preparations (arm11 own and screen init)       
        f_read(&payload, (void*)PAYLOAD_ADDRESS, PAYLOAD_SIZE, &br); // load into RAM
        jump2Bin(); // jump
    }
    else // if failed
    {
        prep(); // preparations
        memcpy(saltfw_bin, (void*)PAYLOAD_ADDRESS, saltfw_bin_size); // copy SaltFW into payload address
        jump2Bin(); // ...and then, jump
    }
}
int main()
{
    //gateway
    *(volatile uint32_t*)0x80FFFC0 = 0x18300000;    // framebuffer 1 top left
    *(volatile uint32_t*)0x80FFFC4 = 0x18300000;    // framebuffer 2 top left
    *(volatile uint32_t*)0x80FFFC8 = 0x18300000;    // framebuffer 1 top right
    *(volatile uint32_t*)0x80FFFCC = 0x18300000;    // framebuffer 2 top right
    *(volatile uint32_t*)0x80FFFD0 = 0x18346500;    // framebuffer 1 bottom
    *(volatile uint32_t*)0x80FFFD4 = 0x18346500;    // framebuffer 2 bottom
    *(volatile uint32_t*)0x80FFFD8 = 1;    // framebuffer select top
    *(volatile uint32_t*)0x80FFFDC = 1;    // framebuffer select bottom

    //cakehax
    *(u32*)0x23FFFE00 = 0x18300000;
    *(u32*)0x23FFFE04 = 0x18300000;
    *(u32*)0x23FFFE08 = 0x18346500;

    FATFS fs;
   
    f_mount(&fs, "0:", 0); //This never fails due to deferred mounting
    loadBin();
   
    i2cWriteRegister(I2C_DEV_MCU, 0x20, (u8)(1<<0));
    return 0;
}
That's whats different.

--------------------- MERGED ---------------------------

The problem with a hardcoded binary is that everytime you might need to change the payload (update reasons) you would have to reinstall A9LH, am I wrong?

So true :rofl2::rofl2:
 
  • Like
Reactions: Zan'

dubbz82

Well-Known Member
Member
Joined
Feb 2, 2014
Messages
1,572
Trophies
0
Age
41
XP
1,215
Country
United States
Interesting idea. Maybe this could fix people's irrational fear of not being able to run their system without an SD card (even though it still won't be very usable because of lack of storage...)
 
  • Like
Reactions: daxtsu

Pokéidiot

Well-Known Member
OP
Member
Joined
Dec 6, 2015
Messages
244
Trophies
0
Location
\n?
XP
199
Country
Brazil
Interesting idea. Maybe this could fix people's irrational fear of not being able to run their system without an SD card (even though it still won't be very usable because of lack of storage...)
Probably for people that has a lot of cartidges or a Sky3DS (I bet that it can load homebrew compiled in 3ds format when in CFW [sig patches enabled])
 

daxtsu

Well-Known Member
Member
Joined
Jun 9, 2007
Messages
5,627
Trophies
2
XP
5,191
Country
Antarctica
Shadowhand is working on an on NAND CFW called ShadowNAND

His method, if I'm not mistaken, aims to more or less be a variant of this, except stage 2 is the CFW. If we can figure out how to mount the NAND properly during stage 2, it'd be a lot safer to instead pull in the CFW from there like how Luma loads FIRM from NAND as well, since you can always use Godmode9 or FBI to change your CFW out or update it. If your CFW is in stage 2 like ShadowNAND or this, you have to reinstall A9LH every time there's any sort of an update, and that goes without saying that there's some risk involved. I know Salt and other minimal CFWs aren't updated much, but there's always a chance they might need future updates if Nintendo throws us a curve-ball, so making the CFW itself easily updateable should be a primary goal if this idea is to work out, if you ask me.
 

4gionz

Well-Known Member
Member
Joined
Aug 16, 2014
Messages
793
Trophies
0
Age
33
XP
488
Country
Canada
His method, if I'm not mistaken, aims to more or less be a variant of this, except stage 2 is the CFW. If we can figure out how to mount the NAND properly during stage 2, it'd be a lot safer to instead pull in the CFW from there like how Luma loads FIRM from NAND as well, since you can always use Godmode9 or FBI to change your CFW out or update it. If your CFW is in stage 2 like ShadowNAND or this, you have to reinstall A9LH every time there's any sort of an update, and that goes without saying that there's some risk involved. I know Salt and other minimal CFWs aren't updated much, but there's always a chance they might need future updates if Nintendo throws us a curve-ball, so making the CFW itself easily updateable should be a primary goal if this idea is to work out, if you ask me.
Well with something like star updater modified to update the payload in NAND instead of sd, "obviously making it sound easier than it is". It would be even simpler than using FBI or godmode9 to update. Simply run press A and your on the latest version
 
  • Like
Reactions: daxtsu

daxtsu

Well-Known Member
Member
Joined
Jun 9, 2007
Messages
5,627
Trophies
2
XP
5,191
Country
Antarctica
Well with something like star updater modified to update the payload in NAND instead of sd, "obviously making it sound easier than it is". It would be even simpler than using FBI or godmode9 to update. Simply run press A and your on the latest version

GM9 would be more for if you can't boot FIRM for some reason, but yeah, no reason simpler updaters couldn't be written.
 

Urbanshadow

Well-Known Member
Member
Joined
Oct 16, 2015
Messages
1,578
Trophies
0
Age
32
XP
1,712
Country
His method, if I'm not mistaken, aims to more or less be a variant of this, except stage 2 is the CFW. If we can figure out how to mount the NAND properly during stage 2, it'd be a lot safer to instead pull in the CFW from there like how Luma loads FIRM from NAND as well, since you can always use Godmode9 or FBI to change your CFW out or update it. If your CFW is in stage 2 like ShadowNAND or this, you have to reinstall A9LH every time there's any sort of an update, and that goes without saying that there's some risk involved. I know Salt and other minimal CFWs aren't updated much, but there's always a chance they might need future updates if Nintendo throws us a curve-ball, so making the CFW itself easily updateable should be a primary goal if this idea is to work out, if you ask me.

I don't know if I should be saying this, but there's more than that. Without SD it would be able not just to boot sysnand in a SaltFW way (as slim as a firmlaunch can be) but also to provide a "secure mode" of sorts, able to do very basic maintenance tasks like backup/restore the nand and update the cfw. All of this into stage2.

In this way, your primary goal is supported :)
 
  • Like
Reactions: daxtsu

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    A @ anotherthing: The Nintendo servers are going down in 9 days anyway.