Hacking Add menu to yifanlu 3ds injector?

ely42

Member
OP
Newcomer
Joined
May 28, 2016
Messages
19
Trophies
0
XP
71
Country
France
Hello guys!

I'm currently trying (i'm newbie to programming...) to add a menu feature to yifanlu (the Reisyukaku fork)
modified sysmodule "loader". I want to add a menu that show up when launching the notifications applet (or anything else) while pressing a given key. But here is my problem, while compiling the loader module with the ctrulib hid functions loader become bigger than it would be to be injected. And I don't succeed to write to frammebuffer...

So I want to know three things:
- firstly is there a way to read the hid register (I tried with pointers but didn't work...) without using the hid shared memory with libctru's functions ?

- secondly, if I have to use all the code provided by ctrulib, is there a way to load some code from sdmmc and then execute it? This way, loader could be of the right size and my menu code could be as big as a normal homebrew.

- thirdly, why can't I write to framebuffer? I think it's the right address...

Thank you in advance guys ! :)

PS: English is not my first language, sorry if there is mistakes.

The code that I added in the patch_code() function (except the "#define" parts, that is where it had to be):
Code:
#define BUTTON_A      (1 << 0)
#define BUTTON_L     (1 << 9)
#define BUTTON_B      (1 << 1)
#define HID (~*(u32 *)0x10146000)


//want to run that code only if A and L are pressed
//u8 key = (HID & 0xFFF) == ((BUTTON_A | BUTTON_L) & 0xFFF) ? 1 : 0;
if((progid == 0x000400300000A002) /*&& key == 1*/) { //EUR notifications applet
    int cnt;
    u8 *framebuffer = ((u32 *)0x18000000 + 0x48F000); //vram addr for bottom framebuffer
    while(1) {
        //want to break and launch title when B is pressed
        //key = (HID & 0xFFF) == ((BUTTON_A | BUTTON_L) & 0xFFF) ? 1 : 0;
        for(cnt = 0; cnt < 0x38400; cnt++) {
            framebuffer[cnt] = 0xFF;
        }
    }
}
 

ely42

Member
OP
Newcomer
Joined
May 28, 2016
Messages
19
Trophies
0
XP
71
Country
France
Sorry man, like I said, I'm newbie :(
Basically if the launched program is the notifications applet then it write black pixels to the bottom framebuffer. But that don't work, so it only show the normals two white screens forever...
 

yifan_lu

@yifanlu
Member
Joined
Apr 28, 2007
Messages
663
Trophies
0
XP
1,671
Country
United States
I don't think you can use most of ctrulib in injector. I don't think you can get framebuffer access either. What you need to do is reverse home menu, find out where the right places to patch are, and then write the patch in assembly and inject it.
 

ely42

Member
OP
Newcomer
Joined
May 28, 2016
Messages
19
Trophies
0
XP
71
Country
France
Outch, I'm not cell9 :/ But I will try it, I want to do computer studies afterall... :)
Thank you yifanlu :)
 
D

Deleted User

Guest
Wat-3d-Gif-12.png
 

Swiftloke

Hwaaaa!
Member
Joined
Jan 26, 2015
Messages
1,770
Trophies
1
Location
Nowhere
XP
1,467
Country
United States
Sorry man, like I said, I'm newbie :(
Basically if the launched program is the notifications applet then it write black pixels to the bottom framebuffer. But that don't work, so it only show the normals two white screens forever...
Oh no no no! What meant was I can't code for shit and that your code seemed really good but I didn't know, it was supposed to be a compliment D:

--------------------- MERGED ---------------------------

This
 
  • Like
Reactions: Deleted User

ely42

Member
OP
Newcomer
Joined
May 28, 2016
Messages
19
Trophies
0
XP
71
Country
France
Oh no no no! What meant was I can't code for shit and that your code seemed really good but I didn't know, it was supposed to be a compliment D:

--------------------- MERGED ---------------------------


This
Oh, sorry I didn't understood :wacko: My bad :/
 

fuyukaidesu

Well-Known Member
Newcomer
Joined
Mar 2, 2015
Messages
51
Trophies
0
Age
123
XP
729
Country
France
You can't cram everything into loader, there's a ~50kB limit.
I think the best way to do that would be to do it a bit like NTR, inject your code into HomeMenu, so you can open processes when they are launched.
I don't know much more, there are still things that can go wrong with injecting.
Currently, I'm toying around with yifan_lu's loader with Luma3DS, I can load and run binary patches for any title from SD, but a problem I have is that patching a simple string works one out of two times, and having a bit more complicated patch cause the 3DS to hang when loading a title.
 

chaoskagami

G̷̘̫̍̈́̊̓̈l̴̙͔̞͠i̵̳͊ţ̸̙͇͒̓c̵̬̪̯̥̳͒͌̚h̵̹̭͛̒̊̽̚
Developer
Joined
Mar 26, 2016
Messages
1,365
Trophies
1
Location
↑↑↓↓←→←→BA
Website
github.com
XP
2,262
Country
United States
You can't cram everything into loader, there's a ~50kB limit.

Technically, you CAN expand the sysmodule section.

I don't think you can use most of ctrulib in injector. I don't think you can get framebuffer access either. What you need to do is reverse home menu, find out where the right places to patch are, and then write the patch in assembly and inject it.

^ From the horse's mouth. In sysmodules, and especially loader, you have access to near nothing aside from svc calls, basic startup code, and some of string.h/memory.h.
 
  • Like
Reactions: Deleted User

shinyquagsire23

SALT/Sm4sh Leak Guy
Member
Joined
Nov 18, 2012
Messages
1,977
Trophies
2
Age
26
Location
Las Vegas
XP
3,765
Country
United States
Technically, you CAN expand the sysmodule section.



^ From the horse's mouth. In sysmodules, and especially loader, you have access to near nothing aside from svc calls, basic startup code, and some of string.h/memory.h.
You have access to every service and granting yourself access to SVC 0x7B (and anything else from that) really isn't that hard...
 

chaoskagami

G̷̘̫̍̈́̊̓̈l̴̙͔̞͠i̵̳͊ţ̸̙͇͒̓c̵̬̪̯̥̳͒͌̚h̵̹̭͛̒̊̽̚
Developer
Joined
Mar 26, 2016
Messages
1,365
Trophies
1
Location
↑↑↓↓←→←→BA
Website
github.com
XP
2,262
Country
United States
You have access to every service and granting yourself access to SVC 0x7B (and anything else from that) really isn't that hard...

Process injection is a joke from loader. As in, very easy. And access to all the svc calls kind of helps.

While you're here, would you happen to know if there's a way to use svcControlMemory to get a decent amount of scratch space for loader? The docs on 3dbrew are near incoherent on how it works, and reading through the initial heap code in ctrulib isn't helping me since it's in the application region, not base like loader (and evidently I'm already loading an application there.)
 
Last edited by chaoskagami,

chaoskagami

G̷̘̫̍̈́̊̓̈l̴̙͔̞͠i̵̳͊ţ̸̙͇͒̓c̵̬̪̯̥̳͒͌̚h̵̹̭͛̒̊̽̚
Developer
Joined
Mar 26, 2016
Messages
1,365
Trophies
1
Location
↑↑↓↓←→←→BA
Website
github.com
XP
2,262
Country
United States
Just a quiestion
Does cell9 the only one who reversed the home menu or another one (with less extremist mind) find out?

The injection offsets are pretty much public due to BootNTR being open source, fyi. NTR doesn't do fancy memory searches. I mean, that's just the offsets though. Plus, I'm pretty sure all the documentation on the HOME menu wouldn't exist on 3dbrew if it hadn't been done.

I personally think decompiling altmenu is more interesting.
 
Last edited by chaoskagami,

Billy Acuña

Well-Known Member
Member
Joined
Oct 10, 2015
Messages
3,126
Trophies
1
Age
31
XP
3,701
Country
Mexico
The injection offsets are pretty much public due to BootNTR being open source, fyi. NTR doesn't do fancy memory searches.
What? Is NTR's code now public? But cell9 said that he never was to public his code cause of pro/neutral-piracy devs.
That's very inusual :/
 

chaoskagami

G̷̘̫̍̈́̊̓̈l̴̙͔̞͠i̵̳͊ţ̸̙͇͒̓c̵̬̪̯̥̳͒͌̚h̵̹̭͛̒̊̽̚
Developer
Joined
Mar 26, 2016
Messages
1,365
Trophies
1
Location
↑↑↓↓←→←→BA
Website
github.com
XP
2,262
Country
United States

chaoskagami

G̷̘̫̍̈́̊̓̈l̴̙͔̞͠i̵̳͊ţ̸̙͇͒̓c̵̬̪̯̥̳͒͌̚h̵̹̭͛̒̊̽̚
Developer
Joined
Mar 26, 2016
Messages
1,365
Trophies
1
Location
↑↑↓↓←→←→BA
Website
github.com
XP
2,262
Country
United States
Ohh, in fact we still need to reverse some fuctions of home menu to get a NTR open source alternative... :(

There's other ways to achieve NTR-like functionality than copying NTR. NTR has some design flaws anyways, IMO.
 
  • Like
Reactions: Deleted User

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Veho @ Veho: Mkay.