[IDEA] Launch a minimal CFW (like SaltFW) if no arm9loaderhax binary is found on SD

Discussion in '3DS - Flashcards & Custom Firmwares' started by Pokéidiot, Jun 1, 2016.

  1. Pokéidiot
    OP

    Pokéidiot GBAtemp Regular

    Member
    244
    129
    Dec 6, 2015
    Brazil
    \n?
    Was looking at arm9loaderhax source code, and on the stage2 payload I found the code of which loads the arm9loaderhax.bin file into memory, and then jumps into it. Thing is, load a hardcoded binary if the SD is not present or arm9loaderhax.bin is not found. I have a code for this, but I don't want to risk my console testing it.

    Code:
    /* delebile's version of a9lh */
    /* main.c of stage2 payload */
    /* only the part that loads a9lh.bin*/
    
    
    #include "HardcodedBinary.h"
    
    // ...
    void loadHarcodedBinary() // call if SD mount failed or a9lh.bin not found
    {
        ownArm11();
        clearScreen();
        screenInit();
        // HC_PAYLOAD_ADDRESS
        // HC_PAYLOAD
        // HC_PAYLOAD_SIZE
        // defined on HardcodedBinary.h
        memcpy(HC_PAYLOAD_ADDRESS, HC_PAYLOAD, HC_PAYLOAD_SIZE)
        ((void (*)())HC_PAYLOAD_ADDRESS)();
    }
    int main()
    {
        // ...
        FATFS fs;
        FIL payload;
        unsigned int br;
      
        f_mount(&fs, "0:", 0);
        if (FS == NULL)
        {
            loadHardcodedBinary();
        }      
        if(f_open(&payload, "arm9loaderhax.bin", FA_READ | FA_OPEN_EXISTING) == FR_OK)
        {
            ownArm11();
            clearScreen();
            screenInit();
    
            f_read(&payload, (void*)PAYLOAD_ADDRESS, PAYLOAD_SIZE, &br);
            ((void (*)())PAYLOAD_ADDRESS)();
        }
        else
        {
            loadHardcodedBinary();
        }
        // ...
    }
     
    Last edited by Pokéidiot, Jun 1, 2016
    Davidosky99 likes this.


  2. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,546
    3,953
    Jun 9, 2007
    Antarctica
    Ideally this could be expanded to load arm9loaderhax.bin from CTRNAND, or maybe even one of the TWL partitions, but I've not had any luck getting NAND partitions to mount from stage 2, with no idea why (it works a few milliseconds later when CFWs like Salt run, but why not as a stage 2? I just don't get it). Another possibility is to put the CFW payload as a stage 3, reading a few sectors from raw NAND, but eh, being able to use GodMode9 to change it out at will would be really handy.
     
    cearp and astronautlevel like this.
  3. Pokéidiot
    OP

    Pokéidiot GBAtemp Regular

    Member
    244
    129
    Dec 6, 2015
    Brazil
    \n?
    I'm just picking the code and checking what I can change to make it better. Have no idea of how I can mount CTRNAND, so there's nothing much I can do instead of hardcoding a binary. I will compile this, and send to anyone that wants to test it when I have time to do it.
     
  4. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,546
    3,953
    Jun 9, 2007
    Antarctica
    It would be a matter of just borrowing or adapting NAND mounting and reading code from Luma, since it has it all there, but it won't work as it is, for unknown (to me) reasons. I don't think anyone's figured out why yet, though, or if they have, it's still certainly a mystery to me.
     
  5. Zan'

    Zan' 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F

    Member
    385
    159
    Oct 8, 2015
    Okay this might be stupid or impossible.
    But would it be possible to store the A9LH CFW Data on the NAND chip and read from there instead of the SD?
    After all it's just like an internal hard drive.
    This would basically eliminate the need for an sd to boot the cfw since it gets loaded from the always existing nand chip and not from the sd.
    (The Nand Chip has more space than it needs anyway.)
     
  6. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,546
    3,953
    Jun 9, 2007
    Antarctica
    That's what I was suggesting a post or so above, but as I said, it's currently not possible for some reason. CTRNAND fails to mount while running stage2, but not a9lh.bin. It's weird.
     
  7. Pokéidiot
    OP

    Pokéidiot GBAtemp Regular

    Member
    244
    129
    Dec 6, 2015
    Brazil
    \n?
    Hmm. Loading a binary from CTRNAND would be VERY nice, and FBI 2.x.x can access CTRNAND files. Let's see:
    Load things from CTRNAND and write a homebrew that update them. Like CFW and recovery tools (decrypt9, emunand9, hourglass9, etc).
     
    daxtsu likes this.
  8. Pokéidiot
    OP

    Pokéidiot GBAtemp Regular

    Member
    244
    129
    Dec 6, 2015
    Brazil
    \n?
    Okay, I just built my stage2 code. Who wants it, PM me
     
  9. Zan'

    Zan' 2F88744FEED717856386400A44BBA4B9CA62E76A32C715D4F

    Member
    385
    159
    Oct 8, 2015
    Sorry, I didn't read that. But if it errors it might be due to the filesystem? (At least that's what came to my mind after thinking about it)
    I am not to experienced with working on CFW, so I am not sure how it reads and what can be done exacty. But I guess I'll try to get into it and try to be helpful.

    — Posts automatically merged - Please don't double post! —

    What does your stage2 code do differently?
     
  10. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,546
    3,953
    Jun 9, 2007
    Antarctica
    The best guess I can come up with is that the NAND chip is "busy" or not ready just after stage 2 begins running, so maybe inserting a delay before trying to mount it is required.
     
    Zan' likes this.
  11. phalk

    phalk Handheld Maniac

    Member
    426
    260
    Apr 23, 2009
    Brazil
    The problem with a hardcoded binary is that everytime you might need to change the payload (update reasons) you would have to reinstall A9LH, am I wrong?
     
  12. Pokéidiot
    OP

    Pokéidiot GBAtemp Regular

    Member
    244
    129
    Dec 6, 2015
    Brazil
    \n?
    Code:
    void prep()
    {
        ownArm11();
        clearScreen();
        screenInit();
    }
    void jump2Bin()
    {
        // Jumps to loaded binary
        ((void (*)())PAYLOAD_ADDRESS)();
    }
    // Loads a binary
    void loadBin()
    {
        // setups
        FIL payload;
        unsigned int br;
        // try to open the file
        if (f_open(&payload, "arm9loaderhax.bin", FA_READ | FA_OPEN_EXISTING) == FR_OK)
        {
            prep();    // preparations (arm11 own and screen init)       
            f_read(&payload, (void*)PAYLOAD_ADDRESS, PAYLOAD_SIZE, &br); // load into RAM
            jump2Bin(); // jump
        }
        else // if failed
        {
            prep(); // preparations
            memcpy(saltfw_bin, (void*)PAYLOAD_ADDRESS, saltfw_bin_size); // copy SaltFW into payload address
            jump2Bin(); // ...and then, jump
        }
    }
    int main()
    {
        //gateway
        *(volatile uint32_t*)0x80FFFC0 = 0x18300000;    // framebuffer 1 top left
        *(volatile uint32_t*)0x80FFFC4 = 0x18300000;    // framebuffer 2 top left
        *(volatile uint32_t*)0x80FFFC8 = 0x18300000;    // framebuffer 1 top right
        *(volatile uint32_t*)0x80FFFCC = 0x18300000;    // framebuffer 2 top right
        *(volatile uint32_t*)0x80FFFD0 = 0x18346500;    // framebuffer 1 bottom
        *(volatile uint32_t*)0x80FFFD4 = 0x18346500;    // framebuffer 2 bottom
        *(volatile uint32_t*)0x80FFFD8 = 1;    // framebuffer select top
        *(volatile uint32_t*)0x80FFFDC = 1;    // framebuffer select bottom
    
        //cakehax
        *(u32*)0x23FFFE00 = 0x18300000;
        *(u32*)0x23FFFE04 = 0x18300000;
        *(u32*)0x23FFFE08 = 0x18346500;
    
        FATFS fs;
       
        f_mount(&fs, "0:", 0); //This never fails due to deferred mounting
        loadBin();
       
        i2cWriteRegister(I2C_DEV_MCU, 0x20, (u8)(1<<0));
        return 0;
    }
    
    That's whats different.

    — Posts automatically merged - Please don't double post! —

    So true :rofl2::rofl2:
     
    Zan' likes this.
  13. dubbz82

    dubbz82 GBAtemp Advanced Maniac

    Member
    1,507
    814
    Feb 2, 2014
    United States
    Interesting idea. Maybe this could fix people's irrational fear of not being able to run their system without an SD card (even though it still won't be very usable because of lack of storage...)
     
    daxtsu likes this.
  14. Pokéidiot
    OP

    Pokéidiot GBAtemp Regular

    Member
    244
    129
    Dec 6, 2015
    Brazil
    \n?
    Probably for people that has a lot of cartidges or a Sky3DS (I bet that it can load homebrew compiled in 3ds format when in CFW [sig patches enabled])
     
  15. astronautlevel

    astronautlevel The Young Descendent of Tepes

    Member
    4,041
    4,987
    Jan 26, 2016
    United States
    That Nightly Site™
    iirc it can't without some modifications to the sky itself, but it has been done ;)
     
  16. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ Spooky cute.

    Member
    20,083
    21,223
    Sep 13, 2009
    Antarctica
    Between insane and insecure
    Shadowhand is working on an on NAND CFW called ShadowNAND
     
    Salamencizer likes this.
  17. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,546
    3,953
    Jun 9, 2007
    Antarctica
    His method, if I'm not mistaken, aims to more or less be a variant of this, except stage 2 is the CFW. If we can figure out how to mount the NAND properly during stage 2, it'd be a lot safer to instead pull in the CFW from there like how Luma loads FIRM from NAND as well, since you can always use Godmode9 or FBI to change your CFW out or update it. If your CFW is in stage 2 like ShadowNAND or this, you have to reinstall A9LH every time there's any sort of an update, and that goes without saying that there's some risk involved. I know Salt and other minimal CFWs aren't updated much, but there's always a chance they might need future updates if Nintendo throws us a curve-ball, so making the CFW itself easily updateable should be a primary goal if this idea is to work out, if you ask me.
     
  18. 4gionz

    4gionz GBAtemp Advanced Fan

    Member
    786
    307
    Aug 16, 2014
    Canada
    Well with something like star updater modified to update the payload in NAND instead of sd, "obviously making it sound easier than it is". It would be even simpler than using FBI or godmode9 to update. Simply run press A and your on the latest version
     
    daxtsu likes this.
  19. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,546
    3,953
    Jun 9, 2007
    Antarctica
    GM9 would be more for if you can't boot FIRM for some reason, but yeah, no reason simpler updaters couldn't be written.
     
  20. Urbanshadow

    Urbanshadow GBAtemp Maniac

    Member
    1,296
    474
    Oct 16, 2015
    I don't know if I should be saying this, but there's more than that. Without SD it would be able not just to boot sysnand in a SaltFW way (as slim as a firmlaunch can be) but also to provide a "secure mode" of sorts, able to do very basic maintenance tasks like backup/restore the nand and update the cfw. All of this into stage2.

    In this way, your primary goal is supported :)
     
    daxtsu likes this.