Homebrew Homebrew app sys-patch - sysmod that patches on boot

[bth]

No dice for me.

[fs]
noacidsigchk1=Skipped
noacidsigchk2=Skipped
noncasigchk_old=Skipped
noncasigchk_new=Patched (sys-patch)
nocntchk=Skipped
nocntchk2=Patched (sys-patch)
[ldr]
noacidsigchk=Patched (sys-patch)
[es]
es1=Skipped
es2=Skipped
es3=Patched (sys-patch)
[nifm]
ctest=Skipped
ctest2=Unpatched
[nim]
nim=Patched (sys-patch)
[ssl]
disablecaverification1=Patched (sys-patch)
disablecaverification2=Patched (sys-patch)
disablecaverification3=Patched (sys-patch)
[stats]
version=1.5.6-fd596fe
build_date=04.05.2025 08:10:16
fw_version=20.0.1
ams_version=1.9.0
ams_target_version=0.1.0
ams_keygen=19
ams_hash=67f4347a
is_emummc=1
heap_size=4096
buffer_size=4096
patch_time=0.087s

https://github.com/borntohonk/sys-patch/releases/download/v1.5.6/sys-patch.zip

i reuploaded a binary that now does 37.4

(assuming it matches 14...........91...........97...............14, then skips 37 steps, does its b_cond test which should find ...14, then it sets the first byte of the test to 0, but the offset needing to be patched is 4 bytes forward, so 37, 4?)

apparently it should be something stupid like 37, 0 or 37, 4

test the 4 byte instruction at position 37("+1") last byte matches the cond (14), then from the end of the match move 4 bytes forward

edit: i forgot to do 0x14 | 0x17 and did 0x17 | 0x17 for the b_cond test, should now be fixed.

 

[Athos]

You're saying that NIFM is crashing?
edit: ah, you're using some nonsense older modded version of sys-patch, i won't troubleshoot that.
besides, i would require your crashlogs.

I'm using the syspatch version 1.5.5 published in this forum, as I couldn't find a newer one. I could provide you with the logs if I still have them, since it is working now.

 

[bth]

I'm using the syspatch version 1.5.5 published in this forum, as I couldn't find a newer one. I could provide you with the logs if I still have them, since it is working now.

I don't need your 1.5.5 logs, rather just you verify the 1.5.6 ones are working as it should on 20.0.1, or if i need to tweak it further

 

[deejay87]

I don't need your 1.5.5 logs, rather just you verify the 1.5.6 ones are working as it should on 20.0.1, or if i need to tweak it further

hi, i have test and it's work 1.5.6 / fw 20.0.1 / atmosphere fusee 1.9.0 / emuMMC

 

[MagicMan2k]

I have tested it as well works fine - 1.5.6 / fw 20.0.1 / atmosphere fusee 1.9.0 / emuMMC

 

[bth]

Would be nice if the ones of you claiming it "works fine", could provide sys-patch log for ctest2 entry, be it in form of screenshot from the overlay or file, as everything else already was working.

 

[MagicMan2k]

[fs]
noacidsigchk1=Skipped
noacidsigchk2=Skipped
noncasigchk_old=Skipped
noncasigchk_new=Patched (sys-patch)
nocntchk=Skipped
nocntchk2=Patched (sys-patch)
[ldr]
noacidsigchk=Patched (sys-patch)
[es]
es1=Skipped
es2=Skipped
es3=Patched (sys-patch)
[nifm]
ctest=Skipped
ctest2=Patched (sys-patch)
[nim]
nim=Patched (sys-patch)
[ssl]
disablecaverification1=Disabled
disablecaverification2=Disabled
disablecaverification3=Disabled
[stats]
version=1.5.6-21015c1
build_date=04.05.2025 09:28:38
fw_version=20.0.1
ams_version=1.9.0
ams_target_version=0.1.0
ams_keygen=19
ams_hash=67f4347a
is_emummc=1
heap_size=4096
buffer_size=4096
patch_time=0.064s

 

[bth]

[fs]
noacidsigchk1=Skipped
noacidsigchk2=Skipped
noncasigchk_old=Skipped
noncasigchk_new=Patched (sys-patch)
nocntchk=Skipped
nocntchk2=Patched (sys-patch)
[ldr]
noacidsigchk=Patched (sys-patch)
[es]
es1=Skipped
es2=Skipped
es3=Patched (sys-patch)
[nifm]
ctest=Skipped
ctest2=Patched (sys-patch)
[nim]
nim=Patched (sys-patch)
[ssl]
disablecaverification1=Disabled
disablecaverification2=Disabled
disablecaverification3=Disabled
[stats]
version=1.5.6-21015c1
build_date=04.05.2025 09:28:38
fw_version=20.0.1
ams_version=1.9.0
ams_target_version=0.1.0
ams_keygen=19
ams_hash=67f4347a
is_emummc=1
heap_size=4096
buffer_size=4096
patch_time=0.064s

Thanks

 

[deejay87]

[fs]
noacidsigchk1=Skipped
noacidsigchk2=Skipped
noncasigchk_old=Skipped
noncasigchk_new=Patched (sys-patch)
nocntchk=Skipped
nocntchk2=Patched (sys-patch)
[ldr]
noacidsigchk=Patched (sys-patch)
[es]
es1=Skipped
es2=Skipped
es3=Patched (sys-patch)
[nifm]
ctest=Skipped
ctest2=Patched (sys-patch)
[nim]
nim=Patched (sys-patch)
[ssl]
disablecaverification1=Disabled
disablecaverification2=Disabled
disablecaverification3=Disabled
[stats]
version=1.5.6-21015c1
build_date=04.05.2025 09:28:38
fw_version=20.0.1
ams_version=1.9.0
ams_target_version=0.1.0
ams_keygen=19
ams_hash=67f4347a
is_emummc=1
heap_size=4096
buffer_size=4096
patch_time=0.064s

 

[urherenow]

Edit: I'm brain farting over here. Just gave up and grabbed the build up above. It works.

My linux VM quit working on my Desktop, after having SSD issues and having to do a fresh install. In ubuntu, "git fetch origin pull/ID/head" would do what I expect. It doesn't seem to be working that way through msys2.

Edit: Ok... it's "git pull origin pull/ID/head". Sanity restored.

 

[Tyvar1]

https://github.com/impeeza/sys-patch/releases/tag/v1.5.6

 

[impeeza]

https://github.com/impeeza/sys-patch/releases/tag/v1.5.6

Nothing to do with FW 20 was a Pending PR what I do not know why GitHub never alert me. it introduces a setting for clean Configuration, very useful for the testing and updating.

The PR for support FW 20 is pending on testing and Atmosphère release.

 

[Tyvar1]

Nothing to do with FW 20 was a Pending PR what I do not know why GitHub never alert me. it introduces a setting for clean Configuration, very useful for the testing and updating.

The PR for support FW 20 is pending on testing and Atmosphère release.

Aaah I see, just got an notification from GitHub with an new release and posted it right away haha

 

[Blythe93]

@bth I've noticed that your repository is now archived. Any particular reason? Dropping support? Switch might be on its last firmware revision? Something else?

 

[bth]

@bth I've noticed that your repository is now archived. Any particular reason? Dropping support? Switch might be on its last firmware revision? Something else?

I un-archived it only to push fix upstream, as I have no faith anyone else would fix it... (The switch scene is full of incompetent people) Seeing as I am the original source of all the patterns in the first place

I archived everything switch related that isn't crypto, because I don't have a switch 1 myself anymore.

It will be archived, because it's not where people are supposed to be.

Nothing to do with FW 20 was a Pending PR what I do not know why GitHub never alert me. it introduces a setting for clean Configuration, very useful for the testing and updating.

The PR for support FW 20 is pending on testing and Atmosphère release.

It already was tested, it's irresponsible and a bad faith argument of you to insist on not already starting distribution of a fix to a problem sys-patch causes for people by patching +0x4 offset wrong, which results in a crash.

it's fixed, it's been tested.

 

[impeeza]

(The switch scene is full of incompetent people)

And drama queens! telling us wrong and bad things. thanks BTH for standing.

Post automatically merged: May 5, 2025

It already was tested, it's irresponsible and a bad faith argument of you to insist on not already starting distribution of a fix to a problem sys-patch causes for people by patching +0x4 offset wrong, which results in a crash.

Are you sure can we distribute that now? I have no tested and so far but if you tell me is ok, I will Merge the PR and publish the binary and code here on GBATemp.

Post automatically merged: May 5, 2025

Most Recent version 1.5.6 with FW 20+ on the downloads section

https://gbatemp.net/download/sys-patch-sysmodule.39124/

 

[EricTD9]

ty so much works perfectly on 20.0.0

 

[Blythe93]

I un-archived it only to push fix upstream, as I have no faith anyone else would fix it... (The switch scene is full of incompetent people) Seeing as I am the original source of all the patterns in the first place

I archived everything switch related that isn't crypto, because I don't have a switch 1 myself anymore.

It will be archived, because it's not where people are supposed to be.

Fair enough. Thanks for all the fixes and updates so far. You've definitely made our lives much easier.

 

[lsp199308]

Is 1.5.6 not applicable to 20.0.0+?

 

[bth]

Is 1.5.6 not applicable to 20.0.0+?View attachment 503080View attachment 503081

The patterns go + 0x2 from start, so the BL cond at 07A880 and the other is a TBZ at 023C88

use https://github.com/borntohonk/Switch-Ghidra-Guides/blob/master/scripts/check_patches.py as means to verify, i added condition checkers into my pattern searcher



EX: output:

# Firmware version number generated keys for is: 20.0.1

# key revision generated keys for ends with _13

# mariko_master_kek_source_13       = *******************************

# Keygen completed and output to C:\Users\shadowjacker/.switch/prod.keys


Sys-patch for ES string still valid for: 20.0.1

Sys-patch ES pattern found at: 076A38

The ghidra-equivalent pattern used was: .. .. 00 .. .. .. 00 94 a0 .. .. d1 .. .. ff 97 .. .. .. .. .. .. .. a9

An arm "MOV" condition is what is supposed to be patched at this offset

20.0.1 ES build-id: CF84DE5278AE823734DE630A098C6B1AEEF12894


an "STP" arm instruction with ending of 0xA9 was found proceding the pattern

Sys-patch for NIFM string still valid for: 20.0.1

Sys-patch NIFM pattern found at: 0879C0

The ghidra-equivalent pattern used was: 14 .. .. .. .. .. .. .. .. .. .. .. 91 .. .. .. .. .. .. .. .. .. .. .. 97 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 14

An arm "STP" condition is what is supposed to be patched at the offset right after the branch arm condition tested ("B")

20.0.1 NIFM build-id: 2C3E24F46D131685B361FEE1F0570B985095E034


Sys-patch for NIM string still valid for: 20.0.1

Sys-patch NIM pattern found at: 1909A8

The ghidra-equivalent pattern used was: .. 0F 00 35 1F 20 03 D5

An arm "ADR" condition is what is supposed to be patched at the offset right after the "CBNZ and "NOP" conditions the pattern finds

20.0.1 NIM build-id: 9A576C1A8BE653CD24C88A8C239DADA3E1EF73F8


both sys-patch strings are valid for FS-FAT32 for: 20.0.1

20.0.1 First Sys-patch FS-FAT32 pattern found at: 023C88

The ghidra-equivalent pattern used was (11.0.0+) : .. 94 .. .. 00 36 .. 25 80 52

An arm "TBZ" condition is what is supposed to be patched, it is found within the pattern.

20.0.1 Second Sys-patch FS-FAT32 pattern found at: 07A880

The ghidra-equivalent pattern used was (19.0.0+) : 40 f9 .. .. .. 94 .. .. 40 b9 .. .. 00 12

An arm "BL" condition is what is supposed to be patched, it is found within the pattern.

20.0.1 Second Sys-patch FS-FAT32 pattern found at: 07A880

20.0.1 FS-FAT32 SHA256 hash: 6354969E60A7977B5A3C0E25EF39DEC1D84AC43E4F2BE16B3521A4FB4D6D0548


FS-exFAT was skipped for: 20.0.1, due to missing NCA file for exfat in the provided firmware files.

{ "noncasigchk_new", "0x.94..0036.258052", 2, 0, tbz_cond, nop_patch, nop_applied, true, MAKEHOSVERSION(17,0,0), FW_VER_ANY }, // 17.0.0 - 19.0.0+


.. 94 .. .. 00 36 .. 25 80 52 | 2 | 0
= | 2
.. .. 00 36
+ | 0
= patch from same offset as test offset

Post automatically merged: May 5, 2025

only 1.5.5 should have been problematic for 20.0.0+, but explicitly only nifm, as it was 0x4 too far ahead. 1.5.6 addresses that part, as the other patches already are confirmed to work.

I've heard of problems with DBI and tinfoil on 20.0.0, but i suspect that's an atmosphere thing that will be addressed by full release of atmosphere 1.9.0 // updates pushed out for at least tinfoil if needed.

existing installs work fine, installing new things does work, but the homebrew themselves have error.