Why shouldn't the mirror's have the whitelist?
Doesn't it reside in the payload? How should a script in the browser know what title has been put onto the SD card?
The whitelist could be as simple as: Only allow titles of the type "00050000" and "0005000E", i.e. games and updates.
Code:
01803764 cmpwi r3, 0
01803768 bne bailout
0180376C lwz r3, 0(r31)
01803770 addis r3, r3, -5
01803774 cmpwi r3, 0xE #Compare the 50000x to E;
01803778 beq install_title #if above is true install update
0180377C lwz r3, 4(r31)
01803780 addis r3, r3, -0x1004 #Remove the 0x1004
01803784 cmpwi r3, 0x1000 # if JPN Version.bin
01803788 beq install_title # install
0180378C cmpwi r3, 0x1100 # if USA Version.bin
01803790 beq install_title # install
01803794 cmpwi r3, 0x1200 # if EUR Version.bin
01803798 beq install_title # install
0180379C b bailout # else get the hell outta here.
Crediar released source so this isn't an issue to post.
Last edited by Onion_Knight,
