Skip to content

:)#6

Closed
lsp199308 wants to merge 5 commits intoimpeeza:masterfrom
lsp199308:master
Closed

:)#6
lsp199308 wants to merge 5 commits intoimpeeza:masterfrom
lsp199308:master

Conversation

@lsp199308
Copy link

@lsp199308 lsp199308 commented Oct 26, 2024

No description provided.

@borntohonk
Copy link
Collaborator

borntohonk commented Oct 27, 2024
edited
Loading

also remove lines:
https://github.com/impeeza/sys-patch/blob/master/overlay/src/main.cpp#L106
https://github.com/impeeza/sys-patch/blob/master/overlay/src/main.cpp#L132

edit lines, save
git add overlay/src/main.cpp
git commit --amend --no-edit
git push -f

or just new commit message and push

borntohonk
borntohonk reviewed Oct 27, 2024
View reviewed changes
@borntohonk
Copy link
Collaborator

borntohonk commented Oct 27, 2024

also comment:

on 18.1.0 https://github.com/impeeza/sys-patch/blob/master/sysmod/src/main.cpp#L256

this hits function 0x74310 instead of 0x743BC

and must be changed to:

    { "nocntchk", "0x94081C00121F050071..0054", -3, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(10,0,0), MAKEHOSVERSION(18,1,0) },

@borntohonk
Copy link
Collaborator

borntohonk commented Oct 27, 2024
edited
Loading

I mirrored this logic here:
borntohonk/Switch-Ghidra-Guides@4efdfc3
also here:
borntohonk@dbe97b6

@borntohonk
Copy link
Collaborator

borntohonk commented Oct 27, 2024

also i notice @impeeza is uploading .7z release, why?

do "make dist" and it will create sys-patch.zip

https://github.com/impeeza/sys-patch/blob/master/Makefile#L51-L56

@lsp199308
Copy link
Author

lsp199308 commented Oct 27, 2024
edited
Loading

also comment:

on 18.1.0 https://github.com/impeeza/sys-patch/blob/master/sysmod/src/main.cpp#L256

this hits function 0x74310 instead of 0x743BC

and must be changed to:


    { "nocntchk", "0x94081C00121F050071..0054", -3, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(10,0,0), MAKEHOSVERSION(18,1,0) },

{ "10-18", "0x40f9...9408.0012.050071", 2, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(10,2,0), MAKEHOSVERSION(18,1,0) },//fw10.2.0-fw18.1.0
{ "19", "0x40f9...94..40b9..0012", 2, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(19,0,0) },

@lsp199308
Copy link
Author

lsp199308 commented Oct 27, 2024

{ "1-9A", "0x........0036..00b4..40b9", 2, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(1,0,0), MAKEHOSVERSION(9,2,0) },
{ "1-9B", "0x....0094.0210911f000072", 2, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(1,0,0), MAKEHOSVERSION(9,2,0) },
{ "1-9C", "0x.40f9...94081c00121f050071", 2, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(1,0,0), MAKEHOSVERSION(9,2,0) },
//补丁:1f2003d5
{ "1-9D", "0x.97..0036881e42b9", 2, 0, tbz_cond, nop_patch, nop_applied, true, MAKEHOSVERSION(1,0,0), MAKEHOSVERSION(9,2,0) },
//10.0.0
//补丁:e0031f2a
{ "10A", "0x0091c5b10194fd7b43a9f44f42a9", 2, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(10,0,0), MAKEHOSVERSION(10,1,0) },
{ "10-18A", "0x40f9...9408.0012.050071", 2, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(10,2,0), MAKEHOSVERSION(18,1,0) },
{ "19A", "0x40f9...94..40b9..0012", 2, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(19,0,0) },

//补丁:1f2003d5
{ "10D", "0xe80a009008613b91280000f9c0035fd6", 2, 0, tbz_cond, nop_patch, nop_applied, true, MAKEHOSVERSION(10,0,0), MAKEHOSVERSION(10,1,0) },
{ "10-16D", "0x0036.......71..0054..4839", -2, 0, tbz_cond, nop_patch, nop_applied, true, MAKEHOSVERSION(10,0,0), MAKEHOSVERSION(16,1,0) },
{ "17-19D", "0x.94..0036.258052", 2, 0, tbz_cond, nop_patch, nop_applied, true, MAKEHOSVERSION(17,0,0), },//fw17-fw19

};

@lsp199308
Copy link
Author

lsp199308 commented Oct 27, 2024

This doesn't apply to EXFAT, exfat I couldn't find the wildcard, so this item applies to 17+

@borntohonk
Copy link
Collaborator

borntohonk commented Oct 27, 2024

{ "10-18", "0x40f9...9408.0012.050071", 2, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(10,2,0), MAKEHOSVERSION(18,1,0) },//fw10.2.0-fw18.1.0
offset2

40 f9 .. .. .. 94 08 .. 00 12 .. 05 00 71 + 0x2 does hit the correct offset on 18.1.0 at least

{ "19", "0x40f9...94..40b9..0012", 2, 0, bl_cond, ret0_patch, ret0_applied, true, MAKEHOSVERSION(19,0,0) },

offset3

40 f9 .. .. .. 94 .. .. 40 b9 .. .. 00 12 + 0x2 also hits correct offset for 19.0.0

@impeeza
Copy link
Owner

impeeza commented Oct 27, 2024

also i notice @impeeza is uploading .7z release, why?

do "make dist" and it will create sys-patch.zip

https://github.com/impeeza/sys-patch/blob/master/Makefile#L51-L56

Sorry about that was so slept, editing now.

@impeeza
Copy link
Owner

impeeza commented Oct 27, 2024

Hello there, Thanks a lot for all the work you are investing on.

This is a great optimization. It's ready to be mereged? it looks so nice!

@lsp199308
Copy link
Author

lsp199308 commented Oct 27, 2024
edited
Loading

This is the unfixed area:
I've uploaded the unpatched binary so that someone can find the wildcards
You can use ida or ghidra to look for wildcards.
#FS 6.0.0-ExFAT.
[FS:330553F6B5FB55C4]
.nosigchk=0:0x7C934:0x4:07DFFF97,E0031F2A
.nosigchk=0:0x7C9A8:0x4:8E3E0094,E0031F2A
.nosigchk=0:0xF678C:0x4:C0030036,1F2003D5
.nosigchk=0:0x81784:0x4:73D40194,E0031F2A

#FS 7.0.0-ExFAT
[fs:2cce659cec536a8e]
.nosigchk=0:0x7FFA4:0x4:33D7FF97,E0031F2A
.nosigchk=0:0x7FFDC:0x4:31430094,E0031F2A
.nosigchk=0:0xFDB94:0x4:C0030036,1F2003D5
.nosigchk=0:0x85E18:0x4:C6DF0194,E0031F2A

#FS 8.0.0-ExFAT
[fs:dbd941c0c53c52cc]
.nosigchk=0:0x81884:0x4:BBD6FF97,E0031F2A
.nosigchk=0:0x818BC:0x4:51440094,E0031F2A
.nosigchk=0:0xFFF54:0x4:C0030036,1F2003D5
.nosigchk=0:0x87978:0x4:DEE10194,E0031F2A

#FS 8.1.0-ExFAT
[FS:B4CAE1F24965D92E]
.nosigchk=0:0x81884:0x4:BBD6FF97,E0031F2A
.nosigchk=0:0x818BC:0x4:51440094,E0031F2A
.nosigchk=0:0xFFF54:0x4:C0030036,1F2003D5
.nosigchk=0:0x87978:0x4:DEE10194,E0031F2A

#FS 14.0.0-ExFAT
[FS:D488D1F29217355C]
.nosigchk=0:0x13354C:0x4:A0070036,1F2003D5
.nosigchk=0:0x79C00:0x4:2DE70294,E0031F2A

#FS 15.0.0-ExFAT
[fs:34c0d9ed6ad1873d]
.nosigchk=0:0x06EBA4:0x4:40F50294,E0031F2A
.nosigchk=0:0x12BD7C:0x4:A0040036,1F2003D5

#FS 16.0.0-ExFAT
[FS:CFAB450C2C539DA9]
.nosigchk=0:0x06F704:0x4:E9900394,E0031F2A
.nosigchk=0:0x15380C:0x4:60040036,1F2003D5

#FS 16.0.3-ExFAT
[fs:62c65efd9abf7c43]
.nosigchk=0:0x06F754:0x4:E9900394,E0031F2A
.nosigchk=0:0x15385C:0x4:60040036,1F2003D5

Uploading exfat.zip…

@borntohonk
Copy link
Collaborator

borntohonk commented Oct 27, 2024

This is the unfixed area: I've uploaded the unpatched binary so that someone can find the wildcards You can use ida or ghidra to look for wildcards.

So I have a very hot opinion here.

Maintaining compatibility down to 10.0.0 is good enough.

10.0.0 released april 14 2020.

4 years ago.

most important is current firmware, and maybe down to 17.0.0 (all are supported currently, no reason to do much more work)

@lsp199308
Copy link
Author

lsp199308 commented Oct 27, 2024

This is the unfixed area: I've uploaded the unpatched binary so that someone can find the wildcards You can use ida or ghidra to look for wildcards.

So I have a very hot opinion here.

Maintaining compatibility down to 10.0.0 is good enough.

10.0.0 released april 14 2020.

4 years ago.

most important is current firmware, and maybe down to 17.0.0 (all are supported currently, no reason to do much more work)
You're right. I couldn't agree more.

@impeeza
Copy link
Owner

impeeza commented Oct 27, 2024

@borntohonk correctme if I am wrong.

using as starting point IPS patch (or boot.ini enties) is no easy to create SYS-Patch patterns, they are two different approachs.

@borntohonk
Copy link
Collaborator

borntohonk commented Oct 27, 2024
edited
Loading

@borntohonk correctme if I am wrong.

using as starting point IPS patch (or boot.ini enties) is no easy to create SYS-Patch patterns, they are two different approachs.

ips patches contain offsets and what patch it writes to the offset, you could just as easily open the binary in ghidra, go to the offset, see whats there and create a pattern (diffing several firmwares give better patterns,)

(same applies to patches.ini with hekate, nothing there cannot be looked up)

alternatively you can just do with one and instead pattern arm instructions, and then some static bytes

@impeeza
Copy link
Owner

impeeza commented Oct 27, 2024

@borntohonk Is This PR ready to be merged?

@borntohonk
Copy link
Collaborator

borntohonk commented Oct 27, 2024

@borntohonk Is This PR ready to be merged?

🤷 it's not my PR, but it's about as ready as it can be i guess

@lsp199308
Copy link
Author

lsp199308 commented Oct 27, 2024

Okay, I'm sure it's fine.

@borntohonk borntohonk mentioned this pull request Oct 27, 2024
Closed
@impeeza
Copy link
Owner

impeeza commented Nov 3, 2024

will review this the next week I come back to home and let you to know.

@borntohonk
Copy link
Collaborator

borntohonk commented Nov 8, 2024

i personally prefer having the functions labelled over "9a 9b 9c 9d", but the existing labels weren't consistent either.

@borntohonk borntohonk mentioned this pull request Dec 4, 2024
Merged
@impeeza
Copy link
Owner

impeeza commented Dec 4, 2024

Merged on PR9

@lsp199308 lsp199308 closed this Dec 5, 2024
@impeeza
Copy link
Owner

impeeza commented Dec 5, 2024

This changes was merged on the PR9, Thanks a lot for all the work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@borntohonk borntohonk borntohonk left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lsp199308 @borntohonk @impeeza