Applying AHBPROT to Banana Saves January 24, 2011 11:38PM | Registered: 14 years ago Posts: 9 |
/* Retrieve TMD */ ret = ES_GetStoredTMD(SYSMENU_TITLEID, p_tmd, tmd_len); if (ret < 0) goto out; /* Identify as system menu */ ret = ES_Identify(p_certs, certs_len, p_tmd, tmd_len, p_tik, tik_len, NULL);ES_Identify returns -1017.
ret = ((tmd *)SIGNATURE_PAYLOAD(p_tmd))->boot_index;It doesn't get the System Menu executable index correctly (and later it's unable to load the executable into memory due to an incorrect index).
Re: Applying AHBPROT to Banana Saves January 25, 2011 01:50AM | Registered: 14 years ago Posts: 234 |
Re: Applying AHBPROT to Banana Saves January 25, 2011 10:43AM | Registered: 14 years ago Posts: 9 |
I have these patches:Quote
giantpune
why are you trying to identify as the super user?
what do you think the iospatch.c has done for you?
basically what the ios patcher.c s doing is useless for you. the patches it is applying are not the ones you are needing. it is patching signature checking, unencrypted disc read limit, & FS permissions. The IOS running still does not let you use ES_Identify(), SetUID(), or anything that will let you assume the role of system menu.
static const u8 setuid_old[] = { 0xD1, 0x2A, 0x1C, 0x39 }; static const u8 setuid_patch[] = { 0x46, 0xC0 }; const u8 es_identify_old[] = { 0x28, 0x03, 0xD1, 0x23 }; const u8 es_identify_patch[] = { 0x00, 0x00 };I assume that ES_Identify & SetUID are patched. The patches are applied correctly, or at least the apply_patch function returns true.
Re: Applying AHBPROT to Banana Saves January 25, 2011 06:31PM | Registered: 14 years ago Posts: 234 |
Re: Applying AHBPROT to Banana Saves January 26, 2011 06:42AM | Registered: 14 years ago Posts: 686 |
Re: Applying AHBPROT to Banana Saves January 28, 2011 09:53PM | Registered: 14 years ago Posts: 59 |
u8 old_table[] = {0x42, 0x8B, 0xD0, 0x01, 0x25, 0x66}; u8 new_table[] = {0x42, 0x8B, 0xE0, 0x01, 0x25, 0x66};
Re: Applying AHBPROT to Banana Saves January 29, 2011 11:47AM | Registered: 14 years ago Posts: 9 |
Thank you, I didn't know that.Quote
WiiPower
As far as i know the IOS patch for ES_Identify which allows you to use ES_Identify only works with certain IOS. I don't think that any 5x or higher is compatible.
I already had that patch, of course. As I said on my first post I can read files using the ISFS functions (the only patch that seemed to fail was ES_Identify).Quote
WiiPower
But why the complicated way? Don't you have the source code for a nand permissions patch? With that you just have full read/write access to the whole nand.u8 old_table[] = {0x42, 0x8B, 0xD0, 0x01, 0x25, 0x66}; u8 new_table[] = {0x42, 0x8B, 0xE0, 0x01, 0x25, 0x66};
Re: Applying AHBPROT to Banana Saves January 29, 2011 03:13PM | Registered: 14 years ago Posts: 59 |
Re: Applying AHBPROT to Banana Saves January 29, 2011 08:01PM | Registered: 14 years ago Posts: 9 |
Yes, I use memalign(32... instead of a simple malloc.Quote
WiiPower
You need 32 bytes aligned buffers, you know that?
Maybe there's a problem with the content numbers? I'm not sure if the content numbers match the file names on nand. Did you check that you try to load files that exist?
Also what do you mean exaxtly with "when it jumps to the executable"?
Re: Applying AHBPROT to Banana Saves January 30, 2011 01:03AM | Registered: 14 years ago Posts: 686 |
Re: Applying AHBPROT to Banana Saves January 30, 2011 12:59PM | Registered: 14 years ago Posts: 9 |
It seems that I'm going to need ES_Identify after all.Quote
tueidj
Booting a NAND title when you're not identified as that title isn't going to end well.
Re: Applying AHBPROT to Banana Saves January 30, 2011 01:11PM | Moderator Registered: 14 years ago Posts: 5,075 |