Changes

3 bytes added ,  07:33, 11 May 2016
m
no edit summary
Line 25: Line 25:  
Two functions were updated for calling a new function for exheader handling.
 
Two functions were updated for calling a new function for exheader handling.
   −
This new function at L_101cfc immediately returns when the input programID isn't a CTR title / Cubic Ninja(USA/EUR/JPN uniqueID). This function removes all services in the exheader service-access-control which match services from a blacklist stored in pm-module. This blacklist contains two services: "http:C" and "soc:U".
+
This new function at L_101cfc immediately returns when the input programID isn't a CTR title / Cubic Ninja (USA/EUR/JPN uniqueID). This function removes all services in the exheader service-access-control which match services from a blacklist stored in pm-module. This blacklist contains two services: "http:C" and "soc:U".
    
This breaks QR-code ninjhax with the version available at the time of sysupdate release, since the QR-code build downloads the payload via HTTPC.
 
This breaks QR-code ninjhax with the version available at the time of sysupdate release, since the QR-code build downloads the payload via HTTPC.
    
====ARM11-kernel====
 
====ARM11-kernel====
57 functions were updated, 47 of these are the actual functions used for handling SVCs(see below). The lone function updated with v10.4 was updated with this version again.
+
57 functions were updated, 47 of these are the actual functions used for handling SVCs (see below). The lone function updated with v10.4 was updated with this version again.
   −
3 new functions used for validation with memory management were added (kernelpanic() on failure). This is a new security feature for the kernel heaps. By adding a MAC to the kernel heap [[Memory_Management#MemoryBlockHeader|memchunkhdr]] they can detect when it is modified by an outside DMA device ([[3DS_System_Flaws|gspwn]]).
+
3 new functions used for validation with memory management were added (kernelpanic() on failure). This is a new security feature for the kernel heaps. By adding a MAC to the kernel heap [[Memory Management#MemoryBlockHeader|memchunkhdr]] they can detect when it is modified by an outside DMA device ([[3DS System Flaws|gspwn]]).
    
The MAC itself is custom based on xor-rot-sub-mul, and is calculated as follows (pseudo-code):
 
The MAC itself is custom based on xor-rot-sub-mul, and is calculated as follows (pseudo-code):
   −
  u32* crypto_state = (u32*) r4; // Safe kernel memory. This is actually the [[Memory_Management#RegionDescriptor|RegionDescriptor]].
+
  u32* crypto_state = (u32*) r4; // Safe kernel memory. This is actually the [[Memory Management#RegionDescriptor|RegionDescriptor]].
 
  u32* data_ptr = (u32*) lr; // Unsafe FCRAM pointer.
 
  u32* data_ptr = (u32*) lr; // Unsafe FCRAM pointer.
 
   
 
   
Line 60: Line 60:  
The function which initializes a memalloc heap had a major update (used for FCRAM memregions and the SlabHeap container). It generates a random MAC key based on svcGetSystemTick, like this:
 
The function which initializes a memalloc heap had a major update (used for FCRAM memregions and the SlabHeap container). It generates a random MAC key based on svcGetSystemTick, like this:
   −
  crypto_state[16/4] = 0 //This is actually the [[Memory_Management#RegionDescriptor|RegionDescriptor]].
+
  crypto_state[16/4] = 0 //This is actually the [[Memory Management#RegionDescriptor|RegionDescriptor]].
 
  crypto_state[20/4] = 0
 
  crypto_state[20/4] = 0
 
  crypto_state[24/4] = 0
 
  crypto_state[24/4] = 0
Line 140: Line 140:  
|-
 
|-
 
| svcGetHandleInfo
 
| svcGetHandleInfo
| The code which clears the variables that get written into the output 8-byte buffer, was moved to before the code which checks the input type value(previously this was only executed for type 0x32107).
+
| The code which clears the variables that get written into the output 8-byte buffer, was moved to before the code which checks the input type value (previously this was only executed for type 0x32107).
 
|-
 
|-
 
| svcGetSystemInfo
 
| svcGetSystemInfo
Line 231: Line 231:     
====Process9====
 
====Process9====
Various data was moved around in the .data section(.data is  0x99C-bytes smaller than before).
+
Various data was moved around in the .data section (.data is  0x99C-bytes smaller than before).
    
Before installing titles, including NATIVE_FIRM, AMPXI will now check the version of the title to install against a hard-coded list of (titleID, minimumVersionRequired) pairs. This applies to  MSET, Home Menu, spider, ErrDisp, SKATER, NATIVE_FIRM, and every retail system module.
 
Before installing titles, including NATIVE_FIRM, AMPXI will now check the version of the title to install against a hard-coded list of (titleID, minimumVersionRequired) pairs. This applies to  MSET, Home Menu, spider, ErrDisp, SKATER, NATIVE_FIRM, and every retail system module.
77

edits