bb3+hax & reorganize stuff

Hax is menuhax67 in this instance. This allows an almost seamless transition from bb3 to menuhax67 and thus launching hbmenu. This should make launching agbhax without eshop less complicated.

.gitignore

@@ -57,3 +57,5 @@ F00D43D5
 F00D43D5.bin
 temp.bat
 *txt
+bb3+hax/bb3.bin
+otherapp_template.bin

bb3+hax/Makefile

@@ -0,0 +1,28 @@
+#---------------------------------------------------------------------------------
+.SUFFIXES:
+#---------------------------------------------------------------------------------
+
+ifeq ($(strip $(DEVKITARM)),)
+$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
+endif
+
+TOPDIR ?= $(CURDIR)
+include $(DEVKITARM)/base_tools
+
+HAXNAME := bb3
+
+.PHONY: all clean
+
+all:	$(HAXNAME).bin
+
+clean:
+	@rm -f $(HAXNAME).elf $(HAXNAME).bin
+	@echo clean ...
+
+$(HAXNAME).bin: $(HAXNAME).elf
+	$(OBJCOPY) -O binary $(HAXNAME).elf $(HAXNAME).bin
+	@echo built ... $(notdir $@)
+
+$(HAXNAME).elf:	$(HAXNAME).s
+	$(CC) -x assembler-with-cpp -nostartfiles -nostdlib -Ttext=0x00682000 $< -o $(HAXNAME).elf
+

bb3+hax/bb3.s

@@ -0,0 +1,34 @@
+	.arm
+	.text
+
+#include "defines_11x.h"
+
+#define GARBAGE 0xdeadb0b0
+#define STACK_PIVOT ROP_POPR3_ADDSPR3_POPPC
+
+#define ROPBUF 0x006AA000     //bss location of rop payload (ropkit_boototherapp.s) that launches otherapp
+#define ROPKIT_LINEARMEM_REGIONBASE 0x30000000
+#define ROPKIT_LINEARMEM_BUF (ROPKIT_LINEARMEM_REGIONBASE+0x100000)
+
+#define ROPKIT_BINPAYLOAD_PATH "sd:/bb3.bin"
+#define ROPKIT_BINPAYLOAD_FILEOFFSET 0x8000  //put bb3 installer inside bb3.bin
+#define ROPKIT_BINLOAD_SIZE 0x2000
+
+#define ROPKIT_MOUNTSD        
+#define ROPKIT_TMPDATA 0x0FFFc000
+#define ROPKIT_BINLOAD_TEXTOFFSET 0x0
+//#define ROPKIT_ENABLETERMINATE_GSPTHREAD
+#define ROPKIT_BEFOREJUMP_CACHEBUFADDR ROPKIT_LINEARMEM_BUF
+#define ROPKIT_BEFOREJUMP_CACHEBUFSIZE 0x2000  //large gsgpu flush fixes our new3ds L2 cache issues - and increases stability for old3ds
+
+
+#include "ropkit_ropinclude.s" 
+
+_start:
+ropstackstart:
+
+#include "ropkit_boototherapp.s"   
+
+ropkit_cmpobject:
+.word (ROPBUFLOC(ropkit_cmpobject) + 0x4) @ Vtable-ptr
+.fill (0x80 / 4), 4, STACK_PIVOT @ Vtable

bb3+hax/build.bat

@@ -0,0 +1,6 @@
+cd otherapp_template && make clean
+make && cd ..
+make
+python build.py
+cp bb3.bin g:/bb3.bin
+pause

bb3+hax/build.py

@@ -0,0 +1,17 @@
+import os,sys,struct
+
+def padto(f, newsize):
+	with open(f,"rb+") as f:
+		buff=f.read()
+		size=newsize-len(buff)
+		f.write(b"\x00"*size)
+def inject(ffrom, fto, offset):
+	with open(ffrom,"rb") as f:
+		buff=f.read()
+	with open(fto,"rb+") as f:
+		f.seek(offset)
+		f.write(buff)
+
+padto("bb3.bin", 0x80200)
+inject("otherapp_template/otherapp_template.bin","bb3.bin",0x8000)
+#padto("bb3.bin", 0x80200)

bb3+hax/defines_11x.h

@@ -0,0 +1,61 @@
+#define ROP_POPPC 0x0011a1d4
+#define POP_R1PC 0x001d53f8
+#define POP_R3PC 0x0010d44c
+#define POP_R2R6PC 0x001bb020
+#define POP_R4LR_BXR1 0x00119e4c
+#define POP_R4R8LR_BXR2 0x0011f1e0
+#define POP_R4R5R6PC 0x0010d008
+#define POP_R4FPPC 0x0010e6c0
+#define POP_R4R8PC 0x0010d20c
+
+#define ROP_STR_R1TOR0 0x00119e14
+#define ROP_STR_R0TOR1 0x0010d374
+#define ROP_LDR_R0FROMR0 0x0010d364
+#define ROP_ADDR0_TO_R1 0x00111940
+
+#define MEMCPY 0x001d0d5c
+
+#define svcSleepThread 0x001bdbd0
+
+#define GSPGPU_FlushDataCache 0x0013e46c
+#define GSPGPU_SERVHANDLEADR 0x002993c4
+
+#define IFile_Read 0x001c3140
+#define IFile_Write 0x001c73fc
+
+#define ROP_POPR3_ADDSPR3_POPPC 0x0014660c
+#define POP_R0PC 0x00146760
+#define ROP_LDRR1R1_STRR1R0 0x001adf34
+//      FAIL:                           #define POP_R5R6PC
+//      FAIL:                           #define ROP_CMPR0R1
+#define ROP_CMPR0R1_ALT0 0x001e4f84
+#define MEMSET32_OTHER 0x001d5a60
+#define svcControlMemory 0x001d3e90
+#define ROP_INITOBJARRAY 0x001c5865
+#define svcCreateThread 0x0010c698
+#define svcConnectToPort 0x001c62a4
+#define svcGetProcessId 0x0012bddc
+//      FAIL:                           #define THROWFATALERR_IPC
+#define SRV_GETSERVICEHANDLE 0x001d3f18
+#define CFGIPC_SecureInfoGetRegion 0x00118768
+#define ROP_COND_THROWFATALERR 0x001d4570
+#define GXLOW_CMD4 0x0013e570
+#define GSP_SHAREDMEM_SETUPFRAMEBUF 0x0012e0fc
+#define GSPTHREAD_OBJECTADDR 0x00296580
+#define FS_MountSdmc 0x001a1654
+//      FAIL:                           #define FS_MountSavedata
+#define IFile_Open 0x001c790c
+#define IFile_Close 0x001c78c8
+#define IFile_Seek 0x001b335c
+
+/*
+sub_239638:
+  80106e8
+  2e00000
+  8010674
+  297600 (getRegion result)
+  26B460 (table of tid high/low pairs from versionDB title, corresponds to getRegion with a "times 8"
+  v13 = sub_1C7C6C((int)"cver:", (int)dword_26B460, dword_26B460[2], dword_26B460[3], 0, 5, 5);
+  v25 = 0;
+  v14 = (_DWORD *)sub_1D2B8C((int)L"cver:/version.bin", &v25, 0, 0);
+*/

bb3+hax/otherapp_template/Makefile

@@ -0,0 +1,84 @@
+ifeq ($(strip $(DEVKITARM)),)
+$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
+endif
+export CTRULIB=$(shell pwd)/libctru
+ifeq ($(strip $(CTRULIB)),)
+$(error "Please set CTRULIB in your environment. export DEVKITARM=<path to>ctrulib/libctru")
+endif
+
+ifeq ($(filter $(DEVKITARM)/bin,$(PATH)),)
+export PATH:=$(DEVKITARM)/bin:$(PATH)
+endif
+
+DEFINES	:=	
+LDPATH	:=	ccd00.ld
+
+ifneq ($(strip $(LOADROPBIN)),)
+	DEFINES	:=	$(DEFINES) -DLOADROPBIN=1
+endif
+
+
+DEFINES	:=	$(DEFINES) -DOTHERAPP=1
+LDPATH	:=	otherapp.ld
+
+
+CC = arm-none-eabi-gcc
+# LINK = arm-none-eabi-gcc
+LINK = arm-none-eabi-ld
+AS = arm-none-eabi-as
+OBJCOPY = arm-none-eabi-objcopy
+CFLAGS += -Wall -std=c99 -march=armv6 -Os -I"$(CTRULIB)/include" -I$(DEVKITPRO)/libnds/include $(DEFINES)
+LDFLAGS += --script=$(LDPATH) -L"$(DEVKITARM)/arm-none-eabi/lib" -L"$(CTRULIB)/lib" -Map=output.map
+
+CFILES = $(wildcard source/*.c)
+BINFILES = $(wildcard data/*.bin)
+OFILES = $(BINFILES:data/%.bin=build/%.bin.o)
+OFILES += $(CFILES:source/%.c=build/%.o)
+DFILES = $(CFILES:source/%.c=build/%.d)
+SFILES = $(wildcard source/*.s)
+OFILES += $(SFILES:source/%.s=build/%.o)
+PROJECTNAME = ${shell basename "$(CURDIR)"}
+CWD = "$(CURDIR)""
+
+#---------------------------------------------------------------------------------
+# canned command sequence for binary data, taken from devkitARM
+#---------------------------------------------------------------------------------
+define bin2o
+	bin2s $< | $(AS) -o $(@)
+	echo "extern const u8" `(echo $(<F) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"_end[];" > source/`(echo $(<F) | tr . _)`.h
+	echo "extern const u8" `(echo $(<F) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"[];" >> source/`(echo $(<F) | tr . _)`.h
+	echo "extern const u32" `(echo $(<F) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`_size";" >> source/`(echo $(<F) | tr . _)`.h
+endef
+
+.PHONY:=all
+
+all: $(PROJECTNAME).bin
+
+ctrulib:
+	#cd "$(CTRULIB)" && make
+
+$(PROJECTNAME).bin: $(PROJECTNAME).elf
+	$(OBJCOPY) -O binary $< $@
+
+$(PROJECTNAME).elf: $(OFILES) ctrulib
+	$(LINK) $(LDFLAGS) -o $(PROJECTNAME).elf $(filter-out build/crt0.o, $(OFILES)) -g -lctru -lm -lc -lg
+
+clean:
+	@rm -f build/*.o build/*.d
+	@rm -f $(PROJECTNAME).elf $(PROJECTNAME).bin
+	@echo "all cleaned up !"
+
+-include $(DFILES)
+
+build/%.o: source/%.c
+	$(CC) $(CFLAGS) -c $< -o $@
+	@$(CC) $(DEFINES) -MM $< > build/$*.d
+
+build/%.o: source/%.s
+	$(CC) $(CFLAGS) -c $< -o $@
+	@$(CC) $(DEFINES) -MM $< > build/$*.d
+
+build/%.bin.o: data/%.bin
+	@echo $(notdir $<)
+	@$(bin2o)
+

bb3+hax/otherapp_template/libctru/.gitignore

@@ -0,0 +1 @@
+build

bb3+hax/otherapp_template/libctru/Makefile

@@ -0,0 +1,44 @@
+ifeq ($(strip $(DEVKITARM)),)
+$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
+endif
+
+include $(DEVKITARM)/base_rules
+
+CFLAGS += -Wall -std=c99 -march=armv6 -Os -ffunction-sections -I"$(CURDIR)/include/"
+
+CFILES = $(wildcard source/*.c)
+OFILES = $(CFILES:source/%.c=build/%.o)
+DFILES = $(CFILES:source/%.c=build/%.d)
+SFILES = $(wildcard source/*.s)
+OFILES += $(SFILES:source/%.s=build/%.o)
+PROJECTNAME = "libctru"
+
+.PHONY:=all dir
+
+all: dir lib/$(PROJECTNAME).a
+
+dir:
+	mkdir -p build
+	mkdir -p lib
+
+lib/$(PROJECTNAME).a: $(OFILES)
+	$(AR) rvs $@ $^
+
+clean:
+	@rm -f build/*.o build/*.d
+	@rm -f $(PROJECTNAME).a
+	@echo "all cleaned up !"
+
+-include $(DFILES)
+
+build/%.o: source/%.c
+	$(CC) $(CFLAGS) -mthumb -mthumb-interwork -c $< -o $@
+	@$(CC) -MM $< > build/$*.d
+
+build/GSP.o: source/GSP.c
+	$(CC) $(CFLAGS) -c $< -o $@
+	@$(CC) -MM $< > build/GSP.d
+
+build/%.o: source/%.s
+	$(CC) $(CFLAGS) -c $< -o $@
+	@$(CC) -MM $< > build/$*.d

bb3+hax/otherapp_template/libctru/include/ctr/AC.h

@@ -0,0 +1,8 @@
+#ifndef AC_H
+#define AC_H
+
+Result ACU_GetWifiStatus(Handle servhandle, u32 *out);
+Result ACU_WaitInternetConnection();
+
+#endif
+

bb3+hax/otherapp_template/libctru/include/ctr/APT.h

@@ -0,0 +1,54 @@
+#ifndef APT_H
+#define APT_H
+
+typedef enum{
+	APPID_HOMEMENU = 0x101, // Home Menu
+	APPID_CAMERA = 0x110, // Camera applet
+	APPID_WEB = 0x114, // Internet Browser
+	APPID_APPLICATION = 0x300, // Application
+}NS_APPID; // cf http://3dbrew.org/wiki/NS#AppIDs
+
+typedef enum{
+	APP_NOTINITIALIZED,
+	APP_RUNNING,
+	APP_SUSPENDED,
+	APP_EXITING,
+	APP_SUSPENDING,
+	APP_SLEEPMODE,
+	APP_PREPARE_SLEEPMODE
+}APP_STATUS;
+
+extern Handle aptEvents[3];
+
+Result aptInit(NS_APPID appID);
+void aptExit();
+void aptOpenSession();
+void aptCloseSession();
+void aptSetupEventHandler();
+void aptSetStatus(APP_STATUS status);
+APP_STATUS aptGetStatus();
+u32 aptGetStatusPower();//This can be used when the status is APP_SUSPEND* to check how the return-to-menu was triggered: 0 = home-button, 1 = power-button.
+void aptSetStatusPower(u32 status);
+void aptReturnToMenu();//This should be called by the user application when aptGetStatus() returns APP_SUSPENDING, not calling this will result in return-to-menu being disabled with the status left at APP_SUSPENDING. This function will not return until the system returns to the application, or when the status was changed to APP_EXITING.
+void aptWaitStatusEvent();
+NS_APPID aptGetMenuAppID();
+
+Result APT_GetLockHandle(Handle* handle, u16 flags, Handle* lockHandle);
+Result APT_Initialize(Handle* handle, NS_APPID appId, Handle* eventHandle1, Handle* eventHandle2);
+Result APT_Enable(Handle* handle, u32 a);
+Result APT_GetAppletManInfo(Handle* handle, u8 inval, u8 *outval8, u32 *outval32, NS_APPID *menu_appid, NS_APPID *active_appid);
+Result APT_PrepareToJumpToHomeMenu(Handle* handle);
+Result APT_JumpToHomeMenu(Handle* handle, u32 a, u32 b, u32 c);
+Result APT_InquireNotification(Handle* handle, u32 appID, u8* signalType);
+Result APT_NotifyToWait(Handle* handle, NS_APPID appID);
+Result APT_AppletUtility(Handle* handle, u32* out, u32 a, u32 size1, u8* buf1, u32 size2, u8* buf2);
+Result APT_GlanceParameter(Handle* handle, NS_APPID appID, u32 bufferSize, u32* buffer, u32* actualSize, u8* signalType);
+Result APT_ReceiveParameter(Handle* handle, NS_APPID appID, u32 bufferSize, u32* buffer, u32* actualSize, u8* signalType);
+Result APT_SendParameter(Handle* handle, NS_APPID src_appID, NS_APPID dst_appID, u32 bufferSize, u32* buffer, Handle paramhandle, u8 signalType);
+Result APT_SendCaptureBufferInfo(Handle* handle, u32 bufferSize, u32* buffer);
+Result APT_ReplySleepQuery(Handle* handle, NS_APPID appID, u32 a);
+Result APT_ReplySleepNotificationComplete(Handle* handle, NS_APPID appID);
+Result APT_PrepareToCloseApplication(Handle* handle, u8 a);
+Result APT_CloseApplication(Handle* handle, u32 a, u32 b, u32 c);
+
+#endif

bb3+hax/otherapp_template/libctru/include/ctr/CFGNOR.h

@@ -0,0 +1,12 @@
+#ifndef CFGNOR_H
+#define CFGNOR_H
+
+Result CFGNOR_Initialize(u8 value);
+Result CFGNOR_Shutdown();
+Result CFGNOR_ReadData(u32 offset, u32 *buf, u32 size);
+Result CFGNOR_WriteData(u32 offset, u32 *buf, u32 size);
+Result CFGNOR_DumpFlash(u32 *buf, u32 size);
+Result CFGNOR_WriteFlash(u32 *buf, u32 size);
+
+#endif
+