Difference between revisions of "PatchMii"
m |
Hallowizer (talk | contribs) (→Signature patch: details on what the patch changes) |
||
| Line 10: | Line 10: | ||
== Signature patch == | == Signature patch == | ||
| − | The signature patch | + | The signature patch patches the IOSC signature checking function to return 0 instead of 7 when the hash comparison fails, by changing a <code>mov r0, #0x7</code> to <code>mov r0, #0x0</code>. The code checks for either 0x23a2 (<code>mov r3, #0xa2</code>, found in IOSes vulnerable to the signing bug) or 0x4b0b (<code>ldr r3, =0xa1c</code>, found in fixed IOSes). |
== Drivechip patch == | == Drivechip patch == | ||
Revision as of 07:25, 21 August 2022
| PatchMii | |
| General | |
|---|---|
| Author(s) | fail0verflow |
| Type | System tool |
| License | GNU GPL v2 |
| Links | |
| Download | |
| Source | |
PatchMii is a tool designed to automatically patch IOS as it gets downloaded from NUS. It contains a framework used to work with IOS in general, but it also includes a piece of code that downloads the latest version of IOS37, makes 2 patches, and installs the patched IOS in the IOS254 slot (IOS5 on older versions).
Signature patch
The signature patch patches the IOSC signature checking function to return 0 instead of 7 when the hash comparison fails, by changing a mov r0, #0x7 to mov r0, #0x0. The code checks for either 0x23a2 (mov r3, #0xa2, found in IOSes vulnerable to the signing bug) or 0x4b0b (ldr r3, =0xa1c, found in fixed IOSes).
Drivechip patch
The drivechip patch changes 4 bytes related to DVDLowUnencryptedRead to FFFFFFFF, probably to make this ioctl always fail, so error 001 cannot be detected.
| |||||||||||||||||||||||