Difference between revisions of "PatchMii"
m |
m (Reverted edits by WiiLoadFX (talk) to last revision by Hallowizer) Tag: Rollback |
||
| (4 intermediate revisions by 2 users not shown) | |||
| Line 10: | Line 10: | ||
== Signature patch == | == Signature patch == | ||
| − | The signature patch | + | The signature patch patches the IOSC signature checking function to return 0 instead of 7 when the hash comparison fails, by changing a <code>mov r0, #0x7</code> to <code>mov r0, #0x0</code>. The code checks for either 0x23a2 (<code>mov r3, #0xa2</code>, found in IOSes vulnerable to the signing bug) or 0x4b0b (<code>ldr r3, =0xa1c</code>, found in fixed IOSes). |
| − | == | + | == DI patch == |
| − | The drivechip patch changes | + | The drivechip patch changes the length of the DVDLowUnencryptedRead 00000000 region from 00014000 to FFFFFFFF, allowing unencrypted discs to be read. The pattern matches the entire region whitelist, but it only modifies the first region. |
{{Navbox fail0verflow}} | {{Navbox fail0verflow}} | ||
Latest revision as of 12:00, 29 January 2023
| PatchMii | |
| General | |
|---|---|
| Author(s) | fail0verflow |
| Type | System tool |
| License | GNU GPL v2 |
| Links | |
| Download | |
| Source | |
PatchMii is a tool designed to automatically patch IOS as it gets downloaded from NUS. It contains a framework used to work with IOS in general, but it also includes a piece of code that downloads the latest version of IOS37, makes 2 patches, and installs the patched IOS in the IOS254 slot (IOS5 on older versions).
Signature patch
The signature patch patches the IOSC signature checking function to return 0 instead of 7 when the hash comparison fails, by changing a mov r0, #0x7 to mov r0, #0x0. The code checks for either 0x23a2 (mov r3, #0xa2, found in IOSes vulnerable to the signing bug) or 0x4b0b (ldr r3, =0xa1c, found in fixed IOSes).
DI patch
The drivechip patch changes the length of the DVDLowUnencryptedRead 00000000 region from 00014000 to FFFFFFFF, allowing unencrypted discs to be read. The pattern matches the entire region whitelist, but it only modifies the first region.
| |||||||||||||||||||||||