PatchMii

PatchMii is a tool designed to automatically patch IOS as it gets downloaded from NUS. It contains a framework used to work with IOS in general, but it also includes a piece of code that downloads the latest version of IOS37, makes 2 patches, and installs the patched IOS in the IOS254 slot (IOS5 on older versions).

Signature patch

The signature patch patches the IOSC signature checking function to return 0 instead of 7 when the hash comparison fails, by changing a mov r0, #0x7 to mov r0, #0x0. The code checks for either 0x23a2 (mov r3, #0xa2, found in IOSes vulnerable to the signing bug) or 0x4b0b (ldr r3, =0xa1c, found in fixed IOSes).

DI patch

The drivechip patch changes the length of the DVDLowUnencryptedRead 00000000 region from 00014000 to FFFFFFFF, allowing unencrypted discs to be read. The pattern matches the entire region whitelist, but it only modifies the first region.