5,579
edits
Changes
→Drivechip patch: better details on what this does
Line 12:
Line 12:
The signature patch patches the IOSC signature checking function to return 0 instead of 7 when the hash comparison fails, by changing a <code>mov r0, #0x7</code> to <code>mov r0, #0x0</code>. The code checks for either 0x23a2 (<code>mov r3, #0xa2</code>, found in IOSes vulnerable to the signing bug) or 0x4b0b (<code>ldr r3, =0xa1c</code>, found in fixed IOSes).
The signature patch patches the IOSC signature checking function to return 0 instead of 7 when the hash comparison fails, by changing a <code>mov r0, #0x7</code> to <code>mov r0, #0x0</code>. The code checks for either 0x23a2 (<code>mov r3, #0xa2</code>, found in IOSes vulnerable to the signing bug) or 0x4b0b (<code>ldr r3, =0xa1c</code>, found in fixed IOSes).
−== Drivechip patch ==
+== DI patch ==
−The drivechip patch changes 4 bytes related to DVDLowUnencryptedRead to FFFFFFFF, probably to make this ioctl always fail, so error 001 cannot be detected.
+The drivechip patch changes the length of the DVDLowUnencryptedRead 00000000 region from 00014000 to FFFFFFFF, allowing unencrypted discs to be read. The pattern matches the entire region whitelist, but it only modifies the first region.
{{Navbox fail0verflow}}
{{Navbox fail0verflow}}