search

OpenOrbis / mira-project-archive

The Homebrew Platform
GNU General Public License v3.0
221 stars 50 forks source link

Add sys_mprotect patches to allow RWX #90

Closed CrazyVoidProgrammer closed 4 years ago

CrazyVoidProgrammer commented 5 years ago

At request of kiwi, we need to add mprotect patches to all firmwares in oni boot/patches

ghost commented 5 years ago 
// patch mprotect to allow RWX mapping 4.55 
    kmem = (uint8_t *)&gKernelBase[0x00396A58];
    kmem[0] = 0x90;
    kmem[1] = 0x90;
    kmem[2] = 0x90;
    kmem[3] = 0x90;
    kmem[4] = 0x90;
    kmem[5] = 0x90;
// patch mprotect to allow RWX mapping 4.74 
    kmem = (uint8_t *)&gKernelBase[0x00397878];
    kmem[0] = 0x90;
    kmem[1] = 0x90;
    kmem[2] = 0x90;
    kmem[3] = 0x90;
    kmem[4] = 0x90;
    kmem[5] = 0x90;
// patch mprotect to allow RWX mapping 5.01 
    kmem = (uint8_t *)&gKernelBase[0x001A3AF8];
    kmem[0] = 0x90;
    kmem[1] = 0x90;
    kmem[2] = 0x90;
    kmem[3] = 0x90;
    kmem[4] = 0x90;
    kmem[5] = 0x90;
// patch mprotect to allow RWX mapping 5.05 
    kmem = (uint8_t *)&gKernelBase[0x001A3C08];
    kmem[0] = 0x90;
    kmem[1] = 0x90;
    kmem[2] = 0x90;
    kmem[3] = 0x90;
    kmem[4] = 0x90;
    kmem[5] = 0x90;

Sorry, no 4.05 kern here.

ghost commented 5 years ago

// patch mprotect to allow RWX mapping 4.05 kmem = (uint8_t *)&gKernelBase[0x004423E9]; kmem[0] = 0x90; kmem[1] = 0x90; kmem[2] = 0x90; kmem[3] = 0x90; kmem[4] = 0x90; kmem[5] = 0x90;

Took some time, but here it is. Also here is 1.76 if ever needed.

// patch mprotect to allow RWX mapping 1.76 kmem = (uint8_t *)&gKernelBase[0x003AFB9D]; kmem[0] = 0x90; kmem[1] = 0x90; kmem[2] = 0x90; kmem[3] = 0x90; kmem[4] = 0x90; kmem[5] = 0x90;

CelesteBlue-dev commented 5 years ago

isn't this patch applied in kexploit kROP ?

CrazyVoidProgrammer commented 5 years ago

unsure, it wont hurt applying it twice just in case though.

CrazyVoidProgrammer commented 5 years ago

Thank you @kozarovv