-keep the hbl loader in sync with the latest commits

-added zips for mario kart ds, new super mario bros, star fox command and phantom hourglass

Makefile

@@ -6,14 +6,20 @@ else
 	ZIP = zip
 endif
 
-all: setup brainage kirby yoshids brainage.zip kirby.zip yoshids.zip
+all: setup brainage kirby mariokartds sfcommand yoshids zeldaph brainage.zip kirby.zip mariokartds.zip sfcommand.zip yoshids.zip zeldaph.zip
 
 brainage: setup_brainage brainage.nds
 
-kirby: setup_kirby kirby.nds
+kirby: setup_kirby kirby.nds
+
+mariokartds: setup_mariokartds mariokartds.nds
+
+sfcommand: setup_sfcommand sfcommand.nds
 
 yoshids: setup_yoshids yoshids.nds
 
+zeldaph: setup_zeldaph zeldaph.nds
+
 setup:
 	@cd option_select && make && cd ..
 	@cd hbl_loader && make && cd ..
@@ -27,10 +33,22 @@ setup_kirby:
 	@rm -f defines.s haxchi_rop.bin haxchi_rop_hook.bin
 	@cp -f kirby_defs.s defines.s
 
+setup_mariokartds:
+	@rm -f defines.s haxchi_rop.bin haxchi_rop_hook.bin
+	@cp -f mariokartds_defs.s defines.s
+
+setup_sfcommand:
+	@rm -f defines.s haxchi_rop.bin haxchi_rop_hook.bin
+	@cp -f sfcommand_defs.s defines.s
+
 setup_yoshids:
 	@rm -f defines.s haxchi_rop.bin haxchi_rop_hook.bin
 	@cp -f yoshids_defs.s defines.s
 
+setup_zeldaph:
+	@rm -f defines.s haxchi_rop.bin haxchi_rop_hook.bin
+	@cp -f zeldaph_defs.s defines.s
+
 brainage.nds:
 	@armips haxchi_rop.s
 	@armips haxchi.s
@@ -41,40 +59,51 @@ kirby.nds:
 	@armips haxchi.s
 	@mv rom.nds kirby.nds
 
-yoshids.nds:
+mariokartds.nds:
 	@armips haxchi_rop.s
 	@armips haxchi.s
-	@mv rom.nds yoshids.nds
-	@cp yoshids.nds wwtouched.nds
+	@mv rom.nds mariokartds.nds
+	@cp mariokartds.nds newsmb.nds
 
-brainage_cfw.nds:
+sfcommand.nds:
 	@armips haxchi_rop.s
 	@armips haxchi.s
-	@mv rom.nds brainage_cfw.nds
+	@mv rom.nds sfcommand.nds
 
-kirby_cfw.nds:
+yoshids.nds:
 	@armips haxchi_rop.s
 	@armips haxchi.s
-	@mv rom.nds kirby_cfw.nds
+	@mv rom.nds yoshids.nds
+	@cp yoshids.nds wwtouched.nds
 
-yoshids_cfw.nds:
+zeldaph.nds:
 	@armips haxchi_rop.s
 	@armips haxchi.s
-	@mv rom.nds yoshids_cfw.nds
-	@cp yoshids_cfw.nds wwtouched_cfw.nds
+	@mv rom.nds zeldaph.nds
 
 brainage.zip:
 	$(ZIP) -JXjq9 brainage.zip brainage.nds
 
 kirby.zip:
 	$(ZIP) -JXjq9 kirby.zip kirby.nds
 
+mariokartds.zip:
+	$(ZIP) -JXjq9 mariokartds.zip mariokartds.nds
+	$(ZIP) -JXjq9 newsmb.zip newsmb.nds
+
+sfcommand.zip:
+	$(ZIP) -JXjq9 sfcommand.zip sfcommand.nds
+
 yoshids.zip:
 	$(ZIP) -JXjq9 yoshids.zip yoshids.nds
 	$(ZIP) -JXjq9 wwtouched.zip wwtouched.nds
 
+zeldaph.zip:
+	$(ZIP) -JXjq9 zeldaph.zip zeldaph.nds
+
 clean:
-	@rm -f *.bin defines.s brainage.nds brainage.zip kirby.nds kirby.zip wwtouched.nds wwtouched.zip yoshids.nds yoshids.zip
+	@rm -f *.bin defines.s brainage.nds brainage.zip kirby.nds kirby.zip mariokartds.nds mariokartds.zip \
+		newsmb.nds newsmb.zip sfcommand.nds sfcommand.zip wwtouched.nds wwtouched.zip yoshids.nds yoshids.zip zeldaph.nds zeldaph.zip
 	@cd option_select && make clean && cd ..
 	@cd hbl_loader && make clean && cd ..
 	@cd cfw_booter && make clean && cd ..

README.md

@@ -29,6 +29,12 @@ make sure to replace YOUR_GAME_TITLE_ID with one of the following:
 10179A00 - JPN Brain Age  
 10179B00 - US Brain Age  
 10179C00 - PAL Brain Training  
+10195600 - JPN Mario Kart DS  
+10195700 - US Mario Kart DS  
+10195800 - PAL Mario Kart DS  
+10195900 - JPN New Super Mario Bros  
+10195A00 - US New Super Mario Bros  
+10195B00 - PAL New Super Mario Bros  
 10198800 - JPN Yoshi's Island DS  
 10198900 - US Yoshi's Island DS  
 10198A00 - PAL Yoshi's Island DS  
@@ -38,6 +44,12 @@ make sure to replace YOUR_GAME_TITLE_ID with one of the following:
 101A5500 - JPN Kirby Squeak Squad  
 101A5600 - US Kirby Squeak Squad  
 101A5700 - PAL Kirby Mouse Attack  
+101AC000 - JPN Star Fox Command  
+101AC100 - US Star Fox Command  
+101AC200 - PAL Star Fox Command  
+101C3600 - JPN Zelda Phantom Hourglass  
+101C3700 - US Zelda Phantom Hourglass  
+101C3800 - PAL Zelda Phantom Hourglass  
 
 a config.txt can look like this for example:
 ```

brainage_defs.s

@@ -1,14 +1,14 @@
 
 ; game stack return address
 HAX_TARGET_ADDRESS equ (0x1076FAA4)
-
+; application memory pointer
 HACHI_APPLICATION_PTR equ (0x10A6E038)
-
+; arm9 rom location address
 ARM9_ROM_LOCATION equ (0x16220400)
-ARM7_ROM_MEM2_START equ (0xEBDDFC00)
 
 ; constants for position calcs
 RPX_OFFSET equ (0x01800000)
+ARM7_ROM_MEM2_START equ (0xF0000000 - ARM9_ROM_LOCATION + 0x12000000)
 
 ; rop-gadgets part 1 (used for all sorts of different things)
 LMW_R21R1xC_LWZ_R0R1x3C_MTLR_R0_ADDI_R1_x38_BLR equ (RPX_OFFSET + 0x02208F6C)

hbl_loader/sd_loader/src/crt0.S

@@ -0,0 +1,20 @@
+
+	.extern _main
+    .globl _start
+
+_start:
+	mflr 0
+	stwu 1,-0x18(1)
+	stw 0,0x1C(1)
+	stw 3,8(1)
+	stw 4,0xC(1)
+    # jump to our main
+    bl _main
+	# launch original title
+	mtctr 3
+	lwz 3,8(1)
+	lwz 4,0xC(1)
+	lwz 0,0x1C(1)
+	mtlr 0
+	addi 1,1,0x18
+	bctr

hbl_loader/sd_loader/src/entry.c

@@ -272,8 +272,10 @@ static int LiWaitOneChunk(unsigned int * iRemainingBytes, const char *filename,
             if((mapOffset + blockSize) >= mem_area->size)
             {
                 blockSize = mem_area->size - mapOffset;
+                //! this value is incremented later by blockSize, so set it to -blockSize for it to be 0 after copy
+                //! it makes smaller code then if(mapOffset == mem_area->size) after copy
+                mapOffset = -blockSize;
                 mem_area = mem_area->next;
-                mapOffset = 0;
             }
 
             SC0x25_KernelCopyData(load_addressPhys + rpxBlockPos, address, blockSize);
@@ -445,6 +447,26 @@ static int LoadFileToMem(private_data_t *private_data, const char *filepath, uns
     return success;
 }
 
+static void setup_patches(private_data_t *private_data)
+{
+    //! setup necessary syscalls and hooks for HBL
+    kern_write((void*)(OS_SPECIFICS->addr_KernSyscallTbl1 + (0x25 * 4)), (unsigned int)KernelCopyData);
+    kern_write((void*)(OS_SPECIFICS->addr_KernSyscallTbl2 + (0x25 * 4)), (unsigned int)KernelCopyData);
+    kern_write((void*)(OS_SPECIFICS->addr_KernSyscallTbl3 + (0x25 * 4)), (unsigned int)KernelCopyData);
+    kern_write((void*)(OS_SPECIFICS->addr_KernSyscallTbl4 + (0x25 * 4)), (unsigned int)KernelCopyData);
+    kern_write((void*)(OS_SPECIFICS->addr_KernSyscallTbl5 + (0x25 * 4)), (unsigned int)KernelCopyData);
+
+    //! store physical address for later use
+    addrphys_LiWaitOneChunk = private_data->OSEffectiveToPhysical((void*)OS_SPECIFICS->addr_LiWaitOneChunk);
+
+    u32 addr_my_PrepareTitle_hook = ((u32)my_PrepareTitle_hook) | 0x48000003;
+    DCFlushRange(&addr_my_PrepareTitle_hook, 4);
+
+    //! create our copy syscall
+    SC0x25_KernelCopyData(OS_SPECIFICS->addr_PrepareTitle_hook, private_data->OSEffectiveToPhysical(&addr_my_PrepareTitle_hook), 4);
+
+}
+
 static unsigned int load_elf_image (private_data_t *private_data, unsigned char *elfstart)
 {
 	Elf32_Ehdr *ehdr;
@@ -500,22 +522,6 @@ static unsigned int load_elf_image (private_data_t *private_data, unsigned char
         }
     }
 
-    //! setup hooks
-    kern_write((void*)(OS_SPECIFICS->addr_KernSyscallTbl1 + (0x25 * 4)), (unsigned int)KernelCopyData);
-    kern_write((void*)(OS_SPECIFICS->addr_KernSyscallTbl2 + (0x25 * 4)), (unsigned int)KernelCopyData);
-    kern_write((void*)(OS_SPECIFICS->addr_KernSyscallTbl3 + (0x25 * 4)), (unsigned int)KernelCopyData);
-    kern_write((void*)(OS_SPECIFICS->addr_KernSyscallTbl4 + (0x25 * 4)), (unsigned int)KernelCopyData);
-    kern_write((void*)(OS_SPECIFICS->addr_KernSyscallTbl5 + (0x25 * 4)), (unsigned int)KernelCopyData);
-
-    //! store physical address for later use
-    addrphys_LiWaitOneChunk = private_data->OSEffectiveToPhysical((void*)OS_SPECIFICS->addr_LiWaitOneChunk);
-
-    u32 addr_my_PrepareTitle_hook = ((u32)my_PrepareTitle_hook) | 0x48000003;
-    DCFlushRange(&addr_my_PrepareTitle_hook, 4);
-
-    //! create our copy syscall
-    SC0x25_KernelCopyData(OS_SPECIFICS->addr_PrepareTitle_hook, private_data->OSEffectiveToPhysical(&addr_my_PrepareTitle_hook), 4);
-
 	return ehdr->e_entry;
 }
 
@@ -568,7 +574,7 @@ static const char *HBL_ELF_PATH = "/vol/external01/wiiu/apps/homebrew_launcher/h
 
 unsigned int _main(int argc, char **argv)
 {
-	private_data_t private_data;
+    private_data_t private_data;
 
     if(MAIN_ENTRY_ADDR != 0xC001C0DE)
     {
@@ -593,6 +599,9 @@ unsigned int _main(int argc, char **argv)
 
             if(MAIN_ENTRY_ADDR == 0xDEADC0DE || MAIN_ENTRY_ADDR == 0)
             {
+                //! setup necessary syscalls and hooks for HBL before launching it
+                setup_patches(&private_data);
+
                 if(HBL_CHANNEL)
                 {
                     break;
@@ -644,6 +653,7 @@ unsigned int _main(int argc, char **argv)
     }
 
     unsigned int entry = *(unsigned int*)OS_SPECIFICS->addr_OSTitle_main_entry;
+
     //! if an application was an RPX launch then launch HBL again after return
     /*if(MAIN_ENTRY_ADDR == 0xC001C0DE)
     {

kirby_defs.s

@@ -5,7 +5,7 @@ HAX_TARGET_ADDRESS equ (0x107968AC)
 HACHI_APPLICATION_PTR equ (0x10c8c938)
 
 ARM9_ROM_LOCATION equ (0x1643F200)
-ARM7_ROM_MEM2_START equ (0xEBBC0E00)
+ARM7_ROM_MEM2_START equ (0xF0000000 - ARM9_ROM_LOCATION + 0x12000000)
 
 ; constants for position calcs
 RPX_OFFSET equ (0x01800000)

mariokartds_defs.s

@@ -0,0 +1,39 @@
+
+; game stack return address
+HAX_TARGET_ADDRESS equ (0x1077865C)
+; application memory pointer
+HACHI_APPLICATION_PTR equ (0x10A77038)
+; arm9 rom location address
+ARM9_ROM_LOCATION equ (0x16229400)
+
+; constants for position calcs
+RPX_OFFSET equ (0x01800000)
+ARM7_ROM_MEM2_START equ (0xF0000000 - ARM9_ROM_LOCATION + 0x12000000)
+
+; rop-gadgets part 1 (used for all sorts of different things)
+LMW_R21R1xC_LWZ_R0R1x3C_MTLR_R0_ADDI_R1_x38_BLR equ (RPX_OFFSET + 0x022031F8)
+BCTRL equ (RPX_OFFSET + 0x02203130)
+MTCTR_R27_ADDI_R31x2_MR_R3R31_R4R30_R5R29_R6R28_BCTRL_LMW_R26R1x18_MTLR_R1x34_ADDI_R1x30_BLR equ (RPX_OFFSET + 0x020A04C8)
+LWZ_R0xAFC_MTLR_R0_ADDI_R1xAF8_BLR equ (RPX_OFFSET + 0x020A00A0)
+LWZ_R0R1x14_LWZ_R30R1x8_R31R1xC_MTLR_R0_ADDI_R1x10_BLR equ (RPX_OFFSET + 0x02005AB8)
+MR_R11R31_LMW_R26R1x8_LWZ_R0x24_MTLR_R0_ADDI_R1x20_CLRLWI_R3R11x18_BLR equ (RPX_OFFSET + 0x02175AE8)
+LWZ_R0R11x4_R31R11xM4_MTLR_R0_MR_R1R11_BLR equ (RPX_OFFSET + 0x022740A8)
+
+; rop-gadgets part 2 (only used to set up core 0 thread stack)
+LWZ_R3_8_R1_LWZ_R0x14_MTLR_R0_ADDI_R1x10_BLR equ (RPX_OFFSET + 0x02017F88)
+MR_R12_R3_CMPLW_R12_R0_LI_R3_0_BEQ_ADDI_R3_R12x10_LWZ_R0_R1x14_MTLR_R0_ADDI_R1x10_BLR equ (RPX_OFFSET + 0x020AB88C)
+LWZ_R5_R1x8_CMPLW_R5_R31_BNE_MR_R3_R5_LWZ_R0_R1x1C_LWZ_R30_R1x10_MTLR_R0_LWZ_R31_R1x14_ADDI_R1x18_BLR equ (RPX_OFFSET + 0x0200EB28)
+LWZ_R4_R1xC_STW_R12_R1x8_LWZ_R3_R1x8_LWZ_R0_R1x1C_MTLR_R0_ADDI_R1x18_BLR equ (RPX_OFFSET + 0x020809E4)
+LWZ_R7_R1x10_LWZ_R8_R1x14_STW_R7_R31x0_STW_R8_R31x0_LWZ_R0_R1x2C_LWZ_R31_R0x24_MTLR_R0_LWZ_R30_R0x20_ADDI_R1x28_BLR equ (RPX_OFFSET + 0x02054DCC)
+LWZ_R3_4_R3_LWZ_R0xC_MTLR_R0_ADDI_R1x8_BLR equ (RPX_OFFSET + 0x02018010)
+LWZ_R0_R1x1C_LWZ_R30_R1x10_MTLR_R0_LWZ_R31_R1x14_ADDI_R1x18_ADD_R3_R7_BLR equ (RPX_OFFSET + 0x02145D64)
+MTCTR_R12_BCTRL_LI_R3_0_LWZ_R0_R1x14_LWZ_R31_R1xC_MTLR_R0_ADDI_R1x10_BLR equ (RPX_OFFSET + 0x02023700)
+
+; functions used from game
+NERD_CREATETHREAD equ (RPX_OFFSET + 0x0221E0B8)
+NERD_STARTTHREAD equ (RPX_OFFSET + 0x0221E4D4)
+NERD_JOINTHREAD equ (RPX_OFFSET + 0x0221DF64)
+HACHI_APPLICATION_SHUTDOWNANDDESTROY equ (RPX_OFFSET + 0x02006944)
+NERD_FASTWIIU_SHUTDOWN equ (RPX_OFFSET + 0x0201F138)
+CORE_SHUTDOWN equ (RPX_OFFSET + 0x0221D434)
+_START_EXIT equ (RPX_OFFSET + 0x02025F48)

option_select/main.c

@@ -249,9 +249,8 @@ uint32_t __main(void)
 	}
 	if(pBuffer)
 		MEMFreeToDefaultHeap(pBuffer);
-	if(hbl)
-		*(int*)0xF5E700FC = 0; //set SD_LOADER_FORCE_HBL to 0
-	DCStoreRange((void*)0xF5E70000,0xA0);
+
+	DCStoreRange((void*)0xF5E70000,0x100);
 	uint32_t entry = (hbl ? 0x01800000 : 0x0180C000);
 	return entry;
 }

sfcommand_defs.s

@@ -0,0 +1,39 @@
+
+; game stack return address
+HAX_TARGET_ADDRESS equ (0x107968AC)
+; application memory pointer
+HACHI_APPLICATION_PTR equ (0x10C8C938)
+; arm9 rom location address
+ARM9_ROM_LOCATION equ (0x1643F200)
+
+; constants for position calcs
+RPX_OFFSET equ (0x01800000)
+ARM7_ROM_MEM2_START equ (0xF0000000 - ARM9_ROM_LOCATION + 0x12000000)
+
+; rop-gadgets part 1 (used for all sorts of different things)
+LMW_R21R1xC_LWZ_R0R1x3C_MTLR_R0_ADDI_R1_x38_BLR equ (RPX_OFFSET + 0x02063D3C)
+BCTRL equ (RPX_OFFSET + 0x02004158)
+MTCTR_R27_ADDI_R31x2_MR_R3R31_R4R30_R5R29_R6R28_BCTRL_LMW_R26R1x18_MTLR_R1x34_ADDI_R1x30_BLR equ (RPX_OFFSET + 0x020A3670)
+LWZ_R0xAFC_MTLR_R0_ADDI_R1xAF8_BLR equ (RPX_OFFSET + 0x020A3248)
+LWZ_R0R1x14_LWZ_R30R1x8_R31R1xC_MTLR_R0_ADDI_R1x10_BLR equ (RPX_OFFSET + 0x0200106C)
+MR_R11R31_LMW_R26R1x8_LWZ_R0x24_MTLR_R0_ADDI_R1x20_CLRLWI_R3R11x18_BLR equ (RPX_OFFSET + 0x021791C8)
+LWZ_R0R11x4_R31R11xM4_MTLR_R0_MR_R1R11_BLR equ (RPX_OFFSET + 0x02277BA4)
+
+; rop-gadgets part 2 (only used to set up core 0 thread stack)
+LWZ_R3_8_R1_LWZ_R0x14_MTLR_R0_ADDI_R1x10_BLR equ (RPX_OFFSET + 0x02018908)
+MR_R12_R3_CMPLW_R12_R0_LI_R3_0_BEQ_ADDI_R3_R12x10_LWZ_R0_R1x14_MTLR_R0_ADDI_R1x10_BLR equ (RPX_OFFSET + 0x020AEAB0)
+LWZ_R5_R1x8_CMPLW_R5_R31_BNE_MR_R3_R5_LWZ_R0_R1x1C_LWZ_R30_R1x10_MTLR_R0_LWZ_R31_R1x14_ADDI_R1x18_BLR equ (RPX_OFFSET + 0x0200F4A8)
+LWZ_R4_R1xC_STW_R12_R1x8_LWZ_R3_R1x8_LWZ_R0_R1x1C_MTLR_R0_ADDI_R1x18_BLR equ (RPX_OFFSET + 0x02082E20)
+LWZ_R7_R1x10_LWZ_R8_R1x14_STW_R7_R31x0_STW_R8_R31x0_LWZ_R0_R1x2C_LWZ_R31_R0x24_MTLR_R0_LWZ_R30_R0x20_ADDI_R1x28_BLR equ (RPX_OFFSET + 0x020578EC)
+LWZ_R3_4_R3_LWZ_R0xC_MTLR_R0_ADDI_R1x8_BLR equ (RPX_OFFSET + 0x02018990)
+LWZ_R0_R1x1C_LWZ_R30_R1x10_MTLR_R0_LWZ_R31_R1x14_ADDI_R1x18_ADD_R3_R7_BLR equ (RPX_OFFSET + 0x02149304)
+MTCTR_R12_BCTRL_LI_R3_0_LWZ_R0_R1x14_LWZ_R31_R1xC_MTLR_R0_ADDI_R1x10_BLR equ (RPX_OFFSET + 0x020240EC)
+
+; functions used from game
+NERD_CREATETHREAD equ (RPX_OFFSET + 0x02221A48)
+NERD_STARTTHREAD equ (RPX_OFFSET + 0x02221E64)
+NERD_JOINTHREAD equ (RPX_OFFSET + 0x022218F4)
+HACHI_APPLICATION_SHUTDOWNANDDESTROY equ (RPX_OFFSET + 0x02006CC8)
+NERD_FASTWIIU_SHUTDOWN equ (RPX_OFFSET + 0x0201FB1C)
+CORE_SHUTDOWN equ (RPX_OFFSET + 0x02220DAC)
+_START_EXIT equ (RPX_OFFSET + 0x0202699C)

yoshids_defs.s

@@ -1,14 +1,14 @@
 
 ; game stack return address
 HAX_TARGET_ADDRESS equ (0x1079B52C)
-
+; application memory pointer
 HACHI_APPLICATION_PTR equ (0x10C91938)
-
+; arm9 rom location address
 ARM9_ROM_LOCATION equ (0x16444200)
-ARM7_ROM_MEM2_START equ (0xEBBBBE00)
 
 ; constants for position calcs
 RPX_OFFSET equ (0x01800000)
+ARM7_ROM_MEM2_START equ (0xF0000000 - ARM9_ROM_LOCATION + 0x12000000)
 
 ; rop-gadgets part 1 (used for all sorts of different things)
 LMW_R21R1xC_LWZ_R0R1x3C_MTLR_R0_ADDI_R1_x38_BLR equ (RPX_OFFSET + 0x02206F7C)