1 files changed, 38 insertions, 0 deletions
diff --git a/utils/hwpatcher/fuzep_rb.lua b/utils/hwpatcher/fuzep_rb.lua
new file mode 100644
index 0000000000..f47a4983fa
--- /dev/null
+++ b/utils/hwpatcher/fuzep_rb.lua
@@ -0,0 +1,38 @@
+--[[
+Fuze+ RB hacking
+required argument (in order):
+- path to firmware
+- path to output firmware
+- path to blob
+]]-- 
+if #arg < 3 then
+    error("not enough argument to fuzep patcher")
+end
+local fw = hwp.load_file(arg[1])
+local irq_addr_pool = hwp.make_addr(0x38)
+local proxy_addr = arm.to_arm(hwp.make_addr(0x60115ba4))
+-- read old IRQ address pool
+local old_irq_addr = hwp.make_addr(hwp.read32(fw, irq_addr_pool))
+print(string.format("Old IRQ address: %s", old_irq_addr))
+-- modify it
+hwp.write32(fw, irq_addr_pool, proxy_addr.addr)
+print(string.format("New IRQ address: %s", proxy_addr))
+-- in proxy, save registers
+arm.write_save_regs(fw, proxy_addr)
+proxy_addr = hwp.inc_addr(proxy_addr, 4)
+-- do some work
+local blob = hwp.load_bin_file(arg[3])
+local blob_info = hwp.section_info(blob, "")
+local blob_data = hwp.read(blob, hwp.make_addr(blob_info.addr, ""), blob_info.size)
+hwp.write(fw, proxy_addr, blob_data)
+proxy_addr = hwp.inc_addr(proxy_addr, blob_info.size)
+-- restore registers
+arm.write_restore_regs(fw, proxy_addr)
+proxy_addr = hwp.inc_addr(proxy_addr, 4)
+-- branch to old code
+local branch_to_old = arm.make_branch(old_irq_addr, false)
+arm.write_branch(fw, proxy_addr, branch_to_old)
+-- save
+hwp.save_file(fw, arg[2])
+\ No newline at end of file

diff --git a/utils/hwpatcher/fuzep_rb.lua b/utils/hwpatcher/fuzep_rb.lua new file mode 100644 index 0000000000..f47a4983fa --- /dev/null +++ b/utils/hwpatcher/fuzep_rb.lua
@@ -0,0 +1,38 @@
	1	--[[
	2	Fuze+ RB hacking
	3	required argument (in order):
	4	- path to firmware
	5	- path to output firmware
	6	- path to blob
	7	]]--
	8
	9	if #arg < 3 then
	10	error("not enough argument to fuzep patcher")
	11	end
	12
	13	local fw = hwp.load_file(arg[1])
	14	local irq_addr_pool = hwp.make_addr(0x38)
	15	local proxy_addr = arm.to_arm(hwp.make_addr(0x60115ba4))
	16	-- read old IRQ address pool
	17	local old_irq_addr = hwp.make_addr(hwp.read32(fw, irq_addr_pool))
	18	print(string.format("Old IRQ address: %s", old_irq_addr))
	19	-- modify it
	20	hwp.write32(fw, irq_addr_pool, proxy_addr.addr)
	21	print(string.format("New IRQ address: %s", proxy_addr))
	22	-- in proxy, save registers
	23	arm.write_save_regs(fw, proxy_addr)
	24	proxy_addr = hwp.inc_addr(proxy_addr, 4)
	25	-- do some work
	26	local blob = hwp.load_bin_file(arg[3])
	27	local blob_info = hwp.section_info(blob, "")
	28	local blob_data = hwp.read(blob, hwp.make_addr(blob_info.addr, ""), blob_info.size)
	29	hwp.write(fw, proxy_addr, blob_data)
	30	proxy_addr = hwp.inc_addr(proxy_addr, blob_info.size)
	31	-- restore registers
	32	arm.write_restore_regs(fw, proxy_addr)
	33	proxy_addr = hwp.inc_addr(proxy_addr, 4)
	34	-- branch to old code
	35	local branch_to_old = arm.make_branch(old_irq_addr, false)
	36	arm.write_branch(fw, proxy_addr, branch_to_old)
	37	-- save
	38	hwp.save_file(fw, arg[2]) \ No newline at end of file