Robin Lambertz roblabla

## trampoline.s
// Call with x0 = hbabi, x1 = 0xFFFFFFFFFFFFFFFF, x2 = NRO address
// Starts running the NRO. Returns the exit code of the homebrew.
nroEntrypointTrampoline:

    // TODO: Ideally, set up a new stack so NRO has a full stack to work with.

    // Save r19-r29
    stp x19, x20, [sp,-0x10]!
    stp x21, x22, [sp,-0x10]!
    stp x23, x24, [sp,-0x10]!

## test.c
    u32 elpdr_config_val = ((pinmux_config_val >> 0x0B) & 0x100); // Gets CONFIG bit 19 in bit 8

    /* Adjust ELpdr */
    if (pinmux_config_mask_val & 0x800) { // Checks CONFIG_MASK bit 11
        /* This pin supports ELpdr change */
        if (pinmux_mask_val & 0x100) { // Checks MASK bit 8
            /* Change ELpdr */
            if (((pinmux_val >> 0x08) ^ (pinmux_config_val >> 0x0B)) & 0x01) { // if VAL bit 8 != CONFIG bit 11
                pinmux_val |= elpdr_config_val; // set VAL bit 8 to CONFIG bit 19
            }

## pinmux
name                 addr   mask     pm
Sdmmc1Clk            0x3000 0x0072ff 0x01
Sdmmc1Cmd            0x3004 0x0072ff 0x02
Sdmmc1Dat3           0x3008 0x0072ff 0x02
Sdmmc1Dat2           0x300c 0x0072ff 0x02
Sdmmc1Dat1           0x3010 0x0072ff 0x02
Sdmmc1Dat0           0x3014 0x0072ff 0x01
Sdmmc3Clk            0x301c 0x0072ff 0x01
Sdmmc3Cmd            0x3020 0x0072ff 0x01
Sdmmc3Dat0           0x3024 0x0072ff 0x01

## PINMUX defaults
0x70003000 PINMUX_AUX_SDMMC1_CLK        0x00002074
0x70003004 PINMUX_AUX_SDMMC1_CMD        0x00002078
0x70003008 PINMUX_AUX_SDMMC1_DAT3       0x00002078
0x7000300C PINMUX_AUX_SDMMC1_DAT2       0x00002078
0x70003010 PINMUX_AUX_SDMMC1_DAT1       0x00002078
0x70003014 PINMUX_AUX_SDMMC1_DAT0       0x00002078
0x7000301C PINMUX_AUX_SDMMC3_CLK        0x00002074
0x70003020 PINMUX_AUX_SDMMC3_CMD        0x00002078
0x70003024 PINMUX_AUX_SDMMC3_DAT0       0x00002078
0x70003028 PINMUX_AUX_SDMMC3_DAT1       0x00002078

## kernel_any.py
# Copyright 2017 Reswitched Team
#
# Permission to use, copy, modify, and/or distribute this software for any purpose with or
# without fee is hereby granted, provided that the above copyright notice and this permission
# notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
# SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
# THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF

## pcie.json
{
  "format": "Nca3",
  "sig": "A4D56939F65D8AF8F82293B6784C906B2D003FC482E564912186CAC6F28432054FD92587E68FB7184B8C72460A80C885A53708FE69908E1DFCCCBD07CB976E14BB4E16517E25501A4AA6C02350FF2B09F2ACE0F92C603E75996E73958EF8E8DB7A66B7672FEBFE099F7EFBA7C317BA3EEFB462770EB1D1D96F08776634362FE3FDFE946311F831BEA05D862FC71E3F636FBB543C60487519AAF2705DAC063A8C5D13A65E6B87F1C4FF5E14C5FC0C77E6393BE5B2C290362FB6266D35C5421D0FA68C3252650286080F01A79C913D7985E307D9F3AEDBB1BCA3E76675D43B60E066DD202E634B766C7AC20C05F25F33DE50811DD47E1404FC4C650232FCB710E9",
  "npdm_sig": "2E64047980CD3ECCEE4DC28545D352A00B64CDE72679B3E11507C51D1708B7F4FD5BEF06E9A11A3B9891AC1DF35FB2FC2EC621C155D1FCD775B309FDFD4D51E05CDD8ECE458F37AB863A9143D5696F5F8E7D2B03273DF65ADDA36DA52CB0A966B501F0439E17B2F01B7DEF85BB58D0635370FC638017715D2E3B6BB725BA2A1F018D03E9488221FB2EB24C4728C61C56B045316BD55205ECAE83DD9BD49C5D95EC6BBE52BA2220381170C529497CB0DFCE0E70D8F9EADF1F1E660F891B5E73DA7978593A0A71D89215BF0BCA2A2401B1E438BA05BCDE51434F5C5927CA3DBDF61592EC482E6125

## P2180_A00_LP4_DSC_204Mhz.cfg
# CFG Version 03
# Do not edit. Generated by t210_emc_reg_tool_P987.exe V9.8.7. Command:
#   t210_emc_reg_tool_P987.exe -i Samsung_K4F6E304HB-MGCH_4GB.par 04.90196078431372549019
#      -dram_board_cfg 37 -data_bus_to_0 1 -dsr_per_dev 0 -fly_by_time_ps 1833 -dbi_rd_en 1
#      -is_bkv 1 -b P2180_A00_LP4_DSC_204Mhz.txt -o P2180_4GB_P987_configs\P2180_4GB_Samsung_4GB_lpddr4_204Mhz_P987.cfg
# Parameter file: Samsung_K4F6E304HB-MGCH_4GB.par, tck = 4.90 ns (204.00 MHz)
# bkv file: P2180_A00_LP4_DSC_204Mhz.txt
SDRAM[0].MemoryType                               = NvBootMemoryType_LpDdr4;
SDRAM[0].PllMInputDivider                         = 0x00000001;
SDRAM[0].PllMFeedbackDivider                      = 0x00000022;

## weird.rs
// libuser syscalls:
/// Creates a thread in the current process.
pub fn create_thread(ip: fn() -> !, arg: usize, sp: *const u8, _priority: u32, _processor_id: u32) -> Result<Thread, KernelError> {
    unsafe {
        let (out_handle, ..) = syscall(nr::CreateThread, ip as usize, arg, sp as _, _priority as _, _processor_id as _, 0)?;
        Ok(Thread(Handle::new(out_handle as _)))
    }
}

// Function I'm writing:

## gist:dd915349fc07ca776c7d8215d276b83c
[INFO] - kfs_kernel::interrupts - IDT is Idt {
    divide_by_zero: IdtEntry::InterruptGate32 {
        pointer: 3221251344,
        gdt_selector: 8,
        storage_segment: false,
        privilege_level: Ring0
    },
    debug: IdtEntry::InterruptGate32 {
        pointer: 3221251568,
        gdt_selector: 8,

## a
Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .debug_info       PROGBITS        00000000 0000d4 16005a 00      0   0  1
  [ 2] .debug_abbrev     PROGBITS        00000000 16012e 012c8c 00      0   0  1
  [ 3] .debug_line       PROGBITS        00000000 172dba 058e98 00      0   0  1
  [ 4] .debug_str        PROGBITS        00000000 1cbc52 095902 01  MS  0   0  1
  [ 5] .debug_ranges     PROGBITS        00000000 261554 033f08 00      0   0  1
  [ 6] .comment          PROGBITS        00000000 29545c 000012 01  MS  0   0  1
  [ 7] .debug_pubnames   PROGBITS        00000000 29546e 04642b 00      0   0  1
	// Call with x0 = hbabi, x1 = 0xFFFFFFFFFFFFFFFF, x2 = NRO address
	// Starts running the NRO. Returns the exit code of the homebrew.
	nroEntrypointTrampoline:

	// TODO: Ideally, set up a new stack so NRO has a full stack to work with.

	// Save r19-r29
	stp x19, x20, [sp,-0x10]!
	stp x21, x22, [sp,-0x10]!
	stp x23, x24, [sp,-0x10]!
	u32 elpdr_config_val = ((pinmux_config_val >> 0x0B) & 0x100); // Gets CONFIG bit 19 in bit 8

	/* Adjust ELpdr */
	if (pinmux_config_mask_val & 0x800) { // Checks CONFIG_MASK bit 11
	/* This pin supports ELpdr change */
	if (pinmux_mask_val & 0x100) { // Checks MASK bit 8
	/* Change ELpdr */
	if (((pinmux_val >> 0x08) ^ (pinmux_config_val >> 0x0B)) & 0x01) { // if VAL bit 8 != CONFIG bit 11
	pinmux_val \|= elpdr_config_val; // set VAL bit 8 to CONFIG bit 19
	}
	name addr mask pm
	Sdmmc1Clk 0x3000 0x0072ff 0x01
	Sdmmc1Cmd 0x3004 0x0072ff 0x02
	Sdmmc1Dat3 0x3008 0x0072ff 0x02
	Sdmmc1Dat2 0x300c 0x0072ff 0x02
	Sdmmc1Dat1 0x3010 0x0072ff 0x02
	Sdmmc1Dat0 0x3014 0x0072ff 0x01
	Sdmmc3Clk 0x301c 0x0072ff 0x01
	Sdmmc3Cmd 0x3020 0x0072ff 0x01
	Sdmmc3Dat0 0x3024 0x0072ff 0x01
	0x70003000 PINMUX_AUX_SDMMC1_CLK 0x00002074
	0x70003004 PINMUX_AUX_SDMMC1_CMD 0x00002078
	0x70003008 PINMUX_AUX_SDMMC1_DAT3 0x00002078
	0x7000300C PINMUX_AUX_SDMMC1_DAT2 0x00002078
	0x70003010 PINMUX_AUX_SDMMC1_DAT1 0x00002078
	0x70003014 PINMUX_AUX_SDMMC1_DAT0 0x00002078
	0x7000301C PINMUX_AUX_SDMMC3_CLK 0x00002074
	0x70003020 PINMUX_AUX_SDMMC3_CMD 0x00002078
	0x70003024 PINMUX_AUX_SDMMC3_DAT0 0x00002078
	0x70003028 PINMUX_AUX_SDMMC3_DAT1 0x00002078
	# Copyright 2017 Reswitched Team
	#
	# Permission to use, copy, modify, and/or distribute this software for any purpose with or
	# without fee is hereby granted, provided that the above copyright notice and this permission
	# notice appear in all copies.
	#
	# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
	# SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
	# THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
	# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
	{
	"format": "Nca3",
	"sig": "A4D56939F65D8AF8F82293B6784C906B2D003FC482E564912186CAC6F28432054FD92587E68FB7184B8C72460A80C885A53708FE69908E1DFCCCBD07CB976E14BB4E16517E25501A4AA6C02350FF2B09F2ACE0F92C603E75996E73958EF8E8DB7A66B7672FEBFE099F7EFBA7C317BA3EEFB462770EB1D1D96F08776634362FE3FDFE946311F831BEA05D862FC71E3F636FBB543C60487519AAF2705DAC063A8C5D13A65E6B87F1C4FF5E14C5FC0C77E6393BE5B2C290362FB6266D35C5421D0FA68C3252650286080F01A79C913D7985E307D9F3AEDBB1BCA3E76675D43B60E066DD202E634B766C7AC20C05F25F33DE50811DD47E1404FC4C650232FCB710E9",
	"npdm_sig": "2E64047980CD3ECCEE4DC28545D352A00B64CDE72679B3E11507C51D1708B7F4FD5BEF06E9A11A3B9891AC1DF35FB2FC2EC621C155D1FCD775B309FDFD4D51E05CDD8ECE458F37AB863A9143D5696F5F8E7D2B03273DF65ADDA36DA52CB0A966B501F0439E17B2F01B7DEF85BB58D0635370FC638017715D2E3B6BB725BA2A1F018D03E9488221FB2EB24C4728C61C56B045316BD55205ECAE83DD9BD49C5D95EC6BBE52BA2220381170C529497CB0DFCE0E70D8F9EADF1F1E660F891B5E73DA7978593A0A71D89215BF0BCA2A2401B1E438BA05BCDE51434F5C5927CA3DBDF61592EC482E6125
	# CFG Version 03
	# Do not edit. Generated by t210_emc_reg_tool_P987.exe V9.8.7. Command:
	# t210_emc_reg_tool_P987.exe -i Samsung_K4F6E304HB-MGCH_4GB.par 04.90196078431372549019
	# -dram_board_cfg 37 -data_bus_to_0 1 -dsr_per_dev 0 -fly_by_time_ps 1833 -dbi_rd_en 1
	# -is_bkv 1 -b P2180_A00_LP4_DSC_204Mhz.txt -o P2180_4GB_P987_configs\P2180_4GB_Samsung_4GB_lpddr4_204Mhz_P987.cfg
	# Parameter file: Samsung_K4F6E304HB-MGCH_4GB.par, tck = 4.90 ns (204.00 MHz)
	# bkv file: P2180_A00_LP4_DSC_204Mhz.txt
	SDRAM[0].MemoryType = NvBootMemoryType_LpDdr4;
	SDRAM[0].PllMInputDivider = 0x00000001;
	SDRAM[0].PllMFeedbackDivider = 0x00000022;
	// libuser syscalls:
	/// Creates a thread in the current process.
	pub fn create_thread(ip: fn() -> !, arg: usize, sp: *const u8, _priority: u32, _processor_id: u32) -> Result<Thread, KernelError> {
	unsafe {
	let (out_handle, ..) = syscall(nr::CreateThread, ip as usize, arg, sp as _, _priority as _, _processor_id as _, 0)?;
	Ok(Thread(Handle::new(out_handle as _)))
	}
	}

	// Function I'm writing:
	[INFO] - kfs_kernel::interrupts - IDT is Idt {
	divide_by_zero: IdtEntry::InterruptGate32 {
	pointer: 3221251344,
	gdt_selector: 8,
	storage_segment: false,
	privilege_level: Ring0
	},
	debug: IdtEntry::InterruptGate32 {
	pointer: 3221251568,
	gdt_selector: 8,
	Section Headers:
	[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
	[ 0] NULL 00000000 000000 000000 00 0 0 0
	[ 1] .debug_info PROGBITS 00000000 0000d4 16005a 00 0 0 1
	[ 2] .debug_abbrev PROGBITS 00000000 16012e 012c8c 00 0 0 1
	[ 3] .debug_line PROGBITS 00000000 172dba 058e98 00 0 0 1
	[ 4] .debug_str PROGBITS 00000000 1cbc52 095902 01 MS 0 0 1
	[ 5] .debug_ranges PROGBITS 00000000 261554 033f08 00 0 0 1
	[ 6] .comment PROGBITS 00000000 29545c 000012 01 MS 0 0 1
	[ 7] .debug_pubnames PROGBITS 00000000 29546e 04642b 00 0 0 1