Shofel payloader source & prebuild for jib with some old payloads i had made

these payloads may not work , i have no clue honestly i attached them , also there are 2 helper py scripts that might work with some of these payloads
2026-03-03 22:16:28 +02:00
parent adc6be515d
commit a83ea3324f
118 changed files with 2605 additions and 0 deletions
--- a/Shofel4Jibo/payloads/ipatch_rcm.c
+++ b/Shofel4Jibo/payloads/ipatch_rcm.c
@@ -0,0 +1,41 @@
+/* Based on similar payload by ktemkin
+ * https://gist.github.com/ktemkin/825d5f4316f63a7c11ea851a2022415a
+ */
+
+#include "types.h"
+#include "t124.h"
+
+#define _REG(base, off) *(volatile unsigned int *)((base) + (off))
+#define reg_write(base, off, value) _REG(base, off) = value
+#define reg_clear(base, off, value) _REG(base, off) &= ~value
+#define reg_set(base, off, value) _REG(base, off) |= value
+
+/**
+ * Patches over a given address in the IROM using the IPATCH hardware.
+ */
+void ipatch_word(u8 slot, u32 addr, u16 new_value)
+{
+	u32 slot_value;
+	u32 offset;
+
+	// Mark the relevant ipatch slot as not-in-use.
+	reg_clear(IPATCH_BASE, IPATCH_SELECT, (1 << slot));
+
+	// Compute the new patch value.
+	offset = (addr & 0xFFFF) >> 1;
+	slot_value = (offset << 16) | new_value;
+
+	// Figure out the location of the slot to touch.
+	reg_write(IPATCH_BASE, IPATCH_REGS + (slot * 4), slot_value);
+
+	// Apply the new one.
+	reg_set(IPATCH_BASE, IPATCH_SELECT, (1 << slot));
+}
+
+__attribute__((section(".init")))
+void entry() {
+	ipatch_word(1, BOOTROM_GET_SECURITY_MODE, 0x2000);
+
+	register entry_point entry = (entry_point) ( 0x00101128 | 1 );
+	entry();
+}