See CTCaer/hekate#182 for an implementation of this patch in hekate.
The switch has an awesome syscall: svcOutputDebugString(char*, size_t)
. As the name implies, it's supposed to take
a string and print it out somewhere for logging/debugging purposes. Unfortunately, on the official switch firmware, it
does nothing (Nintendo isn't nice like that).
Turns out, printing debug information from the kernel is a bit of a challenge. There aren't a whole lot of peripherals we
can use without interfering with the normal switch operations. USB is complicated, drawing on the screen would make it
unusable for graphic apps, TCP isn't viable... Fortunately, there was some code left in the kernel that allows printing
things over UART. And the switch uses the UART to communicate to JoyCons, which can easily be both soft and hard-modded...
Thus a plan was born.
We're going to print the svcOutputDebugString
on UART-B. Then, we'll hardmod a joycon rail with a 1.8v TTL-to-USB
device, in order to transmit that data back to a computer.
TODO: It should be possible to transmit data back to a computer without hard-modding, but instead by soft-modding the
joycon firmware. This would be super nice.
For the sake of simplicity, the patches will be given as radare2 commands for this one. This patch is in three parts:
-
First, let's fix up the kernel printk to print over UART-B instead of UART-A. This is because UART-B is the right joycon
UART, while UART-A is just an internal debug UART that isn't connected to anything.
- 1.0.0 wx 8c0a90f2 @ 0x00003ad4
-
Then, we'll want to write some glue code to wire our svc to the printk function:
- 1.0.0 wx 252e2a73 @ 0x0004797c
wx e20300aae0ffffd2e0ffdff280f8b7f2802f8bf2fd7bbfa986f0fe97000080d2fd7bc1a8c0035fd6 @ 0x00047984
-
And finally, let's call that glue code in svcOutputDebugString:
- 1.0.0 wx 08730094 @ 0x0002ad64
You should now be able to listen in on the UART from a modded joycon rail and a ttl-to-usb cable (make sure you get one
that supports 1.8 voltage).
DisableSvcVerif:
- 3.0.0 0x0003bd24 e0020054 => 1f2003d5 0x0003bd24