From 7cb08e8f640a19f079f85c6c28265051fb6c0dbf Mon Sep 17 00:00:00 2001
From: Maschell <Maschell@gmx.de>
Date: Sat, 13 May 2017 09:43:17 +0200
Subject: [PATCH 1/3] Disabling the FAT32 nativ USB support

---
 ios_fs/source/main.c                    |   4 +-
 ios_kernel/source/ios_acp_patches_asm.s |   2 +-
 ios_kernel/source/ios_fs_patches.c      |  10 +-
 ios_kernel/source/ios_mcp_patches_asm.s |   2 +-
 ios_kernel/source/kernel_patches.c      |   2 +-
 mocha.cbp                               | 325 ++++++++++++++++++++++++
 6 files changed, 335 insertions(+), 10 deletions(-)
 create mode 100644 mocha.cbp

diff --git a/ios_fs/source/main.c b/ios_fs/source/main.c
index 8a9106f..c5c0844 100644
--- a/ios_fs/source/main.c
+++ b/ios_fs/source/main.c
@@ -22,7 +22,7 @@ void createDevThread_entry(int node_type, u32 *dev_handles)
             sdcard_init();
         }
     }
-    else if(node_type == NODE_TYPE_DEV_UMS)
+    /*else if(node_type == NODE_TYPE_DEV_UMS)
     {
         // instead of hooking into attach at 0x10732FBC...lets do this and let the system do the mount
         fs_attach_info_t * info = (fs_attach_info_t *)(*(u32*)0x1091C2E4);
@@ -44,7 +44,7 @@ void createDevThread_entry(int node_type, u32 *dev_handles)
             info = info->next;
         }
         while(info);
-    }
+    }*/
     else if(node_type == NODE_TYPE_DEV_ATFS) // ATFS is started right before ISFS for slc/slccmpt
     {
         cfw_config_t cfw_config;
diff --git a/ios_kernel/source/ios_acp_patches_asm.s b/ios_kernel/source/ios_acp_patches_asm.s
index ab4d38b..74b9001 100644
--- a/ios_kernel/source/ios_acp_patches_asm.s
+++ b/ios_kernel/source/ios_acp_patches_asm.s
@@ -6,6 +6,6 @@ patch_wfs_partition_check:
 .globl acp_patches_table, acp_patches_table_end
 acp_patches_table:
 #          origin           data                                    size
-     .word 0xE00605D0,      patch_wfs_partition_check,              4
+#     .word 0xE00605D0,      patch_wfs_partition_check,              4
 acp_patches_table_end:
 
diff --git a/ios_kernel/source/ios_fs_patches.c b/ios_kernel/source/ios_fs_patches.c
index 6c4e8ee..53f9ffd 100644
--- a/ios_kernel/source/ios_fs_patches.c
+++ b/ios_kernel/source/ios_fs_patches.c
@@ -81,13 +81,13 @@ void fs_run_patches(u32 ios_elf_start)
         //section_write_word(ios_elf_start, FS_USB_WRITE, ARM_B(FS_USB_WRITE, usbWrite_patch));
     }
 
-    section_write_word(ios_elf_start, 0x1070F87C, ARM_BL(0x1070F87C, FSA_AttachVolume_FillDescription_hook));
-    section_write_word(ios_elf_start, 0x10700EFC, ARM_BL(0x10700EFC, FSA_AsyncCommandCallback_hook));
+    //section_write_word(ios_elf_start, 0x1070F87C, ARM_BL(0x1070F87C, FSA_AttachVolume_FillDescription_hook));
+    //section_write_word(ios_elf_start, 0x10700EFC, ARM_BL(0x10700EFC, FSA_AsyncCommandCallback_hook));
     // patch mounting FAT and allow all devices instead of only SD card
-    section_write_word(ios_elf_start, 0x1078E074, 0xEA000002);
+    //section_write_word(ios_elf_start, 0x1078E074, 0xEA000002);
     // patch FSA_MakeQuota to not store command -> command is modified depending on wether it is USB FAT or not
-    section_write_word(ios_elf_start, 0x1070BE0C, 0xE1A00000);
-    section_write_word(ios_elf_start, 0x1070BE00, ARM_BL(0x1070BE00, FSA_MakeQuota_asm_hook));
+    //section_write_word(ios_elf_start, 0x1070BE0C, 0xE1A00000);
+    //section_write_word(ios_elf_start, 0x1070BE00, ARM_BL(0x1070BE00, FSA_MakeQuota_asm_hook));
 
     section_write_word(ios_elf_start, FS_CREATEDEVTHREAD_HOOK, ARM_B(FS_CREATEDEVTHREAD_HOOK, createDevThread_hook));
 
diff --git a/ios_kernel/source/ios_mcp_patches_asm.s b/ios_kernel/source/ios_mcp_patches_asm.s
index dc4e2a9..3b22d87 100644
--- a/ios_kernel/source/ios_mcp_patches_asm.s
+++ b/ios_kernel/source/ios_mcp_patches_asm.s
@@ -34,7 +34,7 @@ mcp_patches_table:
      .word 0x05052C44,      patch_IOSC_VerifyPubkeySign,            8
      .word 0x05052A90,      patch_cert_verification,                8
      .word 0x05054D6C,      patch_cached_cert_check,                8
-     .word 0x0502ADF6,      patch_wfs_partition_check,              4
+#     .word 0x0502ADF6,      patch_wfs_partition_check,              4
 #     .word 0x05014AD8,      patch_wfs_partition_check,              4
 # over an hour, MCP crash prevention
      .word 0x05022474,      0xFFFFFFFF,                             4
diff --git a/ios_kernel/source/kernel_patches.c b/ios_kernel/source/kernel_patches.c
index b8580a1..2479af7 100644
--- a/ios_kernel/source/kernel_patches.c
+++ b/ios_kernel/source/kernel_patches.c
@@ -130,7 +130,7 @@ void kernel_launch_ios(u32 launch_address, u32 L, u32 C, u32 H)
         mcp_run_patches(ios_elf_start);
         kernel_run_patches(ios_elf_start);
         fs_run_patches(ios_elf_start);
-        acp_run_patches(ios_elf_start);
+        //acp_run_patches(ios_elf_start);
 
         if(cfw_config.redNAND && cfw_config.seeprom_red)
             bsp_run_patches(ios_elf_start);
diff --git a/mocha.cbp b/mocha.cbp
new file mode 100644
index 0000000..1c5a4e4
--- /dev/null
+++ b/mocha.cbp
@@ -0,0 +1,325 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
+<CodeBlocks_project_file>
+	<FileVersion major="1" minor="6" />
+	<Project>
+		<Option title="mocha" />
+		<Option makefile_is_custom="1" />
+		<Option pch_mode="2" />
+		<Option compiler="ppc-gcc" />
+		<Build>
+			<Target title="build">
+				<Option output="bin/Release/mocha" prefix_auto="1" extension_auto="1" />
+				<Option object_output="obj/Release/" />
+				<Option type="1" />
+				<Option compiler="ppc-gcc" />
+				<Compiler>
+					<Add option="-O2" />
+				</Compiler>
+				<MakeCommands>
+					<Build command="make" />
+					<CompileFile command="$make -f $makefile $file" />
+					<Clean command="$make -f $makefile clean$target" />
+					<DistClean command="$make -f $makefile distclean$target" />
+					<AskRebuildNeeded command="$make -q -f $makefile $target" />
+					<SilentBuild command="make &gt; $(CMD_NULL)" />
+				</MakeCommands>
+			</Target>
+		</Build>
+		<Compiler>
+			<Add option="-Wall" />
+		</Compiler>
+		<Unit filename="build/cfw_config.d" />
+		<Unit filename="build/entry.d" />
+		<Unit filename="build/exception_handler.d" />
+		<Unit filename="build/fs_functions.d" />
+		<Unit filename="build/fs_utils.d" />
+		<Unit filename="build/gx2_functions.d" />
+		<Unit filename="build/ios_exploit.d" />
+		<Unit filename="build/logger.d" />
+		<Unit filename="build/main.d" />
+		<Unit filename="build/memory.d" />
+		<Unit filename="build/menu.d" />
+		<Unit filename="build/os_functions.d" />
+		<Unit filename="build/sd_fat_devoptab.d" />
+		<Unit filename="build/socket_functions.d" />
+		<Unit filename="build/sys_functions.d" />
+		<Unit filename="build/vpad_functions.d" />
+		<Unit filename="ios_bsp/build/fsa.d" />
+		<Unit filename="ios_bsp/build/seeprom.d" />
+		<Unit filename="ios_bsp/build/seeprom_asm.d" />
+		<Unit filename="ios_bsp/build/svc.d" />
+		<Unit filename="ios_bsp/ios_bsp.bin.h" />
+		<Unit filename="ios_bsp/ios_bsp_syms.h" />
+		<Unit filename="ios_bsp/source/fsa.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_bsp/source/fsa.h" />
+		<Unit filename="ios_bsp/source/seeprom.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_bsp/source/seeprom_asm.s" />
+		<Unit filename="ios_bsp/source/svc.h" />
+		<Unit filename="ios_bsp/source/svc.s" />
+		<Unit filename="ios_bsp/source/types.h" />
+		<Unit filename="ios_fs/build/devices.d" />
+		<Unit filename="ios_fs/build/dumper.d" />
+		<Unit filename="ios_fs/build/fat32_format.d" />
+		<Unit filename="ios_fs/build/font.d" />
+		<Unit filename="ios_fs/build/function_hooks.d" />
+		<Unit filename="ios_fs/build/main.d" />
+		<Unit filename="ios_fs/build/mlcio.d" />
+		<Unit filename="ios_fs/build/sdio.d" />
+		<Unit filename="ios_fs/build/svc.d" />
+		<Unit filename="ios_fs/build/text.d" />
+		<Unit filename="ios_fs/ios_fs.bin.h" />
+		<Unit filename="ios_fs/ios_fs_syms.h" />
+		<Unit filename="ios_fs/source/devices.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_fs/source/devices.h" />
+		<Unit filename="ios_fs/source/dumper.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_fs/source/dumper.h" />
+		<Unit filename="ios_fs/source/fat32_format.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_fs/source/fat32_format.h" />
+		<Unit filename="ios_fs/source/font.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_fs/source/font_bin.h" />
+		<Unit filename="ios_fs/source/function_hooks.s" />
+		<Unit filename="ios_fs/source/hardware_registers.h" />
+		<Unit filename="ios_fs/source/imports.h" />
+		<Unit filename="ios_fs/source/main.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_fs/source/mlcio.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_fs/source/mlcio.h" />
+		<Unit filename="ios_fs/source/sdio.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_fs/source/sdio.h" />
+		<Unit filename="ios_fs/source/svc.h" />
+		<Unit filename="ios_fs/source/svc.s" />
+		<Unit filename="ios_fs/source/text.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_fs/source/text.h" />
+		<Unit filename="ios_fs/source/types.h" />
+		<Unit filename="ios_kernel/build/crt0.d" />
+		<Unit filename="ios_kernel/build/elf_patcher.d" />
+		<Unit filename="ios_kernel/build/exception_handler.d" />
+		<Unit filename="ios_kernel/build/fsa.d" />
+		<Unit filename="ios_kernel/build/instant_patches.d" />
+		<Unit filename="ios_kernel/build/ios_bsp_patches.d" />
+		<Unit filename="ios_kernel/build/ios_fs_patches.d" />
+		<Unit filename="ios_kernel/build/ios_fs_patches_asm.d" />
+		<Unit filename="ios_kernel/build/ios_mcp_patches.d" />
+		<Unit filename="ios_kernel/build/ios_mcp_patches_asm.d" />
+		<Unit filename="ios_kernel/build/kernel_patches.d" />
+		<Unit filename="ios_kernel/build/kernel_patches_asm.d" />
+		<Unit filename="ios_kernel/build/main.d" />
+		<Unit filename="ios_kernel/build/redirection_setup.d" />
+		<Unit filename="ios_kernel/build/text.d" />
+		<Unit filename="ios_kernel/build/utils.d" />
+		<Unit filename="ios_kernel/ios_kernel.bin.h" />
+		<Unit filename="ios_kernel/ios_kernel_syms.h" />
+		<Unit filename="ios_kernel/source/config.h" />
+		<Unit filename="ios_kernel/source/crt0.s" />
+		<Unit filename="ios_kernel/source/elf_abi.h" />
+		<Unit filename="ios_kernel/source/elf_patcher.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/elf_patcher.h" />
+		<Unit filename="ios_kernel/source/exception_handler.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/exception_handler.h" />
+		<Unit filename="ios_kernel/source/font_bin.h" />
+		<Unit filename="ios_kernel/source/fsa.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/fsa.h" />
+		<Unit filename="ios_kernel/source/instant_patches.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/instant_patches.h" />
+		<Unit filename="ios_kernel/source/ios_bsp_patches.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/ios_bsp_patches.h" />
+		<Unit filename="ios_kernel/source/ios_fs_patches.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/ios_fs_patches.h" />
+		<Unit filename="ios_kernel/source/ios_fs_patches_asm.s" />
+		<Unit filename="ios_kernel/source/ios_mcp_patches.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/ios_mcp_patches.h" />
+		<Unit filename="ios_kernel/source/ios_mcp_patches_asm.s" />
+		<Unit filename="ios_kernel/source/kernel_patches.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/kernel_patches.h" />
+		<Unit filename="ios_kernel/source/kernel_patches_asm.s" />
+		<Unit filename="ios_kernel/source/main.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/redirection_setup.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/redirection_setup.h" />
+		<Unit filename="ios_kernel/source/text.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/text.h" />
+		<Unit filename="ios_kernel/source/types.h" />
+		<Unit filename="ios_kernel/source/utils.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_kernel/source/utils.h" />
+		<Unit filename="ios_mcp/build/crt0.d" />
+		<Unit filename="ios_mcp/build/font.d" />
+		<Unit filename="ios_mcp/build/fsa.d" />
+		<Unit filename="ios_mcp/build/imports.d" />
+		<Unit filename="ios_mcp/build/ipc.d" />
+		<Unit filename="ios_mcp/build/logger.d" />
+		<Unit filename="ios_mcp/build/main.d" />
+		<Unit filename="ios_mcp/build/net_ifmgr_ncl.d" />
+		<Unit filename="ios_mcp/build/socket.d" />
+		<Unit filename="ios_mcp/build/svc.d" />
+		<Unit filename="ios_mcp/build/text.d" />
+		<Unit filename="ios_mcp/ios_mcp.bin.h" />
+		<Unit filename="ios_mcp/ios_mcp_syms.h" />
+		<Unit filename="ios_mcp/source/crt0.s" />
+		<Unit filename="ios_mcp/source/font.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_mcp/source/font_bin.h" />
+		<Unit filename="ios_mcp/source/fsa.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_mcp/source/fsa.h" />
+		<Unit filename="ios_mcp/source/imports.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_mcp/source/imports.h" />
+		<Unit filename="ios_mcp/source/ipc.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_mcp/source/ipc.h" />
+		<Unit filename="ios_mcp/source/ipc_types.h" />
+		<Unit filename="ios_mcp/source/logger.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_mcp/source/logger.h" />
+		<Unit filename="ios_mcp/source/main.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_mcp/source/net_ifmgr_ncl.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_mcp/source/net_ifmgr_ncl.h" />
+		<Unit filename="ios_mcp/source/socket.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_mcp/source/socket.h" />
+		<Unit filename="ios_mcp/source/svc.h" />
+		<Unit filename="ios_mcp/source/svc.s" />
+		<Unit filename="ios_mcp/source/text.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="ios_mcp/source/text.h" />
+		<Unit filename="ios_mcp/source/types.h" />
+		<Unit filename="ios_usb/build/crt0.d" />
+		<Unit filename="ios_usb/build/main.d" />
+		<Unit filename="ios_usb/ios_usb.bin.h" />
+		<Unit filename="ios_usb/ios_usb_syms.h" />
+		<Unit filename="ios_usb/source/crt0.s" />
+		<Unit filename="ios_usb/source/main.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/cfw_config.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/cfw_config.h" />
+		<Unit filename="src/common/common.h" />
+		<Unit filename="src/common/fs_defs.h" />
+		<Unit filename="src/common/os_defs.h" />
+		<Unit filename="src/common/types.h" />
+		<Unit filename="src/dynamic_libs/fs_defs.h" />
+		<Unit filename="src/dynamic_libs/fs_functions.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/dynamic_libs/fs_functions.h" />
+		<Unit filename="src/dynamic_libs/gx2_functions.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/dynamic_libs/gx2_functions.h" />
+		<Unit filename="src/dynamic_libs/gx2_types.h" />
+		<Unit filename="src/dynamic_libs/os_functions.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/dynamic_libs/os_functions.h" />
+		<Unit filename="src/dynamic_libs/os_types.h" />
+		<Unit filename="src/dynamic_libs/socket_functions.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/dynamic_libs/socket_functions.h" />
+		<Unit filename="src/dynamic_libs/sys_functions.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/dynamic_libs/sys_functions.h" />
+		<Unit filename="src/dynamic_libs/vpad_functions.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/dynamic_libs/vpad_functions.h" />
+		<Unit filename="src/entry.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/fs/fs_utils.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/fs/fs_utils.h" />
+		<Unit filename="src/fs/sd_fat_devoptab.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/fs/sd_fat_devoptab.h" />
+		<Unit filename="src/ios_exploit.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/ios_exploit.h" />
+		<Unit filename="src/main.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/main.h" />
+		<Unit filename="src/menu.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/menu.h" />
+		<Unit filename="src/system/exception_handler.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/system/exception_handler.h" />
+		<Unit filename="src/system/memory.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/system/memory.h" />
+		<Unit filename="src/utils/logger.c">
+			<Option compilerVar="CC" />
+		</Unit>
+		<Unit filename="src/utils/logger.h" />
+		<Unit filename="src/utils/utils.h" />
+		<Extensions>
+			<code_completion />
+			<envvars />
+			<debugger />
+			<lib_finder disable_auto="1" />
+		</Extensions>
+	</Project>
+</CodeBlocks_project_file>

From 15565cb97cbe1e767d07136c69a2ab8f2be09a2e Mon Sep 17 00:00:00 2001
From: Maschell <Maschell@gmx.de>
Date: Sat, 13 May 2017 09:48:35 +0200
Subject: [PATCH 2/3] Added SD-Access everywhere (patch by @Zarklord1)

This does only work, if you disable the "no ios repload" option in the
settings
---
 ios_kernel/source/ios_mcp_patches.c |  2 ++
 ios_mcp/source/main.c               | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/ios_kernel/source/ios_mcp_patches.c b/ios_kernel/source/ios_mcp_patches.c
index d5e78ba..31d216d 100644
--- a/ios_kernel/source/ios_mcp_patches.c
+++ b/ios_kernel/source/ios_mcp_patches.c
@@ -46,6 +46,8 @@ void mcp_run_patches(u32 ios_elf_start)
 
     section_write_word(ios_elf_start, 0x05056718, ARM_BL(0x05056718, _text_start));
 
+    section_write_word(ios_elf_start, 0x05002BBE, THUMB_BL(0x05002BBE, patch_SD_access_check));
+
     if(cfw_config.syshaxXml)
     {
         section_write(ios_elf_start, 0x050600DC, "/vol/system/config/syshax.xml", 0x20);
diff --git a/ios_mcp/source/main.c b/ios_mcp/source/main.c
index 60d6f36..e8f2c00 100644
--- a/ios_mcp/source/main.c
+++ b/ios_mcp/source/main.c
@@ -29,3 +29,17 @@ int _startMainThread(void)
     }
     return 0;
 }
+
+void patch_SD_access_check(void) {
+    __asm__ volatile(
+        ".thumb\n"
+        //clobbered instructions
+        "add r0, r7, r2\n"
+        //app.permissions.r2.mask seems to be 0xFFFFFFFFFFFFFFFF for every application
+        "ldr r1, =0x32\n"
+        "sub r3, r3, #7\n"
+        "strb r1, [r3]\n"
+        //this instruction was also clobbered but we use r1 so we do it after our patch stuff
+        "movs r1, #0\n"
+        "bx lr");
+}

From 74f723e2ab5c77e6f79da2816114627a46ee9f2f Mon Sep 17 00:00:00 2001
From: Maschell <Maschell@gmx.de>
Date: Sat, 13 May 2017 10:00:42 +0200
Subject: [PATCH 3/3] Adding the SD access to the instant patches (patch by
 @Zarklord1)

Now it works without ios reload
---
 ios_kernel/source/instant_patches.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ios_kernel/source/instant_patches.c b/ios_kernel/source/instant_patches.c
index 25e825c..953c3e8 100644
--- a/ios_kernel/source/instant_patches.c
+++ b/ios_kernel/source/instant_patches.c
@@ -82,6 +82,9 @@ void instant_patches_setup(void)
         // down display launch image at this state
         *(volatile u32*)(_text_start - 4 - 0x05100000 + 0x13D80000) = 0;
 
+        // patch the read position for the cos xml's p4.mask(ios_fs) to read 0xFFFFFFFFFFFFFFFF
+        *(volatile u32*)(0x05002BBE - 0x05000000 + 0x081C0000) = (volatile u32*)THUMB_BL(0x05002BBE, patch_SD_access_check);
+
         ios_map_shared_info_t map_info;
         map_info.paddr = 0x050BD000 - 0x05000000 + 0x081C0000;
         map_info.vaddr = 0x050BD000;