shauninman · December 14, 2024 19:39
diff --git a/patching-mainui-with-cutter.txt b/patching-mainui-with-cutter.txt
 (This was originally written January 11, 2022 for the Miyoo Mini, the result was the precursor to Onion)

 How to patch out Retroarch from MainUI with https://cutter.re

 1. Make a backup of your MainUI, just in case (changes are saved instantly and not undo-able!)
 2. Open Cutter and select your MainUI binary and click the Open button
 3. Make sure "Load in write mode (-w)" is checked and click the Ok button
 4. Once it opens (it will take about 25 seconds), select the Strings tab and enter "createMenu" in the Quick Filter input
 5. Select the only/first result and press X (or control-click and select Show X-Refs)
 6. Double-click the only function (in the 20220110 update named "fcn.0003100c" but the name may change because it's just an address within the compiled binary)
 7. It should open the decompiled function in the Decompiler tab, if not, select that tab, in either case it may take a few seconds to load. Make sure the Decompiler in the bottom right is set to "Ghidra" (it might default to "jsdec" in newer versions of Cutter)
 8. Scroll down, you're looking for a function call with these two string arguments (among others but these are the easily identifiable ones in orange):

 	"./skin/ic-retroarch-f.png", "./skin/ic-retroarch-n.png"

 9. Single click the line **above** that function call, it will look something like this:

 	iVar2 = operator new(unsigned int)(0x38);

 10. Select the Disassembly tab, the assembly line for the desired function call should be highlighted
 11. We need to change three "bl" operations to no-ops. Control-click on the highlighted line ("bl operator new(unsigned int)") and choose "Edit" > "Nop Instruction", repeat with the next two "bl" operations (which will look like "bl fnc.000000" with different hex codes for each), stop before the next instance of "bl operator new(unsigned int)")
 12. That's it. You're done. Quit Cutter (no need to save, the damage is already done).

 What we're doing is _not_ creating and _not_ loading the object that represents the Retroarch item in the main menu and then _not_ adding it to the array of main menu items. :sweat_smile:
	(This was originally written January 11, 2022 for the Miyoo Mini, the result was the precursor to Onion)

	How to patch out Retroarch from MainUI with https://cutter.re

	1. Make a backup of your MainUI, just in case (changes are saved instantly and not undo-able!)
	2. Open Cutter and select your MainUI binary and click the Open button
	3. Make sure "Load in write mode (-w)" is checked and click the Ok button
	4. Once it opens (it will take about 25 seconds), select the Strings tab and enter "createMenu" in the Quick Filter input
	5. Select the only/first result and press X (or control-click and select Show X-Refs)
	6. Double-click the only function (in the 20220110 update named "fcn.0003100c" but the name may change because it's just an address within the compiled binary)
	7. It should open the decompiled function in the Decompiler tab, if not, select that tab, in either case it may take a few seconds to load. Make sure the Decompiler in the bottom right is set to "Ghidra" (it might default to "jsdec" in newer versions of Cutter)
	8. Scroll down, you're looking for a function call with these two string arguments (among others but these are the easily identifiable ones in orange):

	"./skin/ic-retroarch-f.png", "./skin/ic-retroarch-n.png"

	9. Single click the line above that function call, it will look something like this:

	iVar2 = operator new(unsigned int)(0x38);

	10. Select the Disassembly tab, the assembly line for the desired function call should be highlighted
	11. We need to change three "bl" operations to no-ops. Control-click on the highlighted line ("bl operator new(unsigned int)") and choose "Edit" > "Nop Instruction", repeat with the next two "bl" operations (which will look like "bl fnc.000000" with different hex codes for each), stop before the next instance of "bl operator new(unsigned int)")
	12. That's it. You're done. Quit Cutter (no need to save, the damage is already done).

	What we're doing is _not_ creating and _not_ loading the object that represents the Retroarch item in the main menu and then _not_ adding it to the array of main menu items. :sweat_smile: