update readme, fix python script

README

@@ -1,12 +1,20 @@
-BRAHMA - Privilege elevation exploit for the Nintendo 3DS
+Brahma - Privilege elevation exploit for the Nintendo 3DS
 =========================================================
 
-  WTF is 'BRAHMA'?
+  WTF is 'Brahma'?
   ----------------
-  BRAHMA is a privilege elevation exploit that is based on reverse engineered
-  code of a publicly available, 'commercial' exploit. With existing user mode
-  code execution privileges (e.g. Ninjhax), it can be used to further
-  elevate privileges to ARM9 pre-kernel / SVC mode.
+  Brahma is development tool for the Nintendo 3DS platform that is based on
+  two vulnerabilities whose exploitation lead to elevation of privileges.
+
+  The exploits utilized by Brahma are based on "commercial" exploits that
+  have been reverse engineered. Brahma has been developed with the goal of
+  understanding and documenting the nature of the exploits in mind and has
+  been put further effort into during its development process in order to
+  achieve reliable exploitation and stability.
+
+  Brahma comes with full source code that is based on libctru and requires
+  existing user mode code execution privileges (Ninjhax), and can be used to
+  further elevate privileges to ARM9 pre-kernel / SVC mode.
 
   Also, "Brahma, the creator" is a god in hinduism that is often portrayed
   with four heads and arms (heh... so funny :\). 
@@ -50,19 +58,42 @@ BRAHMA - Privilege elevation exploit for the Nintendo 3DS
       client.py: 'python client.py 10.0.0.5 payload.bin'
       netcat:    'nc 10.0.0.5 80 < payload.bin'
 
+  Example programs that run in privileged ARM9 mode can be downloaded from
+  https://github.com/patois/3DSProjects/tree/master/Brahma/
+
+  A memory dumper (3DSDevTools) for Brahma is available at
+  https://github.com/patois/3DSDevTools/releases
+
+  There is also a port of Decrypt9 by archshift which can be loaded using
+  bootstrap or Brahma (use 'make' to build the project, then use one of the
+  methods supported by Brahma to load the Decrypt9 payload). Decrypt9 can be
+  downloaded from https://github.com/archshift/Decrypt9/tree/bootstrap
+
+  Developers:
+  -----------
+  The exploits used by Brahma which enable privileged ARM9 code execution
+  may also be used as a "library" (#include "brahma.h")
+
+  - call brahma_init() in order to initialize Brahma
+  - call load_arm9_payload() to load payload binary from disk
+  - call firm_reboot() to execute a payload binary (privileged ARM9 code)
+  - (please check the source code for even more features and options)
+
   ARM9 payload must consist of valid ARM9 executable code and will be
   mapped to physical address 0x23F00000 during run-time. Its code should begin
   with a branch instruction at offset 0 and a 'placeholder' for a u32
   variable at offset 4, which will be filled by BRAHMA with a backup of
   the original ARM9 entry point of the FIRM header during runtime.
 
-  Example programs that run in privileged ARM9 mode can be downloaded from
-  https://github.com/patois/3DSProjects/tree/master/Brahma/
-
-  There is also a 'bootstrap' port of Decrypt9 by archshift which can be loaded
-  using Brahma (use 'make' to build the project, then use one of the methods
-  supported by Brahma to load the Decrypt9 payload). Decrypt9 for bootstrap
-  can be downloaded from https://github.com/archshift/Decrypt9/tree/bootstrap
+  Brahma is written in a way that allows developers of payload binaries
+  to easily return control to the Nintendo firmware after custom payload binary
+  code has been executed - simply by returning from the main() function of its
+  code!
+
+  This allows reading and altering of memory contents, such as the mapped
+  Nintendo firmware (including ARM9 kernel, Process9, ARM11 kernel and several
+  processes running on the ARM11 core), for testing purposes, without requiring
+  any changes on the file system level.
 
   Credits:
   --------

tools/client.py

@@ -7,16 +7,16 @@
     print "python client.py <ip> <file>\n"
     sys.exit(0)
 
-s = socket.socket()
-host = sys.argv[1]
 port = 80
+host = sys.argv[1]
 pfile = sys.argv[2]
 
+s = socket.socket()
 s.connect((host, port))
 f = open(pfile, "rb")
 buf = f.read()
 f.close();
-if (f and len):
+if (f and len(buf)):
     sent = s.send(buf)
 print "Sent %d bytes\n" % sent
 s.close