PayloadFromRPX/README.md

# Standalone payload.elf loader
This is .rpx is meant to run in a envrionment with sd and codegen (jit) access.
It's exploits the Cafe OS and maps 8 MiB of usable memory from 0x30000000...0x30800000 (physical address) to 0x00800000... 0x01000000 (virtual address) where a payload will be loaded. You may need to hook into the kernel and patch out some thing to gain persistent access to this area.
The loaded `payload.elf` needs to be mapped to this memory area.

## Usage
Put the `payload.elf` in the `sd:/wiiu/` folder of your sd card and start the application.
If no `payload.elf` was found on the sd card, a IOSU exploit will be executed which forces the `default title id` to the Wii U Menu (in case of `system.xml` changes)

Special button combinations:
- Hold R while launching to skip `payload.elf` launching.

## Reset the default title id
When loading this payload in a coldboot environment a payload.elf may want to force the default title id to the Wii U Menu. This loader offers some callbacks to the `payload.elf` to achieve such behaviour.
The `payload.elf` will be loaded with some special arguments. As normal, the first argument is the name of current running RPX, but afterwards a list of callbacks is provided.

Example implementation of the loader:
```
argc = 3;
argv[0] = "safe.rpx";                                       // original argument
argv[1] = "void forceDefaultTitleIDToWiiUMenu(void)";       // signature of the first callback function
argv[2] = &forceDefaultTitleIDToWiiUMenu;                   // pointer to first callback function.
int res = ((int (*)(int, char **)) entryPoint)(argc, arr);  // call the payload.elf with some special arguments.
```

Inside the payload.elf you may want to do something like this:
```
for (int i = 0; i < argc; i++) {
            if(strcmp(argv[i], "void forceDefaultTitleIDToWiiUMenu(void)") == 0){
                if((i + 1) < argc){
                    i++;
                    void (*forceDefaultTitleIDToWiiUMenu)(void) = (void (*)(void)) argv[i];
                    forceDefaultTitleIDToWiiUMenu();
                }
            }
        }
```

Currently the following callbacks are provided: 
```
void forceDefaultTitleIDToWiiUMenu(void) = Reverts the coldboot into a specific title by forcing it the Wii U Menu. Caution: This will perform a IOSU exploit.
```

## Building
Make you to have [wut](https://github.com/devkitPro/wut/) installed and use the following command for build:

```
make
```

## Building using the Dockerfile

It's possible to use a docker image for building. This way you don't need anything installed on your host system.

```
# Build docker image (only needed once)
docker build . -t payloadfromrpx-builder

# make 
docker run -it --rm -v ${PWD}:/project payloadfromrpx-builder make

# make clean
docker run -it --rm -v ${PWD}:/project payloadfromrpx-builder make clean
```


## Format the code via docker

`docker run --rm -v ${PWD}:/src ghcr.io/wiiu-env/clang-format:13.0.0-2 -r ./source -i`

## Credits
- orboditilt
- Maschell
- many many more

Parts taken from: 
- https://github.com/FIX94/haxchi  
- https://github.com/dimok789/mocha  
- https://github.com/dimok789/homebrew_launcher  
- https://github.com/wiiudev/libwiiu/blob/master/kernel/gx2sploit/  
[...]