Add the config files for the RPXGadgetFinder (RPXGadgetFinder) to get the needed ropgadgets

2020-03-06 19:54:25 +01:00 · 2020-03-06 19:54:25 +01:00 · 9d857dbc3e
parent dcf3bf5204
commit 9d857dbc3e
4 changed files with 208 additions and 0 deletions
--- a/utils/coreinit.yml
+++ b/utils/coreinit.yml
@ -0,0 +1,119 @@
+!!de.orb.wiiu.rpxgadgetfinder.SymbolList
+symbols:
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: memcpy, out: ROP_memcpy}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: DCFlushRange, out: ROP_DCFlushRange}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: ICInvalidateRange, out: ROP_ICInvalidateRange}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSSwitchSecCodeGenMode, out: ROP_OSSwitchSecCodeGenMode}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSCodegenCopy, out: ROP_OSCodegenCopy}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSGetCodegenVirtAddrRange, out: ROP_OSGetCodegenVirtAddrRange}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSGetCoreId, out: ROP_OSGetCoreId}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSGetCurrentThread, out: ROP_OSGetCurrentThread}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSSetThreadAffinity, out: ROP_OSSetThreadAffinity}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSYieldThread, out: ROP_OSYieldThread}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSFatal, out: ROP_OSFatal}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: _Exit, out: ROP_Exit}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSScreenFlipBuffersEx, out: ROP_OSScreenFlipBuffersEx}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSScreenClearBufferEx, out: ROP_OSScreenClearBufferEx}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSDynLoad_Acquire, out: ROP_OSDynLoad_Acquire}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSDynLoad_FindExport, out: ROP_OSDynLoad_FindExport}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: __os_snprintf, out: ROP_os_snprintf}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSSendAppSwitchRequest, out: ROP_OSSendAppSwitchRequest}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSExitThread, out: ROP_OSExitThread}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSSleepTicks, out: ROP_OSSleepTicks}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSTestAndSetAtomic64, out: ROP_OSTestAndSetAtomic64}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSDisableInterrupts, out: ROP_OSDisableInterrupts}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSForceFullRelaunch, out: ROP_OSForceFullRelaunch}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSRestoreInterrupts, out: ROP_OSRestoreInterrupts}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: _Exit, out: ROP__Exit}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSCreateThread, out: ROP_OSCreateThread}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSResumeThread, out: ROP_OSResumeThread}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: IM_Open, out: ROP_IM_Open}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: IM_SetDeviceState, out: ROP_IM_SetDeviceState}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: IM_Close, out: ROP_IM_Close}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: __PPCExit, out: ROP___PPCExit}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSRequestFastExit, out: ROP_OSRequestFastExit}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSRestartCrashedApp, out: ROP_OSRestartCrashedApp}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSShutdown, out: ROP_OSShutdown}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSSuspendThread , out: ROP_OSSuspendThread}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSRunThreadsOnExit , out: ROP_OSRunThreadsOnExit}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSBlockThreadsOnExit , out: ROP_OSBlockThreadsOnExit}
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    yHAg7FCY0T7dPuDQ0BMToKXwp5N/NsD19OlQMWWuM/s=
+  out: ROP_POPJUMPLR_STACK12
+  size: 16
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    3s/zyode/BqcPQrHYY8++j0zylm9P9YCp0fTRpvVwAA=
+  out: ROP_POPJUMPLR_STACK20
+  size: 16
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    UwYkiCHAcqnPXHHJRpFx4XzSlm9m/H1hLOec/41dEko=
+  out: ROP_CALLFUNC
+  size: 52
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    9OdgU6ZcVx8rO4xsbd6XPJX4ibzPCiLrlknLx4EMjpg=
+  out: ROP_CALLR28_POP_R28_TO_R31
+  size: 44
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    R0G4Y63PdC+JKMSFo588yGKUadHdzPnmjJ3RwlNB8JE=
+  out: ROP_POP_R28R29R30R31
+  size: 32
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    lylzvoB06SsPEPxfu6rvbCjikF+ZAHZUzXNaX9aZM/w=
+  out: ROP_POP_R27
+  size: 20
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    b18R/cRB3e+PIYnLyQBlF8SRf89ul1y4y+sjc7+OjKI=
+  out: ROP_POP_R24_TO_R31
+  size: 20
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    5gL2bPiq3E1efbB0rZuPv6QZD4YqghXPJvcHpJypUHA=
+  out: ROP_CALLFUNCPTR_WITHARGS_FROM_R3MEM
+  size: 40
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    Xh+0gQ/2+4a7Uz8gUDBt5uA+CUUIh99ssixthRHD4mc=
+  out: ROP_SETR3TOR31_POP_R31
+  size: 24
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    XO0YJxjoIEwpnqH44pWEGgMl7kk4k7hgU952LMDu+0g=
+  out: ROP_Register
+  size: 12
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    tRG8rPv1qkehmUJuU4oX6fsInkWqPZtp49KEUAJl9Ag=
+  out: ROP_Deregister
+  size: 12
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    xFfDPPQrAMLgC5bixrCXhIZDvBcui9yfDn2XToM4YLY=
+  out: ROP_CopyToSaveArea
+  size: 12
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    sSw7j2La0NmOLP6/2mSWqIXtCeWjYhCNNZpLDmgMsYg=
+  out: ROP_CopyFromSaveArea
+  size: 12
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    V2HFYAMFK19z/eBmI8BujBs1RuYojBh30OPV4t8pcnM=
+  out: ROP_CreateThreadInternal
+  size: 64
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    yHAg7FCY0T7dPuDQ0BMToKXwp5N/NsD19OlQMWWuM/s=
+  out: ROP_LR_TO_0XC_R1
+  size: 16
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    1lwTbGqGDZpr/LBcLsRihhg8HJUHmtTK6uh6dFpKInk=
+  out: ROP_lwz_r3_0_r3__lwz_r0_0xc_r1__mtlr_r0__addi_r1_r1_8__blr
+  size: 20
--- a/utils/cross_f.yml
+++ b/utils/cross_f.yml
@ -0,0 +1,51 @@
+!!de.orb.wiiu.rpxgadgetfinder.SymbolList
+symbols:
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    2UqEex9557wgv1EPIzMh4r72bOfoe9MERNRCJS2QEds=
+  out: ROP_R3_TO_R11
+  size: 24
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    VXS3L10mOIyFcT2UbHnxr+jCJ+U9Ha3z9X5HOHllGSU=
+  out: ROP_R11_TO_R1
+  size: 16
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    +eEm1yRZk/UUrd2oSv49qly7y4phONytQoOSweD79Is=
+  out: ROP_R3_TO_R7
+  size: 24
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    2UqEex9557wgv1EPIzMh4r72bOfoe9MERNRCJS2QEds=
+  out: ROP_R3_TO_R4
+  size: 24
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    QnkdtzdOUGOlj+1kSxOiKRlIz8zLKqLxTTD3DrzmStY=
+  out: ROP_R11_TO_R6
+  size: 24
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    YBqA5j5GTvMRKK2DbTy67Lfzg3kLrOqZ1reqFShMX8c=
+  out: ROP_R3_TO_R5
+  size: 24
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    iGB1kj9v0JIyksZUHUEPXPgkEw0f4WVrmu0nzxvH+lY=
+  out: ROP_POP_R12
+  size: 24
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    RQWBzlsmA/L1M0QvcZBZ9cfqDlwKEhXP5YPri/kO4TQ=
+  out: ROP_R3_TO_R6
+  size: 32
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    +0AqMh/6oQUR7LvyFEM/NJuADiPYU1e3JIuiSMRq8mg=
+  out: ROP_R3_TO_R5_POP_R29_R30_R31
+  size: 36
+- 
+
+
+  
--- a/utils/gx2.yml
+++ b/utils/gx2.yml
@ -0,0 +1,33 @@
+!!de.orb.wiiu.rpxgadgetfinder.SymbolList
+symbols:
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2Init, out: ROP_GX2Init}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2Shutdown, out: ROP_GX2Shutdown}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2Flush, out: ROP_GX2Flush}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2DrawDone, out: ROP_GX2DrawDone}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2WaitForVsync, out: ROP_GX2WaitForVsync}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2DirectCallDisplayList, out: ROP_GX2DirectCallDisplayList}
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    0hCapIuj2I7pT0Mnboln9URCLcg8zWuZ2xr3LB2aCBg=
+  out: ROP_GX2SetSemaphore_2C
+  size: 32
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    R39zCpi3J2Qbgu3+IsFNrHNHlogfHa89Vfc0/Ns4wbQ=
+  out: ROP_GX2_r3r4load
+  size: 24
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    3CseouL2xxAvUMi7GrQZ98tD2h9E+IaY1m/T/8S8/u8=
+  out: ROP_GX2_r30r31load
+  size: 24
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    aevLIb1haFrCHxo3BNNhB1zCdQHYTn5fqyQCG69WE7o=
+  out: ROP_GX2_do_flush
+  size: 44
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    ZoF5SgV8HwDWCrz8oUm4QtQZpDN690ixdZst3/8kNr0=
+  out: ROP_GX2_call_r12
+  size: 28
--- a/utils/nsysnet.yml
+++ b/utils/nsysnet.yml
@ -0,0 +1,5 @@
+!!de.orb.wiiu.rpxgadgetfinder.SymbolList
+symbols:
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: socket, out: ROP_socket}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: connect, out: ROP_connect}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: recv, out: ROP_recv}