The-Homebrew-Cloud/ROBChain
2
0
Fork 0
mirror of https://github.com/wiiu-env/ROBChain.git synced 2024-09-28 19:08:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
b174973730
ROBChain/homebrew/ropgadget_addr.py
Maschell dcf3bf5204 Implement a rop chain which loads another ropchain via the network. 
Untested, copy pasted from the mario kart 8 exploit (rop gadgets address are meant to be used on EUR v1.1.7)
2020-03-06 19:51:36 +01:00

75 lines
2.4 KiB
Python
Raw Blame History

ROP_POPJUMPLR_STACK12 = 0x0101CD24;
ROP_POPJUMPLR_STACK20 = 0x01024D88;
ROP_CALLFUNC = 0x01080274;
ROP_CALLR28_POP_R28_TO_R31 = 0x0107DD70;
ROP_POP_R28R29R30R31 = 0x0101D8D4;
ROP_POP_R27 = 0x0101CB00;
ROP_POP_R24_TO_R31 = 0x010204C8;
ROP_CALLFUNCPTR_WITHARGS_FROM_R3MEM = 0x010253C0;
ROP_SETR3TOR31_POP_R31 = 0x0101CC10;
ROP_Register = 0x010277B8;
ROP_Deregister = 0x010277C4;
ROP_CopyToSaveArea = 0x010277DC;
ROP_CopyFromSaveArea = 0x010277D0;
ROP_CreateThreadInternal = 0x01041BA8;
ROP_LR_TO_0XC_R1 = 0x0101CD24;
ROP_lwz_r3_0_r3__lwz_r0_0xc_r1__mtlr_r0__addi_r1_r1_8__blr = 0x01040C58;
ROP_memcpy = 0x01035FC8;
ROP_DCFlushRange = 0x01023F88;
ROP_ICInvalidateRange = 0x010240B0;
ROP_OSSwitchSecCodeGenMode = 0x010376C0;
ROP_OSCodegenCopy = 0x010376D8;
ROP_OSGetCodegenVirtAddrRange = 0x010375C0;
ROP_OSGetCoreId = 0x01024E8C;
ROP_OSGetCurrentThread = 0x01043150;
ROP_OSSetThreadAffinity = 0x010429DC;
ROP_OSYieldThread = 0x010418E4;
ROP_OSFatal = 0x01031618;
ROP_Exit = 0x0101CD80;
ROP_OSScreenFlipBuffersEx = 0x0103AFD0;
ROP_OSScreenClearBufferEx = 0x0103B090;
ROP_OSDynLoad_Acquire = 0x0102A3B4;
ROP_OSDynLoad_FindExport = 0x0102B828;
ROP_os_snprintf = 0x0102F160;
ROP_OSSendAppSwitchRequest = 0x01039C30;
ROP_OSExitThread = 0x01041D6C;
ROP_OSSleepTicks = 0x0104274C;
ROP_OSTestAndSetAtomic64 = 0x010229BC;
ROP_OSDisableInterrupts = 0x01033250;
ROP_OSForceFullRelaunch = 0x01035FA8;
ROP_OSRestoreInterrupts = 0x01033368;
ROP__Exit = 0x0101CD80;
ROP_OSCreateThread = 0x01041B64;
ROP_OSResumeThread = 0x01042108;
ROP_IM_Open = 0x010821F0;
ROP_IM_SetDeviceState = 0x01082598;
ROP_IM_Close = 0x01082200;
ROP___PPCExit = 0x0101C580;
ROP_OSRequestFastExit = 0x01039630;
ROP_OSRestartCrashedApp = 0x010302DC;
ROP_OSShutdown = 0x0101FD0C;
ROP_OSSuspendThread = 0x01042C60;
ROP_OSRunThreadsOnExit = 0x01047644;
ROP_OSBlockThreadsOnExit = 0x01047628;
ROP_GX2SetSemaphore_2C = 0x01157F18;
ROP_GX2_r3r4load = 0x0114EF74;
ROP_GX2_r30r31load = 0x011519EC;
ROP_GX2_do_flush = 0x0114F394;
ROP_GX2_call_r12 = 0x01189DDC;
ROP_GX2Init = 0x01156B78;
ROP_GX2Shutdown = 0x0115733C;
ROP_GX2Flush = 0x011575AC;
ROP_GX2DrawDone = 0x01157560;
ROP_GX2WaitForVsync = 0x01151964;
ROP_GX2DirectCallDisplayList = 0x01152BF0;
ROP_socket = 0x010C21C8;
ROP_connect = 0x010C0828;
ROP_recv = 0x010C0AEC;
ROP_R3_TO_R11 = 0x0DA6364C;
ROP_R11_TO_R1 = 0x0C009578;
ROP_R3_TO_R7 = 0x0D37A6F4;
ROP_R3_TO_R4 = 0x0DA6364C;
ROP_POP_R12 = 0x0C8F991C;
ROP_R3_TO_R6 = 0x0DFA353C;
ROP_R3_TO_R5_POP_R29_R30_R31 = 0x0DA21BC4;
Reference in New Issue View Git Blame Copy Permalink