Execute a given code550.bin, update readme

Makefile

@@ -9,16 +9,11 @@ endif
 HAXCHI_S = haxchi.s
 ROP_S = haxchi_rop.s
 ROP_BIN = haxchi_rop.bin
-
-
-all: setup brainage rom.zip 
+all: clean brainage rom.zip 
 
 brainage: setup_brainage brainage.nds
 
-setup:	
-	@cd hbl_loader && make && cd ..
-
-setup_brainage:
+setup_brainage: 
 	@rm -f defines.s $(ROP_BIN) haxchi_rop_hook.bin
 	@cp -f brainage_defs.s defines.s
 
@@ -31,6 +26,5 @@ rom.zip:
 	$(ZIP) -JXjq9 rom.zip brainage.nds
 
 clean:
-	@rm -f *.bin *.zip *.nds defines.s	
-	@cd hbl_loader && make clean && cd ..
+	@rm -f *.zip *.nds defines.s
 	@echo "all cleaned up !"

README.md

@@ -2,10 +2,21 @@
 
 This is the continuation of Haxchi from FIX94 (initial PoC by smea).  
 
+# Usage
+Put a payload `code550.bin` in the root of this project.  
+This payload should be statically linked to 0x18000000, and is called inside a thread.  
+Make sure to exit this thread via `OSExitThread(0);`, afterwards the rop switches automatically to the Mii Maker.  
+
+An example payload which perform the kernel exploit can be found [here](https://github.com/wiiu-env/haxchi_payload).
+
+# Notes
+
+Currently this ONLY executes a given `code550.bin`, nothing usable for the end user. Only one game, no CFW, no coldboothax, nothing.
+
 ## Dependencies
 
 armnips and zip
 
 ## credit
 
-smea, plutoo, yellows8, naehrwert, derrek, FIX94 and dimok
+smea, plutoo, yellows8, naehrwert, derrek, FIX94, dimok and orboditilt.

hbl_loader/.gitignore

@@ -1,4 +0,0 @@
-*.o
-*.map
-*.elf
-/bin

hbl_loader/Makefile

@@ -1,33 +0,0 @@
-PATH := $(DEVKITPPC)/bin:$(PATH)
-PREFIX ?= powerpc-eabi-
-CC = $(PREFIX)gcc
-AS = $(PREFIX)gcc
-CFLAGS = -std=gnu99 -O3 -nostdinc -fno-builtin
-ASFLAGS = -mregnames -x assembler-with-cpp
-LD = $(PREFIX)ld
-OBJCOPY = $(PREFIX)objcopy
-GCC_VER := $(shell $(DEVKITPPC)/bin/powerpc-eabi-gcc -dumpversion)
-LDFLAGS=-Ttext 1800000 -L$(DEVKITPPC)/lib/gcc/powerpc-eabi/$(GCC_VER) -lgcc
-OBJDUMP ?= $(PREFIX)objdump
-project	:=	.
-root	:=	$(CURDIR)
-build	:=	 $(root)/bin
-
-FIRMWARE = 550
-
-all: clean setup main
-
-setup:
-	mkdir -p $(root)/bin/
-
-main:
-	$(CC) $(CFLAGS) -DVER=$(FIRMWARE) -c $(project)/launcher.c
-	$(AS) $(ASFLAGS) -DVER=$(FIRMWARE) -c $(project)/crt0.S
-	cp -r $(root)/*.o $(build)
-	rm $(root)/*.o
-	$(LD) -o hbl_loader.elf $(build)/crt0.o `find $(build) -name "*.o" ! -name "crt0.o"` $(LDFLAGS) -Map hbl_loader.map
-	$(OBJCOPY) hbl_loader.elf -S -O binary ../hbl_loader.bin
-
-clean:
-	rm -rf $(build)
-	rm -rf hbl_loader.elf hbl_loader.map

hbl_loader/README

@@ -1,2 +0,0 @@
-This is a modified version of dimok's original homebrew launcher installer which can be found here:  
-https://github.com/dimok789/homebrew_launcher/tree/master/installer

hbl_loader/common.h

@@ -1,22 +0,0 @@
-#ifndef _COMMON_H_
-#define _COMMON_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define OSDynLoad_Acquire ((void (*)(char* rpl, unsigned int *handle))0x0102A3B4)
-#define OSDynLoad_FindExport ((void (*)(unsigned int handle, int isdata, char *symbol, void *address))0x0102B828)
-#define OSFatal ((void (*)(char* msg))0x01031618)
-#define __os_snprintf ((int(*)(char* s, int n, const char * format, ... ))0x0102F160)
-
-#define ADDRESS_main_entry_hook                     0x0101c56c
-
-#define BUS_SPEED                       248625000
-#define SECS_TO_TICKS(sec) (((unsigned long long)(sec)) * (BUS_SPEED/4))
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

hbl_loader/crt0.S

@@ -1,7 +0,0 @@
-
-	.extern __main
-    .globl _start
-
-_start:
-    # jump to our main
-    b __main

hbl_loader/launcher.c

@@ -1,5 +0,0 @@
-#include "common.h"
-
-void __main(void){
-    OSFatal("hello world");
-}