diff --git a/Makefile b/Makefile index 3f953fd..f641278 100644 --- a/Makefile +++ b/Makefile @@ -9,16 +9,11 @@ endif HAXCHI_S = haxchi.s ROP_S = haxchi_rop.s ROP_BIN = haxchi_rop.bin - - -all: setup brainage rom.zip +all: clean brainage rom.zip brainage: setup_brainage brainage.nds -setup: - @cd hbl_loader && make && cd .. - -setup_brainage: +setup_brainage: @rm -f defines.s $(ROP_BIN) haxchi_rop_hook.bin @cp -f brainage_defs.s defines.s @@ -31,6 +26,5 @@ rom.zip: $(ZIP) -JXjq9 rom.zip brainage.nds clean: - @rm -f *.bin *.zip *.nds defines.s - @cd hbl_loader && make clean && cd .. + @rm -f *.zip *.nds defines.s @echo "all cleaned up !" diff --git a/README.md b/README.md index 73f095a..f702395 100644 --- a/README.md +++ b/README.md @@ -2,10 +2,21 @@ This is the continuation of Haxchi from FIX94 (initial PoC by smea). +# Usage +Put a payload `code550.bin` in the root of this project. +This payload should be statically linked to 0x18000000, and is called inside a thread. +Make sure to exit this thread via `OSExitThread(0);`, afterwards the rop switches automatically to the Mii Maker. + +An example payload which perform the kernel exploit can be found [here](https://github.com/wiiu-env/haxchi_payload). + +# Notes + +Currently this ONLY executes a given `code550.bin`, nothing usable for the end user. Only one game, no CFW, no coldboothax, nothing. + ## Dependencies armnips and zip ## credit -smea, plutoo, yellows8, naehrwert, derrek, FIX94 and dimok +smea, plutoo, yellows8, naehrwert, derrek, FIX94, dimok and orboditilt. diff --git a/hbl_loader/.gitignore b/hbl_loader/.gitignore deleted file mode 100644 index 9d46e49..0000000 --- a/hbl_loader/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.o -*.map -*.elf -/bin \ No newline at end of file diff --git a/hbl_loader/Makefile b/hbl_loader/Makefile deleted file mode 100644 index b60eef6..0000000 --- a/hbl_loader/Makefile +++ /dev/null @@ -1,33 +0,0 @@ -PATH := $(DEVKITPPC)/bin:$(PATH) -PREFIX ?= powerpc-eabi- -CC = $(PREFIX)gcc -AS = $(PREFIX)gcc -CFLAGS = -std=gnu99 -O3 -nostdinc -fno-builtin -ASFLAGS = -mregnames -x assembler-with-cpp -LD = $(PREFIX)ld -OBJCOPY = $(PREFIX)objcopy -GCC_VER := $(shell $(DEVKITPPC)/bin/powerpc-eabi-gcc -dumpversion) -LDFLAGS=-Ttext 1800000 -L$(DEVKITPPC)/lib/gcc/powerpc-eabi/$(GCC_VER) -lgcc -OBJDUMP ?= $(PREFIX)objdump -project := . -root := $(CURDIR) -build := $(root)/bin - -FIRMWARE = 550 - -all: clean setup main - -setup: - mkdir -p $(root)/bin/ - -main: - $(CC) $(CFLAGS) -DVER=$(FIRMWARE) -c $(project)/launcher.c - $(AS) $(ASFLAGS) -DVER=$(FIRMWARE) -c $(project)/crt0.S - cp -r $(root)/*.o $(build) - rm $(root)/*.o - $(LD) -o hbl_loader.elf $(build)/crt0.o `find $(build) -name "*.o" ! -name "crt0.o"` $(LDFLAGS) -Map hbl_loader.map - $(OBJCOPY) hbl_loader.elf -S -O binary ../hbl_loader.bin - -clean: - rm -rf $(build) - rm -rf hbl_loader.elf hbl_loader.map \ No newline at end of file diff --git a/hbl_loader/README b/hbl_loader/README deleted file mode 100644 index 4ac5fc2..0000000 --- a/hbl_loader/README +++ /dev/null @@ -1,2 +0,0 @@ -This is a modified version of dimok's original homebrew launcher installer which can be found here: -https://github.com/dimok789/homebrew_launcher/tree/master/installer \ No newline at end of file diff --git a/hbl_loader/common.h b/hbl_loader/common.h deleted file mode 100644 index 2a8f415..0000000 --- a/hbl_loader/common.h +++ /dev/null @@ -1,22 +0,0 @@ -#ifndef _COMMON_H_ -#define _COMMON_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#define OSDynLoad_Acquire ((void (*)(char* rpl, unsigned int *handle))0x0102A3B4) -#define OSDynLoad_FindExport ((void (*)(unsigned int handle, int isdata, char *symbol, void *address))0x0102B828) -#define OSFatal ((void (*)(char* msg))0x01031618) -#define __os_snprintf ((int(*)(char* s, int n, const char * format, ... ))0x0102F160) - -#define ADDRESS_main_entry_hook 0x0101c56c - -#define BUS_SPEED 248625000 -#define SECS_TO_TICKS(sec) (((unsigned long long)(sec)) * (BUS_SPEED/4)) - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/hbl_loader/crt0.S b/hbl_loader/crt0.S deleted file mode 100644 index d2095cf..0000000 --- a/hbl_loader/crt0.S +++ /dev/null @@ -1,7 +0,0 @@ - - .extern __main - .globl _start - -_start: - # jump to our main - b __main diff --git a/hbl_loader/launcher.c b/hbl_loader/launcher.c deleted file mode 100644 index a4cfbde..0000000 --- a/hbl_loader/launcher.c +++ /dev/null @@ -1,5 +0,0 @@ -#include "common.h" - -void __main(void){ - OSFatal("hello world"); -}