Execute a given code550.bin, update readme

This commit is contained in:
orboditilt 2019-01-24 17:31:24 +01:00
parent fc0b05ab9d
commit 2ff7a483fe
8 changed files with 15 additions and 83 deletions

View File

@ -9,15 +9,10 @@ endif
HAXCHI_S = haxchi.s HAXCHI_S = haxchi.s
ROP_S = haxchi_rop.s ROP_S = haxchi_rop.s
ROP_BIN = haxchi_rop.bin ROP_BIN = haxchi_rop.bin
all: clean brainage rom.zip
all: setup brainage rom.zip
brainage: setup_brainage brainage.nds brainage: setup_brainage brainage.nds
setup:
@cd hbl_loader && make && cd ..
setup_brainage: setup_brainage:
@rm -f defines.s $(ROP_BIN) haxchi_rop_hook.bin @rm -f defines.s $(ROP_BIN) haxchi_rop_hook.bin
@cp -f brainage_defs.s defines.s @cp -f brainage_defs.s defines.s
@ -31,6 +26,5 @@ rom.zip:
$(ZIP) -JXjq9 rom.zip brainage.nds $(ZIP) -JXjq9 rom.zip brainage.nds
clean: clean:
@rm -f *.bin *.zip *.nds defines.s @rm -f *.zip *.nds defines.s
@cd hbl_loader && make clean && cd ..
@echo "all cleaned up !" @echo "all cleaned up !"

View File

@ -2,10 +2,21 @@
This is the continuation of Haxchi from FIX94 (initial PoC by smea). This is the continuation of Haxchi from FIX94 (initial PoC by smea).
# Usage
Put a payload `code550.bin` in the root of this project.
This payload should be statically linked to 0x18000000, and is called inside a thread.
Make sure to exit this thread via `OSExitThread(0);`, afterwards the rop switches automatically to the Mii Maker.
An example payload which perform the kernel exploit can be found [here](https://github.com/wiiu-env/haxchi_payload).
# Notes
Currently this ONLY executes a given `code550.bin`, nothing usable for the end user. Only one game, no CFW, no coldboothax, nothing.
## Dependencies ## Dependencies
armnips and zip armnips and zip
## credit ## credit
smea, plutoo, yellows8, naehrwert, derrek, FIX94 and dimok smea, plutoo, yellows8, naehrwert, derrek, FIX94, dimok and orboditilt.

View File

@ -1,4 +0,0 @@
*.o
*.map
*.elf
/bin

View File

@ -1,33 +0,0 @@
PATH := $(DEVKITPPC)/bin:$(PATH)
PREFIX ?= powerpc-eabi-
CC = $(PREFIX)gcc
AS = $(PREFIX)gcc
CFLAGS = -std=gnu99 -O3 -nostdinc -fno-builtin
ASFLAGS = -mregnames -x assembler-with-cpp
LD = $(PREFIX)ld
OBJCOPY = $(PREFIX)objcopy
GCC_VER := $(shell $(DEVKITPPC)/bin/powerpc-eabi-gcc -dumpversion)
LDFLAGS=-Ttext 1800000 -L$(DEVKITPPC)/lib/gcc/powerpc-eabi/$(GCC_VER) -lgcc
OBJDUMP ?= $(PREFIX)objdump
project := .
root := $(CURDIR)
build := $(root)/bin
FIRMWARE = 550
all: clean setup main
setup:
mkdir -p $(root)/bin/
main:
$(CC) $(CFLAGS) -DVER=$(FIRMWARE) -c $(project)/launcher.c
$(AS) $(ASFLAGS) -DVER=$(FIRMWARE) -c $(project)/crt0.S
cp -r $(root)/*.o $(build)
rm $(root)/*.o
$(LD) -o hbl_loader.elf $(build)/crt0.o `find $(build) -name "*.o" ! -name "crt0.o"` $(LDFLAGS) -Map hbl_loader.map
$(OBJCOPY) hbl_loader.elf -S -O binary ../hbl_loader.bin
clean:
rm -rf $(build)
rm -rf hbl_loader.elf hbl_loader.map

View File

@ -1,2 +0,0 @@
This is a modified version of dimok's original homebrew launcher installer which can be found here:
https://github.com/dimok789/homebrew_launcher/tree/master/installer

View File

@ -1,22 +0,0 @@
#ifndef _COMMON_H_
#define _COMMON_H_
#ifdef __cplusplus
extern "C" {
#endif
#define OSDynLoad_Acquire ((void (*)(char* rpl, unsigned int *handle))0x0102A3B4)
#define OSDynLoad_FindExport ((void (*)(unsigned int handle, int isdata, char *symbol, void *address))0x0102B828)
#define OSFatal ((void (*)(char* msg))0x01031618)
#define __os_snprintf ((int(*)(char* s, int n, const char * format, ... ))0x0102F160)
#define ADDRESS_main_entry_hook 0x0101c56c
#define BUS_SPEED 248625000
#define SECS_TO_TICKS(sec) (((unsigned long long)(sec)) * (BUS_SPEED/4))
#ifdef __cplusplus
}
#endif
#endif

View File

@ -1,7 +0,0 @@
.extern __main
.globl _start
_start:
# jump to our main
b __main

View File

@ -1,5 +0,0 @@
#include "common.h"
void __main(void){
OSFatal("hello world");
}