2019-01-23 21:10:08 +01:00
|
|
|
coreinitpath=$1
|
|
|
|
|
gx2path=$2
|
|
|
|
|
coreinit_textaddr=$3
|
|
|
|
|
gx2_textaddr=$4
|
|
|
|
|
extension=$5
|
2015-11-22 19:08:09 +01:00
|
|
|
|
2019-01-23 21:10:08 +01:00
|
|
|
reloc_coreinit=$((0x02000000-$coreinit_textaddr))
|
|
|
|
|
reloc_gx2=$((0x02000000-$gx2_textaddr))
|
2015-11-22 19:08:09 +01:00
|
|
|
|
2019-01-06 18:10:45 +01:00
|
|
|
|
|
|
|
|
getcoreinit_symboladdr()
|
2015-11-22 19:08:09 +01:00
|
|
|
{
|
2019-01-23 21:10:08 +01:00
|
|
|
val=`powerpc-eabi-readelf -a "$PWD/$coreinitpath.elf" | grep "$1" | head -n 1 | cut -d: -f2 | cut "-d " -f2`
|
|
|
|
|
printf "$2 = 0x%X;\n" $((0x$val-$reloc_coreinit))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
getgx2_symboladdr()
|
|
|
|
|
{
|
|
|
|
|
val=`powerpc-eabi-readelf -a "$PWD/$gx2path.elf" | grep "$1" | head -n 1 | cut -d: -f2 | cut "-d " -f2`
|
|
|
|
|
printf "$2 = 0x%X;\n" $((0x$val-$reloc_gx2))
|
2015-11-22 19:08:09 +01:00
|
|
|
}
|
|
|
|
|
|
2019-01-06 18:10:45 +01:00
|
|
|
echo "<?php"
|
2019-01-23 21:10:08 +01:00
|
|
|
./bin/ropgadget_patternfinder$extension $coreinitpath.elf --baseaddr=$coreinit_textaddr "--plainsuffix=;" --script=wiiuhaxx_locaterop_script_ci #?1EFE3500?
|
|
|
|
|
./bin/ropgadget_patternfinder$extension $gx2path.elf --baseaddr=$gx2_textaddr "--plainsuffix=;" --script=wiiuhaxx_locaterop_script_gx2 #?1EFE3500?
|
2015-11-22 19:08:09 +01:00
|
|
|
echo ""
|
|
|
|
|
getcoreinit_symboladdr "memcpy" "\$ROP_memcpy"
|
|
|
|
|
getcoreinit_symboladdr "DCFlushRange" "\$ROP_DCFlushRange"
|
|
|
|
|
getcoreinit_symboladdr "ICInvalidateRange" "\$ROP_ICInvalidateRange"
|
|
|
|
|
getcoreinit_symboladdr "OSSwitchSecCodeGenMode" "\$ROP_OSSwitchSecCodeGenMode"
|
2015-12-01 16:00:37 +01:00
|
|
|
getcoreinit_symboladdr "OSCodegenCopy" "\$ROP_OSCodegenCopy"
|
2015-12-01 23:58:56 +01:00
|
|
|
getcoreinit_symboladdr "OSGetCodegenVirtAddrRange" "\$ROP_OSGetCodegenVirtAddrRange"
|
|
|
|
|
getcoreinit_symboladdr "OSGetCoreId" "\$ROP_OSGetCoreId"
|
2015-12-01 16:00:37 +01:00
|
|
|
getcoreinit_symboladdr "OSGetCurrentThread" "\$ROP_OSGetCurrentThread"
|
2015-11-22 19:08:09 +01:00
|
|
|
getcoreinit_symboladdr "OSSetThreadAffinity" "\$ROP_OSSetThreadAffinity"
|
|
|
|
|
getcoreinit_symboladdr "OSYieldThread" "\$ROP_OSYieldThread"
|
|
|
|
|
getcoreinit_symboladdr "OSFatal" "\$ROP_OSFatal"
|
2015-12-01 16:00:37 +01:00
|
|
|
getcoreinit_symboladdr "_Exit" "\$ROP_Exit"
|
|
|
|
|
getcoreinit_symboladdr "OSScreenFlipBuffersEx" "\$ROP_OSScreenFlipBuffersEx"
|
|
|
|
|
getcoreinit_symboladdr "OSScreenClearBufferEx" "\$ROP_OSScreenClearBufferEx"
|
|
|
|
|
getcoreinit_symboladdr "OSDynLoad_Acquire" "\$ROP_OSDynLoad_Acquire"
|
|
|
|
|
getcoreinit_symboladdr "OSDynLoad_FindExport" "\$ROP_OSDynLoad_FindExport"
|
|
|
|
|
getcoreinit_symboladdr "__os_snprintf" "\$ROP_os_snprintf"
|
2019-01-23 21:10:08 +01:00
|
|
|
getgx2_symboladdr "GX2Flush" "\$ROP_GX2Flush"
|
|
|
|
|
getgx2_symboladdr "GX2DirectCallDisplayList" "\$ROP_GX2DirectCallDisplayList"
|
|
|
|
|
echo "?>"
|
