From 0a240475306a1bf852aee1a54c89e4c4ad7b1f3a Mon Sep 17 00:00:00 2001
From: orboditilt <45944072+orboditilt@users.noreply.github.com>
Date: Mon, 25 Feb 2019 18:59:47 +0100
Subject: [PATCH] - Reduce number of dependencies.  -Fix GX2 addresses for
 5.3.2

---
 Makefile     | 51 ++++++++++++++++++------------------
 README.md    | 11 ++++----
 coreinit.yml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 gx2.yml      |  5 ++++
 4 files changed, 110 insertions(+), 31 deletions(-)
 create mode 100644 coreinit.yml
 create mode 100644 gx2.yml

diff --git a/Makefile b/Makefile
index 5466139..7f8cb97 100644
--- a/Makefile
+++ b/Makefile
@@ -22,17 +22,12 @@ export READELF	:=	$(PREFIX)readelf
 export OBJCOPY	:=	$(PREFIX)objcopy
 DEFINES	:=	
 
-COREINIT_PATH	:= tmp/$(FIRMWARE)/000500101000400A/code/coreinit.rpl
-COREINIT_PATH_ELF	:= $(COREINIT_PATH).elf
-
-GX2_PATH	:= tmp/$(FIRMWARE)/000500101000400A/code/gx2.rpl
-GX2_PATH_ELF	:= $(GX2_PATH).elf
-
-ifeq ($(OS),Windows_NT) 
-    exe_ext := .exe
-else
-    exe_ext := 
-endif
+COREINIT_CONFIG_PATH	:= coreinit.yml
+GX2_CONFIG_PATH	:= gx2.yml
+COREINIT_PATH	:= tmp/$(FIRMWARE)/coreinit.rpl
+GX2_PATH	:= tmp/$(FIRMWARE)/gx2.rpl
+TARGET_FILENAME := wiiuhaxx_rop_sysver_$(FIRMWARE).php
+GADGET_FINDER_PATH := bin/rpxgadgetfinder.jar
 
 all: loader locateall
 	
@@ -47,30 +42,34 @@ wiiuhaxx_searcher.bin: wiiuhaxx_searcher.s
 	$(OBJCOPY) -O binary wiiuhaxx_searcher.elf wiiuhaxx_searcher.bin
 	
 locateall: locate532 locate550
-	
+
 locate532:
-	make locatespecific FIRMWARE=532 OS_VERSION=11464 TEXTADDRESS_COREINIT=0x0101c400 TEXTADDRESS_GX2=0x0101c400
+	make locatespecific FIRMWARE=532 ADDRESS_OFFSET_COREINIT=$$((0x02000000-0x0101c400)) ADDRESS_OFFSET_GX2=$$((0x02000000-0x0114EC40))
     
 locate550:
-	make locatespecific FIRMWARE=550 OS_VERSION=15702 TEXTADDRESS_COREINIT=0x0101c400 TEXTADDRESS_GX2=0x0114EC40
-
-convertrpl: $(COREINIT_PATH_ELF) $(GX2_PATH_ELF)
-
-$(COREINIT_PATH_ELF): $(COREINIT_PATH)
-	./bin/rpl2elf$(exe_ext) $(COREINIT_PATH) $(COREINIT_PATH_ELF) > /dev/null
+	make locatespecific FIRMWARE=550 ADDRESS_OFFSET_COREINIT=$$((0x02000000-0x0101c400)) ADDRESS_OFFSET_GX2=$$((0x02000000-0x0114EC40))
     
-$(GX2_PATH_ELF): $(GX2_PATH)
-	./bin/rpl2elf$(exe_ext) $(GX2_PATH) $(GX2_PATH_ELF) > /dev/null
+checkrpl: $(COREINIT_PATH) $(GX2_PATH)
 
 $(COREINIT_PATH):
-	java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*coreinit.rpl' -version $(OS_VERSION) -out tmp/$(FIRMWARE)
+	if [ -a $(COREINIT_PATH) ]; then $(error missing $(COREINIT_PATH) for FW $(FIRMWARE)); fi;
     
 $(GX2_PATH):
-	java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*gx2.rpl' -version $(OS_VERSION) -out tmp/$(FIRMWARE)
+	if [ -a $(GX2_PATH) ]; then $(error missing $(GX2_PATH) for FW $(FIRMWARE)); fi; 
+    
+$(CONFIG_FILENAME):
+	if [ -a $(CONFIG_FILENAME) ]; then $(error missing $(CONFIG_FILENAME)); fi;
+    
+$(GADGET_FINDER_PATH): 
+	if [ -a $(GADGET_FINDER_PATH) ]; then $(error missing $(GADGET_FINDER_PATH)); fi;
 
-locatespecific:	convertrpl
-	sh ./wiiuhaxx_locaterop.sh $(COREINIT_PATH) $(GX2_PATH) $(TEXTADDRESS_COREINIT) $(TEXTADDRESS_GX2) $(exe_ext) > wiiuhaxx_rop_sysver_$(FIRMWARE).php
+locatespecific:	checkrpl $(GADGET_FINDER_PATH) $(CONFIG_FILENAME)
+	@echo "Finding symbols for FW $(FIRMWARE)"
+	@echo "<?php" > $(TARGET_FILENAME)
+	@java -jar $(GADGET_FINDER_PATH) -cin $(COREINIT_CONFIG_PATH) -bin $(COREINIT_PATH) -aoff -$(ADDRESS_OFFSET_COREINIT) >> $(TARGET_FILENAME)
+	@java -jar $(GADGET_FINDER_PATH) -cin $(GX2_CONFIG_PATH) -bin $(GX2_PATH) -aoff -$(ADDRESS_OFFSET_GX2) >> $(TARGET_FILENAME)
+	@echo "?>" >> $(TARGET_FILENAME)
 
 clean:
-	rm -rf wiiuhaxx_loader.elf wiiuhaxx_loader.bin wiiuhaxx_searcher.elf wiiuhaxx_searcher.bin wiiuhaxx_rop_sysver_* tmp
+	rm -rf wiiuhaxx_loader.elf wiiuhaxx_loader.bin wiiuhaxx_searcher.elf wiiuhaxx_searcher.bin wiiuhaxx_rop_sysver_*
 
diff --git a/README.md b/README.md
index 8176e64..f8a6879 100644
--- a/README.md
+++ b/README.md
@@ -1,15 +1,16 @@
 # README
 
-This fork is supposed a common base for Wii U ROP-chains.
+This fork is supposed to be a common base for Wii U ROP-chains.
 
 ## Building
 Before using the ROP-chain, some files need to be compiled/generated, you can do it with `make`.
 
 The makefile expects some binaries/files.
-- `bin/ropgadget_patternfinder(.exe)` [Download](https://github.com/wiiu-env/ropgadget_patternfinder/releases)
-- `bin/rpl2elf(.exe)` [Download](https://github.com/wiiu-env/rpl2elf/releases)
-- `bin/FileDownloader.jar` [Download](https://github.com/wiiu-env/NUSFileDownloader/releases)
-- `common.key` containing the retail Wii U common key (in binary form, 16 bytes).
+- `bin/rpxgadgetfinder.jar` [Download](https://github.com/wiiu-env/RPXGadgetFinder/releases) (requires Java 11(!))
+- `tmp/532/coreinit.rpl` from 00050010-1000400A OSv10 v11464
+- `tmp/532/gx2.rpl` from 00050010-1000400A OSv10 v11464
+- `tmp/550/coreinit.rpl` from 00050010-1000400A OSv10 v15702
+- `tmp/550/gx2.rpl` from 00050010-1000400A OSv10 v15702
 
 When you have all needed files, you can use `make`.
 
diff --git a/coreinit.yml b/coreinit.yml
new file mode 100644
index 0000000..fab9d80
--- /dev/null
+++ b/coreinit.yml
@@ -0,0 +1,74 @@
+!!de.orb.wiiu.rpxgadgetfinder.SymbolList
+symbols:
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: memcpy, out: $ROP_memcpy}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: DCFlushRange, out: $ROP_DCFlushRange}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: ICInvalidateRange, out: $ROP_ICInvalidateRange}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSSwitchSecCodeGenMode, out: $ROP_OSSwitchSecCodeGenMode}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSCodegenCopy, out: $ROP_OSCodegenCopy}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSGetCodegenVirtAddrRange, out: $ROP_OSGetCodegenVirtAddrRange}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSGetCoreId, out: $ROP_OSGetCoreId}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSGetCurrentThread, out: $ROP_OSGetCurrentThread}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSSetThreadAffinity, out: $ROP_OSSetThreadAffinity}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSYieldThread, out: $ROP_OSYieldThread}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSFatal, out: $ROP_OSFatal}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: _Exit, out: $ROP_Exit}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSScreenFlipBuffersEx, out: $ROP_OSScreenFlipBuffersEx}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSScreenClearBufferEx, out: $ROP_OSScreenClearBufferEx}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSDynLoad_Acquire, out: $ROP_OSDynLoad_Acquire}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSDynLoad_FindExport, out: $ROP_OSDynLoad_FindExport}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: __os_snprintf, out: $ROP_os_snprintf}
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    yHAg7FCY0T7dPuDQ0BMToKXwp5N/NsD19OlQMWWuM/s=
+  out: $ROP_POPJUMPLR_STACK12
+  size: 16
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    3s/zyode/BqcPQrHYY8++j0zylm9P9YCp0fTRpvVwAA=
+  out: $ROP_POPJUMPLR_STACK20
+  size: 16
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    UwYkiCHAcqnPXHHJRpFx4XzSlm9m/H1hLOec/41dEko=
+  out: $ROP_CALLFUNC
+  size: 52
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    9OdgU6ZcVx8rO4xsbd6XPJX4ibzPCiLrlknLx4EMjpg=
+  out: $ROP_CALLR28_POP_R28_TO_R31
+  size: 44
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    R0G4Y63PdC+JKMSFo588yGKUadHdzPnmjJ3RwlNB8JE=
+  out: $ROP_POP_R28R29R30R31
+  size: 32
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    lylzvoB06SsPEPxfu6rvbCjikF+ZAHZUzXNaX9aZM/w=
+  out: $ROP_POP_R27
+  size: 20
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    b18R/cRB3e+PIYnLyQBlF8SRf89ul1y4y+sjc7+OjKI=
+  out: $ROP_POP_R24_TO_R31
+  size: 20
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    5gL2bPiq3E1efbB0rZuPv6QZD4YqghXPJvcHpJypUHA=
+  out: $ROP_CALLFUNCPTR_WITHARGS_FROM_R3MEM
+  size: 40
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    Xh+0gQ/2+4a7Uz8gUDBt5uA+CUUIh99ssixthRHD4mc=
+  out: $ROP_SETR3TOR31_POP_R31
+  size: 24
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    XO0YJxjoIEwpnqH44pWEGgMl7kk4k7hgU952LMDu+0g=
+  out: $ROP_Register
+  size: 12
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    xFfDPPQrAMLgC5bixrCXhIZDvBcui9yfDn2XToM4YLY=
+  out: $ROP_CopyToSaveArea
+  size: 12
diff --git a/gx2.yml b/gx2.yml
new file mode 100644
index 0000000..b1c7868
--- /dev/null
+++ b/gx2.yml
@@ -0,0 +1,5 @@
+!!de.orb.wiiu.rpxgadgetfinder.SymbolList
+symbols:
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2Init, out: $ROP_GX2Init}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2Flush, out: $ROP_GX2Flush}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2DirectCallDisplayList, out: $ROP_GX2DirectCallDisplayList}