- Reduce number of dependencies.

-Fix GX2 addresses for 5.3.2

Makefile

@@ -22,17 +22,12 @@ export READELF	:=	$(PREFIX)readelf
 export OBJCOPY	:=	$(PREFIX)objcopy
 DEFINES	:=	
 
-COREINIT_PATH	:= tmp/$(FIRMWARE)/000500101000400A/code/coreinit.rpl
+COREINIT_CONFIG_PATH	:= coreinit.yml
-COREINIT_PATH_ELF	:= $(COREINIT_PATH).elf
+GX2_CONFIG_PATH	:= gx2.yml
-
+COREINIT_PATH	:= tmp/$(FIRMWARE)/coreinit.rpl
-GX2_PATH	:= tmp/$(FIRMWARE)/000500101000400A/code/gx2.rpl
+GX2_PATH	:= tmp/$(FIRMWARE)/gx2.rpl
-GX2_PATH_ELF	:= $(GX2_PATH).elf
+TARGET_FILENAME := wiiuhaxx_rop_sysver_$(FIRMWARE).php
-
+GADGET_FINDER_PATH := bin/rpxgadgetfinder.jar
-ifeq ($(OS),Windows_NT) 
-    exe_ext := .exe
-else
-    exe_ext := 
-endif
 
 all: loader locateall
 	
@@ -47,30 +42,34 @@ wiiuhaxx_searcher.bin: wiiuhaxx_searcher.s
 	$(OBJCOPY) -O binary wiiuhaxx_searcher.elf wiiuhaxx_searcher.bin
 	
 locateall: locate532 locate550
-	
+
 locate532:
-	make locatespecific FIRMWARE=532 OS_VERSION=11464 TEXTADDRESS_COREINIT=0x0101c400 TEXTADDRESS_GX2=0x0101c400
+	make locatespecific FIRMWARE=532 ADDRESS_OFFSET_COREINIT=$$((0x02000000-0x0101c400)) ADDRESS_OFFSET_GX2=$$((0x02000000-0x0114EC40))
     
 locate550:
-	make locatespecific FIRMWARE=550 OS_VERSION=15702 TEXTADDRESS_COREINIT=0x0101c400 TEXTADDRESS_GX2=0x0114EC40
+	make locatespecific FIRMWARE=550 ADDRESS_OFFSET_COREINIT=$$((0x02000000-0x0101c400)) ADDRESS_OFFSET_GX2=$$((0x02000000-0x0114EC40))
-
-convertrpl: $(COREINIT_PATH_ELF) $(GX2_PATH_ELF)
-
-$(COREINIT_PATH_ELF): $(COREINIT_PATH)
-	./bin/rpl2elf$(exe_ext) $(COREINIT_PATH) $(COREINIT_PATH_ELF) > /dev/null
     
-$(GX2_PATH_ELF): $(GX2_PATH)
+checkrpl: $(COREINIT_PATH) $(GX2_PATH)
-	./bin/rpl2elf$(exe_ext) $(GX2_PATH) $(GX2_PATH_ELF) > /dev/null
 
 $(COREINIT_PATH):
-	java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*coreinit.rpl' -version $(OS_VERSION) -out tmp/$(FIRMWARE)
+	if [ -a $(COREINIT_PATH) ]; then $(error missing $(COREINIT_PATH) for FW $(FIRMWARE)); fi;
     
 $(GX2_PATH):
-	java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*gx2.rpl' -version $(OS_VERSION) -out tmp/$(FIRMWARE)
+	if [ -a $(GX2_PATH) ]; then $(error missing $(GX2_PATH) for FW $(FIRMWARE)); fi; 
+    
+$(CONFIG_FILENAME):
+	if [ -a $(CONFIG_FILENAME) ]; then $(error missing $(CONFIG_FILENAME)); fi;
+    
+$(GADGET_FINDER_PATH): 
+	if [ -a $(GADGET_FINDER_PATH) ]; then $(error missing $(GADGET_FINDER_PATH)); fi;
 
-locatespecific:	convertrpl
+locatespecific:	checkrpl $(GADGET_FINDER_PATH) $(CONFIG_FILENAME)
-	sh ./wiiuhaxx_locaterop.sh $(COREINIT_PATH) $(GX2_PATH) $(TEXTADDRESS_COREINIT) $(TEXTADDRESS_GX2) $(exe_ext) > wiiuhaxx_rop_sysver_$(FIRMWARE).php
+	@echo "Finding symbols for FW $(FIRMWARE)"
+	@echo "<?php" > $(TARGET_FILENAME)
+	@java -jar $(GADGET_FINDER_PATH) -cin $(COREINIT_CONFIG_PATH) -bin $(COREINIT_PATH) -aoff -$(ADDRESS_OFFSET_COREINIT) >> $(TARGET_FILENAME)
+	@java -jar $(GADGET_FINDER_PATH) -cin $(GX2_CONFIG_PATH) -bin $(GX2_PATH) -aoff -$(ADDRESS_OFFSET_GX2) >> $(TARGET_FILENAME)
+	@echo "?>" >> $(TARGET_FILENAME)
 
 clean:
-	rm -rf wiiuhaxx_loader.elf wiiuhaxx_loader.bin wiiuhaxx_searcher.elf wiiuhaxx_searcher.bin wiiuhaxx_rop_sysver_* tmp
+	rm -rf wiiuhaxx_loader.elf wiiuhaxx_loader.bin wiiuhaxx_searcher.elf wiiuhaxx_searcher.bin wiiuhaxx_rop_sysver_*
 

README.md

@@ -1,15 +1,16 @@
 # README
 
-This fork is supposed a common base for Wii U ROP-chains.
+This fork is supposed to be a common base for Wii U ROP-chains.
 
 ## Building
 Before using the ROP-chain, some files need to be compiled/generated, you can do it with `make`.
 
 The makefile expects some binaries/files.
-- `bin/ropgadget_patternfinder(.exe)` [Download](https://github.com/wiiu-env/ropgadget_patternfinder/releases)
+- `bin/rpxgadgetfinder.jar` [Download](https://github.com/wiiu-env/RPXGadgetFinder/releases) (requires Java 11(!))
-- `bin/rpl2elf(.exe)` [Download](https://github.com/wiiu-env/rpl2elf/releases)
+- `tmp/532/coreinit.rpl` from 00050010-1000400A OSv10 v11464
-- `bin/FileDownloader.jar` [Download](https://github.com/wiiu-env/NUSFileDownloader/releases)
+- `tmp/532/gx2.rpl` from 00050010-1000400A OSv10 v11464
-- `common.key` containing the retail Wii U common key (in binary form, 16 bytes).
+- `tmp/550/coreinit.rpl` from 00050010-1000400A OSv10 v15702
+- `tmp/550/gx2.rpl` from 00050010-1000400A OSv10 v15702
 
 When you have all needed files, you can use `make`.
 

coreinit.yml

@@ -0,0 +1,74 @@
+!!de.orb.wiiu.rpxgadgetfinder.SymbolList
+symbols:
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: memcpy, out: $ROP_memcpy}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: DCFlushRange, out: $ROP_DCFlushRange}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: ICInvalidateRange, out: $ROP_ICInvalidateRange}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSSwitchSecCodeGenMode, out: $ROP_OSSwitchSecCodeGenMode}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSCodegenCopy, out: $ROP_OSCodegenCopy}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSGetCodegenVirtAddrRange, out: $ROP_OSGetCodegenVirtAddrRange}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSGetCoreId, out: $ROP_OSGetCoreId}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSGetCurrentThread, out: $ROP_OSGetCurrentThread}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSSetThreadAffinity, out: $ROP_OSSetThreadAffinity}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSYieldThread, out: $ROP_OSYieldThread}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSFatal, out: $ROP_OSFatal}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: _Exit, out: $ROP_Exit}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSScreenFlipBuffersEx, out: $ROP_OSScreenFlipBuffersEx}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSScreenClearBufferEx, out: $ROP_OSScreenClearBufferEx}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSDynLoad_Acquire, out: $ROP_OSDynLoad_Acquire}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: OSDynLoad_FindExport, out: $ROP_OSDynLoad_FindExport}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: __os_snprintf, out: $ROP_os_snprintf}
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    yHAg7FCY0T7dPuDQ0BMToKXwp5N/NsD19OlQMWWuM/s=
+  out: $ROP_POPJUMPLR_STACK12
+  size: 16
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    3s/zyode/BqcPQrHYY8++j0zylm9P9YCp0fTRpvVwAA=
+  out: $ROP_POPJUMPLR_STACK20
+  size: 16
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    UwYkiCHAcqnPXHHJRpFx4XzSlm9m/H1hLOec/41dEko=
+  out: $ROP_CALLFUNC
+  size: 52
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    9OdgU6ZcVx8rO4xsbd6XPJX4ibzPCiLrlknLx4EMjpg=
+  out: $ROP_CALLR28_POP_R28_TO_R31
+  size: 44
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    R0G4Y63PdC+JKMSFo588yGKUadHdzPnmjJ3RwlNB8JE=
+  out: $ROP_POP_R28R29R30R31
+  size: 32
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    lylzvoB06SsPEPxfu6rvbCjikF+ZAHZUzXNaX9aZM/w=
+  out: $ROP_POP_R27
+  size: 20
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    b18R/cRB3e+PIYnLyQBlF8SRf89ul1y4y+sjc7+OjKI=
+  out: $ROP_POP_R24_TO_R31
+  size: 20
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    5gL2bPiq3E1efbB0rZuPv6QZD4YqghXPJvcHpJypUHA=
+  out: $ROP_CALLFUNCPTR_WITHARGS_FROM_R3MEM
+  size: 40
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    Xh+0gQ/2+4a7Uz8gUDBt5uA+CUUIh99ssixthRHD4mc=
+  out: $ROP_SETR3TOR31_POP_R31
+  size: 24
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    XO0YJxjoIEwpnqH44pWEGgMl7kk4k7hgU952LMDu+0g=
+  out: $ROP_Register
+  size: 12
+- !!de.orb.wiiu.rpxgadgetfinder.GadgetSymbol
+  hash: !!binary |-
+    xFfDPPQrAMLgC5bixrCXhIZDvBcui9yfDn2XToM4YLY=
+  out: $ROP_CopyToSaveArea
+  size: 12

gx2.yml

@@ -0,0 +1,5 @@
+!!de.orb.wiiu.rpxgadgetfinder.SymbolList
+symbols:
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2Init, out: $ROP_GX2Init}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2Flush, out: $ROP_GX2Flush}
+- !!de.orb.wiiu.rpxgadgetfinder.ExportSymbol {name: GX2DirectCallDisplayList, out: $ROP_GX2DirectCallDisplayList}