- Improve makefile to compile/build/download only when needed.

- Add support for getting gadgets from gx2.rpl
- Add some new rop address to be searched

Makefile

@@ -25,6 +25,9 @@ DEFINES	:=
 COREINIT_PATH	:= tmp/$(FIRMWARE)/000500101000400A/code/coreinit.rpl
 COREINIT_PATH_ELF	:= $(COREINIT_PATH).elf
 
+GX2_PATH	:= tmp/$(FIRMWARE)/000500101000400A/code/gx2.rpl
+GX2_PATH_ELF	:= $(GX2_PATH).elf
+
 ifeq ($(OS),Windows_NT) 
     exe_ext := .exe
 else
@@ -33,26 +36,40 @@ endif
 
 all: loader locateall
 	
-loader:
+loader: wiiuhaxx_loader.bin wiiuhaxx_searcher.bin
+
+wiiuhaxx_loader.bin: wiiuhaxx_loader.s
 	$(CC) -x assembler-with-cpp -nostartfiles -nostdlib $(DEFINES) -o wiiuhaxx_loader.elf wiiuhaxx_loader.s
 	$(OBJCOPY) -O binary wiiuhaxx_loader.elf wiiuhaxx_loader.bin
-    
+
+wiiuhaxx_searcher.bin: wiiuhaxx_searcher.s
 	$(CC) -x assembler-with-cpp -nostartfiles -nostdlib $(DEFINES) -o wiiuhaxx_searcher.elf wiiuhaxx_searcher.s
 	$(OBJCOPY) -O binary wiiuhaxx_searcher.elf wiiuhaxx_searcher.bin
 	
 locateall: locate532 locate550
 	
 locate532:
-	java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*coreinit.rpl' -version 11464 -out tmp/532
-	make locatespecific FIRMWARE=532 TEXTADDRESS=0x0101c400
-	
+	make locatespecific FIRMWARE=532 OS_VERSION=11464 TEXTADDRESS_COREINIT=0x0101c400 TEXTADDRESS_GX2=0x0101c400
+    
 locate550:
-	java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*coreinit.rpl' -version 15702 -out tmp/550
-	make locatespecific FIRMWARE=550 TEXTADDRESS=0x0101c400
-	
-locatespecific:	
+	make locatespecific FIRMWARE=550 OS_VERSION=15702 TEXTADDRESS_COREINIT=0x0101c400 TEXTADDRESS_GX2=0x0114EC40
+
+convertrpl: $(COREINIT_PATH_ELF) $(GX2_PATH_ELF)
+
+$(COREINIT_PATH_ELF): $(COREINIT_PATH)
 	./bin/rpl2elf$(exe_ext) $(COREINIT_PATH) $(COREINIT_PATH_ELF) > /dev/null
-	sh ./wiiuhaxx_locaterop.sh $(COREINIT_PATH) $(TEXTADDRESS) $(exe_ext) > wiiuhaxx_rop_sysver_$(FIRMWARE).php
+    
+$(GX2_PATH_ELF): $(GX2_PATH)
+	./bin/rpl2elf$(exe_ext) $(GX2_PATH) $(GX2_PATH_ELF) > /dev/null
+
+$(COREINIT_PATH):
+	java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*coreinit.rpl' -version $(OS_VERSION) -out tmp/$(FIRMWARE)
+    
+$(GX2_PATH):
+	java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*gx2.rpl' -version $(OS_VERSION) -out tmp/$(FIRMWARE)
+
+locatespecific:	convertrpl
+	sh ./wiiuhaxx_locaterop.sh $(COREINIT_PATH) $(GX2_PATH) $(TEXTADDRESS_COREINIT) $(TEXTADDRESS_GX2) $(exe_ext) > wiiuhaxx_rop_sysver_$(FIRMWARE).php
 
 clean:
 	rm -rf wiiuhaxx_loader.elf wiiuhaxx_loader.bin wiiuhaxx_searcher.elf wiiuhaxx_searcher.bin wiiuhaxx_rop_sysver_* tmp

wiiuhaxx_locaterop.sh

@@ -1,18 +1,28 @@
-ospath=$1
-coreinit_textaddr=$2
-extension=$3
+coreinitpath=$1
+gx2path=$2
+coreinit_textaddr=$3
+gx2_textaddr=$4
+extension=$5
 
-reloc=$((0x02000000-$coreinit_textaddr))
+reloc_coreinit=$((0x02000000-$coreinit_textaddr))
+reloc_gx2=$((0x02000000-$gx2_textaddr))
 
 
 getcoreinit_symboladdr()
 {
-	val=`powerpc-eabi-readelf -a "$PWD/$ospath.elf" | grep "$1" | head -n 1 | cut -d: -f2 | cut "-d " -f2`
-	printf "$2 = 0x%X;\n" $((0x$val-$reloc))
+	val=`powerpc-eabi-readelf -a "$PWD/$coreinitpath.elf" | grep "$1" | head -n 1 | cut -d: -f2 | cut "-d " -f2`
+	printf "$2 = 0x%X;\n" $((0x$val-$reloc_coreinit))
+}
+
+getgx2_symboladdr()
+{
+	val=`powerpc-eabi-readelf -a "$PWD/$gx2path.elf" | grep "$1" | head -n 1 | cut -d: -f2 | cut "-d " -f2`
+	printf "$2 = 0x%X;\n" $((0x$val-$reloc_gx2))
 }
 
 echo "<?php" 
-./bin/ropgadget_patternfinder$extension $ospath.elf --baseaddr=$coreinit_textaddr "--plainsuffix=;" --script=wiiuhaxx_locaterop_script #?1EFE3500?
+./bin/ropgadget_patternfinder$extension $coreinitpath.elf --baseaddr=$coreinit_textaddr "--plainsuffix=;" --script=wiiuhaxx_locaterop_script_ci #?1EFE3500?
+./bin/ropgadget_patternfinder$extension $gx2path.elf --baseaddr=$gx2_textaddr "--plainsuffix=;" --script=wiiuhaxx_locaterop_script_gx2 #?1EFE3500?
 echo ""
 getcoreinit_symboladdr "memcpy" "\$ROP_memcpy"
 getcoreinit_symboladdr "DCFlushRange" "\$ROP_DCFlushRange"
@@ -31,4 +41,6 @@ getcoreinit_symboladdr "OSScreenClearBufferEx" "\$ROP_OSScreenClearBufferEx"
 getcoreinit_symboladdr "OSDynLoad_Acquire" "\$ROP_OSDynLoad_Acquire"
 getcoreinit_symboladdr "OSDynLoad_FindExport" "\$ROP_OSDynLoad_FindExport"
 getcoreinit_symboladdr "__os_snprintf" "\$ROP_os_snprintf"
-echo "?>"
+getgx2_symboladdr "GX2Flush" "\$ROP_GX2Flush"
+getgx2_symboladdr "GX2DirectCallDisplayList" "\$ROP_GX2DirectCallDisplayList"
+echo "?>"

wiiuhaxx_locaterop_script_ci

@@ -7,3 +7,5 @@
 --patterntype=sha256 --patterndata=6f5f11fdc441ddef8f2189cbc9006517c4917fcf6e975cb8cbeb2373bf8e8ca2 --patternsha256size=0x14 --addval=0xFFFFFCFC "--plainout=$ROP_POP_R24_TO_R31 = "
 --patterntype=sha256 --patterndata=e602f66cf8aadc4d5e7db074ad9b8fbfa4190f862a8215cf26f707a49ca95070 --patternsha256size=0x28 --addval=0xFFFFFCFC "--plainout=$ROP_CALLFUNCPTR_WITHARGS_FROM_R3MEM = "
 --patterntype=sha256 --patterndata=5e1fb4810ff6fb86bb533f2050306de6e03e09450887df6cb22c6d8511c3e267 --patternsha256size=0x18 --addval=0xFFFFFCFC "--plainout=$ROP_SETR3TOR31_POP_R31 = "
+--patterntype=sha256 --patterndata=5CED182718E8204C299EA1F8E295841A0325EE493893B86053DE762CC0EEFB48 --patternsha256size=0x0C --addval=0xFFFFFCFC "--plainout=$ROP_Register = "
+--patterntype=sha256 --patterndata=C457C33CF42B00C2E00B96E2C6B097848643BC172E8BDC9F0E7D974E833860B6 --patternsha256size=0x0C --addval=0xFFFFFCFC "--plainout=$ROP_CopyToSaveArea = "

wiiuhaxx_locaterop_script_gx2

@@ -0,0 +1 @@
+#--patterntype=sha256 --patterndata=0D47AE19D0344CB3545E4D5289ED1BBBCE55BF181C929C18C6C05939B73CAEC3 --patternsha256size=0x0C --addval=0xFFFFFCAC‬ "--plainout=$GX2Flush = "