mirror of
https://github.com/wiiu-env/wiiuhaxx_common.git
synced 2024-12-18 12:11:50 +01:00
- Improve makefile to compile/build/download only when needed.
- Add support for getting gadgets from gx2.rpl - Add some new rop address to be searched
This commit is contained in:
parent
439b34bc7e
commit
4b56cb4cd0
37
Makefile
37
Makefile
@ -25,6 +25,9 @@ DEFINES :=
|
||||
COREINIT_PATH := tmp/$(FIRMWARE)/000500101000400A/code/coreinit.rpl
|
||||
COREINIT_PATH_ELF := $(COREINIT_PATH).elf
|
||||
|
||||
GX2_PATH := tmp/$(FIRMWARE)/000500101000400A/code/gx2.rpl
|
||||
GX2_PATH_ELF := $(GX2_PATH).elf
|
||||
|
||||
ifeq ($(OS),Windows_NT)
|
||||
exe_ext := .exe
|
||||
else
|
||||
@ -33,26 +36,40 @@ endif
|
||||
|
||||
all: loader locateall
|
||||
|
||||
loader:
|
||||
loader: wiiuhaxx_loader.bin wiiuhaxx_searcher.bin
|
||||
|
||||
wiiuhaxx_loader.bin: wiiuhaxx_loader.s
|
||||
$(CC) -x assembler-with-cpp -nostartfiles -nostdlib $(DEFINES) -o wiiuhaxx_loader.elf wiiuhaxx_loader.s
|
||||
$(OBJCOPY) -O binary wiiuhaxx_loader.elf wiiuhaxx_loader.bin
|
||||
|
||||
|
||||
wiiuhaxx_searcher.bin: wiiuhaxx_searcher.s
|
||||
$(CC) -x assembler-with-cpp -nostartfiles -nostdlib $(DEFINES) -o wiiuhaxx_searcher.elf wiiuhaxx_searcher.s
|
||||
$(OBJCOPY) -O binary wiiuhaxx_searcher.elf wiiuhaxx_searcher.bin
|
||||
|
||||
locateall: locate532 locate550
|
||||
|
||||
locate532:
|
||||
java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*coreinit.rpl' -version 11464 -out tmp/532
|
||||
make locatespecific FIRMWARE=532 TEXTADDRESS=0x0101c400
|
||||
|
||||
make locatespecific FIRMWARE=532 OS_VERSION=11464 TEXTADDRESS_COREINIT=0x0101c400 TEXTADDRESS_GX2=0x0101c400
|
||||
|
||||
locate550:
|
||||
java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*coreinit.rpl' -version 15702 -out tmp/550
|
||||
make locatespecific FIRMWARE=550 TEXTADDRESS=0x0101c400
|
||||
|
||||
locatespecific:
|
||||
make locatespecific FIRMWARE=550 OS_VERSION=15702 TEXTADDRESS_COREINIT=0x0101c400 TEXTADDRESS_GX2=0x0114EC40
|
||||
|
||||
convertrpl: $(COREINIT_PATH_ELF) $(GX2_PATH_ELF)
|
||||
|
||||
$(COREINIT_PATH_ELF): $(COREINIT_PATH)
|
||||
./bin/rpl2elf$(exe_ext) $(COREINIT_PATH) $(COREINIT_PATH_ELF) > /dev/null
|
||||
sh ./wiiuhaxx_locaterop.sh $(COREINIT_PATH) $(TEXTADDRESS) $(exe_ext) > wiiuhaxx_rop_sysver_$(FIRMWARE).php
|
||||
|
||||
$(GX2_PATH_ELF): $(GX2_PATH)
|
||||
./bin/rpl2elf$(exe_ext) $(GX2_PATH) $(GX2_PATH_ELF) > /dev/null
|
||||
|
||||
$(COREINIT_PATH):
|
||||
java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*coreinit.rpl' -version $(OS_VERSION) -out tmp/$(FIRMWARE)
|
||||
|
||||
$(GX2_PATH):
|
||||
java -jar bin/FileDownloader.jar -titleID 000500101000400A -file '.*gx2.rpl' -version $(OS_VERSION) -out tmp/$(FIRMWARE)
|
||||
|
||||
locatespecific: convertrpl
|
||||
sh ./wiiuhaxx_locaterop.sh $(COREINIT_PATH) $(GX2_PATH) $(TEXTADDRESS_COREINIT) $(TEXTADDRESS_GX2) $(exe_ext) > wiiuhaxx_rop_sysver_$(FIRMWARE).php
|
||||
|
||||
clean:
|
||||
rm -rf wiiuhaxx_loader.elf wiiuhaxx_loader.bin wiiuhaxx_searcher.elf wiiuhaxx_searcher.bin wiiuhaxx_rop_sysver_* tmp
|
||||
|
@ -1,18 +1,28 @@
|
||||
ospath=$1
|
||||
coreinit_textaddr=$2
|
||||
extension=$3
|
||||
coreinitpath=$1
|
||||
gx2path=$2
|
||||
coreinit_textaddr=$3
|
||||
gx2_textaddr=$4
|
||||
extension=$5
|
||||
|
||||
reloc=$((0x02000000-$coreinit_textaddr))
|
||||
reloc_coreinit=$((0x02000000-$coreinit_textaddr))
|
||||
reloc_gx2=$((0x02000000-$gx2_textaddr))
|
||||
|
||||
|
||||
getcoreinit_symboladdr()
|
||||
{
|
||||
val=`powerpc-eabi-readelf -a "$PWD/$ospath.elf" | grep "$1" | head -n 1 | cut -d: -f2 | cut "-d " -f2`
|
||||
printf "$2 = 0x%X;\n" $((0x$val-$reloc))
|
||||
val=`powerpc-eabi-readelf -a "$PWD/$coreinitpath.elf" | grep "$1" | head -n 1 | cut -d: -f2 | cut "-d " -f2`
|
||||
printf "$2 = 0x%X;\n" $((0x$val-$reloc_coreinit))
|
||||
}
|
||||
|
||||
getgx2_symboladdr()
|
||||
{
|
||||
val=`powerpc-eabi-readelf -a "$PWD/$gx2path.elf" | grep "$1" | head -n 1 | cut -d: -f2 | cut "-d " -f2`
|
||||
printf "$2 = 0x%X;\n" $((0x$val-$reloc_gx2))
|
||||
}
|
||||
|
||||
echo "<?php"
|
||||
./bin/ropgadget_patternfinder$extension $ospath.elf --baseaddr=$coreinit_textaddr "--plainsuffix=;" --script=wiiuhaxx_locaterop_script #?1EFE3500?
|
||||
./bin/ropgadget_patternfinder$extension $coreinitpath.elf --baseaddr=$coreinit_textaddr "--plainsuffix=;" --script=wiiuhaxx_locaterop_script_ci #?1EFE3500?
|
||||
./bin/ropgadget_patternfinder$extension $gx2path.elf --baseaddr=$gx2_textaddr "--plainsuffix=;" --script=wiiuhaxx_locaterop_script_gx2 #?1EFE3500?
|
||||
echo ""
|
||||
getcoreinit_symboladdr "memcpy" "\$ROP_memcpy"
|
||||
getcoreinit_symboladdr "DCFlushRange" "\$ROP_DCFlushRange"
|
||||
@ -31,4 +41,6 @@ getcoreinit_symboladdr "OSScreenClearBufferEx" "\$ROP_OSScreenClearBufferEx"
|
||||
getcoreinit_symboladdr "OSDynLoad_Acquire" "\$ROP_OSDynLoad_Acquire"
|
||||
getcoreinit_symboladdr "OSDynLoad_FindExport" "\$ROP_OSDynLoad_FindExport"
|
||||
getcoreinit_symboladdr "__os_snprintf" "\$ROP_os_snprintf"
|
||||
echo "?>"
|
||||
getgx2_symboladdr "GX2Flush" "\$ROP_GX2Flush"
|
||||
getgx2_symboladdr "GX2DirectCallDisplayList" "\$ROP_GX2DirectCallDisplayList"
|
||||
echo "?>"
|
@ -7,3 +7,5 @@
|
||||
--patterntype=sha256 --patterndata=6f5f11fdc441ddef8f2189cbc9006517c4917fcf6e975cb8cbeb2373bf8e8ca2 --patternsha256size=0x14 --addval=0xFFFFFCFC "--plainout=$ROP_POP_R24_TO_R31 = "
|
||||
--patterntype=sha256 --patterndata=e602f66cf8aadc4d5e7db074ad9b8fbfa4190f862a8215cf26f707a49ca95070 --patternsha256size=0x28 --addval=0xFFFFFCFC "--plainout=$ROP_CALLFUNCPTR_WITHARGS_FROM_R3MEM = "
|
||||
--patterntype=sha256 --patterndata=5e1fb4810ff6fb86bb533f2050306de6e03e09450887df6cb22c6d8511c3e267 --patternsha256size=0x18 --addval=0xFFFFFCFC "--plainout=$ROP_SETR3TOR31_POP_R31 = "
|
||||
--patterntype=sha256 --patterndata=5CED182718E8204C299EA1F8E295841A0325EE493893B86053DE762CC0EEFB48 --patternsha256size=0x0C --addval=0xFFFFFCFC "--plainout=$ROP_Register = "
|
||||
--patterntype=sha256 --patterndata=C457C33CF42B00C2E00B96E2C6B097848643BC172E8BDC9F0E7D974E833860B6 --patternsha256size=0x0C --addval=0xFFFFFCFC "--plainout=$ROP_CopyToSaveArea = "
|
1
wiiuhaxx_locaterop_script_gx2
Normal file
1
wiiuhaxx_locaterop_script_gx2
Normal file
@ -0,0 +1 @@
|
||||
#--patterntype=sha256 --patterndata=0D47AE19D0344CB3545E4D5289ED1BBBCE55BF181C929C18C6C05939B73CAEC3 --patternsha256size=0x0C --addval=0xFFFFFCAC "--plainout=$GX2Flush = "
|
Loading…
Reference in New Issue
Block a user