forked from FIX94/ghostrecon2-exploit-gc
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
16 changed files
with
680 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| [submodule "loader"] | ||
| path = loader | ||
| url = https://github.com/FIX94/gc-exploit-common-loader.git |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # Copyright 2016 FIX94 | ||
| # This code is licensed to you under the terms of the GNU GPL, version 2; | ||
| # see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt | ||
|
|
||
| all: | ||
| @$(MAKE) --no-print-directory -C loader | ||
| @mv -f loader/loader.h exploit/loader.h | ||
| @$(MAKE) --no-print-directory -C searcher | ||
| @mv -f searcher/searcher.bin exploit/searcher.bin | ||
| @$(MAKE) --no-print-directory -C exploit | ||
| @mkdir -p gci | ||
| @mv -f exploit/*.gci gci | ||
|
|
||
| clean: | ||
| @$(MAKE) --no-print-directory -C loader clean | ||
| @$(MAKE) --no-print-directory -C searcher clean | ||
| @$(MAKE) --no-print-directory -C exploit clean | ||
| rm -rf gci |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,3 @@ | ||
| # ghostrecon2-exploit-gc | ||
| a exploit for ghost recon 2 on gamecube | ||
| A exploit for ghost recon 2 on gamecube, you only need a method of injecting the .gci onto your memory card. | ||
| This exploit will load a boot.dol converted with dol2gci (included in Home Bros.) from your memory card. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| # Copyright 2016 FIX94 | ||
| # This code is licensed to you under the terms of the GNU GPL, version 2; | ||
| # see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt | ||
|
|
||
|
|
||
| # Configuration: | ||
|
|
||
| # What toolchain prefix should we use | ||
| CROSS ?= powerpc-eabi- | ||
|
|
||
| # End of configuration. | ||
|
|
||
|
|
||
|
|
||
| # Set CC, LD, OBJCOPY based on CROSS, unless they are set already | ||
|
|
||
| ifeq ($(origin CC), default) | ||
| CC := $(CROSS)gcc -m32 | ||
| endif | ||
| ifeq ($(origin LD), default) | ||
| LD := $(CROSS)ld | ||
| endif | ||
| OBJCOPY ?= $(CROSS)objcopy | ||
|
|
||
|
|
||
| # The compiler flags we need. | ||
|
|
||
| CFLAGS := -Wall -W -O1 -fPIC -ffreestanding -mno-eabi -mno-sdata -mcpu=750 -fno-asynchronous-unwind-tables | ||
|
|
||
|
|
||
| # Build with "V=1" to see the commands executed; be quiet otherwise. | ||
|
|
||
| ifeq ($(V),1) | ||
| Q := | ||
| else | ||
| Q := @ | ||
| MAKEFLAGS += --no-print-directory | ||
| endif | ||
|
|
||
|
|
||
| targets := ggye_eng.gci ggye_fre_spa.gci ggyp_eng.gci ggyp_fre_ger_ita_spa.gci | ||
|
|
||
| objs := ghostrecon2.o start.o | ||
|
|
||
| all: $(targets) | ||
|
|
||
| $(targets): %.gci: %.elf | ||
| @echo " OBJCOPY $@" | ||
| $(Q)$(OBJCOPY) -Obinary $< $@ | ||
|
|
||
| elfs := $(targets:.gci=.elf) | ||
|
|
||
| $(elfs): %.elf: ghostrecon2.ld %.o $(objs) | ||
| @echo " LINK $@" | ||
| $(Q)$(LD) -T $^ -o $@ | ||
|
|
||
| exploit-objs := $(elfs:.elf=.o) | ||
|
|
||
| $(exploit-objs): %.o: %.S | ||
| @echo " ASSEMBLE $@" | ||
| $(Q)$(CC) $(CFLAGS) -c $< -o $@ | ||
|
|
||
| %.o: %.S | ||
| @echo " ASSEMBLE $@" | ||
| $(Q)$(CC) $(CFLAGS) -c $< -o $@ | ||
|
|
||
| %.o: %.c | ||
| @echo " COMPILE $@" | ||
| $(Q)$(CC) $(CFLAGS) -c $< -o $@ | ||
|
|
||
| clean: | ||
| -rm -f $(targets) $(saves) $(elfs) $(exploit-objs) $(objs) $(slots) $(dats) searcher.bin loader.h |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| // Copyright 2016 FIX94 | ||
| // This code is licensed to you under the terms of the GNU GPL, version 2; | ||
| // see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt | ||
|
|
||
| .section .fstart,"ax" | ||
| .globl fbegin | ||
| fbegin: | ||
| 0: // gci "header" we use | ||
| .incbin "ggye.hdr" | ||
|
|
||
| // save start | ||
| .long 0x55424953 | ||
| .long 0x4F465400 | ||
|
|
||
| // player name, will be used for pointer | ||
| // on mem to our overflow string | ||
| .long 0x80DE2768 //will be 0x8053C414 on stack | ||
| .long 0x80DE2768 //will be 0x8053C418 on stack | ||
| .byte 0 | ||
|
|
||
| // save settings | ||
| .short 0x5249 | ||
| .long 1 ; .long 0 | ||
| .long 1 ; .long 0 | ||
| .long 1 ; .long 0 | ||
| .long 3 ; .long 0 | ||
| .long 0 | ||
|
|
||
| // this index underflows a string pointer array at 0x80DE1F70 to point to the | ||
| // player name on stack (0x8053C414) where we set pointers to our overflow string | ||
| .long 0xFFF47863 | ||
|
|
||
| // more settings | ||
| .fill 0x35,1,0x00 | ||
|
|
||
| // time to set up our overflow string at 0x80DE2768 | ||
| .fill 0x80,1,0x41 | ||
| // r28, point to stack position of our code | ||
| .long 0x8053C384 | ||
| // r29,r30,r31, stack store position, arent using those | ||
| .fill 0x10,1,0x41 | ||
| // This function will execute code further down the stack | ||
| .long 0x802BFE24 | ||
| // more overflow string filler | ||
| .fill 0xD,1,0x41 | ||
| // this is actually required for the save to be "valid" | ||
| .byte 1 | ||
| // last of the overflow string filler | ||
| .fill 0xE,1,0x41 | ||
| // Our stack code searcher that gets executed from above | ||
| .incbin "searcher.bin" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| // Copyright 2016 FIX94 | ||
| // This code is licensed to you under the terms of the GNU GPL, version 2; | ||
| // see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt | ||
|
|
||
| .section .fstart,"ax" | ||
| .globl fbegin | ||
| fbegin: | ||
| 0: // gci "header" we use | ||
| .incbin "ggye.hdr" | ||
|
|
||
| // save start | ||
| .long 0x55424953 | ||
| .long 0x4F465400 | ||
|
|
||
| // player name, will be used for pointer | ||
| // on mem to our overflow string | ||
| .long 0x80DE8E60 //will be 8053C414 on stack | ||
| .long 0x80DE8E60 //will be 8053C418 on stack | ||
| .byte 0 | ||
|
|
||
| // save settings | ||
| .short 0x5249 | ||
| .long 1 ; .long 0 | ||
| .long 1 ; .long 0 | ||
| .long 1 ; .long 0 | ||
| .long 3 ; .long 0 | ||
| .long 0 | ||
|
|
||
| // this index underflows a string pointer array at 0x80DE85B0 to point to the | ||
| // player name on stack (0x8053C418) where we set pointers to our overflow string | ||
| .long 0xFFF46FDE | ||
|
|
||
| // more settings | ||
| .fill 0x35,1,0x00 | ||
|
|
||
| // time to set up our overflow string at 0x80DE8E60 | ||
| .fill 0x80,1,0x41 | ||
| // r28, point to stack position of our code | ||
| .long 0x8053C384 | ||
| // r29,r30,r31, stack store position, arent using those | ||
| .fill 0x10,1,0x41 | ||
| // This function will execute code further down the stack | ||
| .long 0x802BFE24 | ||
| // more overflow string filler | ||
| .fill 0xD,1,0x41 | ||
| // this is actually required for the save to be "valid" | ||
| .byte 1 | ||
| // last of the overflow string filler | ||
| .fill 0xE,1,0x41 | ||
| // Our stack code searcher that gets executed from above | ||
| .incbin "searcher.bin" |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| // Copyright 2016 FIX94 | ||
| // This code is licensed to you under the terms of the GNU GPL, version 2; | ||
| // see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt | ||
|
|
||
| .section .fstart,"ax" | ||
| .globl fbegin | ||
| fbegin: | ||
| 0: // gci "header" we use | ||
| .incbin "ggyp.hdr" | ||
|
|
||
| // save start | ||
| .long 0x55424953 | ||
| .long 0x4F465400 | ||
|
|
||
| // player name, will be used for pointer | ||
| // on mem to our overflow string | ||
| .long 0x80DD3B34 //will be at 0x8053AC94 on stack | ||
| .long 0x80DD3B34 //will be at 0x8053AC98 on stack | ||
| .byte 0 | ||
|
|
||
| // save settings | ||
| .short 0x5249 | ||
| .long 1 ; .long 0 | ||
| .long 1 ; .long 0 | ||
| .long 1 ; .long 0 | ||
| .long 3 ; .long 0 | ||
| .long 0 | ||
|
|
||
| // this index underflows a string pointer array at 0x80DD333C to point to the | ||
| // player name on stack (0x8053AC98) where we set pointers to our overflow string | ||
| .long 0xFFF48A1D | ||
|
|
||
| // more settings | ||
| .fill 0x35,1,0x00 | ||
|
|
||
| // time to set up our overflow string at 0x80DD3B34 | ||
| .fill 0x80,1,0x41 | ||
| // r28, point to stack position of our code | ||
| .long 0x8053AC04 | ||
| // r29,r30,r31, stack store position, arent using those | ||
| .fill 0x10,1,0x41 | ||
| // This function will execute code further down the stack | ||
| .long 0x802BFCC8 | ||
| // more overflow string filler | ||
| .fill 0xD,1,0x41 | ||
| // this is actually required for the save to be "valid" | ||
| .byte 1 | ||
| // last of the overflow string filler | ||
| .fill 0xE,1,0x41 | ||
| // Our stack code searcher that gets executed from above at 0x8053AC04 | ||
| .incbin "searcher.bin" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| // Copyright 2016 FIX94 | ||
| // This code is licensed to you under the terms of the GNU GPL, version 2; | ||
| // see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt | ||
|
|
||
| .section .fstart,"ax" | ||
| .globl fbegin | ||
| fbegin: | ||
| 0: // gci "header" we use | ||
| .incbin "ggyp.hdr" | ||
|
|
||
| // save start | ||
| .long 0x55424953 | ||
| .long 0x4F465400 | ||
|
|
||
| // player name, will be used for pointer | ||
| // on mem to our overflow string | ||
| .long 0x80DC5068 //will be 8053ac94 on stack | ||
| .long 0x80DC5068 //will be 8053ac98 on stack | ||
| .byte 0 | ||
|
|
||
| // save settings | ||
| .short 0x5249 | ||
| .long 1 ; .long 0 | ||
| .long 1 ; .long 0 | ||
| .long 1 ; .long 0 | ||
| .long 3 ; .long 0 | ||
| .long 0 | ||
|
|
||
| // this index underflows a string pointer array at 0x80DC4870 to point to the | ||
| // player name on stack (8053ac98) where we set pointers to our overflow string | ||
| .long 0xFFF49DAE | ||
|
|
||
| // more settings | ||
| .fill 0x35,1,0x00 | ||
|
|
||
| // time to set up our overflow string for 0x80DC5068 | ||
| .fill 0x80,1,0x41 | ||
| // r28, point to stack position of our code | ||
| .long 0x8053AC04 | ||
| // r29,r30,r31, stack store position, arent using those | ||
| .fill 0x10,1,0x41 | ||
| // This function will execute code further down the stack | ||
| .long 0x802BFCC8 | ||
| // more overflow string filler | ||
| .fill 0xD,1,0x41 | ||
| // this is actually required for the save to be "valid" | ||
| .byte 1 | ||
| // last of the overflow string filler | ||
| .fill 0xE,1,0x41 | ||
| // Our stack code searcher that gets executed from above at 0x8053AC04 | ||
| .incbin "searcher.bin" |
Oops, something went wrong.