batman: getting rid of bptr and added further offset for RVL-RLBP-EUR-B0

diff --git a/batman/exploit.s b/batman/exploit.s
index e607aae10c473594bf30a7536243b8ee175c4077..6c0ebabdfbe9b96b73732672e8f764c690b2ffe7 100644 (file)
--- a/batman/exploit.s
+++ b/batman/exploit.s
@@ -4,16 +4,18 @@
 # see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
 
        .section .start,"ax"
+       retadr = 0x90394140
 
-start:
        # The return addr for the nintendo loader is a bit different as for 3rd
        # party loaders. In fact, it depends which value is set by the apploader at
        # 0x8000002c:
        #  -  0x0: return address is 0x90394140 (some 3rd party loader, e.g. gecko os)
        #  - 0x23: return address is 0x90394000 (set by the sysmenu loader by nintendo)
+       #  0B ver:                   0x90394100
        # to make both work, we insert some no op's here
-       .fill (0x150/0x4), 4, 0x60000000
+       .fill (0x140/0x4), 4, 0x60000000
 
+start:
        # Set up a stack frame.
        lis 1,0x8080 ; li 0,0 ; stwu 0,-64(1)
 
@@ -25,8 +27,11 @@ start:
        # the save file.
 
        lis 3,main@h ; ori 3,3,main@l ; addi 5,3,-4
-       lis 4,0x8059 ; ori 4,4,0x3f1c ; lwz 4,0(4) ; addi 4,4,-4
-       addis 4,4,1 ; addi 4,4,end-start
+       lis 4,retadr@h ; ori 4,4,retadr@l-4
+       # Calculate proper offset for the loader in memory
+0:     lbzu 0,4(4); cmpwi 0,0x60 ; beq 0b
+       addi 4,4,-4; addi 4,4,end-start
+
        li 0,0x2000 ; mtctr 0
 0:     lwzu 0,4(4) ; stwu 0,4(5) ; bdnz 0b