From c977d2ca1a67111cb3475340bbfff1267981cd6e Mon Sep 17 00:00:00 2001
From: Bernhard Urban <lewurm@gmail.com>
Date: Sun, 9 Jan 2011 18:53:03 +0100
Subject: [PATCH] batman: getting rid of bptr and added further offset for
 RVL-RLBP-EUR-B0

---
 batman/exploit.s | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/batman/exploit.s b/batman/exploit.s
index e607aae..6c0ebab 100644
--- a/batman/exploit.s
+++ b/batman/exploit.s
@@ -4,16 +4,18 @@
 # see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
 
 	.section .start,"ax"
+	retadr = 0x90394140
 
-start:
 	# The return addr for the nintendo loader is a bit different as for 3rd
 	# party loaders. In fact, it depends which value is set by the apploader at
 	# 0x8000002c:
 	#  -  0x0: return address is 0x90394140 (some 3rd party loader, e.g. gecko os)
 	#  - 0x23: return address is 0x90394000 (set by the sysmenu loader by nintendo)
+	#  0B ver:                   0x90394100
 	# to make both work, we insert some no op's here
-	.fill (0x150/0x4), 4, 0x60000000
+	.fill (0x140/0x4), 4, 0x60000000
 
+start:
 	# Set up a stack frame.
 	lis 1,0x8080 ; li 0,0 ; stwu 0,-64(1)
 
@@ -25,8 +27,11 @@ start:
 	# the save file.
 
 	lis 3,main@h ; ori 3,3,main@l ; addi 5,3,-4
-	lis 4,0x8059 ; ori 4,4,0x3f1c ; lwz 4,0(4) ; addi 4,4,-4
-	addis 4,4,1 ; addi 4,4,end-start
+	lis 4,retadr@h ; ori 4,4,retadr@l-4
+	# Calculate proper offset for the loader in memory
+0:	lbzu 0,4(4); cmpwi 0,0x60 ; beq 0b
+	addi 4,4,-4; addi 4,4,end-start
+
 	li 0,0x2000 ; mtctr 0
 0:	lwzu 0,4(4) ; stwu 0,4(5) ; bdnz 0b
 
-- 
2.25.1