Hacking Data and Instruction Breakpoints

BullyWiiPlaza

BullyWiiPlaza

Nintendo Hacking <3
OP
Member
Level 11
Joined
Aug 2, 2014
Messages
1,932
Trophies
0
XP
2,477
Country
Germany
I have been trying to get breakpoints working and implemented most of the code here already. This StackOverflow post explains data breakpoints in a nutshell which seems to match with my research for the most part.

The idea is to use the hardware debug registers DABR/IABR:
  • Via setDABR or setIABR syscalls
  • Via the OSSetDABR, OSSetIABR coreinit.rpl functions
  • Via the assembly instructions "move to special purpose register" mtspr 0x3F5, r4 and mtspr 0x3F2, r4 where r4 is the value to move to the respective hardware register
    Code: 
    #define DATA_ADDRESS_BREAKPOINT_REGISTER 0x3F5
#define INSTRUCTION_ADDRESS_BREAKPOINT_REGISTER 0x3F2
Once a breakpoint is hit, the CPU will apparently generate an exception DSI ("data storage interrupt") which should be caught by a handler. Inside the handler function, you can then retrieve the respective breakpoint address from the OSContext structure via the SRR0 field (read/write data address) and exception_specific1 (instruction pointer) since it is passed a reference of the current thread:
Code: 
unsigned char breakPointHandler(void *interruptedContext);
Consult the OSContext struct definition here or here for more information about its fields. I used IDA Pro by the way to figure out the OSContext offsets as well so they are quite certainly correct.
fXbCTUg.png


8gYrlIp.png


R8ATxeK.png


uAMXAYz.png
I tried OSSetExceptionCallback() and __OSSetInterruptHandler() to register the handler but neither of them causes the handler to ever be called even when a breakpoint should be hit. I decided to turn on interrupts/the debugger by calling/patching the respective functions because it seems like debugging is disabled by default. Still, this didn't change anything. Breakpoints are never hit. I only tried the OSSetDABR and OSSetIABR coreinit.rpl functions though.

Do you have an idea of how breakpoints can be realized correctly or maybe I made a mistake somewhere in my approach since I'm pretty sure that I'm close?

Thank you very much :)

@QuarkTheAwesome
@dimok
@FIX94
@CosmoCortney
@skoolzout1
@NWPlayer123
@wj44
@shinyquagsire23
 
Last edited by BullyWiiPlaza,
  • Like
Reactions: CuriousTommy, PandaOnSmack, skoolzout1 and 1 other person

Site & Scene News

Go to forum More news

Popular threads in this forum

A really, REALLY old browser exploit (for 5.3.2)?

Gaming  Online services for the 3DS and Wii U have been shutdown. Here is how to get back online!

Hacking Hardware  Wii U No Display (Logs dumped)

Hacking Gaming  Xenoblade Chronicles X - Lifeline and Enhancement Mod

Homebrew  Huevo's Vault | Wii U Themes

Watch videos on Wii U, offline, saved on SD?

Super Mario Maker Save Collection (All Event and Staff Courses Preserved, 3DS Mario Challenge Port, and More)

Can you hack your wii u with something other than sd card

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: Well start walking towards them +1