Hacking fw.img ELF Misaligned?

gudenau

gudenau

Largely ignored
OP
Member
Level 16
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,404
Country
United States
I am attempting to modify the ELF that is inside the fw.img file, for some of the things that I want to change this requires enlarging some of the program sections. The problem I am having is the ELF seems to have bad alignment outside of the gate. According to Wikipedia ELF files should use the alignment value p_align for memory and file addresses. But it seems that sections 2, 5, 8, 9, 10, 14, 15, 20, 21, 22, 23, 24, 28, 33, 35, 42, 46, 51, 56 and 64 are misaligned. Although only sections 2, 5, 8, 9, 12, 13 and 14 have any content, the rest have a p_filesz of 0.

What am I missing? If I ignore attempt to enlarge a segment the Wii U crashes. I have tried by appending the section to the end of the file and changing the pointers without removing the original and growing the section and moving all of the ones after it in the ELF file.

objdump info:
Code: 
Type           Offset     VirtAddr   PhysAddr   FileSiz    MemSiz     Flg Align
PHDR           0x00000034 0x1D000000 0x1D000000 0x00000900 0x00000900     0x00000004
NOTE           0x00000934 0x1D000900 0x1D000900 0x000002AC 0x000002AC     0x00000004
LOAD           0x00000034 0x1D000000 0x1D000000 0x00000BAC 0x02B00000     0x00004000
LOAD           0x00000BE0 0x04000000 0x08280000 0x00017020 0x00017020 R X 0x00000004
LOAD           0x00017C00 0x04020000 0x082A0000 0x00003F70 0x00003F70 R   0x00000004
LOAD           0x0001BB70 0x04024000 0x082A4000 0x00000ED4 0x00000ED4 RW  0x00000040
LOAD           0x0001CA44 0x04025000 0x082A5000 0x00000000 0x000095C0 RW  0x00000040
LOAD           0x0001CA44 0x05000000 0x081C0000 0x000598F0 0x000598F0 R X 0x00000004
LOAD           0x00076334 0x05060000 0x08220000 0x0000FFC4 0x0000FFC4 R   0x00000040
LOAD           0x000862F8 0x05070000 0x08230000 0x00003420 0x00003420 RW  0x00000040
LOAD           0x00089718 0x05074000 0x08234000 0x00000000 0x00048574 RW  0x00000040
LOAD           0x00089718 0x05100000 0x13D80000 0x00015D6C 0x00015D6C R X 0x00000004
LOAD           0x0009F484 0x08120000 0x08120000 0x00015000 0x00015000 R X 0x00000010
LOAD           0x000B4484 0x08140000 0x08140000 0x00002478 0x00002478 R   0x00000010
LOAD           0x000B68FC 0x08143000 0x08143000 0x0000D000 0x0000D000 RW  0x00000010
LOAD           0x000C38FC 0x08150000 0x08150000 0x00000000 0x00061230 RW  0x00004000
LOAD           0x000C38FC 0x10000000 0x10000000 0x00000000 0x00100000 RW  0x00000001
LOAD           0x000C38FC 0x10100000 0x10100000 0x000312D0 0x000312D0 R X 0x00000004
LOAD           0x000F4BCC 0x10140000 0x10140000 0x00004694 0x00004694 R   0x00000004
LOAD           0x000F9260 0x10145000 0x10145000 0x000000DC 0x000000DC RW  0x00000004
LOAD           0x000F933C 0x10146000 0x10146000 0x00000000 0x0037F4E8 RW  0x00000020
LOAD           0x000F933C 0x10700000 0x10700000 0x000F81C4 0x000F81C4 R X 0x00000004
LOAD           0x001F1500 0x10800000 0x10800000 0x00033B6C 0x00033B6C R   0x00000020
LOAD           0x0022506C 0x10834000 0x10834000 0x000005D0 0x000005D0 RW  0x00000004
LOAD           0x0022563C 0x10835000 0x10835000 0x00000000 0x01406554 RW  0x00000200
LOAD           0x0022563C 0x11F00000 0x11F00000 0x00085770 0x00085770 R X 0x00000004
LOAD           0x002AADAC 0x11FC0000 0x11FC0000 0x000140B0 0x000140B0 R   0x00000004
LOAD           0x002BEE5C 0x11FD5000 0x11FD5000 0x00023234 0x00023234 RW  0x00000004
LOAD           0x002E2090 0x11FF9000 0x11FF9000 0x00000000 0x0015F41C RW  0x00001000
LOAD           0x002E2090 0x12300000 0x12300000 0x00131844 0x00131844 R X 0x00000004
LOAD           0x004138D4 0x12440000 0x12440000 0x000288E8 0x000288E8 R   0x00000004
LOAD           0x0043C1BC 0x12469000 0x12469000 0x000000E4 0x000000E4 RW  0x00000004
LOAD           0x0043C2A0 0x1246A000 0x1246A000 0x0005B31D 0x0005B31D RW  0x00000004
LOAD           0x004975C0 0x124C6000 0x124C6000 0x00000000 0x003C7028 RW  0x00000040
LOAD           0x004975C0 0x1FB00000 0x1FB00000 0x00300000 0x00300000 RW  0x00000004
LOAD           0x007975C0 0x1FE00000 0x1FE00000 0x00014EF4 0x00014EF4 RW  0x00000020
LOAD           0x007AC4B4 0x1FE40000 0x1FE40000 0x00000000 0x001C0000 RW  0x00000001
LOAD           0x007AC4B4 0x20000000 0x20000000 0x00000000 0x08000000 RW  0x00000001
LOAD           0x007AC4B4 0xE0000000 0x12900000 0x000DB65C 0x000DB65C R X 0x00000004
LOAD           0x00887B10 0xE0100000 0x12A00000 0x0002088C 0x0002088C R   0x00000004
LOAD           0x008A839C 0xE0121000 0x12A21000 0x00000124 0x00000124 RW  0x00000004
LOAD           0x008A84C0 0xE0122000 0x12A22000 0x00000650 0x00000650 RW  0x00000004
LOAD           0x008A8B10 0xE0123000 0x12A23000 0x00000000 0x0013EF10 RW  0x00000040
LOAD           0x008A8B10 0xE1000000 0x12BC0000 0x00090D08 0x00090D08 R X 0x00000004
LOAD           0x00939818 0xE10C0000 0x12C80000 0x000213B4 0x000213B4 R   0x00000004
LOAD           0x0095ABCC 0xE10E2000 0x12CA2000 0x00001734 0x00001734 RW  0x00000004
LOAD           0x0095C300 0xE10E4000 0x12CA4000 0x00000000 0x002043B8 RW  0x00000020
LOAD           0x0095C300 0xE2000000 0x12EC0000 0x002651E0 0x002651E0 R X 0x00000004
LOAD           0x00BC14E0 0xE2280000 0x13140000 0x00048934 0x00048934 R   0x00000004
LOAD           0x00C09E14 0xE22C9000 0x13189000 0x00000264 0x00000264 RW  0x00000004
LOAD           0x00C0A078 0xE22CA000 0x1318A000 0x00000604 0x00000604 RW  0x00000004
LOAD           0x00C0A67C 0xE22CB000 0x1318B000 0x00000000 0x003FD9F0 RW  0x00000040
LOAD           0x00C0A67C 0xE3000000 0x13640000 0x0016BA14 0x0016BA14 R X 0x00000004
LOAD           0x00D76090 0xE3180000 0x137C0000 0x0002C78C 0x0002C78C R   0x00000004
LOAD           0x00DA281C 0xE31AD000 0x137ED000 0x00000150 0x00000150 RW  0x00000004
LOAD           0x00DA296C 0xE31AE000 0x137EE000 0x000009D0 0x000009D0 RW  0x00000004
LOAD           0x00DA333C 0xE31AF000 0x137EF000 0x00000000 0x0014DA94 RW  0x00000040
LOAD           0x00DA333C 0xE4000000 0x13A40000 0x00019704 0x00019704 R X 0x00000004
LOAD           0x00DBCA40 0xE4040000 0x13A80000 0x00005AE8 0x00005AE8 R   0x00000004
LOAD           0x00DC2528 0xE4046000 0x13A86000 0x0000005C 0x0000005C RW  0x00000004
LOAD           0x00DC2584 0xE4047000 0x13A87000 0x00000000 0x0011123C RW  0x00000020
LOAD           0x00DC2584 0xE5000000 0x13C00000 0x0000FD64 0x0000FD64 R X 0x00000004
LOAD           0x00DD22E8 0xE5040000 0x13C40000 0x0000328C 0x0000328C R   0x00000004
LOAD           0x00DD5574 0xE5044000 0x13C44000 0x000006E4 0x000006E4 RW  0x00000004
LOAD           0x00DD5C58 0xE5045000 0x13C45000 0x00000000 0x00029900 RW  0x00000020
LOAD           0x00DD5C58 0xE6000000 0x13CC0000 0x00010A80 0x00010A80 R X 0x00000004
LOAD           0x00DE66D8 0xE6040000 0x13D00000 0x00001B90 0x00001B90 R   0x00000004
LOAD           0x00DE8268 0xE6042000 0x13D02000 0x00004990 0x00004990 RW  0x00000004
LOAD           0x00DECBF8 0xE6047000 0x13D07000 0x00000000 0x000011F4 RW  0x00000004
LOAD           0x00DECBF8 0xE7000000 0x082C0000 0x00001000 0x00001000 RW  0x00000004
LOAD           0x00DEDBF8 0xEFF00000 0xFFF00000 0x00000000 0x00008000 RW  0x00000001
LOAD           0x00DEDBF8 0xFFFF0000 0xFFFF0000 0x0000EB0C 0x0000EB0C RWX 0x00000004

Output of an alignment checker I quickly wrote:
Code: 
Section 0 is aligned correctly.
    0x00000000 0x00000000
Section 1 is aligned correctly.
    0x00000000 0x00000000
Section 2 is not aligned correctly.
    0x00000000 0x00000034
Section 3 is aligned correctly.
    0x00000000 0x00000000
Section 4 is aligned correctly.
    0x00000000 0x00000000
Section 5 is not aligned correctly.
    0x00000000 0x00000030
Section 6 is not aligned correctly.
    0x00000000 0x00000004
Section 7 is aligned correctly.
    0x00000000 0x00000000
Section 8 is not aligned correctly.
    0x00000000 0x00000034
Section 9 is not aligned correctly.
    0x00000000 0x00000038
Section 10 is not aligned correctly.
    0x00000000 0x00000018
Section 11 is aligned correctly.
    0x00000000 0x00000000
Section 12 is not aligned correctly.
    0x00000000 0x00000004
Section 13 is not aligned correctly.
    0x00000000 0x00000004
Section 14 is not aligned correctly.
    0x00000000 0x0000000C
Section 15 is not aligned correctly.
    0x00000000 0x000038FC
Section 16 is aligned correctly.
    0x00000000 0x00000000
Section 17 is aligned correctly.
    0x00000000 0x00000000
Section 18 is aligned correctly.
    0x00000000 0x00000000
Section 19 is aligned correctly.
    0x00000000 0x00000000
Section 20 is not aligned correctly.
    0x00000000 0x0000001C
Section 21 is aligned correctly.
    0x00000000 0x00000000
Section 22 is aligned correctly.
    0x00000000 0x00000000
Section 23 is aligned correctly.
    0x00000000 0x00000000
Section 24 is not aligned correctly.
    0x00000000 0x0000003C
Section 25 is aligned correctly.
    0x00000000 0x00000000
Section 26 is aligned correctly.
    0x00000000 0x00000000
Section 27 is aligned correctly.
    0x00000000 0x00000000
Section 28 is not aligned correctly.
    0x00000000 0x00000090
Section 29 is aligned correctly.
    0x00000000 0x00000000
Section 30 is aligned correctly.
    0x00000000 0x00000000
Section 31 is aligned correctly.
    0x00000000 0x00000000
Section 32 is aligned correctly.
    0x00000000 0x00000000
Section 33 is aligned correctly.
    0x00000000 0x00000000
Section 34 is aligned correctly.
    0x00000000 0x00000000
Section 35 is aligned correctly.
    0x00000000 0x00000000
Section 36 is aligned correctly.
    0x00000000 0x00000000
Section 37 is aligned correctly.
    0x00000000 0x00000000
Section 38 is aligned correctly.
    0x00000000 0x00000000
Section 39 is aligned correctly.
    0x00000000 0x00000000
Section 40 is aligned correctly.
    0x00000000 0x00000000
Section 41 is aligned correctly.
    0x00000000 0x00000000
Section 42 is not aligned correctly.
    0x00000000 0x00000010
Section 43 is aligned correctly.
    0x00000000 0x00000000
Section 44 is aligned correctly.
    0x00000000 0x00000000
Section 45 is aligned correctly.
    0x00000000 0x00000000
Section 46 is aligned correctly.
    0x00000000 0x00000000
Section 47 is aligned correctly.
    0x00000000 0x00000000
Section 48 is aligned correctly.
    0x00000000 0x00000000
Section 49 is aligned correctly.
    0x00000000 0x00000000
Section 50 is aligned correctly.
    0x00000000 0x00000000
Section 51 is not aligned correctly.
    0x00000000 0x0000003C
Section 52 is aligned correctly.
    0x00000000 0x00000000
Section 53 is aligned correctly.
    0x00000000 0x00000000
Section 54 is aligned correctly.
    0x00000000 0x00000000
Section 55 is aligned correctly.
    0x00000000 0x00000000
Section 56 is not aligned correctly.
    0x00000000 0x0000003C
Section 57 is aligned correctly.
    0x00000000 0x00000000
Section 58 is aligned correctly.
    0x00000000 0x00000000
Section 59 is aligned correctly.
    0x00000000 0x00000000
Section 60 is not aligned correctly.
    0x00000000 0x00000004
Section 61 is aligned correctly.
    0x00000000 0x00000000
Section 62 is aligned correctly.
    0x00000000 0x00000000
Section 63 is aligned correctly.
    0x00000000 0x00000000
Section 64 is not aligned correctly.
    0x00000000 0x00000018
Section 65 is aligned correctly.
    0x00000000 0x00000000
Section 66 is aligned correctly.
    0x00000000 0x00000000
Section 67 is aligned correctly.
    0x00000000 0x00000000
Section 68 is aligned correctly.
    0x00000000 0x00000000
Section 69 is aligned correctly.
    0x00000000 0x00000000
Section 70 is aligned correctly.
    0x00000000 0x00000000
Section 71 is aligned correctly.
    0x00000000 0x00000000
The print code is this, more or less:
Code: 
if((p_vaddr % p_align) == (p_offset % p_align)){
    printf("Section %d is aligned correctly.\n", i);
}else{
    printf("Section %d is aligned not correctly.\n", i);
}
printf("0x%08X 0x%08X\n", p_vaddr % p_align, p_offset % p_align);

The ELF starts at 0x00000804 in fw.img if you want to double check my numbers.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Gaming  Online services for the 3DS and Wii U have been shutdown. Here is how to get back online!

Hacking Hardware  Wii U No Display (Logs dumped)

Hacking Gaming  Xenoblade Chronicles X - Lifeline and Enhancement Mod

Super Mario Maker Save Collection (All Event and Staff Courses Preserved, 3DS Mario Challenge Port, and More)

Watch videos on Wii U, offline, saved on SD?

Can you hack your wii u with something other than sd card

Pretendo not working with updated games?!

Hacking Hardware  Broken WII U, MLC replaced with an SD card De_fuse 0.8 not working

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: https://a.co/d/8tRQnqT