Hacking Looking for a lot of testers for Wii Mod Memory Mapping Project

jskyboo

Well-Known Member
OP
Member
Joined
Sep 12, 2009
Messages
288
Trophies
1
XP
203
Country
United States
Hey everyone as some of you may know Wii Mod has problems launching from certain app loaders. This causes people to ask repeatedly "Why doesn't Wii Mod work with ____?". Well I've decided its time to do something about it so we can know what is the optimum Wii Mod can be, so I've decided to map the memory out. To help me with this though I need a LOT of testers. I'm first going to release a small test pack, inside is some slightly different versions of Wii Mod. What I need people to do is download this pack and then test each version with various app loaders. This includes HBC, bb, Disc loaders, the Wii Mod forwarder, as well as loading these while in different versions of sneek. At the moment I am only concerned with loading from sd as that would multiply the amount of results I get. Also I know I did not list all app loaders so if you have other favorite loaders please mention them hear so I can add them to the list. When you test it please report back also with what system menu you are running and under which loaders and nands you tested. I only need you to test if Wii Mod loads, you do not need to test any advanced functions of Wii Mod so there should be little to no risk. Also when describing the loader that you used try to be specific, for instance for bb please include the specific bb version just v1 or v2 is NOT enough. Hopefully with this information I can map out the problem locations and Wii Mod will be able to load with a greater percentage of cases.

Here is the small pack: http://www.mediafire.com/?h6oxks29blqu6zx

Based on the results of this pack there will likely be larger packs later.
 

giantpune

Well-Known Member
Member
Joined
Apr 10, 2009
Messages
2,860
Trophies
1
XP
213
Country
United States
you can use "wit DUMP blablabla.dol" and it will tell you the memory layout for each dol. you can also take the wiixplorer approach. when you tell it to launch a dol, it will copy that dol to some spot in mem2. that it will copy another little app to anyther spot in mem2. then it runs this second little app which copies the dol to the appropriate spots and runs it. this basically makes sure that the program being launched is not overwriting wiixplorer itself.

then theres the loadmii approach. loadsmii is a dol wrapped in another dol. when you run it, the first dol simply copies the second one (the main one) to mem2 and thats where it runs. since the main executable is running in mem2, it can copy programs and other dols all over mem1 without overwriting itself. i would suggest this approach, but instead of mem2, i would put my main executable in the HBC spot around 0x81330000. hbc will refuse to start any program that runs directly from that location, so you are pretty much guaranteed that your loader will be able to load anything on wiibrew and homebrew browser.
 

jskyboo

Well-Known Member
OP
Member
Joined
Sep 12, 2009
Messages
288
Trophies
1
XP
203
Country
United States
you can use "wit DUMP blablabla.dol" and it will tell you the memory layout for each dol. you can also take the wiixplorer approach. when you tell it to launch a dol, it will copy that dol to some spot in mem2. that it will copy another little app to anyther spot in mem2. then it runs this second little app which copies the dol to the appropriate spots and runs it. this basically makes sure that the program being launched is not overwriting wiixplorer itself.

then theres the loadmii approach. loadsmii is a dol wrapped in another dol. when you run it, the first dol simply copies the second one (the main one) to mem2 and thats where it runs. since the main executable is running in mem2, it can copy programs and other dols all over mem1 without overwriting itself. i would suggest this approach, but instead of mem2, i would put my main executable in the HBC spot around 0x81330000. hbc will refuse to start any program that runs directly from that location, so you are pretty much guaranteed that your loader will be able to load anything on wiibrew and homebrew browser.
Yeah pune, I know most of this stuff(the wiixplorer sounds interesting I might check that out later) the app loader in Wii Mod is loadmii so I do know. This doesn't address things like disc loaders, bb, and how things load while in *neeks. As for 0x81330000, HBC won't launch anything in the range of 0x81330000 - 0x81800000. While it would be correct for me to use that range as an app loader, I can't since I want it to load from HBC. There are some other ranges I do know about. The question is about a ~16mb range that is mostly unknown. I have tried a few over the past year I want to map it to know much more precisely.
 

giantpune

Well-Known Member
Member
Joined
Apr 10, 2009
Messages
2,860
Trophies
1
XP
213
Country
United States
what i was suggesting is that you wrap your program in something that will copy it to HBC's spot. then hbc will happily boot that little wrapper.
 

jskyboo

Well-Known Member
OP
Member
Joined
Sep 12, 2009
Messages
288
Trophies
1
XP
203
Country
United States
what i was suggesting is that you wrap your program in something that will copy it to HBC's spot. then hbc will happily boot that little wrapper.
Right but then where does the wrapper run? It's the same question even though the wrapper would be smaller and fit in smaller holes the question still remains where works best.
 

giantpune

Well-Known Member
Member
Joined
Apr 10, 2009
Messages
2,860
Trophies
1
XP
213
Country
United States
you make the wrapper run from almost anywhere you want. 0x80004000 is a fine place. all the wrapper needs to do is memcpy your actual dol sections into place, DCFlush, ICInvalidate, and execute it.
 

jskyboo

Well-Known Member
OP
Member
Joined
Sep 12, 2009
Messages
288
Trophies
1
XP
203
Country
United States
you make the wrapper run from almost anywhere you want. 0x80004000 is a fine place. all the wrapper needs to do is memcpy your actual dol sections into place, DCFlush, ICInvalidate, and execute it.
I would rather not go with the wrapper but if that ends up being the best solution I will. I look at the idea of having another loader as part of the normal launch process for Wii Mod as being overly complex. But your assertion that "0x80004000 is a fine place", why? Have you tested it out? That's exactly what I want to get to the bottom of. Too many times what has seemed like a fine place ends up having a problem with some obscure setup. I can't test every situation myself so I am calling out for help testing. If you don't want to help testing, that's fine.

Also using the wrapper technique I would be left with ~4.8MB max. If I don't go with 0x81330000 I could potentially go larger. I'm not saying Wii Mod will get that large but there was a time when people said you would never need more than 1 MB on your computer.
 

giantpune

Well-Known Member
Member
Joined
Apr 10, 2009
Messages
2,860
Trophies
1
XP
213
Country
United States
adding a wrapper to a program doesnt add too much complexity to the startup process. you can fit the entire wrapper in less than 200 bytes. actually, you can get it so small, then the elf2dol converter in devkitpro will say it is too small to be a dol section. you will have to either leave it as an elf, or add padding to make the dol converter accept it as a valid section.
 

jskyboo

Well-Known Member
OP
Member
Joined
Sep 12, 2009
Messages
288
Trophies
1
XP
203
Country
United States
adding a wrapper to a program doesnt add too much complexity to the startup process. you can fit the entire wrapper in less than 200 bytes. actually, you can get it so small, then the elf2dol converter in devkitpro will say it is too small to be a dol section. you will have to either leave it as an elf, or add padding to make the dol converter accept it as a valid section.
pune I appreciate your input but as I have said it is not my prefered solution. It's not about the size of the wrapper. When talking about complexity 2 dols = 1 dol too much complexity. I just would rather not use that route. I would like to see that 200 byte loader though that would be pretty cool. Thanks but really I have thought a lot about this and I feel mapping the memory like this is the best way to know.
 

giantpune

Well-Known Member
Member
Joined
Apr 10, 2009
Messages
2,860
Trophies
1
XP
213
Country
United States
http://www.mediafire.com/?7950c9bj29mf6c0
which disassembles to the following code. from the start at 0x80004000 until the end where it executes the payload dol, it is 0xc8 bytes, which is exactly 200 :D . you could definitely get it a lot smaller if you wanted to. recent libogc apps zero their own bss section, so if you remove that part, it gets this little wrapper down to 160 bytes.

Code:
.start:80004000 # Source File : 'main.c'
.start:80004000
.start:80004000 # Processor       : PPC
.start:80004000 # Target assembler: GNU Assembler
.start:80004000 # Byte sex        : Big endian
.start:80004000
.start:80004000 # ===========================================================================
.start:80004000
.start:80004000 # Segment type: Pure code
.start:80004000                 .section ".start"
.start:80004000
.start:80004000 # =============== S U B R O U T I N E =======================================
.start:80004000
.start:80004000
.start:80004000                 .globl _start
.start:80004000 _start:
.start:80004000                 lis     %sp, -0x7EE0
.start:80004000 # End of function _start
.start:80004000
.start:80004000
.text.main:80004004 # ===========================================================================
.text.main:80004004
.text.main:80004004 # Segment type: Pure code
.text.main:80004004                 .section ".text.main"
.text.main:80004004
.text.main:80004004 # =============== S U B R O U T I N E =======================================
.text.main:80004004
.text.main:80004004
.text.main:80004004                 .globl main
.text.main:80004004 main:
.text.main:80004004
.text.main:80004004 .set arg_4,  4
.text.main:80004004
.text.main:80004004                 mfspr   %r0, LR
.text.main:80004008                 stwu    %sp, -8(%sp)
.text.main:8000400C                 lis     %r9, boot_dol@h
.text.main:80004010                 li      %r5, 0
.text.main:80004014                 addi    %r6, %r9, boot_dol@l
.text.main:80004018                 stw     %r0, 8+arg_4(%sp)
.text.main:8000401C                 mr      %r7, %r6
.text.main:80004020                 mr      %r4, %r6
.text.main:80004024
.text.main:80004024 loc_80004024:                           # CODE XREF: main+90j
.text.main:80004024                 lwz     %r0, 0(%r7)
.text.main:80004028                 li      %r10, 0
.text.main:8000402C                 lwz     %r8, 0x90(%r7)
.text.main:80004030                 add     %r9, %r0, %r4
.text.main:80004034                 lwz     %r11, 0x48(%r7)
.text.main:80004038                 addi    %r0, %r8, 1
.text.main:8000403C                 mtspr   CTR, %r0
.text.main:80004040                 b       loc_80004054
.text.main:80004044 # ---------------------------------------------------------------------------
.text.main:80004044
.text.main:80004044 loc_80004044:                           # CODE XREF: main:loc_80004054j
.text.main:80004044                 lbz     %r0, 0(%r9)
.text.main:80004048                 addi    %r9, %r9, 1
.text.main:8000404C                 stbx    %r0, %r11, %r10
.text.main:80004050                 addi    %r10, %r10, 1
.text.main:80004054
.text.main:80004054 loc_80004054:                           # CODE XREF: main+3Cj
.text.main:80004054                 bdnz    loc_80004044
.text.main:80004058                 addi    %r0, %r8, 0x1F
.text.main:8000405C                 clrrwi  %r9, %r11, 5
.text.main:80004060                 add     %r0, %r0, %r11
.text.main:80004064                 clrrwi  %r0, %r0, 5
.text.main:80004068                 b       loc_80004080
.text.main:8000406C # ---------------------------------------------------------------------------
.text.main:8000406C
.text.main:8000406C loc_8000406C:                           # CODE XREF: main+80j
.text.main:8000406C                 dcbst   %r0, %r9
.text.main:80004070                 sync
.text.main:80004074                 icbi    %r0, %r9
.text.main:80004078                 isync
.text.main:8000407C                 addi    %r9, %r9, 0x20
.text.main:80004080
.text.main:80004080 loc_80004080:                           # CODE XREF: main+64j
.text.main:80004080                 cmplw   cr7, %r9, %r0
.text.main:80004084                 blt     cr7, loc_8000406C
.text.main:80004088                 cmpwi   cr7, %r5, 0x11
.text.main:8000408C                 addi    %r7, %r7, 4
.text.main:80004090                 addi    %r5, %r5, 1
.text.main:80004094                 bne     cr7, loc_80004024
.text.main:80004098                 lwz     %r9, ((dword_800041BC-0x40E0)@l)(%r6)
.text.main:8000409C                 lwz     %r11, ((dword_800041B8-0x40E0)@l)(%r6)
.text.main:800040A0                 addi    %r9, %r9, 1
.text.main:800040A4                 mtspr   CTR, %r9
.text.main:800040A8                 li      %r9, 0
.text.main:800040AC                 b       loc_800040BC
.text.main:800040B0 # ---------------------------------------------------------------------------
.text.main:800040B0
.text.main:800040B0 loc_800040B0:                           # CODE XREF: main:loc_800040BCj
.text.main:800040B0                 li      %r0, 0
.text.main:800040B4                 stbx    %r0, %r11, %r9
.text.main:800040B8                 addi    %r9, %r9, 1
.text.main:800040BC
.text.main:800040BC loc_800040BC:                           # CODE XREF: main+A8j
.text.main:800040BC                 bdnz    loc_800040B0
.text.main:800040C0                 lwz     %r6, ((dword_800041C0-0x40E0)@l)(%r6)
.text.main:800040C4                 mtspr   CTR, %r6
.text.main:800040C8                 bctrl
.text.main:800040C8 # End of function main
.text.main:800040C8
.text.main:800040C8
.rodata:800040E0 # ===========================================================================
.rodata:800040E0
.rodata:800040E0 # Segment type: Pure data
.rodata:800040E0                 .section ".rodata"
.rodata:800040E0                 .globl boot_dol
.rodata:800040E0 boot_dol:       .byte    0              # DATA XREF: main+8o
.rodata:800040E0                                         # main+10o
.rodata:800040E1                 .byte    0
.rodata:800040E2                 .byte    1
.rodata:800040E3                 .byte    0
.rodata:800040E4                 .byte    0
.rodata:800040E5                 .byte    0
.rodata:800040E6                 .byte    0
.rodata:800040E7                 .byte    0
.rodata:800040E8                 .byte    0
.rodata:800040E9                 .byte    0
.rodata:800040EA                 .byte    0
.rodata:800040EB                 .byte    0
.rodata:800040EC                 .byte    0
.rodata:800040ED
 

jskyboo

Well-Known Member
OP
Member
Joined
Sep 12, 2009
Messages
288
Trophies
1
XP
203
Country
United States
http://www.mediafire...7950c9bj29mf6c0
which disassembles to the following code. from the start at 0x80004000 until the end where it executes the payload dol, it is 0xc8 bytes, which is exactly 200 :D . you could definitely get it a lot smaller if you wanted to. recent libogc apps zero their own bss section, so if you remove that part, it gets this little wrapper down to 160 bytes.
Nice. Might make for a nice backup plan.
 

tueidj

I R Expert
Member
Joined
Jan 8, 2009
Messages
2,569
Trophies
1
Website
Visit site
XP
1,009
Country
http://www.mediafire...7950c9bj29mf6c0
which disassembles to the following code. from the start at 0x80004000 until the end where it executes the payload dol, it is 0xc8 bytes, which is exactly 200 :D . you could definitely get it a lot smaller if you wanted to. recent libogc apps zero their own bss section, so if you remove that part, it gets this little wrapper down to 160 bytes.

Code:
.start:80004000 # Source File : 'main.c'
.start:80004000
.start:80004000 # Processor	   : PPC
.start:80004000 # Target assembler: GNU Assembler
.start:80004000 # Byte sex		: Big endian
.start:80004000
.start:80004000 # ===========================================================================
.start:80004000
.start:80004000 # Segment type: Pure code
.start:80004000				 .section ".start"
.start:80004000
.start:80004000 # =============== S U B R O U T I N E =======================================
.start:80004000
.start:80004000
.start:80004000				 .globl _start
.start:80004000 _start:
.start:80004000				 lis	 %sp, -0x7EE0
.start:80004000 # End of function _start
.start:80004000
.start:80004000
.text.main:80004004 # ===========================================================================
.text.main:80004004
.text.main:80004004 # Segment type: Pure code
.text.main:80004004				 .section ".text.main"
.text.main:80004004
.text.main:80004004 # =============== S U B R O U T I N E =======================================
.text.main:80004004
.text.main:80004004
.text.main:80004004				 .globl main
.text.main:80004004 main:
.text.main:80004004
.text.main:80004004 .set arg_4,  4
.text.main:80004004
.text.main:80004004				 mfspr   %r0, LR
.text.main:80004008				 stwu	%sp, -8(%sp)
.text.main:8000400C				 lis	 %r9, boot_dol@h
.text.main:80004010				 li	  %r5, 0
.text.main:80004014				 addi	%r6, %r9, boot_dol@l
.text.main:80004018				 stw	 %r0, 8+arg_4(%sp)
.text.main:8000401C				 mr	  %r7, %r6
.text.main:80004020				 mr	  %r4, %r6
.text.main:80004024
.text.main:80004024 loc_80004024:						   # CODE XREF: main+90j
.text.main:80004024				 lwz	 %r0, 0(%r7)
.text.main:80004028				 li	  %r10, 0
.text.main:8000402C				 lwz	 %r8, 0x90(%r7)
.text.main:80004030				 add	 %r9, %r0, %r4
.text.main:80004034				 lwz	 %r11, 0x48(%r7)
.text.main:80004038				 addi	%r0, %r8, 1
.text.main:8000403C				 mtspr   CTR, %r0
.text.main:80004040				 b	   loc_80004054
.text.main:80004044 # ---------------------------------------------------------------------------
.text.main:80004044
.text.main:80004044 loc_80004044:						   # CODE XREF: main:loc_80004054j
.text.main:80004044				 lbz	 %r0, 0(%r9)
.text.main:80004048				 addi	%r9, %r9, 1
.text.main:8000404C				 stbx	%r0, %r11, %r10
.text.main:80004050				 addi	%r10, %r10, 1
.text.main:80004054
.text.main:80004054 loc_80004054:						   # CODE XREF: main+3Cj
.text.main:80004054				 bdnz	loc_80004044
.text.main:80004058				 addi	%r0, %r8, 0x1F
.text.main:8000405C				 clrrwi  %r9, %r11, 5
.text.main:80004060				 add	 %r0, %r0, %r11
.text.main:80004064				 clrrwi  %r0, %r0, 5
.text.main:80004068				 b	   loc_80004080
.text.main:8000406C # ---------------------------------------------------------------------------
.text.main:8000406C
.text.main:8000406C loc_8000406C:						   # CODE XREF: main+80j
.text.main:8000406C				 dcbst   %r0, %r9
.text.main:80004070				 sync
.text.main:80004074				 icbi	%r0, %r9
.text.main:80004078				 isync
.text.main:8000407C				 addi	%r9, %r9, 0x20
.text.main:80004080
.text.main:80004080 loc_80004080:						   # CODE XREF: main+64j
.text.main:80004080				 cmplw   cr7, %r9, %r0
.text.main:80004084				 blt	 cr7, loc_8000406C
.text.main:80004088				 cmpwi   cr7, %r5, 0x11
.text.main:8000408C				 addi	%r7, %r7, 4
.text.main:80004090				 addi	%r5, %r5, 1
.text.main:80004094				 bne	 cr7, loc_80004024
.text.main:80004098				 lwz	 %r9, ((dword_800041BC-0x40E0)@l)(%r6)
.text.main:8000409C				 lwz	 %r11, ((dword_800041B8-0x40E0)@l)(%r6)
.text.main:800040A0				 addi	%r9, %r9, 1
.text.main:800040A4				 mtspr   CTR, %r9
.text.main:800040A8				 li	  %r9, 0
.text.main:800040AC				 b	   loc_800040BC
.text.main:800040B0 # ---------------------------------------------------------------------------
.text.main:800040B0
.text.main:800040B0 loc_800040B0:						   # CODE XREF: main:loc_800040BCj
.text.main:800040B0				 li	  %r0, 0
.text.main:800040B4				 stbx	%r0, %r11, %r9
.text.main:800040B8				 addi	%r9, %r9, 1
.text.main:800040BC
.text.main:800040BC loc_800040BC:						   # CODE XREF: main+A8j
.text.main:800040BC				 bdnz	loc_800040B0
.text.main:800040C0				 lwz	 %r6, ((dword_800041C0-0x40E0)@l)(%r6)
.text.main:800040C4				 mtspr   CTR, %r6
.text.main:800040C8				 bctrl
.text.main:800040C8 # End of function main
.text.main:800040C8
.text.main:800040C8
.rodata:800040E0 # ===========================================================================
.rodata:800040E0
.rodata:800040E0 # Segment type: Pure data
.rodata:800040E0				 .section ".rodata"
.rodata:800040E0				 .globl boot_dol
.rodata:800040E0 boot_dol:	   .byte	0			  # DATA XREF: main+8o
.rodata:800040E0										 # main+10o
.rodata:800040E1				 .byte	0
.rodata:800040E2				 .byte	1
.rodata:800040E3				 .byte	0
.rodata:800040E4				 .byte	0
.rodata:800040E5				 .byte	0
.rodata:800040E6				 .byte	0
.rodata:800040E7				 .byte	0
.rodata:800040E8				 .byte	0
.rodata:800040E9				 .byte	0
.rodata:800040EA				 .byte	0
.rodata:800040EB				 .byte	0
.rodata:800040EC				 .byte	0
.rodata:800040ED
Ummm... MMU setup? Cache initialization? Disabling interrupts? I wouldn't recommend using that code for anything that is expected to be launched by exploits.
 

JoostinOnline

Certified Crash Test Dummy
Member
Joined
Apr 2, 2011
Messages
11,005
Trophies
1
Location
The Twilight Zone
Website
www.hacksden.com
XP
4,341
Country
United States
Okay, I've just finished testing all 5 dols and elfs with both Bannerbomb v2 and the HBC (through wiiload). I have 4.1U (pretty sure everyone on this forum knows that though ;)).

The only one that didn't work was test 1 boot.elf using BB2. What's strange is the test 1 boot.dol DID work using BB2.
 

mauifrog

DA KINE WiiHacker
Member
Joined
Jan 21, 2010
Messages
1,587
Trophies
0
Website
Visit site
XP
392
Country
United States
Okay, I've just finished testing all 5 dols and elfs with both Bannerbomb v2 and the HBC (through wiiload). I have 4.1U (pretty sure everyone on this forum knows that though ;)).

The only one that didn't work was test 1 boot.elf using BB2. What's strange is the test 1 boot.dol DID work using BB2.
So it did and did not work with BB2, or it failed with BB2 and worked with BB1, or failed with BB1 and worked with BB2?
 

JoostinOnline

Certified Crash Test Dummy
Member
Joined
Apr 2, 2011
Messages
11,005
Trophies
1
Location
The Twilight Zone
Website
www.hacksden.com
XP
4,341
Country
United States
Okay, I've just finished testing all 5 dols and elfs with both Bannerbomb v2 and the HBC (through wiiload). I have 4.1U (pretty sure everyone on this forum knows that though ;)).

The only one that didn't work was test 1 boot.elf using BB2. What's strange is the test 1 boot.dol DID work using BB2.
So it did and did not work with BB2, or it failed with BB2 and worked with BB1, or failed with BB1 and worked with BB2?
I never tried BB1. I'm saying the elf file didn't work, but the dol did.
 

mauifrog

DA KINE WiiHacker
Member
Joined
Jan 21, 2010
Messages
1,587
Trophies
0
Website
Visit site
XP
392
Country
United States
Okay, I've just finished testing all 5 dols and elfs with both Bannerbomb v2 and the HBC (through wiiload). I have 4.1U (pretty sure everyone on this forum knows that though ;)).

The only one that didn't work was test 1 boot.elf using BB2. What's strange is the test 1 boot.dol DID work using BB2.
So it did and did not work with BB2, or it failed with BB2 and worked with BB1, or failed with BB1 and worked with BB2?
I never tried BB1. I'm saying the elf file didn't work, but the dol did.
Oh, I see that now. This is the shit that happens when you drink and post.
 
  • Like
Reactions: 1 person

jskyboo

Well-Known Member
OP
Member
Joined
Sep 12, 2009
Messages
288
Trophies
1
XP
203
Country
United States
Okay, I've just finished testing all 5 dols and elfs with both Bannerbomb v2 and the HBC (through wiiload). I have 4.1U (pretty sure everyone on this forum knows that though ;)).

The only one that didn't work was test 1 boot.elf using BB2. What's strange is the test 1 boot.dol DID work using BB2.
Hmm that is some odd behavior. Thanks for testing it for me Joostin.

I need more testers if anyone is willing to help. It's easy and mostly painless excep for some slightly deadly neurotoxin. I'm afraid I can't pay any of you testers but here's what I will do, I'll enter every tester into a raffle and then the winner of the raffle will win ....... cake!
 
  • Like
Reactions: 2 people

jskyboo

Well-Known Member
OP
Member
Joined
Sep 12, 2009
Messages
288
Trophies
1
XP
203
Country
United States
Do you want me to test any other exploits? BB1 and Letterbomb would be pretty easy for me to test. I really want that cake. ;)
If you have the time to test other exploits sure, although I must tell you only one raffle entry per tester otherwise you could hold out on the data. :evil: Anyway, this cake is great. It's so delicious and moist.
 

JoostinOnline

Certified Crash Test Dummy
Member
Joined
Apr 2, 2011
Messages
11,005
Trophies
1
Location
The Twilight Zone
Website
www.hacksden.com
XP
4,341
Country
United States
Do you want me to test any other exploits? BB1 and Letterbomb would be pretty easy for me to test. I really want that cake. ;)
If you have the time to test other exploits sure, although I must tell you only one raffle entry per tester otherwise you could hold out on the data. :evil: Anyway, this cake is great. It's so delicious and moist.
LOL! What kind of cake are we talking about? :rofl2:
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    kijetesantakalu042 @ kijetesantakalu042: @BigOnYa I have a friend who likes the pizza for some reason. Don't understand it +1