unfortunately i dont think the average person is gonna understand any of that.....The idea here is to try and get more people involved in understanding how to use what Hykem is working on, and give you an idea of what can be done with it.
For example:
Raw ARM/thumb code, unprocessed:
(Pretty much useless to all)
Code:LOAD:101001CC DCD 0xE3A01000, 0xE3A02003, 0xE59F0E68, 0xEB00B320, 0xE59F2F2C LOAD:101001CC DCD 0xE3A01603, 0xE5820000, 0xE59F0E58, 0xEB00BA7A, 0xE3500000 LOAD:101001CC DCD 0xBA000020, 0xE3A00802, 0xEB00BA78, 0xE3500000, 0xBA00001C LOAD:101001CC DCD 0xEB00B9AB, 0xE59F0E38, 0xE3A01010, 0xEB00BA40, 0xE59F3E30 LOAD:101001CC DCD 0xE3500000, 0xE5830000, 0xBA000012, 0xE1A01000, 0xE59F0E20 LOAD:101001CC DCD 0xEB00B0F8, 0xE3500000, 0xBA000002, 0xE59F0E10, 0xE3A01FFA LOAD:101001CC DCD 0xEB00BA76, 0xE59F5E00, 0xE59F0E04, 0xE5951000, 0xEB00B0EF LOAD:101001CC DCD 0xE3500000, 0xBA000004, 0xE59F0DF0, 0xE3A01FFA, 0xEB00BA6D LOAD:101001CC DCD 0xE3500000, 0xA0000BD LOAD:10100274 dword_10100274 DCD 0xEB00BA16, 0xEB00BA1F, 0xE28DDE17, 0xE8BD8FF0 ; CODE XREF: LOAD:10100584j LOAD:10100284 dword_10100284 DCD 0xE352000D, 0xA000124, 0xE3520C01, 0x1A0000CC, 0xE59F0DC0 ; CODE XREF: LOAD:101005B4j LOAD:10100284 DCD 0xE5903000, 0xE3530000, 0xBA0000B1, 0xE59F0E4C, 0xE3A01CC6 LOAD:10100284 DCD 0xE3A02040, 0xEB00BA51, 0xE2509000, 0x1A06009, 0x3E05015 LOAD:10100284 DCD 0xA00009B, 0xE59F0E2C, 0xE3A01CC6, 0xE3A02040, 0xEB00BA49
Untouched as IDA Pro will decode it.
It's better than raw, but still pretty much useless as you don't know what it's doing without Segment Names, Cleartext CallNames and Labels.
Code:LOAD:101001CC ; --------------------------------------------------------------------------- LOAD:101001CC MOV R1, #0 LOAD:101001D0 MOV R2, #3 LOAD:101001D4 LDR R0, =unk_101400AC LOAD:101001D8 BL sub_1012CE60 LOAD:101001DC ; --------------------------------------------------------------------------- LOAD:101001DC LDR R2, =unk_10145000 LOAD:101001E0 MOV R1, #0x300000 LOAD:101001E4 STR R0, [R2] LOAD:101001E8 LDR R0, =unk_10146060 LOAD:101001EC BL sub_1012EBDC LOAD:101001F0 ; --------------------------------------------------------------------------- LOAD:101001F0 CMP R0, #0 LOAD:101001F4 BLT loc_1010027C LOAD:101001F8 MOV R0, #0x20000 LOAD:101001FC BL sub_1012EBE4 LOAD:10100200 ; --------------------------------------------------------------------------- LOAD:10100200 CMP R0, #0 LOAD:10100204 BLT loc_1010027C LOAD:10100208 BL sub_1012E8BC LOAD:1010020C LDR R0, =unk_10146010 LOAD:10100210 MOV R1, #0x10 LOAD:10100214 BL sub_1012EB1C LOAD:10100218 ; --------------------------------------------------------------------------- LOAD:10100218 LDR R3, =unk_10146050 LOAD:1010021C CMP R0, #0 LOAD:10100220 STR R0, [R3] LOAD:10100224 BLT loc_10100274 LOAD:10100228 MOV R1, R0 LOAD:1010022C LDR R0, =unk_101400B0 LOAD:10100230 BL sub_1012C618 LOAD:10100234 ; --------------------------------------------------------------------------- LOAD:10100234 CMP R0, #0 LOAD:10100238 BLT loc_10100248 LOAD:1010023C LDR R0, =unk_101400B0 LOAD:10100240 MOV R1, #0x3E8 LOAD:10100244 BL sub_1012EC24 LOAD:10100248 ; --------------------------------------------------------------------------- LOAD:10100248 LOAD:10100248 loc_10100248 ; CODE XREF: LOAD:10100238j LOAD:10100248 LDR R5, =unk_10146050 LOAD:1010024C LDR R0, =unk_101400C0 LOAD:10100250 LDR R1, [R5] LOAD:10100254 BL sub_1012C618 LOAD:10100258 ; --------------------------------------------------------------------------- LOAD:10100258 CMP R0, #0 LOAD:1010025C BLT loc_10100274 LOAD:10100260 LDR R0, =unk_101400C0 LOAD:10100264 MOV R1, #0x3E8 LOAD:10100268 BL sub_1012EC24 LOAD:1010026C ; --------------------------------------------------------------------------- LOAD:1010026C CMP R0, #0 LOAD:10100270 BEQ loc_1010056C LOAD:10100274 LOAD:10100274 loc_10100274 ; CODE XREF: LOAD:10100224j LOAD:10100274 ; LOAD:1010025Cj ... LOAD:10100274 BL sub_1012EAD4 LOAD:10100278 ; --------------------------------------------------------------------------- LOAD:10100278 BL sub_1012EAFC LOAD:1010027C ; --------------------------------------------------------------------------- LOAD:1010027C LOAD:1010027C loc_1010027C ; CODE XREF: LOAD:101001F4j LOAD:1010027C ; LOAD:10100204j LOAD:1010027C ADD SP, SP, #0x170 LOAD:10100280 LDMFD SP!, {R4-R11,PC} LOAD:10100284 ; --------------------------------------------------------------------------- LOAD:10100284 LOAD:10100284 loc_10100284 ; CODE XREF: LOAD:101005B4j LOAD:10100284 CMP R2, #0xD LOAD:10100288 BEQ loc_10100720 LOAD:1010028C CMP R2, #0x100 LOAD:10100290 BNE loc_101005C8 LOAD:10100294 LDR R0, =unk_10145020 LOAD:10100298 LDR R3, [R0] LOAD:1010029C CMP R3, #0 LOAD:101002A0 BLT loc_1010056C LOAD:101002A4 LDR R0, =0xCAFE LOAD:101002A8 MOV R1, #0xC600 LOAD:101002AC MOV R2, #0x40 LOAD:101002B0 BL sub_1012EBFC LOAD:101002B4 ; --------------------------------------------------------------------------- LOAD:101002B4 SUBS R9, R0, #0 LOAD:101002B8 MOVEQ R6, R9 LOAD:101002BC MOVEQ R5, 0xFFFFFFEA LOAD:101002C0 BEQ loc_10100534 LOAD:101002C4 LDR R0, =0xCAFE LOAD:101002C8 MOV R1, #0xC600 LOAD:101002CC MOV R2, #0x40 LOAD:101002D0 BL sub_1012EBFC LOAD:101002D4 ; ---------------------------------------------------------------------------
Here is the same data adding in the Segment Names, Comments, CallNames and Stringing the Cleartext.
Now it can be read and understood what this section of code does.
(This is "Stage-One" labeling as I have not yet gone back and added in what the internal branches and compares do yet.)
Code:IOS_USB:101001CC MOV R1, #0 IOS_USB:101001D0 MOV R2, #3 IOS_USB:101001D4 LDR R0, =aUsb ; "USB" IOS_USB:101001D8 BL sub_1012CE60 IOS_USB:101001DC ; --------------------------------------------------------------------------- IOS_USB:101001DC LDR R2, =dword_10145000 IOS_USB:101001E0 MOV R1, #0x300000 IOS_USB:101001E4 STR R0, [R2] IOS_USB:101001E8 LDR R0, =dword_10146060 IOS_USB:101001EC BL SysCall_0x24_IOS_USB ; int IOS_CreateLocalProcessHeap(void *ptr, int size) IOS_USB:101001EC ; Create a new local process heap of size bytes IOS_USB:101001EC ; Returns -> The heap ID or error (negative value) IOS_USB:101001F0 ; --------------------------------------------------------------------------- IOS_USB:101001F0 CMP R0, #0 IOS_USB:101001F4 BLT loc_1010027C IOS_USB:101001F8 MOV R0, #0x20000 IOS_USB:101001FC BL SysCall_0x25_IOS_USB ; int IOS_CreateCrossProcessHeap(int size) IOS_USB:101001FC ; Create a new cross process heap of size bytes IOS_USB:101001FC ; Returns -> The heap ID or error (negative value) IOS_USB:10100200 ; --------------------------------------------------------------------------- IOS_USB:10100200 CMP R0, #0 IOS_USB:10100204 BLT loc_1010027C IOS_USB:10100208 BL sub_1012E8BC IOS_USB:1010020C LDR R0, =dword_10146010 IOS_USB:10100210 MOV R1, #0x10 IOS_USB:10100214 BL SysCall_0x0C_IOS_USB ; int IOS_CreateMessageQueue(u32 *ptr, u32 n_msgs) IOS_USB:10100214 ; Create a queue at ptr, for n_msgs messages IOS_USB:10100214 ; Returns -> The queue ID IOS_USB:10100218 ; --------------------------------------------------------------------------- IOS_USB:10100218 LDR R3, =dword_10146050 IOS_USB:1010021C CMP R0, #0 IOS_USB:10100220 STR R0, [R3] IOS_USB:10100224 BLT loc_10100274 IOS_USB:10100228 MOV R1, R0 IOS_USB:1010022C LDR R0, =aDevUsbproc1 ; "/dev/usbproc1" IOS_USB:10100230 BL sub_1012C618 IOS_USB:10100234 ; --------------------------------------------------------------------------- IOS_USB:10100234 CMP R0, #0 IOS_USB:10100238 BLT loc_10100248 IOS_USB:1010023C LDR R0, =aDevUsbproc1 ; "/dev/usbproc1" IOS_USB:10100240 MOV R1, #0x3E8 IOS_USB:10100244 BL SysCall_0x2D_IOS_USB ; int device_associate(const char* device, int internal_id) IOS_USB:10100244 ; Associates a device to the specified internal IOS ID. IOS_USB:10100244 ; This ID appears to correspond to the cos.xml permissions groupid? ; This syscall isn't used with devices that don't require any permissions(and are PowerPC-accessible) it seems. ; It appears when this ID isn't listed in the cos.xml groupids at all, the device is ARM-only. IOS_USB:10100244 ; Returns -> 0 on success IOS_USB:10100248 ; --------------------------------------------------------------------------- IOS_USB:10100248 IOS_USB:10100248 loc_10100248 ; CODE XREF: IOS_USB:10100238j IOS_USB:10100248 LDR R5, =dword_10146050 IOS_USB:1010024C LDR R0, =aDevUsbproc2 ; "/dev/usbproc2" IOS_USB:10100250 LDR R1, [R5] IOS_USB:10100254 BL sub_1012C618 IOS_USB:10100258 ; --------------------------------------------------------------------------- IOS_USB:10100258 CMP R0, #0 IOS_USB:1010025C BLT loc_10100274 IOS_USB:10100260 LDR R0, =aDevUsbproc2 ; "/dev/usbproc2" IOS_USB:10100264 MOV R1, #0x3E8 IOS_USB:10100268 BL SysCall_0x2D_IOS_USB ; int device_associate(const char* device, int internal_id) IOS_USB:10100268 ; Associates a device to the specified internal IOS ID. IOS_USB:10100268 ; This ID appears to correspond to the cos.xml permissions groupid? This syscall isn't used with devices that don't require any permissions(and are PowerPC-accessible) it seems. It appears when this ID isn't listed in the cos.xml groupids at all, the device is ARM-only. IOS_USB:10100268 ; Returns -> 0 on success IOS_USB:1010026C ; --------------------------------------------------------------------------- IOS_USB:1010026C CMP R0, #0 IOS_USB:10100270 BEQ loc_1010056C IOS_USB:10100274 IOS_USB:10100274 loc_10100274 ; CODE XREF: IOS_USB:10100224j IOS_USB:10100274 ; IOS_USB:1010025Cj ... IOS_USB:10100274 BL SysCall_0x03_IOS_USB ; int get_tid() IOS_USB:10100274 ; Get the current thread's ID IOS_USB:10100274 ; Returns -> Current threadid IOS_USB:10100278 ; --------------------------------------------------------------------------- IOS_USB:10100278 BL SysCall_0x08_IOS_USB ; int thread_suspend(int threadid) IOS_USB:10100278 ; Suspend the specified thread IOS_USB:10100278 ; Returns -> 0 on success IOS_USB:1010027C ; --------------------------------------------------------------------------- IOS_USB:1010027C IOS_USB:1010027C loc_1010027C ; CODE XREF: IOS_USB:101001F4j IOS_USB:1010027C ; IOS_USB:10100204j IOS_USB:1010027C ADD SP, SP, #0x170 IOS_USB:10100280 LDMFD SP!, {R4-R11,PC} IOS_USB:10100284 ; --------------------------------------------------------------------------- IOS_USB:10100284 IOS_USB:10100284 loc_10100284 ; CODE XREF: IOS_USB:101005B4j IOS_USB:10100284 CMP R2, #0xD IOS_USB:10100288 BEQ loc_10100720 IOS_USB:1010028C CMP R2, #0x100 IOS_USB:10100290 BNE loc_101005C8 IOS_USB:10100294 LDR R0, =dword_10145020 IOS_USB:10100298 LDR R3, [R0] IOS_USB:1010029C CMP R3, #0 IOS_USB:101002A0 BLT loc_1010056C IOS_USB:101002A4 LDR R0, =0xCAFE IOS_USB:101002A8 MOV R1, #0xC600 IOS_USB:101002AC MOV R2, #0x40 IOS_USB:101002B0 BL SysCall_0x28_IOS_USB ; void* heap_alloc_aligned(int heapid, u32 size, u32 align) IOS_USB:101002B0 ; Allocate size bytes from the specified heap with the requested alignment IOS_USB:101002B0 ; Returns -> Pointer to aligned memory IOS_USB:101002B4 ; --------------------------------------------------------------------------- IOS_USB:101002B4 SUBS R9, R0, #0 IOS_USB:101002B8 MOVEQ R6, R9 IOS_USB:101002BC MOVEQ R5, #0xFFFFFFEA IOS_USB:101002C0 BEQ loc_10100534 IOS_USB:101002C4 LDR R0, =0xCAFE IOS_USB:101002C8 MOV R1, #0xC600 IOS_USB:101002CC MOV R2, #0x40 IOS_USB:101002D0 BL SysCall_0x28_IOS_USB ; void* heap_alloc_aligned(int heapid, u32 size, u32 align) IOS_USB:101002D0 ; Allocate size bytes from the specified heap with the requested alignment IOS_USB:101002D0 ; Returns -> Pointer to aligned memory IOS_USB:101002D4 ; ---------------------------------------------------------------------------
The big problem I see is there's no "Safe Haven" for people to discuss this type of thing.
If we try to do it here, the threads keep getting clogged with offtopic posts.
All that accomplishes is delays as everyone has to work in a vacuum to keep their sanity...
-dl
fact
quoted for truth
Funny. Especially that it's counting down to March 1st, but at the bottom it says the event is March 29th.
- Joined
- Jan 5, 2016
- Messages
- 1,247
- Trophies
- 0
- Age
- 32
- Location
- Kansas City, Missouri
- Website
- www.anus.trade
- XP
- 2,520
- Country
Not mine. https://twitter.com/ryanrocks462Funny. Especially that it's counting down to March 1st, but at the bottom it says the event is March 29th.
Why are you following that slumlord
- Joined
- Jan 5, 2016
- Messages
- 1,247
- Trophies
- 0
- Age
- 32
- Location
- Kansas City, Missouri
- Website
- www.anus.trade
- XP
- 2,520
- Country
I find him funny. Why I follow smealum too.
--------------------- MERGED ---------------------------
Oh, and Cemu leaks <3
Sorry for asking but I just need a confirmation if possible.
For the current *lines/homebrew, i know i need to ideally be one 5.3.2.
However, based on current knowledge, will it be safe for me to update to 5.5.1 with intent to hack it down the line e.g. Ios u?
For the current *lines/homebrew, i know i need to ideally be one 5.3.2.
However, based on current knowledge, will it be safe for me to update to 5.5.1 with intent to hack it down the line e.g. Ios u?
- Joined
- Jan 7, 2014
- Messages
- 14,600
- Trophies
- 4
- Location
- Another World
- Website
- www.gbatemp.net
- XP
- 25,217
- Country
The IOSU exploit should work on all firmwares. Currently, all the fun is on 5.3.2 and 5.4.0, so better keep the lowest possible version.
Well, he isn't THAT bad honestly, but some of the things he does are highly questionable.
Some? I was only browsing the first two pages of his twitter and couldn't find a single quality/funny tweet. Didn't strike me as a persona worth following.
Whats the answer to this question?
What is the output of 'date -u +%F | sha1sum | head -c8; echo' ?
is for create an account on WiiUBrew but im spanish and i dont understand it
thanks!
What is the output of 'date -u +%F | sha1sum | head -c8; echo' ?
is for create an account on WiiUBrew but im spanish and i dont understand it
thanks!
You don't need an account on wiiubrew to read it - only to contribute if you have some valid technical data to offer.
The reason for the question is to prove you understand the technical nature of the site.
It's definitely not a place to ask questions.
(Also, the question isn't in "English" per say.)
Asking people questions there would more likely make them stop posting there too - so please don't or we all lose.
Acronym Definition
SEEPROM Serial (PC) Electrically Erasable Programmable Read Only Memory
That seems like a kind of big deal. Thank you Hykem!
Similar threads
- No one is chatting at the moment.
