Winbagility 1 year ago
parent
commit
48e58e1a88
4 changed files with 68 additions and 16 deletions
  1. 15
    12
      codebin2js.py
  2. 43
    0
      codebin2js_DEV.py
  3. 7
    2
      payload.js
  4. 3
    2
      payload/exploit_WORKING.html

+ 15
- 12
codebin2js.py View File

@@ -1,9 +1,10 @@
1 1
 import struct
2
+import os
3
+
2 4
 
3 5
 j = 0;
4 6
 
5
-payload = "[\n"
6
-"""
7
+payload = ""
7 8
 try:
8 9
     f = open("wiiuhaxx_loader.bin", "rb")
9 10
     while True:
@@ -17,12 +18,11 @@ for i in range(j&0x03):
17 18
     payload += "0x00, "
18 19
 payload += "\n"
19 20
 
20
-#print "0x48, 0x00, 0x00, 0x05, 0x7c, 0x68, 0x02, 0xa6, 0x38, 0x80, 0x00, 0x48, 0x7c, 0x84, 0x1a, 0x14, 0x80, 0xa4, 0x00, 0x00, 0x38, 0x84, 0x00, 0x04, 0x7f, 0xa3, 0xeb, 0x78, 0x38, 0xc0, 0x00, 0x02, 0x7c, 0xa5, 0x34, 0x30, 0x7c, 0xa9, 0x03, 0xa6, 0x80, 0xa4, 0x00, 0x00, 0x90, 0xa3, 0x00, 0x00, 0x38, 0x84, 0x00, 0x04, 0x38, 0x63, 0x00, 0x04, 0x42, 0x00, 0xff, 0xf0, 0x7c, 0x21, 0xf2, 0x14, 0x80, 0x61, 0x00, 0x04, 0x7c, 0x69, 0x03, 0xa6, 0x4e, 0x80, 0x04, 0x20,"
21
-payload += "0x00, 0x10, 0x00, 0x00,\n"
21
+payload += "0x00, 0x40, 0x00, 0x00,\n"
22 22
 j+=4
23
-"""
23
+
24 24
 try:
25
-    f = open("codeloader.bin", "rb")
25
+    f = open("code550.bin", "rb")
26 26
     while True:
27 27
         B = struct.unpack(">B", f.read(1))[0];
28 28
         payload += "0x%02x, " % (B)
@@ -34,10 +34,13 @@ for i in range(j&0x03):
34 34
     payload += "0x00,"
35 35
 payload += "\n"
36 36
 
37
-#padding
38
-for i in range(j, 0x1000-4, 4):
39
-    payload += "0x60, 0x00, 0x00, 0x00, "
40
-payload += "\n"
41
-payload += "]"
37
+#nop
38
+nop = "";
39
+for i in range(j, 0x4000-4, 4):
40
+    nop += "0x60, 0x00, 0x00, 0x00, "
41
+nop += "\n"
42 42
 
43
-print payload
43
+print "["
44
+print nop
45
+print payload
46
+print "]"

+ 43
- 0
codebin2js_DEV.py View File

@@ -0,0 +1,43 @@
1
+import struct
2
+
3
+j = 0;
4
+
5
+payload = "[\n"
6
+"""
7
+try:
8
+    f = open("wiiuhaxx_loader.bin", "rb")
9
+    while True:
10
+        B = struct.unpack(">B", f.read(1))[0];
11
+        payload += "0x%02x, " % (B)
12
+        j+=1
13
+except:
14
+    payload += "\n"
15
+
16
+for i in range(j&0x03):
17
+    payload += "0x00, "
18
+payload += "\n"
19
+
20
+#print "0x48, 0x00, 0x00, 0x05, 0x7c, 0x68, 0x02, 0xa6, 0x38, 0x80, 0x00, 0x48, 0x7c, 0x84, 0x1a, 0x14, 0x80, 0xa4, 0x00, 0x00, 0x38, 0x84, 0x00, 0x04, 0x7f, 0xa3, 0xeb, 0x78, 0x38, 0xc0, 0x00, 0x02, 0x7c, 0xa5, 0x34, 0x30, 0x7c, 0xa9, 0x03, 0xa6, 0x80, 0xa4, 0x00, 0x00, 0x90, 0xa3, 0x00, 0x00, 0x38, 0x84, 0x00, 0x04, 0x38, 0x63, 0x00, 0x04, 0x42, 0x00, 0xff, 0xf0, 0x7c, 0x21, 0xf2, 0x14, 0x80, 0x61, 0x00, 0x04, 0x7c, 0x69, 0x03, 0xa6, 0x4e, 0x80, 0x04, 0x20,"
21
+payload += "0x00, 0x10, 0x00, 0x00,\n"
22
+j+=4
23
+"""
24
+try:
25
+    f = open("codeloader.bin", "rb")
26
+    while True:
27
+        B = struct.unpack(">B", f.read(1))[0];
28
+        payload += "0x%02x, " % (B)
29
+        j+=1
30
+except:
31
+    payload += ""
32
+    
33
+for i in range(j&0x03):
34
+    payload += "0x00,"
35
+payload += "\n"
36
+
37
+#padding
38
+for i in range(j, 0x1000-4, 4):
39
+    payload += "0x60, 0x00, 0x00, 0x00, "
40
+payload += "\n"
41
+payload += "]"
42
+
43
+print payload

+ 7
- 2
payload.js
File diff suppressed because it is too large
View File


+ 3
- 2
payload/exploit_WORKING.html
File diff suppressed because it is too large
View File