├── scripts ├── .gitignore ├── blz.exe ├── qrcode.exe ├── blowfish_processed.bin ├── extractPatch.py ├── fixCRRpatch.py ├── fixCRO.py ├── makePatches.py ├── obfuscator5000.py ├── buildAll.py ├── makeROP.py ├── relocROP.py ├── blowfish.py ├── portRopDb.py ├── makeHeaders.py ├── 96crypto_dbgen.py └── crypt.py ├── cn_save_initial_loader ├── cn_initial │ ├── data │ │ └── .gitkeep │ ├── ccd00.specs │ ├── ccd00.ld │ ├── source │ │ ├── types.h │ │ └── crt0.s │ └── Makefile ├── sploit_proto.bin └── Makefile ├── cn_constants ├── JPN │ ├── Makefile │ └── constants.txt ├── WEST │ ├── Makefile │ └── constants.txt └── Makefile ├── firm_constants ├── N3DS │ ├── Makefile │ └── constants.txt ├── POST5 │ ├── Makefile │ └── constants.txt ├── PRE5 │ ├── Makefile │ └── constants.txt └── Makefile ├── region_constants ├── E │ ├── Makefile │ └── constants.txt ├── J │ ├── Makefile │ └── constants.txt ├── K │ ├── Makefile │ └── constants.txt ├── U │ ├── Makefile │ └── constants.txt └── Makefile ├── cn_qr_installer ├── sploit_proto.bin └── Makefile ├── menu_ropdb ├── Makefile ├── 10240_kor_ropdb.txt ├── 11266_kor_ropdb.txt ├── 12288_kor_ropdb.txt ├── 13312_kor_ropdb.txt ├── 14336_kor_ropdb.txt ├── 6166_kor_ropdb.txt ├── 7175_kor_ropdb.txt ├── 8192_kor_ropdb.txt ├── 9216_kor_ropdb.txt ├── 11272_ropdb.txt ├── 12288_ropdb.txt ├── 13330_ropdb.txt ├── 14336_ropdb.txt ├── 15360_ropdb.txt ├── 16404_ropdb.txt ├── 17415_ropdb.txt ├── 19456_ropdb.txt ├── 20480_ropdb.txt ├── 21504_ropdb.txt ├── 22528_ropdb.txt ├── 23554_ropdb.txt ├── 24576_ropdb.txt ├── 25600_ropdb.txt ├── 26624_ropdb.txt ├── 27649_ropdb.txt ├── 15361_kor_ropdb.txt ├── 20480_usa_ropdb.txt ├── 21504_usa_ropdb.txt ├── 22528_usa_ropdb.txt ├── 23552_usa_ropdb.txt ├── 24578_usa_ropdb.txt ├── 25600_usa_ropdb.txt ├── 26624_usa_ropdb.txt ├── 27648_usa_ropdb.txt ├── 28673_usa_ropdb.txt ├── unsupported_ropdb.txt ├── 29696_ropdb.txt ├── 29697_usa_ropdb.txt ├── 30720_usa_ropdb.txt └── 31745_ropdb.txt ├── .gitignore ├── menu_payload ├── Makefile └── menu_payload_loadropbin.s ├── Makefile └── README.md /scripts/.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | -------------------------------------------------------------------------------- /cn_save_initial_loader/cn_initial/data/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cn_constants/JPN/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | constants.txt: 4 | clean: 5 | -------------------------------------------------------------------------------- /cn_constants/WEST/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | constants.txt: 4 | clean: 5 | -------------------------------------------------------------------------------- /firm_constants/N3DS/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | constants.txt: 4 | clean: 5 | -------------------------------------------------------------------------------- /firm_constants/POST5/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | constants.txt: 4 | clean: 5 | -------------------------------------------------------------------------------- /firm_constants/PRE5/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | constants.txt: 4 | clean: 5 | -------------------------------------------------------------------------------- /region_constants/E/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | constants.txt: 4 | clean: 5 | -------------------------------------------------------------------------------- /region_constants/J/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | constants.txt: 4 | clean: 5 | -------------------------------------------------------------------------------- /region_constants/K/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | constants.txt: 4 | clean: 5 | -------------------------------------------------------------------------------- /region_constants/U/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | constants.txt: 4 | clean: 5 | -------------------------------------------------------------------------------- /scripts/blz.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zoogie/ninjhax2-dx/HEAD/scripts/blz.exe -------------------------------------------------------------------------------- /scripts/qrcode.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zoogie/ninjhax2-dx/HEAD/scripts/qrcode.exe -------------------------------------------------------------------------------- /cn_qr_installer/sploit_proto.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zoogie/ninjhax2-dx/HEAD/cn_qr_installer/sploit_proto.bin -------------------------------------------------------------------------------- /scripts/blowfish_processed.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zoogie/ninjhax2-dx/HEAD/scripts/blowfish_processed.bin -------------------------------------------------------------------------------- /cn_save_initial_loader/cn_initial/ccd00.specs: -------------------------------------------------------------------------------- 1 | %rename link old_link 2 | 3 | *link: 4 | %(old_link) -T ./ccd00.ld%s 5 | -------------------------------------------------------------------------------- /cn_save_initial_loader/sploit_proto.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zoogie/ninjhax2-dx/HEAD/cn_save_initial_loader/sploit_proto.bin -------------------------------------------------------------------------------- /menu_ropdb/Makefile: -------------------------------------------------------------------------------- 1 | all: ropdb.txt 2 | 3 | clean: 4 | @rm -f ropdb.txt 5 | @echo "all cleaned up !" 6 | 7 | ropdb.txt: 8 | @cp $(MENUVERSION)_ropdb.txt ./ropdb.txt 9 | -------------------------------------------------------------------------------- /region_constants/E/constants.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("CAMAPP_TIDLOW", "0x00022400"), 3 | ("DLPLAY_TIDLOW", "0x00022100"), 4 | ("ACTAPP_TIDLOW", "0x0002C100"), 5 | ("MSET_TIDLOW", "0x00022000"), 6 | ("NFACE_TIDLOW", "0x20022D00"), 7 | ] 8 | -------------------------------------------------------------------------------- /region_constants/J/constants.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("CAMAPP_TIDLOW", "0x00020400"), 3 | ("DLPLAY_TIDLOW", "0x00020100"), 4 | ("ACTAPP_TIDLOW", "0x0002BF00"), 5 | ("MSET_TIDLOW", "0x00020000"), 6 | ("NFACE_TIDLOW", "0x20020D00"), 7 | ] 8 | -------------------------------------------------------------------------------- /region_constants/U/constants.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("CAMAPP_TIDLOW", "0x00021400"), 3 | ("DLPLAY_TIDLOW", "0x00021100"), 4 | ("ACTAPP_TIDLOW", "0x0002C000"), 5 | ("MSET_TIDLOW", "0x00021000"), 6 | ("NFACE_TIDLOW", "0x20021D00"), 7 | ] 8 | -------------------------------------------------------------------------------- /region_constants/K/constants.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("CAMAPP_TIDLOW", "0x00027400"), 3 | ("DLPLAY_TIDLOW", "0x00027100"), 4 | ("ACTAPP_TIDLOW", "0x0002C300"), # Korea console not have ACTAPP 5 | ("MSET_TIDLOW", "0x00027000"), 6 | ("NFACE_TIDLOW", "0x20027D00"), 7 | ] 8 | -------------------------------------------------------------------------------- /cn_constants/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | clean: 4 | @rm -f constants.txt 5 | @cd WEST && make clean 6 | @cd JPN && make clean 7 | @echo "all cleaned up !" 8 | 9 | constants.txt: 10 | @cd $(CNVERSION) && make 11 | @cp $(CNVERSION)/$@ ./ 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.elf 2 | *.map 3 | *.o 4 | *.d 5 | *.png 6 | build/* 7 | cn_initial.bin 8 | cn_qr_installer.bin 9 | menu_payload/*.bin 10 | menu_payload_loadropbin* 11 | cn_save_initial_loader.bin 12 | debug 13 | constants.* 14 | ropdb.txt 15 | data.bin 16 | build.bat -------------------------------------------------------------------------------- /firm_constants/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | clean: 4 | @rm -f constants.txt 5 | @cd PRE5 && make clean 6 | @cd POST5 && make clean 7 | @cd N3DS && make clean 8 | @echo "all cleaned up !" 9 | 10 | constants.txt: 11 | @cd $(FIRMVERSION) && make 12 | @cp $(FIRMVERSION)/$@ ./ 13 | -------------------------------------------------------------------------------- /region_constants/Makefile: -------------------------------------------------------------------------------- 1 | all: constants.txt 2 | 3 | clean: 4 | @rm -f constants.txt 5 | @cd E && make clean 6 | @cd U && make clean 7 | @cd J && make clean 8 | @cd K && make clean 9 | @echo "all cleaned up !" 10 | 11 | constants.txt: 12 | @cd $(REGION) && make 13 | @cp $(REGION)/$@ ./ 14 | -------------------------------------------------------------------------------- /cn_save_initial_loader/cn_initial/ccd00.ld: -------------------------------------------------------------------------------- 1 | OUTPUT_ARCH(arm) 2 | 3 | MEMORY 4 | { 5 | /*RAMRO (rx) : ORIGIN = 0x00100000, LENGTH = 0x001DA000*/ 6 | /*RAMRO (rx) : ORIGIN = 0x002D9000, LENGTH = 0x00001000*/ 7 | /*RAMRO (rx) : ORIGIN = 0x002D9700, LENGTH = 0x00001000*/ 8 | RAMRO (rx) : ORIGIN = 0x00100000, LENGTH = 0x00001000 9 | } 10 | 11 | SECTIONS 12 | { 13 | /*.text : ALIGN(0x1000) {*/ 14 | .text : ALIGN(0x100) { 15 | build/crt0.o(.init) 16 | *(.text) 17 | *(.rodata) 18 | } 19 | } 20 | 21 | -------------------------------------------------------------------------------- /firm_constants/PRE5/constants.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("CN_TEXTPAOFFSET", "0x03DBE000"), 3 | ("CN_TEXTPA_OFFSET_FROMEND", "CN_TEXTPAOFFSET-0x04000000"), 4 | 5 | ("FIRM_LINEAROFFSET", "-0x0C000000"), 6 | ("FIRM_APPMEMALLOC", "0x04000000"), 7 | 8 | ("FIRM_LINEARSYSTEM", "0x34000000"), 9 | 10 | ("MENU_LOADEDROP_BUFADR", "0x35040000"), 11 | ("MENU_LOADEDROP_BKP_BUFADR", "(MENU_LOADEDROP_BUFADR + 0x8000)"), 12 | ("MENU_PARAMETER_SIZE", "(0x800)"), 13 | ("MENU_PARAMETER_BUFADR", "(MENU_LOADEDROP_BUFADR - MENU_PARAMETER_SIZE*4)"), 14 | ] 15 | -------------------------------------------------------------------------------- /firm_constants/N3DS/constants.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("CN_TEXTPAOFFSET", "0x03E00000"), 3 | ("CN_TEXTPA_OFFSET_FROMEND", "CN_TEXTPAOFFSET-0x04000000"), 4 | 5 | ("FIRM_LINEAROFFSET", "0x10000000"), 6 | ("FIRM_APPMEMALLOC", "0x07C00000"), 7 | 8 | ("FIRM_LINEARSYSTEM", "0x38000000"), 9 | 10 | ("HB_MEM0_SIZE", "64*1024*1024"), 11 | ("HB_MEM0_ADDR", "0x0A000000"), 12 | 13 | ("MENU_LOADEDROP_BUFADR", "0x38C40000"), 14 | ("MENU_LOADEDROP_BKP_BUFADR", "(MENU_LOADEDROP_BUFADR + 0x8000)"), 15 | ("MENU_PARAMETER_SIZE", "(0x800)"), 16 | ("MENU_PARAMETER_BUFADR", "(MENU_LOADEDROP_BUFADR - MENU_PARAMETER_SIZE*6)"), 17 | ] 18 | -------------------------------------------------------------------------------- /firm_constants/POST5/constants.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("CN_TEXTPAOFFSET", "0x03E00000"), 3 | ("CN_TEXTPA_OFFSET_FROMEND", "CN_TEXTPAOFFSET-0x04000000"), 4 | 5 | ("FIRM_LINEAROFFSET", "-0x0C000000"), 6 | ("FIRM_APPMEMALLOC", "0x04000000"), 7 | 8 | ("FIRM_LINEARSYSTEM", "0x34000000"), 9 | 10 | ("HB_MEM0_SIZE", "10*1024*1024"), 11 | ("HB_MEM0_ADDR", "0x0A000000"), 12 | 13 | ("MENU_LOADEDROP_BUFADR", "0x35040000"), 14 | ("MENU_LOADEDROP_BKP_BUFADR", "(MENU_LOADEDROP_BUFADR + 0x8000)"), 15 | ("MENU_PARAMETER_SIZE", "(0x800)"), 16 | ("MENU_PARAMETER_BUFADR", "(MENU_LOADEDROP_BUFADR - MENU_PARAMETER_SIZE*6)"), 17 | ] 18 | -------------------------------------------------------------------------------- /scripts/extractPatch.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | def getWord(b, k, n=4): 4 | return sum(list(map(lambda c: b[k+c]<<(c*8),range(n)))) 5 | 6 | origfn=sys.argv[1] 7 | patchfn=sys.argv[2] 8 | outfn=sys.argv[3] 9 | offset=int(sys.argv[4], 0) 10 | end_offset=int(sys.argv[5], 0) 11 | 12 | origdata=bytearray(open(origfn,"rb").read()) 13 | patchdata=bytearray(open(patchfn,"rb").read()) 14 | 15 | if len(sys.argv)>6: 16 | size=int(sys.argv[5], 0) 17 | else: 18 | k=end_offset 19 | while getWord(origdata,k-4)==getWord(patchdata,k-4): 20 | k-=4 21 | size=k-offset 22 | 23 | open(outfn,"wb").write(patchdata[offset:(offset+size)]) 24 | -------------------------------------------------------------------------------- /scripts/fixCRRpatch.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import hashlib 4 | sys.path.append(os.path.abspath(os.path.dirname(os.path.abspath(__file__))+"/../build/")) 5 | from constants import * 6 | 7 | def getWord(b, k, n=4): 8 | return sum(list(map(lambda c: b[k+c]<<(c*8),range(n)))) 9 | 10 | def getHash(b, k, n): 11 | return bytearray(hashlib.sha256(crodata[(k):(k+n)]).digest()) 12 | 13 | crofn=sys.argv[1] 14 | crrpatchfn=sys.argv[2] 15 | 16 | crodata=bytearray(open(crofn,"rb").read()) 17 | crrdata=bytearray(b'\x00'*0x20*CRR_HASHES) 18 | hash=getHash(crodata,0x00,0x80) 19 | for i in range(0,0x20*CRR_HASHES,0x20): 20 | crrdata[i:(i+0x20)]=hash 21 | open(crrpatchfn,"wb").write(crrdata) 22 | -------------------------------------------------------------------------------- /cn_qr_installer/Makefile: -------------------------------------------------------------------------------- 1 | ifeq ($(strip $(DEVKITARM)),) 2 | $(error "Please set DEVKITARM in your environment. export DEVKITARM=devkitARM") 3 | endif 4 | 5 | ifeq ($(filter $(DEVKITARM)/bin,$(PATH)),) 6 | export PATH:=$(DEVKITARM)/bin:$(PATH) 7 | endif 8 | 9 | SCRIPTS = "../scripts" 10 | NAME = cn_qr_installer 11 | 12 | .PHONY: all 13 | 14 | all: $(NAME).bin.png 15 | 16 | %.bin.png: %.bin 17 | @python $(SCRIPTS)/obfuscator5000.py $< 18 | @python $(SCRIPTS)/crypt.py $< $(SCRIPTS) 19 | @$(SCRIPTS)/qrcode.exe -8 -o $@ < tmp 20 | @rm tmp 21 | 22 | clean: 23 | @rm -f $(NAME).bin $(NAME).bin.png 24 | 25 | -include $(DFILES) 26 | 27 | $(NAME).bin: sploit_proto.bin sploit.s 28 | armips sploit.s 29 | -------------------------------------------------------------------------------- /menu_payload/Makefile: -------------------------------------------------------------------------------- 1 | ifeq ($(strip $(DEVKITARM)),) 2 | $(error "Please set DEVKITARM in your environment. export DEVKITARM=devkitARM") 3 | endif 4 | 5 | ifeq ($(filter $(DEVKITARM)/bin,$(PATH)),) 6 | export PATH:=$(DEVKITARM)/bin:$(PATH) 7 | endif 8 | 9 | ROPBIN_FILENAME_SUFFIX := 10 | 11 | ifeq ($(FIRMVERSION),N3DS) 12 | ROPBIN_FILENAME_SUFFIX := _new3ds.bin 13 | else 14 | ROPBIN_FILENAME_SUFFIX := _old3ds.bin 15 | endif 16 | 17 | ifneq ($(strip $(LOADROPBIN)),) 18 | ROPBIN_CMD := 19 | endif 20 | 21 | SCRIPTS = "../scripts" 22 | 23 | all: menu_payload_loadropbin.bin $(ROPBIN_CMD) 24 | 25 | clean: 26 | @rm -f menu_payload_loadropbin.bin 27 | @echo "all cleaned up !" 28 | 29 | %.bin: %.s 30 | @armips $< 31 | -------------------------------------------------------------------------------- /cn_save_initial_loader/Makefile: -------------------------------------------------------------------------------- 1 | ifeq ($(strip $(DEVKITARM)),) 2 | $(error "Please set DEVKITARM in your environment. export DEVKITARM=devkitARM") 3 | endif 4 | 5 | ifeq ($(filter $(DEVKITARM)/bin,$(PATH)),) 6 | export PATH:=$(DEVKITARM)/bin:$(PATH) 7 | endif 8 | 9 | SCRIPTS = "../scripts" 10 | NAME = cn_save_initial_loader 11 | 12 | .PHONY: all cn_initial/cn_initial.bin 13 | 14 | all: $(NAME).bin 15 | 16 | clean: 17 | @cd cn_initial && make clean 18 | @rm -f $(NAME).bin $(NAME).bin.png 19 | @echo "all cleaned up !" 20 | 21 | -include $(DFILES) 22 | 23 | $(NAME).bin: sploit_proto.bin sploit.s cn_initial/cn_initial.bin 24 | @armips sploit.s 25 | @python $(SCRIPTS)/obfuscator5000.py $< 26 | 27 | cn_initial/cn_initial.bin: 28 | $(MAKE) -C cn_initial 29 | -------------------------------------------------------------------------------- /cn_save_initial_loader/cn_initial/source/types.h: -------------------------------------------------------------------------------- 1 | #ifndef TYPES_H 2 | #define TYPES_H 3 | 4 | #include 5 | #include 6 | 7 | #define U64_MAX UINT64_MAX 8 | 9 | typedef uint8_t u8; 10 | typedef uint16_t u16; 11 | typedef uint32_t u32; 12 | typedef uint64_t u64; 13 | 14 | typedef int8_t s8; 15 | typedef int16_t s16; 16 | typedef int32_t s32; 17 | typedef int64_t s64; 18 | 19 | typedef volatile u8 vu8; 20 | typedef volatile u16 vu16; 21 | typedef volatile u32 vu32; 22 | typedef volatile u64 vu64; 23 | 24 | typedef volatile s8 vs8; 25 | typedef volatile s16 vs16; 26 | typedef volatile s32 vs32; 27 | typedef volatile s64 vs64; 28 | 29 | typedef u32 Handle; 30 | typedef s32 Result; 31 | typedef void (*ThreadFunc)(u32); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /scripts/fixCRO.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import hashlib 3 | 4 | def getWord(b, k, n=4): 5 | return sum(list(map(lambda c: b[k+c]<<(c*8),range(n)))) 6 | 7 | def getHash(b, k, n): 8 | return bytearray(hashlib.sha256(crodata[(k):(k+n)]).digest()) 9 | 10 | crofn=sys.argv[1] 11 | # crrfn=sys.argv[2] 12 | 13 | crodata=bytearray(open(crofn,"rb").read()) 14 | 15 | # print([hex(v) for v in getHash(crodata,getWord(crodata, 0xB0),getWord(crodata, 0xB4))]) 16 | 17 | crodata[0x00:0x20]=getHash(crodata,0x80,getWord(crodata, 0xB0)-0x80) 18 | crodata[0x20:0x40]=getHash(crodata,getWord(crodata, 0xB0),getWord(crodata, 0xB4)) 19 | crodata[0x40:0x60]=getHash(crodata,getWord(crodata, 0xB0)+getWord(crodata, 0xB4),getWord(crodata, 0xB8)-(getWord(crodata, 0xB0)+getWord(crodata, 0xB4))) 20 | 21 | # crrdata=bytearray(open(crrfn,"rb").read()) 22 | # crrdata[0x360:0x380]=getHash(crodata,0x00,0x80) 23 | 24 | open(crofn,"wb").write(crodata) 25 | # open(crrfn,"wb").write(crrdata) 26 | -------------------------------------------------------------------------------- /scripts/makePatches.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import os 3 | sys.path.append(os.path.abspath(os.path.dirname(os.path.abspath(__file__))+"/../build/")) 4 | from constants import * 5 | 6 | os.system("python "+sys.argv[1]+"/extractPatch.py oss_cro/oss.cro oss_cro/out_oss.cro build/cro/patch0.bin "+str(CRO_PATCH0_OFFSET)+" 0x60 full") 7 | os.system("python "+sys.argv[1]+"/extractPatch.py oss_cro/oss.cro oss_cro/out_oss.cro build/cro/patch1.bin "+str(CRO_PATCH1_OFFSET)+" "+str(CRO_PATCH2_OFFSET)) 8 | os.system("python "+sys.argv[1]+"/extractPatch.py oss_cro/oss.cro oss_cro/out_oss.cro build/cro/patch2.bin "+str(CRO_PATCH2_OFFSET)+" "+str(CRO_PATCH3_OFFSET)) 9 | os.system("python "+sys.argv[1]+"/extractPatch.py oss_cro/oss.cro oss_cro/out_oss.cro build/cro/patch3.bin "+str(CRO_PATCH3_OFFSET)+" "+str(CRO_PATCH4_OFFSET)) 10 | os.system("python "+sys.argv[1]+"/extractPatch.py oss_cro/oss.cro oss_cro/out_oss.cro build/cro/patch4.bin "+str(CRO_PATCH4_OFFSET)+" "+str(CRO_SIZE)) 11 | -------------------------------------------------------------------------------- /scripts/obfuscator5000.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import random 3 | import struct 4 | 5 | #crappy obfuscation, but doesn't really cost us anything 6 | 7 | magicWord=0xDEADC0DE 8 | 9 | def getWord(b, k, n=4): 10 | return sum(list(map(lambda c: b[k+c]<<(c*8),range(n)))) 11 | 12 | def putWord(b, k, v): 13 | b[(k):(k+4)]=struct.pack("I",v) 14 | 15 | #todo : remove doubles ? 16 | def findWords(d): 17 | l=[] 18 | for k in range(0,len(d)&~0x3,4): 19 | v=getWord(d,k) 20 | if v!=magicWord and v!=0x0 and (v>>28)!=0xE: 21 | l.append(v) 22 | return l 23 | 24 | def obfuscate(d,l): 25 | for k in range(0,len(d)&~0x3,4): 26 | v=getWord(d,k) 27 | if v==magicWord: 28 | # v=random.choice(l) 29 | v = 0 # disabled obfuscation 30 | putWord(d,k,v) 31 | 32 | data=bytearray(open(sys.argv[1],"rb").read()) 33 | 34 | words=findWords(data) 35 | obfuscate(data,words) 36 | # print("OBFUSCATOR 5000 TEMPORARILY DISABLED") 37 | # print("DO NOT FORGET TO REENABLE") 38 | 39 | open(sys.argv[1], "wb").write(data) 40 | -------------------------------------------------------------------------------- /cn_save_initial_loader/cn_initial/source/crt0.s: -------------------------------------------------------------------------------- 1 | .section ".init" 2 | .arm 3 | .align 4 4 | .global _init 5 | .global _start 6 | 7 | _start: 8 | # blx __libc_init_array 9 | # swi 0xa 10 | 11 | mov r0, #0 12 | mov r1, #0 13 | mov r2, #0 14 | mov r3, #0 15 | mov r4, #0 16 | mov r5, #0 17 | mov r6, #0 18 | mov r7, #0 19 | mov r8, #0 20 | mov r9, #0 21 | mov r10, #0 22 | mov r11, #0 23 | mov r12, #0 24 | mov sp, #0x10000000 25 | blx _main 26 | 27 | _init: 28 | bx lr 29 | 30 | 31 | .global getThreadCommandBuffer 32 | .type getThreadCommandBuffer, %function 33 | getThreadCommandBuffer: 34 | mrc p15, 0, r0, c13, c0, 3 35 | add r0, #0x80 36 | bx lr 37 | 38 | .global svc_exitThread 39 | .type svc_exitThread, %function 40 | svc_exitThread: 41 | svc 0x09 42 | bx lr 43 | 44 | .global svc_sleepThread 45 | .type svc_sleepThread, %function 46 | svc_sleepThread: 47 | svc 0x0A 48 | bx lr 49 | 50 | .global svc_closeHandle 51 | .type svc_closeHandle, %function 52 | svc_closeHandle: 53 | svc 0x23 54 | bx lr 55 | 56 | .global svc_sendSyncRequest 57 | .type svc_sendSyncRequest, %function 58 | svc_sendSyncRequest: 59 | svc 0x32 60 | bx lr 61 | -------------------------------------------------------------------------------- /scripts/buildAll.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import os 3 | import itertools 4 | import buildVersion 5 | 6 | # 0 : firm, 1 : cn, 2 : spider, 3 : ro 7 | 8 | firmVersions=["POST5", "N3DS"] 9 | 10 | extraparams="" 11 | extraparams+=" LOADROPBIN=1" 12 | for arg in sys.argv: 13 | # if(arg=="--enableloadropbin"): 14 | # extraparams+=" LOADROPBIN=1" 15 | if(arg=="--enableotherapp"): 16 | extraparams+=" OTHERAPP=1" 17 | if(arg=="--enablerecovery"): 18 | extraparams+=" RECOVERY=1" 19 | 20 | supportVersions = [] 21 | for v_1, _ in buildVersion.MENU_VERSION_MAP.items(): 22 | for v_2, __ in _.items(): 23 | mset = buildVersion.getMsetVersion((v_1, v_2)) 24 | ro = buildVersion.getRoVersion((v_1, v_2)) 25 | for region, menu in __.items(): 26 | if buildVersion.getMenuVersion((v_1, v_2, None, None, region)) == 'unsupported': 27 | continue 28 | for firm in firmVersions: 29 | v = (firm, region, mset, ro, menu) 30 | if v in supportVersions: 31 | continue 32 | supportVersions.append(v) 33 | 34 | cnt=0 35 | for v in supportVersions: 36 | os.system("make clean") 37 | os.system("make FIRMVERSION="+str(v[0])+" REGION="+str(v[1])+" MSETVERSION="+str(v[2])+" ROVERSION="+str(v[3])+" MENUVERSION="+str(v[4])+extraparams) 38 | print(cnt) 39 | -------------------------------------------------------------------------------- /scripts/makeROP.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import os 3 | sys.path.append(os.path.abspath(os.path.dirname(os.path.abspath(__file__))+"/../build/")) 4 | from constants import * 5 | 6 | def getWord(b, k, n=4): 7 | return sum(list(map(lambda c: b[k+c]<<(c*8),range(n)))) 8 | 9 | def putWord(b, k, v, n=4): 10 | for c in range(n): 11 | b[k+c]=(v>>(c*8))&0xFF 12 | 13 | def writeRelocationPatch(b, i, a, v, s=0x1): 14 | s+=CRO_SEGMENT_OFFSET 15 | k=CRO_PATCH4_OFFSET+i*0xC 16 | putWord(b, k+0x0, (a<<4)|s) 17 | putWord(b, k+0x4, 0x00000302) 18 | putWord(b, k+0x8, v-CRO_RELOCATION_OFFSET) 19 | 20 | ropfn=sys.argv[1] 21 | crofn=sys.argv[2] 22 | outfn=sys.argv[3] 23 | 24 | ropdata=bytearray(open(ropfn,"rb").read()) 25 | crodata=bytearray(open(crofn,"rb").read()) 26 | 27 | #make segment2 just a bit larger so we can modify the segment table with relocation patches 28 | putWord(crodata, CRO_PATCH3_OFFSET, CRO_SEGMENT2_SIZE) 29 | 30 | segmentLocation=getWord(crodata, CRO_PATCH3_OFFSET-0x4) 31 | 32 | #patch to change segment1's address 33 | writeRelocationPatch(crodata, 0, (CRO_PATCH3_OFFSET-0x10)-segmentLocation, RO_ROP_START, 0x2) 34 | 35 | #actual ROP 36 | i=1 37 | for k in range(0,len(ropdata)-4,4): 38 | v=getWord(ropdata,k+4) 39 | if v!=0xDEADBABE: 40 | writeRelocationPatch(crodata, i, k+RO_ROP_OFFSET, v) 41 | i+=1 42 | 43 | #initial return address 44 | writeRelocationPatch(crodata, i, 0x00, getWord(ropdata,0)) 45 | 46 | open(outfn,"wb").write(crodata) 47 | -------------------------------------------------------------------------------- /scripts/relocROP.py: -------------------------------------------------------------------------------- 1 | import sys 2 | from datetime import datetime 3 | import ast 4 | 5 | def outputConstantsH(d): 6 | out="" 7 | out+=("#ifndef CONSTANTS_H")+"\n" 8 | out+=("#define CONSTANTS_H")+"\n" 9 | for k in d: 10 | out+=(" #define "+k[0]+" "+str(k[1]))+"\n" 11 | out+=("#endif")+"\n" 12 | return out 13 | 14 | def outputConstantsS(d): 15 | out="" 16 | for k in d: 17 | out+=(k[0]+" equ ("+str(k[1])+")")+"\n" 18 | return out 19 | 20 | data_fn = sys.argv[1] 21 | 22 | def getWord(b, k, n=4): 23 | return sum(list(map(lambda c: b[k+c]<<(c*8),range(n)))) 24 | 25 | _got_start = None 26 | _got_end = None 27 | _mini_got_start = None 28 | _mini_got_end = None 29 | 30 | for l in sys.stdin: 31 | l = l.split() 32 | adr = int("0x" + l[1], 0) 33 | name = l[-1] 34 | if name == "_got_start": 35 | _got_start = adr 36 | elif name == "_got_end": 37 | _got_end = adr 38 | if name == "_mini_got_start": 39 | _mini_got_start = adr 40 | elif name == "_mini_got_end": 41 | _mini_got_end = adr 42 | 43 | base_adr = 0x00105000 44 | 45 | data = bytearray(open(data_fn, "rb").read()) 46 | 47 | print(".macro relocate") 48 | for i in range(_got_start - base_adr, _got_end - base_adr, 0x4): 49 | val = getWord(data, i) 50 | if val >= base_adr and val < 0x08000000: 51 | print(" add_and_store 0xBABE0007, "+hex(val - base_adr)+", MENU_OBJECT_LOC + appCode - object + "+hex(i)) 52 | for i in range(_mini_got_start - base_adr, _mini_got_end - base_adr, 0x4): 53 | val = getWord(data, i) 54 | if val >= base_adr and val < 0x08000000: 55 | print(" add_and_store 0xBABE0007, "+hex(val - base_adr)+", MENU_OBJECT_LOC + appCode - object + "+hex(i)) 56 | print(".endmacro") 57 | -------------------------------------------------------------------------------- /scripts/blowfish.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import struct 4 | import ctypes 5 | 6 | def getWord(b, k, n=4): 7 | return sum(list(map(lambda c: b[k+c]<<(c*8),range(n)))) 8 | 9 | def loadSP(fn): 10 | f=open(fn,"rb") 11 | 12 | P=[] 13 | for i in range(18): 14 | P.append(struct.unpack("I",f.read(4))[0]) 15 | 16 | S=[[],[],[],[]] 17 | 18 | for i in range(4): 19 | for j in range(256): 20 | S[i].append(struct.unpack("I",f.read(4))[0]) 21 | 22 | f.close() 23 | 24 | return S, P 25 | 26 | # 2 functions stolen from http://felipetonello.com/scripts/python/blowfish.txt 27 | def F(S, P, xl): 28 | a = (xl & 0xFF000000) >> 24 29 | b = (xl & 0x00FF0000) >> 16 30 | c = (xl & 0x0000FF00) >> 8 31 | d = xl & 0x000000FF 32 | return ((S[0][a] + S[1][b]) ^ S[2][c]) + S[3][d]; 33 | 34 | def cipher(S, P, xl, xr, direction): 35 | if direction == 0: #ENCRYPT 36 | for i in range (16): 37 | xl = xl ^ P[i] 38 | xr = F(S,P,xl) ^ xr 39 | xl, xr = xr, xl 40 | xl, xr = xr, xl 41 | xr = xr ^ P[16] 42 | xl = xl ^ P[17] 43 | else: #DECRYPT 44 | for i in range (17, 1, -1): 45 | xl = xl ^ P[i] 46 | xr = F(S,P,xl) ^ xr 47 | xl, xr = xr, xl 48 | xl, xr = xr, xl 49 | xr = xr ^ P[1] 50 | xl = xl ^ P[0] 51 | return xl, xr 52 | 53 | def encrypt(din,dout): 54 | l=len(din) 55 | for k in range(0,l,8): 56 | l=getWord(din,k) 57 | r=getWord(din,k+4) 58 | ret=cipher(S,P,l,r,0) 59 | dout[(k):(k+4)]=struct.pack("I",ret[0]&0xFFFFFFFF) 60 | dout[(k+4):(k+8)]=struct.pack("I",ret[1]&0xFFFFFFFF) 61 | 62 | path="./" 63 | if len(sys.argv)>3: 64 | path=sys.argv[3] 65 | 66 | data=bytearray(open(sys.argv[1],"rb").read()) 67 | 68 | padding=8-(len(data)%8) 69 | for k in range(padding): 70 | data.append(0) 71 | 72 | dataOut=data[:] 73 | (S,P)=loadSP(path+"/blowfish_processed.bin") 74 | encrypt(data,dataOut) 75 | 76 | open(sys.argv[2],"wb").write(dataOut) 77 | -------------------------------------------------------------------------------- /menu_payload/menu_payload_loadropbin.s: -------------------------------------------------------------------------------- 1 | .nds 2 | 3 | .include "../build/constants.s" 4 | 5 | .create "menu_payload_loadropbin.bin",0x0 6 | 7 | .include "menu_include.s" 8 | 9 | MENU_OBJECT_LOC equ 0xBABE0000 ; for relocation 10 | 11 | ; basically we overwrite an object's data to get home menu to do what we want 12 | ; first we overwrite the vtable pointer so that we can get the code to jump to where we want 13 | ; the method we use for that is located at vtable + 0x8 14 | ; with that we can put a in our vtable to our stack pivot 15 | ; our stack pivot works by loading a bunch of registers from [r4] 16 | ; fortunately we know r4 = object + 0x4, so we manufacture our object accordingly 17 | ; and then we get ROP under home menu ! 18 | 19 | .orga 0x0 20 | 21 | object: 22 | .word MENU_OBJECT_LOC + vtable - object ; pointer to manufactured vtable, and new sp 23 | .word ROP_MENU_POP_PC ; pc (pop {pc} to jump to ROP) 24 | 25 | .word 0xDEADCAFE ; filler to avoid having stuff overwritten 26 | .word 0xDEADCAFE ; filler to avoid having stuff overwritten 27 | .word 0xDEADCAFE ; filler to avoid having stuff overwritten 28 | .word 0xDEADCAFE ; filler to avoid having stuff overwritten 29 | 30 | vtable: ; also initial ROP 31 | .word ROP_MENU_POP_R4R5PC ; pop {r4, r5, pc} : skip pivot 32 | .word 0xDEADBABE ; r4 (garbage) 33 | .word ROP_MENU_STACK_PIVOT ; stack pivot ; also r5 (garbage) 34 | rop: 35 | sleep 100*1000000,0 36 | mount_sdmc ROP_MENU_MNT 37 | fopen MENU_LOADEDROP_BUFADR-0x100,ROP_MENU_FNAME,1 38 | fread MENU_LOADEDROP_BUFADR-0x100,MENU_LOADEDROP_BUFADR-0xE0, MENU_LOADEDROP_BUFADR,0x10110 39 | ;gsp_acquire_right 40 | ;send_gx_cmd MENU_OBJECT_LOC + gxCommandGetRopbin - object 41 | ;sleep 10*1000*1000, 0x00000000 42 | ;gsp_release_right 43 | jump_sp MENU_LOADEDROP_BUFADR ; sp 44 | 45 | gxCommandGetRopbin: 46 | ; .fill ((object + 0x60) - .), 0x0 47 | rop_offset: 48 | .word rop - object 49 | 50 | .Close 51 | -------------------------------------------------------------------------------- /scripts/portRopDb.py: -------------------------------------------------------------------------------- 1 | from datetime import datetime 2 | import sys 3 | import ast 4 | 5 | def getWord(b, k, n=4): 6 | return sum(list(map(lambda c: b[k+c]<<(c*8),range(n)))) 7 | 8 | def findPattern(p, t, addr, size): 9 | pattern = [] 10 | if not(isinstance(size, tuple)): 11 | size = (size,) 12 | 13 | skip = False 14 | offset = 0 15 | for s in size: 16 | if skip: 17 | pattern += [None] * s 18 | else: 19 | for i in range(s): 20 | pattern += [getWord(p, addr + (i + offset) * 4, 4)] 21 | offset += s 22 | skip = not(skip) 23 | 24 | size = len(pattern) 25 | 26 | k = 0 27 | # not a perfect pattern search, but most likely good enough 28 | for i in range(0, len(t), 4): 29 | candidate = getWord(t, i, 4) 30 | if candidate == pattern[k] or pattern[k] == None: 31 | if k+1 == size: 32 | return i-k*4 33 | else: 34 | k += 1 35 | elif candidate == pattern[0] or pattern[0] == None: 36 | k = 1 37 | else: 38 | k = 0 39 | return None 40 | 41 | def outputConstantsTxt(d): 42 | out="[\n" 43 | for k in d: 44 | out+="(\""+k[0]+"\", \""+str(k[1])+"\"),\n" 45 | out+="]\n" 46 | return out 47 | 48 | if len(sys.argv)<4: 49 | print("use : "+sys.argv[0]+" ") 50 | exit() 51 | 52 | l = ast.literal_eval(open(sys.argv[-2],"r").read()) 53 | 54 | base = int(sys.argv[3], 0) 55 | proto = bytearray(open(sys.argv[1], "rb").read()) 56 | target = bytearray(open(sys.argv[2], "rb").read()) 57 | 58 | out = [] 59 | 60 | for entry in l: 61 | if len(entry) == 3: 62 | # gadget search 63 | optional = False 64 | (name, in_addr, in_size) = entry 65 | if isinstance(name, tuple): 66 | name = name[0] 67 | optional = True 68 | print(name) 69 | out_addr = findPattern(proto, target, in_addr - base, in_size) 70 | if optional and out_addr == None: 71 | out_addr = 0 72 | out += [(name, hex(out_addr + base))] 73 | if len(entry) == 4: 74 | # const ptr search 75 | (name, in_addr, in_size, in_offset) = entry 76 | print(name) 77 | out_addr = findPattern(proto, target, in_addr - base, in_size) 78 | out_addr = getWord(target, out_addr + in_offset*4, 4) 79 | out += [(name, hex(out_addr))] 80 | 81 | open(sys.argv[-1],"w").write(outputConstantsTxt(out)) 82 | -------------------------------------------------------------------------------- /scripts/makeHeaders.py: -------------------------------------------------------------------------------- 1 | from datetime import datetime 2 | import sys 3 | import ast 4 | 5 | def outputConstantsH(d): 6 | out="" 7 | out+=("#ifndef CONSTANTS_H")+"\n" 8 | out+=("#define CONSTANTS_H")+"\n" 9 | for k in d: 10 | out+=(" #define "+k[0]+" "+str(k[1]))+"\n" 11 | out+=("#endif")+"\n" 12 | return out 13 | 14 | def outputConstantsS(d): 15 | out="" 16 | for k in d: 17 | out+=(k[0]+" equ ("+str(k[1])+")")+"\n" 18 | return out 19 | 20 | def outputConstantsPY(d): 21 | out="" 22 | for k in d: 23 | out+=(k[0]+" = ("+str(k[1])+")")+"\n" 24 | return out 25 | 26 | if len(sys.argv)<8: 27 | print("use : "+sys.argv[0]+" ...") 28 | exit() 29 | 30 | # l=[("_SPIDER_VERSION", sys.argv[3]), 31 | l=[("_RO_VERSION", sys.argv[4])] 32 | l+=[("FIRM_VERSION", "\""+sys.argv[1]+"\""), 33 | ("CN_VERSION", "\""+sys.argv[2]+"\""), 34 | ("MSET_VERSION", sys.argv[3]), 35 | ("RO_VERSION", "\""+sys.argv[4]+"\""), 36 | ("MENU_VERSION", "\""+sys.argv[5]+"\""), 37 | ("REGION", "\""+sys.argv[6]+"\""), 38 | ("REGION_ID", str({"J" : 0, "U" : 1, "E" : 2, "K": 5}[sys.argv[6]])), 39 | ("IS_N3DS", str(1 if sys.argv[1][0:4] == "N3DS" else 0)), 40 | # ("CN_NINJHAX_URL", "\"http://192.168.109.1:8000/\""), 41 | ("CN_NINJHAX_URL", "\"http://smealum.github.io/ninjhax2/JL1Xf2KFVm/beta/p/\""), 42 | ("OUTNAME", "\""+sys.argv[7]+"\"")] 43 | l+=[("CN_%s" % sys.argv[2], "1")] 44 | l+=[("BUILDTIME", "\""+datetime.now().strftime("%Y-%m-%d %H:%M:%S")+"\"")] 45 | l+=[("HAX_NAME_VERSION", "\"*hax 2.9 alpha\"")] 46 | l+=[("HB_NUM_HANDLES", "16")] 47 | 48 | for fn in sys.argv[9:]: 49 | s=open(fn,"r").read() 50 | if len(s)>0: 51 | l+=(ast.literal_eval(s)) 52 | 53 | l+=[("HB_MEM0_ROPBIN_ADDR", "(HB_MEM0_ADDR)")] 54 | l+=[("HB_MEM0_ROPBIN_BKP_ADDR", "(HB_MEM0_ROPBIN_ADDR + 0x10000)")] 55 | l+=[("HB_MEM0_PARAMBLK_ADDR", "(HB_MEM0_ROPBIN_BKP_ADDR + 0x10000)")] 56 | l+=[("HB_MEM0_WAITLOOP_BOTTOM_ADDR", "(HB_MEM0_PARAMBLK_ADDR + MENU_PARAMETER_SIZE)")] 57 | l+=[("HB_MEM0_WAITLOOP_TOP_ADDR", "(HB_MEM0_WAITLOOP_BOTTOM_ADDR + 0x8000)")] 58 | 59 | open(sys.argv[8]+".h","w").write(outputConstantsH(l)) 60 | open(sys.argv[8]+".s","w").write(outputConstantsS(l)) 61 | open(sys.argv[8]+".py","w").write(outputConstantsPY(l)) 62 | -------------------------------------------------------------------------------- /scripts/96crypto_dbgen.py: -------------------------------------------------------------------------------- 1 | # this takes a single argument : the path to the decrypted and decompressed code.bin file for a game 2 | # it outputs the xml file to stdout 3 | # you should place the XML output in a file on your sdcard at the following path : sdmc:/mmap/.xml 4 | # example use : 5 | # python 96crypto_dbgen.py triforce_heroes_demo_code.bin > 0004000000182200.xml 6 | # cp 0004000000182200.xml E:/mmap/0004000000182200.xml 7 | 8 | import sys 9 | import struct 10 | 11 | code_fn = sys.argv[1] 12 | 13 | def getProcessMap(code): 14 | size = len(code) 15 | header = {} 16 | map = [] 17 | 18 | # init 19 | header["text_end"] = 0x00160000 20 | header["data_address"] = 0x00100000 + (size & ~0xfff) - 0x8000 21 | header["data_size"] = 0x0 22 | header["processAppCodeAddress"] = 0x00105000 23 | header["num"] = 0 24 | 25 | # find hook target 26 | # assume second instruction is a jump. if it's not we're fucked anyway so it's ok to ignore that possibility i guess. 27 | header["processHookAddress"] = (((struct.unpack(" 0x0010A000: 29 | header["processAppCodeAddress"] = 0x00105000 30 | else: 31 | header["processAppCodeAddress"] = 0x0010B000 32 | 33 | # figure out the physical memory map 34 | current_size = size 35 | current_offset = 0x00000000 36 | for i in range(3): 37 | mask = 0x000fffff >> (4 * i) 38 | section_size = current_size & (~mask) 39 | if section_size != 0: 40 | if header["num"] == 0: 41 | header["processLinearOffset"] = section_size 42 | current_offset += section_size; 43 | map += [[(0x00100000 + current_offset - section_size - 0x00008000), - (current_offset - header["processLinearOffset"]), section_size]] 44 | header["num"] += 1 45 | current_size -= section_size 46 | 47 | map[0][0] += 0x00008000 48 | map[0][1] += 0x00008000 49 | map[0][2] -= 0x00008000 50 | 51 | return (header, map) 52 | 53 | code_data = open(code_fn, "rb").read() 54 | header, map = getProcessMap(code_data) 55 | 56 | print("
") 57 | for k in header: 58 | print(" <%s>0x%X" % (k, header[k], k)) 59 | print("
") 60 | 61 | print("") 62 | for m in map: 63 | print(" ") 64 | print(" %s" % hex(m[0])) 65 | print(" %s" % hex(m[1])) 66 | print(" %s" % hex(m[2])) 67 | print(" ") 68 | print("") 69 | -------------------------------------------------------------------------------- /cn_save_initial_loader/cn_initial/Makefile: -------------------------------------------------------------------------------- 1 | ifeq ($(strip $(DEVKITARM)),) 2 | $(error "Please set DEVKITARM in your environment. export DEVKITARM=devkitARM") 3 | endif 4 | 5 | ifeq ($(filter $(DEVKITARM)/bin,$(PATH)),) 6 | export PATH:=$(DEVKITARM)/bin:$(PATH) 7 | endif 8 | 9 | CC = arm-none-eabi-gcc 10 | # LINK = arm-none-eabi-gcc 11 | LINK = arm-none-eabi-ld 12 | AS = arm-none-eabi-as 13 | OBJCOPY = arm-none-eabi-objcopy 14 | CFLAGS += -Wall -std=c99 -fno-tree-loop-distribute-patterns -march=armv6 -mthumb -Os -I$(DEVKITPRO)/libnds/include 15 | LDFLAGS += --script=ccd00.ld -L"$(DEVKITARM)/arm-none-eabi/lib" -L"$(CTRULIB)/lib" -Map=output.map 16 | 17 | ifneq ($(strip $(QRINSTALLER)),) 18 | CFLAGS += -DQRINSTALLER=1 19 | endif 20 | 21 | CFILES = $(wildcard source/*.c) 22 | BINFILES = $(wildcard data/*.bin) 23 | OFILES = $(BINFILES:data/%.bin=build/%.bin.o) 24 | OFILES += $(CFILES:source/%.c=build/%.o) 25 | DFILES = $(CFILES:source/%.c=build/%.d) 26 | SFILES = $(wildcard source/*.s) 27 | OFILES += $(SFILES:source/%.s=build/%.o) 28 | PROJECTNAME = ${shell basename "$(CURDIR)"} 29 | CWD = "$(CURDIR)"" 30 | 31 | #--------------------------------------------------------------------------------- 32 | # canned command sequence for binary data, taken from devkitARM 33 | #--------------------------------------------------------------------------------- 34 | define bin2o 35 | bin2s $< | $(AS) -o $(@) 36 | echo "extern const u8" `(echo $( source/`(echo $(> source/`(echo $(> source/`(echo $( build/$*.d 64 | 65 | build/%.o: source/%.s 66 | $(CC) $(CFLAGS) -c $< -o $@ 67 | @$(CC) -MM $< > build/$*.d 68 | 69 | build/%.bin.o: data/%.bin 70 | @echo $(notdir $<) 71 | @$(bin2o) 72 | -------------------------------------------------------------------------------- /scripts/crypt.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import struct 4 | import ctypes 5 | import compress 6 | #compress.py from https://github.com/magical/nlzss/blob/master/compress.py 7 | #slightly modified padding 8 | 9 | def getWord(b, k, n=4): 10 | return sum(list(map(lambda c: b[k+c]<<(c*8),range(n)))) 11 | 12 | def loadSP(fn): 13 | f=open(fn,"rb") 14 | 15 | P=[] 16 | for i in range(18): 17 | P.append(struct.unpack("I",f.read(4))[0]) 18 | 19 | S=[[],[],[],[]] 20 | 21 | for i in range(4): 22 | for j in range(256): 23 | S[i].append(struct.unpack("I",f.read(4))[0]) 24 | 25 | f.close() 26 | 27 | return S, P 28 | 29 | # 2 functions stolen from http://felipetonello.com/scripts/python/blowfish.txt 30 | def F(S, P, xl): 31 | a = (xl & 0xFF000000) >> 24 32 | b = (xl & 0x00FF0000) >> 16 33 | c = (xl & 0x0000FF00) >> 8 34 | d = xl & 0x000000FF 35 | return ((S[0][a] + S[1][b]) ^ S[2][c]) + S[3][d]; 36 | 37 | def cipher(S, P, xl, xr, direction): 38 | if direction == 0: #ENCRYPT 39 | for i in range (16): 40 | xl = xl ^ P[i] 41 | xr = F(S,P,xl) ^ xr 42 | xl, xr = xr, xl 43 | xl, xr = xr, xl 44 | xr = xr ^ P[16] 45 | xl = xl ^ P[17] 46 | else: #DECRYPT 47 | for i in range (17, 1, -1): 48 | xl = xl ^ P[i] 49 | xr = F(S,P,xl) ^ xr 50 | xl, xr = xr, xl 51 | xl, xr = xr, xl 52 | xr = xr ^ P[1] 53 | xl = xl ^ P[0] 54 | return xl, xr 55 | 56 | def encrypt(din,dout): 57 | l=len(din) 58 | for k in range(0,l,8): 59 | l=getWord(din,k) 60 | r=getWord(din,k+4) 61 | ret=cipher(S,P,l,r,0) 62 | dout[(k):(k+4)]=struct.pack("I",ret[0]&0xFFFFFFFF) 63 | dout[(k+4):(k+8)]=struct.pack("I",ret[1]&0xFFFFFFFF) 64 | 65 | def calcCRC(d): 66 | l=len(d) 67 | R3=0x04C11DB7 68 | R0=0xFFFFFFFF 69 | for R2 in range(l): 70 | R1=d[R2] 71 | R0=R0^(R1<<24) 72 | for R1 in range(8): 73 | if R0&0x80000000==0: 74 | R0=R0<<1 75 | else: 76 | R0=R3^(R0<<1) 77 | R0=R0&0xFFFFFFFF 78 | return ctypes.c_uint(~R0).value 79 | 80 | path="./" 81 | if len(sys.argv)>2: 82 | path=sys.argv[2] 83 | 84 | data=bytearray(open(sys.argv[1],"rb").read()) 85 | padding=compress.compress(data, open("tmp","wb")) 86 | 87 | cdata=bytearray(open("tmp","rb").read()) 88 | crc=calcCRC(cdata[0:(len(cdata)-padding)]) 89 | 90 | data=bytearray(len(cdata)+7) 91 | data[0x7:(0x7+len(cdata))]=cdata[:] 92 | data[0x3]=(crc)&0xFF 93 | data[0x4]=(crc>>8)&0xFF 94 | data[0x5]=(crc>>16)&0xFF 95 | data[0x6]=(crc>>24)&0xFF 96 | 97 | #data[0x1] and data[0x2] : unused ? 98 | 99 | data[0x0]=0x80|(padding&0x7) 100 | 101 | dataOut=data[:] 102 | 103 | (S,P)=loadSP(path+"/blowfish_processed.bin") 104 | encrypt(data,dataOut) 105 | 106 | #weird quirk 107 | l=len(dataOut) 108 | v=dataOut[0x00] 109 | dataOut[0x00]=dataOut[0x01] 110 | dataOut[0x01]=dataOut[l-1] 111 | dataOut[l-1]=v 112 | 113 | # v=len(data) 114 | # l=[] 115 | # while v!=0x00: 116 | # l.insert(0,v&0xf) 117 | # v=v>>4 118 | # if len(l)%2!=0: 119 | # l.insert(0,0x0) 120 | # l.insert(0,0x4) 121 | 122 | # v=0 123 | # for k in range(1,len(l),2): 124 | # dataOut.insert(0,(l[k]<<4)|l[k+1]) 125 | # dataOut.insert(0,0x04) 126 | 127 | # l=len(dataOut) 128 | # dataQr=dataOut[:] 129 | # for k in range(1,l-1): 130 | # dataQr[k-1]=(((dataOut[k-1]&0xF)<<4)|((dataOut[k]>>4)&0xF)) 131 | # open(sys.argv[1]+".out","wb").write(dataQr) 132 | 133 | open("debug","wb").write(data) 134 | open("tmp","wb").write(dataOut) 135 | # os.system(path+"/qrcode.exe -8 -o "+sys.argv[1]+".png < tmp") 136 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | ifeq ($(strip $(DEVKITARM)),) 2 | $(error "Please set DEVKITARM in your environment. export DEVKITARM=devkitARM") 3 | endif 4 | 5 | ifeq ($(filter $(DEVKITARM)/bin,$(PATH)),) 6 | export PATH:=$(DEVKITARM)/bin:$(PATH) 7 | endif 8 | 9 | ifeq ($(REGION), J) 10 | CNVERSION = JPN 11 | else 12 | CNVERSION = WEST 13 | endif 14 | 15 | export FIRMVERSION 16 | export CNVERSION 17 | export REGION 18 | export ROVERSION 19 | export MSETVERSION 20 | export MENUVERSION 21 | export LOADROPBIN 22 | export OTHERAPP 23 | export UDSPLOIT 24 | export QRINSTALLER 25 | 26 | ROPDB_VERSIONS = 11272 12288 13330 14336 15360 16404 17415 19456 20480 21504 22528 23554 24576 25600 26624 20480_usa 21504_usa 22528_usa 23552_usa 24578_usa 25600_usa 26624_usa 27648_usa 6166_kor 7175_kor 8192_kor 9216_kor 10240_kor 11266_kor 12288_kor 13312_kor 14336_kor 15361_kor 27 | ROPDB_TARGETS = $(addsuffix _ropdb.txt, $(addprefix menu_ropdb/, $(ROPDB_VERSIONS))) 28 | 29 | OUTNAME = $(FIRMVERSION)_$(REGION)_$(MENUVERSION)_$(MSETVERSION) 30 | 31 | QRCODE_TARGET0 := q/$(OUTNAME).png 32 | 33 | SCRIPTS = "scripts" 34 | 35 | .PHONY: directories all menu_ropdb build/constants firm_constants/constants.txt cn_constants/constants.txt region_constants/constants.txt menu_ropdb/ropdb.txt menu_payload/menu_payload_loadropbin.bin cn_save_initial_loader/cn_save_initial_loader.bin cn_qr_installer/cn_qr_installer.bin.png 36 | 37 | all: directories build/constants build/cn_save_initial_loader.bin $(QRCODE_TARGET0) 38 | directories: 39 | @mkdir -p build 40 | @mkdir -p q 41 | 42 | menu_ropdb: $(ROPDB_TARGETS) 43 | 44 | menu_ropdb/%_ropdb.txt: menu_ropdb/17415_ropdb_proto.txt 45 | @echo building ropDB for menu version $*... 46 | @python scripts/portRopDb.py menu_17415_code.bin menu_$*_code.bin 0x00100000 menu_ropdb/17415_ropdb_proto.txt menu_ropdb/$*_ropdb.txt 47 | 48 | firm_constants/constants.txt: 49 | @cd firm_constants && make 50 | cn_constants/constants.txt: 51 | @cd cn_constants && make 52 | region_constants/constants.txt: 53 | @cd region_constants && make 54 | menu_ropdb/ropdb.txt: menu_ropdb/$(MENUVERSION)_ropdb.txt 55 | @cd menu_ropdb && make 56 | 57 | build/constants: firm_constants/constants.txt cn_constants/constants.txt region_constants/constants.txt menu_ropdb/ropdb.txt 58 | @python $(SCRIPTS)/makeHeaders.py $(FIRMVERSION) $(CNVERSION) $(MSETVERSION) $(ROVERSION) $(MENUVERSION) $(REGION) $(OUTNAME) build/constants $^ 59 | @cd menu_payload && make 60 | @cp menu_payload/menu_payload_loadropbin.bin cn_save_initial_loader/cn_initial/data/ 61 | 62 | q/$(OUTNAME).png: build/cn_qr_installer.bin.png 63 | @cp build/cn_qr_installer.bin.png q/$(OUTNAME).png 64 | 65 | build/cn_save_initial_loader.bin: cn_save_initial_loader/cn_save_initial_loader.bin 66 | @cp cn_save_initial_loader/cn_save_initial_loader.bin build 67 | @cp cn_save_initial_loader/cn_save_initial_loader.bin cn_qr_installer/ 68 | cn_save_initial_loader/cn_save_initial_loader.bin: 69 | @cd cn_save_initial_loader && make 70 | @cp cn_save_initial_loader/cn_save_initial_loader.bin cn_qr_installer/data.bin 71 | 72 | build/cn_qr_installer.bin.png: cn_qr_installer/cn_qr_installer.bin.png 73 | @cd cn_qr_installer && make 74 | @cp cn_qr_installer/cn_qr_installer.bin.png build 75 | 76 | clean: 77 | @rm -rf build/* 78 | @cd firm_constants && make clean 79 | @cd cn_constants && make clean 80 | @cd region_constants && make clean 81 | @cd menu_ropdb && make clean 82 | @cd cn_qr_installer && make clean 83 | @cd cn_save_initial_loader && make clean 84 | @cd menu_payload && make clean 85 | @echo "all cleaned up !" 86 | -------------------------------------------------------------------------------- /cn_constants/WEST/constants.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("CN_GSPHEAP", "0x14000000"), 3 | 4 | ("CN_FSHANDLE_ADR", "0x00334828"), 5 | 6 | ("CN_GSPHANDLE_ADR", "0x00334F28"), 7 | ("CN_GSPSHAREDBUF_ADR", "(0x356208+0x58)"), 8 | 9 | ("CN_SRVHANDLE_ADR", "0x00334F6C"), 10 | 11 | ("CN_APTLOCKHANDLE_ADR", "0x00334720"), 12 | 13 | ("CN_HIDMEMHANDLE_ADR", "0x0034EC98"), 14 | ("CN_GSPMEMHANDLE_ADR", "0x00356254"), 15 | 16 | ("CN_DATABSS_START", "(0x0031A000)"), 17 | ("CN_DATABSS_SIZE", "(0x2773C+0x20070)"), 18 | 19 | ("CN_HEAPSIZE", "0x01d9a000"), 20 | 21 | ("CN_GSPGPU_FlushDataCache_ADR", "0x002D15D4"), 22 | ("CN_nn__gxlow__CTR__CmdReqQueueTx__TryEnqueue", "0x001C2B54"), 23 | 24 | ("CN_INITIALCODE_OFFSET", "0x001D9700"), 25 | 26 | #for QR code menu crash 27 | ("CN_STACKPAYLOADADR_SAVE", "0x0FFFFA64"), 28 | ("CN_HEAPPAYLOADADR_SAVE", "0x8E3D968"), 29 | # for edit => my data menu crash 30 | # ("CN_STACKPAYLOADADR_SAVE", "0x0FFFFC5C"), 31 | # ("CN_HEAPPAYLOADADR_SAVE", "0x8F1D9C8"), 32 | 33 | ("CN_STACKPAYLOADADR", "0x0FFFFA64"), 34 | ("CN_HEAPPAYLOADADR", "0x8E3D968"), 35 | 36 | ("CN_CODELOCATIONPAOFF", "(0x100000)"), 37 | ("CN_CODELOCATIONGSP", "(CN_GSPHEAP+CN_CODELOCATIONPAOFF)"), 38 | 39 | ("CN_TOPFBADR1", "(0x1444B9C0)"), 40 | ("CN_TOPFBADR2", "(0x14491EE0)"), 41 | 42 | ("CN_TOTALPAGES", "0x262"), 43 | ("CN_ADDPAGES", "0x0"), 44 | ("CN_NEWTOTALPAGES", "(CN_TOTALPAGES+CN_ADDPAGES)"), 45 | ("CN_ALLOCPAGES_ADR", "0x138F0000"), 46 | 47 | ("CN_BOOTLOADER_LOC", "0x00100000"), 48 | ("CN_MENULOADER_LOC", "0x00101000"), 49 | ("CN_ARGSETTER_LOC", "0x00102000"), 50 | ("CN_ARGCV_LOC", "0x00103000"), 51 | ("CN_HBHANDLE_LOC", "0x00106000"), 52 | ("CN_SERVICESTRUCT_LOC", "0x00107000"), 53 | 54 | ("CN_3DSX_LOADADR", "0x00108000"), 55 | ("CN_TOTAL3DSXPAGES", "(CN_NEWTOTALPAGES-(CN_3DSX_LOADADR-0x00100000)/0x1000)"), 56 | 57 | 58 | ("CN_CODELOCATIONVA", "(CN_HEAPPAYLOADADR+codePatch-ROP)"), 59 | ("CN_GXCOMMAND_ADR", "(CN_GSPHEAP+0x000F0000)"), 60 | ("CN_TMPVAR_ADR", "(CN_GSPHEAP+0x000E0000)"), 61 | 62 | ("CN_QRBUFPTR", "(0x0FFFE358)"), 63 | 64 | ("ROP_CN_POP_PC", "(0x002D573C)"), 65 | ("ROP_CN_POP_R0PC", "(0x002c9628)"), 66 | ("ROP_CN_POP_R1PC", "(0x00226734)"), 67 | ("ROP_CN_POP_R2R3R4PC", "(0x0020b8e8)"), 68 | ("ROP_CN_POP_R4R5R6R7R8R9R10R11PC", "(0x001203b4)"), 69 | ("ROP_CN_POP_R3PC", "(0x001bbeb8)"), 70 | ("ROP_CN_POP_R4PC", "(0x001dd630)"), 71 | ("ROP_CN_POP_R4LR_BX_R3", "(0x00106eb8)"), 72 | 73 | ("ROP_CN_CMP_R0x0_MVNNE_R0x0_MOVEQ_R0R4_POP_R4R5R6PC", "(0x0010059c)"), 74 | ("ROP_CN_ADD_R0R4_POP_R4PC", "(0x001e2c08)"), 75 | ("ROP_CN_LDR_R0R0_POP_R4PC", "(0x001dd62c)"), 76 | ("ROP_CN_STR_R0R4_POP_R4PC", "(0x001fb820)"), 77 | 78 | ("ROP_CN_POP_R3_ADD_SPR3_POP_PC", "(0x001001c8)"), 79 | 80 | ("ROP_CN_NOP", "ROP_CN_POP_PC"), 81 | 82 | ("CN_MEMCPY", "(0x00224FB0)"), 83 | ("CN_SLEEP", "(0x00293D14)"), 84 | ("CN_FSOPENFILEDIRECTLY", "(0x00299154)"), 85 | ("CN_FSOPENARCHIVE", "(0x002BA0EC)"), 86 | ("CN_FSOPENFILE", "(0x001BCB24)"), 87 | ("CN_FSFILEWRITE", "(0x001BCC70)"), 88 | ("CN_FSFILECLOSE", "(0x001BCC18)"), 89 | ("CN_FSCONROLARCHIVE", "(0x002990F0)"), 90 | ("CN_FSCLOSEARCHIVE", "(0x002BA14C)"), 91 | 92 | ("CN_STACKRESTORE_SP", "0x0FFFFA64"), 93 | ("CN_STACKRESTORE_RETADDR", "0x001EFC98"), 94 | ("CN_STACKRESTORE_R9", "0x00341628"), 95 | ("CN_STACKRESTORE_R10", "0x003416E0"), 96 | 97 | ("CN_SECONDARYROP_DST", "(0x09800000)"), 98 | ("CN_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "(0x356208)"), 99 | ("CN_GSPGPU_GXTRYENQUEUE", "(0x001C2B54)"), 100 | ("CN_CODEBIN_SIZE", "(0x00242000)"), 101 | ("CN_RANDCODEBIN_COPY_BASE", "(CN_GSPHEAP + 0x01C00000)"), 102 | ("CN_RANDCODEBIN_BASE", "(CN_GSPHEAP + FIRM_APPMEMALLOC - CN_CODEBIN_SIZE)"), 103 | ("CN_SCANLOOP_CURPTR", "(CN_TMPVAR_ADR)"), 104 | ("CN_SCANLOOP_STRIDE", "(0x000001000)"), 105 | 106 | ("CN_SCANLOOP_MAGICVAL", "(0xEB000008)"), 107 | ("CN_SCANLOOP_TARGETCODE", "(0x00100000)"), 108 | ("CN_APPEXIT", "(0x002852F8)"), 109 | ] 110 | -------------------------------------------------------------------------------- /cn_constants/JPN/constants.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("CN_GSPHEAP", "0x14000000"), 3 | 4 | ("CN_FSHANDLE_ADR", "0x00341378"), 5 | 6 | ("CN_GSPHANDLE_ADR", "0x00341A78"), 7 | ("CN_GSPSHAREDBUF_ADR", "(0x362DA8+0x58)"), 8 | 9 | ("CN_SRVHANDLE_ADR", "0x00341AC0"), 10 | 11 | ("CN_APTLOCKHANDLE_ADR", "0x00341258"), 12 | 13 | ("CN_HIDMEMHANDLE_ADR", "0x0035B7C0"), 14 | ("CN_GSPMEMHANDLE_ADR", "0x00362DF4"), 15 | 16 | ("CN_DATABSS_START", "(0x00324000)"), 17 | ("CN_DATABSS_SIZE", "(0x0002A2A8+0x000200C4)"), 18 | 19 | ("CN_HEAPSIZE", "0x01D8D000"), 20 | 21 | ("CN_GSPGPU_FlushDataCache_ADR", "0x002DAAC4"), 22 | ("CN_nn__gxlow__CTR__CmdReqQueueTx__TryEnqueue", "0x001C5B1C"), 23 | 24 | # careful about that as this address does contain some code/data 25 | ("CN_INITIALCODE_OFFSET", "0x00080000"), 26 | 27 | #for QR code menu crash 28 | ("CN_STACKPAYLOADADR_SAVE", "0x0FFFFA64"), 29 | ("CN_HEAPPAYLOADADR_SAVE", "0x8E3D968"), 30 | # for edit => my data menu crash 31 | # ("CN_STACKPAYLOADADR_SAVE", "0x0FFFFC5C"), 32 | # ("CN_HEAPPAYLOADADR_SAVE", "0x8F1D9C8"), 33 | 34 | ("CN_STACKPAYLOADADR", "0x0FFFFA64"), 35 | ("CN_HEAPPAYLOADADR", "0x8E3D928"), 36 | 37 | ("CN_CODELOCATIONPAOFF", "(0x100000)"), 38 | ("CN_CODELOCATIONGSP", "(CN_GSPHEAP+CN_CODELOCATIONPAOFF)"), 39 | 40 | ("CN_TOPFBADR1", "(0x1444B9C0)"), 41 | ("CN_TOPFBADR2", "(0x14491EE0)"), 42 | 43 | ("CN_TOTALPAGES", "0x26F"), 44 | ("CN_ADDPAGES", "0x0"), 45 | ("CN_NEWTOTALPAGES", "(CN_TOTALPAGES+CN_ADDPAGES)"), 46 | ("CN_ALLOCPAGES_ADR", "0x138F0000"), 47 | 48 | ("CN_BOOTLOADER_LOC", "0x00100000"), 49 | ("CN_MENULOADER_LOC", "0x00101000"), 50 | ("CN_ARGSETTER_LOC", "0x00102000"), 51 | ("CN_ARGCV_LOC", "0x00103000"), 52 | ("CN_HBHANDLE_LOC", "0x00106000"), 53 | ("CN_SERVICESTRUCT_LOC", "0x00107000"), 54 | 55 | ("CN_3DSX_LOADADR", "0x00108000"), 56 | ("CN_TOTAL3DSXPAGES", "(CN_NEWTOTALPAGES-(CN_3DSX_LOADADR-0x00100000)/0x1000)"), 57 | 58 | 59 | ("CN_CODELOCATIONVA", "(CN_HEAPPAYLOADADR+codePatch-ROP)"), 60 | ("CN_GXCOMMAND_ADR", "(CN_GSPHEAP+0x000F0000)"), 61 | ("CN_TMPVAR_ADR", "(CN_GSPHEAP+0x000E0000)"), 62 | 63 | ("CN_QRBUFPTR", "(0x0FFFE368)"), 64 | 65 | ("ROP_CN_POP_PC", "(0x2dec2c)"), 66 | ("ROP_CN_POP_R0PC", "(0x2da4b4)"), 67 | ("ROP_CN_POP_R1PC", "(0x22b2bc)"), 68 | ("ROP_CN_POP_R2R3R4PC", "(0x0021049c)"), 69 | ("ROP_CN_POP_R4R5R6R7R8R9R10R11PC", "(0x210460)"), 70 | ("ROP_CN_POP_R3PC", "(0x2de240)"), 71 | ("ROP_CN_POP_R4PC", "(0x2de28c)"), 72 | ("ROP_CN_POP_R4LR_BX_R3", "(0x00106ee8)"), 73 | 74 | ("ROP_CN_CMP_R0x0_MVNNE_R0x0_MOVEQ_R0R4_POP_R4R5R6PC", "(0x1005a4)"), 75 | ("ROP_CN_ADD_R0R4_POP_R4PC", "(0x1e5ab0)"), 76 | ("ROP_CN_LDR_R0R0_POP_R4PC", "(0x272788)"), 77 | ("ROP_CN_STR_R0R4_POP_R4PC", "(0x28f180)"), 78 | 79 | ("ROP_CN_POP_R3_ADD_SPR3_POP_PC", "(0x001001c8)"), 80 | 81 | ("ROP_CN_NOP", "ROP_CN_POP_PC"), 82 | 83 | ("CN_MEMCPY", "(0x00229B38)"), 84 | ("CN_SLEEP", "(0x0029D7DC)"), 85 | ("CN_FSOPENARCHIVE", "(0x002C388C)"), 86 | ("CN_FSOPENFILE", "(0x001C0F38)"), 87 | ("CN_FSFILEWRITE", "(0x001C1084)"), 88 | ("CN_FSFILECLOSE", "(0x001C102C)"), 89 | ("CN_FSCONROLARCHIVE", "(0x002A2BF0)"), 90 | ("CN_FSCLOSEARCHIVE", "(0x001F02A8)"), 91 | 92 | ("CN_STACKRESTORE_SP", "0x0FFFFA64"), 93 | ("CN_STACKRESTORE_RETADDR", "0x001F42DC"), 94 | ("CN_STACKRESTORE_R9", "0x0034E194"), 95 | ("CN_STACKRESTORE_R10", "0x0034E24C"), 96 | 97 | ("CN_SECONDARYROP_DST", "(0x09800000)"), 98 | ("CN_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "(0x362DA8)"), 99 | ("CN_GSPGPU_GXTRYENQUEUE", "(CN_nn__gxlow__CTR__CmdReqQueueTx__TryEnqueue)"), 100 | ("CN_CODEBIN_SIZE", "(0x0024F000)"), 101 | ("CN_RANDCODEBIN_COPY_BASE", "(CN_GSPHEAP + 0x01C00000)"), 102 | ("CN_RANDCODEBIN_BASE", "(CN_GSPHEAP + FIRM_APPMEMALLOC - CN_CODEBIN_SIZE)"), 103 | ("CN_SCANLOOP_CURPTR", "(CN_TMPVAR_ADR)"), 104 | ("CN_SCANLOOP_STRIDE", "(0x000001000)"), 105 | 106 | ("CN_SCANLOOP_MAGICVAL", "(0xEB000008)"), 107 | ("CN_SCANLOOP_TARGETCODE", "(0x00100000)"), 108 | ("CN_APPEXIT", "(0x0028edc8)"), 109 | ] 110 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ninjhax2-dx 2 | Based on: https://github.com/smealum/ninjhax2.x 3 | 4 | This is a fork of ninjhax2x that restores 1 QR scanning functionality for the latest 3DS firmwares. Due to Nintendo removing the http:C and soc:U services from Cubic Ninja in firmware 11.0 as a half-hearted anti-homebrew measure, developer Smealum crafted a clever workaround involving scanning up to 16 QRs in a single session to download the necessary 30KB payload file through the camera instead of online. 5 | 6 | This version aims to improve on that method by cramming the necessary home menu takover code into a single QR code and installing it into a tiny save file on Cubic Ninja. This exploited QR payload data further loads a menuhax ropbin from sdmc that finishes the hbmenu loading process (these are similar to the popular otherapp files). 7 | # Directions 8 | Prep: You need a USA, EUR, or JPN old/new 3DS and a copy of Cubic Ninja for your particular region. USA/JPN supports 11.7.0-XX -> latest firmware and EUR supports 11.10.0-XX -> latest firmware. If you are below these minimums, you can internet update (although check online if the latest firmware is still safe for homebrew. As of June 2022 and firm 11.15.0-XX, it is still safe). There are also a few cartridge games that can update you to the minimum firm level, but they are rare (nonexistant for Europe). 9 | 10 | 1) Download the following files and place them on your sdmc card where indicated: 11 | - sdmc:/Nintendo 3DS/ (this already on your 3DS -- its just for your reference on where everything else goes) 12 | - sdmc:/Launcher.dat (from https://github.com/zoogie/ninjhax2-dx/releases) 13 | - sdmc:/boot.3dsx (from https://github.com/LumaTeam/Luma3DS/releases) 14 | - sdmc:/boot.firm (also from https://github.com/LumaTeam/Luma3DS/releases) 15 | - sdmc:/boot9strap/boot9strap.firm (from https://github.com/SciresM/boot9strap/releases) 16 | - sdmc:/boot9strap/boot9strap.firm.sha (also from https://github.com/SciresM/boot9strap/releases) 17 | - sdmc:/3DS/uloader.3dsx (from https://github.com/zoogie/uloader/releases) 18 | - sdmc:/SafeB9Sinstaller.bin (from https://github.com/d0k3/SafeB9SInstaller/releases) 19 | 20 | 2) Go to https://zoogie.github.io/web/nh2dx/ and select the proper QR in the table, then scan it with Cubic Ninja's level editor (from Menu, select Create -> QR Code -> Scan QR Code). The game should briefly freeze, quit and fall back to home menu if the exploit installed correctly (without errors). Now, just reboot Cubic Ninja, and repeat the QR scan instructions. The hbmenu should load. It may fail about 25% of the time, this is normal. Just turn the system off and try again if it freezes. 21 | 22 | 3) Select the uloader.3dsx app from then homebrew menu. Follow the on screen prompts and you should then have full cfw! 23 | 24 | 4) Go to https://3ds.hacks.guide/finalizing-setup.html to get a more thorough setup on your 3DS. Enjoy! 25 |
26 | * BONUS - Optional Lite version: You can also run a version of Ninjhax2 DX that doesn't install anything to the savegame, it just boots the hbmenu once per scan. Use https://zoogie.github.io/web/nh2dx/lite.html for that option. The directions are the same except the hbmenu loads when the QR scans vs. the game falling back to home menu, and no need to reboot the game unless you want to run the exploit again. 27 | 28 | * Note: If you encounter a situtation where the exploit doesn't work after repeated tries or you scan the wrong QR, you can delete Cubic Ninja's savegame. At the "Menu" screen, hold L+R+X+Y for a few seconds until a prompt comes up. Then select YES twice to uninstall the hax/savegame. 29 | 30 | * Note2: If you run this exploit and encounter a black "An exception occurred" screen with a lot of numbers on both screens, then this means you already have boot9strap cfw, and you shouldn't be running userland (basic) homebrew exploits like Ninjhax. 31 | 32 | # Thanks 33 | * Smealum - for Ninjhax, libctru and many other cool 3DS things over the years 34 | * Luigoalma - there's no obscure compiler error that this foxo can't fix! 35 | * Everyone - best developer ever :p 36 | -------------------------------------------------------------------------------- /menu_ropdb/10240_kor_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157848"), 4 | ("ROP_MENU_POP_R1PC", "0x236e0c"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15043c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2e4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 14 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 15 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5fc"), 16 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1f0"), 17 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15512c"), 18 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195918"), 19 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b2c4"), 20 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 21 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af78"), 22 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f174"), 23 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204594"), 24 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13383c"), 25 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7dd8"), 26 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 27 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e5d8"), 28 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7478"), 29 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e9b4"), 30 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 31 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f31c"), 32 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11873c"), 33 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 34 | ("ROP_MENU_SLEEPTHREAD", "0x12b070"), 35 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11873c"), 36 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afec"), 37 | ("ROP_MENU_CONTROLMEMORY", "0x2354fc"), 38 | ("ROP_MENU_CONNECTTOPORT", "0x118724"), 39 | ("ROP_MENU_APT_OPENSESSION", "0x236560"), 40 | ("ROP_MENU_APT_CLOSESESSION", "0x2364f0"), 41 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e55c"), 42 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6cc"), 43 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f7c"), 44 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8fc"), 45 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139368"), 46 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139420"), 47 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a40c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x22772c"), 49 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2276e4"), 50 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9c0"), 51 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9f0"), 52 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e758"), 53 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea28"), 54 | ("ROP_MENU_APT_ISREGISTERED", "0x2220c8"), 55 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180430"), 56 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aadc"), 57 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a83c"), 58 | ("ROP_MENU_NSS_REBOOT", "0x1373bc"), 59 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x23101c"), 60 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e048"), 61 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138eb8"), 62 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bc1c"), 63 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517f0"), 64 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217d44"), 65 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d94"), 66 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a40"), 67 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4d8"), 68 | ("ROP_MENU_SRV_SUBSCRIBE", "0x2157d0"), 69 | ("ROP_MENU_SRV_GETHANDLE", "0x10f62c"), 70 | ("ROP_MENU_MEMCPY", "0x235a8c"), 71 | ("ROP_MENU_MOUNTSDMC", "0x118b94"), 72 | ("ROP_MENU_FOPEN", "0x22b890"), 73 | ("ROP_MENU_FWRITE", "0x220b20"), 74 | ("ROP_MENU_FSEEK", "0x2212ac"), 75 | ("ROP_MENU_FCLOSE", "0x22f628"), 76 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 77 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 78 | ("MENU_CFGS_HANDLE", "0x33c280"), 79 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 80 | ("MENU_NSS_HANDLE", "0x32e040"), 81 | ("MENU_APT_HANDLE", "0x32e9cc"), 82 | ("MENU_FS_HANDLE", "0x32dfd8"), 83 | ("MENU_SRV_HANDLE", "0x33b14c"), 84 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 85 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 86 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 87 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 88 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 89 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 90 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 91 | ] 92 | -------------------------------------------------------------------------------- /menu_ropdb/11266_kor_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157950"), 4 | ("ROP_MENU_POP_R1PC", "0x2371b8"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150544"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3ec"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 14 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 15 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 16 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2fc"), 17 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155234"), 18 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a40"), 19 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 20 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 21 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 22 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 23 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204948"), 24 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 25 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8104"), 26 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 27 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e968"), 28 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75a0"), 29 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eac0"), 30 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 31 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f74c"), 32 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 33 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 34 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 35 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 36 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 37 | ("ROP_MENU_CONTROLMEMORY", "0x2358a8"), 38 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 39 | ("ROP_MENU_APT_OPENSESSION", "0x23690c"), 40 | ("ROP_MENU_APT_CLOSESESSION", "0x23689c"), 41 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 42 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 43 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x146088"), 44 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 45 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 46 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 47 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227adc"), 49 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227a94"), 50 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 51 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 52 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 53 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 54 | ("ROP_MENU_APT_ISREGISTERED", "0x222458"), 55 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180558"), 56 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 57 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 58 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 59 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2313c8"), 60 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 61 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 62 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd24"), 63 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518f8"), 64 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x2180d4"), 65 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145ea0"), 66 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 67 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 68 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215b60"), 69 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 70 | ("ROP_MENU_MEMCPY", "0x235e38"), 71 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 72 | ("ROP_MENU_FOPEN", "0x22bcc0"), 73 | ("ROP_MENU_FWRITE", "0x220eb0"), 74 | ("ROP_MENU_FSEEK", "0x22163c"), 75 | ("ROP_MENU_FCLOSE", "0x22fa58"), 76 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 77 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 78 | ("MENU_CFGS_HANDLE", "0x33c280"), 79 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 80 | ("MENU_NSS_HANDLE", "0x32e040"), 81 | ("MENU_APT_HANDLE", "0x32e9cc"), 82 | ("MENU_FS_HANDLE", "0x32dfd8"), 83 | ("MENU_SRV_HANDLE", "0x33b14c"), 84 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 85 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 86 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 87 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 88 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 89 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 90 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 91 | ] 92 | -------------------------------------------------------------------------------- /menu_ropdb/12288_kor_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157950"), 4 | ("ROP_MENU_POP_R1PC", "0x2371b8"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150544"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3ec"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 14 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 15 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 16 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2fc"), 17 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155234"), 18 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a40"), 19 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 20 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 21 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 22 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 23 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204948"), 24 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 25 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8110"), 26 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 27 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e968"), 28 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75a0"), 29 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eac0"), 30 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 31 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f74c"), 32 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 33 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 34 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 35 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 36 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 37 | ("ROP_MENU_CONTROLMEMORY", "0x2358a8"), 38 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 39 | ("ROP_MENU_APT_OPENSESSION", "0x23690c"), 40 | ("ROP_MENU_APT_CLOSESESSION", "0x23689c"), 41 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 42 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 43 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x146088"), 44 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 45 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 46 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 47 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227adc"), 49 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227a94"), 50 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 51 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 52 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 53 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 54 | ("ROP_MENU_APT_ISREGISTERED", "0x222458"), 55 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180558"), 56 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 57 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 58 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 59 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2313c8"), 60 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 61 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 62 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd24"), 63 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518f8"), 64 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x2180d4"), 65 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145ea0"), 66 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 67 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 68 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215b60"), 69 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 70 | ("ROP_MENU_MEMCPY", "0x235e38"), 71 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 72 | ("ROP_MENU_FOPEN", "0x22bcc0"), 73 | ("ROP_MENU_FWRITE", "0x220eb0"), 74 | ("ROP_MENU_FSEEK", "0x22163c"), 75 | ("ROP_MENU_FCLOSE", "0x22fa58"), 76 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 77 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 78 | ("MENU_CFGS_HANDLE", "0x33c280"), 79 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 80 | ("MENU_NSS_HANDLE", "0x32e040"), 81 | ("MENU_APT_HANDLE", "0x32e9cc"), 82 | ("MENU_FS_HANDLE", "0x32dfd8"), 83 | ("MENU_SRV_HANDLE", "0x33b14c"), 84 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 85 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 86 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 87 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 88 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 89 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 90 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 91 | ] 92 | -------------------------------------------------------------------------------- /menu_ropdb/13312_kor_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157968"), 4 | ("ROP_MENU_POP_R1PC", "0x2371d0"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15055c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d404"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 14 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 15 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 16 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e314"), 17 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15524c"), 18 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a58"), 19 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 20 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 21 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 22 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 23 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204960"), 24 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 25 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8128"), 26 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 27 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e980"), 28 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75b8"), 29 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13ead8"), 30 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 31 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f764"), 32 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 33 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 34 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 35 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 36 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 37 | ("ROP_MENU_CONTROLMEMORY", "0x2358c0"), 38 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 39 | ("ROP_MENU_APT_OPENSESSION", "0x236924"), 40 | ("ROP_MENU_APT_CLOSESESSION", "0x2368b4"), 41 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 42 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 43 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x1460a0"), 44 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 45 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 46 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 47 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227af4"), 49 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227aac"), 50 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 51 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 52 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 53 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 54 | ("ROP_MENU_APT_ISREGISTERED", "0x222470"), 55 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180570"), 56 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 57 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 58 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 59 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2313e0"), 60 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 61 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 62 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd3c"), 63 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x151910"), 64 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x2180ec"), 65 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145eb8"), 66 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 67 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 68 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215b78"), 69 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 70 | ("ROP_MENU_MEMCPY", "0x235e50"), 71 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 72 | ("ROP_MENU_FOPEN", "0x22bcd8"), 73 | ("ROP_MENU_FWRITE", "0x220ec8"), 74 | ("ROP_MENU_FSEEK", "0x221654"), 75 | ("ROP_MENU_FCLOSE", "0x22fa70"), 76 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 77 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 78 | ("MENU_CFGS_HANDLE", "0x33c280"), 79 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 80 | ("MENU_NSS_HANDLE", "0x32e040"), 81 | ("MENU_APT_HANDLE", "0x32e9cc"), 82 | ("MENU_FS_HANDLE", "0x32dfd8"), 83 | ("MENU_SRV_HANDLE", "0x33b14c"), 84 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 85 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 86 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 87 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 88 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 89 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 90 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 91 | ] 92 | -------------------------------------------------------------------------------- /menu_ropdb/14336_kor_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157968"), 4 | ("ROP_MENU_POP_R1PC", "0x2371d0"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15055c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d404"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 14 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 15 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 16 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e314"), 17 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15524c"), 18 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a58"), 19 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 20 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 21 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 22 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 23 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204960"), 24 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 25 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8158"), 26 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 27 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e980"), 28 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75b8"), 29 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13ead8"), 30 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 31 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f764"), 32 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 33 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 34 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 35 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 36 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 37 | ("ROP_MENU_CONTROLMEMORY", "0x2358c0"), 38 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 39 | ("ROP_MENU_APT_OPENSESSION", "0x236924"), 40 | ("ROP_MENU_APT_CLOSESESSION", "0x2368b4"), 41 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 42 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 43 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x1460a0"), 44 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 45 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 46 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 47 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227af4"), 49 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227aac"), 50 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 51 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 52 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 53 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 54 | ("ROP_MENU_APT_ISREGISTERED", "0x222470"), 55 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180570"), 56 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 57 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 58 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 59 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2313e0"), 60 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 61 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 62 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd3c"), 63 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x151910"), 64 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x2180ec"), 65 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145eb8"), 66 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 67 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 68 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215b78"), 69 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 70 | ("ROP_MENU_MEMCPY", "0x235e50"), 71 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 72 | ("ROP_MENU_FOPEN", "0x22bcd8"), 73 | ("ROP_MENU_FWRITE", "0x220ec8"), 74 | ("ROP_MENU_FSEEK", "0x221654"), 75 | ("ROP_MENU_FCLOSE", "0x22fa70"), 76 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 77 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 78 | ("MENU_CFGS_HANDLE", "0x33c280"), 79 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 80 | ("MENU_NSS_HANDLE", "0x32e040"), 81 | ("MENU_APT_HANDLE", "0x32e9cc"), 82 | ("MENU_FS_HANDLE", "0x32dfd8"), 83 | ("MENU_SRV_HANDLE", "0x33b14c"), 84 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 85 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 86 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 87 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 88 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 89 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 90 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 91 | ] 92 | -------------------------------------------------------------------------------- /menu_ropdb/6166_kor_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x1576d4"), 4 | ("ROP_MENU_POP_R1PC", "0x236fd4"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x1502c8"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d170"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 14 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 15 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f62c"), 16 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e12c"), 17 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x154fb8"), 18 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x1955cc"), 19 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b330"), 20 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 21 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10afe4"), 22 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f1a4"), 23 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204514"), 24 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13386c"), 25 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8488"), 26 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 27 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e784"), 28 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a712c"), 29 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e8f0"), 30 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 31 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f4dc"), 32 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11876c"), 33 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 34 | ("ROP_MENU_SLEEPTHREAD", "0x12b0a0"), 35 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11876c"), 36 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b01c"), 37 | ("ROP_MENU_CONTROLMEMORY", "0x2356c4"), 38 | ("ROP_MENU_CONNECTTOPORT", "0x118754"), 39 | ("ROP_MENU_APT_OPENSESSION", "0x236728"), 40 | ("ROP_MENU_APT_CLOSESESSION", "0x2366b8"), 41 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e58c"), 42 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6fc"), 43 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145eb8"), 44 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e92c"), 45 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139398"), 46 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139450"), 47 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a43c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x2278ec"), 49 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2278a4"), 50 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9f0"), 51 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aa20"), 52 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e788"), 53 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea58"), 54 | ("ROP_MENU_APT_ISREGISTERED", "0x222284"), 55 | ("ROP_MENU_APT_SENDDELIVERARG", "0x1800e4"), 56 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab0c"), 57 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a86c"), 58 | ("ROP_MENU_NSS_REBOOT", "0x1373ec"), 59 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2311f0"), 60 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e078"), 61 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138ee8"), 62 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14baa8"), 63 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x15167c"), 64 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217f00"), 65 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145cd0"), 66 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a70"), 67 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c508"), 68 | ("ROP_MENU_SRV_SUBSCRIBE", "0x21598c"), 69 | ("ROP_MENU_SRV_GETHANDLE", "0x10f6e4"), 70 | ("ROP_MENU_MEMCPY", "0x235c54"), 71 | ("ROP_MENU_MOUNTSDMC", "0x118bc4"), 72 | ("ROP_MENU_FOPEN", "0x22ba50"), 73 | ("ROP_MENU_FWRITE", "0x220cdc"), 74 | ("ROP_MENU_FSEEK", "0x221468"), 75 | ("ROP_MENU_FCLOSE", "0x22f7e8"), 76 | ("MENU_DSP_BINARY_AFTERSIG", "0x32fe54"), 77 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 78 | ("MENU_CFGS_HANDLE", "0x33d288"), 79 | ("MENU_AMSYS_HANDLE", "0x32f9a4"), 80 | ("MENU_NSS_HANDLE", "0x32f048"), 81 | ("MENU_APT_HANDLE", "0x32f9d4"), 82 | ("MENU_FS_HANDLE", "0x32efe0"), 83 | ("MENU_SRV_HANDLE", "0x33c154"), 84 | ("MENU_NEWSS_HANDLE", "0x33d294"), 85 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x369d70"), 86 | ("MENU_PTMSYSM_HANDLE", "0x32f07c"), 87 | ("MENU_GSPLCD_HANDLE", "0x33bfdc"), 88 | ("MENU_DSP_HANDLE_STRUCT", "0x32ef68"), 89 | ("MENU_GSPGPU_HANDLE", "0x33bfd8"), 90 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32d580"), 91 | ] 92 | -------------------------------------------------------------------------------- /menu_ropdb/7175_kor_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157818"), 4 | ("ROP_MENU_POP_R1PC", "0x236d64"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15040c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2b4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 14 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 15 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5d0"), 16 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1c4"), 17 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x1550fc"), 18 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x1958e8"), 19 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b298"), 20 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 21 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af4c"), 22 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f148"), 23 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x2044ec"), 24 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133810"), 25 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7d04"), 26 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 27 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e530"), 28 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7448"), 29 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e988"), 30 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 31 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f274"), 32 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118710"), 33 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 34 | ("ROP_MENU_SLEEPTHREAD", "0x12b044"), 35 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118710"), 36 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afc0"), 37 | ("ROP_MENU_CONTROLMEMORY", "0x235454"), 38 | ("ROP_MENU_CONNECTTOPORT", "0x1186f8"), 39 | ("ROP_MENU_APT_OPENSESSION", "0x2364b8"), 40 | ("ROP_MENU_APT_CLOSESESSION", "0x236448"), 41 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e530"), 42 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6a0"), 43 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f50"), 44 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8d0"), 45 | ("ROP_MENU_APT_STARTAPPLICATION", "0x13933c"), 46 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x1393f4"), 47 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a3e0"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227684"), 49 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x22763c"), 50 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a994"), 51 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9c4"), 52 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e72c"), 53 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12e9fc"), 54 | ("ROP_MENU_APT_ISREGISTERED", "0x222020"), 55 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180400"), 56 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aab0"), 57 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a810"), 58 | ("ROP_MENU_NSS_REBOOT", "0x137390"), 59 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x230f74"), 60 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e01c"), 61 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138e8c"), 62 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bbec"), 63 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517c0"), 64 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217c9c"), 65 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d68"), 66 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a14"), 67 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4ac"), 68 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215728"), 69 | ("ROP_MENU_SRV_GETHANDLE", "0x10f600"), 70 | ("ROP_MENU_MEMCPY", "0x2359e4"), 71 | ("ROP_MENU_MOUNTSDMC", "0x118b68"), 72 | ("ROP_MENU_FOPEN", "0x22b7e8"), 73 | ("ROP_MENU_FWRITE", "0x220a78"), 74 | ("ROP_MENU_FSEEK", "0x221204"), 75 | ("ROP_MENU_FCLOSE", "0x22f580"), 76 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 77 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 78 | ("MENU_CFGS_HANDLE", "0x33c280"), 79 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 80 | ("MENU_NSS_HANDLE", "0x32e040"), 81 | ("MENU_APT_HANDLE", "0x32e9cc"), 82 | ("MENU_FS_HANDLE", "0x32dfd8"), 83 | ("MENU_SRV_HANDLE", "0x33b14c"), 84 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 85 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 86 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 87 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 88 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 89 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 90 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 91 | ] 92 | -------------------------------------------------------------------------------- /menu_ropdb/8192_kor_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157848"), 4 | ("ROP_MENU_POP_R1PC", "0x236ddc"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15043c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2e4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 14 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 15 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5fc"), 16 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1f0"), 17 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15512c"), 18 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195918"), 19 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b2c4"), 20 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 21 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af78"), 22 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f174"), 23 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204564"), 24 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13383c"), 25 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7df4"), 26 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 27 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e5a8"), 28 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7478"), 29 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e9b4"), 30 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 31 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f2ec"), 32 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11873c"), 33 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 34 | ("ROP_MENU_SLEEPTHREAD", "0x12b070"), 35 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11873c"), 36 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afec"), 37 | ("ROP_MENU_CONTROLMEMORY", "0x2354cc"), 38 | ("ROP_MENU_CONNECTTOPORT", "0x118724"), 39 | ("ROP_MENU_APT_OPENSESSION", "0x236530"), 40 | ("ROP_MENU_APT_CLOSESESSION", "0x2364c0"), 41 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e55c"), 42 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6cc"), 43 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f7c"), 44 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8fc"), 45 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139368"), 46 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139420"), 47 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a40c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x2276fc"), 49 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2276b4"), 50 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9c0"), 51 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9f0"), 52 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e758"), 53 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea28"), 54 | ("ROP_MENU_APT_ISREGISTERED", "0x222098"), 55 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180430"), 56 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aadc"), 57 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a83c"), 58 | ("ROP_MENU_NSS_REBOOT", "0x1373bc"), 59 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x230fec"), 60 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e048"), 61 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138eb8"), 62 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bc1c"), 63 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517f0"), 64 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217d14"), 65 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d94"), 66 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a40"), 67 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4d8"), 68 | ("ROP_MENU_SRV_SUBSCRIBE", "0x2157a0"), 69 | ("ROP_MENU_SRV_GETHANDLE", "0x10f62c"), 70 | ("ROP_MENU_MEMCPY", "0x235a5c"), 71 | ("ROP_MENU_MOUNTSDMC", "0x118b94"), 72 | ("ROP_MENU_FOPEN", "0x22b860"), 73 | ("ROP_MENU_FWRITE", "0x220af0"), 74 | ("ROP_MENU_FSEEK", "0x22127c"), 75 | ("ROP_MENU_FCLOSE", "0x22f5f8"), 76 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 77 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 78 | ("MENU_CFGS_HANDLE", "0x33c280"), 79 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 80 | ("MENU_NSS_HANDLE", "0x32e040"), 81 | ("MENU_APT_HANDLE", "0x32e9cc"), 82 | ("MENU_FS_HANDLE", "0x32dfd8"), 83 | ("MENU_SRV_HANDLE", "0x33b14c"), 84 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 85 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 86 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 87 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 88 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 89 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 90 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 91 | ] 92 | -------------------------------------------------------------------------------- /menu_ropdb/9216_kor_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157848"), 4 | ("ROP_MENU_POP_R1PC", "0x236ddc"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15043c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2e4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 14 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 15 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5fc"), 16 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1f0"), 17 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15512c"), 18 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195918"), 19 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b2c4"), 20 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 21 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af78"), 22 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f174"), 23 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204564"), 24 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13383c"), 25 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7e08"), 26 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 27 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e5a8"), 28 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7478"), 29 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e9b4"), 30 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 31 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f2ec"), 32 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11873c"), 33 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 34 | ("ROP_MENU_SLEEPTHREAD", "0x12b070"), 35 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11873c"), 36 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afec"), 37 | ("ROP_MENU_CONTROLMEMORY", "0x2354cc"), 38 | ("ROP_MENU_CONNECTTOPORT", "0x118724"), 39 | ("ROP_MENU_APT_OPENSESSION", "0x236530"), 40 | ("ROP_MENU_APT_CLOSESESSION", "0x2364c0"), 41 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e55c"), 42 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6cc"), 43 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f7c"), 44 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8fc"), 45 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139368"), 46 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139420"), 47 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a40c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x2276fc"), 49 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2276b4"), 50 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9c0"), 51 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9f0"), 52 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e758"), 53 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea28"), 54 | ("ROP_MENU_APT_ISREGISTERED", "0x222098"), 55 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180430"), 56 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aadc"), 57 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a83c"), 58 | ("ROP_MENU_NSS_REBOOT", "0x1373bc"), 59 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x230fec"), 60 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e048"), 61 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138eb8"), 62 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bc1c"), 63 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517f0"), 64 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217d14"), 65 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d94"), 66 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a40"), 67 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4d8"), 68 | ("ROP_MENU_SRV_SUBSCRIBE", "0x2157a0"), 69 | ("ROP_MENU_SRV_GETHANDLE", "0x10f62c"), 70 | ("ROP_MENU_MEMCPY", "0x235a5c"), 71 | ("ROP_MENU_MOUNTSDMC", "0x118b94"), 72 | ("ROP_MENU_FOPEN", "0x22b860"), 73 | ("ROP_MENU_FWRITE", "0x220af0"), 74 | ("ROP_MENU_FSEEK", "0x22127c"), 75 | ("ROP_MENU_FCLOSE", "0x22f5f8"), 76 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 77 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 78 | ("MENU_CFGS_HANDLE", "0x33c280"), 79 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 80 | ("MENU_NSS_HANDLE", "0x32e040"), 81 | ("MENU_APT_HANDLE", "0x32e9cc"), 82 | ("MENU_FS_HANDLE", "0x32dfd8"), 83 | ("MENU_SRV_HANDLE", "0x33b14c"), 84 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 85 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 86 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 87 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 88 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 89 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 90 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 91 | ] 92 | -------------------------------------------------------------------------------- /menu_ropdb/11272_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x102028"), 3 | ("ROP_MENU_POP_R0PC", "0x157554"), 4 | ("ROP_MENU_POP_R1PC", "0x2149f0"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150108"), 6 | ("ROP_MENU_POP_R4PC", "0x101be4"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102468"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b90"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101ebc"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103bc0"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15cff0"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x100000"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1058ac"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fdc"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x123260"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13ef40"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x154e9c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x19495c"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b4b4"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102950"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10b168"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x122e1c"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x1e5948"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x137378"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2b0ee4"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x102310"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x1fc154"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a6484"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13f748"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102b50"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x20be60"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11c55c"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a54"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12e64c"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11c55c"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x14fe8c"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x212df0"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x11c544"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x2141c8"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x214158"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x131914"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x131a84"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x14745c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x131c98"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x13b764"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x131c68"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11df1c"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x205e64"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x205e1c"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11e5a8"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11e5d8"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x131b10"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x131dc4"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x1ffe04"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x17f430"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11e6c4"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11e3d8"), 59 | ("ROP_MENU_NSS_REBOOT", "0x139878"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x20e6a8"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x13148c"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x13b2b4"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14d854"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x15143c"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x1f5f78"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x147274"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x139f70"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12fba0"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x1f3808"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f878"), 71 | ("ROP_MENU_MEMCPY", "0x213380"), 72 | ("ROP_MENU_MOUNTSDMC", "0x11c9b4"), 73 | ("ROP_MENU_FOPEN", "0x209f88"), 74 | ("ROP_MENU_FWRITE", "0x1fe7e4"), 75 | ("ROP_MENU_FSEEK", "0x1ff018"), 76 | ("ROP_MENU_FCLOSE", "0x20c1b0"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x2f2d54"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x2ffff0"), 80 | ("MENU_AMSYS_HANDLE", "0x2f28a4"), 81 | ("MENU_NSS_HANDLE", "0x2f1f98"), 82 | ("MENU_APT_HANDLE", "0x2f28d4"), 83 | ("MENU_FS_HANDLE", "0x2f1f30"), 84 | ("MENU_SRV_HANDLE", "0x2ff048"), 85 | ("MENU_NEWSS_HANDLE", "0x2ffffc"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x331c58"), 87 | ("MENU_PTMSYSM_HANDLE", "0x2f1fcc"), 88 | ("MENU_GSPLCD_HANDLE", "0x2feedc"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x2f1ebc"), 90 | ("MENU_GSPGPU_HANDLE", "0x2feed8"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x2f0580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/12288_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x102028"), 3 | ("ROP_MENU_POP_R0PC", "0x1575ac"), 4 | ("ROP_MENU_POP_R1PC", "0x214988"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150160"), 6 | ("ROP_MENU_POP_R4PC", "0x101be4"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102468"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b90"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101ebc"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103bc0"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d048"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x100000"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1058ac"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fdc"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x123260"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13ef9c"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x154ef4"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x1949b4"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b4b4"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102950"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10b168"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x122e1c"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x1e58e0"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x137378"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2b0dbc"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x102310"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x1fc0ec"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a64dc"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13f7a4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102b50"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x20bdf8"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11c55c"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a54"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12e64c"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11c55c"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x14fee4"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x212d88"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x11c544"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x214160"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2140f0"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x131914"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x131a84"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x1474b8"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x131c98"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x13b764"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x131c68"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11df1c"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x205dfc"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x205db4"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11e5a8"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11e5d8"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x131b10"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x131dc4"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x1ffd9c"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x17f488"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11e6c4"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11e3d8"), 59 | ("ROP_MENU_NSS_REBOOT", "0x139878"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x20e640"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x13148c"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x13b2b4"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14d8ac"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x151494"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x1f5f10"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x1472d0"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x139f70"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12fba0"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x1f37a0"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f878"), 71 | ("ROP_MENU_MEMCPY", "0x213318"), 72 | ("ROP_MENU_MOUNTSDMC", "0x11c9b4"), 73 | ("ROP_MENU_FOPEN", "0x209f20"), 74 | ("ROP_MENU_FWRITE", "0x1fe77c"), 75 | ("ROP_MENU_FSEEK", "0x1fefb0"), 76 | ("ROP_MENU_FCLOSE", "0x20c148"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x2f1d54"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x2feff0"), 80 | ("MENU_AMSYS_HANDLE", "0x2f18a4"), 81 | ("MENU_NSS_HANDLE", "0x2f0f98"), 82 | ("MENU_APT_HANDLE", "0x2f18d4"), 83 | ("MENU_FS_HANDLE", "0x2f0f30"), 84 | ("MENU_SRV_HANDLE", "0x2fe048"), 85 | ("MENU_NEWSS_HANDLE", "0x2feffc"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x330c58"), 87 | ("MENU_PTMSYSM_HANDLE", "0x2f0fcc"), 88 | ("MENU_GSPLCD_HANDLE", "0x2fdedc"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x2f0ebc"), 90 | ("MENU_GSPGPU_HANDLE", "0x2fded8"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x2ef580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/13330_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10203c"), 3 | ("ROP_MENU_POP_R0PC", "0x154f0c"), 4 | ("ROP_MENU_POP_R1PC", "0x2262bc"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x1512c4"), 6 | ("ROP_MENU_POP_R4PC", "0x101be8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102470"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b94"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101ed0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103bbc"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15a9a8"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x100000"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fdc"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x1235cc"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13cb84"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x1525c8"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x192ac4"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b3f8"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x10296c"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10b0ac"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x123144"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x1f3774"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x1345a8"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2d09c8"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x102324"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x20a4e8"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a4624"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13d348"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102b6c"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x21d8d4"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11c674"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a54"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b590"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11c674"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x1361a4"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2246d4"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x11c65c"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x225a78"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x225a08"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e910"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12ea80"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x144310"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ec94"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x1388fc"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x12ec64"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11e0e0"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x214d0c"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x214cc4"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11e754"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11e784"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12eb0c"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12edc0"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x20e630"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x17d598"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11e870"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11e584"), 59 | ("ROP_MENU_NSS_REBOOT", "0x136a10"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x22024c"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e488"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x13844c"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14aeec"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x14e950"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x204458"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x144128"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137108"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12caf8"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x201e1c"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f900"), 71 | ("ROP_MENU_MEMCPY", "0x224c64"), 72 | ("ROP_MENU_MOUNTSDMC", "0x11cacc"), 73 | ("ROP_MENU_FOPEN", "0x218c3c"), 74 | ("ROP_MENU_FWRITE", "0x20d098"), 75 | ("ROP_MENU_FSEEK", "0x20d844"), 76 | ("ROP_MENU_FCLOSE", "0x21dcdc"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x314dec"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x322214"), 80 | ("MENU_AMSYS_HANDLE", "0x314940"), 81 | ("MENU_NSS_HANDLE", "0x314018"), 82 | ("MENU_APT_HANDLE", "0x314970"), 83 | ("MENU_FS_HANDLE", "0x313fb0"), 84 | ("MENU_SRV_HANDLE", "0x3210ec"), 85 | ("MENU_NEWSS_HANDLE", "0x322220"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x354e90"), 87 | ("MENU_PTMSYSM_HANDLE", "0x31404c"), 88 | ("MENU_GSPLCD_HANDLE", "0x320f74"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x313f38"), 90 | ("MENU_GSPGPU_HANDLE", "0x320f70"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x312580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/14336_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10203c"), 3 | ("ROP_MENU_POP_R0PC", "0x154f0c"), 4 | ("ROP_MENU_POP_R1PC", "0x22629c"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x1512c4"), 6 | ("ROP_MENU_POP_R4PC", "0x101be8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102470"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b94"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101ed0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103bbc"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15a9a8"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x100000"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fdc"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x1235cc"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13cb84"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x1525c8"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x192ac4"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b3f8"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x10296c"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10b0ac"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x123144"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x1f3774"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x1345a8"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2d09ec"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x102324"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x20a4e8"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a4624"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13d348"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102b6c"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x21d8b4"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11c674"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a54"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b590"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11c674"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x1361a4"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2246b4"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x11c65c"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x225a58"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2259e8"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e910"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12ea80"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x144310"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ec94"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x1388fc"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x12ec64"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11e0e0"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x214d0c"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x214cc4"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11e754"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11e784"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12eb0c"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12edc0"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x20e630"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x17d598"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11e870"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11e584"), 59 | ("ROP_MENU_NSS_REBOOT", "0x136a10"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x22022c"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e488"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x13844c"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14aeec"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x14e950"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x204458"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x144128"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137108"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12caf8"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x201e1c"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f900"), 71 | ("ROP_MENU_MEMCPY", "0x224c44"), 72 | ("ROP_MENU_MOUNTSDMC", "0x11cacc"), 73 | ("ROP_MENU_FOPEN", "0x218c1c"), 74 | ("ROP_MENU_FWRITE", "0x20d098"), 75 | ("ROP_MENU_FSEEK", "0x20d844"), 76 | ("ROP_MENU_FCLOSE", "0x21dcbc"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x314dec"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x322214"), 80 | ("MENU_AMSYS_HANDLE", "0x314940"), 81 | ("MENU_NSS_HANDLE", "0x314018"), 82 | ("MENU_APT_HANDLE", "0x314970"), 83 | ("MENU_FS_HANDLE", "0x313fb0"), 84 | ("MENU_SRV_HANDLE", "0x3210ec"), 85 | ("MENU_NEWSS_HANDLE", "0x322220"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x354e90"), 87 | ("MENU_PTMSYSM_HANDLE", "0x31404c"), 88 | ("MENU_GSPLCD_HANDLE", "0x320f74"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x313f38"), 90 | ("MENU_GSPGPU_HANDLE", "0x320f70"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x312580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/15360_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10203c"), 3 | ("ROP_MENU_POP_R0PC", "0x154ef0"), 4 | ("ROP_MENU_POP_R1PC", "0x226264"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x1512b4"), 6 | ("ROP_MENU_POP_R4PC", "0x101be8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102470"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b94"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101ed0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103bbc"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15a98c"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x100000"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fdc"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x1235c0"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13cb78"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x1525ac"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x192aa8"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b3f8"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x10296c"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10b0ac"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x123138"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x1f3758"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13459c"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2d09b4"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x102324"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x20a474"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a4608"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13d33c"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102b6c"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x21d840"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11c668"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a54"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b584"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11c668"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x136198"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x22467c"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x11c650"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x225a20"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2259b0"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e904"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12ea74"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x144304"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ec88"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x1388f0"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x12ec58"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11e0d4"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x214c98"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x214c50"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11e748"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11e778"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12eb00"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12edb4"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x20e5bc"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x17d57c"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11e864"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11e578"), 59 | ("ROP_MENU_NSS_REBOOT", "0x136a04"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2201b8"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e47c"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138440"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14aedc"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x14e940"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x20443c"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x14411c"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x1370fc"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12caec"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x201e00"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f900"), 71 | ("ROP_MENU_MEMCPY", "0x224c0c"), 72 | ("ROP_MENU_MOUNTSDMC", "0x11cac0"), 73 | ("ROP_MENU_FOPEN", "0x218ba8"), 74 | ("ROP_MENU_FWRITE", "0x20d024"), 75 | ("ROP_MENU_FSEEK", "0x20d7d0"), 76 | ("ROP_MENU_FCLOSE", "0x21dc48"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x314dec"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x322214"), 80 | ("MENU_AMSYS_HANDLE", "0x314940"), 81 | ("MENU_NSS_HANDLE", "0x314018"), 82 | ("MENU_APT_HANDLE", "0x314970"), 83 | ("MENU_FS_HANDLE", "0x313fb0"), 84 | ("MENU_SRV_HANDLE", "0x3210ec"), 85 | ("MENU_NEWSS_HANDLE", "0x322220"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x354e90"), 87 | ("MENU_PTMSYSM_HANDLE", "0x31404c"), 88 | ("MENU_GSPLCD_HANDLE", "0x320f74"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x313f38"), 90 | ("MENU_GSPGPU_HANDLE", "0x320f70"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x312580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/16404_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x1576d4"), 4 | ("ROP_MENU_POP_R1PC", "0x237040"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x1502c8"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d170"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x1558d4"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f62c"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e12c"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x154fb8"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x1955cc"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b330"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10afe4"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f1a4"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204584"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13386c"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e85f4"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e7f4"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a712c"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e8f0"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f548"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11876c"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b0a0"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11876c"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b01c"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235730"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118754"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236794"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236724"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e58c"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6fc"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145eb8"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e92c"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139398"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139450"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a43c"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x22795c"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227914"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9f0"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aa20"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e788"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea58"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2222f4"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x1800e4"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab0c"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a86c"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1373ec"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x23125c"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e078"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138ee8"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14baa8"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x15167c"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217f70"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145cd0"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a70"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c508"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x2159fc"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f6e4"), 71 | ("ROP_MENU_MEMCPY", "0x235cc0"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118bc4"), 73 | ("ROP_MENU_FOPEN", "0x22babc"), 74 | ("ROP_MENU_FWRITE", "0x220d4c"), 75 | ("ROP_MENU_FSEEK", "0x2214d8"), 76 | ("ROP_MENU_FCLOSE", "0x22f854"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32fe54"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33d288"), 80 | ("MENU_AMSYS_HANDLE", "0x32f9a4"), 81 | ("MENU_NSS_HANDLE", "0x32f048"), 82 | ("MENU_APT_HANDLE", "0x32f9d4"), 83 | ("MENU_FS_HANDLE", "0x32efe0"), 84 | ("MENU_SRV_HANDLE", "0x33c154"), 85 | ("MENU_NEWSS_HANDLE", "0x33d294"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x369d70"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32f07c"), 88 | ("MENU_GSPLCD_HANDLE", "0x33bfdc"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32ef68"), 90 | ("MENU_GSPGPU_HANDLE", "0x33bfd8"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32d580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/17415_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157818"), 4 | ("ROP_MENU_POP_R1PC", "0x236efc"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15040c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2b4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155a18"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5d0"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1c4"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x1550fc"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x1958e8"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b298"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af4c"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f148"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204688"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133810"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7f98"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e6cc"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7448"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e988"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f40c"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118710"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b044"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118710"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afc0"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2355ec"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x1186f8"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236650"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2365e0"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e530"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6a0"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f50"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8d0"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x13933c"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x1393f4"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a3e0"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227820"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2277d8"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a994"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9c4"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e72c"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12e9fc"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2221bc"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180400"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aab0"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a810"), 59 | ("ROP_MENU_NSS_REBOOT", "0x137390"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x23110c"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e01c"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138e8c"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bbec"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517c0"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217e38"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d68"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a14"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4ac"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x2158c4"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f600"), 71 | ("ROP_MENU_MEMCPY", "0x235b7c"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118b68"), 73 | ("ROP_MENU_FOPEN", "0x22b980"), 74 | ("ROP_MENU_FWRITE", "0x220c14"), 75 | ("ROP_MENU_FSEEK", "0x2213a0"), 76 | ("ROP_MENU_FCLOSE", "0x22f718"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/19456_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157848"), 4 | ("ROP_MENU_POP_R1PC", "0x237004"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15043c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2e4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155a48"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5fc"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1f0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15512c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195918"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b2c4"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af78"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f174"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204790"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13383c"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e806c"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e7d4"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7478"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e9b4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f514"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11873c"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b070"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11873c"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afec"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2356f4"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118724"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236758"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2366e8"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e55c"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6cc"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f7c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8fc"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139368"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139420"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a40c"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227928"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2278e0"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9c0"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9f0"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e758"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea28"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2222c4"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180430"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aadc"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a83c"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1373bc"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x231214"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e048"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138eb8"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bc1c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517f0"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217f40"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d94"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a40"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4d8"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x2159cc"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f62c"), 71 | ("ROP_MENU_MEMCPY", "0x235c84"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118b94"), 73 | ("ROP_MENU_FOPEN", "0x22ba88"), 74 | ("ROP_MENU_FWRITE", "0x220d1c"), 75 | ("ROP_MENU_FSEEK", "0x2214a8"), 76 | ("ROP_MENU_FCLOSE", "0x22f820"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/20480_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157848"), 4 | ("ROP_MENU_POP_R1PC", "0x237020"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15043c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2e4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155a48"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5fc"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1f0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15512c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195918"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b2c4"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af78"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f174"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x2047ac"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13383c"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8088"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e7f0"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7478"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e9b4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f530"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11873c"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b070"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11873c"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afec"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235710"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118724"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236774"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236704"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e55c"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6cc"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f7c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8fc"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139368"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139420"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a40c"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227944"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2278fc"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9c0"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9f0"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e758"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea28"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2222e0"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180430"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aadc"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a83c"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1373bc"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x231230"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e048"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138eb8"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bc1c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517f0"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217f5c"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d94"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a40"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4d8"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x2159e8"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f62c"), 71 | ("ROP_MENU_MEMCPY", "0x235ca0"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118b94"), 73 | ("ROP_MENU_FOPEN", "0x22baa4"), 74 | ("ROP_MENU_FWRITE", "0x220d38"), 75 | ("ROP_MENU_FSEEK", "0x2214c4"), 76 | ("ROP_MENU_FCLOSE", "0x22f83c"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/21504_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157848"), 4 | ("ROP_MENU_POP_R1PC", "0x237020"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15043c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2e4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155a48"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5fc"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1f0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15512c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195918"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b2c4"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af78"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f174"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x2047ac"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13383c"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e809c"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e7f0"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7478"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e9b4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f530"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11873c"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b070"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11873c"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afec"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235710"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118724"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236774"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236704"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e55c"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6cc"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f7c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8fc"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139368"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139420"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a40c"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227944"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2278fc"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9c0"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9f0"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e758"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea28"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2222e0"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180430"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aadc"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a83c"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1373bc"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x231230"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e048"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138eb8"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bc1c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517f0"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217f5c"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d94"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a40"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4d8"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x2159e8"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f62c"), 71 | ("ROP_MENU_MEMCPY", "0x235ca0"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118b94"), 73 | ("ROP_MENU_FOPEN", "0x22baa4"), 74 | ("ROP_MENU_FWRITE", "0x220d38"), 75 | ("ROP_MENU_FSEEK", "0x2214c4"), 76 | ("ROP_MENU_FCLOSE", "0x22f83c"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/22528_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157848"), 4 | ("ROP_MENU_POP_R1PC", "0x237050"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15043c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2e4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155a48"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5fc"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1f0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15512c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195918"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b2c4"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af78"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f174"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x2047dc"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13383c"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e806c"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e820"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7478"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e9b4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f560"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11873c"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b070"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11873c"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afec"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235740"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118724"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x2367a4"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236734"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e55c"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6cc"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f7c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8fc"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139368"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139420"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a40c"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227974"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x22792c"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9c0"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9f0"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e758"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea28"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x222310"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180430"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aadc"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a83c"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1373bc"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x231260"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e048"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138eb8"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bc1c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517f0"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217f8c"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d94"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a40"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4d8"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215a18"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f62c"), 71 | ("ROP_MENU_MEMCPY", "0x235cd0"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118b94"), 73 | ("ROP_MENU_FOPEN", "0x22bad4"), 74 | ("ROP_MENU_FWRITE", "0x220d68"), 75 | ("ROP_MENU_FSEEK", "0x2214f4"), 76 | ("ROP_MENU_FCLOSE", "0x22f86c"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/23554_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157950"), 4 | ("ROP_MENU_POP_R1PC", "0x2372b4"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150544"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3ec"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b50"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2fc"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155234"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a40"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204a48"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8398"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21ea68"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75a0"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eac0"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f848"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2359a4"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236a08"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236998"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x146088"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227bdc"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227b94"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x222558"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180558"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2314c4"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd24"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518f8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x2181d4"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145ea0"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215c60"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 71 | ("ROP_MENU_MEMCPY", "0x235f34"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 73 | ("ROP_MENU_FOPEN", "0x22bdbc"), 74 | ("ROP_MENU_FWRITE", "0x220fb0"), 75 | ("ROP_MENU_FSEEK", "0x22173c"), 76 | ("ROP_MENU_FCLOSE", "0x22fb54"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32fe4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33d280"), 80 | ("MENU_AMSYS_HANDLE", "0x32f99c"), 81 | ("MENU_NSS_HANDLE", "0x32f040"), 82 | ("MENU_APT_HANDLE", "0x32f9cc"), 83 | ("MENU_FS_HANDLE", "0x32efd8"), 84 | ("MENU_SRV_HANDLE", "0x33c14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33d28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x369d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32f074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33bfd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32ef60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33bfd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32d580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/24576_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157950"), 4 | ("ROP_MENU_POP_R1PC", "0x2372b4"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150544"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3ec"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b50"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2fc"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155234"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a40"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204a48"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e83a4"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21ea68"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75a0"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eac0"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f848"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2359a4"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236a08"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236998"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x146088"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227bdc"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227b94"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x222558"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180558"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2314c4"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd24"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518f8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x2181d4"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145ea0"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215c60"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 71 | ("ROP_MENU_MEMCPY", "0x235f34"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 73 | ("ROP_MENU_FOPEN", "0x22bdbc"), 74 | ("ROP_MENU_FWRITE", "0x220fb0"), 75 | ("ROP_MENU_FSEEK", "0x22173c"), 76 | ("ROP_MENU_FCLOSE", "0x22fb54"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32fe4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33d280"), 80 | ("MENU_AMSYS_HANDLE", "0x32f99c"), 81 | ("MENU_NSS_HANDLE", "0x32f040"), 82 | ("MENU_APT_HANDLE", "0x32f9cc"), 83 | ("MENU_FS_HANDLE", "0x32efd8"), 84 | ("MENU_SRV_HANDLE", "0x33c14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33d28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x369d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32f074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33bfd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32ef60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33bfd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32d580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/25600_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157968"), 4 | ("ROP_MENU_POP_R1PC", "0x2372cc"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15055c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d404"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b68"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e314"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15524c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a58"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204a60"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e83bc"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21ea80"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75b8"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13ead8"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f860"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2359bc"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236a20"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2369b0"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x1460a0"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227bf4"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227bac"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x222570"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180570"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2314dc"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd3c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x151910"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x2181ec"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145eb8"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215c78"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 71 | ("ROP_MENU_MEMCPY", "0x235f4c"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 73 | ("ROP_MENU_FOPEN", "0x22bdd4"), 74 | ("ROP_MENU_FWRITE", "0x220fc8"), 75 | ("ROP_MENU_FSEEK", "0x221754"), 76 | ("ROP_MENU_FCLOSE", "0x22fb6c"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32fe4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33d280"), 80 | ("MENU_AMSYS_HANDLE", "0x32f99c"), 81 | ("MENU_NSS_HANDLE", "0x32f040"), 82 | ("MENU_APT_HANDLE", "0x32f9cc"), 83 | ("MENU_FS_HANDLE", "0x32efd8"), 84 | ("MENU_SRV_HANDLE", "0x33c14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33d28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x369d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32f074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33bfd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32ef60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33bfd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32d580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/26624_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157968"), 4 | ("ROP_MENU_POP_R1PC", "0x2372cc"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15055c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d404"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b68"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e314"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15524c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a58"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204a60"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e83ec"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21ea80"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75b8"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13ead8"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f860"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2359bc"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236a20"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2369b0"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x1460a0"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227bf4"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227bac"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x222570"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180570"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2314dc"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd3c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x151910"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x2181ec"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145eb8"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215c78"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 71 | ("ROP_MENU_MEMCPY", "0x235f4c"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 73 | ("ROP_MENU_FOPEN", "0x22bdd4"), 74 | ("ROP_MENU_FWRITE", "0x220fc8"), 75 | ("ROP_MENU_FSEEK", "0x221754"), 76 | ("ROP_MENU_FCLOSE", "0x22fb6c"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32fe4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33d280"), 80 | ("MENU_AMSYS_HANDLE", "0x32f99c"), 81 | ("MENU_NSS_HANDLE", "0x32f040"), 82 | ("MENU_APT_HANDLE", "0x32f9cc"), 83 | ("MENU_FS_HANDLE", "0x32efd8"), 84 | ("MENU_SRV_HANDLE", "0x33c14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33d28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x369d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32f074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33bfd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32ef60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33bfd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32d580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/27649_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157920"), 4 | ("ROP_MENU_POP_R1PC", "0x237344"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150514"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102468"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c94"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3bc"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b20"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057ec"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f684"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2e0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155204"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a10"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b260"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102968"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af14"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f1fc"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204a20"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x1338d4"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8454"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10231c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21ea88"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7570"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eaa4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bbc"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f860"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x1186f0"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b0f8"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x1186f0"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b074"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235a34"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x1186d8"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236a98"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236a28"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e608"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e778"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x14606c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e9a8"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139400"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x1394b8"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a464"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227bf4"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227bac"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9f4"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aa24"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e804"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea94"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x222578"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180528"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab10"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a870"), 59 | ("ROP_MENU_NSS_REBOOT", "0x137454"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2314e0"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e0d0"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138f50"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd0c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518c8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x2181f4"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145e84"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137ad8"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c560"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215c80"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f5e0"), 71 | ("ROP_MENU_MEMCPY", "0x235fc4"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118bec"), 73 | ("ROP_MENU_FOPEN", "0x22bdd4"), 74 | ("ROP_MENU_FWRITE", "0x220fd0"), 75 | ("ROP_MENU_FSEEK", "0x22175c"), 76 | ("ROP_MENU_FCLOSE", "0x22fb6c"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32fe4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33d280"), 80 | ("MENU_AMSYS_HANDLE", "0x32f99c"), 81 | ("MENU_NSS_HANDLE", "0x32f040"), 82 | ("MENU_APT_HANDLE", "0x32f9cc"), 83 | ("MENU_FS_HANDLE", "0x32efd8"), 84 | ("MENU_SRV_HANDLE", "0x33c14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33d28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x369d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32f074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33bfd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32ef60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33bfd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32d580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/15361_kor_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157920"), 4 | ("ROP_MENU_POP_R1PC", "0x237190"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150514"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102468"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c94"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3bc"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b20"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057ec"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f684"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2e0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155204"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a10"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b260"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102968"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af14"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f1fc"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204868"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x1338d4"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e81c0"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10231c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e8d0"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7570"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eaa4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bbc"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f6ac"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x1186f0"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b0f8"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x1186f0"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b074"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235880"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x1186d8"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x2368e4"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236874"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e608"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e778"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x14606c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e9a8"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139400"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x1394b8"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a464"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227a3c"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2279f4"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9f4"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aa24"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e804"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea94"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2223c0"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180528"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab10"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a870"), 59 | ("ROP_MENU_NSS_REBOOT", "0x137454"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x23132c"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e0d0"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138f50"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd0c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518c8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x21803c"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145e84"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137ad8"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c560"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215ac8"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f5e0"), 71 | ("ROP_MENU_MEMCPY", "0x235e10"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118bec"), 73 | ("ROP_MENU_FOPEN", "0x22bc20"), 74 | ("ROP_MENU_FWRITE", "0x220e18"), 75 | ("ROP_MENU_FSEEK", "0x2215a4"), 76 | ("ROP_MENU_FCLOSE", "0x22f9b8"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x32df50"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/20480_usa_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157848"), 4 | ("ROP_MENU_POP_R1PC", "0x236ebc"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15043c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2e4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155a48"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5fc"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1f0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15512c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195918"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b2c4"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af78"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f174"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204648"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13383c"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7d0c"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e68c"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7478"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e9b4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f3cc"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11873c"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b070"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11873c"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afec"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2355ac"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118724"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236610"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2365a0"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e55c"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6cc"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f7c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8fc"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139368"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139420"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a40c"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x2277e0"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227798"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9c0"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9f0"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e758"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea28"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x22217c"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180430"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aadc"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a83c"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1373bc"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2310cc"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e048"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138eb8"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bc1c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517f0"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217df8"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d94"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a40"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4d8"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215884"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f62c"), 71 | ("ROP_MENU_MEMCPY", "0x235b3c"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118b94"), 73 | ("ROP_MENU_FOPEN", "0x22b940"), 74 | ("ROP_MENU_FWRITE", "0x220bd4"), 75 | ("ROP_MENU_FSEEK", "0x221360"), 76 | ("ROP_MENU_FCLOSE", "0x22f6d8"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/21504_usa_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157848"), 4 | ("ROP_MENU_POP_R1PC", "0x236ed8"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15043c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2e4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155a48"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5fc"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1f0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15512c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195918"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b2c4"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af78"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f174"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204664"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13383c"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7d28"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e6a8"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7478"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e9b4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f3e8"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11873c"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b070"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11873c"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afec"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2355c8"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118724"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x23662c"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2365bc"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e55c"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6cc"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f7c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8fc"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139368"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139420"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a40c"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x2277fc"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2277b4"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9c0"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9f0"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e758"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea28"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x222198"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180430"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aadc"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a83c"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1373bc"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2310e8"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e048"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138eb8"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bc1c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517f0"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217e14"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d94"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a40"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4d8"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x2158a0"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f62c"), 71 | ("ROP_MENU_MEMCPY", "0x235b58"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118b94"), 73 | ("ROP_MENU_FOPEN", "0x22b95c"), 74 | ("ROP_MENU_FWRITE", "0x220bf0"), 75 | ("ROP_MENU_FSEEK", "0x22137c"), 76 | ("ROP_MENU_FCLOSE", "0x22f6f4"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/22528_usa_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157848"), 4 | ("ROP_MENU_POP_R1PC", "0x236ed8"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15043c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2e4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155a48"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5fc"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1f0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15512c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195918"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b2c4"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af78"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f174"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204664"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13383c"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7d3c"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e6a8"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7478"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e9b4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f3e8"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11873c"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b070"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11873c"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afec"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2355c8"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118724"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x23662c"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2365bc"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e55c"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6cc"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f7c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8fc"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139368"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139420"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a40c"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x2277fc"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2277b4"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9c0"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9f0"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e758"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea28"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x222198"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180430"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aadc"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a83c"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1373bc"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2310e8"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e048"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138eb8"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bc1c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517f0"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217e14"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d94"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a40"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4d8"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x2158a0"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f62c"), 71 | ("ROP_MENU_MEMCPY", "0x235b58"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118b94"), 73 | ("ROP_MENU_FOPEN", "0x22b95c"), 74 | ("ROP_MENU_FWRITE", "0x220bf0"), 75 | ("ROP_MENU_FSEEK", "0x22137c"), 76 | ("ROP_MENU_FCLOSE", "0x22f6f4"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/23552_usa_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157848"), 4 | ("ROP_MENU_POP_R1PC", "0x236f08"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15043c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d2e4"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155a48"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f5fc"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e1f0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15512c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195918"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b2c4"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af78"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f174"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204694"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x13383c"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7d0c"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e6d8"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7478"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13e9b4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f418"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x11873c"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b070"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x11873c"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12afec"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2355f8"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118724"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x23665c"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2365ec"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e55c"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e6cc"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x145f7c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e8fc"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139368"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x139420"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a40c"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x22782c"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2277e4"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9c0"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11a9f0"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e758"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea28"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2221c8"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180430"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11aadc"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a83c"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1373bc"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x231118"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e048"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138eb8"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bc1c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1517f0"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x217e44"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145d94"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137a40"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c4d8"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x2158d0"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f62c"), 71 | ("ROP_MENU_MEMCPY", "0x235b88"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118b94"), 73 | ("ROP_MENU_FOPEN", "0x22b98c"), 74 | ("ROP_MENU_FWRITE", "0x220c20"), 75 | ("ROP_MENU_FSEEK", "0x2213ac"), 76 | ("ROP_MENU_FCLOSE", "0x22f724"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/24578_usa_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157950"), 4 | ("ROP_MENU_POP_R1PC", "0x237100"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150544"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3ec"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b50"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2fc"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155234"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a40"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204894"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7f30"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e8b4"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75a0"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eac0"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f694"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2357f0"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236854"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2367e4"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x146088"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227a28"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2279e0"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2223a4"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180558"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x231310"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd24"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518f8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x218020"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145ea0"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215aac"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 71 | ("ROP_MENU_MEMCPY", "0x235d80"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 73 | ("ROP_MENU_FOPEN", "0x22bc08"), 74 | ("ROP_MENU_FWRITE", "0x220dfc"), 75 | ("ROP_MENU_FSEEK", "0x221588"), 76 | ("ROP_MENU_FCLOSE", "0x22f9a0"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/25600_usa_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157950"), 4 | ("ROP_MENU_POP_R1PC", "0x237100"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150544"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3ec"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b50"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2fc"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155234"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a40"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204894"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7f3c"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e8b4"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75a0"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eac0"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f694"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2357f0"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236854"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2367e4"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x146088"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227a28"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2279e0"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2223a4"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180558"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x231310"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd24"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518f8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x218020"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145ea0"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215aac"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 71 | ("ROP_MENU_MEMCPY", "0x235d80"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 73 | ("ROP_MENU_FOPEN", "0x22bc08"), 74 | ("ROP_MENU_FWRITE", "0x220dfc"), 75 | ("ROP_MENU_FSEEK", "0x221588"), 76 | ("ROP_MENU_FCLOSE", "0x22f9a0"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/26624_usa_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157968"), 4 | ("ROP_MENU_POP_R1PC", "0x237118"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15055c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d404"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b68"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e314"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15524c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a58"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x2048ac"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7f54"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e8cc"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75b8"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13ead8"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f6ac"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235808"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x23686c"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2367fc"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x1460a0"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227a40"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2279f8"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2223bc"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180570"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x231328"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd3c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x151910"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x218038"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145eb8"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215ac4"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 71 | ("ROP_MENU_MEMCPY", "0x235d98"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 73 | ("ROP_MENU_FOPEN", "0x22bc20"), 74 | ("ROP_MENU_FWRITE", "0x220e14"), 75 | ("ROP_MENU_FSEEK", "0x2215a0"), 76 | ("ROP_MENU_FCLOSE", "0x22f9b8"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/27648_usa_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157968"), 4 | ("ROP_MENU_POP_R1PC", "0x237118"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x15055c"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102458"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c84"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d404"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b68"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057dc"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f708"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e314"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x15524c"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a58"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b250"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102958"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af04"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f280"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x2048ac"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x133948"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e7f84"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10230c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e8cc"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a75b8"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13ead8"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bac"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f6ac"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x118750"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b17c"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x118750"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b0f8"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235808"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x118738"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x23686c"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2367fc"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e668"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e7d8"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x1460a0"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12ea08"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139474"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x13952c"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a4c4"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227a40"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2279f8"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11aa78"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aaa8"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e864"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12eb34"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2223bc"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180570"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab94"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a8f4"), 59 | ("ROP_MENU_NSS_REBOOT", "0x1374c8"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x231328"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e154"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138fc4"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd3c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x151910"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x218038"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145eb8"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137b4c"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c5e4"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215ac4"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f640"), 71 | ("ROP_MENU_MEMCPY", "0x235d98"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118c4c"), 73 | ("ROP_MENU_FOPEN", "0x22bc20"), 74 | ("ROP_MENU_FWRITE", "0x220e14"), 75 | ("ROP_MENU_FSEEK", "0x2215a0"), 76 | ("ROP_MENU_FCLOSE", "0x22f9b8"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/28673_usa_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157920"), 4 | ("ROP_MENU_POP_R1PC", "0x237190"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150514"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102468"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c94"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3bc"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b20"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057ec"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f684"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2e0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155204"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a10"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b260"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102968"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af14"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f1fc"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x20486c"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x1338d4"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8000"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10231c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e8d4"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7570"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eaa4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bbc"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f6ac"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x1186f0"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b0f8"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x1186f0"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b074"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235880"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x1186d8"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x2368e4"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236874"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e608"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e778"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x14606c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e9a8"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139400"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x1394b8"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a464"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227a40"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x2279f8"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9f4"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aa24"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e804"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea94"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2223c4"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180528"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab10"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a870"), 59 | ("ROP_MENU_NSS_REBOOT", "0x137454"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x23132c"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e0d0"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138f50"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd0c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518c8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x218040"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145e84"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137ad8"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c560"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215acc"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f5e0"), 71 | ("ROP_MENU_MEMCPY", "0x235e10"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118bec"), 73 | ("ROP_MENU_FOPEN", "0x22bc20"), 74 | ("ROP_MENU_FWRITE", "0x220e1c"), 75 | ("ROP_MENU_FSEEK", "0x2215a8"), 76 | ("ROP_MENU_FCLOSE", "0x22f9b8"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33c280"), 80 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 81 | ("MENU_NSS_HANDLE", "0x32e040"), 82 | ("MENU_APT_HANDLE", "0x32e9cc"), 83 | ("MENU_FS_HANDLE", "0x32dfd8"), 84 | ("MENU_SRV_HANDLE", "0x33b14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/unsupported_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157920"), 4 | ("ROP_MENU_POP_R1PC", "0x237648"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150514"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102468"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c94"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3bc"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b20"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057ec"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f684"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2e0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155204"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195910"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b260"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102968"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af14"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f1fc"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204c24"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x1338d4"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8938"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10231c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21ed8c"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7470"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eaa4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bbc"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22fb64"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x1186f0"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b0f8"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x1186f0"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b074"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235d38"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x1186d8"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236d9c"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236d2c"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e608"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e778"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x14606c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e9a8"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139400"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x1394b8"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a464"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227ef8"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227eb0"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9f4"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aa24"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e804"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea94"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x22287c"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180428"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab10"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a870"), 59 | ("ROP_MENU_NSS_REBOOT", "0x137454"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2317e4"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e0d0"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138f50"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd0c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518c8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x2184f8"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145e84"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137ad8"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c560"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215f84"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f5e0"), 71 | ("ROP_MENU_MEMCPY", "0x2362c8"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118bec"), 73 | ("ROP_MENU_FOPEN", "0x22c0d8"), 74 | ("ROP_MENU_FWRITE", "0x2212d4"), 75 | ("ROP_MENU_FSEEK", "0x221a60"), 76 | ("ROP_MENU_FCLOSE", "0x22fe70"), 77 | ("MENU_DSP_BINARY_AFTERSIG", "0x32fe4c"), 78 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 79 | ("MENU_CFGS_HANDLE", "0x33d280"), 80 | ("MENU_AMSYS_HANDLE", "0x32f99c"), 81 | ("MENU_NSS_HANDLE", "0x32f040"), 82 | ("MENU_APT_HANDLE", "0x32f9cc"), 83 | ("MENU_FS_HANDLE", "0x32efd8"), 84 | ("MENU_SRV_HANDLE", "0x33c14c"), 85 | ("MENU_NEWSS_HANDLE", "0x33d28c"), 86 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x369d68"), 87 | ("MENU_PTMSYSM_HANDLE", "0x32f074"), 88 | ("MENU_GSPLCD_HANDLE", "0x33bfd4"), 89 | ("MENU_DSP_HANDLE_STRUCT", "0x32ef60"), 90 | ("MENU_GSPGPU_HANDLE", "0x33bfd0"), 91 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32d580"), 92 | ] 93 | -------------------------------------------------------------------------------- /menu_ropdb/29696_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157920"), 4 | ("ROP_MENU_POP_R1PC", "0x237648"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150514"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102468"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c94"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3bc"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b20"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057ec"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f684"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2e0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155204"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195910"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b260"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102968"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af14"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f1fc"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204c24"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x1338d4"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8938"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10231c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21ed8c"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7470"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eaa4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bbc"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22fb64"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x1186f0"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b0f8"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x1186f0"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b074"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235d38"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x1186d8"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236d9c"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236d2c"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e608"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e778"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x14606c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e9a8"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139400"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x1394b8"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a464"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227ef8"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227eb0"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9f4"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aa24"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e804"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea94"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x22287c"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180428"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab10"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a870"), 59 | ("ROP_MENU_NSS_REBOOT", "0x137454"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2317e4"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e0d0"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138f50"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd0c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518c8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x2184f8"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145e84"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137ad8"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c560"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215f84"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f5e0"), 71 | ("ROP_MENU_MEMCPY", "0x2362c8"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118bec"), 73 | ("ROP_MENU_FOPEN", "0x22c0d8"), 74 | ("ROP_MENU_FREAD", "0x22bfc4"), 75 | ("ROP_MENU_FWRITE", "0x2212d4"), 76 | ("ROP_MENU_FSEEK", "0x221a60"), 77 | ("ROP_MENU_FCLOSE", "0x22fe70"), 78 | ("ROP_MENU_MNT", "0x322a76"), 79 | ("ROP_MENU_FNAME", "0x23a982"), 80 | ("MENU_DSP_BINARY_AFTERSIG", "0x32fe4c"), 81 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 82 | ("MENU_CFGS_HANDLE", "0x32ef50"), 83 | ("MENU_AMSYS_HANDLE", "0x32f99c"), 84 | ("MENU_NSS_HANDLE", "0x32f040"), 85 | ("MENU_APT_HANDLE", "0x32f9cc"), 86 | ("MENU_FS_HANDLE", "0x32efd8"), 87 | ("MENU_SRV_HANDLE", "0x33c14c"), 88 | ("MENU_NEWSS_HANDLE", "0x33d28c"), 89 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x369d68"), 90 | ("MENU_PTMSYSM_HANDLE", "0x32f074"), 91 | ("MENU_GSPLCD_HANDLE", "0x33bfd4"), 92 | ("MENU_DSP_HANDLE_STRUCT", "0x32ef60"), 93 | ("MENU_GSPGPU_HANDLE", "0x33bfd0"), 94 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32d580"), 95 | ] 96 | -------------------------------------------------------------------------------- /menu_ropdb/29697_usa_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157920"), 4 | ("ROP_MENU_POP_R1PC", "0x2371dc"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150514"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102468"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c94"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3bc"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b20"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057ec"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f684"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2e0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155204"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a10"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b260"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102968"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af14"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f1fc"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x2048b8"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x1338d4"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8020"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10231c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21e920"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7570"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eaa4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bbc"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f6f8"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x1186f0"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b0f8"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x1186f0"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b074"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x2358cc"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x1186d8"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236930"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x2368c0"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e608"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e778"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x14606c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e9a8"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139400"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x1394b8"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a464"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227a8c"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227a44"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9f4"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aa24"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e804"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea94"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x222410"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180528"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab10"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a870"), 59 | ("ROP_MENU_NSS_REBOOT", "0x137454"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x231378"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e0d0"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138f50"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd0c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518c8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x21808c"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145e84"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137ad8"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c560"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215b18"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f5e0"), 71 | ("ROP_MENU_MEMCPY", "0x235e5c"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118bec"), 73 | ("ROP_MENU_FOPEN", "0x22bc6c"), 74 | ("ROP_MENU_FREAD", "0x22bb58"), 75 | ("ROP_MENU_FWRITE", "0x220e68"), 76 | ("ROP_MENU_FSEEK", "0x2215f4"), 77 | ("ROP_MENU_FCLOSE", "0x22fa04"), 78 | ("ROP_MENU_MNT", "0x321a76"), 79 | ("ROP_MENU_FNAME", "0x23a822"), 80 | ("MENU_DSP_BINARY_AFTERSIG", "0x32ee4c"), 81 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 82 | ("MENU_CFGS_HANDLE", "0x32df50"), 83 | ("MENU_AMSYS_HANDLE", "0x32e99c"), 84 | ("MENU_NSS_HANDLE", "0x32e040"), 85 | ("MENU_APT_HANDLE", "0x32e9cc"), 86 | ("MENU_FS_HANDLE", "0x32dfd8"), 87 | ("MENU_SRV_HANDLE", "0x33b14c"), 88 | ("MENU_NEWSS_HANDLE", "0x33c28c"), 89 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x368d68"), 90 | ("MENU_PTMSYSM_HANDLE", "0x32e074"), 91 | ("MENU_GSPLCD_HANDLE", "0x33afd4"), 92 | ("MENU_DSP_HANDLE_STRUCT", "0x32df60"), 93 | ("MENU_GSPGPU_HANDLE", "0x33afd0"), 94 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32c580"), 95 | ] 96 | -------------------------------------------------------------------------------- /menu_ropdb/30720_usa_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157920"), 4 | ("ROP_MENU_POP_R1PC", "0x23735c"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150514"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102468"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c94"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3bc"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b20"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057ec"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f684"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2e0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155204"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195910"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b260"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102968"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af14"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f1fc"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204938"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x1338d4"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e84e4"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10231c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21eaa0"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7470"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eaa4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bbc"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f878"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x1186f0"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b0f8"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x1186f0"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b074"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235a4c"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x1186d8"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236ab0"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236a40"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e608"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e778"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x14606c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e9a8"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139400"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x1394b8"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a464"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227c0c"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227bc4"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9f4"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aa24"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e804"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea94"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x222590"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180428"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab10"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a870"), 59 | ("ROP_MENU_NSS_REBOOT", "0x137454"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x2314f8"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e0d0"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138f50"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd0c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518c8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x21820c"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145e84"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137ad8"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c560"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215c98"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f5e0"), 71 | ("ROP_MENU_MEMCPY", "0x235fdc"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118bec"), 73 | ("ROP_MENU_FOPEN", "0x22bdec"), 74 | ("ROP_MENU_FREAD", "0x22bcd8"), 75 | ("ROP_MENU_FWRITE", "0x220fe8"), 76 | ("ROP_MENU_FSEEK", "0x221774"), 77 | ("ROP_MENU_FCLOSE", "0x22fb84"), 78 | ("ROP_MENU_MNT", "0x322a76"), 79 | ("ROP_MENU_FNAME", "0x23a94e"), 80 | ("MENU_DSP_BINARY_AFTERSIG", "0x32fe4c"), 81 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 82 | ("MENU_CFGS_HANDLE", "0x32ef50"), 83 | ("MENU_AMSYS_HANDLE", "0x32f99c"), 84 | ("MENU_NSS_HANDLE", "0x32f040"), 85 | ("MENU_APT_HANDLE", "0x32f9cc"), 86 | ("MENU_FS_HANDLE", "0x32efd8"), 87 | ("MENU_SRV_HANDLE", "0x33c14c"), 88 | ("MENU_NEWSS_HANDLE", "0x33d28c"), 89 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x369d68"), 90 | ("MENU_PTMSYSM_HANDLE", "0x32f074"), 91 | ("MENU_GSPLCD_HANDLE", "0x33bfd4"), 92 | ("MENU_DSP_HANDLE_STRUCT", "0x32ef60"), 93 | ("MENU_GSPGPU_HANDLE", "0x33bfd0"), 94 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32d580"), 95 | ] 96 | -------------------------------------------------------------------------------- /menu_ropdb/31745_ropdb.txt: -------------------------------------------------------------------------------- 1 | [ 2 | ("ROP_MENU_POP_PC", "0x10201c"), 3 | ("ROP_MENU_POP_R0PC", "0x157920"), 4 | ("ROP_MENU_POP_R1PC", "0x237390"), 5 | ("ROP_MENU_POP_R2R3R4R5R6PC", "0x150514"), 6 | ("ROP_MENU_POP_R4PC", "0x101bc8"), 7 | ("ROP_MENU_POP_R4R5PC", "0x102468"), 8 | ("ROP_MENU_POP_R4R5R6PC", "0x101b74"), 9 | ("ROP_MENU_POP_R4R5R6R7R8PC", "0x101eb0"), 10 | ("ROP_MENU_POP_R4R5R6R7R8R9R10PC", "0x103c94"), 11 | ("ROP_MENU_POP_R4LR_BX_R0", "0x15d3bc"), 12 | ("ROP_MENU_BX_LR", "0x10003c"), 13 | ("ROP_MENU_TARGET_RET", "0x155b20"), 14 | ("ROP_MENU_ADD_SPSPx64_POP_R4RR11PC", "0x1057ec"), 15 | ("ROP_MENU_STACK_PIVOT", "0x100fb8"), 16 | ("ROP_MENU_LDR_R0R0_POP_R4PC", "0x11f684"), 17 | ("ROP_MENU_LDR_R1R0x4_ADD_R0R0R1_POP_R3R4R5PC", "0x13e2e0"), 18 | ("ROP_MENU_STREQ_R5R2x30_POP_R4R5R6PC", "0x155204"), 19 | ("ROP_MENU_STRNE_R4R0x4_POP_R4PC", "0x195a10"), 20 | ("ROP_MENU_STR_R0R4_POP_R4PC", "0x10b260"), 21 | ("ROP_MENU_STRB_R0R4_POP_R4PC", "0x102968"), 22 | ("ROP_MENU_STR_R1R0_POP_R4PC", "0x10af14"), 23 | ("ROP_MENU_AND_R0R0R4_POP_R4R5R6R7R8PC", "0x11f1fc"), 24 | ("ROP_MENU_ADD_R0R0R1LSL2_POP_R4PC", "0x204a6c"), 25 | ("ROP_MENU_ADD_R0R0R1_POP_R4R5R6PC", "0x1338d4"), 26 | ("ROP_MENU_AND_R0R0x7_POP_R4PC", "0x2e8474"), 27 | ("ROP_MENU_ADD_R1R1x1_STR_R1R5x10_POP_R4R5R6PC", "0x10231c"), 28 | ("ROP_MENU_CMP_R0R1_MVNLS_R0x0_MOVHI_R0x1_POP_R4PC", "0x21ead4"), 29 | ("ROP_MENU_BLXNE_R2_ADD_SPx8_MOV_R0R4_POP_R4R5R6R7R8PC", "0x1a7570"), 30 | ("ROP_MENU_MRC_R0C13C03_ADD_R0R0x5C_BX_LR", "0x13eaa4"), 31 | ("ROP_MENU_LDR_R0R0_SVC_x32_AND_R1R0x80000000_CMP_R1x0_LDRGE_R0R4x4_POP_R4PC", "0x102bbc"), 32 | ("ROP_MENU_SVC_CREATEEVENT", "0x22f8ac"), 33 | ("ROP_MENU_SVC_WAITSYNCHRONIZATIONN", "0x1186f0"), 34 | ("ROP_MENU_SVC_EXITPROCESS", "0x101a30"), 35 | ("ROP_MENU_SLEEPTHREAD", "0x12b0f8"), 36 | ("ROP_MENU_WAITSYNCHRONIZATIONN", "0x1186f0"), 37 | ("ROP_MENU_CREATEMEMORYBLOCK", "0x12b074"), 38 | ("ROP_MENU_CONTROLMEMORY", "0x235a80"), 39 | ("ROP_MENU_CONNECTTOPORT", "0x1186d8"), 40 | ("ROP_MENU_APT_OPENSESSION", "0x236ae4"), 41 | ("ROP_MENU_APT_CLOSESESSION", "0x236a74"), 42 | ("ROP_MENU_APT_SENDPARAMETER", "0x12e608"), 43 | ("ROP_MENU_APT_GLANCEPARAMETER", "0x12e778"), 44 | ("ROP_MENU_APT_RECEIVEPARAMETER", "0x14606c"), 45 | ("ROP_MENU_APT_PREPARETOSTARTAPPLICATION", "0x12e9a8"), 46 | ("ROP_MENU_APT_STARTAPPLICATION", "0x139400"), 47 | ("ROP_MENU_APT_ORDERTOCLOSEAPPLICATION", "0x1394b8"), 48 | ("ROP_MENU_APT_APPLETUTILITYCMD2", "0x11a464"), 49 | ("ROP_MENU_APT_APPLETUTILITYCMD7", "0x227c40"), 50 | ("ROP_MENU_CLEARHOMEBUTTONSTATE", "0x227bf8"), 51 | ("ROP_MENU_APT_WAKEUPAPPLICATION", "0x11a9f4"), 52 | ("ROP_MENU_APT_INQUIRENOTIFICATION", "0x11aa24"), 53 | ("ROP_MENU_APT_REPLYSLEEPQUERY", "0x12e804"), 54 | ("ROP_MENU_APT_REPLYSLEEPNOTIFICATIONCOMPLETE", "0x12ea94"), 55 | ("ROP_MENU_APT_ISREGISTERED", "0x2225c4"), 56 | ("ROP_MENU_APT_SENDDELIVERARG", "0x180528"), 57 | ("ROP_MENU_APT_PREPARETOLEAVEHOMEMENU", "0x11ab10"), 58 | ("ROP_MENU_APT_LEAVEHOMEMENU", "0x11a870"), 59 | ("ROP_MENU_NSS_REBOOT", "0x137454"), 60 | ("ROP_MENU_NSS_LAUNCHTITLE", "0x23152c"), 61 | ("ROP_MENU_GSPGPU_RELEASERIGHT", "0x12e0d0"), 62 | ("ROP_MENU_GSPGPU_ACQUIRERIGHT", "0x138f50"), 63 | ("ROP_MENU_GSPGPU_WRITEHWREGS", "0x14bd0c"), 64 | ("ROP_MENU_GSPGPU_FLUSHDATACACHE", "0x1518c8"), 65 | ("ROP_MENU_GSPGPU_GXTRYENQUEUE", "0x218240"), 66 | ("ROP_MENU_GSPGPU_IMPORTDISPLAYCAPTUREINFO", "0x145e84"), 67 | ("ROP_MENU_DSP_REGISTERINTERRUPTEVENTS", "0x137ad8"), 68 | ("ROP_MENU_DSP_UNLOADCOMPONENT", "0x12c560"), 69 | ("ROP_MENU_SRV_SUBSCRIBE", "0x215ccc"), 70 | ("ROP_MENU_SRV_GETHANDLE", "0x10f5e0"), 71 | ("ROP_MENU_MEMCPY", "0x236010"), 72 | ("ROP_MENU_MOUNTSDMC", "0x118bec"), 73 | ("ROP_MENU_FOPEN", "0x22be20"), 74 | ("ROP_MENU_FREAD", "0x22bd0c"), 75 | ("ROP_MENU_FWRITE", "0x22101c"), 76 | ("ROP_MENU_FSEEK", "0x2217a8"), 77 | ("ROP_MENU_FCLOSE", "0x22fbb8"), 78 | ("ROP_MENU_MNT", "0x322a76"), 79 | ("ROP_MENU_FNAME", "0x23a856"), 80 | ("MENU_DSP_BINARY_AFTERSIG", "0x32fe4c"), 81 | ("MENU_DSP_BINARY_SIZE", "0xc25c"), 82 | ("MENU_CFGS_HANDLE", "0x32ef50"), 83 | ("MENU_AMSYS_HANDLE", "0x32f99c"), 84 | ("MENU_NSS_HANDLE", "0x32f040"), 85 | ("MENU_APT_HANDLE", "0x32f9cc"), 86 | ("MENU_FS_HANDLE", "0x32efd8"), 87 | ("MENU_SRV_HANDLE", "0x33c14c"), 88 | ("MENU_NEWSS_HANDLE", "0x33d28c"), 89 | ("MENU_BOSSP_HANDLE_MINUS_0x18", "0x369d68"), 90 | ("MENU_PTMSYSM_HANDLE", "0x32f074"), 91 | ("MENU_GSPLCD_HANDLE", "0x33bfd4"), 92 | ("MENU_DSP_HANDLE_STRUCT", "0x32ef60"), 93 | ("MENU_GSPGPU_HANDLE", "0x33bfd0"), 94 | ("MENU_GSPGPU_INTERRUPT_RECEIVER_STRUCT", "0x32d580"), 95 | ] 96 | --------------------------------------------------------------------------------