mid-kid
/
fools2019
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
TheZZAZZGlitch's April Fools Event 2019
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
112 KiB
 
 
 
 
Tree: d8fbf80a4b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd8fbf80a4b'
${ noResults }
fools2019/pk4/dumpropscript.py

78 lines
2.3 KiB
Raw Blame History

#!/usr/bin/env python3
from sys import argv
from struct import unpack
mem = open("fools.dump", "rb").read()
addr = int(argv[1], 0)
while True:
gadget = unpack("<B", mem[addr:addr+1])[0]
if gadget == 0x01:
param = unpack("<H", mem[addr+1:addr+3])[0]
print(" ; sSaveSource = $%04X" % param)
print(" dbw $01, $%04X ; ROP_s02_AEF3" % param)
print()
addr += 3
elif gadget == 0x02:
param = unpack("<B", mem[addr+1:addr+2])[0]
print(" ; sSaveBlockChecksum = $%02X" % param)
print(" dbb $02, $%02X ; ROP_s02_AF09" % param)
print()
addr += 2
elif gadget == 0x03:
print(" ; w00_C800 = *(sSaveSource++)")
print(" db $03 ; ROP_s02_AF19")
print()
addr += 1
elif gadget == 0x05:
print(" ; w00_C800 ^= func(s02_ADB1)")
print(" db $05 ; ROP_s02_AF3B")
print()
addr += 1
elif gadget == 0x06:
print(" ; rotatebuffer(w00_C800)")
print(" db $06 ; ROP_s02_AF85")
print()
addr += 1
elif gadget == 0x07:
param = unpack("<I", mem[addr+1:addr+5])[0]
print(" ; s02_ADB1 = $%08X" % param)
print(" dbl $07, $%08X ; ROP_s02_AFE3" % param)
print()
addr += 5
elif gadget == 0x08:
print(" ; sSaveBlockChecksum += w00_C800")
print(" db $08 ; ROP_s02_B005")
print()
addr += 1
elif gadget == 0x09:
print(" ; sSaveBlockChecksum ^= w00_C800")
print(" db $09 ; ROP_s02_B013")
print()
addr += 1
elif gadget == 0x0B:
print(" ; w00_C800 = sSaveBlockChecksum")
print(" db $0B ; ROP_s02_B033")
print()
addr += 1
elif gadget == 0x0C:
param1 = unpack("<H", mem[addr+1:addr+3])[0]
param2 = unpack("<B", mem[addr+3:addr+4])[0]
print(" dbwb $0C, $%03X, $%02X ; ROP_rept" % (param1, param2))
print()
addr += 4
elif gadget == 0x0D:
print(" ; *(sSaveSource++) = sSaveBlockChecksum")
print(" db $0D ; ROP_s02_B045")
print()
addr += 1
elif gadget == 0x0E:
print(" ; sSaveBlockChecksum = *sSaveSource")
print(" db $0E ; ROP_s02_B069")
print()
addr += 1
else:
break