Skip to content

Instantly share code, notes, and snippets.

@Prof9

Prof9/tomc.asm

Created December 5, 2017 21:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Prof9/b6f2a08ec5d9dc077ab6650e9ed468a0 to your computer and use it in GitHub Desktop.
Save Prof9/b6f2a08ec5d9dc077ab6650e9ed468a0 to your computer and use it in GitHub Desktop.
Download ZIP
The One Mod Card
Raw
tomc.asm
CARD_NO equ 0
ENGLISH equ 1
REVISION equ 0
.gba
.create "card.msg",0x0
.area 0x5C
@@header:
.dh @@scr0 - @@header
@@scr0:
// Print current number
.db 0xF1
.db 0xF0,0x00,0x00
.db 0xF9,0x03,0xC3,0x01
// Script handler exploit
.db 0xF8,0x01,0x00,0xE0
.db 0xF8,0x01,0x01,0x1C
.db 0xF8,0x01,0x02,0x00
.db 0xF8,0x01,0x03,0x47
.db 0xFF,0x35
.align 2
@@asm:
// Set up a ROP call to ED FF
ldr r0,[r2,20h]
add r0,54h
push r0,r14
// r14 = return after ED FF
// r0 = call ED FF
// Get current card num
mov r2,r10
ldr r2,[r2,70h]
ldrb r0,[r2,CARD_NO]
cmp r0,0FFh
bne @@checkSelect
add r2,7h
ldrb r0,[r2,CARD_NO]
@@checkSelect:
// Check Select pressed
ldrh r1,[r5,24h]
lsr r1,r1,3h
bcc @@check000
// Increment card num
add r0,1h
cmp r0,85h
ble @@store
sub r0,85h
@@store:
strb r0,[r2,CARD_NO]
@@check000:
cmp r0,85h
bne @@update
mov r0,0h
@@update:
ldr r1,[r5,4Ch]
str r0,[r5,4Ch]
cmp r0,r1
beq @@end
sub r4,18h
str r4,[r5,34h]
@@end:
// call sub_6510 then ED FF via ROP
push r1-r7
.if ENGLISH == 0
ldr r1,=8006511h+2h
.elseif REVISION == 1
ldr r1,=80064F1h+2h
.else
ldr r1,=80064EDh+2h
.endif
bx r1
.pool
.notice 0x5C-.
.endarea
.close
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment