The key may be in the CTR. Last night when I was doing bp's on the ori r4, r4, 0x1 instruction,
I noted that the address in the CTR during the one break that occurs during the jump sequence is consistent...at least for the first stage.
Although I didn't make note if the values are consistent in CTR during the 4 breaks during the attack routine, I did notice they are drastically different from the value held in CTR during jump routine.
Going to go into the second stage tonight and see if this value is the same.
Maybe a simple mfctr -> andi -> cmpwi -> branch instruction will do the trick.
I noted that the address in the CTR during the one break that occurs during the jump sequence is consistent...at least for the first stage.
Although I didn't make note if the values are consistent in CTR during the 4 breaks during the attack routine, I did notice they are drastically different from the value held in CTR during jump routine.
Going to go into the second stage tonight and see if this value is the same.
Maybe a simple mfctr -> andi -> cmpwi -> branch instruction will do the trick.