Hacking Wii U Browser Exploit Leaked for v4.10

[linuxares]

True, I worded it badly NWPlayer123

 

[Marionumber1]

It wasn't really essential besides getting common keys and Starbuck ancast key. That being said, I suppose we could really use them right now, so I'm just a derp.

If that's all a browser exploit is useful for, tell me this. How else do we run code in Wii U mode?

And for the average person who doesn't know what that means, we basically just have to find where the stuff we were using before got shoved around to in the new version.

Correct.

 

[Bug_Checker_]

I'd say later rather than sooner. But it's worth the wait to play WWHD.

He NEEDS eshop access to download the game. If he waits and Nintendo pushes a patched 6.0 he's screwed,period. But not my call.

 

[Deleted User]

It wasn't really essential besides getting common keys and Starbuck ancast key. That being said, I suppose we could really use them right now, so I'm just a derp.

I sure hope you're joking. You do realize this is your WiiU vector right? Your plan to run code on WiiU was?

 

[WulfyStylez]

If that's all a browser exploit is useful for, tell me this. How else do we run code in Wii U mode?

I meant that's all f0f used it for, or at least all they showed it doing. My thought was if this one gets patched, we can keep using it to learn more about the system on an older version. Then, if we find a solid kernel exploit or whatever, we can whip up a new one to release alongside that kernel exploit.

 

[Marionumber1]

I meant that's all f0f used it for, or at least all they showed it doing.

Yes, because they never got to the point of running homebrew. How are we going to run homebrew without a way to run code on the Wii U?

My thought was if this one gets patched, we can keep using it to learn more about the system on an older version. Then, if we find a solid kernel exploit or whatever, we can whip up a new one to release alongside that kernel exploit.

Having a kernel exploit is completely useless if you lack a userspace one, because you need a userspac exploit to trigger the kernel one. If the userspace exploit is patched, the kernel exploit won't help us, we need a new userspace one.

 

[WulfyStylez]

Having a kernel exploit is completely useless if you lack a userspace one, because you need a userspac exploit to trigger the kernel one. If the userspace exploit is patched, the kernel exploit won't help us, we need a new userspace one.

That's what I'm saying. I just phrased it awfully. I 100% get you.

 

[matt123337]

That's what I'm saying. I just phrased it awfully. I 100% get you.

Clearly you don't since you seem to think the browser exploit is useless.

 

[WulfyStylez]

Clearly you don't since you seem to think the browser exploit is useless.

I meant this specific exploit for users right now since it'll be patched and we don't have kernel-level access yet. kthx

 

[obcd]

Makes we wonder again if it's possible to backup the eMMC with an sd reader, and restore it afterwards to regain an older firmware revision again.

They might have stored the software revision number in the nand flash as well and use that to check for downgrades.
Altough, if they have multiple gig's of eMMC storage, why would they still use the 512 MB nand flash for storage?

 

[Marionumber1]

Altough, if they have multiple gig's of eMMC storage, why would they still use the 512 MB nand flash for storage?

The NAND contains the core OS files, while the eMMC contains the applications and user data.

 

[kimotori]

To block any other mirrors, I used FoolDNS (by manually set the ip in the console )


# FoolDNS
87.118.111.215
81.174.67.134

For me, work!

 

[WulfyStylez]

Makes we wonder again if it's possible to backup the eMMC with an sd reader, and restore it afterwards to regain an older firmware revision again.

They might have stored the software revision number in the nand flash as well and use that to check for downgrades.
Altough, if they have multiple gig's of eMMC storage, why would they still use the 512 MB nand flash for storage?

I'm not sure if anyone's actually probed for eMMC test points yet. It's worth a try.

 

[NWPlayer123]

I'm not sure if anyone's actually probed for eMMC test points yet. It's worth a try.

MN1 and I experimented with USB drives and eMMC a while ago, when it's formatted they encrypt the drive with a key we don't have yet :c so we can't even look at the raw data yet.

 

[obcd]

The test points are known to exist in close distance to the actual eMMC BGA chip itself.
I believe some pictures are even on Wiiu brew. Wiiu is using 4 bit SD mode interface (3DS was using only 1 bit)
It's a risky thing to test. If it fails, you might end up with a brick. Some areas of the eMMC can be password protected as well if I remember well.
So, maybe you need an sd protocol sniffer logic analyser to figure out if some exotic sd commands are used during bootup of the console to minimise the risk.

 

[Bug_Checker_]

Makes we wonder again if it's possible to backup the eMMC with an sd reader, and restore it afterwards to regain an older firmware revision again.

They might have stored the software revision number in the nand flash as well and use that to check for downgrades.
Altough, if they have multiple gig's of eMMC storage, why would they still use the 512 MB nand flash for storage?

I believe the nand flash is actual a 1 gig. But 512mb is used like always for wii/vwii compatibility.

 

[Marionumber1]

I believe the nand flash is actual a 1 gig. But 512mb is used like always for wii/vwii compatibility.

There are 2 NAND banks, each 512MiB in size. One is used for vWii mode and one is for the Wii U mode OS.

 

[GorTesK]

well, I guess a free Windwaker HD is worth the risk and I guess it's true, that by the time, that there actually IS homebrew, there will be a 5.0 exploit... also, I wanna buy some nes and snes games from eshop... might better do it now, before they release some never system software ^^
so I'm probably gonna update to 5.0 then

 

[WulfyStylez]

Are those two NAND banks even stored in eMMC? Either way, here's that pinout if anyone wants to mess around with it.

EDIT: yeah i'm dumb nevermind. But someone should try updating and then restoring their old image.

 

[Bug_Checker_]

There are 2 NAND banks, each 512MiB in size. One is used for vWii mode and one is for the Wii U mode OS.

This is what I believed to be true. The chip has been misidentified in teardowns on ifixit and writeups on wiiubrew.