Just because there's only 1GB total there doesn't mean it's not part of a larger chip.
Just because there's only 1GB total there doesn't mean it's not part of a larger chip.
No, I meant the numbers on the chips themselves indicated they were 1GB nand flash. One of the other storage chips is an emmc(either 8GB or 32GB) but there are still other memory chip(s) like the serial eeprom for the DRH firmware etc.
I was not clear when I said "This is what I believed to be true". The "This" was YOUR statement about dual purpose of the nand flash.
I mean, based on Samsung's info, the white wii u has a 8GB (64Gb) chip. What's the misinformation you guys are talking about?
The Wii U has an 8GiB or 32GiB eMMC chip used for applications and user data. It also has dual NAND banks, 512MiB each, which are used for vWii mode and the Wii U OS, respectively.
Gotcha. So you'd need something like an infectus to dump it since it's just a plain old NAND chip.
Yeah, I believe it's the same type of NAND chip used on the Wii. Obviously, any NAND dumps you make would be encrypted but it may be possible to downgrade a Wii U by only reflashing the OS NAND chip and not the eMMC.
Step 12 Samsung K9K8G08U1D 4 Gb (512 MB) NAND Flash from
https://www.ifixit.com/Teardown/Nintendo+Wii+U+Teardown/11796
this is incorrectly reported
(back of wiiu motherboard) https://d3nevzfk7ii3be.cloudfront.net/igi/DBOR5ukVFarbvSq6.huge
Just notice Marionumber1 cleaned up wiiubrew back in April.
source http://wiiubrew.org/w/index.php?title=Wii_U/console&diff=prev&oldid=923
I'm personally really surprised nobody besides Microsoft (with lockdown counter in efuses) seems to have mechanisms in place to prevent downgrading.
I believe marcan said somewhere that the Wii U may have basic downgrade protection, but that was just his speculation and not an absolute fact.
If you want a dump by hardware, yes you will have to install chip. Example: backup nand flash from virgin state. But you can do a software dump right now with DumpmiiNand that (i believe) does the WHOLE 1GB nand flash. You currently just can't write it back without a hardware setup or an unreleased nand write program.
Isn't the "downgrade protection" usually a protected (signed) installer that tests the currently installed firmware version and if it's higher or same, refuses to run?
In other words, ignoring complications like partitioning (flash0:, flash1: etc. on PSP), with a hacked installer, couldn't you just flash ANY version firmware? How about a "real" installer but a faked current firmware version (say 1.0.0)?
In other words, ignoring complications like partitioning (flash0:, flash1: etc. on PSP), with a hacked installer, couldn't you just flash ANY version firmware? How about a "real" installer but a faked current firmware version (say 1.0.0)?
The web browser already barely has any permissions. For example, the browser is limited to its own little area in the filesystem and it's impossible to access external storage. The only purpose of code execution inside the web browser is to serve as a launchpad for a more advanced exploit. There are many targets that can be gone after. Kernel is an obvious choice, but you could try going directly to IOSU as well. There's also a privileged process called the loader, which handles executable loading and dynamic linking. The loader is allowed to rewrite the code and data in any process, as well as access the entire filesystem. Even a loader exploit would likely be sufficient for homebrew, you wouldn't have to go all the way to the kernel.
Also, Nintendo can never stop the web browser from being used for exploits. We use the web browser because it's convenient, as it utilizes external open-source libraries and you're allowed to generate executable code inside it. This first factor will almost certainly never change, since using WebKit is what makes the browser so (in my opinion) good. The second factor is still unlikely to change, since it's needed for efficient Javascript execution, but even if it did, a ROP chain should be sufficient to trigger a kernel or loader vulnerability (though much harder to pull off).
There's nothing actually being changed on your console, so there's nothing being removed, you have to run this every time to use it, and as people have said many times before, yes it is broken on 5.0 right now.
HOWEVER, it's not like this is anything useful for 99% of people, so you won't miss this anyways, so feel free to update.
HOWEVER, it's not like this is anything useful for 99% of people, so you won't miss this anyways, so feel free to update.
As the exploit is not something that installs, it doesn't remove either.
The issue is that the current exploit rop chain won't run anymore on 5.0. SO basically, every proof of concept that is published now won't run on 5.0.
The exploit is triggered by loading a website in the browser and executes some homebrew c code in the browser user space. (Which gets embedded in the webpage that is called) At least, that's how I understand it works without studying it in detail.
The wiiu nand chip is different from the wii nand chip. It has twice the wii nand capacity (1gig versus 512 MB)
Half of it is used in vwii mode and appears to it similar as the nand appears to the wii. The other half is used in wiiu mode and as far as I understand contains the firmware used to launch the wiiu arm at boottime. (I know it also has a coffee related name but I keep forgetting it. Arm and ppc makes more sense to me)
So, it might contain a boot1 and boot2 and something similar to what ios are for the wii. According to the Team f0f presentation, it also has an option to recovery boot from the sd card using a signed firmware on that.
Ninty could for instance store the latest firmware version in a file on that nand chip. If the emmc contains a lower firmware revision, it could refuse to boot such.
This is all just speculation, but if we expect the worst, things can only be better.
To backup and restore the nand contents, you'll need an infectus or something similar and some excellent solder skills.
The emmc uses far less wires, so it might be easier to backup that using a sd card reader.
The issue is that the current exploit rop chain won't run anymore on 5.0. SO basically, every proof of concept that is published now won't run on 5.0.
The exploit is triggered by loading a website in the browser and executes some homebrew c code in the browser user space. (Which gets embedded in the webpage that is called) At least, that's how I understand it works without studying it in detail.
The wiiu nand chip is different from the wii nand chip. It has twice the wii nand capacity (1gig versus 512 MB)
Half of it is used in vwii mode and appears to it similar as the nand appears to the wii. The other half is used in wiiu mode and as far as I understand contains the firmware used to launch the wiiu arm at boottime. (I know it also has a coffee related name but I keep forgetting it. Arm and ppc makes more sense to me)
So, it might contain a boot1 and boot2 and something similar to what ios are for the wii. According to the Team f0f presentation, it also has an option to recovery boot from the sd card using a signed firmware on that.
Ninty could for instance store the latest firmware version in a file on that nand chip. If the emmc contains a lower firmware revision, it could refuse to boot such.
This is all just speculation, but if we expect the worst, things can only be better.
To backup and restore the nand contents, you'll need an infectus or something similar and some excellent solder skills.
The emmc uses far less wires, so it might be easier to backup that using a sd card reader.
Seems kind of pointless to hack the console if all the user is going to do is pirate games. I buy the games myself a few days after they're released for a small price drop which makes them worth it overall.
Don't forget that those who bought the console are probably going to buy the Wii Key U which might cost up to $100 and that's supporting piracy over developers who deserve, then again, it's their money so do what you want with it.
Don't forget that those who bought the console are probably going to buy the Wii Key U which might cost up to $100 and that's supporting piracy over developers who deserve, then again, it's their money so do what you want with it.
Similar threads
- No one is chatting at the moment.
-
-
-
-
-
-
@
Psionic Roshambo:
Well it helps when you get every Eidos game ever made for like 40 bucks on a 90% off Steam sale lol -
-
@
Psionic Roshambo:
Spent like 200 bucks one year doing that they had all kinds of collections on sale
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
