Hacking Wii U Homebrew Situation and FAQ

Sammi Husky

Well-Known Member
Member
Joined
Jul 6, 2014
Messages
312
Trophies
0
Age
29
XP
498
Country
United States
Part of what made ocarina such a great tool for cheating was the power behind it. It did indeed cause alot of mayhem online, but it also allowed a myriad of great and innovative hacks in other areas. Many games weren't negatively impacted by ocarina, but sadly there will always be negatives. I fear without ocarina a great deal of games won't be possible to easily mod. Ocarina was a way to write easily write codes to directly read and write RAM. That in itself opens up huge possibilities for game modification good or bad.

The greatness in ocarina for me didn't come from cheating, i never used it for that. It's the experimentation and innovation that made it worthwhile.
 

TheChield

Ugly Troll
Member
Joined
Jul 10, 2013
Messages
210
Trophies
0
XP
112
Country
France
So uh, has anybody seen this? Just figured i'd see if this is actually something new or not :P


Quite impressive :)
I think this is true.
With only a user space hack, if you can't "really" run code, you can at leat modify the running one.
Seems to be some string replacements and audio index changes. The reason why the demo crashes may be because they requested an unknown race to the server...
It should have just return an error, I don't understand why it crashed... The CAFE OS should have handled this...
Even if they don't seem to be interested in warez as they said, they seem to be able to find what they want in a running app and modify it...
Some action replay website would be awesome (only for offline games...)
Launch the game => open the browser => open the site homepage, choose you cheat code => profit !
But people who made the browser exploit also have this... And I still don't understand why the 5.0.0 exploit is not released.
You can't make a ROP without knowing what is currently in memory !?
 

NWPlayer123

Well-Known Member
OP
Member
Joined
Feb 17, 2012
Messages
2,642
Trophies
0
Location
The Everfree Forest
XP
6,693
Country
United States
Correct, if we don't know where the code we need to get it working is then we can't make the chain to link it all, that's all it is is a bunch of pointers to code that is right before a return command to give us back control, hence the "return" part. And there is no 5.0.0 exploit released because there isn't one in the first place :P
 
  • Like
Reactions: Marionumber1

TheChield

Ugly Troll
Member
Joined
Jul 10, 2013
Messages
210
Trophies
0
XP
112
Country
France
So you have a tool that dumps the memory, found the all the "return" opcodes with the 1-5 code operand before and didn't find any way to do what you want ?
Thought those tools were released ? (the same that were released with the twilight hack ?)
You're just kidding me ? ;)
 

Marionumber1

Well-Known Member
Member
Joined
Nov 7, 2010
Messages
1,234
Trophies
3
XP
4,045
Country
United States
And why don't you compile the binaries by yourself ?
The sources are open...
You drive me mad !


Only the WebKit component is open-source, not coreinit which we also need. There's also no guarantee that we'll produce equivalent code to what's on the Wii U, unless we use Nintendo's compiler.
 

TheChield

Ugly Troll
Member
Joined
Jul 10, 2013
Messages
210
Trophies
0
XP
112
Country
France
Ok ...
You have access to 4.1 ?
You have 4.1 binaries that seem to be the "real ones" ?
You can't compile with different options until having the "right binaries ? (well, I've never been able to make the right same 1:1 binary by myself...)
But With different binaries from the same source code, you can "unelf" the binaries and strip out the useless common code ?
Objdump could be your friend... And PERL too :D
compiling toolsuite is still the same.

I feel as excited as when the BBA GC hack was released :D
Well an usb to ethernet adaptor will help...
 

Relys

^(Software | Hardware) Exploit? Development.$
Member
Joined
Jan 5, 2007
Messages
878
Trophies
1
XP
1,239
Country
United States
Ok ...
You have access to 4.1 ?
You have 4.1 binaries that seem to be the "real ones" ?
You can't compile with different options until having the "right binaries ? (well, I've never been able to make the right same 1:1 binary by myself...)
But With different binaries from the same source code, you can "unelf" the binaries and strip out the useless common code ?
Objdump could be your friend... And PERL too :D
compiling toolsuite is still the same.

Compiling a binary with the same hash is EXTREMELY hard because there's all sorts of production variables, timestamps and whatnot. Here's a really good write up of analyzing the TrueCrypt binaries to audit them for backdoors. https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/

The 4.1 binaries we have are the real ones. I guess someone could compile the 4.1 WebKit source with Nintendo's compiler from the SDK and do a similar analysis to the decrypted 4.1 binaries. We could then figure out the differences and compile the 5.0 WebKit source. We would still need addresses from coreinit, but this would narrow down the amount of addresses we would need to bruteforce. It's more likely that we'll just work on dumping Starbuck OTP from 4.1 though.
 
  • Like
Reactions: Marionumber1

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
38
Location
Dr. Wahwee's castle
XP
18,967
Country
United States
I'll have to think about blocking those IP's, any ways thats nintendo primary goal, to patch/block homebrew, but why!?

Nintendo has zero tolerance policies towards hacking and other modifications in general, to allow their consoles to be open to such hacks would lead to illegitimate usage. Whether people agree with them or not, Nintendo will never change their stance on hacking/homebrew. You're better off simply blacklisting their server IP addresses.
 

Dr.Hacknik

Ashley | Developer | Trans
Member
Joined
Mar 26, 2014
Messages
1,773
Trophies
1
Age
24
Location
inside your fridge
Website
dochacknik.keybase.pub
XP
2,219
Country
United States
Nintendo has zero tolerance policies towards hacking and other modifications in general, to allow their consoles to be open to such hacks would lead to illegitimate usage. Whether people agree with them or not, Nintendo will never change their stance on hacking/homebrew. You're better off simply blacklisting their server IP addresses.

Now that you cleared up ill go block those ip's, but i'll wait tell i get the homebrew channel on my wiiU, but my old wii is heavily modded!
 

Rinnux

Well-Known Member
Member
Joined
Aug 3, 2010
Messages
655
Trophies
0
Age
29
XP
705
Country
United States
Now that you cleared up ill go block those ip's, but i'll wait tell i get the homebrew channel on my wiiU, but my old wii is heavily modded!

Be sure to block the following urls as well
  • nus.cdn.wup.shop.nintendo.net
  • nus.c.shop.nintendowifi.net
  • nus.cdn.c.shop.nintendowifi.net
  • nus.cdn.shop.wii.com
 

Dr.Hacknik

Ashley | Developer | Trans
Member
Joined
Mar 26, 2014
Messages
1,773
Trophies
1
Age
24
Location
inside your fridge
Website
dochacknik.keybase.pub
XP
2,219
Country
United States
Be sure to block the following urls as well
  • nus.cdn.wup.shop.nintendo.net
  • nus.c.shop.nintendowifi.net
  • nus.cdn.c.shop.nintendowifi.net
  • nus.cdn.shop.wii.com

K, how should i block them. I use a Netgear Wifi Router (Options to block are: block services(IP) & block sites).
 

Rinnux

Well-Known Member
Member
Joined
Aug 3, 2010
Messages
655
Trophies
0
Age
29
XP
705
Country
United States
K, how should i block them. I use a Netgear Wifi Router (Options to block are: block services(IP) & block sites).

Click block sites and it should give you the option to block a url. Just enter those, I know they dont look like urls but they are.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Pump the chocolate into my veins