Hacking Wii U Homebrew Wish List - Homebrew Idea Thread

Mr. Mysterio

Mr. Mysterio

Super Genius
Member
Level 7
Joined
Sep 16, 2014
Messages
661
Trophies
0
Age
24
Location
Rosalina's Comet Observatory
XP
1,124
Country
United States
thekarter104 said:
I honestly don't know how that worked on the Wii, never been into the photo channel LOL.
Just viewing pictures like you do on PC or something.
Click to expand...

Oh, it's more than that! It has a full-blown graphics editor that can keep a 5-year-old occupied for hours! Just put your pictures in the JPG format on the SD card root.
 
  • Like
Reactions: Margen67, TeamScriptKiddies and TotalInsanity4
TeamScriptKiddies

TeamScriptKiddies

Licensed Nintendo (indie) Game Developer
Member
Level 9
Joined
Apr 3, 2014
Messages
1,970
Trophies
0
Age
36
Location
Planet Earth :P
XP
1,703
Country
United States
Marionumber1 said:
External SD storage is probably impossible to get without hijacking a game that allows it, like Smash, but USB access is shaping up to be reasonably likely.
Click to expand...

Wouldn't sd access also be possible with an IOSU exploit? No need for a game then. Just wondering if something drastic was discovered recently that I somehow missed. I am aware however of the progress you've made with USB access using only a Kernel exploit as you and NWP have been posting about it here and on WiiUbrew, very exciting stuff :). Keep up the awesome work! Even if sd card access isn't possible without exploiting a game using kernel access, that's okay, USB would be perfect anyways :P. We could hook up an external hdd just for homebrew and fill that thing to the teeth if we want :P.

As for people reading that who are going to start begging for a backup loader, ITS NOT GOING TO HAPPEN WITHOUT AN IOSU EXPLOIT, FURTHERMORE MN1 ET AL AREN'T INTERESTED IN DEVELOPING BACKUP LOADERS ANYWAYS. I for one support the idea of a backup loader, but MN1 and NWP and all them have no interest in developing such things and I fully respect that. They are kind enough to dedicate their free time to this project and make homebrew a reality on the Wii U. I know that what I'm saying here will likely be blatantly ignored, but can we not have a flame war here requesting a backup loader resulting in a debate that's entirely off topic? Just for once?
 
M

Marionumber1

Well-Known Member
Member
Level 14
Joined
Nov 7, 2010
Messages
1,234
Trophies
3
XP
4,045
Country
United States
TeamScriptKiddies said:
Wouldn't sd access also be possible with an IOSU exploit? No need for a game then. Just wondering if something drastic was discovered recently that I somehow missed.
Click to expand...

What I meant was that without an IOSU exploit, you'd need to hijack a game with SD permissions. An IOSU exploit gives you full control of the entire system, so of course it will let you access the SD.
 
  • Like
Reactions: I pwned U!, Margen67, TeamScriptKiddies and 2 others
stan423321

stan423321

Member
Newcomer
Level 1
Joined
Oct 12, 2013
Messages
17
Trophies
0
Age
30
XP
139
Country
Poland
So this is probably going to be extremely stupid.

Is my understanding of the following correct?
  • IOSU guards USB HDD and eMMC in a reasonable way. It protects the system by refusing to decrypt unsigned stuff. That's why Caffiine thing works over network.
  • IOSU has some sort of concept of PPC things going on, since SSBU is "needed" to access SD card usage privilege. It somehow keeps checking whether the SD card request comes from SSBU or from something else.
  • Kernel access is enough to break into IOSU services protecting controllers, and also networking.
  • Kernel access is enough to run cheats, both of variable and code patching variety.
  • IOSU doesn't control GPU, and the only thing it can do to CPU against kernel is resetting.
I'd love to know more about inner workings of various fancy things like Wii eShop games if you know something already, but I understand that's not a priority.

I just wonder what Caffiiine can do, to be honest.
 
  • Like
Reactions: Margen67
M

Marionumber1

Well-Known Member
Member
Level 14
Joined
Nov 7, 2010
Messages
1,234
Trophies
3
XP
4,045
Country
United States
stan423321 said:
IOSU guards USB HDD and eMMC in a reasonable way. It protects the system by refusing to decrypt unsigned stuff. That's why Caffiine thing works over network.
Click to expand...

IOSU enforces file permissions on the internal storage and discs. External USB storage may actually be more accessible than initially thought; we're still looking into that, it seems promising.

IOSU has some sort of concept of PPC things going on, since SSBU is "needed" to access SD card usage privilege. It somehow keeps checking whether the SD card request comes from SSBU or from something else.
Click to expand...

All titles have something with them called the Title Metadata (TMD), which specifies various access permissions. There's presumably a flag in the TMD somewhere that specifies whether an app has SD access. When IOSU loads a title, it parses the TMD, reads the access permissions, and sets a memory flag determining whether the app can use the SD. From that point on, all SD access is checked against the flag. (This is all speculation, but it makes sense)

Kernel access is enough to break into IOSU services protecting controllers, and also networking.
Click to expand...

IOSU doesn't protect controllers or networking, it just implements the hardware support required to use them. We can actually use controllers and networking in userspace, without a kernel exploit.

Kernel access is enough to run cheats, both of variable and code patching variety. IOSU doesn't control GPU, and the only thing it can do to CPU against kernel is resetting.
Click to expand...

Both of those are correct.
 
  • Like
Reactions: I pwned U!, Margen67, TeamScriptKiddies and 1 other person
NWPlayer123

NWPlayer123

Well-Known Member
Member
Level 17
Joined
Feb 17, 2012
Messages
2,642
Trophies
0
Location
The Everfree Forest
XP
6,693
Country
United States
TMD being the two XMLs in the code folder.
stan423321 said:
I'd love to know more about inner workings of various fancy things like Wii eShop games if you know something already, but I understand that's not a priority.
Click to expand...

Actually, I'm just waiting for the new Webkit exploit to be finished which doesn't look like it'll be any time soon at the rate we're going :<
 
  • Like
Reactions: Margen67 and Mr. Mysterio
stan423321

stan423321

Member
Newcomer
Level 1
Joined
Oct 12, 2013
Messages
17
Trophies
0
Age
30
XP
139
Country
Poland
Marionumber1 said:
All titles have something with them called the Title Metadata (TMD), which specifies various access permissions. There's presumably a flag in the TMD somewhere that specifies whether an app has SD access. When IOSU loads a title, it parses the TMD, reads the access permissions, and sets a memory flag determining whether the app can use the SD. From that point on, all SD access is checked against the flag. (This is all speculation, but it makes sense)
Click to expand...

Okay, I honestly have a problem with this. It would make perfect sense on Wii. But Wii U uses simultaneous multiprocessing. Would, say, web browser, or notification checker, be a title, or is that reserved for games (and maybe DLC)? Regardless, how would IOSU distinguish which of running executables made a request to read something? Wouldn't all of these go through kernel anyway?
 
  • Like
Reactions: TotalInsanity4
M

Marionumber1

Well-Known Member
Member
Level 14
Joined
Nov 7, 2010
Messages
1,234
Trophies
3
XP
4,045
Country
United States
stan423321 said:
Okay, I honestly have a problem with this. It would make perfect sense on Wii. But Wii U uses simultaneous multiprocessing. Would, say, web browser, or notification checker, be a title, or is that reserved for games (and maybe DLC)? Regardless, how would IOSU distinguish which of running executables made a request to read something? Wouldn't all of these go through kernel anyway?
Click to expand...


I don't know that much about how IOSU and Cafe OS interrelate with regards to title switching. However, I do know that all IOSU requests (which can be done from userspace, by the way) contain something called the fixed process ID (PFID), which uniquely identifies which process sent the request. Games, the browser, the eShop, and even Cafe OS itself have these, and I think the kernel prevents you from forging a PFID. IOSU appears to have security profiles for each PFID; for example, code running in userspace but as part of the RPL loader can access OSv11's files, even though normal userspace code can't, as the loader likely runs under the Cafe OS PFID. The TMD specifies the security profile for Smash, so now that I think about it, it may be possible to load Smash, switch to the browser, run the kernel exploit, and forge the PFID as Smash's to get SD access.
 
  • Like
Reactions: I pwned U!, TeamScriptKiddies and VinsCool
TotalInsanity4

TotalInsanity4

GBAtemp Supreme Overlord
Member
Level 20
Joined
Dec 1, 2014
Messages
10,800
Trophies
0
Location
Under a rock
XP
9,814
Country
United States
Mr. Mysterio said:
ODD is a very odd abbreviation for optical disc drive. :P
Click to expand...

th
 
  • Like
Reactions: Margen67, TeamScriptKiddies and Mr. Mysterio

Site & Scene News

Go to forum More news

Popular threads in this forum

Gaming  Online services for the 3DS and Wii U have been shutdown. Here is how to get back online!

Super Mario Maker Save Collection (All Event and Staff Courses Preserved, 3DS Mario Challenge Port, and More)

Hacking Hardware  Wii U No Display (Logs dumped)

Hacking Gaming  Xenoblade Chronicles X - Lifeline and Enhancement Mod

Can you hack your wii u with something other than sd card

Watch videos on Wii U, offline, saved on SD?

Pretendo not working with updated games?!

Very annoying that Nintendo never fixed this bug

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: Kaden maybe contact the staff? I don't know how all that works