Hacking Wii U Hacking & Homebrew Discussion

[optikalsaint]

Yeah I know that, but it actually started installing it
FUCK THAT SHIT I said and resetted the motherfucker in a blink of an eye

Good thing you caught it. Instead of using OpenDNS you might want to check out the Parental Controls on your router. You should be able to block all the addresses there and not worry about keeping an eye on your IP address so OpenDNS works.

 

[noobiez]

i was thinking since everybody knows hash values of keys can the one time programmable memory or ram dumped and find check-sum by calculating the dump? so no need to find pointers or commands just take memory dump when those are used?

 

[FIX94]

so GX2 is more complex than I initially thought, anyways now I at least see something happening, I can set the GX2 buffer on program end via GX2SetTVBuffer, I cant just show it whenever I want cause GX2SwapScanBuffers just like GX2DrawDone lead to an infinite load. Anyways if you want to see your screen for like half a second split in red and green (not exactly accurate but anyways) you can see that on http://fix94.no-ip.org/wiiu, I would be interested to know if it only works on my 3.1.0 or if on newer firmwares you see something too right before the home menu. Note that the buffer I set only gets set on the TV so looking at the gamepad wont do much.

 

[Adr990]

This sounds like a caching issue. I haven't taken a look at the server files yet (planned on searching the forum for them later) but if it is caching related it should be simple to fix. I saw several mentions of portable LAMP/WAMP based server. If you add the following code to the .htaccess file in the root of web directory it should prevent the Wii U browser from caching page renders and reloading the last cached instance when visiting from a bookmarked URL:

.htaccess

<filesMatch ".(html|htm|js|css|jpg|png)$">
    FileETag None
    <ifModule mod_headers.c>
        Header unset ETag
        Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
        Header set Pragma "no-cache"
        Header set Expires "Thu, 01 Jan 1970 00:00:00 GMT"
    </ifModule>
</filesMatch>

Adding the following meta tag to any of the HTML documents should also tell your browser not to cache them.

*.html

<meta http-equiv="cache-control" content="max-age=0" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="expires" content="0" />
<meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
<meta http-equiv="pragma" content="no-cache" />

THIS IS THE SOLUTION!

wiiulib.arndoid.nl works fine now.
Thanks!

 

[FIX94]

ugh I see why I didnt have full GX2 access, now I actually do so I guess I can tomorrow maybe draw some simple spinning 3d cube, not today anymore though, getting access was frustrating enough.

 

[Marionumber1]

ugh I see why I didnt have full GX2 access, now I actually do so I guess I can tomorrow maybe draw some simple spinning 3d cube, not today anymore though, getting access was frustrating enough.

I recently updated examples/gx2, and it should now be able to find the existing DRC and TV framebuffers.

 

[JustPingo]

I recall I've seen some github page on that thread where we could find something that would record the WiiU gamepad. Could someone please remind me where it was?

 

[nastys]

I recall I've seen some github page on that thread where we could find something that would record the WiiU gamepad. Could someone please remind me where it was?

Maybe this?

 

[the_randomizer]

Maybe this?

That video doesn't exist anymore. Someone removed it for some lame reason.

 

[nastys]

That video doesn't exist anymore.

My fault, I didn't know how to share YouTube videos on GBAtemp ..

 

[JustPingo]

Thank you very much!

 

[optikalsaint]

THIS IS THE SOLUTION!

wiiulib.arndoid.nl works fine now.
Thanks!

Glad I can help. If you guys need help with the web development side of things shoot me a PM.

 

[diddy81]

you guys know you dont need to type in the full url everytime or have loads of bookmarks i just copied the outputed folders to htdocs and made a index.html file in the htdocs folder with this in it

<a href="/helloworld/">Hello World</a>
<p><a href="/pong/">Pong</a></p>

then all you need is to put your computers ip in the browser and click on the homebrew you want to load

this worked great for me

 

[palantine]

Are there kernel/ram/binary dumps available for reverse engineering? I'd love to contribute and start learning but unfortunately my console is on 5.4.0. I was able to find some IDA databases related to NFC routines but that's it so far. (files here: https://gbatemp.net/threads/spoofing-an-amiibo-using-android-nfc.375048/page-8)

Thanks!

-palantine

 

[Marionumber1]

Are there kernel/ram/binary dumps available for reverse engineering? I'd love to contribute and start learning but unfortunately my console is on 5.4.0. I was able to find some IDA databases related to NFC routines but that's it so far. (files here: https://gbatemp.net/threads/spoofing-an-amiibo-using-android-nfc.375048/page-8)

Thanks!

-palantine

Once you download OSv11, the kernel, IOSU, and RPL binaries are available. The kernel can be decrypted using the Wii U PPC ancast key, which I can privately send to you if you need it. IOSU decryption requires the ARM ancast key, something that is current unavailable. For RPLs, someone made an IDA plugin.

 

[palantine]

If you could do that it'd be much appreciated.

Thanks!

-palantine

 

[taz532]

I've been watching this thread for about a month since buying my wii u and thought it was time to try and help out. I'm a computer science major at University of Michigan and while I understand the C code in the repository, I don't have much of a clue when it comes to the reverse engineering. I tried to get the RPC working to mess around with it, but it wouldn't work, either with a crash or "Invalid RPC command."

Anyways, what's a step in the right direction? I probably won't have time to learn anything new so I don't need to you PM me any keys or anything, but as I already have experience with C I might as well try and mess around with this in my spare time during summer break.

Also I've seen others post about this as well; I have openDNS set up, and up until a few days ago the download manager was X'd out in the home screen. Now it isn't and its status says updating something every time I turn on the wii. My IP did not change and I'm still on 5.3.2 (and I don't know what its downloading), but that's happening to me.

 

[Marionumber1]

I've been watching this thread for about a month since buying my wii u and thought it was time to try and help out. I'm a computer science major at University of Michigan and while I understand the C code in the repository, I don't have much of a clue when it comes to the reverse engineering. I tried to get the RPC working to mess around with it, but it wouldn't work, either with a crash or "Invalid RPC command."

Anyways, what's a step in the right direction? I probably won't have time to learn anything new so I don't need to you PM me any keys or anything, but as I already have experience with C I might as well try and mess around with this in my spare time during summer break.

RPC is still broken, and we're eventually going to look into fixing it, although I'm not sure when. If you don't want to learn reverse engineering and would rather program, I would suggest trying your hand at writing homebrew. We have some graphics examples under osscreenexamples (Pong and a drawing app), and are working on getting GX2 figured out for more advanced graphics. Gamepad and Wii Remote input has already been documented on WiiUBrew, as have a few other libraries. Audio is still missing, but should come soon.

 

[golden45]

RPC is still broken, and we're eventually going to look into fixing it

RPC is working fine for me but it needs to be executed in a thread. In my example, press A button to create the thread (with rpc listening).

Also, I may be wrong but the dump_mem function of the rpc.py seems to have problems when length is too big.

 

[Marionumber1]

RPC is working fine for me but it needs to be executed in a thread. In my example, press A button to create the thread (with rpc listening).

Also, I may be wrong but the dump_mem function of the rpc.py seems to have problems when length is too big.

So I see you just create a CPU1 thread for RPC. I suppose it's possible that the CPU1 default thread (which we're running in) fails to support blocking functions.