WOW! Even more impressive than the new ddd release, are the bolded statements above/below! ...and it leads to so many questions!...
Explanation on how it is done:
So how do we dump the meta folder which is normally not accessable through the FS functions?
I was looking through the men.rpx (system menu) assembly and i saw it calling an FS function that looked interessting, FSBindMount. That function was called with path parameters that were interessting. The system menu creates with this something similar to a symbolic link on linux for the path ".../meta" to a path called "/vol/app_priv". So I started checking it out and find out that you can actually link any titles meta folder, e.g. /vol/storage_odd3/meta to a folder like /vol/app_priv or even just /vol/meta. From that position you can then access the folder /vol/meta (or the app_priv) with normal FS functions. There is only one problem with that, that you dont have access to those paths from the game titles or any other titles I tested except Mii Maker, System Menu and, you might have guessed it, Home Menu. So thats why I had to first do a few changes to the ddd application to actually bind the correct title that we want to dump. Now this is quite nice that you can create symlinks with this. I checked binding /vol/storage_odd03/code to some path but that wasn't accessable but I expected that kind of, though its too bad.
Well i played a bit more with it and found out that you can actually just hook that function and replace whatever the system tries to link to /vol/app_priv (or /vol/meta_priv (odd03 meta/manual) or /vol/private_mnt (usb mount)) and just link some other path you like to it. This allows you to inject the system some other meta path and with that you can for example make it load different icons for the titles that the system menu or the home menu displays. What we do with this? Well for now nothing as I didnt have much time for digging much deeper into this but this just smells like something we can exploit a little more.
EDIT:
I updated the WiiU archive on the release and added a new meta.xml and an icon.png from @TiMeBoMb4u2 (thanks)
Are you allowed to link a SD Card mount/location?
When you say "normal FS functions", does this mean read/write, or only read?
What locations/paths are you allowed to symlink to/from?
If the system tries to link/mount "/vol/private_mnt (usb mount)", are you able to hi-jack this mount to allow access to USB?
So, if this new "meta path" happens to contain a nicely-written exploit/payload, would the system be kind enough to execute that for us?
Uh, yeah! ...but I guess it really depends on how sand-boxed the mount is! I think you're really onto something here, though!! PLEASE keep us updated, and share all your findings!
Thanks, again, @dimok
Last edited by TiMeBoMb4u2,
ok so i open ddd and add in my ip press X to install. on my laptop have the output folders. i press enter on command prompt and then load my game. nothing happens lol doesnt freeze or give any heads up if anything is happening. the command line doesnt show any sign of a connection just tells me the usage of titledumper. any help would be much appriciated
Last edited by jammybudga777,
If it tells you the usage, you are doing something wrong!
To dump everything use:
titledumper.exe /vol outputdir
=> it will create a directory "outputdir" and dump everything in there
is there any easy way to try pinpoint what i maybe doin wrong? i have been trying for some time now not sure why i always seems to struggle with easy tasks.....
Pretty cool, but we still can't dump imported games on an other region then, I guess
Wii u is region locked, but is kernal enough to make a patch to unlock regions? Or do we need IOSU?
- Joined
- Oct 27, 2002
- Messages
- 23,749
- Trophies
- 4
- Age
- 46
- Location
- Engine room, learning
- XP
- 15,662
- Country
Post a screenshot of your command line window so we can see your command and the error.
i have resolved it. command line says its waiting for wii u sorry i guess i was just being impatient and putting in the wrong command :/ lol
sorry i guess i was just being impatient and putting in the wrong command :/ lol
Last edited by jammybudga777,
Well as promised I have just pushed the sources of ddd to the repo i created on github. So everyone who is interessted in it can check it out now. It is the sources of v0.2.
With that done I want to also say that now I have to reduce my work on the WiiU as of today. I am sorry to say that but you won't be seeing many commits or releases from me in the next time. I have to concentrate more on my work and some private commercial projects more in the next few months and of course my family. So I have to stop coding on the WiU because of personal reasons. I just wont have the time to continue to work on any bigger stuff. All my projects are open source now and everyone can do whatever he/she likes with the code. I hope with that source code and the HBL available on the WiiU scene now there will be a lot more homebrews coming in the future but this will have to happen without me, at least in the near future. I will still support people who have questions regarding my source code or other things related to the WiiU, maybe even throw in a bugfix or two at some points but only as much as my free time will allow. What I will try to do as a last application is a demonstration of how to use GX2 in plain C as some people already told me they have problems understanding the C++ code and a plain C example of a 3D colored cube rotating will be very helpfull. So yeah I will probably do that but I will have to see when I get to it.
So thanks to everyone who supported my applications and me so far! I really hope my work was usefull to the WiiU scene and that it will grow further, at least it has the potential for it. I will be still reading the forums and try to answer to the messages though at least from time to time.
With that done I want to also say that now I have to reduce my work on the WiiU as of today. I am sorry to say that but you won't be seeing many commits or releases from me in the next time. I have to concentrate more on my work and some private commercial projects more in the next few months and of course my family. So I have to stop coding on the WiU because of personal reasons. I just wont have the time to continue to work on any bigger stuff. All my projects are open source now and everyone can do whatever he/she likes with the code. I hope with that source code and the HBL available on the WiiU scene now there will be a lot more homebrews coming in the future but this will have to happen without me, at least in the near future. I will still support people who have questions regarding my source code or other things related to the WiiU, maybe even throw in a bugfix or two at some points but only as much as my free time will allow. What I will try to do as a last application is a demonstration of how to use GX2 in plain C as some people already told me they have problems understanding the C++ code and a plain C example of a 3D colored cube rotating will be very helpfull. So yeah I will probably do that but I will have to see when I get to it.
So thanks to everyone who supported my applications and me so far! I really hope my work was usefull to the WiiU scene and that it will grow further, at least it has the potential for it. I will be still reading the forums and try to answer to the messages though at least from time to time.
So so sorry to see you go. you have been a cornerstone of the wiiu for a long long time. your work was and is fantasticm and we will be the poorer for losing you. i want to thank you, so much. and i wish you every success now and in the future. you are one of thebest devs on the scene. and will not be forgotten soon. i thank you.....
- Joined
- Oct 27, 2002
- Messages
- 23,749
- Trophies
- 4
- Age
- 46
- Location
- Engine room, learning
- XP
- 15,662
- Country
Could you release a GX2 library (like LibWiiGUI from Tantric on Wii) ?
Or we just use current projects like loadiine as base for other homebrew?
I guess the C examples/demos will cover it.
Or we just use current projects like loadiine as base for other homebrew?
I guess the C examples/demos will cover it.
Thanks for all you have done, but does this mean you will not be investigating the potential exploits of the symlink mounts?
If this is the case, will you please pass some of this information on to some other developers that would check on this and contribute to it? Maybe @crediar @Cyan @Maschell etc...
Last edited by TiMeBoMb4u2,
When trying to dump Lego City Undercover meta folder I get this
EDIT: I think I know what I did wrong. Retrying!
Code:
./titledumper /vol/meta test
Title Dumper by Dimok
Waiting for WiiU connection...
Client 0 connected
Client 1 connected
Create path: test/vol/meta
Open file: test/vol/meta/bootDrcTex.tga
Failed to open: test/vol/meta/bootDrcTex.tga
pFile == NULL on close
Open file: test/vol/meta/bootLogoTex.tga
Failed to open: test/vol/meta/bootLogoTex.tga
pFile == NULL on close
Open file: test/vol/meta/bootMovie.h264
Failed to open: test/vol/meta/bootMovie.h264
pFile == NULL on close
Open file: test/vol/meta/bootSound.btsnd
Failed to open: test/vol/meta/bootSound.btsnd
pFile == NULL on close
Open file: test/vol/meta/bootTvTex.tga
Failed to open: test/vol/meta/bootTvTex.tga
pFile == NULL on close
Open file: test/vol/meta/iconTex.tga
Failed to open: test/vol/meta/iconTex.tga
pFile == NULL on close
Open file: test/vol/meta/manual.bfma
Failed to open: test/vol/meta/manual.bfma
pFile == NULL on close
Open file: test/vol/meta/meta.xml
Failed to open: test/vol/meta/meta.xml
pFile == NULL on close
Client 1 connection closedEDIT: I think I know what I did wrong. Retrying!
Last edited by Phantisy,
Similar threads
-
- Article
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
BigOnYa:
Anybody here have a Xbox series S and a series X, is the performance difference noticeable? Not worried about 4k. I have a series X but not a series S and was curious. (Reason- I was thinking of buying a series S for a second tv, for when grandkids come over, to keep them off my X) -
-
-
-
-
-
-
-
-
