Hacking Wii U Hacking & Homebrew Discussion

Sammi Husky · Oct 8, 2015

The thread basically stops moving after people get loadiine, and the only time it starts moving again is when people want to complain about whether the hard work others are doing is or is not released.

Don't get me wrong, not everyone can be a content producer and we surely can't expect people to learn PPC Assembly or how to RE binaries, let alone create or contribute to an exploit, but when people ask or complain about when / if something is released (over and over again), it just kinda...takes the passion out it. It's fine to just be a consumer, but at least don't act entitled to the product.

This thread should be about "Homebrew and Hacking". I'd rather read posts about whether something is or isn't possible or suggestions for homebrew / exploit vectors than sift through essentially people whining. That likely just makes the devs not want to post as frequently. And that really sucks, because i'm pretty sure that's the main reason people follow this thread.

/rant

NWPlayer123 said:
I'm sure there are, I wouldn't know what they are though, only one I know of is a xorpad method. Keep in mind that Smash, minus update data and like character intro videos, is just two giant 2GB files for the entire game, you need to either do it manually in memory or hook into the code that they use to load from the archives (dantarion's still working on that, by the looks of it).

I'm also poking around in the archive code too, though i've been really busy as of late so i haven't made much progress. iirc @soneek was doin some file injection stuff with the update data as well.

Apostrophe · Oct 8, 2015

Marionumber1 said:
When we <s>stop withholding for moral reasons</s> get it fixed or find a better 5.4.0 exploit.

DAMMIT MARIONUMBER1

I know no 5.4.0 exploit has been released, but the link your sig piqued my curiosity. I was just about to go to bed :'(

benserwa · Oct 8, 2015

Funny how impossible it is for people to consider that the people who can actually code the exploits might have better insight into when it's best to release them than they do.

If you really want to pressure devs to release exploits, code some useful or interesting homebrew!

Korin · Oct 8, 2015

benserwa said:
Funny how impossible it is for people to consider that the people who can actually code the exploits might have better insight into when it's best to release them than they do.

If you really want to pressure devs to release exploits, code some useful or interesting homebrew!

If I'm remembering correctly, didn't failoverflow offer to release what they had if developers stepped up and showed that they would do something with it- only to have nobody actually do it?

I may be remembering wrong.

benserwa · Oct 8, 2015

Korin said:
If I'm remembering correctly, didn't failoverflow offer to release what they had if developers stepped up and showed that they would do something with it- only to have nobody actually do it?

I may be remembering wrong.

Which is sad. If I was a better coder I'd want to make a digital version of the card game Android: Netrunner that could be played on a Wii U, with the Corporation player playing on the Gamepad so they can keep all their moves secret.

Korin · Oct 8, 2015

benserwa said:
Which is sad. If I was a better coder I'd want to make a digital version of the card game Android: Netrunner that could be played on a Wii U, with the Corporation player playing on the Gamepad so they can keep all their moves secret.

Sounds cool, I feel like asymmetric games are what the Wii U gamepad was built for. I'd love to see some asymmetrical homebrew simply because they're something that you don't see in local co-op

keine · Oct 8, 2015

Relys said:
1) Develop savegame exploits by fuzzing savegame data and debugging crashes with kernel exploit.
2) Develop new kernel exploit by reversing kernel syscalls to find vulnerabilities (this is how Comex found the OSDriver race condition).
3) Develop IOSU exploit by fuzzing ioctls for device drivers to look for crashes. IOSU runs on ARM9 which doesn't have support for NX bit, which makes blind exploitation ALOT easier since you don't have to have an information disclosure in order to find ROP gadgets.

Other productive things to do:
1) RE and document RPLs on WiiUBrew (Super easy because symbols are intact for dynamic linking).
2) Work on libwiiu by adding examples of how to use said RPLs (Sound would be interesting).
3) Get working elf/rpx loader for homebrew.
4) Help exjam with his emulator.

If you could start reading/doing 3 rather simple things for a a build up to help with 2/3 what would they be? Some times I don't think its possible to exploit without really really knowing how to code, like 5 years of hardcore C/C++ experience, which I don't have.
Books/Classes/Concepts?
I ask this all the time and never get any closer, but alas.

I did watch the OpenSecurityTraining Lectures on Life of Binaries to try understand the RPX/RPL (ELF) stuff better. Was fun and somewhat helpful. Still totally lost, but eh. I have to identify small doable projects to do as to get anywhere.

In my spare time one day I want to attempt some side channel attacks on older consoles like the Wii. Hell I'd be happy with a side channel attack on a PS1/PS2 just to be able to demonstrate some kind of attack.
Where has all the hardware hacking gone?

I am convinced that there exist full blown exploits for PS4/WiiU but they fail to be released for various reasons.

Relys · Oct 8, 2015

-snip-

zecoxao · Oct 8, 2015

Relys said:
-snip-

what was that?

Deleted-355425 · Oct 8, 2015

zecoxao said:
what was that?

he was just saying how much he loves us all.

capito27 · Oct 8, 2015

mech said:
he was just saying how much he loves us all.

And it was written in verses, such a waste that he decided to remove it

.

zecoxao · Oct 8, 2015

capito27 said:
And it was written in verses, such a waste that he decided to remove it .

directly from ps3 scene (my favorite rhymes so far):

Unicorns gathered one day
heard man talk about pwn ps3 in a smartly way
But little did they know
that already without much show
the dump was down at their cloaved hooves
That all simple proves
Never try to hide things
from eliptic curve horned beings
as they shit crypto poo
its just in their nature to do

A Generic User · Oct 8, 2015

A couple of questions, sorry if they're not pertinent:

1) I know that soneek wrote a script to convert .brstm to .bcstm and .bfstm. Is there a way to do this in reverse (aside from converting it into a wav and using the same loop points from the original song with the resulting file, which I don't want to do as the audio will be lossy compressed)? I know it's possible because Mr. Bean said he had a tool that did such (I believe in response to a comment on his Cafiine video), but I have absolutely no idea where to start (and I suck at coding). Maybe you could extract the .dsp files and make them into a .brstm then?

2) I have not the foggiest idea on how to make .nus3bank files. I have the originals extracted from my disk which soneek said you have to use as templates, but I don't know the procedure, and soneek also said you have to make .idsp files which I also have no idea how to do.

3) Whenever I try to dump a song from Smash Wii U via cafiine, the Wii U always freezes, why is that?

ChronoX_ · Oct 8, 2015

NWPlayer123 said:
That's assuming it was ever alive in the first place :^) All I ever do on here is humor you, I have no actual hope for anyone on here, I do everything myself for a reason, because nobody else will

If I knew it was "alive" sooner I would have paid more attention to blocking automatic updates as I'm on 5.5 now.
If you ever decide to release it's then that's great for everyone, if you stick to your decision to never release it then that's fine by me too really.

I'm sure someone else will find something sooner or later and will be the so called hero of the scene.

--------------------- MERGED ---------------------------

pedro702 · Oct 8, 2015

Again anyone knows the gba inject adress for roms in VC? if so please share it?

computerguy906 · Oct 8, 2015

pedro702 · Oct 8, 2015

computerguy906 said:
Not sure where the original download is but here you go.
https://mega.nz/#!QRIymb4T!l-_8aYEaFBkNY4I_fALhTjP3tNI_5Wg-iyeEdz11qO8

i said gba not snes inject adress.

computerguy906 · Oct 8, 2015

pedro702 said:
i said gba not snes inject adress.

Ya saw that as soon as i posted the message. My bad. Good luck finding the address.

VinsCool · Oct 8, 2015

pedro702 said:
Again anyone knows the gba inject adress for roms in VC? if so please share it?

I'll see what I can do

I heard the rom is in a .bin file in FSA.

pedro702 · Oct 8, 2015

VinsCool said:
I'll see what I can do

I heard the rom is in a .bin file in FSA.

yeah i cant seem to find it at all tough, i would like to try and inject some gba games but so far i cant find anything.

Hacking Wii U Hacking & Homebrew Discussion

Well-Known Member

VIDEO GAMES

Active Member

Well-Known Member

Active Member

Well-Known Member

Well-Known Member

^(Software | Hardware) Exploit? Development.$

Well-Known Member

Deleted-355425

Guest

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

New Member

Well-Known Member

New Member

Persona Secretiva Felineus

Well-Known Member

Similar threads

Popular threads in this forum