Hacking 5.5.0 progress

[Mic1604]

oh, psh, I'm not sure how they handle the LAN adapter, but cause you have to have it set up in settings, it pipes thru IOSU somehow, you can't access USB storage specifically, they have seperate interfaces for all the other kinds.
Human Interface Devices (eg the Gamecube adapter and a keyboard and mouse if you were that crazy about True Internet Experience™)
Communications Device Class that DRH uses to communicate with the Gamepad
UAC (USB Audio Class if you plugged in a microphone and wanted to use it, I actually remember doing that when MN1 and I were testing stuff lmao)
USB-MIDI which I'm not sure of a use case
USB storage is UHS which is what IOS-MCP keeps locked down
http://wiiubrew.org/wiki/IOSU#IOS-USB

Not sure if this would work, but how about using USB-HID as an entrypoint?
I remember seeing a USB stick with an unlocked driver partition, in which one could insert files or code that made the device look like another, normally used to skip newer AutoRun Windows's security measures.
If code was injected in these to create a denial of service attack, invoking a kernel panic and before crashing redirecting the ELF loader to a code interpreter that would translate the payload as a HID input that would load a chain of privilege escalation by overloading the system, then replacing certain data in RAM as to load a limited version of CFW with debug capabilities, as such allowing deeper access into the system? Or is this not possible for some reason?

 

[rw-r-r_0644]

Not sure if this would work, but how about using USB-HID as an entrypoint?
I remember seeing a USB stick with an unlocked driver partition, in which one could insert files or code that made the device look like another, normally used to skip newer AutoRun Windows's security measures.
If code was injected in these to create a denial of service attack, invoking a kernel panic and before crashing redirecting the ELF loader to a code interpreter that would translate the payload as a HID input that would load a chain of privilege escalation by overloading the system, then replacing certain data in RAM as to load a limited version of CFW with debug capabilities, as such allowing deeper access into the system? Or is this not possible for some reason?

It wouldn't work because the attackbis normally based on making it look like a keyboard (or other HID input device) but WiiU only accept USB storage devices and doesn't care if you connect almost any other type of usb device (apart USB-Ethernet adapter)

 

[Mic1604]

It wouldn't work because the attackbis normally based on making it look like a keyboard (or other HID input device) but WiiU only accept USB storage devices and doesn't care if you connect almost any other type of usb device (apart USB-Ethernet adapter)

Since it doesn't care, it doesn't expect it and as such shouldn't be protected against it, right? Or did I get it wrong?

 

[rw-r-r_0644]

Since it doesn't care, it doesn't expect it and as such shouldn't be protected against it, right? Or did I get it wrong?

Just nothing will happen

 

[Mic1604]

Just nothing will happen

Okay then. Sorry for taking up your time.

 

[Jonna]

Yeah, the bad thing though is that I will have to buy a game which comes on 5.3.2 (which is a risk I believe) so the cost is a bit more!

Idea: See who's selling such a game on Kijiji, ask to pay them $10 or so to being your Wii U to their place and simply update your Wii U, and they get the game back. It's already used, and if you explain the reason for this, I think they would be fine. They get an extra amount of money from it and still get to keep it.

 

[FusionGamer]

@Rectofki - Do people even read anymore? Right on the first repo, it states that "This is not a troll account. Nor the real Hykem. Just grabbing the name, so no more trolls grab it and fake".

And his twitter is open, the games continue - https://twitter.com/hykemthedemon

Wow, he isn't going to focus on nor release the IOSU exploit that's completed? I totally fucking called it! And you all kept flaming me for calling it. (Though I'm skeptical because anyone could've grabbed his username after it got deleted; just like the Github account.)

 

[MrDanny]

https://github.com/Hykem/Placeholder/commit/c52cf656709ca591e6ffaaaae67f02d6e2663860.patch

 

[Deleted User]

@Rectofki - Do people even read anymore? Right on the first repo, it states that "This is not a troll account. Nor the real Hykem. Just grabbing the name, so no more trolls grab it and fake".


Wow, he isn't going to focus on nor release the IOSU exploit that's completed? I totally fucking called it! And you all kept flaming me for calling it. (Though I'm skeptical because anyone could've grabbed his username after it got deleted; just like the Github account.)

It is believed that that twitter account is fake

 

[FaTaL_ErRoR]

Not sure if this would work, but how about using USB-HID as an entrypoint?
I remember seeing a USB stick with an unlocked driver partition, in which one could insert files or code that made the device look like another, normally used to skip newer AutoRun Windows's security measures.
If code was injected in these to create a denial of service attack, invoking a kernel panic and before crashing redirecting the ELF loader to a code interpreter that would translate the payload as a HID input that would load a chain of privilege escalation by overloading the system, then replacing certain data in RAM as to load a limited version of CFW with debug capabilities, as such allowing deeper access into the system? Or is this not possible for some reason?

No sir... Usb UHS is a great entrypoint though. Custom firmware on a usb storage device that attacks during validation.
Still has to remain as usb storage and still has to be seen as a normal storage device. No denial of service needed, just need to jump at the right moment during validation. During usb validation the rest of the system is fully vulnerable. IOS can only run that one task during it. (validating the usb as properly formatted and signed) It's an issue with many operating systems and the only way to get a software unpatchable exploit.
Custom firmware is how you properly hide a partition of data envoked at a certain instruction.
Get the Wii u to firmware 6.0 or above and we'll show you.

 

[KiiWii]

What about this vector: http://www.extremetech.com/extreme/...to-the-tiny-sounds-made-by-your-computers-cpu

Its insane!

 

[colking]

OMG... I'm devastated. I spent a fortune buying a second wii u (5.3.2), shipping ($85) from US to Canada, duty fee ($100). I blocked the updates using tubhax but somehow the DNS was reset and updated to 5.5.1. How could this happen?! My old wii u is still being blocked at 5.5. I have no words....

 

[Hikari06]

OMG... I'm devastated. I spent a fortune buying a second wii u (5.3.2), shipping ($85) from US to Canada, duty fee ($100). I blocked the updates using tubhax but somehow the DNS was reset and updated to 5.5.1. How could this happen?! My old wii u is still being blocked at 5.5. I have no words....

Hopefully the 5.5.x kexploit will be released soon, at least I hope for you :/

 

[rw-r-r_0644]

OMG... I'm devastated. I spent a fortune buying a second wii u (5.3.2), shipping ($85) from US to Canada, duty fee ($100). I blocked the updates using tubhax but somehow the DNS was reset and updated to 5.5.1. How could this happen?! My old wii u is still being blocked at 5.5. I have no words....

I'm sorry for you. Has tubehax worked sometime? I mean, were you able to access the eshop?

 

[fukseliten]

OMG... I'm devastated. I spent a fortune buying a second wii u (5.3.2), shipping ($85) from US to Canada, duty fee ($100). I blocked the updates using tubhax but somehow the DNS was reset and updated to 5.5.1. How could this happen?! My old wii u is still being blocked at 5.5. I have no words....

Sorry , but you must have done something wrong somewhere.
Tubehaxx works fine and there are no reports of it not doing what its supposed to do ,as long as it is set it up correctly.

Maybe you had a power outage before you managed to save your settings or something like that

 

[colking]

Hopefully the 5.5.x kexploit will be released soon, at least I hope four you :/

thanks. Hope so!

--------------------- MERGED ---------------------------

I'm sorry for you. Has tubehax worled sometime? I mean, were you able to access the eshop?

I never actually tried to access the eshop. My other wii u is still on 5.5 so I'm not sure what happened.

 

[SkittleDash]

Why are Nintendo and Sony systems so easy to hack? Looks like Xbox is the most secure console to own without your bank details being leaked.

 

[Subtle Demise]

Why are Nintendo and Sony systems so easy to hack? Looks like Xbox is the most secure console to own without your bank details being leaked.

Weird thing is, Xbox might be the most secure game system, but Windows is as easy to pirate as download, burn, install.

 

[Hayleia]

Why are Nintendo and Sony systems so easy to hack? Looks like Xbox is the most secure console to own without your bank details being leaked.

Because @smealum works for Microsoft in a security departement

 

[SkittleDash]

Weird thing is, Xbox might be the most secure game system, but Windows is as easy to pirate as download, burn, install.

I used to be like that when I was 10. My mind was a pirate. Until grew up and got a job to buy them like a respectful gamer would do. xD