WARNING: DO NOT FOLLOW THIS GUIDE IF YOU DON'T HAVE HAXCHI OR CBHC INSTALLED!
You will lose all Homebrew entry points, the browser will not be usable anymore.

This guide has been written when there was no 5.5.2 exploit. CFW DOES NOT INCLUDE MOCHA, IF YOU LAUNCH MOCHA FROM THE BROWSER!
If you are on 5.5.2 you can use one of the new Homebrew entry points, such as https://stupiid.ovh, https://u.drg.li or https://sleepii.ovh.

This guide is NOT a 5.5.2 exploit, and will not get you Homebrew on 5.5.2, this is purely for those with CBHC or Haxchi who want the old browser exploit back for any reason.

Follow this guide only if you want both cfw and a relatively stable browserhax. (This is more stable than the 5.5.2 browser hax, but doesn't matter too much because it requires Haxchi or CBHC)

Downgraded browser's with NO CFW (Haxchi or CBHC) = no more Homebrew for you! (until a new update comes out, or a new exploit that doesn't require the browser comes out.)


Important note: BEFORE doing any permanent changes to your console's internal files, you should always make sure you have a backup (Seeprom and OTP is a my best option for this guide) (AppStore). if you don't make a full NAND backup, at least do a OTP/SEEPROM dump, that will save your console if you brick the browser, as you can install Haxchi with your Seeprom and OTP. Backing up your Seeprom and OTP will NOT fix full CBHC or FTPiiU bricks (Console not booting). Not necessarily only before following this guide, it's common advice for EVERY console's hacking projects. Always read and understand all the guide before starting it.

Spoiler: DISCLAIMER

DISCLAIMER: This guide requires file transfers via FTPiiU Everywhere. If you mess up your Wii U, I am not liable for any damage. If you follow this properly and read everything, nothing harmful should happen.

-Beginning-

Hello, this is a guide on how to downgrade your Internet Browser as to use the old browser vulnerability.
This means you will be able to use https://loadiine.ovh on 5.5.2, but first read the requirements, your Wii U might not be supported depending on what Homebrew you use.

-Requirements and warnings-

This requires CBHC, or Haxchi (you should have either Haxchi or CBHC if you're on 5.5.2, and if not you're out of luck) an FTP client, FTPiiU Everywhere, and an encrypted version of the Wii U Internet Browser, which can be gained through JNUSTool.

Spoiler: IMPORTANT WARNINGS, READ ME OR DIE

(WARNING, IF YOU'RE USING JUST HAXCHI, TO ACCESS THE INTERNET BROWSER IT WILL REQUIRE SIGNATURE PATCHES, MEANING YOU HAVE TO LAUNCH HAXCHI, OR MOCHA OR ANY OTHER CFW / SIGNATURE PATCHING PROGRAM EACH TIME YOU WANT TO USE THE BROWSER!)
Also, if you want this as a backup method in case CBHC fails, don't bother, dump your Seeprom and OTP instead. Doing this will make your Internet Browser unusable if CBHC fails.

-Starting-

First off, you want to go to the directory where JNUSTool.jar is and open a Command Prompt window there by putting your mouse cursor in an open area, and holding shift and right clicking. You should see an option that says "Open command window here" and you want to click it. Then paste in this command to get the Internet Browser code folder.
"java -jar JNUSTool.jar 000500301001210A v241"
It should do a long string of things in the terminal and then a window should appear.
First, select the arrow that looks like this, next to code (make sure that you don't select the checkbox next to code)

Scroll down until you find mvplayer.rpl, and click the arrow next to it, and then hit download.

Spoiler: What mvplayer and download look like

It should go through it's download process, and eventually finish. Once it's finished, find the output folder which should have the name "Internet Browser [HBAE01]" open the folder, and then open the "code" folder.

-Wii U Side-

Now, head over to your Wii U, and open the Homebrew Launcher with CFW on, otherwise known as signature patches. Load FTPiiU Everywhere, and open Filezilla or whatever FTP client you use.

-FTP and the Wii U-

In the box that says "host" type the IP address displayed on your gamepad screen and select "connect" on your FTP client.
If your console region is USA, go to /storage_mlc/sys/title/00050030/1001210a/code
If your console region is EUR, go to /storage_mlc/sys/title/00050030/1001220a/code
If your console region is JPN, go to /storage_mlc/sys/title/00050030/1001200a/code
Then, copy the mvplayer.rpl file from /Internet Browser [HBAE01]/code which you opened earlier to your FTP client that's open in the directory I told you to go to. It should prompt you to overwrite another file called mvplayer.rpl, and when it does, select yes. Once the file transfer is completed, press the home button on your gamepad, and do all the necessary steps to get to the home menu.

-Final steps!-

Once you're at the home menu, power down your console (TURNING OFF YOUR WII U IS REQUIRED, DO NOT SKIP THIS STEP OR THE DOWNGRADE WILL NOT WORK), then power it on, and navigate to the Internet Browser with CFW on. Go to https://loadiine.ovh on your Internet Browser, and if it redirects you to a page saying you're on 5.5.2, go to the URL that it redirects you to, and change the "l=552" to "l=551" and hit ok. Once you've done that, launch the browser exploit as you normally would and you should be good to go.

Spoiler: back to 5.5.2

Now, to change your Internet Browser back to 5.5.2, for whatever reason, do the same steps, but when doing the JNUSTool section, do "java -jar JNUSTool.jar 000500301001210A v258" instead.

-Thanks-

I hope you enjoyed this tutorial! It's my first one on here, so I do understand it's not very helpful for a beginner, but I'll try my best, thanks.

 

[Cyan]

CBHC and Haxchi are both replacing the same file in the NDS game.
so, either you have multiple NDS games, one with Haxchi, and one with CBHC, or you only have one NDS and CBHC or Haxchi.

CBHC is like haxchi, but with autoboot capability, and added features, like ftpiiu_everywhere.
if you have CBHC, you don't need mocha to use ftpiiu_everywhere.
Mocha has additional features that you probably don't need (like real time debugger)

 

[Creatable]

Haxchi is a DSIWare injection thing, but it's also persistent exploits, and one of the two exploits to survive 5.5.2, meaning I had to list it in this guide since this guide is for 5.5.2 users.
Mocha allows more control over the system than Haxchi CFW, which is what (usually) gets booted when you run Haxchi and it takes you to the home menu. It can be numerous other things, like Haxchi loading Mocha which takes you to the home menu.
I'm not sure what you meant when you said

Whatever is there is simply a part if the image file that's run when I open the appropriate icon on my home screen (I never had a desire to set up the coldboot)

but I'm assuming you think it's an image exploit? Haxchi just injects code into a DS VC game allowing you to do stuff. No image exploits needed at all.
And what @Cyan said. CBHC is just a version of Haxchi that starts on boot.

 

[Cyan]

I wasn't sure what title to choose, yours was not bad either.
If you prefer, I can set it back.

 

[Creatable]

I'll keep it like this for now, it seems more official haha. I'll be updating the guide to look better now.

 

[Creatable]

I wasn't sure what title to choose, yours was not bad either.
If you prefer, I can set it back.

Yo Cyan, it seems someone more educated on the Wii U modding scene says that Haxchi CFW actually grants the same permissions as CBHC would, meaning you don't need Mocha.

 

[Cyan]

I'll have to read latest pages of Haxchi and see what Fix94 did.
or just check the sources to be sure.
Maybe he really added the MCP Hook feature too.

edit:
I guess you are right, and we were wrong.
https://github.com/FIX94/haxchi/commit/0ad99123db6ffd119f38badaab3ab97ea3c40999
this one changed it to have both CBHC and haxchi use the same patches.

So, you can edit your first post, only launching haxchi is required, no need to use mocha.

 

[Kleyon]

Oh ?! Thanks for checking, that's what I understood but I'm not an expert on WiiU hacking, not a hacker nor a developer just an user.

 

[urherenow]

CBHC and Haxchi are both replacing the same file in the NDS game.
so, either you have multiple NDS games,

Close, but no. I have 2 games with haxchi. One is set to load HBL, and the other loads the home menu (but it's directed at an .img file or something. CBHC is not in the picture because I don't want it at the moment. What haxchi does, is a matter of what's in the .img file it points to. The one I've been using forever doesn't require mocha or anything. As soon as my home menu shows up, I can already connect to my system and alter nand files. This is how you region-free your system, which mine is. Even with no hacks activated, I can run all regions.

EDIT:

damn the slow connection.

 

[Creatable]

Close, but no. I have 2 games with haxchi. One is set to load HBL, and the other loads the home menu (but it's directed at an .img file or something. CBHC is not in the picture because I don't want it at the moment. What haxchi does, is a matter of what's in the .img file it points to. The one I've been using forever doesn't require mocha or anything. As soon as my home menu shows up, I can already connect to my system and alter nand files. This is how you region-free your system, which mine is. Even with no hacks activated, I can run all regions.

That's your fw.img which on boot should give you signature patches. You need to open that to use things region free.

 

[urherenow]

That's your fw.img which on boot should give you signature patches. You need to open that to use things region free.

No, I do not. I actually altered the appropriate file on nand to make it region free. I DO NOT USE CBHC. My system does not touch ANY fw.img until I launch haxchii from one of the DS games I put it on.

HERE: https://gbatemp.net/threads/regionhax-how-to-get-regionfree-on-wiiu.448468/

 

[Cyan]

isn't haxchi's sysmenu option easier/faster than using a fw.img file ?
maybe your fw.img has more patches, like WUP server. dimok had a fw version, and fix94 another one, doing different patches. You probably has dimok's version. Mocha is a derived work of dimok's fw.img version.
Well, as long as it works for you, it's what is important

 

[Kleyon]

However I made a mistake ! It isn't since Haxchi v2.0 but more since Haxchi v2.4 !

 

[Cyan]

yeah, haxchi thread's title is outdated too (still mentioning v2.0, I see latest is 2.5u2)
I added MCPHook support to haxchi in the wiki too.

Create_, you can remove the "Mocha and other cfw" part in your first post. just using haxchi is enough.

 

[Creatable]

yeah, haxchi thread's title is outdated too (still mentioning v2.0, I see latest is 2.5u2)

Create_, you can remove the "Mocha and other cfw" part in your first post. just using haxchi is enough.

I just removed the parts about Mocha being required. It's up to you for what CFW you choose, although Haxchi CFW would be helpful, some people don't even have it configured.

 

[Cyan]

you still have Mocha as requirement :

MEANING YOU HAVE TO LAUNCH HAXCHI, AND THEN MOCHA OR ANY OTHER CFW / SIGNATURE PATCHING PROGRAM EACH TIME YOU WANT TO USE THE BROWSER!)
This guide only requires Mocha for file transfers as Haxchi CFW does not cut it.

haxchi is enough to use ftpiiu everywhere.

Mocha is fine if they are auto-booting it with CBHC too, if users prefer Mocha over CBHC or Haxchi cfw, but it's not a requirement.


What the user only use haxchi, he has to run Haxchi as "sysmenu" first, to patch the firmware for ftpiiu_everywhere
then run haxchi again to launch the homebrew launcher (or run his installed homebrew launcher channel if he has it too)
the patch is not applied if you launch HBL or ftpiiu_everywhere directly from haxchi


Also, you should prevent writing that user will die, it's not well seen around here (or everywhere else?), even if it's an expression it's better to use another one


in the final step, maybe you could add something for users with haxchi only to let them remember they have to first launch haxchi's sysmenu option (or Mocha) before launching the browser.
I know it's in the header of the guide, but at the end it looks like it's not needed anymore "boot and go to browser" is a little ambiguous.
I think your sentense in the beginning is fine to put there too :

and open the Homebrew Launcher with CFW on, otherwise known as signature patches.

replace HBL with browser, and that's fine for the final step info that it requires CFW


sorry to bother you with rewriting your guide, I hope that's fine. don't take it badly, I'm just helping for other users to understand it well and prevent asking the same questions you'll have to reply many times.

 

[MattKimura]

Is this similar to that other thread where you can update from lower firmware to 5.5.2 but with an exploitable browser? In that particular guide, you had to make sure you had DNS or else the browser would update. Is that the case for this guide, would you "Need" DNS or else?

Just curious how it works. This would be very helpful either way : p

 

[Cyan]

no, it's different.

The other thread updates all titles except the browser's title. It means it keeps the full 5.5.1's browser title. The console always try to update it, and you need to block the update URLs.

this tutorial is not installing or replacing the browser used by 5.5.1 entirely (v241), but only the video module from it, which has the vulnerability.
it means the browser is the one from 5.5.2 (v258), all its module too, except the video player.

you don't need the DNS blocking, it will NOT update the browser as it's already the version v258 (used by 5.5.2).

though, it's always a good idea to keep blocking further unexpected updates.

 

[dragon_from_iso]

when using this command java -jar JNUSTool.jar 000500301001210A v241 im getting commonkey length is wrong error

 

[Sandmann]

Take this file

 

[ShadowOne333]

So by replacing the rpl file of the player, we can access the 5.5.1 vulnerability in 5.5.2 without running signature patches before entering the browser? Or do we still need to run sigpatches before entering the browser to make it work?