Waiting for 5.6.6.4.5.7.8.1.1.5
Come on guys in every f***** corner you can see that is not working with Fw Above 5.3.2
stop spaming the shit outta the forum with your request
Wait for it or buy a new with fw 5.3.2 or less
or the best you can do is develop it self
Waiting for 5.6.6.4.5.7.8.1.1.5
Come on guys in every f***** corner you can see that is not working with Fw Above 5.3.2
stop spaming the shit outta the forum with your request
Wait for it or buy a new with fw 5.3.2 or less
or the best you can do is develop it self
For those who are still in 4.1.0, i've start the porting of loadiine for this firmware
For now, it's just the v3 because there has been many change of address on v4 i don't understand for now.
All this project is for educational, i try to learn how all of this work
Also, i'm French so be indulgent
You Sir are a saint! Now I can update to 4.1, use your Loadline and still have the "easier" IOSU when it comes! So much better that it sitting in a box like its doing now. Lol Thanks to everyone who puts this effort in for sharing.
Has nobody tested this yet? Been waiting for someone to be like "Awesome I'm on 4.1.0, and this works!" or something like that.
I'm on 5.3.2 myself, but I'm very curious about this for 4.1.0 users for some reason.
4.0 and older work completely different, while with 4.1.0 and newer you can just change around addresses 4.0 and older use a different memory layout as well as the main executable loader is completely different so you have to rewrite loadiine to follow that, I will eventually come to it on my 3.1.0, probably when I have some more free time.
I will try to explain my "method" for, why not, porting it to other firmware
I take some base the loadiine v3 (bf42d94) --> you can download it here
I'm not so smart and i don't know all of this work so i use the "method" of comparison (with IDA PRO), and some mathematics Read all this post before download anything and if you feel capable of doing it ... try
1 - Download the "OS" for the firmware you want to port loadiine and 5.3.2 firmware (to compare)
- for this step, i used NUSgrabber from crediar --> download NUSgrabber here
- you can use Uwizard or NUSGrabberGUI if you prefer
- use NUSgrabber like this :
NUSgrabber 000500101000400A [OSv11 version]
[OSv11 version] must be replace by the version of firmware
Look at the line "OSv11" in the Wiiubrew Title Database
For example, on 5.3.2 firmware, it's v11464 so the line will be :
NUSgrabber 000500101000400A 11464
- now (if you use NUSgrabber), you must have a directory named "000500101000400A" in the same directory of NUSgrabber
and in this directory, 2 others : 1 named "11464" (this one is the 5.3.2 "OS") and the other must fit the version of your "OS" firmware (ex. 5883 for 4.1.0 "OS")
2 - Extract the 2 "OS" version to compare
- in the 2 directory (11464 and the other for your firmware), use CDecrypt from crediar like this :
- if all is good, you must have a new directory named "code" on 11464 and the other (the one fit your firmware version)
3 - Use IDA PRO (disassembler) to find address
- download IDA PRO --> don't ask me where to find it
- use aerosoul94 WiiU loader --> look here
- open "coreinit.rpl" in IDA, wait a little for the program to disassemble
- go to the "Exports" tab on IDA and you will see addresses in front of function's name
- for the 0x1xxxxxxx address, they're GOOD but for the 0x02xxxxxx, we must make some mathematics
4 - Some mathematics ...
- for the 0x02xxxxxx, we must find a base address for our calculations
- for this, you must use the payload ("address.zip") attached below (use it "directly", no need kernel exploit)
- it will display (if your WiiU is exploitable) some address :
OSScreenInit is at : 0xXXXXXXX --> will be the "base" for "coreinit.rpl"
socket_lib_init for "nsysnet.rpl"
GX2WaitForVsync for "gx2.rpl"
VPADRead for "vpad.rpl"
SYSLaunchMiiStudio for "sysapp.rpl"
- on my 4.1.0 WiiU, i have :
OSScreenInit is at : 0x10352F8
socket_lib_init is at : 0x10B44D4
GX2WaitForVsync is at : 0x11454BC
VPADRead is at : 0x111D5DC
SYSLaunchMiiStudio is at : 0xDEAB888
- now back to "coreinit.rpl" in IDA, in "Exports" tab, search "OSScreenInit" function
For my 5883 "OS" version, i have 0x020196F8 in front of "OSScreenInit" function in IDA
So :
0x020196F8 - 0x10352F8 = 0xFE4400 ==> "MAGIC" number for "coreinit.rpl" for 4.1.0 firmware
With this "MAGIC" number, we may know all address of the functions present in "coreinit.rpl"
For example, address of FSAInit (which is in "coreinit.rpl") can be calculate by :
0x0203DF1C (IDA address) - 0xFE4400 ("MAGIC" coreinit number) = 0x1059B1C (REAL address of FSAInit for 410 firmware)
For my 5883 "OS" version (4.1.0), i have 0x02000514 in front of "socket_lib_init" function in IDA
So :
0x02000514 - 0x10B44D4 = 0xF4C040 ==> "MAGIC" number for "nsysnet.rpl" for 4.1.0 firmware
With this "MAGIC" number, we may know all address of the functions present in "nsysnet.rpl"
For example, address of connect (which is in "nsysnet.rpl") can be calculate by :
0x02000A3C (IDA address) - 0xF4C040 ("MAGIC" coreinit number) = 0x10B49FC (REAL address of connect for 410 firmware)
- we can do the same for the others, to find all functions to replaces in loadiine source
(SOON) 5 - Make some address adjustment on some functions
On file launcher.c :
- change address in InstallMenu() function (done by compare with IDA in coreinit.rpl)
- change address in InstallLoader() function (done by compare with IDA in loader.elf)
...
4.0 and older work completely different, while with 4.1.0 and newer you can just change around addresses 4.0 and older use a different memory layout as well as the main executable loader is completely different so you have to rewrite loadiine to follow that, I will eventually come to it on my 3.1.0, probably when I have some more free time.
Thanks a lot for the tutorial, ptitleray
I will try to get it working on 5.0.0
If anyone else is interested in trying to make it work for 5.0.0, here are the addresses to get started:
OSScreenInit is at: 0x1039AD8
socket_lib_init is at: 0x10BF2F4
GX2WaitForVsync is at: 0x1150868
VPADRead is at: 0x11283D0
SYSLaunchMiiStudio is at: 0xDEAAE68
As each year passes, retro games become harder and harder to play, as the physical media begins to fall apart and becomes more difficult and expensive to obtain. The...
While rumors had been floating about rampantly as to the future plans of Nintendo, the President of the company, Shuntaro Furukawa, made a brief statement confirming...
TheFlow has done it again--a new kernel exploit has been released for PlayStation 4 consoles. This latest exploit is called PPPwn, and works on PlayStation 4 systems...
Nintendo has officially announced that a successor to the beloved Switch console is on the horizon. As we eagerly anticipate what innovations this new device will...
DOOM is well-known for being ported to basically every device with some kind of input, and that list now includes the old retro game console in Persona 5 Royal...
With just a couple weeks after its initial release in the App Store, the Delta emulator for iOS was received with great success, after Apple loosened up its rules in...
With the vast success of Super Mario Maker and its Switch sequel Super Mario Maker 2, Nintendo fans have long been calling for "Maker" titles for other iconic genres...
Retro handheld manufacturer Anbernic has revealed its first clamshell device: the Anbernic RG35XXSP. As the suffix indicates, this handheld's design is inspired by...
After rumour got out about an upcoming NES Edition release for the famed Nintendo World Championships, Nintendo has officially unveiled the new game, titled "Nintendo...
The number of layoffs and cuts in the videogame industry sadly continue to grow, with the latest huge layoffs coming from Microsoft, due to what MIcrosoft calls a...
Nintendo has officially announced that a successor to the beloved Switch console is on the horizon. As we eagerly anticipate what innovations this new device will...
While rumors had been floating about rampantly as to the future plans of Nintendo, the President of the company, Shuntaro Furukawa, made a brief statement confirming...
As each year passes, retro games become harder and harder to play, as the physical media begins to fall apart and becomes more difficult and expensive to obtain. The...
Ubisoft has today officially revealed the next installment in the Assassin's Creed franchise: Assassin's Creed Shadows. This entry is set in late Sengoku-era Japan...
After a little more than three years of exclusivity with the Epic Games Store, Square Enix has decided to bring their beloved Kingdom Hearts franchise to Steam. The...
TheFlow has done it again--a new kernel exploit has been released for PlayStation 4 consoles. This latest exploit is called PPPwn, and works on PlayStation 4 systems...
After rumour got out about an upcoming NES Edition release for the famed Nintendo World Championships, Nintendo has officially unveiled the new game, titled "Nintendo...
DOOM is well-known for being ported to basically every device with some kind of input, and that list now includes the old retro game console in Persona 5 Royal...
The number of layoffs and cuts in the videogame industry sadly continue to grow, with the latest huge layoffs coming from Microsoft, due to what MIcrosoft calls a...
With the vast success of Super Mario Maker and its Switch sequel Super Mario Maker 2, Nintendo fans have long been calling for "Maker" titles for other iconic genres...
i used to go out to the recycling center every couple weeks and look at the crts and other electronics people would drop off. Usually screens were broken or severely scratched from being tossed around. Did find a good one here and there, but never anything like a 1080i widescreen crt.
I have a few of those boat anchors in my basement I tried giving away but no one wanted them, So anyone close to Columbus, Ohio area that wants them, (26", 2x 19") please come get, for free.