Hacking Feel like haxchi could still be installed on 5.5.2 if you have otp and seeprom

[wiiupoo]

If someone has seeprom and otp dumps from previous exploits I feel like an entrypoint is still available.

1) buy exploitable VC title
2) copy to USB
3) decrypt USB

4) encrypt USB with different otp/seeprom for use with other console on 5.5.1
5) exploit VC title
6) decrypt USB

7) encrypt USB for original console.

 

[::Phoenix::]

If you can decrypt the USB drive, you don't need to encrypt it for a 5.5.1 console. Just copy over the modified DS ROM of cbhc with the exploit applied and then re-encrypt for the original console.

 

[wiiupoo]

If you can decrypt the USB drive, you don't need to encrypt it for a 5.5.1 console. Just copy over the modified DS ROM of cbhc with the exploit applied and then re-encrypt for the original console.

Well demonik and nwplayer already did encryption/decryption of the USB drive successfully but they were not able to figure out the wiiu file system. That means we cannot yet modify it directly without using system calls.

 

[::Phoenix::]

Well demonik and nwplayer already did encryption/decryption of the USB drive successfully but they were not able to figure out the wiiu file system. That means we cannot yet modify it directly without using system calls.

Unless the filesystem has some kind of per-file checksum, you don't need to reverse the filesystem. Just look inside the decrypted USB image with an hex editor for the original zipped ROM and replace it with the modified one. Since the modified one is 100% smaller than the original, since it is just a fake rom containing the exploit, it suffices to pad the remaining data with zeroes.

 

[wiiupoo]

Unless the filesystem has some kind of per-file checksum, you don't need to reverse the filesystem. Just look inside the decrypted USB image with an hex editor for the original zipped ROM and replace it with the modified one. Since the modified one is 100% smaller than the original, since it is just a fake rom containing the exploit, it suffices to pad the remaining data with zeroes.

Well in that case you would be able to skip the other wiiu. No really knows yet without trying as how the file syste will handle it.

 

[::Phoenix::]

Well in that case you would be able to skip the other wiiu. No really knows yet without trying as how the file syste will handle it.

Well trying is risk-free. In the worst case, you need to format your USB drive and download your already purchased game again.

 

[QuarkTheAwesome]

Paging @EyeKey; guy who knows about the Wii U Filesystem(tm)

 

[EyeKey]

It is possible and I mentioned the same thing after the firmware update (without using a different console). I am going to release really soon a tool to dump files from wfs. Modifying it will require more coding, so I don't know when it will be ready.

And the issue with your method is that in order to reencrypt the whole wfs correctly you need to parse it anyway. (There is IV per block that depends on few things). And even for extracting it there are some small parts that I ignore right now that may do issues if you don't reencrypt them correctly.

Unless the filesystem has some kind of per-file checksum, you don't need to reverse the filesystem. Just look inside the decrypted USB image with an hex editor for the original zipped ROM and replace it with the modified one. Since the modified one is 100% smaller than the original, since it is just a fake rom containing the exploit, it suffices to pad the remaining data with zeroes.

There are hashes on everything...

 

[DeadlyFoez]

The real problem is, if you do not have the per sonsole keys, then how the hell are you going to get them without an exploit? And, if you have an exploit to be able to get them, then you don't need to use this method.

The only scenario where this would work is if you dumped the keys, never installed haxchi, and then got updated to 5.5.2, but if that is the case that you could run exploits but never spent the $5 to install an exploitable DS title for haxchi, then you are an idiot and deserve to lose your chance or pay lots of money for someone to do the legwork of manually installing it.

 

[Valery0p]

People with rednand should have a Seeprom+Otp dump by the way...
(Also, you need only the Seeprom usb seed, since the Otp usb key is the same for every console)

 

[wiiupoo]

People with rednand should have a Seeprom+Otp dump by the way...
(Also, you need only the Seeprom usb seed, since the Otp usb key is the same for every console)

I believe the seeprom USB seed increments by one on every USB drive format setup.

Depending on the time passed since the seeprom dump and the ammount of new formats then you may also want to brute force it by increment by one a few times.

 

[sealeyboi]

well i better start working

 

[EyeKey]

I believe the seeprom USB seed increments by one on every USB drive format setup.

Depending on the time passed since the seeprom dump and the ammount of new formats then you may also want to brute force it by increment by one a few times.

No, it is the same for all the formated USB. (Formatting new USB doesn't make the old ones to stop working)