Hacking Firmware Reverse Engineering (Info Dump)

[steelseth]

I've never seen NWPlayer go off about piracy. Some other ones though... Your post is both off topic, and trash.

Side note: Nice to see devs looking for a more crowd sourced approach in the general public, hopefully smarter people than I can help get this documented out faster. I'll continue to poke around, and as discussion grows, I'll probably get a better idea of where to poke around.

My post wasnt directed to NW but to all devs. But anything against our beloved devs is trash.
It would be nice to see all those opposing piracy to let us know of their views.
The only non hypocritical thing to do is either buy the software for the developers or demand everything to shut down.

EDIT: They should also stop using all homebrew that was a result of piracy.

 

[BothyBhoy]

I'd prefer it if this thread was kept to just posts adding more info about kernel etc so others don't have to dig thru pages

Totally agree @NWPlayer123, but thanks for this. I will not comment any further. Just to say I will watch closely as will countless others.....the.

 

[pwsincd]

@NWPlayer123 is this what @Datalogger has been working on , elsewhere?

 

[Antonio Ricardo]

@NWPlayer123 is this what @Datalogger has been working on , elsewhere?

Yes, @Datalogger was working on IDA for a long time but we dont know the work progress. Ryan was working too.
Create your own firmware AKA CFW/Emunand. Is a risk people knowing how to do but we need more progress.

 

[H3llbender]

Hmm, thanks alot NWPlayer123, I guess i'll take a shot at my own kernel exploit solution since you made this well executed tutorial.

 

[pwsincd]

Yes, @Datalogger was working on IDA for a long time but we dont know the work progress. Ryan was working too.
Create your own firmware AKA CFW/Emunand. Is a risk people knowing how to do but we need more progress.

no i know DL's progress , as i know where its documented , as does nwplayer .. question was specific.

 

[Antonio Ricardo]

no i know DL's progress , as i know where its documented , as does nwplayer .. question was specific.

No, he doens't documented, i remember he said would help anyone who wanted to learn about IDA.

 

[pwsincd]

No, he doens't documented, i remember he said would help anyone who wanted to learn about IDA.

what are you saying ? i have told you that i know , and your telling me i dont ? you have confused me a little..

 

[Antonio Ricardo]

what are you saying ? i have told you that i know , and your telling me i dont ? you have confused me a little..

Sorry, forget it.

 

[BurningDesire]

This is fresh squidsister at least now I know where/how to start + Motivation = poor and can't buy games

 

[ARVI80]

Please correct me if I'm wrong but looking at the wii u boot chain for launching titles there are 4 steps, 2 of the 4 steps are images that can contain data with audio wich is allowed according to the devkit. The nand can be instructed by the title launch parameters, including from the meta tags, to not disable anything on boot and also disable any checks. A master ROM can be created and called via the title launcher as long as it matches the console info.

On another note I think it's slightly insulting to developers when people talk about boot loaders for piracy simply because it's probably the easiest task to accomplish. The hard work needed to build a platform for homebrew is where the challenge lies and what keeps devs going. To simply hack and console for piracy is a bore and many devs would rather move on. If only people could understand that concept.

 

[ryuutseku85]

As I look inside the kernel , I can tell that we need to expand rom adress at the end to 0xFFFFFFF ( at 1 F near ) there is some "Dword " at the end .

Mw , just a little question , I know how to get the magic happening in arm with the f5 magic touch , but it's not working on the ppc . Any advice ?

Get my head on fw kernel and myqteriU ... do I have a life ? That the best question .

Pswincd : don't talk to loud you gonna wake up the kids lol .

 

[pwsincd]

As I look inside the kernel , I can tell that we need to expand rom adress at the end to 0xFFFFFFF ( at 1 F near ) there is some "Dword " at the end .

Mw , just a little question , I know how to get the magic happening in arm with the f5 magic touch , but it's not working on the ppc . Any advice ?

Get my head on fw kernel and myqteriU ... do I have a life ? That the best question .

Pswincd : don't talk to loud you gonna wake up the kids lol .

Well it might wake others lol

 

[ryuutseku85]

I hope so

 

[Billy Acuña]

Pretty interesting... Something about IOSU, but without Hykem

 

[Net-KILLER]

Pretty interesting... Something about IOSU, but without Hykem

Until now...

 

[rw-r-r_0644]

@NWPlayer123 I was trying to decompile the Espresso kernel image but in IDA in processor options it asks for TOC adress, SDA (r13) Adress and MNIO base. I have no idea on what's wrong

 

[NWPlayer123]

Mw , just a little question , I know how to get the magic happening in arm with the f5 magic touch , but it's not working on the ppc . Any advice ?

That's just it, the Hex Rays Decompiler doesn't support PPC :< if it did my life would be at least 4 times easier

@NWPlayer123 I was trying to decompile the Espresso kernel image but in IDA in processor options it asks for TOC adress, SDA (r13) Adress and MNIO base. I have no idea on what's wrong

Just put in 0xFFFFFFFF, mine fills it in automatically

 

[Bug_Checker_]

For those of you who may not be as comfortable with PowerPC/ppc opcodes or disassembly, you might try
using ppc2c . I believe the version below was modified for ida 6.5.

https://github.com/nihilus/ppc2c/commits/master

 

[z0mb3]

Let me estimate you got a decrypted binary file with readable text and call it decryptedbin.out.
And you want to create an elf file (decryptedbin.elf). Then use DevkitPPC executable ...

powerpc-eabi-objcopy -I binary -O elf32-powerpc -B powerpc --change-addresses=0xffe00000 --set-section-flags .data=code decryptedbin.out decryptedbin.elf

IDA likes those elf files.