[RELEASE] drxtool - gamepad+drh firmware hacking utility

Discussion in 'Wii U - Hacking & Backup Loaders' started by WulfyStylez, Dec 14, 2016.

  1. WulfyStylez
    OP

    Member WulfyStylez SALT/Bemani Princess

    Joined:
    Nov 3, 2013
    Messages:
    1,149
    Country:
    United States
    Hey! I finally got around to rewriting this and making it more useful. Hopefully this will inspire and assist with some useful hacks and research. From the readme:

    drxtool enables extraction, modification, and rebuilding of drc (gamepad) and drh (host) firmware binaries, including actual firmware (e.g. drc_fw.bin, drh_fw.bin) as well as language data (lang_00.bin, etc.) this subsequently allows for firmware RE and patching, switching out graphics, enabling debug modes, etc.
    drop a binary onto drxtool to extract it to [filename]_extracted. it will be split into its components, including separate sections for firmwares. language files are a big blob since their layout is determined per-firmware-version.
    drop an extracted folder onto drxtool to rebuild it to [foldername].bin.
    in both cases, drxtool can be invoked from command line/terminal for additional debug output.

    this has been tested and is working on all DRC, DRH, and language data dating back to the very first external beta builds for near-final gamepad hardware (v16, though v15 likely ran on this hardware as well). earlier hardware uses a different update format (the hw has all likely been destroyed by now.)

    to flash binaries with ios-level hax, try bumping up the first big-endian u32 in blob_header.bin by 1, as well as bumping up the version in app.xml. updating VER_.bin isn't necessary as the gamepad and drh don't care what version they're on, only IOS.
    other update methods include potentially using libdrc to push an update directly to the gamepad (strip the first 0x10 as this is a big-endian header used by IOS) or by writing the payload directly to the serial eeprom (strip the first 0x10+0x1000+0x4000), which is useful for unbricking.

    good luck, and try not to brick!

    changelog:
    2.0 - 12/14/2016:
    - initial public release
    1.0 - 08/10/2016:
    - it lives!


    downloads (v2.0):
    MEDIAFIRE
    MEGA
     

    Attached Files:

    Last edited by WulfyStylez, Dec 14, 2016 - Reason: minor clarification


  2. Psi-hate

    Member Psi-hate GBATemp's Official Psi-Hater

    Joined:
    Dec 14, 2014
    Messages:
    1,580
    Location:
    Houston
    Country:
    United States
    Thank you based wulfy
     
    Mrrraou and Dazzozo like this.
  3. Naendow

    Member Naendow Brick-Master

    Joined:
    Jan 4, 2016
    Messages:
    229
    Country:
    Germany
    Looks like it could be useful anytime. Thx for this :)
     
  4. Daggot

    Member Daggot GBAtemp Fan

    Joined:
    Aug 3, 2015
    Messages:
    461
    Country:
    United States
    Thanks dude.
     
  5. asper

    Member asper GBAtemp Advanced Fan

    Joined:
    May 14, 2010
    Messages:
    557
    Country:
    United States
    The files your tool (good tool!) supports are updates binaries.

    In the full DRC firmware (32MBs - you can obtain it by hardware-dumping) 1st release, with no updates (so i suppose v5128):
    ERR starts at: 0x1D2D8E
    IMG starts at: 0x245830
    INDX starts at: 0x100000
    LVC starts at: 0x100070
    UMI starts at: 0x23EEEE
    VER starts at: 0x100070
    WIFI starts at: 0x195AD8

    The section in which they are located in the full firmware is 0x0100000 (8.388.608 bytes).
     
    Last edited by asper, Dec 14, 2016
  6. pietempgba

    Member pietempgba GBAtemp Advanced Fan

    Joined:
    Jun 9, 2016
    Messages:
    786
    Country:
    United States
    This might eventually make the gamepad region free
     
  7. huma_dawii

    Member huma_dawii GBAtemp Maniac

    Joined:
    Apr 3, 2014
    Messages:
    1,142
    Location:
    Key Largo, Florida
    Country:
    United States
    What is this for?
     
  8. pietempgba

    Member pietempgba GBAtemp Advanced Fan

    Joined:
    Jun 9, 2016
    Messages:
    786
    Country:
    United States
    this is for extracting the gamepad firmware drc_fw.bin drh_fw.bin and all the other stuff on the gamepad firmware
     
  9. TotalInsanity4

    Member TotalInsanity4 GBAtemp Supreme Overlord

    Joined:
    Dec 1, 2014
    Messages:
    6,384
    Location:
    Under a rock
    Country:
    United States
    Is it not already?
     
  10. xtheman

    Member xtheman Custom Titles are trash.

    Joined:
    Jan 28, 2016
    Messages:
    5,828
    Country:
    Antarctica
    It isn't It still needs to be the same region as the base console to connect so JPN drc won't link to USA wii u.
     
  11. WulfyStylez
    OP

    Member WulfyStylez SALT/Bemani Princess

    Joined:
    Nov 3, 2013
    Messages:
    1,149
    Country:
    United States
    Yep, modifications to allow stuff like region unlocking/changing and enabling the DK Menu (not that you need it on retail, but...) are possible now. I'd check out libdrc's RE docs for a crash course on firmware format and gamepad internals, since there's quite a lot going on.
    As an example, you can tear into the main ARM processor's firmware by loading LVC_.bin as ARM little-endian at address 0x0 in your tool of choice.

    EDIT: I do have plans to release something allowing people to change boot screens too, as was demonstrated in the past. At the moment that tool's still in proof-of-concept state (haven't touched it since I made that video) and needs a rework, so expect to see it eventually.
     
    Last edited by WulfyStylez, Dec 14, 2016
  12. TotalInsanity4

    Member TotalInsanity4 GBAtemp Supreme Overlord

    Joined:
    Dec 1, 2014
    Messages:
    6,384
    Location:
    Under a rock
    Country:
    United States
    I hate to ask, since this is a question that ALWAYS gets ask, but is it possible (in the future) to develop this to a point where you could stream the gamepad screen to a PC window?
     
    yuyuyup likes this.
  13. xtheman

    Member xtheman Custom Titles are trash.

    Joined:
    Jan 28, 2016
    Messages:
    5,828
    Country:
    Antarctica
    It is already been done. Linux only

     
    AboodXD likes this.
  14. TotalInsanity4

    Member TotalInsanity4 GBAtemp Supreme Overlord

    Joined:
    Dec 1, 2014
    Messages:
    6,384
    Location:
    Under a rock
    Country:
    United States
    I'm fully aware of the existence of that, which is exactly why I'm asking if it's possible with this XD
     
  15. xtheman

    Member xtheman Custom Titles are trash.

    Joined:
    Jan 28, 2016
    Messages:
    5,828
    Country:
    Antarctica
    You can do it without this.
     
  16. TotalInsanity4

    Member TotalInsanity4 GBAtemp Supreme Overlord

    Joined:
    Dec 1, 2014
    Messages:
    6,384
    Location:
    Under a rock
    Country:
    United States
    I know. I've tried it, I couldn't even get it to compile, and I have yet to meet someone on this website who's successfully gotten it working
     
    I pwned U! likes this.
  17. Antonio Ricardo

    Member Antonio Ricardo GBAtemp Fan

    Joined:
    Apr 29, 2013
    Messages:
    355
    Location:
    Rio de Janeiro
    Country:
    Brazil
    I think most dificult is the touch screen gamepad, i dont know if a gamepad stream on pc would be good.
    @WulfyStylez we can control a game with Pro Controller and use a touch screen gamepad on other device?
    Because Gamepad will not last forever, one day will broke. @Maschell is doing a great work with HID but we have to look a way to substitute touch screen, i dont know if this is possible.
     
    Last edited by Antonio Ricardo, Dec 14, 2016
    TotalInsanity4 likes this.
  18. TotalInsanity4

    Member TotalInsanity4 GBAtemp Supreme Overlord

    Joined:
    Dec 1, 2014
    Messages:
    6,384
    Location:
    Under a rock
    Country:
    United States
    Don't wanna play, just want to record :P
     
  19. driverdis

    Member driverdis I am Justice

    Joined:
    Sep 21, 2011
    Messages:
    2,226
    Location:
    1.048596β
    Country:
    United States
    I thought the problem was that it could link up and work normally until an update tries to apply, which will fail as the gamepad region does not match the console region.
     
  20. emmanu888

    Member emmanu888 6 years and still going strong

    Joined:
    Jan 25, 2009
    Messages:
    1,243
    Location:
    Victoriaville,Québec
    Country:
    Canada
    Does this means that in the near future. We could have region free Wii U's and region free Gamepad's?
     

Share This Page