Hacking Wii U Hacking & Homebrew Discussion

[rumblpak]

Are you sure? 5.1.1 only patched the bugs we were using, they didn't update the browser. Unless you're saying 5.1.2 is different? (I'm pretty sure they didn't even change the browser in 5.1.2 though)

Based off of the source released by nintendo, it is a build based off of a changelog date of may 15, 2014. If you download it and go into the webkit3.1.1\webkit\webcore folder and view the changelog, the most recent change is:
"2014-05-15 Daniel Bates <[email protected]>"

Unless anyone has more knowledge to add, my guess is this avenue is over until someone finds a webkit hole.

 

[FaTaL_ErRoR]

Based off of the source released by nintendo, it is a build based off of a changelog date of may 15, 2014. If you download it and go into the webkit3.1.1\webkit\webcore folder and view the changelog, the most recent change is:
"2014-05-15 Daniel Bates <[email protected]>"

Unless anyone has more knowledge to add, my guess is this avenue is over until someone finds a webkit hole.

Yeah I noticed when you put it in dev mode it turns it off when the browser is closed now.

 

[rumblpak]

However, and contrary to my original point, this does not mean that the hack by marcan where he wired directly to the wii's memory card bus, shown here: https://fail0verflow.com/media/30c3-slides/#/15/3, is patched. How useful this will be at this point remains to be seen. Honestly, I wouldn't worry about forward patching until we have something useful at the stage we are at. The largest issue at the current stage is persistent storage and without it there is no chance of a HomebrU Channel. We can, in the future, replicate what f0f did in 2013; however, even they mention that they had not achieved persistent storage.

 

[WulfyStylez]

However, and contrary to my original point, this does not mean that the hack by marcan where he wired directly to the wii's memory card bus, shown here: https://fail0verflow.com/media/30c3-slides/#/15/3, is patched. How useful this will be at this point remains to be seen. Honestly, I wouldn't worry about forward patching until we have something useful at the stage we are at. The largest issue at the current stage is persistent storage and without it there is no chance of a HomebrU Channel. We can, in the future, replicate what f0f did in 2013; however, even they mention that they had not achieved persistent storage.

Their setup was for dumping low-level stuff. We do the same thing but write files to SD instead.
Also holy crap, can we all collectively stop shoehorning the letter U into names for things? It makes my graphic designer side wanna cryU.

 

[filfat]

Their setup was for dumping low-level stuff. We do the same thing but write files to SD instead.
Also holy crap, can we all collectively stop shoehorning the letter U into names for things? It makes my graphic designer side wanna cryU.

Are U sUre? 'U' SeemsU toU beingU PrettyU CoolU AccordingU toU GBATempU. U

 

[rumblpak]

No problem WolfyStyles. Won't do it anymore.

Also, I was stating for using it for further hacking in higher versions. Yes, it works for the low-level stuff, but it should also work for high level stuff.

 

[FaTaL_ErRoR]

http://imageshack.com/i/ezjhaH4Ap
http://imageshack.com/i/hjiSFNCFp This can get interesting.
http://imageshack.com/i/f0qw2xaXp
How's that go wulfy? Just some more useless stuff?
Or does this top the dumbest post ever ninja carver?
If it is then explain to me how I am able to read this data alter it then reset it's disk identifier. Then play off it. I mean the screenshots are pretty much useless to most. as they really contain little data. But the access is there.

 

[WulfyStylez]

http://imageshack.com/i/ezjhaH4Ap
http://imageshack.com/i/hjiSFNCFp This can get interesting.
http://imageshack.com/i/f0qw2xaXp
How's that go wulfy? Just some more useless stuff?
Or does this top the dumbest post ever ninja carver?
If it is then explain to me how I am able to read this data alter it then reset it's disk identifier. Then play off it. I mean the screenshots are pretty much useless to most. as they really contain little data. But the access is there.

The second one is 404'ing for me but I'm assuming you're poking around with eMMC? Like, reformatting it (after having backed it up hopefully). It's still not useful right now if that's what it is. In fact, it looks like you've literally just learned to use the terminal under Linux.

Backing up the TSOP flash AND eMMC might be helpful for restoring to older firmware versions (nobody's tested yet and I don't want to physically void my warranty), so if you have the right equipment you could try that pretty easily.

 

[NWPlayer123]

The second one is 404'ing for me but I'm assuming you're poking around with eMMC? Like, reformatting it (after having backed it up hopefully). It's still not useful right now if that's what it is. In fact, it looks like you've literally just learned to use the terminal under Linux.

Backing up the TSOP flash AND eMMC might be helpful for restoring to older firmware versions (nobody's tested yet and I don't want to physically void my warranty), so if you have the right equipment you could try that pretty easily.

Exactly, if you're not going to try then who is? It's an endless cycle. Don't degrade people for trying, at the very least they're learning from mistakes (or the lack thereof)

 

[FaTaL_ErRoR]

well it's not really emmc as in the hard mounted sense. It's a wii u formatted flash drive with a save file (black ops 2) and hulu plus. And oops forgot to screenshot the slightly modded dislocker portion in terminal.
I am also not backing up anything. Only copying from the wii u. (so if I screw up at least the originals are still on the wii u) I am attempting to make it code dump from the save file. And attempting to figure out how hulu is is functioning on the wii u. (maybe possibility of modding those apps for homebrew or something)
When I booted the usb save file it locked up the console. (not my intention) and of course hulu still functioned as I did nothing to it.
But screenshot two shows the disk identifier. Which is a much needed item.
As far as linux goes, I have been a user on linux for many years. Terminal is the equivalent to dos on windows. But the majority of linux programs run in terminal whereas most windows programs are gui based. I know terminal and dos appear to be outdated tools but the reality is all actual dev tools are written in dos and function from it. Linux just keeps the distros small by not filling it with tons of code for different programs. Also requires less memory. (thus the ability to run two distros off one pc at the same time)

 

[WulfyStylez]

well it's not really emmc as in the hard mounted sense. It's a wii u formatted flash drive with a save file (black ops 2) and hulu plus. And oops forgot to screenshot the slightly modded dislocker portion in terminal.
I am also not backing up anything. Only copying from the wii u. (so if I screw up at least the originals are still on the wii u) I am attempting to make it code dump from the save file. And attempting to figure out how hulu is is functioning on the wii u. (maybe possibility of modding those apps for homebrew or something)
When I booted the usb save file it locked up the console. (not my intention) and of course hulu still functioned as I did nothing to it.
But screenshot two shows the disk identifier. Which is a much needed item.
As far as linux goes, I have been a user on linux for many years. Terminal is the equivalent to dos on windows. But the majority of linux programs run in terminal whereas most windows programs are gui based. I know terminal and dos appear to be outdated tools but the reality is all actual dev tools are written in dos and function from it. Linux just keeps the distros small by not filling it with tons of code for different programs. Also requires less memory. (thus the ability to run two distros off one pc at the same time)

I know about Linux's terminal. The long exposition about it still makes me feel like you're a fairly new Linux user, but whatever. Also you keep calling the command prompt 'DOS'. Two very different things with a very different backend.
How would dislocker help you at all? Wii U drives aren't bitlocker-encrypted.
Every disk has plenty of identifiers, and your one identifier doesn't mean a whole lot.

Exactly, if you're not going to try then who is? It's an endless cycle. Don't degrade people for trying, at the very least they're learning from mistakes (or the lack thereof)

I gave that idea at the end as something more productive worth testing, rather than poking at signed and well-secured save storage. It's different that what he's trying.

 

[OncleJulien]

Terminal is the equivalent to dos on windows.

exactly - just as textedit is the equivalent to BSD on OSX.

 

[Duo8]

well it's not really emmc as in the hard mounted sense. It's a wii u formatted flash drive with a save file (black ops 2) and hulu plus. And oops forgot to screenshot the slightly modded dislocker portion in terminal.
I am also not backing up anything. Only copying from the wii u. (so if I screw up at least the originals are still on the wii u) I am attempting to make it code dump from the save file. And attempting to figure out how hulu is is functioning on the wii u. (maybe possibility of modding those apps for homebrew or something)
When I booted the usb save file it locked up the console. (not my intention) and of course hulu still functioned as I did nothing to it.
But screenshot two shows the disk identifier. Which is a much needed item.
As far as linux goes, I have been a user on linux for many years. Terminal is the equivalent to dos on windows. But the majority of linux programs run in terminal whereas most windows programs are gui based. I know terminal and dos appear to be outdated tools but the reality is all actual dev tools are written in dos and function from it. Linux just keeps the distros small by not filling it with tons of code for different programs. Also requires less memory. (thus the ability to run two distros off one pc at the same time)

Oh I thought you wired up the eMMC. Explains the "Play off it" bit I guess.
Can you you solder? If so can you dump the eMMC and the WiiU NAND chip?

 

[WulfyStylez]

Is anyone on here on 5.1.2 and willing to do a few specific packet captures for me? There's a fairly reasonable MITM exploit, but none of us can test it since none of us or our friends are on 5.1.2.

If you're on that version and already know how to use Wireshark with your Wii U, just PM me. Thanks.

 

[the_randomizer]

Is anyone on here on 5.1.2 and willing to do a few specific packet captures for me? There's a fairly reasonable MITM exploit, but none of us can test it since none of us or our friends are on 5.1.2.

If you're on that version and already know how to use Wireshark with your Wii U, just PM me. Thanks.

Could this possibly lead to or at least, eventually make it safe to update to 5.1.2? Currently on 5.1.0.

 

[WulfyStylez]

Could this possibly lead to or at least, eventually make it safe to update to 5.1.2? Currently on 5.1.0.

Too early to say.

 

[the_randomizer]

Too early to say.

Just wondering, kinda worried when SSB rolls around.

 

[filfat]

-snip-

 

[yahoo]

Some tangential inspiration: http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html

 

[Ninja_Carver]

Or does this top the dumbest post ever ninja carver?

Yes. For all I know /dev/sdb can be your second hard drive.

sysadm@epiphany:~$ sudo hexdump /dev/sda1 | head
0000000 0000 0000 0000 0000 0000 0000 0000 0000
*
0000400 ee80 0000 b900 0003 2fa6 0000 b02c 0002
0000410 ed09 0000 0000 0000 0002 0000 0002 0000
0000420 8000 0000 8000 0000 1dd0 0000 03d8 53f2
0000430 03d8 53f2 003e ffff ef53 0001 0001 0000
0000440 abd4 512f 0000 0000 0000 0000 0001 0000
0000450 0000 0000 000b 0000 0100 0000 003c 0000
0000460 0246 0000 007b 0000 0927 9142 3ec0 b449
0000470 00bd c463 31fd ff7c 0000 0000 0000 0000
HACKER, amirite?