Hacking Wii U Hacking & Homebrew Discussion

[NWPlayer123]

Well, I assume it works for both, only because when I compiled hello.c this last time, I used 510, not 500, and it spat out test500.html, not test510.html, but other then that I don't know. If you test http://nwplayer123.github.io/wiiu/hello500.html and it works on 5.0.0, then yes, they're for all intensive purposes identical.

 

[Marionumber1]

So from what I understand, the exploit for 5.0.0 also runs on 5.1.0 as well. Can anyone confirm this? I'm updating thehomebrewcometh right now. I need to know if I just need one button for both firmwares (to launch the exploit) or two separate ones for each of those firmwares. Marionumber1 NWPlayer123 Chadderz?

Yes, the exploits for 5.0.0 and 5.1.0 are identical.

 

[TeamScriptKiddies]

Well, I assume it works for both, only because when I compiled hello.c this last time, I used 510, not 500, and it spat out test500.html, not test510.html, but other then that I don't know. If you test http://nwplayer123.github.io/wiiu/hello500.html and it works on 5.0.0, then yes, they're for all intensive purposes identical.

Well I just went ahead and decided to try this one on my 5.0.0 console which was designed for use with 5.1.0: http://gbatemp.net/threads/testing-wiiu-browser-exploit-on-5-1-0.369463/#post-5060526 and it worked just fine . So I think its safe to say there were no address changes that have anything to do with the webkit exploit between those two firmwares .

Side note: A Mod/Admin should really merge all these new threads that keep popping up about the webkit exploit. We could have one for the general public to discuss it in, and then keep this one as a separate thread for hackers/devs

 

[Ryanrocks462]

Well I just went ahead and decided to try this one on my 5.0.0 console which was designed for use with 5.1.0: http://gbatemp.net/threads/testing-wiiu-browser-exploit-on-5-1-0.369463/#post-5060526 and it worked just fine . So I think its safe to say there were no address changes that have anything to do with the webkit exploit between those two firmwares .

Side note: A Mod/Admin should really merge all these new threads that keep popping up about the webkit exploit. We could have one for the general public to discuss it in, and then keep this one as a separate thread for hackers/devs

omg yes would love to see two separate threads

 

[TeamScriptKiddies]

Thehomebrewcometh has been updated to include both Tgames helloworld (english and french version) and NWPlayer123 helloworld for firmwares 5.1.0 and 5.0.0. As the exploit for both firmwares are exactly the same, I put them together under one section . Enjoy!

 

[VinsCool]

Thehomebrewcometh has been updated to include both Tgames helloworld (english and french version) and NWPlayer123 helloworld for firmwares 5.1.0 and 5.0.0. As the exploit for both firmwares are exactly the same, I put them together under one section . Enjoy!

Thanks, I put your page as a favorite on my WiiU.

 

[VashTS]

I'm anxious to see what homebrew becomes of this! Any experts care to chime in with what is plausible?

Emulators? Media Players?

 

[VinsCool]

Infinite possibilities, Wii had excellents homebrews, I expect WiiU to have much more

 

[VashTS]

Infinite possibilities, Wii had excellents homebrews, I expect WiiU to have much more

I mean without kernel access, just in userspace.

 

[TeamScriptKiddies]

Thanks, I put your page as a favorite on my WiiU.

Thanks! Also your avatar is awesome! lmao

 

[VinsCool]

Thanks! Also your avatar is awesome! lmao

Mah boi!! play Link's face of evil! It is a piece of shit, but hell youtube poops from its cutscenes are hilarious!
Also, if I take psp in comparison, even with no kernel access, many good homebrews were working great, including emulators and media player. This was in early 6.20 hacking at least.

 

[TeamScriptKiddies]

Mah boi!! play Link's face of evil! It is a piece of shit, but hell youtube poops from its cutscenes are hilarious!
Also, if I take psp in comparison, even with no kernel access, many good homebrews were working great, including emulators and media player. This was in early 6.20 hacking at least.

DINNER!!!!!!

 

[NWPlayer123]

I'm anxious to see what homebrew becomes of this! Any experts care to chime in with what is plausible?

Emulators? Media Players?

Neither of those, considering we still can't access the filesystem, NAND OR eMMC. We're still at a loss for most stuff until we get a kernel and/or loader exploit to use. I guess you could always write a file into memory over the network but that'd be really finicky.

 

[uyjulian]

Neither of those, considering we still can't access the filesystem, NAND OR eMMC. We're still at a loss for most stuff until we get a kernel and/or loader exploit to use. I guess you could always write a file into memory over the network but that'd be really finicky.

SD card? USB interface?
Maybe UStealth would be actually useful now to load media from fat32 usb without prompt.

 

[TheLoneWolfe]

SD card? USB interface?
Maybe UStealth would be actually useful now to load media from fat32 usb without prompt.

I believe it was stated earlier that they tried that, but were unable to access the SD card from the browser.

 

[Onion_Knight]

for anyone that is trying this at home, python comes with simple HTTP server that can be used as your jump point for the html.

at the command line in the directory that serves up the exploit, type. python -m SimpleHTTPServer

By default it will launch a web service that listens on port 8000 of your host and will post up "index.htm", or "index.html" if they are in the current working directory. If it isn't found, it will print a dirlist which you can than click on the exploit. Its pretty simple and once killed, your not running a webserver anymore. You will need to disable your firewall when you do this, unless you punch a hole through on port 8000. I had thought it was disabled for me but once I ran wireshark, I could see that it was still running. Once fully disabled, it worked like a champ.

 

[iNFiNiTY]

Do

Neither of those, considering we still can't access the filesystem, NAND OR eMMC. We're still at a loss for most stuff until we get a kernel and/or loader exploit to use. I guess you could always write a file into memory over the network but that'd be really finicky.

Doesn't the browser EVER try to save anything to filesystem? You can't save pics, literally nothing? Saved internet settings? Surely there is some limited access there.. the 3DS exploit after all was just the DS system settings being used. And with access to run code as the browser user would there not be potentially a way to go out of it's limitations by modifications to other parts of userland memory?

I don't know how much multitasking the Wii-U allows at once but if you had the browser running simultaneously alongside anything else in the background there's the chance of corrupting that other memory is there not? Apparently you can run it at any time, so couldn't it potentially open up modification of game memory that is going to save game, putting a modified save game into the filesystem around their encryption. Unless it's really specifically separated between memory areas and access closed to each; that was the same problem on 3DS that managed to be overcome though.

Sorry for not being specific about details but wiiubrew is almost well completely empty unlike the detail info on the 3DS and it's many countermeasures explained in detail. Not even a virtual memory layout cause people didn't want to share on wii-u it seems.

 

[Bug_Checker_]

Do

Doesn't the browser EVER try to save anything to filesystem? You can't save pics, literally nothing? Saved internet settings? Surely there is some limited access there.. the 3DS exploit after all was just the DS system settings being used. And with access to run code as the browser user would there not be potentially a way to go out of it's limitations by modifications to other parts of userland memory?

I don't know how much multitasking the Wii-U allows at once but if you had the browser running simultaneously alongside anything else in the background there's the chance of corrupting that other memory is there not? Apparently you can run it at any time, so couldn't it potentially open up modification of game memory that is going to save game, putting a modified save game into the filesystem around their encryption. Unless it's really specifically separated between memory areas and access closed to each; that was the same problem on 3DS that managed to be overcome though.

Sorry for not being specific about details but wiiubrew is almost well completely empty unlike the detail info on the 3DS and it's many countermeasures explained in detail. Not even a virtual memory layout cause people didn't want to share on wii-u it seems.

I would assume it saves bookmarks/favorites.
And, Chadderz uses the browser as a way to take control of Mario Kart (see other thread)

 

[iNFiNiTY]

Ok i'll check it out everything is a bit spread out, that's great news though.

 

[Psionic Roshambo]

Do

Doesn't the browser EVER try to save anything to filesystem? You can't save pics, literally nothing? Saved internet settings? Surely there is some limited access there.. the 3DS exploit after all was just the DS system settings being used. And with access to run code as the browser user would there not be potentially a way to go out of it's limitations by modifications to other parts of userland memory?

I don't know how much multitasking the Wii-U allows at once but if you had the browser running simultaneously alongside anything else in the background there's the chance of corrupting that other memory is there not? Apparently you can run it at any time, so couldn't it potentially open up modification of game memory that is going to save game, putting a modified save game into the filesystem around their encryption. Unless it's really specifically separated between memory areas and access closed to each; that was the same problem on 3DS that managed to be overcome though.

Sorry for not being specific about details but wiiubrew is almost well completely empty unlike the detail info on the 3DS and it's many countermeasures explained in detail. Not even a virtual memory layout cause people didn't want to share on wii-u it seems.

I know it saves passwords and settings for web pages, and I assume it has to have some sort of cache system for faster web page loading.

I have also read that the first actual homebrew using the exploit is going to be released soon, from the looks of it a Wii-U drive key dumper. So they must either be dumping the key to USB or the SD slot or I would hate to have to write down that long string of letters and numbers.... lol (I guess a camera and OCR would be easier.)