Hacking Wii U Hacking & Homebrew Discussion

filfat · Jun 18, 2014

-snip-

Marionumber1 · Jun 18, 2014

keine said:
Any advice on finding rpl names and which functions belong to which rpls?
Its not obvious to me yet.
It appears acquire isn't used normally, but rather the rpls are linked in at build time and those functions are then just available.
For example, where did the IOS.c mount functions come from? I also haven't found any mention of nsysnet anywhere.

Is there any way to dump all rpl names and functions contained therin?

Also, why don't we have file access. Isn't file access part of userland? Say, take a picture of the screen and save to sd card.

Has anyone had any luck with fs.py or ios.c?

We found the different functions in various ways. Filesystem and IOS functions were inside coreinit, which comex gave to me to help me build the ROP chain. I believe nsysnet was found in the Cafe OS system log, along with the names of all the other loaded libraries. Some could be guessed, like gx2.rpl for the graphics library.

I should note that we don't actually have permission in the web browser to access external storage or any part of the internal filesystem outside of the browser's area. This is another reason why a kernel or loader exploit is useful. Let it be said that we're working on it.

TeamScriptKiddies · Jun 18, 2014

Marionumber1 said:
We found the different functions in various ways. Filesystem and IOS functions were inside coreinit, which comex gave to me to help me build the ROP chain. I believe nsysnet was found in the Cafe OS system log, along with the names of all the other loaded libraries. Some could be guessed, like gx2.rpl for the graphics library.

I should note that we don't actually have permission in the web browser to access external storage or any part of the internal filesystem outside of the browser's area. This is another reason why a kernel or loader exploit is useful. Let it be said that we're working on it.

Keep up the good work Mario!

fatsquirrel · Jun 18, 2014

MarioN1, would you suggest to people who are currently on 4.1.0 to stay on it, or go to 5.0.0?
The thing is, Im concerned that since most of the people are on 5.0.0, devs and hackers will only develop exploits for 5.0.0.

What do you think? Stupid question?

NWPlayer123 · Jun 18, 2014

If you want a more in-depth look at how the system works, there's this nice command for the RPC called get_logs that does exactly that, gets system logs. I did a string dump of it back when I was on 4.1.0, you can see an example here. https://dl.dropboxusercontent.com/u/56043942/RandomOther/Requests/logdump.txt

filfat · Jun 18, 2014

List of RPL files I have found using the log file from NWP:

snd_core.rpl
gx2.rpl
avm.rpl
vpad.rpl
vpadbase.rpl
dc.rpl
dmae.rpl
nn_pdm.rpl
tcl.rpl
uvc.rpl
nsysnet.rpl
nsysccr.rpl
tve.rpl
coreinit.rpl

I will add them to the op latter

Bug_Checker_ · Jun 18, 2014

filfat said:
List of RPL files I have found using the log file from NWP:

snd_core.rpl

gx2.rpl

avm.rpl

vpad.rpl

vpadbase.rpl

dc.rpl

dmae.rpl

nn_pdm.rpl

tcl.rpl

uvc.rpl

nsysnet.rpl

nsysccr.rpl

tve.rpl

coreinit.rpl

I will add them to the op latter

Here is a more complete list

avm.rpl
coreinit.rpl
dc.rpl
dmae.rpl
drmapp.rpl
erreula.rpl
fdlibm.rpl
gx2.rpl
h264.rpl
libcairo.rpl
libcurl.rpl
libfont4_sdk20000.rpl
libicu4c.rpl
libjpeg-turbo.rpl
libopenssl.rpl
libpixman.rpl
libpng.rpl
libwk_peer.rpl
libwk_peer_access.rpl
libwkc.rpl
libwkc_wiiu.rpl
libxml2.rpl
mic.rpl
mvplayer-gui.rpl
mvplayer.rpl
nlibcurl.rpl
nn_ac.rpl
nn_acp.rpl
nn_act.rpl
nn_boss.rpl
nn_fp.rpl
nn_idbe.rpl
nn_ndm.rpl
nn_nim.rpl
nn_olv.rpl
nn_pdm.rpl
nn_save.rpl
nn_spm.rpl
nn_vctl.rpl
nsysccr.rpl
nsyshid.rpl
nsyskbd.rpl
nsysnet.rpl
nsysuhs.rpl
nsysuvd.rpl
padscore.rpl
proc_ui.rpl
randgen.rpl
snd_core.rpl
snd_user.rpl
sqlite.rpl
swkbd.rpl
sysapp.rpl
tcl.rpl
tve.rpl
uac.rpl
uvc.rpl
uvd.rpl
vpad.rpl
vpadbase.rpl
zlib.rpl
zlib125.rpl

rpx files:

error.rpx
hbm.rpx
men.rpx
root.rpx
surf.rpx

elf
kdebug.elf

This bought me a chuckle in the logfile
"using DSP memory parameters:
It is Latte A2x or later
It is not Holly/Bolly-Wood "

more info found on pastebin
on second thought have not checked files yet. So search WiiU system and browser rpx/rpl list from SYSLOGs

naxil · Jun 18, 2014

sorry but.. i have a question: when i "compile" the test410.html file, what is the exact file i need to upload on webserver?
test410.html (renamend to index.html), and only frame.html?

NWPlayer123 · Jun 18, 2014

Yeah, that's all you need.

naxil · Jun 18, 2014

filfat.. how to compile your test_cpp.cpp? i have lot of error if i try to use ./build.sh cpp_test.cpp

Code:

naxil@naxil:~/homebrew/wiiu-userspace$ ./build.sh cpp_test.cpp
0+1 record dentro
0+1 record fuori
216 byte (216 B) copiati, 6,8723e-05 s, 3,1 MB/s
../src/cpp_test.c:2:20: error: no include path in which to search for iostream
../src/cpp_test.c:3:18: error: no include path in which to search for string
../src/cpp_test.c:7:1: error: unknown type name 'using'
../src/cpp_test.c:7:17: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'std'
../src/cpp_test.c:15:16: error: unknown type name 'string'
../src/cpp_test.c: In function 'start':
../src/cpp_test.c:26:8: error: 'true' undeclared (first use in this function)
../src/cpp_test.c:26:8: note: each undeclared identifier is reported only once for each function it appears in
../src/cpp_test.c:28:35: error: expected ')' before ';' token
../src/cpp_test.c:29:3: error: expected ';' before '}' token
../src/cpp_test.c: In function 'init':
../src/cpp_test.c:40:23: error: 'handle' undeclared (first use in this function)
../src/cpp_test.c:44:1: error: expected ';' before '}' token
../src/cpp_test.c: At top level:
../src/cpp_test.c:46:16: error: unknown type name 'string'
/home/naxil/devkitPRO/devkitPPC/bin/powerpc-eabi-ld: cannot find cpp_test.o: No such file or directory
Traceback (most recent call last):
  File "./generate_html.py", line 91, in <module>
    code_js = code_to_js(open('code.bin', 'rb').read())
IOError: [Errno 2] No such file or directory: 'code.bin'

Marionumber1 · Jun 18, 2014

naxil said:

filfat.. how to compile your test_cpp.cpp? i have lot of error if i try to use ./build.sh cpp_test.cpp

Code:

naxil@naxil:~/homebrew/wiiu-userspace$ ./build.sh cpp_test.cpp
0+1 record dentro
0+1 record fuori
216 byte (216 B) copiati, 6,8723e-05 s, 3,1 MB/s
../src/cpp_test.c:2:20: error: no include path in which to search for iostream
../src/cpp_test.c:3:18: error: no include path in which to search for string
../src/cpp_test.c:7:1: error: unknown type name 'using'
../src/cpp_test.c:7:17: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'std'
../src/cpp_test.c:15:16: error: unknown type name 'string'
../src/cpp_test.c: In function 'start':
../src/cpp_test.c:26:8: error: 'true' undeclared (first use in this function)
../src/cpp_test.c:26:8: note: each undeclared identifier is reported only once for each function it appears in
../src/cpp_test.c:28:35: error: expected ')' before ';' token
../src/cpp_test.c:29:3: error: expected ';' before '}' token
../src/cpp_test.c: In function 'init':
../src/cpp_test.c:40:23: error: 'handle' undeclared (first use in this function)
../src/cpp_test.c:44:1: error: expected ';' before '}' token
../src/cpp_test.c: At top level:
../src/cpp_test.c:46:16: error: unknown type name 'string'
/home/naxil/devkitPRO/devkitPPC/bin/powerpc-eabi-ld: cannot find cpp_test.o: No such file or directory
Traceback (most recent call last):
  File "./generate_html.py", line 91, in <module>
    code_js = code_to_js(open('code.bin', 'rb').read())
IOError: [Errno 2] No such file or directory: 'code.bin'

From those error messages, it sounds like you're trying to use parts of the C++ standard library (like iostream and string). Those aren't available on the Wii U.

google · Jun 19, 2014

Nooob question:
Are there any list that lets you check what FW is present on the gamedisc / and what FW is required to play it?

the_randomizer · Jun 19, 2014

google said:
Nooob question:
Are there any list that lets you check what FW is present on the gamedisc / and what FW is required to play it?

Mario Kart 8 installs 4.1.0 I believe

Goku Junior · Jun 19, 2014

Err... sorry by asking this but... NWPlayer123 , or Marionumber1, you guys are envolved into this, another question to all of this is a little stupid, because it's confirmed by Marcan, but I can't believe yet the Wii U CPU it's clocked at 1.24GHz, both are working in this, so, you know it is true that clock? It's hard to me believe that slow clock, but I'll be fine only with listen to yours words, thanks

!

the_randomizer · Jun 19, 2014

Goku Junior said:
Err... sorry by asking this but... NWPlayer123 , or Marionumber1, you guys are envolved into this, another question to all of this is a little stupid, because it's confirmed by Marcan, but I can't believe yet the Wii U CPU it's clocked at 1.24GHz, both are working in this, so, you know it is true that clock? It's hard to me believe that slow clock, but I'll be fine only with listen to yours words, thanks !

Low GHz doesn't mean low performance (Also called the MHz Myth), clock speed is only part of the puzzle, other factors determine how fast a CPU truly is (architecture, instruction sets, no. of transistors, etc). 1.24 GHz is slow compared to the other consoles, but it doesn't equate to slow performance; once we gain access to all three cores, we can have good apps for homebrew I'm sure.

Goku Junior · Jun 19, 2014

the_randomizer said:
Low GHz doesn't mean low performance (Also called the MHz Myth), clock speed is only part of the puzzle, other factors determine how fast a CPU truly is (architecture, instruction sets, no. of transistors, etc). 1.24 GHz is slow compared to the other consoles, but it doesn't equate to slow performance; once we gain access to all three cores, we can have good apps for homebrew I'm sure.

Oh,ok, I was thinking bad, thanks for the explain! I was thinking the GHz put the bad performance in games (Assassin's Creed IV, and ACIII), that's just a bad port,right?

NWPlayer123 · Jun 19, 2014

Goku Junior said:
Err... sorry by asking this but... NWPlayer123 , or Marionumber1, you guys are envolved into this, another question to all of this is a little stupid, because it's confirmed by Marcan, but I can't believe yet the Wii U CPU it's clocked at 1.24GHz, both are working in this, so, you know it is true that clock? It's hard to me believe that slow clock, but I'll be fine only with listen to yours words, thanks !

Going off of what fail0verflow I think said, they know that because it specifically says that in system logs. IDR where I read that but that's what I remember. And yeah, CPU speed isn't the only factor. Hardware and software have to work together, if your coding method is shit then of course it's gonna run terribly, you have to optimize it for it to work well.

arbiter34 · Jun 19, 2014

Just out of curiosity has anyone tried playing around with the reboot or shutdown callback functions? I haven't had the time to set something up, but I'm curious if any shutdown methods get executed prior to callback, possibly allowing us outside of the browser sandbox.

filfat · Jun 19, 2014

-snip-

filfat · Jun 19, 2014

-snip-

Hacking Wii U Hacking & Homebrew Discussion

CTO @ Nordcom Group Inc.

Well-Known Member

Licensed Nintendo (indie) Game Developer

Well-Known Member

Well-Known Member

CTO @ Nordcom Group Inc.

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Member

The Temp's official fox whisperer

Well-Known Member

The Temp's official fox whisperer

Well-Known Member

Well-Known Member

Member

CTO @ Nordcom Group Inc.

CTO @ Nordcom Group Inc.

Similar threads

Popular threads in this forum