Hacking Wii U Hacking & Homebrew Discussion

[the_randomizer]

No I am still on 5.3.0 at this moment on my WiiU I have not updated anymore since but I was told up above to 5.3.0 is guaranteed for something in the near future but how come the change?

Q: I want to update to the latest version but I don't want to miss out, am I safe in doing so?
A: NO. DO NOT UPDATE TO 5.3.0. The in-progress kernel exploit is now broken.

That FAQ was written way before they realized that was the case.

 

[Reecey]

That FAQ was written way before they realized that was the case.

Oh Ok, thanks, its great news for me though I really thought I was completely stuffed but now I have some hope of something, really chuffed tbh

 

[the_randomizer]

Oh Ok, thanks, its great news for me though I really thought I was completely stuffed but now I have some hope of something, really chuffed tbh

Yeah, as a precaution, do NOT update past 5.3.0

Edit: Damn, it IS out http://www.nintendolife.com/news/20..._specific_mention_of_recent_error_code_issues

 

[NWPlayer123]

Yeah, I still need to update it. The deal with 5.3.0 was that whole shenanigan with the rando posting that our kernel exploit method was fixed (which it may well be now that it's out in the wild), and nobody bothered to check until I asked MN1 about it personally. That being said, now that the method IS public, I wouldn't be surprised if one of these two new updates fixed it. Until someone gets the binaries to check (which yes it's possible if you know who to talk to), we won't know for sure whether the newest versions are safe.


HOWEVER, being able to run code in the first place (IE finding another browser bug to exploit) is a little shaky now that they've started to consistently update it (and because the latest open source version is 5.1.1), so we don't have access to the latest code to find new bugs to exploit. That being said, it's still possible to find ways to gain code execution if you know what to look for in the source, which is why I recommend anyone who knows someone useful to contact them to have them look into it. It doesn't have to just be us few working on the kernel exploit to make progress

 

[VinsCool]

This is offtopic, but what do you recommend me to start if I want to help you? According I have little to no knowlege in hacking/programming? For sure I want to learn.

 

[thorasgar]

This is offtopic, but what do you recommend me to start if I want to help you? According I have little to no knowlege in hacking/programming? For sure I want to learn.

It all starts with "Hello World" and goes from there. enjoy.

 

[TeamScriptKiddies]

Random brainstorming thought:

Of course, this idea won't go anywhere until we have the private key(s) for the drive encryption (or somehow figure out how to reverse engineer it), but I was thinking.... What if say either of those two things happen. Wouldn't it be possible to attach a microcontroller to the drive in some way to patch the region info on-the-fly (like any other traditional modchip would). I mean now that we can successfully decrypt Wii U isos (thanks to crediar) We could start looking into where the region info is stored on the disc at least, once its located, we can develop a microcontroller program that injects the appropriate region coding info for your console regardless of what the disc inserted is.

Of course this method wouldn't enable the booting of backups (unless used in conjunction with some sort of soft mod, which doesn't exist yet, or an ODE, which still isn't out in the wild yet....), because of the proprietary blu-ray knockoff disc format the Wii U uses (how would you even burn a Wii U iso and have it readable XD not to mention that the game would need a legit signature ), but this could be used for playing legitimate games imported from other countries.

I realize such a device, would easily be detectable by nintendo and could lead to the banhammer if you use your console online, but it could be rigged with a switch to power it off whenever you're online . Where the Wii U doesn't have a true hypervisor (the IOSU kernel serves as a weak pseudo-hypervisor) I can't imagine it would be able to log any suspicious activity done offline to flag you for a ban (like the 360) as soon as you go back online.

Not to mention, I think Nintendo will be more concerned about blocking and banning people for using ODE'S anyways, then a simple region free chip. This could be released as an open source DIY modchip. For people who aren't savvy enough to flash the chip themselves, someone who's kind enough could sell them a pre-flashed chip (just to cover the cost of materials and maybe tack on a couple extra bucks for labor +shipping)

Allegedly, Team Wiikey has already reverse engineered the drive encryption. If they ever release their ODE, I already have one pre-ordered for myself. I can try and look into what they did exactly and see if I can recreate it so I can interface a microcontroller with the disc drive for this purpose.

OR alternatively, is someone is able to retrieve the necessary private keys prior to that, we could work off that.

Again, I know I'm getting ahead of myself here, but this idea came to me so I'm just throwing it out there.

UPDATE: We could potentially use some of the 16 and 32 bit microcontrollers made my Microchip Inc found here: http://www.microchip.com/stellent/idcplg?IdcService=SS_GET_PAGE&nodeId=2680&dDocName=en537998

I'm already familiar with Microchip's IDE (MPLAB) . that gives me an advantage here . Microchip's 16 and 32 bit PIC's support AES encryption right out of the box, which is what the Wii U
drive uses

Random side note: While not very practical, in the mean time before the private keys for the drive encryption are retrievable or w/e it might be possible to invent a makeshift "swap mod" for ejecting the disc stealthily. Now, a traditional swap trick IS NOT POSSIBLE as we know that the Wii U has signature checks so the minute you pop in a different game (even stealthily) the console knows it and spits out an error code. Swapping for another game was debunked long ago in an ancient thread that's now dead and buried (not to mention locked by a mod/admin). However, again this is NOT practical, but might be something cool to just play around with. Assuming that two copies of the exact game (from different regions) have the exact same signature (I have no idea if this holds true, never tested this theory), we could stealth eject in the imported copy (if timing is right) for the domestic copy. Again, if you already have the domestic copy there's no real point in doing this, unless there is some bonus content that only the foreign version has that you are willing to pay for two copies of the game just to access lol.

This would be more of a "hey that's cool" kind of thing, if it can be pulled off. Not meant to be a "real" solution for loading imports by any means.

I just so happen to have the US copy of Mario Kart 8 AND the japanese version (which is currently unusable for obvious reasons). I'd be willing to experiment with this and see if its even possible, just for the fun of it....

UPDATE 2: EPIC FAIL! "So i took apart my wii u last night to take a look at the disc drive, as i want to develop an opensource DIY region free modchip (for playing original imports only) and i accidently snapped the clips that hold the ribbon cable for the drive in place so my console is temporarliy a paperweight XD.
Its a fairly easy fix, i just dont have enough hands to hold everything in place to resecure the cable XD. Luckily ************ is going to help me fix it " (copied from my facebook) Apparently facebook is being stupid at the moment and won't let me link directly to the post even though its set to public view, thanks Zuckerberg! *sighs*

 

[hdx]

I don't want to sound harsh but... There is something wrong in here: 1. You are working on Smash exploit, you think you're cracking console private key but in reality you're just messing with files which are nothing more than images checksum... 2. You believe you managed to get SMP support in Trinux just by installing some packages (in fact it requires a lot of kernel hacking and ASM coding), then it turns out into fail. 3. Now you're working on "region free modchip" and break your console...

Dude I know you want to do something for the community but stop now, you destroyed your console because you lack skills and knowledge... Just leave it to people who know what they're doing.

 

[thorasgar]

Don't mess with ambition! If he succeeds or fails does not matter, he is learning something in the process. He is learning more than sitting in a lecture hall. He snapped some clips, so what? I doubt he destroyed the console. It's a just a game and it's his to futz with. Someday he will do something great if people don't tell him he can't.

 

[hdx]

Yeah, ambition and stuff... I can understand that but:

Being quiet and making progress > bullshitting all over forums and getting nowhere

BTW. I can assure you the thing he's trying to achieve won't work. Simply because things are not that easy as he thinks

 

[I pwned U!]

Yeah, I still need to update it. The deal with 5.3.0 was that whole shenanigan with the rando posting that our kernel exploit method was fixed (which it may well be now that it's out in the wild), and nobody bothered to check until I asked MN1 about it personally. That being said, now that the method IS public, I wouldn't be surprised if one of these two new updates fixed it. Until someone gets the binaries to check (which yes it's possible if you know who to talk to), we won't know for sure whether the newest versions are safe.

I tried to use this tutorial to block the updates, but no matter which browser I view it in the images showing the correct CCProxy configurations do not show up. Whenever I tried opening them in a new tab, it would redirect me to a website that was different than the image locations.

Is there a better tutorial to use where the images will display correctly or the correct configurations are typed out? I have searched for over an hour with no luck.

 

[TeamScriptKiddies]

I don't want to sound harsh but... There is something wrong in here: 1. You are working on Smash exploit, you think you're cracking console private key but in reality you're just messing with files which are nothing more than images checksum... 2. You believe you managed to get SMP support in Trinux just by installing some packages (in fact it requires a lot of kernel hacking and ASM coding), then it turns out into fail. 3. Now you're working on "region free modchip" and break your console...

Dude I know you want to do something for the community but stop now, you destroyed your console because you lack skills and knowledge... Just leave it to people who know what they're doing.

So i made a mistake wirh trinux big woop lol. You cant have success without first having failure.

As for the smash exploit, at no point did i ever state i could get the private keys for the console using that. You simply misunderstood what i said. Initially, i thought the bin files that are associated with each jpg (snapshots) was encrypted itself. I realized soon after that its an MD5 hash after analyzing them. If the files were encrypted instead then there wouldve been a private key for said encryption. That is completely seperate from any of the consoles private keys.

As for destroying my console? Its only a clip, its an easy fix. The console is perfectly fine, thank you very much. I just needed a second person to help hold stuff in place while i mend the clip lol. Im sry, but i lack the privilege of having four arms lol.

As for the region free drivechip, theres really no reason for it not to be possible.

Will it load backups? No. Why? Because the wii u uses a propietary disc format. You could only load wii u isos with a softmod or an ode, because how would one properly burn a wii u iso in the first place? Lol.

 

[Mobilesuit2089]

*comment removed as per user*

 

[Marionumber1]

This is for Cafe OS hacking, not vWii mode hacks. Please find another thread to post that in.

 

[TeamScriptKiddies]

This is for Cafe OS hacking, not vWii mode hacks. Please find another thread to post that in.

I hope hardware hacking is acceptable (for Wii U mode) in this thread. Otherwise I will remove the stuff about the region free chip

 

[Marionumber1]

I hope hardware hacking is acceptable (for Wii U mode) in this thread. Otherwise I will remove the stuff about the region free chip

I guess hardware hacking is fine too, as long as it's a Wii U mode advancement. Wii U mode, rather than Cafe OS, is a much better term to use.

 

[TeamScriptKiddies]

Alright, I'm pretty sure I got the disc drive connected properly, its getting late and I gotta work in the am, so I'll test it out tomorrow if i get a chance.

 

[hdx]

As for the region free drivechip, theres really no reason for it not to be possible.

There is a reason why it wouldn't work. But it will be more fun hearing that you screwed something during the process, so go ahead and try it yourself. I can assure you it won't work. Seriously, hacking is fine but it requires knowledge which you simply don't have. It's not a bad thing - just start learning, maybe start making homebrew apps first, at least you won't screw up your console. Dude, I don't even write this to be rude etc. I just sometimes see how much bullshit your posts are.

 

[TeamScriptKiddies]

There is a reason why it wouldn't work. But it will be more fun hearing that you screwed something during the process, so go ahead and try it yourself. I can assure you it won't work. Seriously, hacking is fine but it requires knowledge which you simply don't have. It's not a bad thing - just start learning, maybe start making homebrew apps first, at least you won't screw up your console. Dude, I don't even write this to be rude etc. I just sometimes see how much bullshit your posts are.

My posts are not BS like you claim. I may not be an expert at this stuff, but I do have quite a grasp on the subject matter. As for screwing up my console, I haven't yet, a tiny plastic clip is no big deal tbh. Very simple fix. Sure its tedious to try to get everything in place again, but its far from being "destroyed" lol.

Although I do have a confession to make here:

There is a reason why I keep jumping from one idea to the next. I suffer from ADD and as a direct result have attention span issues, so I tend to go from one thing to another fairly quickly without really following through completely with the previous task. Hence all my wild ideas that realistically can't be done all at once. Its too much, to work on the Trinux project, while developing a side channel hack with an arduino device and trying to exploit smash and develop a drivechip all at once.

From this point forward, I'm sticking with the Trinux project and the region free drivechip alone. Nothing more, nothing less. Those are the only two projects I'm taking on from this point forward and that's my final answer. MN1 and co are already working on the kernel exploit so there's really no need for a side channel attack at this point, nor is there a need for another userland exploit as Webkit is still buggy as all heck. I apologize for the confusion I've caused along the way, but no this, the Trinux project is very much alive as is the drivechip project, but again, that's all I'm going to take on for now.

As for the drivechip, while you may have your doubts about it, I'm still going to pursue it nonetheless. I personally believe it IS possible and we'll never know without at least trying it.

 

[hdx]

I don't even need to talk technical to prove your understanding is wrong:
- you can't swap discs because after putting disc in, it spins constantly (even if you take out the disc there will be an error, you can't do that stealthy)
- security checks aren't done only when you put your game into the drive
- communication between console and drive is encrypted so you can't do MITM without knowing encryption keys
- do you think people will mess their drives just to play games from other regions? I highly doubt it, even if it works but requires some steps every time you want to play other region disc, it's not worth the hassle

Good luck omitting that.

Even if you are stubborn enough to give it a try, keep in mind that it's not as simple as cutting some traces and soldering a switch or something. It faaaaaar more complex, it requires a lot of reverse engineering etc. It's impossible for person without experience and knowledge...

EOT. After all, I didn't want to be a prick so I'm sorry if you felt insulted.