So, we currently have a userspace exploit using the web browser that gives us basic code execution. This currently works on versions 4.0.X and 4.1.0. It has access to read and write memory, the basic library functions, and that's about it. We can't access the filesystem or likewise install or change anything on it(not that we'd want to since we still have no idea how it works). You can find the exploit here. Frequently Asked Questions Q: Why can't we access the filesystem/*insert limitation here*? A: Since this is only a userspace exploit and we don't yet have access to the kernel, we only have access to what permissions the app, in this case the web browser, has. Since the browser has no need for accessing the filesystem or any external storage, we don't have access to that. Q: Is it safe to update to 5.0.0/5.1.0? A: Not yet, we're working on that. The bug is still in the browser, but when they added the quick boot menu in 5.0.0, it moved a bunch of code around and broke our ROP (Return Oriented Programming) chain that allows us to gain code execution, and since we don't have access to anything past that 5.1.0 doesn't work either. So it IS possible to get it working, we just need to find where the addresses are, which is difficult if you don't have any way to see (with the earlier versions we had binaries and so we could see where the code was), so it may take some time. Q: What's the latest version that this exploit currently exists in? A: As of 5.1.0 being released, it works from 4.0.0 up to 5.1.0, although there is no way to currently use it to run code on 5.0.0/5.1.0. Q: I won't want to miss out on homebrew, how can I update to 4.1.0? A: Mario Kart 8 comes with 4.1.0 on the disc, so go buy it (because it's not like it's a bad game), keep your system offline, and then update with the disc. Q: I want to update to 5.0.0/5.1.0 but I don't want to have my system update on me. What do I do?? A: There are two different things you can do. One solution is to turn off Standby Mode, which as of 5.0.0 allows your Wii U to install updates while you're sleeping. Go into Settings and go to Power Settings, and then just turn off "Standby Functions". This does disable Quick Boot though. Another solution would be to block the following URL with your router: nus.cdn.wup.shop.nintendo.net Q: So now that we have access to executing code on the system, what's next? A: Well, as mentioned before, this doesn't work on 5.0.0/5.1.0 because adding the Quick Boot Menu moved all our offsets we were using for our ROP chain, so step one would be to port this to the newest versions, which would most likely involve getting the rest of the keys(which requires IOSU access) so we can download and decrypt the binaries from NUS and then just use those to modify and recreate our ROP chain. Then it's onto looking for exploits that might allow us to install/fakesign our own code, which from the looks of things, is very unlikely at this point in time. As for a timeline as to when this is going to happen, probably sometime soon, considering if WiiKeyU and the Cobra UDE actually exist, and with the recent shenanigans of MrBean and chadderz, I'd expect there to be at least some interest in progressing further with this, especially since they're not going to release their kernel exploit until someone finds another one/the same one. Q: What does this mean for the average user? Can we expect real homebrew in the near future? A: For the average person, this does nothing of significance other then it allows us access to basic functions that will allow us to see how the system works. We still need to port the code to 5.0.0/5.1.0 and find a kernel exploit and an IOSU exploit which will allow us full access to the system, and then we need to understand how the system works before we do anything significant. So, we have quite a bit of work to do still.