# simple iosu communication



## stevebraxton5653 (Jun 25, 2016)

hi

i was on wiiubrew and i saw some interesting stuff
so i got my friend to look at it and he gave me this program. he said it was "simple iosu communication"
i couldnt get it to work but i thought you people might like it

he says its for lastest hbl but it is not an iosu exploit
listen "not an iosu exploit" pls dont bug me
anyway

enjoy

https://drive.google.com/file/d/0By1DpGfe6EMVUkQyd3BCbUVOak0/view?usp=sharing

ps im really excited for the iosu exploit and all the possibilities it opens
when is release?


----------



## sdtg34520 (Jun 25, 2016)

A suggestion to anyone considering downloading it:
*Don't.*
At least, unless you have a hardmod. The likelihood it would brick you is probably low, but still, never run random executable files you find on the internet.


----------



## KiiWii (Jun 25, 2016)

Interesting to see if this can get iosu information from kexploit.

Can anyone with some authority check it out?

@Sans-Serif i don't even think there is a hard mod for Wii u so...


----------



## sdtg34520 (Jun 25, 2016)

KiiWii said:


> Interesting to see if this can get iosu information from kexploit.
> 
> Can anyone with some authority check it out?
> 
> @Sans-Serif i don't even think there is a hard mod for Wii u so...


There is, it's basically the exact same as the 3DS NAND hardmod. Solder onto some points near the NAND, then solder those wires onto a microSD > SD adapter.


----------



## eddiejo6 (Jun 25, 2016)

KiiWii said:


> Interesting to see if this can get iosu information from kexploit.
> 
> Can anyone with some authority check it out?
> 
> @Sans-Serif i don't even think there is a hard mod for Wii u so...



There is, or so I've heard. But it's apparently really fucking hard to pull off.


----------



## sdtg34520 (Jun 25, 2016)

Chucked it into IDA, because why not.





>WHO IS YOUR SAVIOUR NOW
Cool. -_-


----------



## eddiejo6 (Jun 25, 2016)

Sans-Serif said:


> Chucked it into IDA, because why not.
> 
> 
> 
> ...



So it's a prank?


----------



## sdtg34520 (Jun 25, 2016)

eddiejo6 said:


> So it's a prank?


Seems like it. I don't actually own a Wii U, so I couldn't test it (darn NZ prices). There's also some strings for filesystem calls. Smells like bullshit.


----------



## eddiejo6 (Jun 25, 2016)

Sans-Serif said:


> Seems like it. I don't actually own a Wii U, so I couldn't test it (darn NZ prices). There's also some strings for filesystem calls. Smells like bullshit.



Well then I sure as hell won't be the first to test it!


----------



## Mrrraou (Jun 25, 2016)

it's not something interesting at all
just networking stuff, heh
it seems to be using nsysnet.rpl, which has access to /dev/net/ifmgr/ncl (and doesn't seem to be accessible from userland without that lib), which is a lib for bsd sockets
it also seems to open /dev/net/ifmgr/ncl as a file, as that's how stuff works with IOSU; and it tries sending ioctls to it; but i guess that's all it does, i'm actually not sure it would run as i'm not sure userland has access to /dev/net/ifmgr/ncl (which handles network config stuff), i guess you need access to IOS-NET to do that
it seems to print the ioctl output in hex when done


----------



## pwsincd (Jun 25, 2016)

Did someone try this ?


----------



## Reecey (Jun 25, 2016)

Sans-Serif said:


> Chucked it into IDA, because why not.
> 
> 
> 
> ...


Its a piss take man"WHO IS YOUR SAVIOUR NOW" referring to Hykem going I presume! there saying no one will save the IOSU exploit from happening, that's what there referring to


----------



## Mrrraou (Jun 25, 2016)

Reecey said:


> Its a piss take man"WHO IS YOUR SAVIOUR NOW" referring to Hykem going I presume! there saying no one will save the IOSU exploit from happening


but there's no exploit in there, at all, it's just useless testing stuff


----------



## Reecey (Jun 25, 2016)

Mrrraou said:


> but there's no exploit in there, at all, it's just useless testing stuff


Thats the point. Its useless therefore there referring to Hykem being useless I presume.

Edit: its quite sad and pathetic tbh.


----------



## Mrrraou (Jun 25, 2016)

Reecey said:


> Thats the point. Its useless therefore there referring to Hykem being useless I presume.


Except that Hykem wasn't useless.
Hykem documented a *fuckton* on IOSU on wiiubrew.
http://wiiubrew.org/wiki/Special:Contributions/Hykem
His exploit details are also present here: http://wiiubrew.org/wiki/Talk:Exploits
And bad checks on ioctls wouldn't surprise me at all.

So I don't see any relation between that and Hykem.


----------



## Reecey (Jun 25, 2016)

Mrrraou said:


> Except that Hykem wasn't useless.
> Hykem documented a *fuckton* on IOSU on wiiubrew.
> http://wiiubrew.org/wiki/Special:Contributions/Hykem
> His exploit details are also present here: http://wiiubrew.org/wiki/Talk:Exploits
> ...


I'm not saying he is I respect the man completely but this person is not, look if it was for real it would say without blocks something like "Who is your saviour now! (being ! on the end) but its wrote in full blocks "WHO IS YOUR SAVIOUR NOW" in other words there referring to no one will save the IOSU from happening because Hykem has gone missing. Remember this has nothing to do with Hykem this is just some random guy making a joke at him.


----------



## Mrrraou (Jun 25, 2016)

Reecey said:


> I'm not saying he is I respect the man completely but this person is not, look if it was for real it would say without blocks something like "Who is your saviour now! (being ! on the end) but its wrote in full blocks "WHO IS YOUR SAVIOUR NOW" in other words there referring to no one will save the IOSU from happening because Hykem has gone missing.


meh, that homebrew isn't really related to IOSU exploitation either... whatever


----------



## NexoCube (Jun 25, 2016)

It does return your Wi-Fi box WPA-AES key :o

SSID
WPA Key (the key you use to connect to your wifi)

--------------------- MERGED ---------------------------

This man. Is a fucking genius. Thee are my Wi-Fi SSID and WPA Key (I just changed them, just in case)


----------



## Reecey (Jun 25, 2016)

Mrrraou said:


> meh, that homebrew isn't really related to IOSU exploitation either... whatever


Get you, sorry I misread, it has nothing to do with actual IOSU Exploit then. Never mind it sounded like I knew what I was on about 

--------------------- MERGED ---------------------------



NexoCube said:


> It does return your Wi-Fi box WPA-AES key :o
> 
> SSID
> WPA Key (the key you use to connect to your wifi)
> ...


Nice! So what does it actually do then? thinking about it now he mentions about the lastest HBL build, now does it boot the HBL into an actual full IOSU state and then we can use apps in full control?, maybe?


----------



## Phantom64 (Jun 25, 2016)

Is this legit or bull****?


----------



## Mrrraou (Jun 25, 2016)

NexoCube said:


> It does return your Wi-Fi box WPA-AES key :o
> 
> SSID
> WPA Key (the key you use to connect to your wifi)
> ...


he's not a genius... he read the config from /dev/net/ifmgr/ncl... which handles the network config...
http://wiiubrew.org/wiki//dev/net/ifmgr/ncl


----------



## NexoCube (Jun 25, 2016)

Mrrraou said:


> he's not a genius... he read the config from /dev/net/ifmgr/ncl... which handles the network config...
> http://wiiubrew.org/wiki//dev/net/ifmgr/ncl



That was sarcastic.


----------



## Mrrraou (Jun 25, 2016)

Reecey said:


> Get you, sorry I misread, it has nothing to do with actual IOSU Exploit then. Never mind it sounded like I knew what I was on about
> 
> --------------------- MERGED ---------------------------
> 
> ...


It doesn't *at all*, seriously... it's just calling some IOS-NET functions using ioctls...

--------------------- MERGED ---------------------------



NexoCube said:


> That was sarcastic.


Sarcasm is hard on the Internet.


----------



## Reecey (Jun 25, 2016)

Mrrraou said:


> It doesn't *at all*, seriously... it's just calling some IOS-NET functions using ioctls...
> 
> --------------------- MERGED ---------------------------
> 
> ...


So its just a bit of bollocks basically, like I mentioned earlier!


----------



## punderino (Jun 25, 2016)

Sans-Serif said:


> There is, it's basically the exact same as the 3DS NAND hardmod. Solder onto some points near the NAND, then solder those wires onto a microSD > SD adapter.


Ryanrocks has a hardmod xD


----------



## NexoCube (Jun 25, 2016)

punderino said:


> Ryanrocks has a hardmod xD



Stop listening him. He is the biggest liar of this community.


----------



## punderino (Jun 25, 2016)

NexoCube said:


> Stop listening him. He is the biggest liar of this community.


When he was testing some IOSU shit that *WAS* being worked on and managed to pull and push NAND images that was a lie? ;^)


----------



## NexoCube (Jun 25, 2016)

punderino said:


> he



HAHAHAHAHAHAHAHAHA


----------



## Deleted User (Jun 25, 2016)

The amount of bait, trolling, and shit-chat in this thread is just downright laughable, honestly...
And Ryanrocks doesn't have a single IOSU exploit to test, and never has done. Trust me; I have known him for almost half a year, and I can effortlessly filter out his lies/bullshit from his honesty, and unfortunately for you guys, him testing anything to do with IOSU falls under the lies/bullshit.

Just cut the crap guys, it's common sense to be honest... there should never be any reason why some people are stirring the pot...


----------



## punderino (Jun 25, 2016)

Mrrraou said:


> Ryan isn't fucking developing anything. @JustPingo and TiniVi are doing all the work.


Ehhhh, he's helping out quite a bit. Before they moved plans to the new exploit that would of been easier than what we had, Ryan testing out a shit ton of *.elfs for the little project.

--------------------- MERGED ---------------------------



Voxel Studios said:


> The amount of bait, trolling, and shit-chat in this thread is just downright laughable, honestly...
> And Ryanrocks doesn't have a single IOSU exploit to test, and never has done. Trust me; I have known him for almost half a year, and I can effortlessly filter out his lies/bullshit from his honesty, and unfortunately for you guys, him testing anything to do with IOSU falls under the lies/bullshit.
> 
> Just cut the crap guys, it's common sense to be honest... there should never be any reason why some people are stirring the pot...


Never said it was an IOSU exploit either. It was a step towards it, a big one at that. <3


----------



## NexoCube (Jun 25, 2016)

punderino said:


> JEEZ CALM IT DOWN ;~; You're being so rude. That guy's pretty cool.
> 
> --------------------- MERGED ---------------------------
> 
> ...



That guy is racist too. How can you still talk to him....



    

For people teling me that that's not fair to upload private convo, he made the same shit on his twitter account.


----------



## Deleted User (Jun 25, 2016)

punderino said:


> Never said it was an IOSU exploit either. It was a step towards it, a big one at that. <3


I say IOSU because that is mostly the thing the people here want to see being developed the most, but I respect the fact you never said it in the first place.


----------



## NexoCube (Jun 25, 2016)

But i suppose that being racist is normal because it's Ryan ? Is it not ? @punderino


----------



## Mrrraou (Jun 25, 2016)

punderino said:


> Ehhhh, he's helping out quite a bit. Before they moved plans to the new exploit that would of been easier than what we had, Ryan testing out a shit ton of *.elfs for the little project.
> 
> --------------------- MERGED ---------------------------
> 
> ...


It wasn't something _"related"_ to IOSU anyway. And Ryan was testing elfs, but that's all. Testing helps, but well. He won't be the only tester. Ryan isn't smart. At all. You won't get anything from him, besides shitpost, hateful stuff, racism, misogynism and leaks.
Also, as you can see, he can't keep his mouth shut. Else you wouldn't be talking about what they were working on.


----------



## punderino (Jun 25, 2016)

Mrrraou said:


> It wasn't something _"related"_ to IOSU anyway. And Ryan was testing elfs, but that's all. Testing helps, but well. He won't be the only tester. Ryan isn't smart. At all. You won't get anything from him, besides shitpost, hateful stuff, racism, misogynism and leaks.


It was related to IOSU. It was what would allow us to use the public 5.2.0 exploit. 



Voxel Studios said:


> I say IOSU because that is mostly the thing the people here want to see being developed the most, but I respect the fact you never said it in the first place.


Thanks for actually saying that and not acting stuck-up. I appreciated it <3



NexoCube said:


> But i suppose that being racist is normal because it's Ryan ? Is it not ? @punderino


Yes. Very normal, and amazing <3


----------



## Mrrraou (Jun 25, 2016)

punderino said:


> It was related to IOSU. It was what would allow us to use the public 5.2.0 exploit.
> 
> 
> Thanks for actually saying that and not acting stuck-up. I appreciated it <3
> ...


It would have granted IOSU access, I know. That's why it's italic and in quotes. But now, who really cares about downgrading when we have a public 5.5.x IOSU exploit out here ?


----------



## V1Cammy (Jun 25, 2016)

This is using the starbucks syscall handler....


----------



## CJB100 (Jun 25, 2016)

V1Cammy said:


> This is using the starbucks syscall handler....



The homebrew in the original thread? So whats that mean to a novice programmer such as myself?


----------



## NexoCube (Jun 25, 2016)

CJB100 said:


> The homebrew in the original thread? So that mean to a novice programmer such as myself?



No, the homebrew on the main post is just using the net structure of the IOS-NET module, standart bullshit.


----------



## V1Cammy (Jun 25, 2016)

Mrrraou said:


> Except that Hykem wasn't useless.
> Hykem documented a *fuckton* on IOSU on wiiubrew.
> http://wiiubrew.org/wiki/Special:Contributions/Hykem
> His exploit details are also present here: http://wiiubrew.org/wiki/Talk:Exploits
> ...



finds the syscall  jumps, and suspend proce


CJB100 said:


> The homebrew in the original thread? So whats that mean to a novice programmer such as myself?


It Finds the Syscall jumps to it , and tries to suspend thread , if its a bad check on ioctl  nothing.


----------



## Mrrraou (Jun 25, 2016)

punderino said:


> And everyone now knows that we were working on WUPDowngrader, gg. <3
> 
> --------------------- MERGED ---------------------------
> 
> ...


it was already known, just by following JustPingo or even TiniVi on Twitter. And you weren't part of it, afaik.


----------



## punderino (Jun 25, 2016)

Mrrraou said:


> it was already known, just by following JustPingo or even TiniVi on Twitter. And you weren't part of it, afaik.


I tested 2 versions of it, and I corrected myself. <3


----------



## V1Cammy (Jun 25, 2016)

wait.... ... it jumps right to system mode... ugh..... -_________- once the call is made 
.... 
debug_print_bad_stack ; Bad stack upon making system call:tid=%d,pid=%d,sp=0x%08x,sysCallNum=%d\n -_-


----------



## Veho (Jun 25, 2016)

Behave


----------



## V1Cammy (Jun 25, 2016)

dont overwrite the wrong instruction now...  otherwise you wont break in on where you want to  jump...


----------



## sdtg34520 (Jun 26, 2016)

>get home
>this thread
holy shit it's a graveyard in here

--------------------- MERGED ---------------------------

If you want IOSU access, hardmod your Wii U and either help test for other developers, or work on it yourself. Don't just bitch about Ryan :S


----------



## KytuzuEX (Jun 26, 2016)

What exactly is this? 
Some information progress about IOSU?

Anyways, since IOSU is being mentioned more often, I wanted to finally ask... when approximately is going to be "announced" as finished or released?


----------



## jbuck1975 (Jun 26, 2016)

KytuzuEX said:


> What exactly is this?
> Some information progress about IOSU?
> 
> Anyways, since IOSU is being mentioned more often, I wanted to finally ask... when approximately is going to be "announced" as finished or released?


Christmas


----------



## KytuzuEX (Jun 26, 2016)

jbuck1975 said:


> Christmas


Like the last year? 

Winter 2016 then.


----------



## Kafluke (Jun 26, 2016)

KytuzuEX said:


> Like the last year?
> 
> Winter 2016 then.


It's a joke. The last time it was promised was Christmas. It's a big no no on gbatemp to ask for a release date of iosu


----------



## jbuck1975 (Jun 26, 2016)

KytuzuEX said:


> Like the last year?
> 
> Winter 2016 then.


I didn't say what year


----------



## punderino (Jun 26, 2016)

jbuck1975 said:


> Christmas


wrong


----------



## V1Cammy (Jun 26, 2016)

KytuzuEX said:


> What exactly is this?
> Some information progress about IOSU?
> 
> Anyways, since IOSU is being mentioned more often, I wanted to finally ask... when approximately is going to be "announced" as finished or released?



well that depends do you care to follow so far about the documentation on whats known on iosu.


----------



## V1Cammy (Jun 26, 2016)

and btw .... as for iosu and the elf that was provided from the google link
sure one can say it is bullshit filesystem calls for ioctl but  look
at the asm....it is a elf loader.... being tested.-0x20(sp) when stack pointer... clears its register... but it has already been set if you go to ->.text:00807164  addi  sp, sp, 0x20<-

ppc64 assembly really isnt as complicated...as what ppl think.

now to be more precise yes they added trolling msg to hykem which is clear.
but look through the subroutine ....it is a ELF Loader.... But they added their own stupid message because they did so...

.text:008070A0 # =============== S U B R O U T I N E =======================================
.text:008070A0
.text:008070A0
.text:008070A0 sub_8070A0:  # CODE XREF: .text:00802650p
.text:008070A0  stwu  sp, -0x20(sp)
.text:008070A4  mflr  r0
.text:008070A8  stw  r27, 0xC(sp)
.text:008070AC  lis  r27, [email protected]
.text:008070B0  lwz  r9, (dword_808E00 & 0xFFFF)(r27)
.text:008070B4  stw  r28, 0x10(sp)
.text:008070B8  lis  r28, [email protected]
.text:008070BC  stw  r0, 0x24(sp)
.text:008070C0  mtctr  r9
.text:008070C4  stw  r26, 8(sp)
.text:008070C8  stw  r29, 0x14(sp)
.text:008070CC  lis  r29, [email protected]
.text:008070D0  stw  r30, 0x18(sp)
.text:008070D4  lis  r30, [email protected]
.text:008070D8  stw  r31, 0x1C(sp)
.text:008070DC  lis  r31, [email protected]
.text:008070E0  lwz  r3, (dword_808E4C & 0xFFFF)(r28)
.text:008070E4  bctrl
.text:008070E8  lwz  r9, (dword_808DE8 & 0xFFFF)(r29)
.text:008070EC  li  r3, 0
.text:008070F0  lwz  r26, (dword_808DF4 & 0xFFFF)(r30)
.text:008070F4  mtctr  r9
.text:008070F8  bctrl
.text:008070FC  li  r4, 3
.text:00807100  mtctr  r26
.text:00807104  bctrl
.text:00807108  lwz  r9, (dword_808E00 & 0xFFFF)(r27)
.text:0080710C  lwz  r3, (dword_808E50 & 0xFFFF)(r31)
.text:00807110  li  r27, -1
.text:00807114  mtctr  r9
.text:00807118  stw  r27, (dword_808E4C & 0xFFFF)(r28)
.text:0080711C  bctrl
.text:00807120  lwz  r9, (dword_808DE8 & 0xFFFF)(r29)
.text:00807124  li  r3, 8
.text:00807128  lwz  r30, (dword_808DF4 & 0xFFFF)(r30)
.text:0080712C  mtctr  r9
.text:00807130  bctrl
.text:00807134  mtctr  r30
.text:00807138  li  r4, 3
.text:0080713C  bctrl
.text:00807140  lwz  r0, 0x24(sp)
.text:00807144  stw  r27, (dword_808E50 & 0xFFFF)(r31)
.text:00807148  mtlr  r0
.text:0080714C  lwz  r26, 8(sp)
.text:00807150  lwz  r27, 0xC(sp)
.text:00807154  lwz  r28, 0x10(sp)
.text:00807158  lwz  r29, 0x14(sp)
.text:0080715C  lwz  r30, 0x18(sp)
.text:00807160  lwz  r31, 0x1C(sp)
.text:00807164  addi  sp, sp, 0x20
.text:00807168  blr

--------------------- MERGED ---------------------------

on another short note... .text:00807150 lwz r27, 0xC(sp)=
0xC

SORecvFrom (int socket, char * message, int msg_len, int flags)

http://wiibrew.org/wiki/Socket


----------



## NexoCube (Jun 26, 2016)

V1Cammy said:


> and btw .... as for iosu and the elf that was provided from the google link
> sure one can say it is bullshit filesystem calls for ioctl but  look
> at the asm....it is a elf loader.... being tested.-0x20(sp) when stack pointer... clears its register... but it has already been set if you go to ->.text:00807164  addi  sp, sp, 0x20<-
> 
> ...



I tried it by myself and it's just calling IOS-NET modules function and prints out ssid and key


----------



## V1Cammy (Jun 26, 2016)

NexoCube said:


> I tried it by myself and it's just calling IOS-NET modules function and prints out ssid and key


unless ppl decide to go further on the elf loader thats pretty much a "Example"
as what ppl are wanting for stupid messages aside.

--------------------- MERGED ---------------------------



NexoCube said:


> I tried it by myself and it's just calling IOS-NET modules function and prints out ssid and key


you are correct as one can simply see the modules ...the elf makes it too obvious the control flow....


----------



## V1Cammy (Jun 26, 2016)

and for extra referrence ioctl output is mflr  r0

your welcome. Look the routines!


----------



## EpicLPer (Jun 26, 2016)

BullShit or HotShit?


----------



## V1Cammy (Jun 26, 2016)

sub_4EB770
STMFD  SP!, {R4-R7}
MOV  R0, SP
LDR  R5, =0x1FF80000
MOV  R0, R0,LSR#12
MOV  R12, #0x80000
MOV  R0, R0,LSL#12
MOV  R3, #0
STR  R5, [R0,#8]
STR  R12, [R0,#0xC]
MOV  R6, #8
STR  R3, [R0,#0x18]
MOV  R7, #0xC8 ; '+'
STR  R6, [R0,#4]
MOV  R1, #0x2C ; ','
STR  R7, [R0]
STR  R1, [R0,#0x20]
LDR  R4, =0xFFF318D4
LDR  R12, =0xFFF31FFC
STR  R3, [R0,#0x1C]
LDR  R2, =0xFFF321E8
ADD  R3, R0, #0x10
STMIA  R3, {R4,R12}
ADD  R3, R7, #0x7E
LDR  R2, [R2,#4]
MOV  R4, #0x28 ; '('
MOV  R12, #0xB0 ; '¦'
STR  R2, [R0,#0x40]
LDR  R2, =0xFFF32

on a another note do you want to know how GateShit Bricks The Console You Paid for?

ya theres the rumour that if you mess with some files on flash
gateshit bricks it no?
if you read up arm9loaderhax documentation...

gateway simply adds a check to see if the files  have been tampered 
with upon boot. sound familiar? you wipe the stack used to decrypt nand sector... gateway has already patched firmware header checks for rsa preboot
...and its a hash check... -_-

--------------------- MERGED ---------------------------

where the stack is wiped decrypting nand preboot....
they wipe your console instead .


----------



## QuarkTheAwesome (Jun 27, 2016)

I love you, GBATemp.

Just in case anyone wants it~


----------



## Mrrraou (Jun 27, 2016)

V1Cammy said:


> sub_4EB770
> STMFD  SP!, {R4-R7}
> MOV  R0, SP
> LDR  R5, =0x1FF80000
> ...


umm it's wii u here lol


----------



## Bug_Checker_ (Jun 27, 2016)

QuarkTheAwesome said:


> I love you, GBATemp.
> 
> Just in case anyone wants it~



A public IOS_Write truly a big day.


----------



## V1Cammy (Jun 27, 2016)

Mrrraou said:


> umm it's wii u here lol


Faack its all the same to me  LMFAO


----------



## QuarkTheAwesome (Jun 27, 2016)

Now for the real struggle - EoF for useless homebrew or Ryan bashing?

Also (technically) first EoF post, hello world.


----------



## V1Cammy (Jun 27, 2016)

QuarkTheAwesome said:


> Now for the real struggle - EoF for useless homebrew or Ryan bashing?
> 
> Also (technically) first EoF post, hello world.


probably ryanbashing will occur only because there is a tweet and nothing else


----------



## NexoCube (Jun 27, 2016)

V1Cammy said:


> sub_4EB770
> STMFD  SP!, {R4-R7}
> MOV  R0, SP
> LDR  R5, =0x1FF80000
> ...



Just stop posting asm subroutine -_- Everything you posted were mostly false or deprecated things...


----------



## PK101 (Jun 27, 2016)

Ok, so I decided to try it because i got nothing to live for. It basically just spits out whatever your router outputs. Or at least it spitted out my two wifi connections for me.


----------

