Welcome to the personal blog of QuarkTheAwesome
- Background color
- Background image
- Font Type
- Font Size
Well, here we are again. I did something stupid.
Some of you may remember a few days ago when a thread was posted on the Wii U boards. The thread contained an app named "boat1hax" - similarly-named to a long-awaited exploit for the system and with a variety of other nuances to draw attention. The thread has been deleted and the posting account banned - this is because the application was not an exploit as it claimed. Users of the app would be shown a mildly-convincing installation screen before the console started playing a low-resolution version of Rick Astley's "Never Gonna Give You Up".
From the beginning, it wasn't a brilliant idea. Things got worse when I decided that it shouldn't be an April Fool's release after all; instead being impatient and going forward upon completion. Even worse still, I took the cowardly route and made an alternate account and removed references to myself from the program. I got scared. This should have been my red flag; the thing that made me realise just what a terrible idea this was. I can't believe I was worried about "image" while doing something like this. Needless to say, I continued anyway. Looking back, my handling of all this was beyond terrible, being driven by a lack of maturity rather than any reason whatsoever. It was destined from disaster from the outset, and yet I ignored all of it to chase a simple joke.
To clear things up, I wrote, orchestrated, released, and peddled the boat1hax application. The account that posted it was entirely my doing. I intentionally went against the advice of the people around me to make this happen. I'm sorry. It was a stupid, stupid thing to do. All of this was. I shouldn't have done any of this, and I certainly shouldn't have... well, done any of this.
I apologise for not really communicating myself effectively. The list of ways I screwed up is so large that it really is the best I can do to apologise for the whole thing at once. I was immature, deceptive, unscrupulous and ignorant. I'm really sorry. It won't happen again. I went too far, and I recognise that.
I also want to apologise for the way I acted when initially revealing my relation to the application on IRC. This won't mean much to most of you, but those who were there know what I did and the way I communicated it; and for that I apologise. The seriousness of the situation hadn't really dawned on me, and I spoke waay out of line, without consideration for the emotions or reactions of anyone, and I caused some serious damage. I'm so sorry.
To sum up, I screwed up on all fronts. I'm really sorry for taking this so far and not recognising what should have been obvious, and I'm sorry for even doing any of this in the first place.
(An extra apology for @VinsCool... I, just... Sorry.)
Remember this? How about this? Heh, those were the days. Too bad it was all crap, right? Right?
Today, I wanted to point out something interesting I noticed in those pastebins. That is, both name Hykem's IOSU exploits as involving "CtrlChicken" and /dev/uhs ioctls (for userspace); along with IOS_CreateThread and 0xF5AF5AF5 (for kernelmode). At the time, it was dismissed.
Well, guess what? That's what the exploits ended up actually being! In fact, the stories presented above even line up with the later comments that got posted to wololo, supposedly from Hykem himself.
Interesting, huh? Get your tinfoil hats on!
This is my first blog post (ooh) and I thought I'd share the story of my "IOSU exploit" that had a few people excited lately. In case you weren't aware:
Just to preserve this pic.twitter.com/isFmAruP8r— EpicLPer (Stefan Kern) (@EpicLPer) September 18, 2016
Is that a HBL icon? How'd I do that? This is the story of how a bit of fun turned into a screenshot and one of my favourite reactions to anything, ever.
As some of you know, developers like me enjoy hanging out on IRC channels, and I'm no different (#wiiubru on freenode, we have fun!) Aside from the usual debugging by committee and code golf competitions (almost had OurLoader under 200 bytes, but it turned out to not actually work... Maschell takes the win for now ) there's also a lot of tests, betas and PoC apps passed around. One such occasion is where we begin.
The developer of this particular app was passing around a rather curious ELF when I came online - they claimed it could change icons on the Home Menu without IOSU! Well, I couldn't resist that one. I downloaded the app and included .tga icon and transferred it over. I opened it up, and was greeted with this monstrosity:
Hrm. I don't think that's what it's meant to do... (that's Mii Maker btw)
After a quick panic chat on IRC, I found out that the app makes use of the USB temporary storage system available on the Wii U, where code can quickly throw stuff on a connected USB drive as part of some operation. Up until that point, I ran my Wii U driveless (I'm broke [no eShop stuff], it's a 32GB console and I never hacked my vWii) so I found some random USB key, formatted it and tried again. It worked! Mii Maker's icon had been replaced with a neat little HBL logo. After a quick rearranging of the menu, it was perfect:
You see, by this point I had formed a bit of a plan. Every now and again I like to screw around a bit. It rarely ends well, but I still have fun getting there and crafting a convincing setup. I've done it before with WiFi passwords, GBATemp cookies and had several other plans that never went anywhere. Thus, we got to the tweet:
The game was on! The whole thing was noticed almost immediately by eagle-eyed Twitter followers with questions about the HBL icon in the image. After taking the above screenshot (just in case) I set myself a deadline - 45 minutes and the tweet's deleted. Which is exactly what I did.
shit can we pretend you didn't see that— Ash (@quarktheawesome) September 18, 2016
Don't be a Smeahole lol— EpicLPer (Stefan Kern) (@EpicLPer) September 18, 2016
I do my best. With that, I went to bed and woke up to find GBATemp involved; and some rather interesting conversation.
Surprisingly, that's not really what happened. This was all on the 18th of September and beyond the posts I quote here this has kinda been ignored over that span of time. I do like the point about everyone waiting regardless, looks like all you lot are finally starting to harden up towards this sort of thing ;D
That's my folder of "built-in apps I never use"; named "Randoms". It's an excellent organisation strategy.
IMHO the opposite is true - we need to archive evidence of stuff like this (when it's serious, of course) so we can hold people accountable. Ignoring an issue normalises it; if left unchecked it'll be "no big deal" to take the whole community for a Hykem-style ride.
Obligatory anti-flamewar stuff: When I say "hykem-style", I'm taking about the experience delivered to the community. Whether or not he actually had an exploit is irrelevant, as is his intentions. This is not the place to discuss it.
Gotcha! I left a like on this post to give the hint; apparently it did. All was silent until Thursday, when quite literally out of the blue:
Woah! I was talking about PowerPC Assembly in a thread centred around playing Xbox games on the Wii U when all of a sudden, nearly 2 weeks later, this happens! I was asleep at the time, so I saw all this and the following at once:
By the way, the reason I didn't publicise any of this is because the original developer was very specific that this was to stay private. I'm probably pushing it with this blog post - sorry. I know you're reading this, but I can't let posts like that one slide indefinitely, esp. when it's edited to just "nevermind". Again, I'm sorry.
Me being me, I then responded in the stupidest, most aggressive way possible:
In case you were wondering, the re-released iPhone is the SE, which is a direction (south-east) and south-east of Patrick there's an invisible link to the post I liked (about changing the icon being a known thing). I was really proud of the whole thing at the time, eagerly explaining the riddle on IRC. Now I'm not so sure.
I was originally planning on keeping this entry all light-hearted and "haha" but looking at that post I think an apology is in order. I'm sorry, guys. I don't have an IOSU exploit. It was silly of me to deceive you all like that, especially after what the community's been through with developers who were completely serious. Again, I'm sorry.
I'm not really sure where to take this post now; so I suppose I'll just end it off here. There you have it - the story of the mystery HBL icon and what followed. I hope you enjoyed reading about it!