Just because there's only 1GB total there doesn't mean it's not part of a larger chip.
Just because there's only 1GB total there doesn't mean it's not part of a larger chip.
No, I meant the numbers on the chips themselves indicated they were 1GB nand flash. One of the other storage chips is an emmc(either 8GB or 32GB) but there are still other memory chip(s) like the serial eeprom for the DRH firmware etc.
I was not clear when I said "This is what I believed to be true". The "This" was YOUR statement about dual purpose of the nand flash.
I mean, based on Samsung's info, the white wii u has a 8GB (64Gb) chip. What's the misinformation you guys are talking about?
The Wii U has an 8GiB or 32GiB eMMC chip used for applications and user data. It also has dual NAND banks, 512MiB each, which are used for vWii mode and the Wii U OS, respectively.
Gotcha. So you'd need something like an infectus to dump it since it's just a plain old NAND chip.
Yeah, I believe it's the same type of NAND chip used on the Wii. Obviously, any NAND dumps you make would be encrypted but it may be possible to downgrade a Wii U by only reflashing the OS NAND chip and not the eMMC.
Step 12 Samsung K9K8G08U1D 4 Gb (512 MB) NAND Flash from
https://www.ifixit.com/Teardown/Nintendo+Wii+U+Teardown/11796
this is incorrectly reported
(back of wiiu motherboard) https://d3nevzfk7ii3be.cloudfront.net/igi/DBOR5ukVFarbvSq6.huge
Just notice Marionumber1 cleaned up wiiubrew back in April.
source http://wiiubrew.org/w/index.php?title=Wii_U/console&diff=prev&oldid=923
I'm personally really surprised nobody besides Microsoft (with lockdown counter in efuses) seems to have mechanisms in place to prevent downgrading.
I believe marcan said somewhere that the Wii U may have basic downgrade protection, but that was just his speculation and not an absolute fact.
If you want a dump by hardware, yes you will have to install chip. Example: backup nand flash from virgin state. But you can do a software dump right now with DumpmiiNand that (i believe) does the WHOLE 1GB nand flash. You currently just can't write it back without a hardware setup or an unreleased nand write program.
Isn't the "downgrade protection" usually a protected (signed) installer that tests the currently installed firmware version and if it's higher or same, refuses to run?
In other words, ignoring complications like partitioning (flash0:, flash1: etc. on PSP), with a hacked installer, couldn't you just flash ANY version firmware? How about a "real" installer but a faked current firmware version (say 1.0.0)?
In other words, ignoring complications like partitioning (flash0:, flash1: etc. on PSP), with a hacked installer, couldn't you just flash ANY version firmware? How about a "real" installer but a faked current firmware version (say 1.0.0)?
- Joined
- Apr 16, 2007
- Messages
- 1,315
- Reaction score
- 474
- Trophies
- 1
- Age
- 38
- Location
- Bikini Bottom
- XP
- 1,487
- Country
The web browser already barely has any permissions. For example, the browser is limited to its own little area in the filesystem and it's impossible to access external storage. The only purpose of code execution inside the web browser is to serve as a launchpad for a more advanced exploit. There are many targets that can be gone after. Kernel is an obvious choice, but you could try going directly to IOSU as well. There's also a privileged process called the loader, which handles executable loading and dynamic linking. The loader is allowed to rewrite the code and data in any process, as well as access the entire filesystem. Even a loader exploit would likely be sufficient for homebrew, you wouldn't have to go all the way to the kernel.
Also, Nintendo can never stop the web browser from being used for exploits. We use the web browser because it's convenient, as it utilizes external open-source libraries and you're allowed to generate executable code inside it. This first factor will almost certainly never change, since using WebKit is what makes the browser so (in my opinion) good. The second factor is still unlikely to change, since it's needed for efficient Javascript execution, but even if it did, a ROP chain should be sufficient to trigger a kernel or loader vulnerability (though much harder to pull off).
- Joined
- Feb 17, 2012
- Messages
- 2,642
- Reaction score
- 6,242
- Trophies
- 0
- Location
- The Everfree Forest
- XP
- 6,693
- Country
There's nothing actually being changed on your console, so there's nothing being removed, you have to run this every time to use it, and as people have said many times before, yes it is broken on 5.0 right now.
HOWEVER, it's not like this is anything useful for 99% of people, so you won't miss this anyways, so feel free to update.
HOWEVER, it's not like this is anything useful for 99% of people, so you won't miss this anyways, so feel free to update.
As the exploit is not something that installs, it doesn't remove either.
The issue is that the current exploit rop chain won't run anymore on 5.0. SO basically, every proof of concept that is published now won't run on 5.0.
The exploit is triggered by loading a website in the browser and executes some homebrew c code in the browser user space. (Which gets embedded in the webpage that is called) At least, that's how I understand it works without studying it in detail.
The wiiu nand chip is different from the wii nand chip. It has twice the wii nand capacity (1gig versus 512 MB)
Half of it is used in vwii mode and appears to it similar as the nand appears to the wii. The other half is used in wiiu mode and as far as I understand contains the firmware used to launch the wiiu arm at boottime. (I know it also has a coffee related name but I keep forgetting it. Arm and ppc makes more sense to me)
So, it might contain a boot1 and boot2 and something similar to what ios are for the wii. According to the Team f0f presentation, it also has an option to recovery boot from the sd card using a signed firmware on that.
Ninty could for instance store the latest firmware version in a file on that nand chip. If the emmc contains a lower firmware revision, it could refuse to boot such.
This is all just speculation, but if we expect the worst, things can only be better.
To backup and restore the nand contents, you'll need an infectus or something similar and some excellent solder skills.
The emmc uses far less wires, so it might be easier to backup that using a sd card reader.
The issue is that the current exploit rop chain won't run anymore on 5.0. SO basically, every proof of concept that is published now won't run on 5.0.
The exploit is triggered by loading a website in the browser and executes some homebrew c code in the browser user space. (Which gets embedded in the webpage that is called) At least, that's how I understand it works without studying it in detail.
The wiiu nand chip is different from the wii nand chip. It has twice the wii nand capacity (1gig versus 512 MB)
Half of it is used in vwii mode and appears to it similar as the nand appears to the wii. The other half is used in wiiu mode and as far as I understand contains the firmware used to launch the wiiu arm at boottime. (I know it also has a coffee related name but I keep forgetting it. Arm and ppc makes more sense to me)
So, it might contain a boot1 and boot2 and something similar to what ios are for the wii. According to the Team f0f presentation, it also has an option to recovery boot from the sd card using a signed firmware on that.
Ninty could for instance store the latest firmware version in a file on that nand chip. If the emmc contains a lower firmware revision, it could refuse to boot such.
This is all just speculation, but if we expect the worst, things can only be better.
To backup and restore the nand contents, you'll need an infectus or something similar and some excellent solder skills.
The emmc uses far less wires, so it might be easier to backup that using a sd card reader.
Seems kind of pointless to hack the console if all the user is going to do is pirate games. I buy the games myself a few days after they're released for a small price drop which makes them worth it overall.
Don't forget that those who bought the console are probably going to buy the Wii Key U which might cost up to $100 and that's supporting piracy over developers who deserve, then again, it's their money so do what you want with it.
Don't forget that those who bought the console are probably going to buy the Wii Key U which might cost up to $100 and that's supporting piracy over developers who deserve, then again, it's their money so do what you want with it.
Similar threads
- Question
Site & Scene News
New Hot Discussed
-
-
20K views
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
13K views
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
10K views
Nintendo Direct June 9, 2026 roundup - Ocarina of Time remake announced, Kingdom Hearts IV trailer
Nintendo's expected Summer showcase is here, offering up plenty of new announcements and exciting reveals. Let's see what they have in store in the latest Nintendo... -
9K views
Pokémon Crystal gets a PC port titled "suiCune" based on C/C++ language
Continuing with the great news of Pokémon Platinum getting a native unofficial PC port just a few days ago, today, yet another classic title from the franchise has... -
9K views
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
8K views
Low-level 3DS emulator 3Beans released alongside setup tutorial video
When you talk about 3DS emulation, most people would jump to Citra. As the defacto choice since its first release it's seen tremendous success, and even after its... -
6K views
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
6K views
The long awaited EarthBound Beginnings Remake romhack is now available after almost 2 decades in development
What once seemed like a far off dream, and after many, many community restarts throughout the years, the elusive Mother 1 / EarthBound Beginnings Remake, which is a... -
5K views
Call of Duty: Modern Warfare 4 to launch on Nintendo Switch 2 in October
For the first time in 13 years, the Call of Duty series will again return to Nintendo's consoles. Set to launch on the 23rd of October, the latest release, Modern... -
5K views
RAManimator adds animated graphics to emulated games with no ROM editing
Back in April we covered the ROM hacking efforts to add fifth-generation animated sprites to third generation Pokemon games. It remains a thoroughly impressive...
-
-
-
172 replies
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
141 replies
Nintendo Direct June 9, 2026 roundup - Ocarina of Time remake announced, Kingdom Hearts IV trailer
Nintendo's expected Summer showcase is here, offering up plenty of new announcements and exciting reveals. Let's see what they have in store in the latest Nintendo... -
103 replies
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
91 replies
What do you want to see in the next Nintendo Direct?
With rumours circulating about a Nintendo Direct in the coming days and weeks, fans are left speculating and hoping as to what might be included. At the centre of all... -
78 replies
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
71 replies
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
71 replies
Nintendo Direct to air on the 9th of June, set to feature 50 minutes of Switch and Switch 2 games launching this year
After much speculation and rumour, the fabled Nintendo Direct is upon us. Set to go live tomorrow, the 9th of June, at 3pm in the UK, it'll feature 50 minutes of... -
63 replies
Call of Duty: Modern Warfare 4 to launch on Nintendo Switch 2 in October
For the first time in 13 years, the Call of Duty series will again return to Nintendo's consoles. Set to launch on the 23rd of October, the latest release, Modern... -
57 replies
Nintendo fined 35 million euros by the French government due to Switch 1 Joycon malfunctions
Following an investigation over misleading commercial practices, today Nintendo has been imposed a fine of 35 million euros related to the controller malfunctions... -
54 replies
Pokémon Crystal gets a PC port titled "suiCune" based on C/C++ language
Continuing with the great news of Pokémon Platinum getting a native unofficial PC port just a few days ago, today, yet another classic title from the franchise has...
-
