Hacking Wii U Hacking & Homebrew Discussion

[NWPlayer123]

Still no luck with the 5.3.2 ROP chain?

We're working on it as we speak, have patience.

 

[Mr. Mysterio]

We're working on it as we speak, have patience.

Does that mean that Hykem has finished his exploit for 5.3.2?

 

[NWPlayer123]

Does that mean that Hykem has finished his exploit for 5.3.2?

working, not polishing/cleaning. working implies it is not done.
Like I said, as we speak.

 

[PhyChris]

You guys know me for my wild Ideas. It seems you guys hit a wall at this point. (it happens) did any of you ever think to use a hacked wiiu with something running in the background while the system is updating to 5.3.2 to find the needed addresses?

 

[Mr. Mysterio]

You guys know me for my wild Ideas. It seems you guys hit a wall at this point. (it happens) did any of you ever think to use a hacked wiiu with something running in the background while the system is updating to 5.3.2 to find the needed addresses?

I think they were making some kind of debugger using the kernel exploit to help them create this one. NWPlayer123'll give you a definite answer.

 

[NWPlayer123]

Nah, we're using NUS since it's pretty straightforward once we have binaries from there

 

[TehLexinator]

I have been keeping up with this thread, and while I know the kernel exploit works on all Wii U versions (up to the current one), with the browser working on older versions - what is the recommended version to stay on?

I just bought a Wii U for pretty cheap and it is on v 2 something. Should I just stay on that?

 

[TotalInsanity4]

I have been keeping up with this thread, and while I know the kernel exploit works on all Wii U versions (up to the current one), with the browser working on older versions - what is the recommended version to stay on?

I just bought a Wii U for pretty cheap and it is on v 2 something. Should I just stay on that?

I believe that the known IOSU exploit works on versions up to 3.x, but you can't do much with that currently. The browser exploit starts at 4.1.0 if you're into that, and the latest version has been confirmed for the kernel exploit, but they need to port the browser exploit first to launch it. So those are your choices, you obviously have access to do whatever you want from v2.x so it's really your choice, but just remember that once you update to a certain version, there's no going back

Also, if you want to update to a version before 5.3.2 (current), you'll have to stay offline and use a game with the desired firmware to update

 

[NWPlayer123]

I have been keeping up with this thread, and while I know the kernel exploit works on all Wii U versions (up to the current one), with the browser working on older versions - what is the recommended version to stay on?

I just bought a Wii U for pretty cheap and it is on v 2 something. Should I just stay on that?

Latest version, there's no reason to stay on a lower firmware for several reasons (which I should probably add in several places). Who knows if they'll still keep updating the firmware now that it's been out for so long, plus all released games can run on it, and you can download games/use online. Of course this is after all our work is done, but there's nothing stopping it from happening other than time and effort.

 

[TotalInsanity4]

Latest version, there's no reason to stay on a lower firmware for several reasons (which I should probably add in several places). Who knows if they'll still keep updating the firmware now that it's been out for so long, plus all released games can run on it, and you can download games/use online. Of course this is after all our work is done, but there's nothing stopping it from happening other than time and effort.

Is there any news from Hykem about the possibility of running an IOSU exploit from FWs later than 3.x?

 

[NWPlayer123]

Is there any news from Hykem about the possibility of running an IOSU exploit from FWs later than 3.x?

Yes, it's not like we're not going to find an exploit, I'd be willing to bet most functions are exploitable, it's just a matter of picking one to actually make an exploit with once we can run code. It's not an if, it's a when. Still lots of work to do

 

[TotalInsanity4]

Yes, it's not like we're not going to find an exploit, I'd be willing to bet most functions are exploitable, it's just a matter of picking one to actually make an exploit with once we can run code. It's not an if, it's a when. Still lots of work to do

Good to hear

 

[TehLexinator]

Thanks all. Going to be updating then.

 

[yahoo]

c.shop.nintendowifi.net : if this is blocked, it doesn't try to check updates at all because ALL eshop is blocked.
If not blocked, it will try to download updates but will fail if you have other URL blocked.

If you want to retain Eshop access but block updates, you can block only the 3 "cdn" URLs.
but be careful as it WILL download and save data to the console if your router/proxy is providing custom Forbidden error message instead of just not forwarding the request.
I did it 4 times on 4.0.2 and let the console download fake update files, let it initiate an update and it deleted the fake files. it resulted in no update or brick. as 5th try I finally removed the cdn blocked URL and downloaded the 5.3.2 files and it correctly updated.

For more info, you should read the OpenDNS and CCProxy guides which contains more information on the URLs to block and what's their uses.

Can you elaborate what you mean by fake update files?

 

[sj33]

I have been keeping up with this thread, and while I know the kernel exploit works on all Wii U versions (up to the current one), with the browser working on older versions - what is the recommended version to stay on?

I just bought a Wii U for pretty cheap and it is on v 2 something. Should I just stay on that?

The latest firmware is fine. The only reason people are being told to block updates is because nobody knows if Nintendo will fix the exploit in the next firmware. The Wii U automatically updates in the background so it's recommended to update to the latest firmware then follow the instructions to block the update (or do what I have done and delete the internet settings entirely).

 

[TotalInsanity4]

Can you elaborate what you mean by fake update files?

It means that in OpenDNS's attempt to block whatever file comes from a blocked domain, it sends a small file filled with absolute garbage to the device that's expecting the download to make it think the download has worked. In the case of the Wii U, that is an update file that may potentially get flashed to the Wii U's NAND bank, which is why that option is labeled "Risky" and has bold and red text plastered all over it. Both Cyan and I have tested this and can confirm it works, and Cyan has confirmed that at least on his console the update deletes itself before replacing the previous FW, but I wouldn't exactly tempt fate unless you want to be able to look at the eShop for whatever reason

Edit: Sorry, I thought that this was in my tutorial, so you won't get what I meant by red text

 

[Mr. Mysterio]

It means that in OpenDNS's attempt to block whatever file comes from a blocked domain, it sends a small file filled with absolute garbage to the device that's expecting the download to make it think the download has worked. In the case of the Wii U, that is an update file that may potentially get flashed to the Wii U's NAND bank, which is why that option is labeled "Risky" and has bold and red text plastered all over it. Both Cyan and I have tested this and can confirm it works, and Cyan has confirmed that at least on his console the update deletes itself before replacing the previous FW, but I wouldn't exactly tempt fate unless you want to be able to look at the eShop for whatever reason

I very highly doubt that the "garbage" files could get installed to the Wii U. Every file on NUS will be digitally signed by RSA and SHA-1, meaning that the chances of a garbage file being properly signed are approximately 1461501637330902918203684832716300000000000000000 to 1. It should download the garbage, then check the integrity, then delete the files if the signature is invalid and install them if it is valid. For there to be a decent chance of the signature actually being valid, there would need to be around 1.46 * 10^48 Wii Us in use. Now, if Nintendo had sold that many Wii Us, then they would be richer than Microsoft! So, granted it could happen, but the chances are higher that you will get killed in a car accident today! (If you don't believe this, then think about these facts: There are about 100 people killed in car accidents each day. If the odds were really as high as the random file signature being valid, then there should be 1.46 * 10^48 people on the earth, and only one should die in a car accident.)

 

[Cyan]

The custom "403 forbidden" error message provided by the router/proxy/DNS filtering service is only some "data broadcasted to the WiiU".
The WiiU is saving that data to the NAND as if it was the expected data it had to download. Even if no text is provided as custom message, it's probably saving a 0byte file size, there's no expected file size or else it would try to re-download it immediately. there's no signature checking at download either, for the same reason.

Only AFTER all files are downloaded and ready to install that the file's integrity are checked and deleted if incorrect.
You can try if you are still on lower than 5.3.2, set a custom data sent to the WiiU for all HTTP GET requests and you will see if you log your traffic that the data and the files are being downloaded.
If you stop the download process midway, it will resume where you stopped, meaning that it didn't check the file's checksum or signature yet or else it would restart or always try to re-download the same file.
it's saving all files to NAND, then check signature/checksum/whatever, then delete corrupted files or install the update.

I did what I called the "fake download update" 4 times and it deleted corrupted files only AFTER it completed all the download list. you can even shutdown the console midway, it will resume where you stopped. you will see the update waiting for resume in the update log screen.
After full deletion, the log screen doesn't display anything anymore. It's really fully deleted and there's no trace of the download being corrupted or in standby.

I didn't try downloading partial good files and partial bad one.
But I suppose it would delete all the update, not only the bad one. right?
if it's the case, it could be a method to delete partially initiated update.

 

[Mr. Mysterio]

The custom "403 forbidden" error message provided by the router/proxy/DNS filtering service is only some "data broadcasted to the WiiU".
The WiiU is saving that data to the NAND as if it was the expected data it had to download. Even if no text is provided as custom message, it's probably saving a 0byte file size, there's no expected file size or else it would try to re-download it immediately. there's no signature checking at download either, for the same reason.

Only AFTER all files are downloaded and ready to install that the file's integrity are checked and deleted if incorrect.
You can try if you are still on lower than 5.3.2, set a custom data sent to the WiiU for all HTTP GET requests and you will see if you log your traffic that the data and the files are being downloaded.
If you stop the download process midway, it will resume where you stopped, meaning that it didn't check the file's checksum or signature yet or else it would restart or always try to re-download the same file.
it's saving all files to NAND, then check signature/checksum/whatever, then delete corrupted files or install the update.

I did what I called the "fake download update" 4 times and it deleted corrupted files only AFTER it completed all the download list. you can even shutdown the console midway, it will resume where you stopped. you will see the update waiting for resume in the update log screen.
After full deletion, the log screen doesn't display anything anymore. It's really fully deleted and there's no trace of the download being corrupted or in standby.

I didn't try downloading partial good files and partial bad one.
But I suppose it would delete all the update, not only the bad one. right?
if it's the case, it could be a method to delete partially initiated update.

You're right, I didn't express what I meant clearly enough. I meant the file will be saved to the NAND, just not installed (as in updating the system). I fixed my post.

 

[Cyan]

yeah, it will not be installed.
I don't know if only the bad files are re-downloaded or if all the temporary downloaded files are deleted (even the good ones) and downloaded again from the beginning.
I didn't test that sorry.

But seeing how 3DS work, I think it deletes everything.
a similar method was used to remove the update nag. (start download, shutdown network, update deleted)