Hacking Wii U Hacking & Homebrew Discussion

[Etheboss]

But my XenoX is little incomplete cuz
I can't download these file and DLC

Spoiler: That's how it's done

WOW, what a big picture, you could have put that in spoilers like i did above, this is much better for the eyes...and makes reading the thread much better.

 

[MiZ J0K3R]

WOW, what a big picture, you could have put that in spoilers like i did above, this is much better for the eyes...and makes reading the thread much better.

Oh rly sorry i am newbie using forum, sorry :L

 

[FusionGamer]

Problem being, I couldn't even setup a Nintendo Network Id yet on my 2nd Wii U since it also requires you to update first

Wow, really? Nintendo is the most anti-consumerist company (besides Apple) that I've seen.

 

[BENETNATH]

i'm stuck the same way, did not create my NNID and i want to stay on 5.3.2

need a spoofer

 

[BullyWiiPlaza]

Wow, really? Nintendo is the most anti-consumerist company (besides Apple) that I've seen.

Yes
And in Mario Kart 8 I can't view my character stamps without a Nintendo Network Id but it displays the amount of stamps I have. Just great

 

[Lory171]

Making more progress on eShop update bypasses. 105-4260 was the old error, which just said the network was "busy" (aka nn::nim::NeedsNetworkUpdate returned 1). This is what happens when you remove the call from the app .text. I'm willing to bet this is a return from NNID sign in, so maybe patching NIM directly will yield results.

I already got to that point few days ago just using tcp gecko, but I could not still get to enter the eshop so I lost interest; my advice is to try messing around with the debug feture of tcp gecko, with which you can pause threads. There are some threads dedicated to update checking and maybe with a good timing you can go inside eshop (and maybe also online games). The only downside is that pausing the wrong thread or at a wrong time it will crash your console, so testing this is really a pain.

 

[BullyWiiPlaza]

The only downside is that pausing the wrong thread or at a wrong time it will crash your console, so testing this is really a pain.

True, I paused a random thread for fun and it already crashed so that's pretty retarded.

You have to use the unmodified codehandler:

Still not responding
Nevermind, it just finished. It just takes a long time

 

[MrRean]

cafiine works on 5.5.0, tcp is not so lucky

 

[shinyquagsire23]

I already got to that point few days ago just using tcp gecko, but I could not still get to enter the eshop so I lost interest; my advice is to try messing around with the debug feture of tcp gecko, with which you can pause threads. There are some threads dedicated to update checking and maybe with a good timing you can go inside eshop (and maybe also online games). The only downside is that pausing the wrong thread or at a wrong time it will crash your console, so testing this is really a pain.

If I can't do it in code my plan is to take a look at the SSL content by using cafiine or similar (maybe alter the .text to read from SD?) to change the pem to allow me to MITM the SSL on the Wii U while in eShop. I've done it on 3DS so I see no reason for it to fail there, especially with it as modular as it is (3DS needed a reassembled module and modified rodata). It could be a check somewhere which consequently fails it. Or, there's a check somewhere for the error, so even if the actual call returns 0 it'll also check for an existing error. How were you altering the NIM module?

 

[pedro702]

If I can't do it in code my plan is to take a look at the SSL content by using cafiine or similar (maybe alter the .text to read from SD?) to change the pem to allow me to MITM the SSL on the Wii U while in eShop. I've done it on 3DS so I see no reason for it to fail there, especially with it as modular as it is (3DS needed a reassembled module and modified rodata). It could be a check somewhere which consequently fails it. Or, there's a check somewhere for the error, so even if the actual call returns 0 it'll also check for an existing error. How were you altering the NIM module?

the devs said several imes SD acess will be very hard if possible with kernel tough.

 

[BullyWiiPlaza]

cafiine works on 5.5.0, tcp is not so lucky

Not quite, Matt and NWPlayer got it working

 

[EpicLPer]

Man this thread was active for the past few weeks I was gone

Uhm... Anyone willing to, in a nutshell, wrap things up here? Did anything "special" or "awesome" happen for 5.3.2 the last... let's say 3 weeks?

 

[Etheboss]

@EpicLPer You also missed a lot of drama

 

[Lory171]

Man this thread was active for the past few weeks I was gone

Uhm... Anyone willing to, in a nutshell, wrap things up here? Did anything "special" or "awesome" happen for 5.3.2 the last... let's say 3 weeks?

Webkitexploit= userspace access
Pong= first homebrew
Kernel exploit=kernel access
Caffeine = Game files replacement like the old Riivolution
Tcp Gecko = Ram edit and cheats
Ability to dump game files
Online cheating and drama+
People complaining and drama++
Rom injection with Caffeine for VC games
NSMBU level editor
Hardware nand dump and restore
Music replacement for SSB4 and Mario Kart8
People working on IOSU exploit, firmware spoofing, backup loading and more stuff

EDIT: I forgot to mention DRAMA

 

[YugamiSekai]

File replacement is permanent using Cafiine?

Once the IOSU exploit is finished, file replacement will be permanent since it will allow for SD/USB file replacements (maybe...)

 

[shinyquagsire23]

So I readjusted my patches so that it wouldn't get a chance to throw any errors, now it's not throwing an actual error but the update nags persist.

 

[VinsCool]

So I readjusted my patches so that it wouldn't get a chance to throw any errors, now it's not throwing an actual error but the update nags persist.

A step closer

 

[Lory171]

So I readjusted my patches so that it wouldn't get a chance to throw any errors, now it's not throwing an actual error but the update nags persist.

Check which threads are running during the startup of eshop with tcpgecko and see if you find one related to update check

 

[FIX94]

ALRIGHT, got kernel exploit on 3.1.0 working, turns out the memory mapping is quite different, for you guys it physically started at 0x31000000 which maps to 0, for me it starts at 0x30000000 which maps to 0x10000000, my 0 is actually located at 0x4C000000 so where you guys write to 0xA0000000 I need to write to 0xBC000000 now, but hey all that aside its working pretty good, coreinit can be written over quite easly now as I just tried out by patching MCP_GetSystemVersion:

Spoiler

 

[VinsCool]

ALRIGHT, got kernel exploit on 3.1.0 working, turns out the memory mapping is quite different, for you guys it physically started at 0x31000000 which maps to 0, for me it starts at 0x30000000 which maps to 0x10000000, my 0 is actually located at 0x4C000000 so where you guys write to 0xA0000000 I need to write to 0xBC000000 now, but hey all that aside its working pretty good, coreinit can be written over quite easly now as I just tried out by patching MCP_GetSystemVersion:

Spoiler

Is it a real firmware spoof, or is it a simple string edit?

(please, a real spoof!)