Thanks a lot for the tutorial, ptitleray
I will try to get it working on 5.0.0
If anyone else is interested in trying to make it work for 5.0.0, here are the addresses to get started:
OSScreenInit is at: 0x1039AD8
socket_lib_init is at: 0x10BF2F4
GX2WaitForVsync is at: 0x1150868
VPADRead is at: 0x11283D0
SYSLaunchMiiStudio is at: 0xDEAAE68
hey guys, forgot my old nick here, but long time member...
i just checked my wiiu. thought it would be on 4.1.0e but it´s on 4.0.0e. is someone of you capable in porting it to that fw? or does someone know (from any chat) if naehrwert is going to pull his iosu down to 4.0.0e users that didn´t update to 5.3.2?
Thanks ptitleray. I'm an usual lurker, but i want to post here for 2 reasons.
First: thanks for this great work.
Second: i've ordered today a 4.1.0 WiiU, and it's on the road.
For using 4.1.0 Loadiine i've to load first the Kernel Exploit, then the Loadiine, i'm right?
Thanks ptitleray. I'm an usual lurker, but i want to post here for 2 reasons.
First: thanks for this great work.
Second: i've ordered today a 4.1.0 WiiU, and it's on the road.
For using 4.1.0 Loadiine i've to load first the Kernel Exploit, then the Loadiine, i'm right?
For now, you must load loadiine in this order :
1- loadiine kernel
2- TCPgecko <-- need because of a bug in curl function (see the first post)
3- loadiine3
Wow that was fast! Thanks a lot!
I tried launching the kernel exploit and then tcpgecko, but tcpgecko just freezes on a white screen after the "success. Press any button to return to wiiu menu".
If I try to run just loadiine without tcpgecko, it just returns to the wiiu menu and nothing happens.
Anyway, I will try different stuff and see if I can get it working.
I'm like half happy, and half guilty for updating my Wii U from 1.0.3 to 5.3.2! Once stuff starts being developed for older firmware, we're all going to get a tease!
I will try to explain my "method" for, why not, porting it to other firmware
I take some base the loadiine v3 (bf42d94) --> you can download it here
I'm not so smart and i don't know all of this work so i use the "method" of comparison (with IDA PRO), and some mathematics Read all this post before download anything and if you feel capable of doing it ... try
1 - Download the "OS" for the firmware you want to port loadiine and 5.3.2 firmware (to compare)
- for this step, i used NUSgrabber from crediar --> download NUSgrabber here
- you can use Uwizard or NUSGrabberGUI if you prefer
- use NUSgrabber like this :
NUSgrabber 000500101000400A [OSv11 version]
[OSv11 version] must be replace by the version of firmware
Look at the line "OSv11" in the Wiiubrew Title Database
For example, on 5.3.2 firmware, it's v11464 so the line will be :
NUSgrabber 000500101000400A 11464
- now (if you use NUSgrabber), you must have a directory named "000500101000400A" in the same directory of NUSgrabber
and in this directory, 2 others : 1 named "11464" (this one is the 5.3.2 "OS") and the other must fit the version of your "OS" firmware (ex. 5883 for 4.1.0 "OS")
2 - Extract the 2 "OS" version to compare
- in the 2 directory (11464 and the other for your firmware), use CDecrypt from crediar like this :
- if all is good, you must have a new directory named "code" on 11464 and the other (the one fit your firmware version)
3 - Use IDA PRO (disassembler) to find address
- download IDA PRO --> don't ask me where to find it
- use aerosoul94 WiiU loader --> look here
- open "coreinit.rpl" in IDA, wait a little for the program to disassemble
- go to the "Exports" tab on IDA and you will see addresses in front of function's name
- for the 0x1xxxxxxx address, they're GOOD but for the 0x02xxxxxx, we must make some mathematics
4 - Some mathematics ...
- for the 0x02xxxxxx, we must find a base address for our calculations
- for this, you must use the payload ("address.zip") attached below (use it "directly", no need kernel exploit)
- it will display (if your WiiU is exploitable) some address :
OSScreenInit is at : 0xXXXXXXX --> will be the "base" for "coreinit.rpl"
socket_lib_init for "nsysnet.rpl"
GX2WaitForVsync for "gx2.rpl"
VPADRead for "vpad.rpl"
SYSLaunchMiiStudio for "sysapp.rpl"
- on my 4.1.0 WiiU, i have :
OSScreenInit is at : 0x10352F8
socket_lib_init is at : 0x10B44D4
GX2WaitForVsync is at : 0x11454BC
VPADRead is at : 0x111D5DC
SYSLaunchMiiStudio is at : 0xDEAB888
- now back to "coreinit.rpl" in IDA, in "Exports" tab, search "OSScreenInit" function
For my 5883 "OS" version, i have 0x020196F8 in front of "OSScreenInit" function in IDA
So :
0x020196F8 - 0x10352F8 = 0xFE4400 ==> "MAGIC" number for "coreinit.rpl" for 4.1.0 firmware
With this "MAGIC" number, we may know all address of the functions present in "coreinit.rpl"
For example, address of FSAInit (which is in "coreinit.rpl") can be calculate by :
0x0203DF1C (IDA address) - 0xFE4400 ("MAGIC" coreinit number) = 0x1059B1C (REAL address of FSAInit for 410 firmware)
For my 5883 "OS" version (4.1.0), i have 0x02000514 in front of "socket_lib_init" function in IDA
So :
0x02000514 - 0x10B44D4 = 0xF4C040 ==> "MAGIC" number for "nsysnet.rpl" for 4.1.0 firmware
With this "MAGIC" number, we may know all address of the functions present in "nsysnet.rpl"
For example, address of connect (which is in "nsysnet.rpl") can be calculate by :
0x02000A3C (IDA address) - 0xF4C040 ("MAGIC" coreinit number) = 0x10B49FC (REAL address of connect for 410 firmware)
- we can do the same for the others, to find all functions to replaces in loadiine source
(SOON) 5 - Make some address adjustment on some functions
On file launcher.c :
- change address in InstallMenu() function (done by compare with IDA in coreinit.rpl)
- change address in InstallLoader() function (done by compare with IDA in loader.elf)
...
Today, April 8th, 2024, at 4PM PT, marks the day in which Nintendo permanently ends support for both the 3DS and the Wii U online services, which include co-op play...
A new Nintendo Switch firmware update is here. System software version 18.0.1 has been released. This update offers the typical stability features as all other...
With Apple having recently updated their guidelines for the App Store, iOS users have been left to speculate on specific wording and whether retro emulators as we...
The time has finally come, and after many, many years (if not decades) of Apple users having to side load emulator apps into their iOS devices through unofficial...
TheFlow has done it again--a new kernel exploit has been released for PlayStation 4 consoles. This latest exploit is called PPPwn, and works on PlayStation 4 systems...
Nintendo might just as well be a law firm more than a videogame company at this point in time, since they have yet again issued their now almost trademarked usual...
Another video game prototype has been found and preserved, and this time, it's none other than the game that spawned an entire franchise beloved by many, the very...
Anbernic is back with yet another retro handheld device. The upcoming RG28XX is another console sporting the quad-core H700 chip of the company's recent RG35XX 2024...
Nintendo has recently announced through their social media accounts that a new Indie World stream will be airing tomorrow, scheduled for April 17th, 2024 at 7 a.m. PT...
Two classic titles join the Nintendo Switch Online Expansion Pack game lineup. Available starting April 24th will be the motorcycle racing game Extreme G and another...
Today, April 8th, 2024, at 4PM PT, marks the day in which Nintendo permanently ends support for both the 3DS and the Wii U online services, which include co-op play...
Nintendo might just as well be a law firm more than a videogame company at this point in time, since they have yet again issued their now almost trademarked usual...
With Apple having recently updated their guidelines for the App Store, iOS users have been left to speculate on specific wording and whether retro emulators as we...
The time has finally come, and after many, many years (if not decades) of Apple users having to side load emulator apps into their iOS devices through unofficial...
A new Nintendo Switch firmware update is here. System software version 18.0.1 has been released. This update offers the typical stability features as all other...
TheFlow has done it again--a new kernel exploit has been released for PlayStation 4 consoles. This latest exploit is called PPPwn, and works on PlayStation 4 systems...
Two classic titles join the Nintendo Switch Online Expansion Pack game lineup. Available starting April 24th will be the motorcycle racing game Extreme G and another...
Nintendo has recently announced through their social media accounts that a new Indie World stream will be airing tomorrow, scheduled for April 17th, 2024 at 7 a.m. PT...
In 2017, the United States Federal Communications Commission (FCC) repealed net neutrality. At the time, it was a major controversy between internet service providers...
Earlier this year, AYANEO revealed details of its next Android-based gaming handheld, the AYANEO Pocket S. However, the actual launch of the device was unknown; that...
It's not the movies or games downloads that I would worry about, like breaking into networks, downloading encrypted things, spying on network traffic. I have seen so many "Top Secret" seals on files when I was a kid
I was obsessed with finding UFOs, a surprising amount of US files where stashed on computers in other countries, China back in the early 90s omg sooo much