Toggle sidebar

Hacking Wii U Hacking & Homebrew Discussion

  • Thread starter Thread starter filfat
  • Start date Start date
  • Views Views 5,098,274
  • Replies Replies 21,104
  • Likes Likes 29
  • Like
Reactions: tivu100
Hi. This is my first post here, so a little bit about myself: I'm friends with Marionumber1 and MrRean, and have been graciously given access to that team's private exploits. I mainly make level editors and other editors for Wii U game files. (For the record, I'm also the person who updates the exploit compatibility table on http://rhcafe.us.to/ .)

I've been watching this thread for a very long time, and decided to finally make an account here to clear up what the current Wii U hacking situation is, since there seems to be a whole lot of confusion.

Types of exploits (sorted by amount of access granted)
With a userspace exploit (usually through WebKit in the Internet Browser), you can run Hello World and basic homebrew games. These exploits are mainly important because they are needed to run more exploits. These are referred to interchangeably as "userspace," "userland" and "WebKit" exploits.
With a Cafe OS ("kernel") exploit, you can run TCPGecko and any of the programs that end in -iine (and probably some others I'm forgetting). In order to run one of these exploits, you first need a userspace exploit.
With an IOSU exploit, you get all of the benefits of a kernel exploit, plus more access to lower-level services. Most IOSU exploits first require a kernel exploit; Hykem's is unusual in that it only requires a userspace exploit.

Exploit status on recent firmware versions
5.3.2: A WebKit userspace exploit is available. There is a public, extremely unreliable kernel exploit in the form of the infamous OSDriver race attack. Several private IOSU exploits exist.
5.4.0: The libstagefright MP4 userspace exploit is available. The unreliable kernel exploit from 5.3.2 still exists. Several private IOSU exploits exist.
5.5.0: The libstagefright MP4 userspace exploit is available. The OSDriver kernel exploit is gone, but there is a different kernel exploit that is extremely reliable, which is currently private. Several private IOSU exploits exist.
5.5.1: libstagefright userspace exploits no longer work. There is no replacement userspace exploit yet, but I know that several people from the team are trying to find one. Nothing else has changed; the reliable (yet private) kernel exploit from 5.5.0 should still work, in theory, but can't be used due to the lack of a userspace exploit. Several private IOSU exploits exist, and theoretically work, but can't be used for the same reason as the kernel exploit.

Hykem's IOSU Exploit
The IOSU exploit Hykem is working on should work on any version that already has a userspace exploit. Right now, this means anything except 5.5.1. When a userspace exploit is found for 5.5.1, the IOSU exploit will work there immediately; we know this because the 5.5.1 update data only affects the internet browser.

Summaries
5.3.2: Reliable userspace exploit, unreliable kernel exploit (OSDriver), private IOSU exploits.
5.4.0: Reliable userspace exploit (MP4), unreliable kernel exploit (OSDriver), private IOSU exploits.
5.5.0: Reliable userspace exploit (MP4), private reliable kernel exploit, private IOSU exploits.
5.5.1: No userspace exploit. Private reliable kernel exploit (theoretically), private IOSU exploits (theoretically). Because there's no userspace exploit, the other exploits can't be run.

TL;DR
Versions that can be used for fun hacks right now: 5.3.2, 5.4.0
Versions that can be used for fun hacks by private teams now, and by you in the future: 5.5.0
Versions that nobody has run fun hacks on yet: 5.5.1
("Fun hacks" are TCPGecko, Cafiine, Dumpiine, ___iine, etc. Things that require both a userspace and a kernel exploit.)

Hopefully that helps some of you understand where we're at right now. I'll be around here to answer questions now and then.
 
  • Like
Reactions: Razor83, Wario32, I pwned U! and 42 others
RoadrunnerWMC said:
5.4.0: The libstagefright MP4 userspace exploit is available. The unreliable kernel exploit from 5.3.2 still exists. Several private IOSU exploits exist.
Click to expand...

Am I correct in assuming that the libstagefright exploit has been very recently released to the public, and there is no public payload to spoof firmware or do any of the fun hacks via a public website?
 
ShinkoNet said:
Am I correct in assuming that the libstagefright exploit has been very recently released to the public, and there is no public payload to spoof firmware or do any of the fun hacks via a public website?
Click to expand...
Wupinstaller was updated to support 5.4, but apparently there's an issue with it that needs to be looked into. The existing 5.3.2 payload will work, things just need to be bug tested right now.
 
Kakkoii said:
Wupinstaller was updated to support 5.4, but apparently there's an issue with it that needs to be looked into. The existing 5.3.2 payload will work, things just need to be bug tested right now.
Click to expand...
Thanks. I was trying for hours on that site wondering why it kept crashing.
 
Minor Success!!

So I was able to compile and locally host Yellows8's browser exploit on my 5.4 WiiU and I was able to use a compiled binary payload for the OSDriver kernel exploit (5.3.2 version worked fine) and it ran successfully! I'm mostly interested in spoofing right now so I can install some game updates and get back online, so my question is, where can I find source for Wupinstaller to build a binary payload or how can I convert the payload.php file from the Wupinstaller website to a binary format?
 
  • Like
Reactions: memomo
Ichii Giki said:
Minor Success!!

So I was able to compile and locally host Yellows8's browser exploit on my 5.4 WiiU and I was able to use a compiled binary payload for the OSDriver kernel exploit (5.3.2 version worked fine) and it ran successfully! I'm mostly interested in spoofing right now so I can install some game updates and get back online, so my question is, where can I find source for Wupinstaller to build a binary payload or how can I convert the payload.php file from the Wupinstaller website to a binary format?
Click to expand...

So is the 5.3.2' version of loadiine/dumpiine etc. Should work without port it to 5.4 ??

--------------------- MERGED ---------------------------

Drak0rex said:
So is there a How-To that tells me how to set up the userland exploit for 5.5.0 and what I can do with it?
Click to expand...

For 5.5.0 it's basically useless
 
memomo said:
So is the 5.3.2' version of loadiine/dumpiine etc. Should work without port it to 5.4 ??
Click to expand...

I haven't tried such things (just trying to get spoofing working first) but since not much changed aside from patching the browser exploit from 5.3.2 to 5.4 and the existing 5.3.2 kexploit works, I would imagine so if you load the 5.3.2 payloads into Yellows8's 5.4+5.5 browser exploit (perhaps requiring slight offset adjustments, not sure currently).
 
  • Like
Reactions: memomo
Dr.Crygor 07 said:
I can host that on my server when I will be home, wait 3/4 hours please
Click to expand...

I actually found where the payloads are being hosted:
http://crediar.no-ip.com/stagefrightusrexploits/wudinstall.mp4

However, if I try to manually point my Wii U browser here after successfully running the kexploit, it just hangs at a media player window...so payload doesn't seem to work currently (at least not for me for some reason). I also haven't been able to make a proper Makefile to compile the source into a binary payload. It keeps throwing "error: void value not ignored as it ought to be" errors in src/../../libwiiu/src/coreinit.h:33:30:.
 
  • Like
Reactions: ShinkoNet
JohnathanMonkey said:
I was just looking for some closure as to why it hasn't been released but I guess I won't be getting it. "We don't want it to get patched" makes very little sense to me but if that truly and honestly is the case (which I don't believe that is all there is too it IMO), then so be it. Just wanted to get my opinion out here and see what everyone thought about this! Thank you to @Marionumber1 for clearing things up for me and thanks for all the hard work with your team. I hope we see this released soon!
Click to expand...

Okay, so we have (hopefully) established that the reason the private exploits aren't release is because Nintendo will patch them. I hope you've got that part clear and are just asking "Why?" this is the case.

It's not greed, it's a bigger picture sort of thing.

Imagine you're trying to break a lock. You don't know what the inside of the lock looks like and it's a new kind of lock never seen before. You have a lockpick and you start poking through the keyhole. You poke and poke and poke and if you're lucky, you'll get inside but really you're just poking random bits and hoping that something happens. Nothing happens. You poke for days and days and days and days and eventually something clicks. Now you can open the lock! NOW you can see inside the lock. You can see the mechanism clearly and understand how it works.

But here's the thing. If you tell your friends how you did this, the people who make the lock will eventually fix the problem that let you break into it.

So you get a new lock. You begin the poking process again, literally stabbing into the dark and hoping that something clicks.

ALTERNATIVELY, you don't tell your friends how you got in. Instead, you look inside the lock for a different way to get in and tell them about THAT, but keep your original method private. Lock manufacturer then releases a new lock, fixing the issue you told your friends about - but you can still break the lock, you can still open it and easily look for new ways in. You're not doing it blind, you've already got an idea of what you're doing. That's why they keep these private.
 
  • Like
Reactions: scubix, Korin, Smashington and 2 others
RoadrunnerWMC said:
Hi. This is my first post here, so a little bit about myself: I'm friends with Marionumber1 and MrRean, and have been graciously given access to that team's private exploits. I mainly make level editors and other editors for Wii U game files. (For the record, I'm also the person who updates the exploit compatibility table on http://rhcafe.us.to/ .)

I've been watching this thread for a very long time, and decided to finally make an account here to clear up what the current Wii U hacking situation is, since there seems to be a whole lot of confusion.

Types of exploits (sorted by amount of access granted)
With a userspace exploit (usually through WebKit in the Internet Browser), you can run Hello World and basic homebrew games. These exploits are mainly important because they are needed to run more exploits. These are referred to interchangeably as "userspace," "userland" and "WebKit" exploits.
With a Cafe OS ("kernel") exploit, you can run TCPGecko and any of the programs that end in -iine (and probably some others I'm forgetting). In order to run one of these exploits, you first need a userspace exploit.
With an IOSU exploit, you get all of the benefits of a kernel exploit, plus more access to lower-level services. Most IOSU exploits first require a kernel exploit; Hykem's is unusual in that it only requires a userspace exploit.

Exploit status on recent firmware versions
5.3.2: A WebKit userspace exploit is available. There is a public, extremely unreliable kernel exploit in the form of the infamous OSDriver race attack. Several private IOSU exploits exist.
5.4.0: The libstagefright MP4 userspace exploit is available. The unreliable kernel exploit from 5.3.2 still exists. Several private IOSU exploits exist.
5.5.0: The libstagefright MP4 userspace exploit is available. The OSDriver kernel exploit is gone, but there is a different kernel exploit that is extremely reliable, which is currently private. Several private IOSU exploits exist.
5.5.1: libstagefright userspace exploits no longer work. There is no replacement userspace exploit yet, but I know that several people from the team are trying to find one. Nothing else has changed; the reliable (yet private) kernel exploit from 5.5.0 should still work, in theory, but can't be used due to the lack of a userspace exploit. Several private IOSU exploits exist, and theoretically work, but can't be used for the same reason as the kernel exploit.

Hykem's IOSU Exploit
The IOSU exploit Hykem is working on should work on any version that already has a userspace exploit. Right now, this means anything except 5.5.1. When a userspace exploit is found for 5.5.1, the IOSU exploit will work there immediately; we know this because the 5.5.1 update data only affects the internet browser.

Summaries
5.3.2: Reliable userspace exploit, unreliable kernel exploit (OSDriver), private IOSU exploits.
5.4.0: Reliable userspace exploit (MP4), unreliable kernel exploit (OSDriver), private IOSU exploits.
5.5.0: Reliable userspace exploit (MP4), private reliable kernel exploit, private IOSU exploits.
5.5.1: No userspace exploit. Private reliable kernel exploit (theoretically), private IOSU exploits (theoretically). Because there's no userspace exploit, the other exploits can't be run.

TL;DR
Versions that can be used for fun hacks right now: 5.3.2, 5.4.0
Versions that can be used for fun hacks by private teams now, and by you in the future: 5.5.0
Versions that nobody has run fun hacks on yet: 5.5.1
("Fun hacks" are TCPGecko, Cafiine, Dumpiine, ___iine, etc. Things that require both a userspace and a kernel exploit.)

Hopefully that helps some of you understand where we're at right now. I'll be around here to answer questions now and then.
Click to expand...


So basically this means, if Hykem was to release his exploit, everyone up to 5.5 would gain Kernel Access.
Sheesh, what is he waiting for.
 
wurstpistole said:
So basically this means, if Hykem was to release his exploit, everyone up to 5.5 would gain Kernel Access.
Sheesh, what is he waiting for.
Click to expand...
uhmm make it work properly? avoid bricking your wii u ? hardware and software access is no joke, especially we have no backup/restore method for wii u so far.
 
  • Like
Reactions: TheNerdWIzard
wurstpistole said:
So basically this means, if Hykem was to release his exploit, everyone up to 5.5 would gain Kernel Access.
Sheesh, what is he waiting for.
Click to expand...

He's found a possible boot time exploit which if he can get to work means the complete system is pwnd at boot with no need to keep running exploits every time. I'd say it's worth the wait!
 
  • Like
Reactions: KiiWii, josh87402 and ronopotomus

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew Project  Modernized YouTube for Wii U

[discussion] what game do you wanna see next?

[discussion] Paper Mario Wii U or Mario Kart 64 wii u?

Wii Games Performance on Wii U (vWii C2W Overclock) – Community Testing & Results Sharing

Gaming Homebrew Misc Project  Roséverse - a 1:1 Miiverse revival by Project Rosé!

Can the Wii u pro controller works for Wii games ?

[PRERELEASE] Sonic 3 A.I.R. (finally) Wii U

Sonic Advance 2 Wii U (another release, this time it's playable)