No. Sorry. It's my bad wording. I did not mean big news for 5.5. just is there any exploit that work for 5.5 at all? So any 5.5 exploit would be good for me. Please link me to it. Thanks.
http://gbatemp.net/threads/yellows8-fright-browserhax.409955/page-2#post-5964056
That's all there is and unless you beat up someone that has access to the kexploit, theres not much you can do.
Hi. This is my first post here, so a little bit about myself: I'm friends with Marionumber1 and MrRean, and have been graciously given access to that team's private exploits. I mainly make level editors and other editors for Wii U game files. (For the record, I'm also the person who updates the exploit compatibility table on http://rhcafe.us.to/ .)
I've been watching this thread for a very long time, and decided to finally make an account here to clear up what the current Wii U hacking situation is, since there seems to be a whole lot of confusion.
Types of exploits (sorted by amount of access granted)
With a userspace exploit (usually through WebKit in the Internet Browser), you can run Hello World and basic homebrew games. These exploits are mainly important because they are needed to run more exploits. These are referred to interchangeably as "userspace," "userland" and "WebKit" exploits.
With a Cafe OS ("kernel") exploit, you can run TCPGecko and any of the programs that end in -iine (and probably some others I'm forgetting). In order to run one of these exploits, you first need a userspace exploit.
With an IOSU exploit, you get all of the benefits of a kernel exploit, plus more access to lower-level services. Most IOSU exploits first require a kernel exploit; Hykem's is unusual in that it only requires a userspace exploit.
Exploit status on recent firmware versions
5.3.2: A WebKit userspace exploit is available. There is a public, extremely unreliable kernel exploit in the form of the infamous OSDriver race attack. Several private IOSU exploits exist.
5.4.0: The libstagefright MP4 userspace exploit is available. The unreliable kernel exploit from 5.3.2 still exists. Several private IOSU exploits exist.
5.5.0: The libstagefright MP4 userspace exploit is available. The OSDriver kernel exploit is gone, but there is a different kernel exploit that is extremely reliable, which is currently private. Several private IOSU exploits exist.
5.5.1: libstagefright userspace exploits no longer work. There is no replacement userspace exploit yet, but I know that several people from the team are trying to find one. Nothing else has changed; the reliable (yet private) kernel exploit from 5.5.0 should still work, in theory, but can't be used due to the lack of a userspace exploit. Several private IOSU exploits exist, and theoretically work, but can't be used for the same reason as the kernel exploit.
Hykem's IOSU Exploit
The IOSU exploit Hykem is working on should work on any version that already has a userspace exploit. Right now, this means anything except 5.5.1. When a userspace exploit is found for 5.5.1, the IOSU exploit will work there immediately; we know this because the 5.5.1 update data only affects the internet browser.
Summaries
5.3.2: Reliable userspace exploit, unreliable kernel exploit (OSDriver), private IOSU exploits.
5.4.0: Reliable userspace exploit (MP4), unreliable kernel exploit (OSDriver), private IOSU exploits.
5.5.0: Reliable userspace exploit (MP4), private reliable kernel exploit, private IOSU exploits.
5.5.1: No userspace exploit. Private reliable kernel exploit (theoretically), private IOSU exploits (theoretically). Because there's no userspace exploit, the other exploits can't be run.
TL;DR
Versions that can be used for fun hacks right now: 5.3.2, 5.4.0
Versions that can be used for fun hacks by private teams now, and by you in the future: 5.5.0
Versions that nobody has run fun hacks on yet: 5.5.1
("Fun hacks" are TCPGecko, Cafiine, Dumpiine, ___iine, etc. Things that require both a userspace and a kernel exploit.)
Hopefully that helps some of you understand where we're at right now. I'll be around here to answer questions now and then.
I've been watching this thread for a very long time, and decided to finally make an account here to clear up what the current Wii U hacking situation is, since there seems to be a whole lot of confusion.
Types of exploits (sorted by amount of access granted)
With a userspace exploit (usually through WebKit in the Internet Browser), you can run Hello World and basic homebrew games. These exploits are mainly important because they are needed to run more exploits. These are referred to interchangeably as "userspace," "userland" and "WebKit" exploits.
With a Cafe OS ("kernel") exploit, you can run TCPGecko and any of the programs that end in -iine (and probably some others I'm forgetting). In order to run one of these exploits, you first need a userspace exploit.
With an IOSU exploit, you get all of the benefits of a kernel exploit, plus more access to lower-level services. Most IOSU exploits first require a kernel exploit; Hykem's is unusual in that it only requires a userspace exploit.
Exploit status on recent firmware versions
5.3.2: A WebKit userspace exploit is available. There is a public, extremely unreliable kernel exploit in the form of the infamous OSDriver race attack. Several private IOSU exploits exist.
5.4.0: The libstagefright MP4 userspace exploit is available. The unreliable kernel exploit from 5.3.2 still exists. Several private IOSU exploits exist.
5.5.0: The libstagefright MP4 userspace exploit is available. The OSDriver kernel exploit is gone, but there is a different kernel exploit that is extremely reliable, which is currently private. Several private IOSU exploits exist.
5.5.1: libstagefright userspace exploits no longer work. There is no replacement userspace exploit yet, but I know that several people from the team are trying to find one. Nothing else has changed; the reliable (yet private) kernel exploit from 5.5.0 should still work, in theory, but can't be used due to the lack of a userspace exploit. Several private IOSU exploits exist, and theoretically work, but can't be used for the same reason as the kernel exploit.
Hykem's IOSU Exploit
The IOSU exploit Hykem is working on should work on any version that already has a userspace exploit. Right now, this means anything except 5.5.1. When a userspace exploit is found for 5.5.1, the IOSU exploit will work there immediately; we know this because the 5.5.1 update data only affects the internet browser.
Summaries
5.3.2: Reliable userspace exploit, unreliable kernel exploit (OSDriver), private IOSU exploits.
5.4.0: Reliable userspace exploit (MP4), unreliable kernel exploit (OSDriver), private IOSU exploits.
5.5.0: Reliable userspace exploit (MP4), private reliable kernel exploit, private IOSU exploits.
5.5.1: No userspace exploit. Private reliable kernel exploit (theoretically), private IOSU exploits (theoretically). Because there's no userspace exploit, the other exploits can't be run.
TL;DR
Versions that can be used for fun hacks right now: 5.3.2, 5.4.0
Versions that can be used for fun hacks by private teams now, and by you in the future: 5.5.0
Versions that nobody has run fun hacks on yet: 5.5.1
("Fun hacks" are TCPGecko, Cafiine, Dumpiine, ___iine, etc. Things that require both a userspace and a kernel exploit.)
Hopefully that helps some of you understand where we're at right now. I'll be around here to answer questions now and then.
Am I correct in assuming that the libstagefright exploit has been very recently released to the public, and there is no public payload to spoof firmware or do any of the fun hacks via a public website?
Wupinstaller was updated to support 5.4, but apparently there's an issue with it that needs to be looked into. The existing 5.3.2 payload will work, things just need to be bug tested right now.
Minor Success!!
So I was able to compile and locally host Yellows8's browser exploit on my 5.4 WiiU and I was able to use a compiled binary payload for the OSDriver kernel exploit (5.3.2 version worked fine) and it ran successfully! I'm mostly interested in spoofing right now so I can install some game updates and get back online, so my question is, where can I find source for Wupinstaller to build a binary payload or how can I convert the payload.php file from the Wupinstaller website to a binary format?
So I was able to compile and locally host Yellows8's browser exploit on my 5.4 WiiU and I was able to use a compiled binary payload for the OSDriver kernel exploit (5.3.2 version worked fine) and it ran successfully! I'm mostly interested in spoofing right now so I can install some game updates and get back online, so my question is, where can I find source for Wupinstaller to build a binary payload or how can I convert the payload.php file from the Wupinstaller website to a binary format?
So is the 5.3.2' version of loadiine/dumpiine etc. Should work without port it to 5.4 ??
--------------------- MERGED ---------------------------
For 5.5.0 it's basically useless
I haven't tried such things (just trying to get spoofing working first) but since not much changed aside from patching the browser exploit from 5.3.2 to 5.4 and the existing 5.3.2 kexploit works, I would imagine so if you load the 5.3.2 payloads into Yellows8's 5.4+5.5 browser exploit (perhaps requiring slight offset adjustments, not sure currently).
I actually found where the payloads are being hosted:
http://crediar.no-ip.com/stagefrightusrexploits/wudinstall.mp4
However, if I try to manually point my Wii U browser here after successfully running the kexploit, it just hangs at a media player window...so payload doesn't seem to work currently (at least not for me for some reason). I also haven't been able to make a proper Makefile to compile the source into a binary payload. It keeps throwing "error: void value not ignored as it ought to be" errors in src/../../libwiiu/src/coreinit.h:33:30:.
Okay, so we have (hopefully) established that the reason the private exploits aren't release is because Nintendo will patch them. I hope you've got that part clear and are just asking "Why?" this is the case.
It's not greed, it's a bigger picture sort of thing.
Imagine you're trying to break a lock. You don't know what the inside of the lock looks like and it's a new kind of lock never seen before. You have a lockpick and you start poking through the keyhole. You poke and poke and poke and if you're lucky, you'll get inside but really you're just poking random bits and hoping that something happens. Nothing happens. You poke for days and days and days and days and eventually something clicks. Now you can open the lock! NOW you can see inside the lock. You can see the mechanism clearly and understand how it works.
But here's the thing. If you tell your friends how you did this, the people who make the lock will eventually fix the problem that let you break into it.
So you get a new lock. You begin the poking process again, literally stabbing into the dark and hoping that something clicks.
ALTERNATIVELY, you don't tell your friends how you got in. Instead, you look inside the lock for a different way to get in and tell them about THAT, but keep your original method private. Lock manufacturer then releases a new lock, fixing the issue you told your friends about - but you can still break the lock, you can still open it and easily look for new ways in. You're not doing it blind, you've already got an idea of what you're doing. That's why they keep these private.
So basically this means, if Hykem was to release his exploit, everyone up to 5.5 would gain Kernel Access.
Sheesh, what is he waiting for.
uhmm make it work properly? avoid bricking your wii u ? hardware and software access is no joke, especially we have no backup/restore method for wii u so far.
He's found a possible boot time exploit which if he can get to work means the complete system is pwnd at boot with no need to keep running exploits every time. I'd say it's worth the wait!
Similar threads
-
-
-
-
-
tempBOT:
BakerMan rolls 1d4 and gets 3 (3). -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
