Homebrew Official 5.5.X ELF Loader

[NWPlayer123]

So, I've spent the past 4 or 5 days fiddling with this to get it to work and it finally does, allows you to load a gigantic ELF into JIT, since apparently it's 32MB (and no RPX gets that big, even uncompressed because of the data section), and I just got it working. I've only tested it on my system but it should work on others if you have the ELF in the right place. It's provided as-is, with no warranty, feel free to do as you see fit. I'll get a better ELF documentation/structuring done soon.

Technical Explanation
If you wanna know how it works, I reused some code from FIX's ELF loader in libwiiu but I had to redo the whole thing because it was giving me lots of problems. It uses the very end of MEM1 (0xF5FFFFE0-FF)
to store stuff while it works, then copies the ELF into 0xF5800000 (slightly before that), it might have trouble with bigger stuff so I'd suggest developing file loading using sockets. It uses a catch() function at the start so I can jump to it to recover ROP chains. All the ROP does is copy the loader to the very end of JIT, and then reruns all the ROP to copy sections into the start as needed and then jumps to it.

Usage
It searches for a URL with /payload, so host it somewhere with a URL like http://192.168.0.7/payload?elfloader, it'll cut off that part and load a file called boot.elf (http://192.168.0.7/boot.elf)

Downloads??
Attached is libwiiu source for the ELF loader and the Hello World ELF I used to test. You can grab the code550.bin and host it wherever. It will probably only work on 5.5.X because of the ROP. Also had MrRean help me get this working, so thanks.

 

[MrRean]

*an elf loader

*runs*

 

[darrin41]

nice works

 

[wartimekillers]

Great!!!

 

[Nickes]

yeah that is really nice. Everthing starts with an working elf loader

 

[Noy2222]

For the layman of us, explain what you have to do to run it.
I'm asking for, eh, a friend. *shifty eyes*

 

[NWPlayer123]

For the layman of us, explain what you have to do to run it.
I'm asking for, eh, a friend. *shifty eyes*

I just added a usage, download loadelf, get the code550 and host it with a url that has /payload and then put a boot.elf in that same folder for it to grab

 

[frogboy]

For the layman

you load .elf files.

 

[ploggy]

Would this help the development of Emulators ?

 

[cimmanonroll]

Are there any ELF files to load right now?

How can we develop them ourselves?

 

[fmhugo]

Loadiine Elf ?

 

[Noy2222]

I'm probably doing something wrong. Pardon me, it's early and I'm dumb.
Let's say my server is http://22.22.22.22
It contains http://22.22.22.22/code550.bin and http://22.22.22.22/boot.elf
I opened the Wii browser, put in the address http://22.22.22.22/code550.bin and it says it can't load file.
What should I actually do.

 

[NWPlayer123]

Would this help the development of Emulators ?

Definitely, gives you lots more room to work with

Are there any ELF files to load right now?

How can we develop them ourselves?

There aren't any now but I have plans for a whole homebrew framework, you can go look at the libwiiu source for an example https://github.com/wiiudev/libwiiu/tree/master/elfexamples/helloelf/src

Loadiine Elf ?

This could technically load in loadiine's ELF but it's not possible to run loadiine with just this because you need to patch the kernel for a bunch of stuff.

I'm probably doing something wrong. Pardon me, it's early and I'm dumb.
Let's say my server is http://22.22.22.22
It contains http://22.22.22.22/code550.bin and http://22.22.22.22/boot.elf
I opened the Wii browser, put in the address http://22.22.22.22/code550.bin and it says it can't load file.
What should I actually do.

You need to be using an exploit, yellows8 makes you create a php file which you then run, so you could have /payload?sysver=550 to load the code550.bin, or you could make it easy and use this. It'll let you put the code in /payloads, and the elf in /data (folders in the same place as the jar file), and then you can connect with /payload?elfloader (with /payload/elfloader.bin)

 

[Flux0]

Will this work self hosted from an ez share card?

 

[Dylon99]

So what can we exactly do with this .ELF loader, NWPlayer?

 

[Noy2222]

I think this goes over my head. Going to either need a much more detailed guide (don't feel the need to create one, I should probably just wait for -) or a much more script kiddie method.

 

[NWPlayer123]

Will this work self hosted from an ez share card?

I'm not sure how those work, but if it's not like a normal server, you're probably out of luck. Browser doesn't have access to SD card without special permissions and this is a userspace-only thing. It shouldn't be too bad to modify it to load multiple .ELF files like a full homebrew channel thing, hosted on some server.

So what can we exactly do with this .ELF loader, NWPlayer?

Anything a normal program could, sound, music, graphics, games, fonts. You can do everything from a simple media player to a full blown game (minus load times)

 

[Flux0]

Unfortunately, no, browser doesn't have access to SD card without special permissions and this is a userspace-only thing. It shouldn't be too bad to modify it to load multiple .ELF files like a full homebrew channel thing, hosted on some server.

An ez share has a built in wifi access point to let devices connect to it. The main purpose they are marketed for is remote downloading of pictures off digital cameras. However the self contained AP along with the micro SD slot make them pretty good for self hosting stuff on the Wii U.

I was asking about if it works because it is just a fairly basic http server running there and didn't know if it needed anything beyond that.

 

[NWPlayer123]

An ez share has a built in wifi access point to let devices connect to it. The main purpose they are marketed for is remote downloading of pictures off digital cameras. However the self contained AP along with the micro SD slot make them pretty good for self hosting stuff on the Wii U.

I was asking about if it works because it is just a fairly basic http server running there and didn't know if it needed anything beyond that.

Oh, then yeah, that should be fine with yellows8's package.

 

[Flux0]

Oh, then yeah, that should be fine with yellows8's package.

Excellent, thanks. I'll try setting it up tomorrow and see how it goes.

 

[duffmmann]

Wasn't one of the first things done when the Wii was exploited in Twilight Princess run .elf files? I think it was, and I recall a Sega Genesis emulator being one of the first .elf files. And eventually that method led to the ability to install the homebrew channel... is that theoretically possible with this kind of thing? Would we possibly through this method be able to install a Wii U homebrew channel (if someone managed to develop one) Cuz if so, this could be freaking huge.