Hacking [BETA] Loadiine (v3) for WiiU 4.1.0 & 5.0.0 ONLY

[Zeroy]

Hi Again, thx for respond me. I haven't tried anything yet, because i want to be very sure of what im doing before doing anything in the WII U. Is have downloader the file that is posted in the first post. Is this folder all that i need?.
Because i see it has the Kexploit but i see no html page here.
Its OK that?

Or i must use it with another thing

This pack has all what you need. extract this to your phone to sd root. activate hotspot switch off mobile data, open kws go into settings and choose the extractet directory

turn on wii u connect to your phone go into browser put the adress from kws in the adresse now you see a web page.

 

[marcus van basten]

Hi! I had a problem with the Frame HTML, it always appears that the Frame HTML is missing.
I replaced the folder osdriver AIO with one with all the versions of the kernel and a frame html and it worked.

But then when I click loadiine its again says that the Frame HTML is missing for the loadiine folder.


Where I could get this frame html; alternatively is there a way to install loadiine without a webpage after doing the kernel? Because the loadiine that I have downloaded from here haven’t got a webpage

 

[Zeroy]

i think your ant vir prog has delet this disable it or download the pac direkt from your phone. in this pac is all in.

 

[marcus van basten]

Hi!, I have resolved my problems and i have got these results with Loadiine 3 on FW 4.1.0
I have 3 questions:
1_ Any clue on how to get Wii sport club working? (it just says cant launch the game, and then it freezes on the loadiine selection game screen)

2_ My original plan was play with the 3 o 4 games that i can currently use and wait for march for the Hack. But im not sure, it has any advantage staying in 4.1.0 instead of upgrading to 5.3.2?

3_Is there a way to upgrade from a exploited 4.10 to 5.3.2 without a game disc. Some way to upgrade after running the exploits?

Mario 3D OK
NEW SUPER Mario U OK
New Super luigi U OK
Ducktales OK

not working:
M kart 8
Yoshis Wooly World
Wii Sports Club
ESPN SPORT
GAME Y WARIO
KIRBY
Mario Party 10
Mario Tennis

 

[Bryan547]

Please. Make a port for 5.5.1! I accidentally updated my Wii U! >~<

 

[memomo]

Please. Make a port for 5.5.1! I accidentally updated my Wii U! >~<

Again, not until a kernel exploit get released

 

[awalsh053]

i have a wii u i cant update cause of bricked vwii would love to see this for 4.0.1u NICE WORK BRO!!!!

 

[iAqua]

For the story

I will try to explain my "method" for, why not, porting it to other firmware
I take some base the loadiine v3 (bf42d94) --> you can download it here

I'm not so smart and i don't know all of this work so i use the "method" of comparison (with IDA PRO), and some mathematics
Read all this post before download anything and if you feel capable of doing it ... try

1 - Download the "OS" for the firmware you want to port loadiine and 5.3.2 firmware (to compare)
- for this step, i used NUSgrabber from crediar --> download NUSgrabber here
- you can use Uwizard or NUSGrabberGUI if you prefer
- use NUSgrabber like this :

Spoiler: NUSgrabber

NUSgrabber 000500101000400A [OSv11 version]

[OSv11 version] must be replace by the version of firmware

Look at the line "OSv11" in the Wiiubrew Title Database
For example, on 5.3.2 firmware, it's v11464 so the line will be :
NUSgrabber 000500101000400A 11464

- now (if you use NUSgrabber), you must have a directory named "000500101000400A" in the same directory of NUSgrabber
and in this directory, 2 others : 1 named "11464" (this one is the 5.3.2 "OS") and the other must fit the version of your "OS" firmware (ex. 5883 for 4.1.0 "OS")

2 - Extract the 2 "OS" version to compare
- in the 2 directory (11464 and the other for your firmware), use CDecrypt from crediar like this :

Spoiler: CDecrypt

CDecrypt.exe title.tmd title.tik wiiucommonkey.bin

- if all is good, you must have a new directory named "code" on 11464 and the other (the one fit your firmware version)

3 - Use IDA PRO (disassembler) to find address
- download IDA PRO --> don't ask me where to find it
- use aerosoul94 WiiU loader --> look here
- open "coreinit.rpl" in IDA, wait a little for the program to disassemble
- go to the "Exports" tab on IDA and you will see addresses in front of function's name
- for the 0x1xxxxxxx address, they're GOOD but for the 0x02xxxxxx, we must make some mathematics

4 - Some mathematics ...
- for the 0x02xxxxxx, we must find a base address for our calculations
- for this, you must use the payload ("address.zip") attached below (use it "directly", no need kernel exploit)
- it will display (if your WiiU is exploitable) some address :

Spoiler: Address

OSScreenInit is at : 0xXXXXXXX --> will be the "base" for "coreinit.rpl"
socket_lib_init for "nsysnet.rpl"
GX2WaitForVsync for "gx2.rpl"
VPADRead for "vpad.rpl"
SYSLaunchMiiStudio for "sysapp.rpl"

- on my 4.1.0 WiiU, i have :

Spoiler: Address for 4.1.0

OSScreenInit is at : 0x10352F8
socket_lib_init is at : 0x10B44D4
GX2WaitForVsync is at : 0x11454BC
VPADRead is at : 0x111D5DC
SYSLaunchMiiStudio is at : 0xDEAB888

- now back to "coreinit.rpl" in IDA, in "Exports" tab, search "OSScreenInit" function

Spoiler: coreinit.rpl MAGIC number

For my 5883 "OS" version, i have 0x020196F8 in front of "OSScreenInit" function in IDA
So :
0x020196F8 - 0x10352F8 = 0xFE4400 ==> "MAGIC" number for "coreinit.rpl" for 4.1.0 firmware
With this "MAGIC" number, we may know all address of the functions present in "coreinit.rpl"
For example, address of FSAInit (which is in "coreinit.rpl") can be calculate by :
0x0203DF1C (IDA address) - 0xFE4400 ("MAGIC" coreinit number) = 0x1059B1C (REAL address of FSAInit for 410 firmware)

Spoiler: nsysnet.rpl MAGIC number

For my 5883 "OS" version (4.1.0), i have 0x02000514 in front of "socket_lib_init" function in IDA
So :
0x02000514 - 0x10B44D4 = 0xF4C040 ==> "MAGIC" number for "nsysnet.rpl" for 4.1.0 firmware
With this "MAGIC" number, we may know all address of the functions present in "nsysnet.rpl"
For example, address of connect (which is in "nsysnet.rpl") can be calculate by :
0x02000A3C (IDA address) - 0xF4C040 ("MAGIC" coreinit number) = 0x10B49FC (REAL address of connect for 410 firmware)

- we can do the same for the others, to find all functions to replaces in loadiine source

(SOON) 5 - Make some address adjustment on some functions
On file launcher.c :
- change address in InstallMenu() function (done by compare with IDA in coreinit.rpl)
- change address in InstallLoader() function (done by compare with IDA in loader.elf)
...

Im gonna attempt to port Loadiine to 5.1.1U.

 

[Bryan547]

Thank you so much!

 

[someonewhy]

does this work on 5.5.1?

 

[supermalloch]

does this work on 5.5.1?

lol no. The title clearly says 4.1.0 -5.0.0. I'm on 5.2U and it won't work for me so it DEFINITELY wont work on 5.5.1.

 

[TheKitof]

Thanks a lot for your work. Any chance to upgrade to loadiine v4 ? The compatibility list is really better.

 

[Daniel Sahr]

What about 5.5.1?

 

[Kafluke]

You can't port to 5.5.1 until a kernel exploit or IOSU exploit comes out for it. Only user land exploit is currently available for 5.5.1. All other versions of loadiine (v1-gx2) have already been ported to latest kernel exploitable firmware (5.4). Read the stickies please!

 

[InsaneNutter]

does this work on 5.5.1?

Yes it does.














Seriously though, this was answered 4 posts before yours and in the title of the thread.

 

[BlumCoLe]

Please. Make a port for 5.5.1! I accidentally updated my Wii U! >~<

does this work on 5.5.1?

What about 5.5.1?

I can't stand it any longer. -_-

Thanks for the port ...have a WiiU still on 4.1.0 and will try something out before I update to 5.3.2 or insert SSB with 5.x.x.

 

[Zeroy]

you dont need to update because loadiine gx2 0.2 is out for 4.1

 

[Henceforth]

you dont need to update because loadiine gx2 0.2 is out for 4.1

where is say that is out for 4.1 wiiu? , any link will be appreciated D:

"Loadiine GX2 is currently compatible with
WiiU v5.0.0
WiiU v5.1.0
WiiU v5.3.2
WiiU v5.4.0"

 

[roots]

where is say that is out for 4.1 wiiu? , any link will be appreciated D:

"Loadiine GX2 is currently compatible with
WiiU v5.0.0
WiiU v5.1.0
WiiU v5.3.2
WiiU v5.4.0"

4.10 version
https://github.com/Nougat-Police/loadiine_gx2

 

[Henceforth]

@roots

Ohh! Super Great! Thanks a lot!!, real new 2 days ago, is hoot