Hacking Contenthax - a Vulnerability in Wii U File System Verification

[VinsCool]

What I get is, get Brain Age, Inject rom.zip from Fix94 then re start and done. But I forgot how to get or inject things with Wup client

haxchi
This is a ported version of the haxchi exploit created by smea and others for the european release of brain training.
In addition to being ported it also includes a homebrew launcher loader as its payload so you can use it for a lot of things.

install process
haxchi can be very easily installed using iosuhax's wupclient. for example, if hachihachi is installed to the MLC, it suffices to do:

w.up("rom.zip", "/vol/storage_mlc01/usr/title/00050000/10179C00/content/0010/rom.zip")

of course, using wupclient to install haxchi permanently requires that redNAND be disabled, unless hachihachi is installed to USB, in which case it can be installed from redNAND using:

w.up("rom.zip", "/vol/storage_usb01/usr/title/00050000/10179C00/content/0010/rom.zip")

The install process is there. of course, the rom path will differ if you use a different region release. other than that, it's there

 

[belisleian]

Do you know the correct path for the US version

 

[TheCyberQuake]

Do you know the correct path for the US version

w.up("rom.zip", "/vol/storage_usb01/usr/title/00050000/10179B00/content/0010/rom.zip")
for US

 

[huma_dawii]

w.up("rom.zip", "/vol/storage_usb01/usr/title/00050000/10179B00/content/0010/rom.zip")
for US

Thank you.

 

[VinsCool]

w.up("rom.zip", "/vol/storage_usb01/usr/title/00050000/10179B00/content/0010/rom.zip")
for US

You beat me to it, I was about to post it hahaha

 

[TheCyberQuake]

You beat me to it, I was about to post it hahaha

I had the path in my clipboard because I just injected the rom.zip right before the question was asked.

 

[belisleian]

w.up("rom.zip", "/vol/storage_usb01/usr/title/00050000/10179B00/content/0010/rom.zip")
for US

Thank you!!!

 

[huma_dawii]

You beat me to it, I was about to post it hahaha

Thank you too then xDDDDDD (p.s , can I use the Wupclient gui that I was using to get the ticket from my original games?)

 

[VinsCool]

Thank you too then xDDDDDD (p.s , can I use the Wupclient gui that I was using to get the ticket from my original games?)

Pretty sure it won't work, unless someone says otherwise.

 

[belisleian]

I had the path in my clipboard because I just injected the rom.zip right before the question was asked.

Everything work fine?
One question.
When we buy the game. Do we leave it in the Nand or we need to transfert the game to the usb before doing this?
Why should I inject it in my usb? Because of Rednand?

 

[TheCyberQuake]

Now to figure out how to edit the files within meta to make it look like HBL all around.

Also, does anyone know if it would be possible to edit this to instead launch a different .elf? I have two DS VC games (Kirby and Brain age) and would like to set one up to boot HBL but another to instead boot CFWBooter. That would allow me to push a single button to boot redNAND from sysNAND while still keeping an offline option for HBL.

--------------------- MERGED ---------------------------

Everything work fine?
One question.
When we buy the game. Do we leave it in the Nand or we need to transfert the game to the usb before doing this?
Why should I inject it in my usb? Because of Rednand?

If you want to use it in redNAND, it needs to be on USB. sysNAND can be either depending on what you want.

 

[belisleian]

Now to figure out how to edit the files within meta to make it look like HBL all around.

Also, does anyone know if it would be possible to edit this to instead launch a different .elf? I have two DS VC games (Kirby and Brain age) and would like to set one up to boot HBL but another to instead boot CFWBooter. That would allow me to push a single button to boot redNAND from sysNAND while still keeping an offline option for HBL.

That is exactly what I want

 

[huma_dawii]

That is exactly what I want

Figure it out and let me know!

 

[Maschell]

Also, does anyone know if it would be possible to edit this to instead launch a different .elf? I have two DS VC games (Kirby and Brain age) and would like to set one up to boot HBL but another to instead boot CFWBooter. That would allow me to push a single button to boot redNAND from sysNAND while still keeping an offline option for HBL

You can also make a version that loads mutiple .elfs
https://github.com/Maschell/haxchi/commit/e5f14af4baa44af7ae446bcbee6cfa4de8d6800a

 

[asian flavor]

Can anyone help me out with compiling Haxchi? I keep getting this error,

c:/haxchi/hbl_loader/bin/crt0.o: In function `_start':
(.text+0x0): undefined reference to `__main'

when it's trying to build code550.bin. I'm not sure what I'm missing here.

 

[TheCyberQuake]

You can also make a version that loads mutiple .elfs
https://github.com/Maschell/haxchi/commit/e5f14af4baa44af7ae446bcbee6cfa4de8d6800a

I just made a version instead that simply booted cfwbooter. Though I haven't tested it yet. But once I get it tested I'll probably try figure out how to move it from brainage back to Kirby
From there I will modify meta to make it look nice

 

[Informix23]

Does anyone know how to build or get the rom.zip from smea github ? Is there a tutorial? I want to test in the Kirby US version

https://github.com/smealum/haxchi

 

[VinsCool]

Does anyone know how to build or get the rom.zip from smea github ? Is there a tutorial? I want to test in the Kirby US version

https://github.com/smealum/haxchi

I would recommend you to wait, a backport from FIX94's version to Kirby will come, soon.

 

[Informix23]

I would recommend you to wait, a backport from FIX94's version to Kirby will come, soon.

cool, but I hope he build the US version too not only the PAL version, thanks I'll be wait until then

 

[bluke]

How about Brain Age US version ? Can anyone show me how to make it ?