UDPIH: USB Host Stack exploit + Recovery Menu

Ysecond · May 11, 2023

Hello！I tried using wupserver/wupclient to delete files, and when a warning was displayed, I entered 'y', which returned an error message. Can you tell me what went wrong?

Code:

D:\WiiU>python -i wupclient.py
0x13804d
0xfffcffeaL
0x0
>>> w.ls()
     brok/
     corrupt/
     sys/
     usr/
>>> w.ls("brok")
>>> w.rmdir("/vol/storage_mlc01/brok")
WARNING: REMOVING A DIRECTORY CAN BRICK YOUR CONSOLE, ARE YOU SURE (Y/N)?
y
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "wupclient.py", line 644, in rmdir
    if self.askyesno() == True:
  File "wupclient.py", line 607, in askyesno
    choice = input().lower()
  File "<string>", line 1, in <module>
NameError: name 'y' is not defined
>>> w.rmdir("/vol/storage_mlc01/brok")
WARNING: REMOVING A DIRECTORY CAN BRICK YOUR CONSOLE, ARE YOU SURE (Y/N)?
n
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "wupclient.py", line 644, in rmdir
    if self.askyesno() == True:
  File "wupclient.py", line 607, in askyesno
    choice = input().lower()
  File "<string>", line 1, in <module>
NameError: name 'n' is not defined
>>>>>> w.rmdir("/vol/storage_mlc01/brok")
WARNING: REMOVING A DIRECTORY CAN BRICK YOUR CONSOLE, ARE YOU SURE (Y/N)?
Y
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "wupclient.py", line 644, in rmdir
    if self.askyesno() == True:
  File "wupclient.py", line 607, in askyesno
    choice = input().lower()
  File "<string>", line 1, in <module>
NameError: name 'Y' is not defined
>>>

gorgyrip · May 19, 2023

gorgyrip said:
I have a japanese console stuck in component video mode. I don't have the gamepad.
I'm using a pico and udpih isn't working on this console. (it works on many other consoles).
The drives makes 3 sounds: sound - pause - sound - pause - short sound. other consoles that i have and are working with udpih only make 2 sounds.
The usb port is working, because when i insert a usb stick, the console detects it.
The console has 2 users, one of them has an exclamation mark, i think it's something about internet.
There's no purple light and the console boots normally. I've tried different timings. What am I missing?

I managed to get a jpn pad. The console was at fw 2.1.0J I formatted the console and updated. Now UDPIH works and now the drive only makes 2 sounds. Discs weren't recognized before, but now they work, too.

Nuser · May 28, 2023

Hello, I recently got a 32GB EU Wii U (unmodded) that does not show any image. Seller told me that it got stuck during an update and after some hours he took the power from it. Now it won't boot, and shows no image. The Wii U remote is not paired either.

I have been reading up here and in other threads, and have made a Pico udpih that I can navigate blind. I will attach the logs.

Am I correct in thinking that my NAND is bad, judging from the logs?

Stuff like this:

Code:

00:00:05:129: mdblk: err=-131099, mid=0x90, prv=0x5c, pnm=[HYNIX ]
00:00:05:129: FSA: ### MEDIA ERROR ###, dev:mlc01, err:-2228230, cmd:25, path:/sys/title/00050010/10048200/code/app.xml
00:00:05:144: mmc_core card err: idx=3, lba=54674944, blks=16, xfer=0x1, ret=0x00200b40
00:00:05:167: mmc_core card err: idx=3, lba=54674944, blks=16, xfer=0x1, ret=0x00200b40

I don't have NAND backups, but have seeprom.bin and otp.bin.

I have soldering skills, but unsure if that will make a difference now that I don't have NAND backups?

Is there any way I can get the console up and running again?

V10lator · May 28, 2023

@Nuser Yes, this is a broken NAND. The aborted system update might or might not had make things worse.

Are you good enough at navigating blindly to take a MLC backups (with the WIP fork of the recovery menu from @SDIO ) ? If so do that (will take around 6 hours to complete, so at best let it run overnight). After the MLC backup do not navigate any further but turn the console off with a 4 seconds power button press.

After that use wfs-tools to extract all files and folders from that MLC dump and look where it fails. Post that information here and we'll tell you how to continue.

In any case keep the console powered off after the MLC dump and do not turn it back on again untill we tell you to do so.

//EDIT: Oh and let a minute pass between booting the recovery menu and taking the dump. The MLC dumper is still a WIP, so this might be needed to get a good dump.

Nuser · May 28, 2023

V10lator said:
@Nuser Yes, this is a broken NAND. The aborted system update might or might not had make things worse.

Are you good enough at navigating blindly to take a MLC backups (with the WIP fork of the recovery menu from @SDIO ) ? If so do that (will take around 6 hours to complete, so at best let it run overnight). After the MLC backup do not navigate any further but turn the console off with a 4 seconds power button press.

After that use wfs-tools to extract all files and folders from that MLC dump and look where it fails. Post that information here and we'll tell you how to continue.

In any case keep the console powered off after the MLC dump and do not turn it back on again untill we tell you to do so.

//EDIT: Oh and let a minute pass between booting the recovery menu and taking the dump. The MLC dumper is still a WIP, so this might be needed to get a good dump.

Thank you so much @V10lator ! I will take a (hopefully) good dump and let you know afterwards

Post automatically merged: May 28, 2023

V10lator said:
@Nuser Yes, this is a broken NAND. The aborted system update might or might not had make things worse.

Are you good enough at navigating blindly to take a MLC backups (with the WIP fork of the recovery menu from @SDIO ) ? If so do that (will take around 6 hours to complete, so at best let it run overnight). After the MLC backup do not navigate any further but turn the console off with a 4 seconds power button press.

After that use wfs-tools to extract all files and folders from that MLC dump and look where it fails. Post that information here and we'll tell you how to continue.

In any case keep the console powered off after the MLC dump and do not turn it back on again untill we tell you to do so.

//EDIT: Oh and let a minute pass between booting the recovery menu and taking the dump. The MLC dumper is still a WIP, so this might be needed to get a good dump.

Just to be sure @V10lator - the SDIO recovery I should use is the one from this post, yes?

I plan to map out my button presses on a working Wii U I have, and then proceed to to it on the bricked one.

V10lator · May 28, 2023

Nuser said:
the SDIO recovery I should use is the one from this post, yes?

No. @SDIO is a user here who has a fork. This fork is still a WIP and pretty hard to find as different versions are spreaded all over the forums. Just be patient, that user will come to this thread and give you a link to said version soon.

SDIO · May 28, 2023

@Nuser I think this therad here is a good starting point: https://gbatemp.net/threads/wii-u-stuck-on-logo.630328/
you also find the files there

Getuliooliveira · May 29, 2023

Hi, goodnight!

I read all thread topics and couldn't find a solution to my problem. Maybe someone can help me? My Wiiu has a very special sentimental value to me.

I bricked my Wiiu, I had it hacked with hackxi, I made the mistake of moving the files from the SD card to an external HD and that's how I bricked the console many years ago. I don't own the files moved to the external hd. All I have here are some files I backed up from when I was using browser unlock.

My WiiU turns on normally and stays in the initial menu, however if I try to access the settings or try to start a game, the console is frozen.

I already tried to record a new title, using Garry's method with Raspberry Pico, the recording in the new title happens successfully, but the problem remains the same.

Can anyone help me? Here is the logs.

Thank you so much guys!

SDIO · May 29, 2023

@Getuliooliveira do you mean the internal memory, when you said SD? do you remember what you moved?

Nuser · May 29, 2023

@SDIO Awesome, thanks! That was the thread I tried to mention but think it got scrapped since I am new user

. I went through the process, but now (after 2.5 hrs) light is stable yellow.

Should I just wait some more?

My timeline / process so far
- Booted udpih with recovery_menu_dumper, renamed to recovery_menu on a 64GB card
- Waited a couple of minutes
- Pressed power button blindly on Wii U to select top option in the menu
- 07:37 - LED turned yellow
- 08:45 - LED flashing yellow and blue (could have started before)
- 10.45 - LED stable yellow (could have started before)
- 11.05 - LED still stable yellow

V10lator · May 29, 2023

@SDIO Maybe one of these: https://wiiu.hacks.guide/#/archive/cbhc/sd-preparation?id=what-you-need but to be fair this sounds more like coincidence than the root of the issue to me.

@Nuser Dumping MLC takes around 6 hours, so you might have to wait some more.

//EDIT: Or maybe @Getuliooliveira had an SD card attached to USB via an adapter? If so the data might have been corrupted even before copying it to the new HDD. Or maybe the HDD is just underpowered?

//EDIT²: @Getuliooliveira What happens when you turn the Wii U off, disconnect the HDD, turn it back on and try to open settings?

SDIO · May 29, 2023

Hm, then take a look at what you have so far on the SD and save it to the PC. I would then recommend to format the SD and run h2wtest on it to see if it is fine and then try again.

Also please post the log from the dumper.

Nuser · May 29, 2023

Alright about 6.5hrs has passed and still just the solid yellow light. Should I try again from the beginning or leave it longer?

SDIO · May 29, 2023

Power it off and...

SDIO said:
Hm, then take a look at what you have so far on the SD and save it to the PC. I would then recommend to format the SD and run h2wtest on it to see if it is fine and then try again.

Also please post the log from the dumper.

Nuser · May 29, 2023

SDIO said:
Power it off and...

Ah sorry, thought that was a reply to the other poster. I did not get a good dump on first try - not even a usable log, it just shows 0kb. Attached screenshot shows all files that were dumped.

Gone through and tested with h2wtest and no apparent issue with SD card.

Formatted the card with guiformat and 32kb unit allocation size and started over, but so far LED is just stable yellow after 5 minutes.

SDIO · May 29, 2023

Dumping the SLC takes longer than 5 minutes, then probably there also something went wrong. I guess we give up with the recovery.
You could use de_fuse with minute_minute to do the dumps, or you could go straight to NAND-AID and dump the MLC through hardware.

Valery0p · May 30, 2023

@Nuser I suggest giving de_Fuse a try, it's easier to install and gives you more control on the console.

Post automatically merged: May 30, 2023

Getuliooliveira said:
Hi, goodnight!

I read all thread topics and couldn't find a solution to my problem. Maybe someone can help me? My Wiiu has a very special sentimental value to me.

I bricked my Wiiu, I had it hacked with hackxi, I made the mistake of moving the files from the SD card to an external HD and that's how I bricked the console many years ago. I don't own the files moved to the external hd. All I have here are some files I backed up from when I was using browser unlock.

My WiiU turns on normally and stays in the initial menu, however if I try to access the settings or try to start a game, the console is frozen.

I already tried to record a new title, using Garry's method with Raspberry Pico, the recording in the new title happens successfully, but the problem remains the same.

Can anyone help me? Here is the logs.

Thank you so much guys!

You might also want to try and make a MLC dump to see what's wrong, doesn't look like the situation is too bad. Can you still run the homebrew channel, via haxchi or the browser exploit?

iCaiman · Jun 11, 2023

Hi everyone!
My Wii U it's stucked into "delete all content and settings" window. My console was not hacked or modified, I was doing a factory reset and got stuck on that screen.
I have the logs but I don't know what I have to do. If someone could help me it would be a great help. Thank you so much.

SDIO · Jun 12, 2023

I see the crash in the logs, but I am not sure whats causing it. Did you have problems before or why are you doing a factory reset?

If no one else has a better Idea, I would suggest to use the wupclient to change inital_launch in /vol/system/proc/prefs/cafe.xml from 255 to 0, this will cancel the factory reset and launch the initial setup.

iCaiman · Jun 13, 2023

SDIO said:
I see the crash in the logs, but I am not sure whats causing it. Did you have problems before or why are you doing a factory reset?

If no one else has a better Idea, I would suggest to use the wupclient to change inital_launch in /vol/system/proc/prefs/cafe.xml from 255 to 0, this will cancel the factory reset and launch the initial setup.

I had no problem before, the console belonged to a relative and I wanted to delete everything to set up my account. The Wii U got stuck while formatting and every time I reboot the Wii U, after the logo I get the "delete all content and settings" screen and it freezes.

I don't know how to use wupclient, any recommendation or how to do it?

USB Descriptor Parsing Is Hard (UDPIH)​

What does this mean?​

Requirements​

Supported devices:​

Instructions​

Pico​

Raspberry Pi Zero (Linux)​

Booting the recovery_menu​

Wii U Recovery Menu​

Options​

Credits​

Well-Known Member

Well-Known Member

Member

Attachments

Well-Known Member

Member

Well-Known Member

Well-Known Member

Member

Attachments

Well-Known Member

Member

Well-Known Member

Well-Known Member

Member

Well-Known Member

Member

Attachments

Well-Known Member

Well-Known Member

New Member

Attachments

Well-Known Member

New Member

Similar threads

Popular threads in this forum

USB Descriptor Parsing Is Hard (UDPIH)

What does this mean?

Requirements

Supported devices:

Instructions

Pico

Raspberry Pi Zero (Linux)

Booting the recovery_menu

Wii U Recovery Menu

Options

Credits