UDPIH: USB Host Stack exploit + Recovery Menu

qjamal · Sep 14, 2024

ToothyNom said:
@GaryOderNichts is there a way i could check? I am using Mac but it shouldn't affect anything. Pico disconnects after copying the file, and SD card is also formatted and works in 3ds, not sure what else it could be

Pick disconnects after coping uf2 file. It's quite normal

Post automatically merged: Sep 15, 2024

qjamal said:
Pick disconnects after coping uf2 file. It's quite normal

I've seen quite a few videos about the UDPih fix, but no one has mentioned the minimum firmware version required for it.

Party4myday1s · Oct 1, 2024

So my Wii U has the Hynix chip and gets the NAND error of 160-0103, The thing is that it ONLY gets that error ONLY when it plays Mario Kart 8. That is litteraly the only game when I get the error. I was wondering if THAT, is enough to want to use the UDPIH on a raspberry pi in order to fix it?
Also if I do use UPDIH, will it affect the current console at all? Like will it reset the console and its data at all, or will it just boot back into Aroma just as normal?

Orangelampshade · Oct 3, 2024

Do I still use the PAL Europe coldboot title for PAL regions outside of Europe? For example AUS PAL which is what I have

SDIO · Oct 4, 2024

qjamal said:
I've seen quite a few videos about the UDPih fix, but no one has mentioned the minimum firmware version required for it.

5.5.x firmwares work. So 5.5.0 is the minimum version. (as far as we know, not sure if anyone actually tried 5.5.0)

Party4myday1s said:
So my Wii U has the Hynix chip and gets the NAND error of 160-0103, The thing is that it ONLY gets that error ONLY when it plays Mario Kart 8. That is litteraly the only game when I get the error. I was wondering if THAT, is enough to want to use the UDPIH on a raspberry pi in order to fix it?
Also if I do use UPDIH, will it affect the current console at all? Like will it reset the console and its data at all, or will it just boot back into Aroma just as normal?

=> Continue in your thread: https://gbatemp.net/threads/error-160-0103-updih-mario-kart-8-situation.661512/

Orangelampshade said:
Do I still use the PAL Europe coldboot title for PAL regions outside of Europe? For example AUS PAL which is what I have

There are only 3 Regions on the Wii U: JPN, US, EU. Which one you have, you can find on the sticker on the bottom.

Taleweaver · Oct 4, 2024

I'm trying to set up udpih on my steam deck following this guide. The linked URL to disable the read-only filesystem and initialize the pacman keyring is down, but some google-fu on my part got that to work. Other than that, it worked fine until near the very end: building the kernel with these commands:

cd linux
make

...where it just says that the make command wasn't found. This was probably exclusive for the raspberry pi (both guides converge at this point), but I can't find the alternative for the steam deck.

Any help?

relevant chunk of konsole output below:

(1)(deck@steamdeck ~)$ git clone https://github.com/GaryOderNichts/udpih.git
cd udpih
Cloning into 'udpih'...
remote: Enumerating objects: 144, done.
remote: Counting objects: 100% (144/144), done.
remote: Compressing objects: 100% (82/82), done.
remote: Total 144 (delta 71), reused 124 (delta 55), pack-reused 0 (from 0)
Receiving objects: 100% (144/144), 73.42 KiB | 424.00 KiB/s, done.
Resolving deltas: 100% (71/71), done.
(deck@steamdeck udpih)$ curl -L https://github.com/GaryOderNichts/udpih/releases/latest/download/arm_kernel.bi
n.h > arm_kernel/arm_kernel.bin.h
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 12390 100 12390 0 0 5006 0 0:00:02 0:00:02 --:--:-- 17280
(deck@steamdeck udpih)$ cd linux
make
bash: make: command not found
(127)(deck@steamdeck linux)$ make
bash: make: command not found
(127)(deck@steamdeck linux)$ sudo insmod udpih.ko
[sudo] password for deck:
insmod: ERROR: could not load module udpih.ko: No such file or directory

Orangelampshade · Oct 6, 2024

SDIO said:
There are only 3 Regions on the Wii U: JPN, US, EU. Which one you have, you can find on the sticker on the bottom.

Hey there is actually no mention of those regions on the sticker. The Australian console has the AUS region. If I’m missing something please tell me.

SDIO · Oct 6, 2024

Oh you are right. What title is it set to currently?

Orangelampshade · Oct 6, 2024

SDIO said:
Oh you are right. What title is it set to currently?

That I don’t actually know. I think It would have to be EUR as they are both pal regions?

Either way I have no video output/os crashes and I’m waiting for a pico to do some diagnostics. That was going to be my next question

SDIO · Oct 6, 2024

If the problem is no screen output, then the problem isn't the coldboot title.
I suggest looking at the troubleshooting guide in my signature

Taleweaver · Oct 6, 2024

Taleweaver said:
I'm trying to set up udpih on my steam deck following this guide. The linked URL to disable the read-only filesystem and initialize the pacman keyring is down, but some google-fu on my part got that to work. Other than that, it worked fine until near the very end: building the kernel with these commands:

cd linux
make

...where it just says that the make command wasn't found. This was probably exclusive for the raspberry pi (both guides converge at this point), but I can't find the alternative for the steam deck.

Any help?

relevant chunk of konsole output below:

(1)(deck@steamdeck ~)$ git clone https://github.com/GaryOderNichts/udpih.git
cd udpih
Cloning into 'udpih'...
remote: Enumerating objects: 144, done.
remote: Counting objects: 100% (144/144), done.
remote: Compressing objects: 100% (82/82), done.
remote: Total 144 (delta 71), reused 124 (delta 55), pack-reused 0 (from 0)
Receiving objects: 100% (144/144), 73.42 KiB | 424.00 KiB/s, done.
Resolving deltas: 100% (71/71), done.
(deck@steamdeck udpih)$ curl -L https://github.com/GaryOderNichts/udpih/releases/latest/download/arm_kernel.bi
n.h > arm_kernel/arm_kernel.bin.h
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 12390 100 12390 0 0 5006 0 0:00:02 0:00:02 --:--:-- 17280
(deck@steamdeck udpih)$ cd linux
make
bash: make: command not found
(127)(deck@steamdeck linux)$ make
bash: make: command not found
(127)(deck@steamdeck linux)$ sudo insmod udpih.ko
[sudo] password for deck:
insmod: ERROR: could not load module udpih.ko: No such file or directory

Okay...solved my own issue. After some googling and trying, this guide (https://wiki.archlinux.org/title/Pacman/Package_signing#:~:text=the entire cache.-,Resetting all the keys,re-add the default keys.) gave answers. More specific: part 1.1. More more specific: I changed in \etc\pacman.conf the line "SigLevel = Required DatabaseOptional" to "SigLevel = TrustAll" (sooo...whee, win XP security

).

I'm still not there yet, though. That earlier 'make' command worked, but "sudo insmod udpih.ko" showed nothing on my steam deck (no invalid command or anything). Not sure if that's by design, but I kind of doubt so. :- \

Regardless, I just prepped a FAT32 sd card with recoverymenu. in it's root folder (kb), and then started trying. Results: nothing so far. Steam deck picture remains the same throughout, wiiu itself boots the way it always does (that is: not at all aside the "wiiu logo" on pad and TV. more info: https://gbatemp.net/threads/is-my-wiiu-dead.648336/). Sometimes the TV remains black, but I'm not sure it has anything to do with my shenanigans.

(1)(deck@steamdeck udpih)$ curl -L https://github.com/GaryOderNichts/udpih/releases/latest/download/arm_kernel
.bin.h > arm_kernel/arm_kernel.bin.h
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 12390 100 12390 0 0 5401 0 0:00:02 0:00:02 --:--:-- 318k
(deck@steamdeck udpih)$ cd linux
make
make -C /lib/modules/6.1.52-valve16-1-neptune-61/build M=/home/deck/udpih/linux modules
CC [M] /home/deck/udpih/linux/main.o
CC [M] /home/deck/udpih/linux/utils.o
CC [M] /home/deck/udpih/linux/../common/device.o
LD [M] /home/deck/udpih/linux/udpih.o
MODPOST /home/deck/udpih/linux/Module.symvers
CC [M] /home/deck/udpih/linux/udpih.mod.o
LD [M] /home/deck/udpih/linux/udpih.ko
BTF [M] /home/deck/udpih/linux/udpih.ko
(deck@steamdeck linux)$ sudo insmod udpih.ko
(deck@steamdeck linux)$
(deck@steamdeck linux)$

Orangelampshade · Oct 7, 2024

SDIO said:
If the problem is no screen output, then the problem isn't the coldboot title.
I suggest looking at the troubleshooting guide in my signature

I’ve read the guide, it’s really informative. I know my os is crashing as well as there being no video output. I’ve spoken to someone who had the exact same symptoms where setting coldboot title was part of the solution, so I was willing to give it a shot. The main objective though was to gather some logs to better understand what is wrong. Dump syslogs is the correct option for this case, right?

Taleweaver · Oct 8, 2024

Hmm...I've got more news to report from my end (see also my previous posts)...

Simply said: whenever I boot as normal (or mess up the plug in timing of the device, or don't have the SD card inserted), it remains stuck on the wiiu logo screen on both TV and gamepad.
If, however, I time it just right(1) I get a black screen on the television every single time. I tried it on two televisions & HDMI cables, but couldn't get the menu screen or even a garbled one to appear.
But then I presumed...what if udpih is actually working? What if it's active despite not showing anything on the screen?
So I did two more tests: one to attempt to dump the syslogs and one to dump the OTP & seeprom. Both blind (aka: eject, power....wait...restart udpih...eject, eject, power...wait).
This worked.

As you can imagine, I tried to reset the coldboot title this way as well. And if a random youtube vid is to believe, the process should be:
<start udpih>
power (reset coldboot title as first option)
eject, eject (to select Europe...my own wiiu's region)
power (to select to set Europe's wiiu menu)
<wait a bit>
<reset>

This...didn't work (still same output without anything fancy connected). I tried it twice, but obviously: without anything on screen, there could be any reason the whole unbricking thing failed.

I've got the logs, but I don't know how to read them or even which ones to read (it's literally 100 log files of around 650 lines each). Can anyone help me out here?

(1): from somewhere in the earlier replies: upon starting, the wiiu goes 'bbbuuzzz beeeezzzz....buuzz beeezzz". It's somewhere slightly in the middle. If you have a working gamepad like me, it's even easier: plug in the USB-cable(2) the moment the blue light on the gamepad springs to life.
(2): another quality of life: plug the USB-A cable in the wiiu beforehand and have the USB-C end near your device - steam deck in my case - ready to go. It's easier to plug

SDIO · Oct 8, 2024

Taleweaver said:
As you can imagine, I tried to reset the coldboot title this way as well.

Why?

Taleweaver said:
This...didn't work (still same output without anything fancy connected). I tried it twice, but obviously: without anything on screen, there could be any reason the whole unbricking thing failed.

What did you expect? How should that help with anything?

Taleweaver said:
I've got the logs, but I don't know how to read them or even which ones to read (it's literally 100 log files of around 650 lines each). Can anyone help me out here?

You didn't append the logs. Just zip the whole logs folder and append it to the post.

Taleweaver said:
(1): from somewhere in the earlier replies: upon starting, the wiiu goes 'bbbuuzzz beeeezzzz....buuzz beeezzz". It's somewhere slightly in the middle. If you have a working gamepad like me, it's even easier: plug in the USB-cable(2) the moment the blue light on the gamepad springs to life.

Your system seems to crash pretty early, so you need to use udpih earlier than usual to race the crash. At that point the screen isn't inited, so you won't see anything.

I suggest you install ISFShax before it gets worse...

Post automatically merged: Oct 8, 2024

Orangelampshade said:
I’ve read the guide, it’s really informative. I know my os is crashing as well as there being no video output. I’ve spoken to someone who had the exact same symptoms where setting coldboot title was part of the solution, so I was willing to give it a shot. The main objective though was to gather some logs to better understand what is wrong. Dump syslogs is the correct option for this case, right?

You get the logs if you are lucky enough and UDPIH still works. The more you mess with it, without knowing whats going on the worse it might get. Messing with the coldboot title won't do anything or you, as that isn't your problem.
Might be even better to install ISFShax directly and then just dump the logs through minute.

Orangelampshade · Oct 9, 2024

SDIO said:
You get the logs if you are lucky enough and UDPIH still works. The more you mess with it, without knowing whats going on the worse it might get. Messing with the coldboot title won't do anything or you, as that isn't your problem.
Might be even better to install ISFShax directly and then just dump the logs through minute.

Ok I take your point, I’ll start with the logs and work my way forward. The person I bought it from said it stopped working during a software update.

I’ll look into isfshax as I’m not familiar with it. Thank you

Taleweaver · Oct 9, 2024

SDIO said:
Why?

What did you expect? How should that help with anything?

Well...my wiiu was originally hacked with haxchii. Worked fine for years...until it suddenly wouldn't boot anymore past the wiiu logo. I can't exactly proof it was bricked by that, but it didn't display the "now entering haxchii" (forgot exact wording) either. So the whole meddling with udpih was an attempt to get it fixed.

SDIO said:
You didn't append the logs. Just zip the whole logs folder and append it to the post.

Good point. I've added them now.

SDIO said:
Your system seems to crash pretty early, so you need to use udpih earlier than usual to race the crash. At that point the screen isn't inited, so you won't see anything.

Erm...correct me if I'm wrong with this reasoning: the fact that the display isn't initialised for udpih is an indication that it isn't the coldboot that's the issue with my device...correct?

SDIO said:
I suggest you install ISFShax before it gets worse...

Post automatically merged: Oct 8, 2024

You get the logs if you are lucky enough and UDPIH still works. The more you mess with it, without knowing whats going on the worse it might get. Messing with the coldboot title won't do anything or you, as that isn't your problem.
Might be even better to install ISFShax directly and then just dump the logs through minute.

Thanks. I'll see what that brings up.
(though unsure: does that generate different logs than the one udpih put out?)

SDIO · Oct 9, 2024

OK setting the coldboot title would fix a CBHC brick, if it where one. But in your case it isn't caused by CBHC. In case of a CBHC brick, you would see an 160-0103 or 160-0101 message, it would not just freeze on the Wii U logo.

From your logs it's clearly a bad eMMC. In specific, its a font that is corrupted by that, which also matches exaclt the sympthoms you described.

Code:

00:00:08:310: mmc_core card err: idx=3, lba=55302144, blks=1024, xfer=0x1, ret=0x00200b40
00:00:08:348: mmc_core card err: idx=3, lba=55302144, blks=1024, xfer=0x1, ret=0x00200b40
00:00:08:348: mdblk: err=-131099, mid=0x90, prv=0x5c, pnm=[HYNIX ]
00:00:08:405: FSA: ### MEDIA ERROR ###, dev:mlc01, err:-2228230, cmd:11, path:(null)
00:00:08:405: failed to read file /vol/storage_mlc01/sys/title/0005001b/10042400/content/CafeCn.ttf, err -196673
00;00;08;285: ***LoadShared - WaitLoadComplete(8388608,4721996) failed with error -196673 on file "CafeCn.ttf".

So if you haven't already: install ISFShax before it is too late. Then decide if you want to fix that with MLC2SD or redNAND.

minute would dump exaclty the same logs as the udpih recovery, they just copy the logfiles from one folder on the SLC.

PS: finally someone who names the archive with the logs propery, so I don't get an conflict when extracting them....

AcuteBulbasaurappears · Friday at 7:09 PM

Hey I edited the hbm2-2.pack file and since the my console got bricked. It doesn't boot into aroma and it doesn't boot into tiramisu. At least it does boot into vWii menu. Now I tried using the WiiU recovery menu with a raspberry pi pico. But this happens as followed: 1. When I put the pico into the console seemingly to early it freezes on the WiiU screen. 2. When I'm seemingly too late, it freezes on my aroma splash screen and 3. When I think I hit it on the right time, it gives me a black screen.

USB Descriptor Parsing Is Hard (UDPIH)​

What does this mean?​

Supported devices:​

Instructions​

Device Setup​

Booting the recovery_menu​

Wii U Recovery Menu​

Options​

Credits​

Member

New Member

Member

Well-Known Member

Storywriter

Member

Attachments

Well-Known Member

Member

Well-Known Member

Storywriter

Member

Storywriter

Well-Known Member

Member

Storywriter

Attachments

Well-Known Member

Active Member

Similar threads

Popular threads in this forum

USB Descriptor Parsing Is Hard (UDPIH)

What does this mean?

Supported devices:

Instructions

Device Setup

Booting the recovery_menu

Wii U Recovery Menu

Options

Credits