Hacking Hykem's 5.5 iosu Exploit

thekarter104 · Jan 7, 2016

WeedZ1985 said:
Thought is was going to be a Christmas present? Anyway, I'm calling bullshit and moving on with my life at this point.

Same here tbh, I'm about to stop checking GBATemp for atleast a while now, especially when there's like 10+ pages on offtopic discussion BS.
The exploit might or might not be released. A co-worker said the exploit will not be released anyway.

aracom · Jan 7, 2016

Maschell said:
You can't the c++ functions names, you have to use the right (internal?) functionname. Use ida for this.
e.g. for nn::ac::GetPersistentIdEx() I had to use GetPersistentIdEx__Q2_2nn3actFUc

Thanks, it was GetMyScreenName__Q2_2nn2fpFPw, but I'm still getting a blue screen :/ I commented out the final use of the function, and it seems to get the handle and the export just fine, so it has to do with how I'm using GetMyScreenName. I guess that's how reverse engineering works, right? Many tries and many crashes

oPolo · Jan 7, 2016

MRJPGames said:
That's not a problem due to this one word: emuNAND.
Ore in multible words: emuNAND allows us to upgrade to the latest firmware but instead of updating the Wii U's firmware you upgrade the firmware on a SD or maybe even a USB and then boot the firmware from that. So your sysNAND stays outdated (5.5) and you update your emuNAND (5.6 or 6.0 and later).

Where did you get the notion that it allows that?

davetheshrew · Jan 7, 2016

calm down will you. Look, as is normal with these things, they might not say it, but its true, hear me out.

A lot of the time hackers release an exploit days after a firmware update thus not pissing off the manufacturer of said device as much as it would to release an exploit on current firmware, which would spark a war between manufacturer and hacker with more chance of closing holes in defenses. Only super lucky people that stayed on a modded dns will get a chance (hint: dont update on the 12th), eventually said manufacturer gets tired and moves to a new device, then users get a silver bullet exploit, this is regular on many devices. Yes Im speculating, but it happened on the xbox 360, wii, ps3 now is end of life so current hack is now the silver bullet exploit, unless sony updates again, which is very doubtful.

Dont update, wait, and you should with luck all get what you want, then spoof to current fw, enjoy.

SonyUSA · Jan 7, 2016

Wolololo said:
It's not trivial: it takes several hours of digging into a 500 pages thread to find the information, for anyone who does not follow the subject on a daily basis. I know, because that's exactly what I had to do to write the article
It does not spread drama: If you read the article, you've seen I've been extremely careful to not include anything that has confirmed to be inaccurate or irrelevant to the current status.

Just sayin'

Maybe not, but the information is arbitrary. Knowing about plutoo's post and ensuing actions that ultimately just lead back to us waiting for Hykem to release doesn't really do anything for the layman, it just makes extra (arguably useless) information about the whole proceedings that they have to read. The short of it is, that whole situation can be safely ignored because nothing really changed from before it happened to after it happened.

Edit: Added Hykem's userpage link to OP

smileyhead · Jan 7, 2016

A question regarding this exploit: Can I load Wii backups with it?

Mazamin · Jan 7, 2016

IS THE EXPLOIT ALREADY RELEASED?
edit: fixed typo

TotalInsanity4 · Jan 7, 2016

Dr.Crygor 07 said:
IS THE EXPLOIT YES RELEASED?

Assume no at all times, then read the OP for the answer

Thirty3Three · Jan 7, 2016

Dr.Crygor 07 said:
IS THE EXPLOIT YES RELEASED?

THE EXPLOIT IS NO RELEASED!

Maschell · Jan 7, 2016

aracom said:
Thanks, it was GetMyScreenName__Q2_2nn2fpFPw, but I'm still getting a blue screen :/ I commented out the final use of the function, and it seems to get the handle and the export just fine, so it has to do with how I'm using GetMyScreenName. I guess that's how reverse engineering works, right? Many tries and many crashes

Maybe it crashes because it write the Name into a array to have in the parameter? Try
GetMyScreenName(char16 buf[11]). Make sure you use Initialize and Finalize!

Mazamin · Jan 7, 2016

TotalInsanity4 said:
Assume no at all times, then read the OP for the answer

Thirty3Three said:
THE EXPLOIT IS NO RELEASED!

THANKS GOD! Let's stay away from noobs for a bit time!

I only read some strings of codes and I thought it was released LOL

Maximilious · Jan 7, 2016

smileyhead said:
A question regarding this exploit: Can I load Wii backups with it?

Wii backups are already possible in vWii, find the respective guides for those in the stickies section.

As for Wii U backups, this is already possible via Loadiine on version 5.3.2 (and other versions now I think as well), but not from USB storage. With the IOSU exploit we will (hopefully) be able to load backups from USB going forward.

smileyhead · Jan 7, 2016

Maximilious said:
Wii backups are already possible in vWii, find the respective guides for those in the stickies section.

As for Wii U backups, this is already possible via Loadiine on version 5.3.2 (and other versions now I think as well), but not from USB storage. With the IOSU exploit we will (hopefully) be able to load backups from USB going forward.

I know, I just didn't want to spend money on games I would only use for installing the HBC.

aracom · Jan 7, 2016

Maschell said:
Maybe it crashes because it write the Name into a array to have in the parameter? Try
GetMyScreenName(char16 buf[11]). Make sure you use Initialize and Finalize!

I figured out that I have to use a wchar_t*, and it doesn't crash when simply using the function + var, but I don't have a way to display that since all printing functions only take char* and I haven't found a (working) way to convert wchar_t to char without using wcstombs

Current code:

Code:

            unsigned int fp_handle;
            OSDynLoad_Acquire("nn_fp.rpl", &fp_handle); //get nn_fp
           
            __os_snprintf(flags.output, 1000, "\ngot fp");
                       
            void(*GetMyScreenName)();            
            OSDynLoad_FindExport(fp_handle, 0, "GetMyScreenName__Q2_2nn2fpFPw", &GetMyScreenName);           
            void(*Initialize)();
            OSDynLoad_FindExport(fp_handle, 0, "Initialize__Q2_2nn2fpFv", &Initialize);
            void(*Finalize)();            
            OSDynLoad_FindExport(fp_handle, 0, "Finalize__Q2_2nn2fpFv", &Finalize);   

            __os_snprintf(flags.output, 1000, "\ngot exports");
                      
            //Initialize(); //Init
           
            typedef unsigned long wchar_t;
            wchar_t * MiiName = L"hi" ;
            GetMyScreenName(&MiiName);

            __os_snprintf(flags.output, 1000, MiiName);
            //Finalize();

This gives me a black screen(no crash, can go back to the menu). When uncommenting Initialize() and Finalize(), I get a blue screen again, wich probably means I'm not using them right.

SonyUSA · Jan 7, 2016

aracom said:
I figured out that I have to use a wchar_t*, and it doesn't crash when simply using the function + var, but I don't have a way to display that since all printing functions only take char* and I haven't found a (working) way to convert wchar_t to char without using wcstombs
Current code:

Code:

unsigned int fp_handle; OSDynLoad_Acquire("nn_fp.rpl", &fp_handle); //get nn_fp __os_snprintf(flags.output, 1000, "\ngot fp"); void(*GetMyScreenName)(); OSDynLoad_FindExport(fp_handle, 0, "GetMyScreenName__Q2_2nn2fpFPw", &GetMyScreenName); void(*Initialize)(); OSDynLoad_FindExport(fp_handle, 0, "Initialize__Q2_2nn2fpFv", &Initialize); void(*Finalize)(); OSDynLoad_FindExport(fp_handle, 0, "Finalize__Q2_2nn2fpFv", &Finalize); __os_snprintf(flags.output, 1000, "\ngot exports"); //Initialize(); //Init typedef unsigned long wchar_t; wchar_t * MiiName = L"hi" ; GetMyScreenName(&MiiName); __os_snprintf(flags.output, 1000, MiiName); //Finalize();

This gives me a black screen(no crash, can go back to the menu). When uncommenting Initialize() and Finalize(), I get a blue screen again, wich probably means I'm not using them right.

#wiiudev on Ef

LysergCooltyp · Jan 7, 2016

smileyhead said:
I know, I just didn't want to spend money on games I would only use for installing the HBC.

You always had to spend money on a a game either way be it the real Wii or vWii. If 10 bucks hurt you that much, then i can't imagine how you managed to afford a console and supportive hardware.

Margen67 · Jan 7, 2016

LysergCooltyp said:
You always had to spend money on a a game either way be it the real Wii or vWii. If 10 bucks hurt you that much, then i can't imagine how you managed to afford a console and supportive hardware.

He could also borrow the game from a friend or something.

BDP · Jan 7, 2016

I can't wait until Hykem just BOOM drops the code out of nowhere and shuts the haters and naysayers right up.

moops44 · Jan 7, 2016

BDP said:
I can't wait until Hykem just BOOM drops the code out of nowhere and shuts the haters and naysayers right up.

and on first place BS posts like this will finally stop :bow:

Miles54321 · Jan 7, 2016

Hm, still nothing

Hacking Hykem's 5.5 iosu Exploit

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

We're all mad here

I like cute stuff.

Well-Known Member

GBAtemp Supreme Overlord

Musician Member

Well-Known Member

Well-Known Member

Whistles a familiar tune

I like cute stuff.

Well-Known Member

We're all mad here

I don't know why the microwave burns

Dirty entited pirate

Member

Prince of Darkness

Well-Known Member

Similar threads

Popular threads in this forum