Hacking 5.5.0 progress

[kingraa777]

Not all of us are nasty and not all of us are kids personally I'm board of waiting but still respect the work devs, ect have done so anything is welcome

 

[Costello]

please stay on topic

if you go off topic or reply to an off topic post again, you expose yourself to a warn level increase and/or a suspension

thanks

 

[DarkJediRey]

so an elf loader is the only way to get around the size limit on apps for 5.5.0? is there a laymen explanation as to how something like this gets built?
also, even tho I'd probably be completely lost, i think I'd also learn something if Mr. Rean makes a guide

 

[lonemoonHD]

please stay on topic

if you go off topic or reply to an off topic post again, you expose yourself to a warn level increase and/or a suspension

thanks

Not my fault. Nevertheless, kudos for maintaining control.

so an elf loader is the only way to get around the size limit on apps for 5.5.0?

I think so. After all, Loadiine is .elf based already (which I previously thought untrue), so it probably has to do with the size limit (smirk). I think loading time may have some part in it, I'm not sure if .elf can be read faster.

 

[DarkJediRey]

what i don't understand is would an elf loader be able to launch directly in userspace after the entrypoint exploit? or does it need access to ram? excuse my ignorance if i'm way out in left field here.

 

[lonemoonHD]

what i don't understand is would an elf loader be able to launch directly in userspace after the entrypoint exploit? or does it need access to ram? excuse my ignorance if i'm way out in left field here.

If you take over PPC kernel, you can run .elf files and modify RAM too.

 

[DarkJediRey]

so basically a kexploit is needed first.

 

[lonemoonHD]

so basically a kexploit is needed first.

In theory, if you upgraded to supervisor mode, I think that would also work, even though a good kexploit > supervisor mode.

 

[lonemoonHD]

so basically a kexploit is needed first.

Forgot to mention this: .elf files can be loaded at any memory address by the kernel, meaning it is actually probable at best to activate certain parts of memory by the .elf if you have sufficient permissions.

Since the image features of a system look-ups and relocatable table, the .elf file can be adjusted to the offset from the memory address it was loaded in.

The .elf has sections of data in it that determine which address it will load itself in (actually, the console loads it, the image just tells the console to read it in there).

This means that if you had an image which could access an important memory address, you could possess it if the .elf had the power to control it. Though, with only usermode, it would prove really tricky.

 

[darrin41]

I post the links for 5.5.0
Hello World: http://jasper.debug-it.nl/wiiu/helloworld550.mp4
Pong: http://josamilu.de/wiiu/2/pong.mp4
Picture Drawing Test (the picture is only on the tv, not the gamepad): http://josamilu.de/wiiu/imglib.mp4
Keys Test: See there

im on 5.5.1 tried pong black screen?

 

[rw-r-r_0644]

im on 5.5.1 tried pong black screen?

Strange. Working for me. My Wii U should be magic then: I never had problems running any hombrew application...
Maybe is somehow related to wii u region but i don't think so. I can only suggest you to clear browser cache and try again. If it still doesn't work you could also try to host them on your computer.

 

[Bkool999]

Just bumping this thread so it doesn't fall into obscurity.

 

[Leanny]

Is here anyone who got the Socket thing to work? For me it freezes when the Wii U is about to receive or to send data and I really don't know why. The example from the example dictionary also freezes, in case you suggest this.

 

[josamilu]

Is here anyone who got the Socket thing to work? For me it freezes when the Wii U is about to receive or to send data and I really don't know why. The example from the example dictionary also freezes, in case you suggest this.

Yes. I can send you my code if you remind me tomorrow.

 

[eliboa]

Is here anyone who got the Socket thing to work? For me it freezes when the Wii U is about to receive or to send data and I really don't know why. The example from the example dictionary also freezes, in case you suggest this.

For me too. I can get it to work as long as I don't call the socket functions in a loop. Also, it seems that you can't use this if you force quit the browser.
In fact, when you call the recv fucntion when there's nothing to receive it freezes.

Yes. I can send you my code if you remind me tomorrow.

I'm interested too

 

[miesssiee]

Question, (I'm sorry if anybody else already asked this question) how can I update an original game (with disc) without updating to 5.5.1? Is this even possible? I really would like to stay on 5.5.0 just to be sure..

Spoiler: Still scared..

I mean.. you never know what complications might come with this IOSU Exploit for 5.5.1.. even if it does work on 5.5.1 we don't know if there are differences in working capacity

 

[Deleted User]

Question, (I'm sorry if anybody else already asked this question) how can I update an original game (with disc) without updating to 5.5.1? Is this even possible? I really would like to stay on 5.5.0 just to be sure..

Spoiler

I mean.. you never know what complications might come with this IOSU Exploit for 5.5.1.. even if it does work on 5.5.1 we don't know if there are differences in working capacity

5.5.0 and 5.5.1 are almost identical. You might as well update to 5.5.1 because of this. The IOSU exploit will work exactly the same way on 5.5.1 as it would on 5.5.0

 

[eliboa]

Is here anyone who got the Socket thing to work? For me it freezes when the Wii U is about to receive or to send data and I really don't know why. The example from the example dictionary also freezes, in case you suggest this.

I finally managed to get it to work.
The freeze was caused by the revc() function. I don't know why but it kept waiting and waiting for something to receive...
So I've set the flag on MSG_DONTWAIT to enable the non-blocking operation option.
Value for MSG_DONTWAIT is 0x20 :

recv(pc, buffer, 512, 0x20);

Besides, I found out that you can use sockets even after you force quit browser. You have to initialize the socket library in order to do that :

int (*socket_lib_init)(void);
OSDynLoad_FindExport(nsysnet_handle, 0, "socket_lib_init", &socket_lib_init);
socket_lib_init();

Edit : you can also use MSG_DONTWAIT flag in send function

 

[Leanny]

Thank you, I'll try it out!

 

[eliboa]

Speaking of programming issues, does anyone know how to get a random number without using a function that uses specific library, such as rand() or srand().
I can get a timestamp from OSGetTime in coreinit.rpl but I don't know how to write a function that will return a number in a specific range !?