Toggle sidebar

Hacking 5.5.0 progress

  • Thread starter Thread starter GOT4N
  • Start date Start date
  • Views Views 372,979
  • Replies Replies 1,267
  • Likes Likes 23
NWPlayer123 said:
oh, psh, I'm not sure how they handle the LAN adapter, but cause you have to have it set up in settings, it pipes thru IOSU somehow, you can't access USB storage specifically, they have seperate interfaces for all the other kinds.
Human Interface Devices (eg the Gamecube adapter and a keyboard and mouse if you were that crazy about True Internet Experience™)
Communications Device Class that DRH uses to communicate with the Gamepad
UAC (USB Audio Class if you plugged in a microphone and wanted to use it, I actually remember doing that when MN1 and I were testing stuff lmao)
USB-MIDI which I'm not sure of a use case
USB storage is UHS which is what IOS-MCP keeps locked down
http://wiiubrew.org/wiki/IOSU#IOS-USB
Click to expand...

Not sure if this would work, but how about using USB-HID as an entrypoint?
I remember seeing a USB stick with an unlocked driver partition, in which one could insert files or code that made the device look like another, normally used to skip newer AutoRun Windows's security measures.
If code was injected in these to create a denial of service attack, invoking a kernel panic and before crashing redirecting the ELF loader to a code interpreter that would translate the payload as a HID input that would load a chain of privilege escalation by overloading the system, then replacing certain data in RAM as to load a limited version of CFW with debug capabilities, as such allowing deeper access into the system? Or is this not possible for some reason?
 
Mic1604 said:
Not sure if this would work, but how about using USB-HID as an entrypoint?
I remember seeing a USB stick with an unlocked driver partition, in which one could insert files or code that made the device look like another, normally used to skip newer AutoRun Windows's security measures.
If code was injected in these to create a denial of service attack, invoking a kernel panic and before crashing redirecting the ELF loader to a code interpreter that would translate the payload as a HID input that would load a chain of privilege escalation by overloading the system, then replacing certain data in RAM as to load a limited version of CFW with debug capabilities, as such allowing deeper access into the system? Or is this not possible for some reason?
Click to expand...
It wouldn't work because the attackbis normally based on making it look like a keyboard (or other HID input device) but WiiU only accept USB storage devices and doesn't care if you connect almost any other type of usb device (apart USB-Ethernet adapter)
 
rw-r-r_0644 said:
It wouldn't work because the attackbis normally based on making it look like a keyboard (or other HID input device) but WiiU only accept USB storage devices and doesn't care if you connect almost any other type of usb device (apart USB-Ethernet adapter)
Click to expand...
Since it doesn't care, it doesn't expect it and as such shouldn't be protected against it, right? Or did I get it wrong?
 
vasalpa said:
Yeah, the bad thing though is that I will have to buy a game which comes on 5.3.2 (which is a risk I believe) so the cost is a bit more!
Click to expand...
Idea: See who's selling such a game on Kijiji, ask to pay them $10 or so to being your Wii U to their place and simply update your Wii U, and they get the game back. It's already used, and if you explain the reason for this, I think they would be fine. They get an extra amount of money from it and still get to keep it.
 
@Rectofki - Do people even read anymore? Right on the first repo, it states that "This is not a troll account. Nor the real Hykem. Just grabbing the name, so no more trolls grab it and fake".

brienj said:
And his twitter is open, the games continue - https://twitter.com/hykemthedemon
Click to expand...
Wow, he isn't going to focus on nor release the IOSU exploit that's completed? I totally fucking called it! And you all kept flaming me for calling it. (Though I'm skeptical because anyone could've grabbed his username after it got deleted; just like the Github account.)
 
Last edited by FusionGamer,
FusionGamer said:
@Rectofki - Do people even read anymore? Right on the first repo, it states that "This is not a troll account. Nor the real Hykem. Just grabbing the name, so no more trolls grab it and fake".


Wow, he isn't going to focus on nor release the IOSU exploit that's completed? I totally fucking called it! And you all kept flaming me for calling it. (Though I'm skeptical because anyone could've grabbed his username after it got deleted; just like the Github account.)
Click to expand...
It is believed that that twitter account is fake
 
Mic1604 said:
Not sure if this would work, but how about using USB-HID as an entrypoint?
I remember seeing a USB stick with an unlocked driver partition, in which one could insert files or code that made the device look like another, normally used to skip newer AutoRun Windows's security measures.
If code was injected in these to create a denial of service attack, invoking a kernel panic and before crashing redirecting the ELF loader to a code interpreter that would translate the payload as a HID input that would load a chain of privilege escalation by overloading the system, then replacing certain data in RAM as to load a limited version of CFW with debug capabilities, as such allowing deeper access into the system? Or is this not possible for some reason?
Click to expand...
No sir... Usb UHS is a great entrypoint though. Custom firmware on a usb storage device that attacks during validation.
Still has to remain as usb storage and still has to be seen as a normal storage device. No denial of service needed, just need to jump at the right moment during validation. During usb validation the rest of the system is fully vulnerable. IOS can only run that one task during it. (validating the usb as properly formatted and signed) It's an issue with many operating systems and the only way to get a software unpatchable exploit.
Custom firmware is how you properly hide a partition of data envoked at a certain instruction.
Get the Wii u to firmware 6.0 or above and we'll show you.
 
OMG... I'm devastated. I spent a fortune buying a second wii u (5.3.2), shipping ($85) from US to Canada, duty fee ($100). I blocked the updates using tubhax but somehow the DNS was reset and updated to 5.5.1. How could this happen?! My old wii u is still being blocked at 5.5. I have no words.... :(
 
colking said:
OMG... I'm devastated. I spent a fortune buying a second wii u (5.3.2), shipping ($85) from US to Canada, duty fee ($100). I blocked the updates using tubhax but somehow the DNS was reset and updated to 5.5.1. How could this happen?! My old wii u is still being blocked at 5.5. I have no words.... :(
Click to expand...

Hopefully the 5.5.x kexploit will be released soon, at least I hope for you :/
 
Last edited by Hikari06,
colking said:
OMG... I'm devastated. I spent a fortune buying a second wii u (5.3.2), shipping ($85) from US to Canada, duty fee ($100). I blocked the updates using tubhax but somehow the DNS was reset and updated to 5.5.1. How could this happen?! My old wii u is still being blocked at 5.5. I have no words.... :(
Click to expand...
I'm sorry for you. Has tubehax worked sometime? I mean, were you able to access the eshop?
 
Last edited by rw-r-r_0644,
colking said:
OMG... I'm devastated. I spent a fortune buying a second wii u (5.3.2), shipping ($85) from US to Canada, duty fee ($100). I blocked the updates using tubhax but somehow the DNS was reset and updated to 5.5.1. How could this happen?! My old wii u is still being blocked at 5.5. I have no words.... :(
Click to expand...

Sorry , but you must have done something wrong somewhere.
Tubehaxx works fine and there are no reports of it not doing what its supposed to do ,as long as it is set it up correctly.

Maybe you had a power outage before you managed to save your settings or something like that
 
Last edited by fukseliten,
Hikari06 said:
Hopefully the 5.5.x kexploit will be released soon, at least I hope four you :/
Click to expand...

thanks. Hope so!

--------------------- MERGED ---------------------------

rw-r-r_0644 said:
I'm sorry for you. Has tubehax worled sometime? I mean, were you able to access the eshop?
Click to expand...

I never actually tried to access the eshop. My other wii u is still on 5.5 so I'm not sure what happened.
 
  • Like
Reactions: rw-r-r_0644

Site & Scene News

Go to forum More news

Popular threads in this forum

Strange Blue Blinking Wii U

Hacking Homebrew Project  Modernized YouTube for Wii U

Struggling to get WiiFlow/USBLoaderGX to recognize USB sticks

Feedback  Community Overclock Stats: A5X vs B1X Motherboards

Sonic 3 AIR Wii U teaser screenshot

Wii Games Performance on Wii U (vWii C2W Overclock) – Community Testing & Results Sharing

My dad's Wii U cannot install Aroma. HELP!!

Gaming Homebrew Misc Project  Roséverse - a 1:1 Miiverse revival by Project Rosé!