1. NWPlayer123

    OP NWPlayer123 GBAtemp Addict
    Member

    Joined:
    Feb 17, 2012
    Messages:
    2,642
    Country:
    United States
    So, I've spent the past 4 or 5 days fiddling with this to get it to work and it finally does, allows you to load a gigantic ELF into JIT, since apparently it's 32MB (and no RPX gets that big, even uncompressed because of the data section), and I just got it working. I've only tested it on my system but it should work on others if you have the ELF in the right place. It's provided as-is, with no warranty, feel free to do as you see fit. I'll get a better ELF documentation/structuring done soon.

    Technical Explanation
    If you wanna know how it works, I reused some code from FIX's ELF loader in libwiiu but I had to redo the whole thing because it was giving me lots of problems. It uses the very end of MEM1 (0xF5FFFFE0-FF)
    to store stuff while it works, then copies the ELF into 0xF5800000 (slightly before that), it might have trouble with bigger stuff so I'd suggest developing file loading using sockets. It uses a catch() function at the start so I can jump to it to recover ROP chains. All the ROP does is copy the loader to the very end of JIT, and then reruns all the ROP to copy sections into the start as needed and then jumps to it.

    Usage
    It searches for a URL with /payload, so host it somewhere with a URL like http://192.168.0.7/payload?elfloader, it'll cut off that part and load a file called boot.elf (http://192.168.0.7/boot.elf)

    Downloads??
    Attached is libwiiu source for the ELF loader and the Hello World ELF I used to test. You can grab the code550.bin and host it wherever. It will probably only work on 5.5.X because of the ROP. Also had MrRean help me get this working, so thanks.
     

    Attached Files:

    Last edited by NWPlayer123, Feb 12, 2016
  2. MrRean

    MrRean WiiU Helper / Hacker
    Member

    Joined:
    Jan 21, 2013
    Messages:
    422
    Country:
    United States
    *an elf loader

    *runs*
     
    iAqua, TheKawaiiDesu, Rinnux and 8 others like this.
  3. darrin41

    darrin41 GBAtemp Regular
    Member

    Joined:
    Jan 13, 2016
    Messages:
    283
    Country:
    United States
    nice works
     
  4. wartimekillers

    wartimekillers Advanced Member
    Newcomer

    Joined:
    Feb 8, 2016
    Messages:
    56
    Country:
    Indonesia
    Great!!!
     
  5. Nickes

    Nickes Newbie
    Newcomer

    Joined:
    Sep 29, 2015
    Messages:
    1
    Country:
    Gambia, The
    yeah that is really nice. Everthing starts with an working elf loader
     
  6. Noy2222

    Noy2222 Member
    Newcomer

    Joined:
    Jan 20, 2012
    Messages:
    28
    Country:
    For the layman of us, explain what you have to do to run it.
    I'm asking for, eh, a friend. *shifty eyes*
     
    LuigiXL likes this.
  7. NWPlayer123

    OP NWPlayer123 GBAtemp Addict
    Member

    Joined:
    Feb 17, 2012
    Messages:
    2,642
    Country:
    United States
    I just added a usage, download loadelf, get the code550 and host it with a url that has /payload and then put a boot.elf in that same folder for it to grab
     
  8. frogboy

    frogboy lacking both style and grace
    Member

    Joined:
    Dec 6, 2011
    Messages:
    2,433
    Country:
    United States
    you load .elf files.
     
  9. ploggy

    ploggy WAKA! WAKA!
    Member

    Joined:
    Aug 29, 2007
    Messages:
    3,600
    Country:
    United Kingdom
    Would this help the development of Emulators ?
     
  10. SUPR64

    SUPR64 Advanced Member
    Newcomer

    Joined:
    Sep 22, 2015
    Messages:
    87
    Country:
    United States
    Are there any ELF files to load right now?

    How can we develop them ourselves?
     
  11. hug0-a7x

    hug0-a7x GBAtemp Advanced Fan
    Member

    Joined:
    Jan 19, 2013
    Messages:
    533
    Country:
    Brazil
    Loadiine Elf ?
     
    kingraa777 likes this.
  12. Noy2222

    Noy2222 Member
    Newcomer

    Joined:
    Jan 20, 2012
    Messages:
    28
    Country:
  13. NWPlayer123

    OP NWPlayer123 GBAtemp Addict
    Member

    Joined:
    Feb 17, 2012
    Messages:
    2,642
    Country:
    United States
    Definitely, gives you lots more room to work with
    There aren't any now but I have plans for a whole homebrew framework, you can go look at the libwiiu source for an example https://github.com/wiiudev/libwiiu/tree/master/elfexamples/helloelf/src
    This could technically load in loadiine's ELF but it's not possible to run loadiine with just this because you need to patch the kernel for a bunch of stuff.
    You need to be using an exploit, yellows8 makes you create a php file which you then run, so you could have /payload?sysver=550 to load the code550.bin, or you could make it easy and use this. It'll let you put the code in /payloads, and the elf in /data (folders in the same place as the jar file), and then you can connect with /payload?elfloader (with /payload/elfloader.bin)
     
    hug0-a7x and I pwned U! like this.
  14. Flux0

    Flux0 Advanced Member
    Newcomer

    Joined:
    Jan 3, 2016
    Messages:
    94
    Country:
    United States
    Will this work self hosted from an ez share card?
     
  15. Dylon99

    Dylon99 Lord of Dank
    Member

    Joined:
    Jan 12, 2016
    Messages:
    546
    Country:
    Netherlands
    So what can we exactly do with this .ELF loader, NWPlayer?
     
  16. Noy2222

    Noy2222 Member
    Newcomer

    Joined:
    Jan 20, 2012
    Messages:
    28
    Country:
    I think this goes over my head. Going to either need a much more detailed guide (don't feel the need to create one, I should probably just wait for -) or a much more script kiddie method.
     
    Hazzer and NWPlayer123 like this.
  17. NWPlayer123

    OP NWPlayer123 GBAtemp Addict
    Member

    Joined:
    Feb 17, 2012
    Messages:
    2,642
    Country:
    United States
    I'm not sure how those work, but if it's not like a normal server, you're probably out of luck. Browser doesn't have access to SD card without special permissions and this is a userspace-only thing. It shouldn't be too bad to modify it to load multiple .ELF files like a full homebrew channel thing, hosted on some server.
    Anything a normal program could, sound, music, graphics, games, fonts. You can do everything from a simple media player to a full blown game (minus load times)
     
    Last edited by NWPlayer123, Feb 12, 2016
  18. Flux0

    Flux0 Advanced Member
    Newcomer

    Joined:
    Jan 3, 2016
    Messages:
    94
    Country:
    United States
    An ez share has a built in wifi access point to let devices connect to it. The main purpose they are marketed for is remote downloading of pictures off digital cameras. However the self contained AP along with the micro SD slot make them pretty good for self hosting stuff on the Wii U.

    I was asking about if it works because it is just a fairly basic http server running there and didn't know if it needed anything beyond that.
     
  19. NWPlayer123

    OP NWPlayer123 GBAtemp Addict
    Member

    Joined:
    Feb 17, 2012
    Messages:
    2,642
    Country:
    United States
    Oh, then yeah, that should be fine with yellows8's package.
     
    Flux0 likes this.
  20. Flux0

    Flux0 Advanced Member
    Newcomer

    Joined:
    Jan 3, 2016
    Messages:
    94
    Country:
    United States
    Excellent, thanks. I'll try setting it up tomorrow and see how it goes.
     
  21. duffmmann

    duffmmann GBAtemp Psycho!
    Member

    Joined:
    Mar 11, 2009
    Messages:
    3,963
    Country:
    United States
    Wasn't one of the first things done when the Wii was exploited in Twilight Princess run .elf files? I think it was, and I recall a Sega Genesis emulator being one of the first .elf files. And eventually that method led to the ability to install the homebrew channel... is that theoretically possible with this kind of thing? Would we possibly through this method be able to install a Wii U homebrew channel (if someone managed to develop one) Cuz if so, this could be freaking huge.
     
    kingraa777 and NWPlayer123 like this.
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - Loader,