Toggle sidebar

Homebrew Official 5.5.X ELF Loader

  • Thread starter Thread starter NWPlayer123
  • Start date Start date
  • Views Views 104,744
  • Replies Replies 427
  • Likes Likes 63
While Im sat learning c and java I cant help but say Im impressed with whats going on in this thread, hopefully Mathew wii and the others will give you a boost, you sure deserve it for furthering the wii u HB scene.
 
  • Like
Reactions: NexoCube and Deleted User
davetheshrew said:
While Im sat learning c and java I cant help but say Im impressed with whats going on in this thread, hopefully Mathew wii and the others will give you a boost, you sure deserve it for furthering the wii u HB scene.
Click to expand...

Thanks :)

Why are you learning Java ? That's not useful at all if you want dev some Homebrew
 
davetheshrew said:
While Im sat learning c and java I cant help but say Im impressed with whats going on in this thread, hopefully Mathew wii and the others will give you a boost, you sure deserve it for furthering the wii u HB scene.
Click to expand...
If you were talking to both of us, thanks from me as well! :D
 
Last edited by ,
  • Like
Reactions: NexoCube
@NexoCube I give up... I rly do. :(
I just can't think of a way that I could pull this kexploit off... I mean, I have the KERN_ADDRESS_TBL address for 5.5, and a couple of other stuff, but it's just so baffling as to how I could spot another vulnerability and put all the stuff I have together to exploit it.
 
  • Like
Reactions: NexoCube
Voxel Studios said:
@NexoCube I give up... I rly do. :(
I just can't think of a way that I could pull this kexploit off... I mean, I have the KERN_ADDRESS_TBL address for 5.5, and a couple of other stuff, but it's just so baffling as to how I could spot another vulnerability and put all the stuff I have together to exploit it.
Click to expand...

Okay, i do understand.

But we can still dev some homebrew ? With userland yes but we can still do cool things.
 
  • Like
Reactions: Deleted User
NexoCube said:
Okay, i do understand.

But we can still dev some homebrew ? With userland yes but we can still do cool things.
Click to expand...
You know what? You're right. Screw piracy for at least a week before I'll start whining again. ;)
I have Cemu and a crappy processor to thank for the minimal Wii U piracy at the minute. ^_^
 
  • Like
Reactions: NexoCube
Voxel Studios said:
You mean like an unsigned RPX or something? (remember they don't support mp4s or htmls yet. ;)) because that could well be possible. :P
Click to expand...

yes unsigned .rpx

--------------------- MERGED ---------------------------

Is there a way to create .rpx (compiler) from a code-content-meta folder?
 
  • Like
Reactions: Deleted User
NexoCube said:
like how ? because folder have no extension
Click to expand...
I wouldn't have thought you could put the three folders together and you get an rpx. I just thought an RPX contained nothing but code inside it. I'm all confused now... :huh:
 
Voxel Studios said:
I wouldn't have thought you could put the three folders together and you get an rpx. I just thought an RPX contained nothing but code inside it. I'm all confused now... :huh:
Click to expand...

RPX are modified .elf (so it's an executable file) maybe there's a .rpx compiler in Cafe SDK (.exe)
 
eliboa said:
Yes, I just added "OSFatal("Buffer allocated")" to be sure the problem didn't come from MEMFreeToDefaultHeap.
I found in loadiine code that 26083 kB of data can be stored between 0xBE609EFC and 0xBFF82BC0 on 5.4.0. I don't know if this works for 5.5.x... i'll give a try tonight.
Click to expand...
Voxel Studios said:
@NexoCube I give up... I rly do. :(
I just can't think of a way that I could pull this kexploit off... I mean, I have the KERN_ADDRESS_TBL address for 5.5, and a couple of other stuff, but it's just so baffling as to how I could spot another vulnerability and put all the stuff I have together to exploit it.
Click to expand...


success is 90% perseverence, 5% inspiration, 4% desperation, 1% luck.

Download your firmware from nus...decrypt kernel.img with expresso ancast key and openssl. slice off the 0x100 byte header, load into IDA set ROM address to 0xffe00100 and load address to 0xffe00100 or thereabouts check the mem kernel memmap for exact offset. Make sure your using PPC as your processor type. go to 0xffe00110 and start your code decompiler there. The 1st function is systemreset at that offset. go to subview...search for strings
find all strings and make sure they are at the appropriate offsets, cross refernce strings to function calls. By default IdA will try to compile to code some stuff that are string. Once you've got your kernel setup, you can start cross referencing your syscalls from coreinit.rpl to kernel.elf. Look for things that are not thread-safe, allow for cross processor sharing of memory addresses and use syscalls. Find some, get addresses, write tests.....wash, rinse, repeat. Find vulnerable functions...write rop, make kxploit, decide to keep private considering how much work it took to do all the above....enjoy your kxploit.
 
  • Like
Reactions: Phantom90, Azeryn, vgmoose and 4 others

Site & Scene News

Go to forum More news

Popular threads in this forum

Strange Blue Blinking Wii U

Hacking Homebrew Project  Modernized YouTube for Wii U

Feedback  Community Overclock Stats: A5X vs B1X Motherboards

Wii Games Performance on Wii U (vWii C2W Overclock) – Community Testing & Results Sharing

My dad's Wii U cannot install Aroma. HELP!!

Gaming Homebrew Misc Project  Roséverse - a 1:1 Miiverse revival by Project Rosé!

Can the Wii u pro controller works for Wii games ?

I broken my wii u