Acquiring Wii U game main executable

Discussion in 'Wii U - Hacking & Backup Loaders' started by BullyWiiPlaza, Sep 4, 2015.

  1. BullyWiiPlaza
    OP

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,689
    1,373
    Aug 2, 2014
    Germany
    How can the main executable of a Wii U game be dumped? I believe they are called rpl or rpx files. For modding and compatibility issues with certain games, it would be useful to access them. I didn't really find any information on how to do it.

    When the pyGecko codehandler crashes the game, further investigation is needed. Here's a GitHub issue related to that:
    https://github.com/wiiudev/pyGecko/issues/2

    Also for modding it would be useful to see how and where file signatures are checked:
    http://gbatemp.net/threads/black-ops-2-fastfile-modding.396317/

    Thank you :unsure:
     
  2. Hiccup

    Hiccup GBAtemp Advanced Fan

    Member
    901
    270
    Nov 21, 2009
    Is this a physical game?
     
  3. BullyWiiPlaza
    OP

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,689
    1,373
    Aug 2, 2014
    Germany
    Yeah
     
  4. DrCrygor07

    DrCrygor07 Italian Wario Ware bootleg©

    Member
    1,682
    621
    Sep 4, 2014
    Italy
    You can access it by the wud, so the raw image, but with wii u homebrews i don't know how to dump or inject.
     
  5. Lory171

    Lory171 Member

    Newcomer
    45
    67
    Jun 20, 2015
    Italy
    Game.rpx (main executable), cos.xml and app.xml (settings and values) are all stored inside the data partition on the code folder (data/code). This folder cannot be dumped as now because of some security from Nintendo, and your only possibility is too get it from scene releases.
    The signature I think are stored inside the system partition (system/) and this partition is not accessible by kernel so it can't be dumped, again the only way is by scene releases.
    As of now the user can only access data/content.

    Edit:
    You actually can't dump disc images (.wud)
     
    paulloeduardo and BullyWiiPlaza like this.
  6. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States
    Since we can fake our IOSU permissions with the kernel exploit, it should be possible to mount the code directory. We just need to figure out what the loader does, which can be done through reversing loader.elf or logging all IOSU requests (I have a tool for the latter).
     
  7. DrCrygor07

    DrCrygor07 Italian Wario Ware bootleg©

    Member
    1,682
    621
    Sep 4, 2014
    Italy
    But you can download them
     
  8. iCEQB

    iCEQB GBAtemp Advanced Fan

    Member
    664
    441
    Nov 2, 2013
    United States
    I'm pretty sure he's after the Black Ops 2 main executeable to get the decryption key for the fastfiles :D
    Only problem I currently see here, is that there is no BO2 scene release afaik :D
     
  9. BullyWiiPlaza
    OP

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,689
    1,373
    Aug 2, 2014
    Germany
    I already have the decryption key but I need to patch the executable still for the fastfile signature verification most likely and since the pyGecko codehandler freezes it will serve another good purpose ;)
     
    Last edited by BullyWiiPlaza, Sep 4, 2015
    VinsCool likes this.
  10. nastys

    nastys ナースティス

    Member
    1,457
    856
    Aug 5, 2014
    Italy
    Earth
    Wait, how can you replace the executable?
     
  11. BullyWiiPlaza
    OP

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,689
    1,373
    Aug 2, 2014
    Germany
    I don't know yet
     
  12. Dr.Hacknik

    Dr.Hacknik Maniac | Dev | Furry Lewd Cat Gril

    Member
    1,150
    864
    Mar 26, 2014
    United States
    my lewd corner
    Woah...Woah....WOAAAHH!! Your telling me, that the Wii U's file system arrangement or how it's organized has been, basically Dumped??
    Where have i been, must have been in a dark cave for too long.
     
  13. MrRean

    MrRean WiiU Helper / Hacker

    Member
    422
    1,500
    Jan 21, 2013
    United States
    to get the rpx you have to dump the encrypted data and decrypt it, you'll get code on the first chunk
     
    VinsCool likes this.
  14. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States
    You can't dump the encrypted data off the Wii U without IOSU access.
     
    Last edited by Marionumber1, Sep 7, 2015
    VinsCool and BullyWiiPlaza like this.
  15. MrRean

    MrRean WiiU Helper / Hacker

    Member
    422
    1,500
    Jan 21, 2013
    United States
    The closest thing to ASM right now is editing memory through TCPGecko.