Hacking Acquiring Wii U game main executable

BullyWiiPlaza · Sep 4, 2015

How can the main executable of a Wii U game be dumped? I believe they are called rpl or rpx files. For modding and compatibility issues with certain games, it would be useful to access them. I didn't really find any information on how to do it.

When the pyGecko codehandler crashes the game, further investigation is needed. Here's a GitHub issue related to that:
https://github.com/wiiudev/pyGecko/issues/2

Also for modding it would be useful to see how and where file signatures are checked:
http://gbatemp.net/threads/black-ops-2-fastfile-modding.396317/

Thank you

Hiccup · Sep 4, 2015

Is this a physical game?

BullyWiiPlaza · Sep 4, 2015

Hiccup said:
Is this a physical game?

Yeah

Mazamin · Sep 4, 2015

You can access it by the wud, so the raw image, but with wii u homebrews i don't know how to dump or inject.

Lory171 · Sep 4, 2015

BullyWiiPlaza said:
How can the main executable of a Wii U game be dumped? I believe they are called rpl or rpx files. For modding and compatibility issues with certain games, it would be useful to access them. I didn't really find any information on how to do it.

When the pyGecko codehandler crashes the game, further investigation is needed. Here's a GitHub issue related to that:
https://github.com/wiiudev/pyGecko/issues/2

Also for modding it would be useful to see how and where file signatures are checked:
http://gbatemp.net/threads/black-ops-2-fastfile-modding.396317/

Thank you

Game.rpx (main executable), cos.xml and app.xml (settings and values) are all stored inside the data partition on the code folder (data/code). This folder cannot be dumped as now because of some security from Nintendo, and your only possibility is too get it from scene releases.
The signature I think are stored inside the system partition (system/) and this partition is not accessible by kernel so it can't be dumped, again the only way is by scene releases.
As of now the user can only access data/content.

Edit:

Dr.Crygor 07 said:
You can access it by the wud, so the raw image, but with wii u homebrews i don't know how to dump or inject.

You actually can't dump disc images (.wud)

Marionumber1 · Sep 4, 2015

Since we can fake our IOSU permissions with the kernel exploit, it should be possible to mount the code directory. We just need to figure out what the loader does, which can be done through reversing loader.elf or logging all IOSU requests (I have a tool for the latter).

Mazamin · Sep 4, 2015

Lory171 said:
Game.rpx (main executable), cos.xml and app.xml (settings and values) are all stored inside the data partition on the code folder (data/code). This folder cannot be dumped as now because of some security from Nintendo, and your only possibility is too get it from scene releases.
The signature I think are stored inside the system partition (system/) and this partition is not accessible by kernel so it can't be dumped, again the only way is by scene releases.
As of now the user can only access data/content.

Edit:

You actually can't dump disc images (.wud)

But you can download them

FR0ZN · Sep 4, 2015

I'm pretty sure he's after the Black Ops 2 main executeable to get the decryption key for the fastfiles

Only problem I currently see here, is that there is no BO2 scene release afaik

BullyWiiPlaza · Sep 4, 2015

iCEQB said:
I'm pretty sure he's after the Black Ops 2 main executeable to get the decryption key for the fastfiles

I already have the decryption key but I need to patch the executable still for the fastfile signature verification most likely and since the pyGecko codehandler freezes it will serve another good purpose

nastys · Sep 4, 2015

BullyWiiPlaza said:
I already have the decryption key but I need to patch the executable still for the fastfile signature verification most likely and since the pyGecko codehandler freezes it will serve another good purpose

Wait, how can you replace the executable?

BullyWiiPlaza · Sep 5, 2015

nastys said:
Wait, how can you replace the executable?

I don't know yet

Dr.Hacknik · Sep 7, 2015

Woah...Woah....WOAAAHH!! Your telling me, that the Wii U's file system arrangement or how it's organized has been, basically Dumped??
Where have i been, must have been in a dark cave for too long.

MrRean · Sep 7, 2015

to get the rpx you have to dump the encrypted data and decrypt it, you'll get code on the first chunk

Marionumber1 · Sep 7, 2015

MrRean said:
to get the rpx you have to dump the encrypted data and decrypt it, you'll get code on the first chunk

You can't dump the encrypted data off the Wii U without IOSU access.

MrRean · Sep 7, 2015

BullyWiiPlaza said:
I don't know yet

The closest thing to ASM right now is editing memory through TCPGecko.

Hacking Acquiring Wii U game main executable

Nintendo Hacking <3

Well-Known Member

Nintendo Hacking <3

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Nintendo Hacking <3

Well-Known Member

Nintendo Hacking <3

Ashley | Developer | Trans

WiiU Helper / Hacker

Well-Known Member

WiiU Helper / Hacker

Similar threads

Popular threads in this forum