BluUBomb - A primary Wii U entrypoint via bluetooth

H2x1_generic_WiiU_image1280w.jpg

BluUBomb exploits the Wii U's bluetooth stack to gain IOSU kernel access via bluetooth.

Not to be confused with BlueBomb for the Wii and Wii Mini.

What does this mean?
This means you can get IOSU code execution by only pairing an emulated Wii Remote to the system.

This should be useful to fix a few softbricks on the Wii U side.
You don't need a working browser or Mii Maker.
if you've messed up with regionhax and can no longer access the browser, BluUBomb can fix this as well.

The BluUBomb repository contains a few different kernel binaries for different purposes:

loadrpx.bin
Launches a launch.rpx from the root of your SD card on the next application launch.

regionfree.bin
Applies IOSU patches to temporarily remove region restrictions.
This should be helpful if you've locked yourself out of your applications due to permanent region modifications.

wupserver.bin
Launches a wupserver instance directly after using bluubomb.
This gets you full system access remotely via wupclient (replace the IP in line 29 with the one of your Wii U).
This works without having to leave the controller pairing screen.

Check out the repository for additional instructions:
https://github.com/GaryOderNichts/bluubomb

The write-up and technical details can be found here:
https://github.com/GaryOderNichts/bluubomb/blob/master/WRITEUP.md

Credits
  • GaryOderNichts - bluUbomb
  • rnconrad for the WiimoteEmulator
  • dimok789 and everyone else who made mocha possible
 
Last edited by GaryOderNichts,

Helvetica

Member
Newcomer
Joined
Sep 5, 2017
Messages
16
Trophies
0
XP
190
Country
Korea, North
How I make it work with Ubuntu 21.10 (and 21.04).

Disable the bluetooth service with:

sudo systemctl disable --now bluetooth

Reboot

Then enter:

sudo hciconfig hci0 reset

Now it will appear as Disabled.
Tried this and it worked! however, i ran into another issue. I injected the wupserver file and when I attempt to connect using wupclient on my windows machine, I get thie error in my screenshot.
@GaryOderNichts Any reason this may happen? I simply need to download and edit system.xml to load a different system menu title id and then upload it back to the console.
 

Attachments

  • 1636683842482.png
    1636683842482.png
    17.7 KB · Views: 40
Last edited by Helvetica,
  • Like
Reactions: testing_this

Helvetica

Member
Newcomer
Joined
Sep 5, 2017
Messages
16
Trophies
0
XP
190
Country
Korea, North
Try it on the desktop or give users privileges. Iirc, you need your ip address in wupclient. Edit it with idle.
Tried that and I still get the same error. I'm tempted to try the rpx launch payload but i'm not sure how to load it since my console instantly freezes at the warawara plaza
 

Helvetica

Member
Newcomer
Joined
Sep 5, 2017
Messages
16
Trophies
0
XP
190
Country
Korea, North
Make sure your SD card is formatted properly and detected. Try blowing some air into the SD slot.
Still nothing. I've made sure everything on my sd card is correct and the terminal shows that everything worked. For wupserver, do I have to stay in Linux for it to work or is rebooting back to windows to run wupclient ok?

Edit: so after trying on another wii u, i can boot homebrew launcher, but wupserver still refuses to do anything
 
Last edited by Helvetica,

strnadik

Member
Newcomer
Joined
Oct 23, 2021
Messages
15
Trophies
0
Age
25
XP
91
Country
Czech Republic
I am wondering the same with the 160-0103 error. I have Teensy2.0 on the way but I only have SLC.bin and OTP.bin. The Wii U worked but has gone through Factory Reset and now doesnt work and throws the 160-0103. The controller is paired. Would there possibly be a way to save my console?
 

xstas13

New Member
Newbie
Joined
Sep 3, 2021
Messages
3
Trophies
0
Age
37
XP
124
Country
Russia
Alright so here is a binary which copies a file named "cert.der" from the root of your SD card to the correct certificate path.
You can get the original cert from the decrypted NUS title or if you have a backup.
So what you need to do:
- extract the attached .zip
- rename the "ssl_unbrick.bin" to "bluu_kern.bin" and copy it to the root of the SD
- rename the cert to "cert.der" and copy it to the root
- power on your Wii U
- run bluubomb
- wait

Once finished successfully the console will reboot. If it fails it will power off without rebooting.
Let me know how it goes.
I have locked my console by changed sys_prod.xml
I change parameter <product_area>
From: <product_area type="unsignedInt" length="4" access="710">1</product_area>
To: <product_area type="unsignedInt" length="4" access="710">4</product_area>

The console now freezes on the first logo screen and music plays.
I tried to connect via BluUBomb

After running command: sudo ./bluubomb <bdaddr>
console reboots to black screen
My SD Card:
loadrpx.bin -> bluu_kern.bin

homebrew_launcher.rpx -> launch.rpx

I already realized that I cannot run Homebrew Launcher in this state.
But I think that through running the binary file, I can rewrite sys_prod.xml
@GaryOderNichts
Could you create such binary file?
Or send me sources of ssl_unbrick.bin and I try to build it for my case?

Thank you in advance :)
 
Last edited by xstas13,

Gaboliux

Member
Newcomer
Joined
Jan 11, 2022
Messages
5
Trophies
0
Age
30
XP
21
Country
United States
My Bluetooth chip isn't compatible with bluubomb :(. If you know which ones are compatible, please let me know

Sent from my Redmi 6 Pro using Tapatalk
 

Bertuga

Member
Newcomer
Joined
Dec 12, 2010
Messages
24
Trophies
0
XP
339
Country
Brazil
Very nice!

My WiiU is bricked in the formatting screen, I don't think it is a state in which is possible to pair wiimotes, so it won't work for me, but it is good to see the WiiU getting new stuff.
 

GaryOderNichts

Well-Known Member
OP
Member
Joined
Aug 9, 2018
Messages
564
Trophies
1
XP
3,320
Country
Germany
Version 4 is now released!
Changelog:
  • Cleaned up and removed unnecessary code.
    This increases stability and compatibility with some bluetooth adapters.
  • Add a longer delay between data transfers.
    This fixes an issue where bluubomb just did nothing on some bluetooth adapters.
  • Add a "install_wup" binary which installs valid signed WUP from the SD Card.
    Refer to the README for instructions.
 
  • Like
Reactions: ber71
General chit-chat
Help Users
    Dark_Phoras @ Dark_Phoras: Emotional Support Chat, maybe