Hacking Boot1 key and exploit released

[Nezztor]

Here is the write up and key by hek..
http://hexkyz.blogspot.com.es/2018/01/anatomy-of-wii-u-end.html?m=1

 

[cots]

Let's hope this leads to a way to cold boot CFW without requiring you to buy a game.

 

[Nezztor]

Wow

Now we need someone to use it so we can have coldboot cfw without the game or maybe you know something?

 

[wolf-snake]

Well this came out of nowhere.

 

[zerofalcon]

Clever write up!
Coldboot cfw vía vWii? Nice!

 

[KiiWii]

Fantastic write up, thanks!

 

[Kafluke]

Now we need someone to use it so we can have coldboot cfw without the game or maybe you know something?

I'm not a programmer. I just follow and watch

 

[KiiWii]

@FIX94 might be interested in this

 

[DarthDub]

Coldboot without chance of bricking on accident? Hopefully there's a way to switch from CBHC.

 

[Aletron9000]

well this looks very cool. hopefully something awesome will come out of this.

 

[Patxinco]

86 people watching this thread, madness begins...
*Grabs popcorn*

 

[Brawl345]

It only works on a reboot, not on a coldboot! But hexkyz writes that it's maybe possible to change the vWii loader to exploit this bug and reboot the console into a CFW when B is held at the start. It's theoretically a coldboot haxchi alternative, yes, but it would take way longer (but at least you don't have to buy a game I guess).

edit: clarified

 

[Billy Acuña]

Coldboot without chance of bricking on accident? Hopefully there's a way to switch from CBHC.

More like a CBHC's update.

 

[swabbo]

Oh that's nice

 

[DinohScene]

UBootMii incoming?

In all seriousness, it would be sweet if a BootMii like payload could be inserted in the bootchain, basically making it brick proof.

 

[ShadowOne333]

Hopefully CFW on boot without relying on an installed title.

 

[Billy Acuña]

Hopefully CFW on boot without relying on an installed title.

Well, you rely on the vWii channel, which is undeleteable unless you mess with ftpiiu, but I somehow concerned on how this could affect in WiiVC and HBL2HBC.
@FIX94?

Edit: Btw, boot1hax was alreally implemented onto HexFW
https://github.com/hexkyz/hexFW/commit/f52f85f683dfcef0544f8ddb3643cef5cfa2ee86

I think is just a matter to port the patch into existing CFW solutions like CBHC or/and Mocha

This should be pointed on the OP.

 

[Bent]

Despite the claim, I do not see a key anywhere in his post, only a hash. Has it been removed?

 

[Billy Acuña]

Despite the claim, I do not see a key anywhere in his post, only a hash. Has it been removed?

You can dump it with his HexFW.

 

[Bent]

You can dump it with his HexFW.

Along with this writeup, I'll be publicly documenting boot1 over at http://wiiubrew.org and I'm releasing a patch for my long forgotten project hexFW that gives you the option to dump your console's boot1 and unlocked OTP: https://github.com/hexkyz/hexFW/commit/f52f85f683dfcef0544f8ddb3643cef5cfa2ee86

NOTE: This does not include the boot1 AES key, since that one is long gone by the time we are running code in boot1!

Doesn't appear to be the case.

 

[uyjulian]

Looks like boot1 was released, but boot1 key is already locked.