We haven't looked into non-browser exploits.
This comes from the Team f0f blog question answerings....
So I guess they didn't break the Espresso bootrom security either....
Succeeding would be fun, specially since Ninty can't patch it....
We haven't looked into non-browser exploits.
Curious, what part of the bootROM security would you be talking about here? Are you wanting to write to the bootROM (probably impossible but you never know without trying, I guess), find an exploit in it's code to send it a phony ancast image and gain control before it finishes, or something else?So I guess they didn't break the Espresso bootrom security either....
Succeeding would be fun, specially since Ninty can't patch it....
Be aware there are a lot of if statements in this...
I'm beginning to doubt that the Wii U will ever have homebrew of any kind. We just lack the skills and there's no existing way to gain them fast enough to matter, and finding someone who has interest and is capable of doing this is almost certainly impossible. GG, Nintendo wins.
First of all, what does GG mean?
Second of all, we can always hardmod the Wii U but I'm assuming that'll lead to piracy right?
Focussing on the current step is like walking down a road not knowing were it leads to.
So basically, we need a roadmap to define our steps first.
Some of us see the roadmap as:
1. Backup nand and Emmc so that it's possible to revert to older firmware
2. Find exploit in firmware
3. Use exploit to create backup loader.
This is pretty much the equivalent as taking a map of Europe and describing that you need to pass France to go from Brussels to Barcelona.
While it's totally correct, it's not very helpfull.
Team F0f presentation at 30C3 describes another roadmap. (The one they took)
- Create some hardware to allow bidirectional debugging (Lolserial, Ghettohci or GpioGecko)
- Lolserial is slow and only output direction like printf debug messages
- Ghettohci is bidirectional but still only 115200 baud
- GpioGecko needs an original Usb Gecko whicj is no longer in production
- Create software to get your debugging device going.
- Exploit vwii mode with the Wii exploit.
- Decrypt the Ancast files with the race attack and dump them.
- Reverse engineer those and see if anything usefull comes out of it.
- Use the soft reset method to obtain the PPC bootrom code.
- Reverse the PPC bootrom code to understand how it obtains it's keys
- Enable the EXI boot area to get the Wiiu boot 0 code
- Reverse the Wiiu boot 0 code and see if anything usefull comes out of it
- Use the hard reset drunken cat glitch to obtain the keys
- Dump the Emmc and dump the vWii and Wiiu nand parts.
- Examine the Emmc datasheets to figure out if there are read protected areas that might need a password to become accessible.
- Find some rich guy willing to sacrisfy his wiiu to check if restoring previous contents is possible.
- Check if downgrading the wiiu with that method is possible.
- Decrypt the dumps with the keys and try to figure out if there is a filing system and how it works so that you can separate files from the image
(no, photorec can't be used for that)
- Extract Cafe2Wii and reverse it to figure out the undocumented registers and bits that switch the system to wii compatibility code .
- Set up a webserver for testing existing bugs in webkit.
- Try to find and trigger some of those bugs. Try to figure out in webkit source what happens when they are triggered.
- Try to figure out if what happens could be used as an exploit.
- Find the Wiiu sdk and use it to create stuff. It might help in reversing code snippets and understanding executable file regions.
- Find a Wiiu devkit and reverse the system to figure out if it makes you any wiser.
(It's the easier (lazy) (faster) way. It's not a contest in beating Team F0f considering hacking skills.)
- ......
- ......
Is this one complete? Likely not.
Is it correct? Likeky not either.
Some of you more talented might even figure out something is missing that makes it a little of topic.
Hint: A step that was worked on for almost 9 months isn't in the picture.
All those numbered steps are done. Now the trick is just getting Linux to make use of the extra cores we're sending it.P.S. When I say Step I am referring to the sequenced numbers on Maxternal's starting post.
Then add that Step to your starting post and number it. Are we going to use f0f's mindset to go about doing it? By the way I have a Wii U now. Also by the way how is your experimenting on on your regular Wii going? Is it going to help this thread in any way?All those numbered steps are done. Now the trick is just getting Linux to make use of the extra cores we're sending it.
Anyone who knows a better or easier roadmap, please do not hesitate to post it. That's the purpose of this Forum...Are we going to use f0f's mindset to go about doing it?
I take it all of that unmarked space on Latte is theoretically GPU?