Hacking Contenthax - a Vulnerability in Wii U File System Verification

rw-r-r_0644

Well-Known Member
Member
Joined
Jan 13, 2016
Messages
351
Trophies
0
Age
21
XP
730
Country
Italy
I was talking about contenthax:
"The Wii U's data management system does not include provisions to validate the integrity of most title contents after installation. Any title contents using hash tables for verification (content type 0x0002 in tmd, using *.h3 files) are vulnerable. Generally, all contents are vulnerable apart from those in /code.
As such, any game or app's contents may be altered by attackers."

And I really know what I'm talking about
*sigh* *sigh* *sigh* *sigh*
I guess you don't know what you're talking about...
What we did before was replacing fs functions pointers so when a program would call fs functions, instead of calling system functions it would call our patched functions (a function hook) that would load files from network/sd instead of the mounted title partitions. But, when a title is started, title folders are checked and then mounted. To load files from that partitions though, the title uses fs functions that we patched (in a TEMPORARY WAY).
But contenthax is A LOT different as we're NOT patching functions. We're patching files on the "/content" folder that isn't completly checked when mounted, so that way we don't need to patch fs functions and we directly edit system files (so this way the edit is PERMANENT)
 

NexoCube

Well-Known Member
Member
Joined
Nov 3, 2015
Messages
1,222
Trophies
0
Age
28
Location
France
XP
1,305
Country
France
Because it's kinda the same thing.
I wasn't comparing anyway...

Think about it.
Cafiine wouldn't have worked without sig patched if the Wii U checks the hashes of the game files.
Isn't that what contenthax is? Replacing files because the Wii U doesn't check the hashes?

Except contenthax a vulnerable.

What the fuck, Cafiine isn't the same thing at all

Haxchi contains ROP and .srl/.nds generation
It have nothing to see with cafiine

That was very hard to be able to exit the game and boot HBl @FIX94 spends +11 hours to make it works
And ROP gadget/ pointer address is different for each game/region

So, go and make NSMBUHax or stfu
 

NexoCube

Well-Known Member
Member
Joined
Nov 3, 2015
Messages
1,222
Trophies
0
Age
28
Location
France
XP
1,305
Country
France
What the fuck, Cafiine isn't the same thing at all

Haxchi contains ROP and .srl/.nds generation
It have nothing to see with cafiine

That was very hard to be able to exit the game and boot HBl @FIX94 spends +11 hours to make it works
And ROP gadget/ pointer address is different for each game/region

So, go and make NSMBUHax or stfu

Even if you weren't talking about the "technical" part of the sploit
 

Maschell

Well-Known Member
Member
Joined
Jun 14, 2008
Messages
1,082
Trophies
2
XP
4,376
Country
Germany
I give up.

You seem to not want to understand my point on purpose.
If you still think it's the same, think about how loadiine 1.0 handled the RPX files (not affected by the contenthax vulnerable)
Did you even look at the cafiine code and saw how it works? I guess not.
 
Last edited by Maschell,

asutoroUmario

Well-Known Member
Newcomer
Joined
Jun 28, 2016
Messages
87
Trophies
0
XP
139
Country
sample.png sample2.PNG
lol my Contenthax HBL.
 

nolimits59

Well-Known Member
Member
Joined
Apr 25, 2008
Messages
699
Trophies
1
XP
2,004
Country
France
guys i don't understand... did everything correctly, it changed the metas, name images ect, but the exploit don't load Oo, just the normal game... brain age EUR... happened to someone ?
 

Supster131

(づ。◕‿‿◕。)づ *:・゚✧
Member
Joined
Jan 19, 2016
Messages
3,315
Trophies
1
Location
My Computer
XP
2,745
Country
United States
Friends would see that you're playing "???" instead of your Custom Title, unfortunately. :(
Tried that with my Unity Game Demo.
I meant locally :P Invite friends to your house.

As for your friends list, yeah. Both people would need to have it installed so it shows the actual title and icon on the friends list.
 
  • Like
Reactions: xXDungeon_CrawlerXx

AboodXD

I hack NSMB games, and other shiz.
Member
Joined
Oct 11, 2014
Messages
2,876
Trophies
1
Location
Not under a rock.
XP
2,900
Country
United Arab Emirates
What the fuck, Cafiine isn't the same thing at all

Haxchi contains ROP and .srl/.nds generation
It have nothing to see with cafiine

That was very hard to be able to exit the game and boot HBl @FIX94 spends +11 hours to make it works
And ROP gadget/ pointer address is different for each game/region

So, go and make NSMBUHax or stfu
For the billion time, I'm talking about contenthax, not Haxchi.
Dude, Maschell is very knowledgeable in this area. I wouldn't doubt anything he says.
I know, I wouldn't doubt him either, so I'm confused ATM.
If you still think it's the same, think about how loadiine 1.0 handled the RPX files (not affected by the contenthax vulnerable)
Did you even look at the cafiine code and saw how it works? I guess not.
Hmm, then mind clearing that up for me? :rolleyes:

You see, if I have said something wrong, you could have at least corrected me instead of making fun.
 
  • Like
Reactions: KiiWii

NexoCube

Well-Known Member
Member
Joined
Nov 3, 2015
Messages
1,222
Trophies
0
Age
28
Location
France
XP
1,305
Country
France
For the billion time, I'm talking about contenthax, not Haxchi.

I know, I wouldn't doubt him either, so I'm confused ATM.

Hmm, then mind clearing that up for me? :rolleyes:

You see, if I have said something wrong, you could have at least corrected me instead of making fun.

Yeah sorry :P I was talking about haxchi and had no clue why
 

xtheman

Well-Known Member
Member
Joined
Jan 28, 2016
Messages
5,837
Trophies
0
Location
???
XP
3,770
Country
United States
This is absolutely bullshit, i just bricked my Wii U yesterday by editing that damn system.xml

So please maybe the owner of the thread could add it to the main thread ?

(some people made it working on redNAND)
I'm just going by the first post. (I read you bricked)
coldboothax can be installed by downloading system.xml as so:

w.dl("/vol/system/config/system.xml")

modifying it, and then uploading it back:

w.up("system.xml", "/vol/system/config/system.xml")

s
 
  • Like
Reactions: KiiWii

VinsCool

Persona Secretiva Felineus
OP
Global Moderator
Joined
Jan 7, 2014
Messages
14,527
Trophies
3
Location
Another World
Website
www.gbatemp.net
XP
24,185
Country
Canada
This is absolutely bullshit, i just bricked my Wii U yesterday by editing that damn system.xml

So please maybe the owner of the thread could add it to the main thread ?

(some people made it working on redNAND)
It's already stated that someone could brick very easily with this.
 
  • Like
Reactions: KiiWii and NexoCube
General chit-chat
Help Users
    Skelletonike @ Skelletonike: and building gundams out of nowhere +2