Feel like haxchi could still be installed on 5.5.2 if you have otp and seeprom

Discussion in 'Wii U - Hacking & Backup Loaders' started by wiiupoo, Jul 21, 2017.

  1. wiiupoo
    OP

    wiiupoo Member

    Newcomer
    18
    6
    Jul 25, 2016
    United States
    If someone has seeprom and otp dumps from previous exploits I feel like an entrypoint is still available.

    1) buy exploitable VC title
    2) copy to USB
    3) decrypt USB

    4) encrypt USB with different otp/seeprom for use with other console on 5.5.1
    5) exploit VC title
    6) decrypt USB

    7) encrypt USB for original console.
     
  2. ::Phoenix::

    ::Phoenix:: GBAtemp Regular

    Member
    184
    169
    May 11, 2010
    Italy
    If you can decrypt the USB drive, you don't need to encrypt it for a 5.5.1 console. Just copy over the modified DS ROM of cbhc with the exploit applied and then re-encrypt for the original console.
     
    Subtle Demise likes this.
  3. wiiupoo
    OP

    wiiupoo Member

    Newcomer
    18
    6
    Jul 25, 2016
    United States
    Well demonik and nwplayer already did encryption/decryption of the USB drive successfully but they were not able to figure out the wiiu file system. That means we cannot yet modify it directly without using system calls.
     
  4. ::Phoenix::

    ::Phoenix:: GBAtemp Regular

    Member
    184
    169
    May 11, 2010
    Italy
    Unless the filesystem has some kind of per-file checksum, you don't need to reverse the filesystem. Just look inside the decrypted USB image with an hex editor for the original zipped ROM and replace it with the modified one. Since the modified one is 100% smaller than the original, since it is just a fake rom containing the exploit, it suffices to pad the remaining data with zeroes.
     
  5. wiiupoo
    OP

    wiiupoo Member

    Newcomer
    18
    6
    Jul 25, 2016
    United States
    Well in that case you would be able to skip the other wiiu. No really knows yet without trying as how the file syste will handle it.
     
  6. ::Phoenix::

    ::Phoenix:: GBAtemp Regular

    Member
    184
    169
    May 11, 2010
    Italy
    Well trying is risk-free. In the worst case, you need to format your USB drive and download your already purchased game again.
     
  7. QuarkTheAwesome

    QuarkTheAwesome Working for Hugs

    Member
    761
    1,850
    Apr 19, 2015
    Australia
    Stuck in the PowerPC
    Paging @EyeKey; guy who knows about the Wii U Filesystem(tm)
     
    Subtle Demise and aut0mat3d like this.
  8. EyeKey

    EyeKey GBAtemp Regular

    Member
    185
    415
    Feb 10, 2017
    Israel
    It is possible and I mentioned the same thing after the firmware update (without using a different console). I am going to release really soon a tool to dump files from wfs. Modifying it will require more coding, so I don't know when it will be ready.

    And the issue with your method is that in order to reencrypt the whole wfs correctly you need to parse it anyway. (There is IV per block that depends on few things). And even for extracting it there are some small parts that I ignore right now that may do issues if you don't reencrypt them correctly.

    There are hashes on everything...
     
    Last edited by EyeKey, Jul 22, 2017
    Subtle Demise likes this.
  9. DeadlyFoez

    DeadlyFoez Banned!

    Member
    5,390
    1,382
    Apr 12, 2009
    United States
    The real problem is, if you do not have the per sonsole keys, then how the hell are you going to get them without an exploit? And, if you have an exploit to be able to get them, then you don't need to use this method.

    The only scenario where this would work is if you dumped the keys, never installed haxchi, and then got updated to 5.5.2, but if that is the case that you could run exploits but never spent the $5 to install an exploitable DS title for haxchi, then you are an idiot and deserve to lose your chance or pay lots of money for someone to do the legwork of manually installing it.
     
  10. Valery0p

    Valery0p GBAtemp Regular

    Member
    245
    101
    Jan 16, 2017
    Italy
    People with rednand should have a Seeprom+Otp dump by the way...
    (Also, you need only the Seeprom usb seed, since the Otp usb key is the same for every console)
     
    Subtle Demise likes this.
  11. wiiupoo
    OP

    wiiupoo Member

    Newcomer
    18
    6
    Jul 25, 2016
    United States
    I believe the seeprom USB seed increments by one on every USB drive format setup.

    Depending on the time passed since the seeprom dump and the ammount of new formats then you may also want to brute force it by increment by one a few times.
     
    Subtle Demise likes this.
  12. sealeyboi

    sealeyboi Newbie

    Newcomer
    3
    0
    Jul 20, 2017
    United States
    well i better start working
     
  13. EyeKey

    EyeKey GBAtemp Regular

    Member
    185
    415
    Feb 10, 2017
    Israel
    No, it is the same for all the formated USB. (Formatting new USB doesn't make the old ones to stop working)