Hacking Hykem's 5.5 iosu Exploit

[OctopusRift]

Probably only system titles can be installed to the NAND.

But what about the Legit titles like Mario Kart and Splatoon? They are onboard!

 

[TheMaxynator]

He can extract the WUD to play with Loadiine.

Thank you. Do you happen to know how I would do that? I tried looking in the Loadiine threads, and it says something about DiscU if I recall correctly? It linked to a tweet as a download link, but the tweet got removed.

 

[piratesephiroth]

But what about the Legit titles like Mario Kart and Splatoon? They are onboard!

Ah yeah, I wonder if they can be installed with WUP Installer if someone finds a way to dump them...

 

[OctopusRift]

Ah yeah, I wonder if they can be installed with WUP Installer if someone finds a way to dump them...

I'm sure we will. Like LEGIT CIAs on 3DS.

 

[Simonwayneee]

*cough* The Definitive Guide to Wii U Hacking *cough*

 

[TheMaxynator]

*cough* The Definitive Guide to Wii U Hacking *cough*

God I feel like such an ass now x) I, myself always hate it when someone asks a question that's already in the stickies excuse me

 

[oumoumad]

Update from Hykem (we could have a "permanenet" exploit if this works out ! )

So, I've got good news and bad news.
The bad news is that I'm going to postpone the release again. I said this week would be a more realistic release date, but I never confirmed it would happen then. Still, it's not a huge delay and it's definitely not to wait for a new firmware update.
Like I stated before, I have the entire month of January free just to work on this and the exploit will be released and maintained before February (yes, I'm sure of that).
Now the good news, which should explain the additional delay. I need some time to pursue something I found in the MCP module. If I'm correct about this, we should be able to get a boot-time exploit. The reason for that is that the MCP module is responsible for launching "master" titles (like the PPC kernel, for example) and I found a bug that, if it turns out to be exploitable, should allow to hijack execution while MCP is still preparing to launch stuff. This means, early IOSU access and a direct boot into an exploitable environment. Not to mention that MCP is the IOSU user module with most privileges (next to BSP that is) and having access to it alone is more than enough to own the IOSU kernel at any given time.
I believe it's important to look into this because if it works, no one will have to worry about possibly bricking consoles by installing custom titles (homebrew channel, for example) and then attempting to launch them before triggering the exploit again after a fresh boot.

With that said, if this turns out to be nothing, I'll release the exploit right away.

 

[avinashlego]

So, in English, that means there's either a potential chance of release in the very near future or in January for sure if this week doesn't happen.

Pardon the above statement, it was a bit snarky on my part.
Anyway, so we either get a mediocre yet nevertheless amazing hack that comes out sometime near New Years or we get an awesome hack that gives us even more access than we could wish for that comes out near January.

Let's have a vote, shall we?

New Year's Hack? or................... January Hack?1




I'll tally in the space above. I vote for the January Hack BTW. So that's one tally.

 

[pedro702]

So, in English, that means there's either a potential chance of release in the very near future or in January for sure if this week doesn't happen.

Pardon the above statement, it was a bit snarky on my part.
Anyway, so we either get a mediocre yet nevertheless amazing hack that comes out sometime near New Years or we get an awesome hack that gives us even more access than we could wish for that comes out near January.

Let's have a vote, shall we?

New Year's Hack? or................... January Hack?
1



I'll tally in the space above. I vote for the January Hack BTW. So that's one tally.

its not gonna be like that lol he said he will follow his hint during january to see if his guess is good or not so even if it isnt im sure he will release the noone permanent hack still in january after finding out if it works since he needs to try it first.

 

[lembi2001]

Hi Guys

Justs signed up to say I am more than happy to wait for the possible permanent exploit release. It's not like it's something any of us have paid for and Hykem is doing this off his own back. Let's not get snippy with him for choosing to delay the release a little bit longer. At least he is still releasing the exploit, he could have just as easily turned around and said "yes it is possible, I have done it. Here watch this video, but I'm not going to release the exploit to you".

I for one say, why rush it? If he releases it early and it doesn't work properly you will all be jumping up and down screaming that it doesn't work as expected and be demanding a fix for it. Let the man work and then we can all bask his amazing exploit when it is finished and released.

 

[Minotaurus]

Hi Guys

Justs signed up to say I am more than happy to wait for the possible permanent exploit release. It's not like it's something any of us have paid for and Hykem is doing this off his own back. Let's not get snippy with him for choosing to delay the release a little bit longer. At least he is still releasing the exploit, he could have just as easily turned around and said "yes it is possible, I have done it. Here watch this video, but I'm not going to release the exploit to you".

I for one say, why rush it? If he releases it early and it doesn't work properly you will all be jumping up and down screaming that it doesn't work as expected and be demanding a fix for it. Let the man work and then we can all bask his amazing exploit when it is finished and released.

I totally agree with you. It's definitely better to have a permanent exploit, even if we have to wait a month.
Keep it up, Hykem!

 

[SonyUSA]

The main thing I hope to see is some way of storing games on a USB without giving up the entire freaking device.

That hasn't been a problem since really early Wii days >_> What are you even talking about. The original limitation was because Wii only understood WBFS until people wrote FAT32 then later NTFS drivers for the Wii. You haven't needed to dedicate an external to Wii in... years now

--------------------- MERGED ---------------------------

Also, from Hykem's latest update, you can surmise:

1. The 5.4, 5.5, and lower exploits are working and complete.
2. He is trying to now, at this point, get a boot time exploit working for permanent mods

 

[Selim873]

Also, from Hykem's latest update, you can surmise:

1. The 5.4, 5.5, and lower exploits are working and complete.
2. He is trying to now, at this point, get a boot time exploit working for permanent mods

Where did you get that update? Does he have a twitter, blog or something?

 

[daxtsu]

Where did you get that update? Does he have a twitter, blog or something?

https://gbatemp.net/threads/wii-u-hacking-homebrew-discussion.367489/page-704#post-5893883

 

[SonyUSA]

Where did you get that update? Does he have a twitter, blog or something?

Scroll up just a little bit! :3

Anyways, we already have a NUS grabber and a title installer, we just need a title installer that's a little easier to run and either patch the checks ahead of time, or that the app patches itself and installs the title we download from NUS (demos only, of course ) It may not be necessary to grab wumad's individually with this method.

 

[TotalInsanity4]

That hasn't been a problem since really early Wii days >_> What are you even talking about. The original limitation was because Wii only understood WBFS until people wrote FAT32 then later NTFS drivers for the Wii. You haven't needed to dedicate an external to Wii in... years now

I think he/she means Wii U games with a Wii U formatted drive

 

[Deleted120957125]

Can't wait for the exploit .

 

[xxmasal22xx]

Next Week®
Registered trademark of Hykem. All rights reserved.

 

[oumoumad]

If he is able to exploit the MCP module, I wonder how we will have to install it. Will it have to launched using an app AFTER launching the exploit through the browser (Like how Themehax is on the 3DS), or will it be done during the first time the console gets exploited? What do you guys think.

You would need a WebKit exploit to initially install the permanent exploit, but after that, you could put in a backdoor (like a Homebrew Channel).

 

[SonyUSA]

Oh. Sorry bout that, didn't read.

I understand what you are asking. Since it's Hykem's intention NOT to let users be in a TEMPORARY escalated state, his released exploit will -most likely- install the permanent patch when you run it from the web browser. That way, when you reboot, the hack will ALWAYS be running and won't brick your system if you try to run something without launching the exploit first.

To answer your question, because of limited space, you may need to launch the initial exploit first to gain system control, then run an app to permanently install it, but I'm willing to bet Hykem is trying to avoid this step to stop bricks/screw ups.