Hacking Hykem's 5.5 iosu Exploit

[thekarter104]

Thought is was going to be a Christmas present? Anyway, I'm calling bullshit and moving on with my life at this point.

Same here tbh, I'm about to stop checking GBATemp for atleast a while now, especially when there's like 10+ pages on offtopic discussion BS.
The exploit might or might not be released. A co-worker said the exploit will not be released anyway.

 

[aracom]

You can't the c++ functions names, you have to use the right (internal?) functionname. Use ida for this.
e.g. for nn::ac::GetPersistentIdEx() I had to use GetPersistentIdEx__Q2_2nn3actFUc

Thanks, it was GetMyScreenName__Q2_2nn2fpFPw, but I'm still getting a blue screen :/ I commented out the final use of the function, and it seems to get the handle and the export just fine, so it has to do with how I'm using GetMyScreenName. I guess that's how reverse engineering works, right? Many tries and many crashes

 

[oPolo]

That's not a problem due to this one word: emuNAND.
Ore in multible words: emuNAND allows us to upgrade to the latest firmware but instead of updating the Wii U's firmware you upgrade the firmware on a SD or maybe even a USB and then boot the firmware from that. So your sysNAND stays outdated (5.5) and you update your emuNAND (5.6 or 6.0 and later).

Where did you get the notion that it allows that?

 

[davetheshrew]

calm down will you. Look, as is normal with these things, they might not say it, but its true, hear me out.

A lot of the time hackers release an exploit days after a firmware update thus not pissing off the manufacturer of said device as much as it would to release an exploit on current firmware, which would spark a war between manufacturer and hacker with more chance of closing holes in defenses. Only super lucky people that stayed on a modded dns will get a chance (hint: dont update on the 12th), eventually said manufacturer gets tired and moves to a new device, then users get a silver bullet exploit, this is regular on many devices. Yes Im speculating, but it happened on the xbox 360, wii, ps3 now is end of life so current hack is now the silver bullet exploit, unless sony updates again, which is very doubtful.

Dont update, wait, and you should with luck all get what you want, then spoof to current fw, enjoy.

 

[SonyUSA]

It's not trivial: it takes several hours of digging into a 500 pages thread to find the information, for anyone who does not follow the subject on a daily basis. I know, because that's exactly what I had to do to write the article
It does not spread drama: If you read the article, you've seen I've been extremely careful to not include anything that has confirmed to be inaccurate or irrelevant to the current status.

Just sayin'

Maybe not, but the information is arbitrary. Knowing about plutoo's post and ensuing actions that ultimately just lead back to us waiting for Hykem to release doesn't really do anything for the layman, it just makes extra (arguably useless) information about the whole proceedings that they have to read. The short of it is, that whole situation can be safely ignored because nothing really changed from before it happened to after it happened.

Edit: Added Hykem's userpage link to OP

 

[smileyhead]

A question regarding this exploit: Can I load Wii backups with it?

 

[Mazamin]

IS THE EXPLOIT ALREADY RELEASED?
edit: fixed typo

 

[TotalInsanity4]

IS THE EXPLOIT YES RELEASED?

Assume no at all times, then read the OP for the answer

 

[Thirty3Three]

IS THE EXPLOIT YES RELEASED?

THE EXPLOIT IS NO RELEASED!

 

[Maschell]

Thanks, it was GetMyScreenName__Q2_2nn2fpFPw, but I'm still getting a blue screen :/ I commented out the final use of the function, and it seems to get the handle and the export just fine, so it has to do with how I'm using GetMyScreenName. I guess that's how reverse engineering works, right? Many tries and many crashes

Maybe it crashes because it write the Name into a array to have in the parameter? Try
GetMyScreenName(char16 buf[11]). Make sure you use Initialize and Finalize!

 

[Mazamin]

Assume no at all times, then read the OP for the answer

THE EXPLOIT IS NO RELEASED!

THANKS GOD! Let's stay away from noobs for a bit time!
I only read some strings of codes and I thought it was released LOL

 

[Maximilious]

A question regarding this exploit: Can I load Wii backups with it?

Wii backups are already possible in vWii, find the respective guides for those in the stickies section.

As for Wii U backups, this is already possible via Loadiine on version 5.3.2 (and other versions now I think as well), but not from USB storage. With the IOSU exploit we will (hopefully) be able to load backups from USB going forward.

 

[smileyhead]

Wii backups are already possible in vWii, find the respective guides for those in the stickies section.

As for Wii U backups, this is already possible via Loadiine on version 5.3.2 (and other versions now I think as well), but not from USB storage. With the IOSU exploit we will (hopefully) be able to load backups from USB going forward.

I know, I just didn't want to spend money on games I would only use for installing the HBC.

 

[aracom]

Maybe it crashes because it write the Name into a array to have in the parameter? Try
GetMyScreenName(char16 buf[11]). Make sure you use Initialize and Finalize!

I figured out that I have to use a wchar_t*, and it doesn't crash when simply using the function + var, but I don't have a way to display that since all printing functions only take char* and I haven't found a (working) way to convert wchar_t to char without using wcstombs
Current code:

Spoiler

            unsigned int fp_handle;
            OSDynLoad_Acquire("nn_fp.rpl", &fp_handle); //get nn_fp
           
            __os_snprintf(flags.output, 1000, "\ngot fp");
                       
            void(*GetMyScreenName)();            
            OSDynLoad_FindExport(fp_handle, 0, "GetMyScreenName__Q2_2nn2fpFPw", &GetMyScreenName);           
            void(*Initialize)();
            OSDynLoad_FindExport(fp_handle, 0, "Initialize__Q2_2nn2fpFv", &Initialize);
            void(*Finalize)();            
            OSDynLoad_FindExport(fp_handle, 0, "Finalize__Q2_2nn2fpFv", &Finalize);   

            __os_snprintf(flags.output, 1000, "\ngot exports");
                      
            //Initialize(); //Init
           
            typedef unsigned long wchar_t;
            wchar_t * MiiName = L"hi" ;
            GetMyScreenName(&MiiName);

            __os_snprintf(flags.output, 1000, MiiName);
            //Finalize();

This gives me a black screen(no crash, can go back to the menu). When uncommenting Initialize() and Finalize(), I get a blue screen again, wich probably means I'm not using them right.

 

[SonyUSA]

I figured out that I have to use a wchar_t*, and it doesn't crash when simply using the function + var, but I don't have a way to display that since all printing functions only take char* and I haven't found a (working) way to convert wchar_t to char without using wcstombs
Current code:

Spoiler

            unsigned int fp_handle;
            OSDynLoad_Acquire("nn_fp.rpl", &fp_handle); //get nn_fp
          
            __os_snprintf(flags.output, 1000, "\ngot fp");
                      
            void(*GetMyScreenName)();           
            OSDynLoad_FindExport(fp_handle, 0, "GetMyScreenName__Q2_2nn2fpFPw", &GetMyScreenName);          
            void(*Initialize)();
            OSDynLoad_FindExport(fp_handle, 0, "Initialize__Q2_2nn2fpFv", &Initialize);
            void(*Finalize)();           
            OSDynLoad_FindExport(fp_handle, 0, "Finalize__Q2_2nn2fpFv", &Finalize);  

            __os_snprintf(flags.output, 1000, "\ngot exports");
                     
            //Initialize(); //Init
          
            typedef unsigned long wchar_t;
            wchar_t * MiiName = L"hi" ;
            GetMyScreenName(&MiiName);

            __os_snprintf(flags.output, 1000, MiiName);
            //Finalize();

This gives me a black screen(no crash, can go back to the menu). When uncommenting Initialize() and Finalize(), I get a blue screen again, wich probably means I'm not using them right.

#wiiudev on Ef

 

[LysergCooltyp]

I know, I just didn't want to spend money on games I would only use for installing the HBC.

You always had to spend money on a a game either way be it the real Wii or vWii. If 10 bucks hurt you that much, then i can't imagine how you managed to afford a console and supportive hardware.

 

[Margen67]

You always had to spend money on a a game either way be it the real Wii or vWii. If 10 bucks hurt you that much, then i can't imagine how you managed to afford a console and supportive hardware.

He could also borrow the game from a friend or something.

 

[BDP]

I can't wait until Hykem just BOOM drops the code out of nowhere and shuts the haters and naysayers right up.

 

[moops44]

I can't wait until Hykem just BOOM drops the code out of nowhere and shuts the haters and naysayers right up.

and on first place BS posts like this will finally stop

 

[Miles54321]

Hm, still nothing