[idea] Browser downgrading

Discussion in 'Wii U - Hacking & Backup Loaders' started by asper, Aug 6, 2017.

  1. asper
    OP

    asper GBAtemp Advanced Fan

    Member
    610
    306
    May 14, 2010
    United States
    I just extracted my slc (wiiu sysnand) dumps from 5.5.1 and 5.5.2 looking for something that manage the installed titles version check; i found that in slc\sys\security\ there are 2 files:

    digest.bin
    versions.bin

    The 1st file contains 80 bytes ASCII: the 1st 32 are different between 5.5.1 and 5.5.2;
    versions.bin contains all the available titles versions (DLC seems to be excluded) in this 16 bytes format (example):

    00050000101087000000FFFF00000010

    8 bytes titleID
    2 bytes unknown (seems to be always 0000)
    4 bytes unknown (may change)
    2 bytes : it seems that if there is an update this is the latest update title version (stored in hex, need to convert that value to decimal to see the same version listed here)
    2 bytes : it seems that if there is not an update this is the latest title version (stored in hex, need to convert that value to decimal to see the same version listed here); if there is an update it should be 0000 but there are some exceptions: youtube and netflix are respectively 00C100C1 and 00B000B0: the version number is in both locations.

    Is there a way to verify if this is the file used by the system to check the installed title versions and to see if "tampering" it may cause a brick ? (no hardmod to test).
     
    Last edited by asper, Aug 6, 2017


  2. Pokezuculento

    Pokezuculento GBAtemp Regular

    Member
    124
    29
    Jul 4, 2016
    Interesting...
     
  3. C0mm4nd_

    C0mm4nd_ Aspirant Wii U homebrew dev :P

    Member
    697
    337
    Oct 9, 2016
    Italy
    .bin files shouldn't be sigchecked
    (btw, MCP has some cool functions to handle versions, if you understand ARM ASM you can disassemble the IOSU image and look for those methods in IOS-MCP)
     
  4. piratesephiroth

    piratesephiroth I wish I could read

    Member
    3,001
    1,617
    Sep 5, 2013
    Brazil
    So you edit the file and the next time you connect online it gets regenerated.
    What now?
     
  5. asper
    OP

    asper GBAtemp Advanced Fan

    Member
    610
    306
    May 14, 2010
    United States
    If the file Is checked offline you can edit it ans install a lower browser version if this is the "seed" of the version check..
     
  6. piratesephiroth

    piratesephiroth I wish I could read

    Member
    3,001
    1,617
    Sep 5, 2013
    Brazil
    This system checks the version in the tmd of every title before launching and if it's lower than what it expects it requests a game/system update.
    I bet this file is updated very often.

    This would be only useful if you could stop this file from being updated.
     
    Last edited by piratesephiroth, Aug 6, 2017
  7. Trumpasaurus

    Trumpasaurus GBAtemp Regular

    Member
    167
    57
    Jul 8, 2017
    United States
    It would prompt update of the browser, but who cares? You can still launch apps without updating. Right?
     
  8. piratesephiroth

    piratesephiroth I wish I could read

    Member
    3,001
    1,617
    Sep 5, 2013
    Brazil
    nope, I'm pretty sure it would request a system update, locking you out of the eshop. It would download the new browser in the background and install it by force.

    Of course you could avoid that by blocking updates with a DNS but then youu could just keep your console on 5.5.1.
     
    Last edited by piratesephiroth, Aug 6, 2017
  9. Trumpasaurus

    Trumpasaurus GBAtemp Regular

    Member
    167
    57
    Jul 8, 2017
    United States
    What a pain in the ass. F Nintendo.
     
  10. OrGoN3

    OrGoN3 GBAtemp Advanced Maniac

    Member
    1,801
    388
    Apr 23, 2007
    United States
    If you need access to Wii U file system to do this, how would this be helpful? If someone is on 5.5.2, they'd need iosuhax for this to work, right? Which would mean they need an entrypoint, which was the browser. If they already have full access to their system, their system is modded and they don't need the lower version browser.
     
  11. Trumpasaurus

    Trumpasaurus GBAtemp Regular

    Member
    167
    57
    Jul 8, 2017
    United States
    I think people wanted to restore the browser as an option in case they needed to remove Haxchi for whatever reason. They just want to undo the damage that 5.5.2 did, if that makes sense.
    I know a lot of people who were inadvertently updated that would prefer to have the exploitable browser even if they have Haxchi.
     
  12. jbuck1975

    jbuck1975 GBAtemp Advanced Fan

    Member
    870
    183
    Dec 28, 2015
    United States
    Correct for me.
     
  13. godreborn

    godreborn GBAtemp Psycho!

    Member
    3,245
    604
    Oct 10, 2009
    United States
    afaik, the system can't check the integrity of system files. I read something about this on wiiubrew, so it may be as simple as overwriting the files. does the browser contain a ticket?
     
  14. piratesephiroth

    piratesephiroth I wish I could read

    Member
    3,001
    1,617
    Sep 5, 2013
    Brazil
    Yeah, the browser has a ticket just like all other apps.

    While the system doesn't check the integrity of EVERYTHING, the filesystem has its quirks like owners and permissions and ftpiiu can't handle that properly yet.

    If you change something in a way the system doesn't like, you may break everything and you won't be able to undo it without a hardmod.
     
    asper likes this.
  15. jbuck1975

    jbuck1975 GBAtemp Advanced Fan

    Member
    870
    183
    Dec 28, 2015
    United States
    I tried deleting new browser files and installing old. It just froze on the browser screen.
     
    aarti likes this.
  16. piratesephiroth

    piratesephiroth I wish I could read

    Member
    3,001
    1,617
    Sep 5, 2013
    Brazil
    With ftpiiu, if you delete files and add new ones I think it won't work anywhere because the new files will have wrong permissions/users/whatever.
    You should try to let ftpiiu replace them automatically, overwriting the original files. I think that keeps the original metadata (or at least some of it)
     
  17. jbuck1975

    jbuck1975 GBAtemp Advanced Fan

    Member
    870
    183
    Dec 28, 2015
    United States
    tried that too
     
  18. piratesephiroth

    piratesephiroth I wish I could read

    Member
    3,001
    1,617
    Sep 5, 2013
    Brazil
    yeah we can replace everything in content and meta folders but we can't replace executables (rpx, and probably rpl too)
     
  19. Shadowfied

    Shadowfied GBAtemp Advanced Maniac

    Member
    1,657
    1,453
    Dec 6, 2014
    Yeah, what a bunch of assholes. How dare they protect their products (using protect loosely cause they suck shit at doing it). Honestly they should just send a copy of everything they produce to every address in the world for free.
     
    Ricken likes this.
  20. jbuck1975

    jbuck1975 GBAtemp Advanced Fan

    Member
    870
    183
    Dec 28, 2015
    United States
    maybe there's a way to create a channel for the old browser, like the channels created for flappy bird, Wup Installer, etc.. ??