Havn't had that experience on Gears 3 or Halo 4 but I figure older games have been abandoned. Gears 1 has had glitches since launch though lol but most were just "for fun" and didn't affect the match that much. It's still somewhat hard to hack the 360 and play online. Wii is extremely easy to hack so I assume hacking ruins wii online games more (not that I tried playing much, without voice chat you might as well just play against the cpu, save some bandwidth lol).
- Status
- Joined
- Jul 7, 2010
- Messages
- 3,882
- Trophies
- 2
- Location
- /dev/random
- Website
- www.gudenau.net
- XP
- 5,378
- Country
Ok, let me take some of the confusion out of this.
Chadderz found an exploit that lets him get into kernel mode through the current browser ROP chain. He does not know how it works, because of this it works about 10% of the time. They will not be releasing anything until it is good and ready and hard for the layman to reverse and use for there own purposes. The kernel exploit is needed to modify that game in this manner because they are modifying arbitrary RAM values on the fly from the browser, which does not have access to the RAM that Mario kart 8 uses.
I hope this helps.
Chadderz found an exploit that lets him get into kernel mode through the current browser ROP chain. He does not know how it works, because of this it works about 10% of the time. They will not be releasing anything until it is good and ready and hard for the layman to reverse and use for there own purposes. The kernel exploit is needed to modify that game in this manner because they are modifying arbitrary RAM values on the fly from the browser, which does not have access to the RAM that Mario kart 8 uses.
I hope this helps.
Still this is HUGE nonetheless and I know they don't plan on releasing the exploit for quite some time. And they also want to make sure it inhibits piracy and online cheating when they DO release it. The fact that SOMEBODY (anybody) is able to actually gain access to the Kernel through the browser exploit is still a big deal. Even if the success rate is low. This could be potentially THE attack method for game modding and/or legitimate homebrew in Wii U mode once its perfected.
- Joined
- Jan 7, 2014
- Messages
- 14,600
- Trophies
- 4
- Location
- Another World
- Website
- www.gbatemp.net
- XP
- 25,207
- Country
I really hope that would be possible ! Can't wait for a native WiiU homebrew ! Modding in Mario Kart 8 would also be something big, if it does like Mario Kart Wii 
It doesn't matter if it only works 10% of the time if you figure out a way to stop signature checks and reverse engineer the Cafe OS enough to build your own channels you can establish permanence.
For example, it wouldn't matter if the Twilight hack for the Wii had only worked 10% of the time because you only need to run it once.It saddens me that they are not releasing this as-is. Everyone so far has been open with sharing and this is something that I could actually help with. :/ Hopefully Marionumber1, NeKit and Hykem will continue to do their open source, well documented work. Also, Marionumber1 said he locked himself out of his own exploit by updating his console to 5.0 so we really need the Wii U Common keys to decrypt binaries from CDN->analyze binaries manually or via ROPEME or some other automation tool->modify ROP chain to deliver payload to 5.0.
so with this in mind when its done this will allow homebrew without piracy ??
That's our goal, hopefully it can be achieved. It may not be possible to stop piracy from happening, but it should be possible to hold it off.
I'm getting a few chuckles out of the posts of naive people who think this won't be used for piracy. My sides are in orbit.
Just wait, WiiU is gonna be flying off dusty shelves once this homebrew stuff takes off. There'll finally be a reason to own one.
Just wait, WiiU is gonna be flying off dusty shelves once this homebrew stuff takes off. There'll finally be a reason to own one.
Piracy is inevitable of course. Nobody said it wasn't, but some of these homebrew devs are trying to delay said piracy enabling. Of course some hackers will eventually find a way to use these homebrew exploits as leverage for loading backups and also pirated games, but some of the devs want no part of that aspect. So to differentiate themselves from those who only care about loading pirated games, they're incorporating various tactics to "put off" if you will backup loading etc. To make others work harder to achieve these goals, because these other devs don't want to be associated with that aspect of hacking the Wii U at all.
ffs. no one was naive or saying about how piracy will or wont be due out soon. i clearly asked what mario1s intentions are and he replied nice sweet and simple. "end the soon to be big pointless debate about piracy already" lol
I hope this could potentially lead to forcing Wiimode to 1080P...
I hope this could potentially lead to forcing Wiimode to 1080P...
im guessing/hopeing it would be possible
Heh, I remember having to hack my PSP by loading a corrupted image that would only work rarely. Spent like an hour and like 50 attempts getting it to work, but once it did, just install CFW and you didn't need to do it again.It doesn't matter if it only works 10% of the time if you figure out a way to stop signature checks and reverse engineer the Cafe OS enough to build your own channels you can establish permanence.
It saddens me that they are not releasing this as-is. Everyone so far has been open with sharing and this is something that I could actually help with. :/ Hopefully Marionumber1, NeKit and Hykem will continue to do their open source, well documented work. Also, Marionumber1 said he locked himself out of his own exploit by updating his console to 5.0 so we really need the Wii U Common keys to decrypt binaries from CDN->analyze binaries manually or via ROPEME or some other automation tool->modify ROP chain to deliver payload to 5.0.
- Joined
- Nov 26, 2012
- Messages
- 2,567
- Trophies
- 2
- Location
- United States
- Website
- sites.google.com
- XP
- 3,879
- Country
im guessing/hopeing it would be possible
Yeah just get GX -> OpenGL code from Dolphin and enjoy 1080P high speed :-)
(There's a lot more work to do that.)
Seems like there's a huge disconnect in the ongoing efforts surrounding development of hacks such as this one, and the encompassing effort to bring homebrew to the U. If you bright individuals tried to put your heads together with resources such as... Maxternal or Marionumber1, you might be able to accomplish what it is you are trying to do a bit more diligently.
Hopefully you are interested in collaboration to some capacity. Perhaps you could drop by #vwii on efnet and discuss... if you prefer a skype tele-meeting or something to that extent I'm sure that's also a possibility. This scene needs some unity. You have folks working off on different efforts, whereas everyone's contributions might be better invested on a centralized goal. One hand washes the other ... or something...
JUST MY 2 CENTS
Hey Chadderz, can you please join #vWii on EFNET? Marionumber1, NeKit and I would like would like to talk to you regarding the permissions exploit. To be able to port this to 5.0 we need access to the espresso so we can develop an IOS exploit to gain access to the starbuck kernel and dump the common keys which will allow us to decrypt the webkit binaries from Nintendo's CDN and analyze them to port the ROP loader. It would really be beneficial to consolidate our efforts seeing as you're basing your work off or Marionumber1's browser exploit.
With this exploit we can start documenting the system architecture and figure out how to disable signature verification checks to build our own channels. Please release this, even if it's to a small group of devs so we don't have to do redundant work. Please share this with the people that made it possible so we can progress further towards the ultimate goal of homebrew.
- Joined
- Jul 7, 2010
- Messages
- 3,882
- Trophies
- 2
- Location
- /dev/random
- Website
- www.gudenau.net
- XP
- 5,378
- Country
Yes, I know that. But to port the browser exploit from 4.1->5.0 we need the 5.0 binaries.
I have the 4.1 binaries which were used to create the ROP chain:
If Chadderz releases his exploit this will allow us to start working on reverse engineering the system and develop an IOS exploit to gain access to the starbuck kernel where all the common keys are located. When we get the common keys we can decrypt the 5.0 binaries (the ones shown in the picture above, except for version 5.0) and port the exploits over to 5.0.
If I'm not clear enough, this is our current exploitation vector:
- Wii U browser "use after free" memory exploit using heap spray
- ROP chain in JIT code execution area to bypass DEP.
- Chadderz kernel exploit to escalate privilege level to gain access to the espresso kernel (Everything is theoretically possible on 4.1 now. The Wii U's security is toast).
- IOS exploit to gain access to the starbuck kernel
- Dump wii u common keys from starbuck
- Decrypt 5.0 binaries from the Nintendo CDN
- Port all exploits over to 5.0
- Disable signature verification checks in CafeOS
- Reverse engineer CafeOS to understand how to package our own channels
- Create homebrew loader channel (which will require some home-aid libs for SD storage loading etc.)
- Continue work on developing Wii U libs and documentation.
- Joined
- Jul 7, 2010
- Messages
- 3,882
- Trophies
- 2
- Location
- /dev/random
- Website
- www.gudenau.net
- XP
- 5,378
- Country
- Status
- No one is chatting at the moment.
-
@ HiradeGirl:
Any TV with your PC connected with Citra and any smartphone to use as a screen using a free play store app.+1 -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
NinStar:
quite ironic that brawlhalla has a far superior netcode compared to smash bros ultimate while offering free online play with crossplay support -
