Hacking [News] Update about Hykem

[CuriousTommy]

Hykem is telling us that he stopped working on IOSU a while ago, cuz MN1 is already working on it but still working on WiiU Stuff like Homebrew:

For that reason he deleted his Twitter Account a while ago and deleted his github today.


Gesendet von iPhone mit Tapatalk

It is true though that his GitHub account is gone. https://github.com/Hykem At least a nice person took his account name.

Honestly, I don't really care about ISOU anymore since DDD fulfills my needs (Even if DDD doesn't do a 1:1 copy of a game, it fulfills the needs that I want for dumping games). What I am worried about is the fact that he took down his Github page.

Now GitHub will assign one person who forked the repo with being the owner of the repo. It going to be interesting to see where people report bugs for the programs that Hykem use. I hope he reuploads his source code again for people who did not fork his code.

 

[Mathew_Wi]

So everyone's bitching about an exploit that's done and could have had someone else make something out of it?

Not like you think, and that's all I'm saying.

 

[Mastadope]

If this was a fake would the fake be able to delete the Github account?

 

[Xuman]

Honestly, how many more Hykem threads do we need?

If ever Hykem makes his own thread, that will be the one to check into.

 

[DeadlyFoez]

Honestly, how many more Hykem threads do we need?

About 437, but we will get 856,202 more instead, and thats just this week alone.

 

[wolf-snake]

Hey y'all Hykem here. I'm here to tell y'all fuccbois to wait a little bit so i can release something that will blow your fucking minds ( ͡° ͜ʖ ͡°).

 

[hobbledehoy899]

blow your fucking minds ( ͡° ͜ʖ ͡°).

ye ye use my mind as a bj machine ye ye blow your load in my mind ye ye~~

 

[y0shim@ri0]

Can an admin lock this before it turns into a shitfest? The twitter is fake, which makes the whole point of this thread useless.

 

[canariobr]

Honestly, I don't really care about ISOU anymore since DDD fulfills my needs (Even if DDD doesn't do a 1:1 copy of a game, it fulfills the needs that I want for dumping games). What I am worried about is the fact that he took down his Github page.

what is DDD

 

[CuriousTommy]

what is DDD

It's a WiiU Title Dumper. You can find it here. It's a really useful application to dump game assets, update files, .rpx files, and generates a .xml files for loadine.

 

[DarkJediRey]

At least someone is placeholding the github now. Seriously, the trolling fakes should stop. at least come up with something clever.

Spoiler: inb4threadlock

 

[netovsk]

By now one would think big N paid him a considerable amount of money so that he doesnt release the exploit at all.

Lucky I got my Wii U at 5.3.2.

 

[Datalogger]

No idea why he has passed the work onto MN1, assuming the account is real. Also Smea is no friend of hykem so why hykems new twitter's is following only one person, smea, is anyone's guess.

Tbh the only people working super hard to get a public exploit out there is NwPlayer and I think datalogger, nobody else is committed to a public exploit as far as Im aware.

I can't speak for any others, but I am ONLY working on an IOSU Exploit to support CFW.
When I started working on this, I was under the assumption that a 5.5.x IOSU Exploit was about to be released, so I figured someone needed to get the binaries ready for CFW. (yes, I was wrong and fell into the hype about that one!)
Now I'm looking for one that is stable so I can salvage all of the time I spent preparing for something that didn't exist ...


.

Yes it's fake as Hyken did say before the disappearing that the exploit was complete and was waiting for other devs to release some things to go with it so the exploit wouldn't be released and useless

Well.. some of us did work on things to go with it, got plenty ready to go then.....crickets.
We mapped out both the ARM's and the PPC's kernels, along with other things we need to make CFW.

I seriously doubt that he had a stable IOSU Exploit.
It's much harder to get an IOSU Exploit stable than most people think.
There are a ton of checks throughout both kernels that will trip you up at unexpected times and it takes a Team of people to hunt down and trap them all.
(Just look at all the trouble smea had with bricking his console)




Some sampling of the mapping we could have fun with an IOSU:

ARM side:

Spoiler

IOS_KERNEL:08121B18 Start_Kernel                                                                                        ; CODE XREF: MEM0_check+60p
IOS_KERNEL:08121B18                                                                                                     ; DATA XREF: MEM0_check+5Co ...
IOS_KERNEL:08121B18
IOS_KERNEL:08121B18 var_C                         = -0xC
IOS_KERNEL:08121B18 var_8                         = -8
IOS_KERNEL:08121B18
IOS_KERNEL:08121B18                               STMFD           SP!, {R4,LR}
IOS_KERNEL:08121B1C                               SUB             SP, SP, #4
IOS_KERNEL:08121B20                               BL              SysCall_0x6E                                          ; void get_debug_register_value()
IOS_KERNEL:08121B20                                                                                                     ; Stores the value from LT_DEBUG register in the IOSU heap
IOS_KERNEL:08121B20                                                                                                     ; -> Nothing
IOS_KERNEL:08121B20                                                                                                     ;
IOS_KERNEL:08121B20
IOS_KERNEL:08121B24                               BL              SysCall_0x6F                                          ; void clear_debug_register_value()
IOS_KERNEL:08121B24                                                                                                     ; Clears the LT_DEBUG register
IOS_KERNEL:08121B24                                                                                                     ; -> Nothing
IOS_KERNEL:08121B24                                                                                                     ;
IOS_KERNEL:08121B24
IOS_KERNEL:08121B28                               MOV             R0, #0x80000000                                       ; Debug flag value
IOS_KERNEL:08121B2C                               BL              SysCall_0x71                                          ; int check_debug_flag(u32 flag)
IOS_KERNEL:08121B2C                                                                                                     ; Checks if the supplied flag is enabled in the LT_DEBUG register copy on the IOSU heap
IOS_KERNEL:08121B2C                                                                                                     ; -> The flag value if enabled or 0 if disabled
IOS_KERNEL:08121B2C                                                                                                     ;
IOS_KERNEL:08121B2C
IOS_KERNEL:08121B30                               CMP             R0, #0
IOS_KERNEL:08121B34                               BEQ             loc_8121B6C
IOS_KERNEL:08121B34
IOS_KERNEL:08121B38                               ADD             R4, SP, #0xC+var_8
IOS_KERNEL:08121B3C                               MOV             R3, #0
IOS_KERNEL:08121B40                               STR             R3, [R4,#-4]!
IOS_KERNEL:08121B40
IOS_KERNEL:08121B44
IOS_KERNEL:08121B44 loc_8121B44                                                                                         ; CODE XREF: Start_Kernel+50j
IOS_KERNEL:08121B44                               LDR             R0, =Ten_CReturns                                     ; "\n\n\n\n\n\n\n\n\n\n"
IOS_KERNEL:08121B48                               BL              debug_printf                                          ; Print Debug Statements
IOS_KERNEL:08121B48
IOS_KERNEL:08121B4C                               LDR             R0, =aEnter1ToProcee                                  ; "Enter '1' to proceed with kernel startu"...
IOS_KERNEL:08121B50                               BL              debug_printf                                          ; Print Debug Statements
IOS_KERNEL:08121B50
IOS_KERNEL:08121B54                               LDR             R0, =aD                                               ; "%d"
IOS_KERNEL:08121B58                               MOV             R1, SP
IOS_KERNEL:08121B5C                               BL              debug_read                                            ; read input from keyboard
IOS_KERNEL:08121B5C
IOS_KERNEL:08121B60                               LDR             R3, [SP,#0xC+var_C]
IOS_KERNEL:08121B64                               CMP             R3, #1                                                ; See if key 1 has been pressed
IOS_KERNEL:08121B68                               BNE             loc_8121B44                                           ; If not, loop back to get keyboard input
IOS_KERNEL:08121B68
IOS_KERNEL:08121B6C
IOS_KERNEL:08121B6C loc_8121B6C                                                                                         ; CODE XREF: Start_Kernel+1Cj
IOS_KERNEL:08121B6C                               BL              Setup_MMU                                             ; Initialize the MMU and map memory regions
IOS_KERNEL:08121B6C
IOS_KERNEL:08121B70                               BL              Reset_GPIO_IRQs                                       ; Reset GPIOs and IRQs
IOS_KERNEL:08121B70
IOS_KERNEL:08121B74                               BL              Setup_IRQ_Hndlrs                                      ; Setup IRQ handlers
IOS_KERNEL:08121B74
IOS_KERNEL:08121B78                               BL              Prep_Kernel_Structs                                   ; Clear and set some kernel structures
IOS_KERNEL:08121B78
IOS_KERNEL:08121B7C                               BL              Setup_IO_Buf                                          ; Setup iobuf
IOS_KERNEL:08121B7C
IOS_KERNEL:08121B80                               BL              Remap_Shared_User                                     ; Re-map shared_user_ro
IOS_KERNEL:08121B80
IOS_KERNEL:08121B84                               BL              Clear_Kernel_Stack_Run                                ; Clear IOS_KERNEL module's thread stack and run it
IOS_KERNEL:08121B84
IOS_KERNEL:08121B88                               ADD             SP, SP, #4
IOS_KERNEL:08121B8C                               LDMFD           SP!, {R4,PC}
IOS_KERNEL:08121B8C
IOS_KERNEL:08121B8C ; End of function Start_Kernel
IOS_KERNEL:08121B8C
IOS_KERNEL:08121B90 off_8121B90                   DCD Ten_CReturns                                                      ; DATA XREF: Start_Kernel:loc_8121B44r
IOS_KERNEL:08121B90                                                                                                     ; "\n\n\n\n\n\n\n\n\n\n"
IOS_KERNEL:08121B94 off_8121B94                   DCD aEnter1ToProcee                                                   ; DATA XREF: Start_Kernel+34r
IOS_KERNEL:08121B94                                                                                                     ; "Enter '1' to proceed with kernel startu"...
IOS_KERNEL:08121B98 off_8121B98                   DCD aD                                                                ; DATA XREF: Start_Kernel+3Cr
IOS_KERNEL:08121B98                                                                                                     ; "%d"
IOS_KERNEL:08121B9C

PPC side:

Spoiler

Kernel:FFF1BD88                       .globl Debug
Kernel:FFF1BD88 Debug:                                                                          # DATA XREF: Kernel-Data:FFE84800o
Kernel:FFF1BD88                       mflr      r0
Kernel:FFF1BD8C                       bl        sub_FFF1D1CC
Kernel:FFF1BD90                       addi      r3, r2, -0x3121 # aCosDebuggingShellCommandDebug # "\n---- COS Debugging Shell Command: deb"...
Kernel:FFF1BD94                       bl        sub_FFF1427C
Kernel:FFF1BD98                       addi      r3, r2, -0x75A0 # aCosDebuggingShellCommandIntstatsDD # "\n---- COS Debugging Shell Command: int"...
Kernel:FFF1BD9C                       mr        r5, r4
Kernel:FFF1BDA0                       crclr     4*cr1+eq
Kernel:FFF1BDA4                       bl        sub_FFF0AD0C
Kernel:FFF1BDA8                       li        r3, 0
Kernel:FFF1BDAC                       mr        r4, r3
Kernel:FFF1BDB0                       mr        r5, r3
Kernel:FFF1BDB4                       mr        r6, r4
Kernel:FFF1BDB8                       mr        r7, r5
Kernel:FFF1BDBC                       bl        Interrupt_Configuration
Kernel:FFF1BDC0                       li        r5, 0
Kernel:FFF1BDC4                       li        r4, 1
Kernel:FFF1BDC8                       addi      r3, r2, -0x75A0 # aCosDebuggingShellCommandIntstatsDD # "\n---- COS Debugging Shell Command: int"...
Kernel:FFF1BDCC                       bl        sub_FFF1427C
Kernel:FFF1BDD0                       mr        r6, r4
Kernel:FFF1BDD4                       mr        r5, r6
Kernel:FFF1BDD8                       li        r3, 1
Kernel:FFF1BDDC                       mr        r7, r5
Kernel:FFF1BDE0                       bl        Interrupt_Configuration
Kernel:FFF1BDE4                       li        r5, 0
Kernel:FFF1BDE8                       li        r4, 2
Kernel:FFF1BDEC                       addi      r3, r2, -0x75A0 # aCosDebuggingShellCommandIntstatsDD # "\n---- COS Debugging Shell Command: int"...
Kernel:FFF1BDF0                       bl        sub_FFF1427C
Kernel:FFF1BDF4                       mr        r6, r4
Kernel:FFF1BDF8                       mr        r5, r6
Kernel:FFF1BDFC                       li        r3, 2
Kernel:FFF1BE00                       mr        r7, r5
Kernel:FFF1BE04                       bl        Interrupt_Configuration
Kernel:FFF1BE08                       addi      r3, r2, -0x31F9 # aCosDebuggingShellCommandCoretrace # "\n---- COS Debugging Shell Command: cor"...
Kernel:FFF1BE0C                       crclr     4*cr1+eq
Kernel:FFF1BE10                       bl        sub_FFF0AD0C
Kernel:FFF1BE14                       li        r0, 8
Kernel:FFF1BE18                       bl        sub_FFF0F9D4
Kernel:FFF1BE1C                       bl        sub_FFF052C8
Kernel:FFF1BE20                       bl        sub_FFF1BB28
Kernel:FFF1BE24                       lwz       r3, off_FFEAB78C # byte_0
Kernel:FFF1BE28                       addi      r5, r13, -0x1180 # dword_FFEB1380
Kernel:FFF1BE2C                       li        r4, 0x1040
Kernel:FFF1BE30                       bl        sub_FFEE0C7C
Kernel:FFF1BE34                       cmpwi     r3, 1
Kernel:FFF1BE38                       bne       loc_FFF1BE44
Kernel:FFF1BE3C                       bl        sub_FFF1C2F0
Kernel:FFF1BE40                       bl        sub_FFF1B930
Kernel:FFF1BE44 loc_FFF1BE44:                                                                   # CODE XREF: Debug+B0j
Kernel:FFF1BE44                       b         loc_FFF1D1E0
Kernel:FFF1BE44 # End of function Debug


coreinit.text:020037F4 # =============== S U B R O U T I N E =======================================
coreinit.text:020037F4 # BOOL OSIsColdBoot(void);
coreinit.text:020037F4 #
coreinit.text:020037F4                       .globl OSIsColdBoot
coreinit.text:020037F4 OSIsColdBoot:                                                                   # DATA XREF: coreinit.fexports:C00019B8o
coreinit.text:020037F4                       lis       r12, Boot_Value_A@h                             # Bit 02 = OSIsColdBoot
coreinit.text:020037F4                                                                                 # Bit 04 = OSIsProdMode
coreinit.text:020037F4                                                                                 # Bit 08 = Development Mode (0=Yes 1=No)
coreinit.text:020037F8                       lwz       r12, Boot_Value_A@l(r12)                        # Bit 02 = OSIsColdBoot
coreinit.text:020037F8                                                                                 # Bit 04 = OSIsProdMode
coreinit.text:020037F8                                                                                 # Bit 08 = Development Mode (0=Yes 1=No)
coreinit.text:020037FC                       extrwi    r3, r12, 1,2                                    # Rot_<_3, Mask = 0x1
coreinit.text:02003800                       blr
coreinit.text:02003800 # End of function OSIsColdBoot
coreinit.text:02003804 # =============== S U B R O U T I N E =======================================
coreinit.text:02003804 # BOOL OSIsSelfRefreshBoot(void);
coreinit.text:02003804 #
coreinit.text:02003804                       .globl OSIsSelfRefreshBoot
coreinit.text:02003804 OSIsSelfRefreshBoot:                                                            # DATA XREF: coreinit.fexports:C0001A30o
coreinit.text:02003804                       lis       r12, Boot_Value_D@h                             # Bit 10 = OSIsSelfRefreshBoot
coreinit.text:02003808                       lwz       r12, Boot_Value_D@l(r12)                        # Bit 10 = OSIsSelfRefreshBoot
coreinit.text:0200380C                       extrwi    r3, r12, 1,10                                   # Rot_<_11, Mask = 0x1
coreinit.text:02003810                       blr
coreinit.text:02003810 # End of function OSIsSelfRefreshBoot
coreinit.text:02003814 # =============== S U B R O U T I N E =======================================
coreinit.text:02003814 # BOOL OSIsNormalBoot(void);
coreinit.text:02003814 #
coreinit.text:02003814                       .globl OSIsNormalBoot
coreinit.text:02003814 OSIsNormalBoot:                                                                 # DATA XREF: coreinit.fexports:C0001A10o
coreinit.text:02003814                       lis       r12, Boot_Value_B@h                             # Bit 11 = OSIsNormalBoot
coreinit.text:02003814                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003814                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003814                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003814                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:02003818                       lwz       r12, Boot_Value_B@l(r12)                        # Bit 11 = OSIsNormalBoot
coreinit.text:02003818                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003818                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003818                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003818                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:0200381C                       extrwi    r3, r12, 1,11                                   # Rot_<_12, Mask = 0x1
coreinit.text:02003820                       blr
coreinit.text:02003820 # End of function OSIsNormalBoot
coreinit.text:02003824 # =============== S U B R O U T I N E =======================================
coreinit.text:02003824 # BOOL OSIsECOBoot(void);
coreinit.text:02003824 #
coreinit.text:02003824                       .globl OSIsECOBoot
coreinit.text:02003824 OSIsECOBoot:                                                                    # DATA XREF: coreinit.fexports:C00019D8o
coreinit.text:02003824                       lis       r12, Boot_Value_B@h                             # Bit 11 = OSIsNormalBoot
coreinit.text:02003824                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003824                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003824                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003824                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:02003828                       lwz       r12, Boot_Value_B@l(r12)                        # Bit 11 = OSIsNormalBoot
coreinit.text:02003828                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003828                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003828                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003828                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:0200382C                       extrwi    r3, r12, 1,12                                   # Rot_<_13, Mask = 0x1
coreinit.text:02003830                       blr
coreinit.text:02003830 # End of function OSIsECOBoot
coreinit.text:02003834 # =============== S U B R O U T I N E =======================================
coreinit.text:02003834 # BOOL OSIsStandbyBoot(void);
coreinit.text:02003834 #
coreinit.text:02003834                       .globl OSIsStandbyBoot
coreinit.text:02003834 OSIsStandbyBoot:                                                                # DATA XREF: coreinit.fexports:C0001A38o
coreinit.text:02003834                       lis       r12, Boot_Value_B@h                             # Bit 11 = OSIsNormalBoot
coreinit.text:02003834                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003834                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003834                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003834                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:02003838                       lwz       r12, Boot_Value_B@l(r12)                        # Bit 11 = OSIsNormalBoot
coreinit.text:02003838                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003838                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003838                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003838                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:0200383C                       extrwi    r3, r12, 1,29                                   # Rot_<_30, Mask = 0x1
coreinit.text:02003840                       blr
coreinit.text:02003840 # End of function OSIsStandbyBoot
coreinit.text:02003844 # =============== S U B R O U T I N E =======================================
coreinit.text:02003844 # BOOL OSIsOffBoot();
coreinit.text:02003844 #
coreinit.text:02003844                       .globl OSIsOffBoot
coreinit.text:02003844 OSIsOffBoot:                                                                    # DATA XREF: coreinit.fexports:C0001A18o
coreinit.text:02003844                       lis       r12, Boot_Value_B@h                             # Bit 11 = OSIsNormalBoot
coreinit.text:02003844                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003844                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003844                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003844                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:02003848                       lwz       r12, Boot_Value_B@l(r12)                        # Bit 11 = OSIsNormalBoot
coreinit.text:02003848                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003848                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003848                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003848                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:0200384C                       clrlwi    r3, r12, 31
coreinit.text:02003850                       blr
coreinit.text:02003850 # End of function OSIsOffBoot
coreinit.text:02003854 # =============== S U B R O U T I N E =======================================
coreinit.text:02003854 # BOOL OSIsCompatBoot(void);
coreinit.text:02003854 #
coreinit.text:02003854                       .globl OSIsCompatBoot
coreinit.text:02003854 OSIsCompatBoot:                                                                 # DATA XREF: coreinit.fexports:C00019C0o
coreinit.text:02003854                       lis       r12, Boot_Value_B@h                             # Bit 11 = OSIsNormalBoot
coreinit.text:02003854                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003854                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003854                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003854                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:02003858                       lwz       r12, Boot_Value_B@l(r12)                        # Bit 11 = OSIsNormalBoot
coreinit.text:02003858                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003858                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003858                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003858                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:0200385C                       extrwi    r3, r12, 1,30                                   # Rot_<_31, Mask = 0x1
coreinit.text:02003860                       blr
coreinit.text:02003860 # End of function OSIsCompatBoot
coreinit.text:02003864 # =============== S U B R O U T I N E =======================================
coreinit.text:02003864 # u32  OSGetBootPMFlags(void);
coreinit.text:02003864 #
coreinit.text:02003864                       .globl OSGetBootPMFlags
coreinit.text:02003864 OSGetBootPMFlags:                                                               # DATA XREF: coreinit.fexports:C00016E0o
coreinit.text:02003864                       lis       r3, Boot_Value_D@h                              # Bit 10 = OSIsSelfRefreshBoot
coreinit.text:02003868                       lwz       r3, Boot_Value_D@l(r3)                          # Bit 10 = OSIsSelfRefreshBoot
coreinit.text:0200386C                       blr
coreinit.text:0200386C # End of function OSGetBootPMFlags
coreinit.text:02003870 # =============== S U B R O U T I N E =======================================
coreinit.text:02003870 # u32  OSGetLastPMState(void);
coreinit.text:02003870 #
coreinit.text:02003870                       .globl OSGetLastPMState
coreinit.text:02003870 OSGetLastPMState:                                                               # DATA XREF: coreinit.fexports:C00017A8o
coreinit.text:02003870                       lis       r3, Boot_Value_B@h                              # Bit 11 = OSIsNormalBoot
coreinit.text:02003870                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003870                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003870                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003870                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:02003874                       lwz       r3, Boot_Value_B@l(r3)                          # Bit 11 = OSIsNormalBoot
coreinit.text:02003874                                                                                 # Bit 12 = OSIsECOBoot
coreinit.text:02003874                                                                                 # Bit 29 = OSIsStandbyBoot
coreinit.text:02003874                                                                                 # Bit 30 = OSIsCompatBoot
coreinit.text:02003874                                                                                 # Bit 31 = OSIsOffBoot
coreinit.text:02003878                       blr
coreinit.text:02003878 # End of function OSGetLastPMState
coreinit.text:0200387C # =============== S U B R O U T I N E =======================================
coreinit.text:0200387C                       .globl OSGetCurrentPMState
coreinit.text:0200387C OSGetCurrentPMState:                                                            # DATA XREF: coreinit.fexports:C0001748o
coreinit.text:0200387C                       lis       r3, Boot_Value_C@h                              # Bit 12 = OSIsECOMode
coreinit.text:02003880                       lwz       r3, Boot_Value_C@l(r3)                          # Bit 12 = OSIsECOMode
coreinit.text:02003884                       blr
coreinit.text:02003884 # End of function OSGetCurrentPMState
coreinit.text:02003888 # =============== S U B R O U T I N E =======================================
coreinit.text:02003888 # BOOL OSIsProdMode(void);
coreinit.text:02003888 #
coreinit.text:02003888                       .globl OSIsProdMode
coreinit.text:02003888 OSIsProdMode:                                                                   # CODE XREF: sub_20138B0+14p
coreinit.text:02003888                                                                                 # sub_2020238+220p ...
coreinit.text:02003888                       lis       r12, Boot_Value_A@h                             # Bit 02 = OSIsColdBoot
coreinit.text:02003888                                                                                 # Bit 04 = OSIsProdMode
coreinit.text:02003888                                                                                 # Bit 08 = Development Mode (0=Yes 1=No)
coreinit.text:0200388C                       lwz       r12, Boot_Value_A@l(r12)                        # Bit 02 = OSIsColdBoot
coreinit.text:0200388C                                                                                 # Bit 04 = OSIsProdMode
coreinit.text:0200388C                                                                                 # Bit 08 = Development Mode (0=Yes 1=No)
coreinit.text:02003890                       extrwi    r0, r12, 1,4                                    # Rot_<_5, Mask = 0x1
coreinit.text:02003894                       xori      r3, r0, 1
coreinit.text:02003898                       blr
coreinit.text:02003898 # End of function OSIsProdMode

.

 

[andriy921]

(Just look at all the trouble smea had with bricking his console)

I'm pretty sure that this was caused by coldboot exploit.

 

[Datalogger]

I'm pretty sure that this was caused by coldboot exploit.

coldboot or maybe offboot - but then again it could have been a refreshboot, standbyboot or an ecoboot.
There are lots of traps you need to defuse to get this thing consistently exploitable and stable and bootable in all modes...





.

 

[andriy921]

coldboot or maybe offboot - but then again it could have been a refreshboot, standbyboot or an ecoboot.
There are lots of traps you need to defuse to get this thing consistently exploitable and stable and bootable is all modes...

I haven't messed with that yet, but from my 3ds experience all thing except first one require ram modification. Coldboot requires you writing something into the nand, so that seems to be most dangerous step.

--------------------- MERGED ---------------------------

I'm probably have too low knowledge about this. snadbyboot should require similar exploit to coldboot and i have no idea what is refreshboot/ecobot, so forget what i said here.

 

[Datalogger]

I haven't messed with that yet, but from my 3ds experience all thing except first one require ram modification. Coldboot requires you writing something into the nand, so that seems to be most dangerous step.

--------------------- MERGED ---------------------------

I'm probably have too low knowledge about this. snadbyboot should require similar exploit to coldboot and i have no idea what is refreshboot/ecobot, so forget what i said here.

Don't stop so soon.
Everyone needs others to ring in and ask questions and/or challenge assumptions.
That's how progress is made!

If you would like, I can get you access to the ARM and PPC IDA compilations so you can learn more about the progress made and the challenges that are to come as we continue.

The PPC has loader.elf+coreinit.rpl+bootrom.bin+kernerl.img in one file.
The ARM has boot0, boot1 and fw.img all decoded.

PM if you would like to have a look and think you can contribute to the cause.
The idea here is to release public any and all findings (No exploit Hoarders need apply!)

-dl

 

[pwsincd]

Don't stop so soon.
Everyone needs others to ring in and ask questions and/or challenge assumptions.
That's how progress is made!

If you would like, I can get you access to the ARM and PPC IDA compilations so you can learn more about the progress made and the challenges that are to come as we continue.

The PPC has loader.elf+coreinit.rpl+bootrom.bin+kernerl.img in one file.
The ARM has boot0, boot1 and fw.img all decoded.

PM if you would like to have a look and think you can contribute to the cause.
The idea here is to release public any and all findings (No exploit Hoarders allowed!)

-dl

erm , i think i pre empted you heh

 

[raulpica]

That account is most certainly fake, so don't get your pants in a twist, everyone.

Move along, move along.