Hacking [OLD] Loadiine backup loader for WiiU 5.3.2 ONLY (NO 5.4 NO 5.5!)

[Cyan]

what he means is launch a WiiU game disc.
That's already what is happening when using SSBB mode : it launches the disc "channel" after applying the path redirection function.
What he wants is a way to launch a retail disc without the redirection function.
The purpose is to boot games and bypass the version check, no spoof needed, etc.


Note for users on WiiU version other than 5.3.2 :
If you want loadiine to support your version, You will have to provide some addresses from your kernel.
Not everybody will be able to help as it requires specific knowledge, but I know some users have the needed level.

I'll list the function name, and the address used by 5.3.2
We needs the corresponding addresses for the same function but for your version.

Memory right (BAT, SR, etc.) : 0xFFF1D638 on 5.3.2 Kernel
prepare title function : 0xFFF18558 in Kernel too

Then these function addresses in coreinit.rpl and loader.elf
ADDRESS_OSTitle_main_entry_ptr 0x1005d180
ADDRESS_main_entry_hook 0x0101c55c
ADDRESS_LiWaitOneChunk 0x010007EC
ADDRESS_LiWaitIopComplete 0x0100FFA4
ADDRESS_LiWaitIopCompleteWithInterrupts 0x0100FE90

 

[Rizzorules]

I don't think that's possible, even with an IOSU exploit.
Doesn't the disc drive only support that special disc Nintendo uses that's kind of Bluray but not really?

I mean using original games

 

[Irastris]

I mean using original games

The purpose is to boot games and bypass the version check, no spoof needed, etc.

Ah, I see now. That actually sounds really cool! Hope that can be implemented at some point.

 

[BTr]

Note for users on WiiU version other than 5.3.2 :
If you want loadiine to support your version, You will have to provide some addresses from your kernel.
Not everybody will be able to help as it requires specific knowledge, but I know some users have the needed level.

I'll list the function name, and the address used by 5.3.2
We needs the corresponding addresses for the same function but for your version.

Memory right (BAT, SR, etc.) : 0xFFF1D638 on 5.3.2 Kernel
prepare title function : 0xFFF18558 in Kernel too

Then these function addresses in coreinit.rpl and loader.elf
ADDRESS_OSTitle_main_entry_ptr 0x1005d180
ADDRESS_main_entry_hook 0x0101c55c
ADDRESS_LiWaitOneChunk 0x010007EC
ADDRESS_LiWaitIopComplete 0x0100FFA4
ADDRESS_LiWaitIopCompleteWithInterrupts 0x0100FE90

I'm on 5.4 and use loadiine v3 already... where can i get these informations you want?

 

[Cyan]

I guess 5.4 addresses are not needed as it's already working.
5.3.2 and 5.4.0 are compatible.

you will need IDA PRO to check the function's addresses.

 

[memomo]

please if it's fully working now for 5.3.2/5.4.0 I think it's better to release the first beta now and add support for other fw and new extra goodies in another beta

 

[oumoumad]

please if it's fully working now for 5.3.2/5.4.0 I think it's better to release the first beta now and add support for other fw and new extra goodies in another beta

Dimok already clearely explained he's only finalizing it and clearing bugs, there won't be any work for another feature before the first release.

 

[Cyan]

that's what will happen.
If nobody gave the addresses by the time of the first beta release, it will just not be implemented. that's all.
It will not delay the release if nobody provides them.

 

[memomo]

We don't want to run into new issues or other delays for almost no reason for 5.3.2/5.4.0 users

Other fw users are already waiting in either case

 

[Irastris]

please if it's fully working now for 5.3.2/5.4.0 I think it's better to release the first beta now and add support for other fw and new extra goodies in another beta

That is the point of a beta release, but I think we should just respect dimok's decision and wait for when he's ready to release it.

 

[z0mb3]

what he means is launch a WiiU game disc.
That's already what is happening when using SSBB mode : it launches the disc "channel" after applying the path redirection function.
What he wants is a way to launch a retail disc without the redirection function.
The purpose is to boot games and bypass the version check, no spoof needed, etc.


Note for users on WiiU version other than 5.3.2 :
If you want loadiine to support your version, You will have to provide some addresses from your kernel.
Not everybody will be able to help as it requires specific knowledge, but I know some users have the needed level.

I'll list the function name, and the address used by 5.3.2
We needs the corresponding addresses for the same function but for your version.

Memory right (BAT, SR, etc.) : 0xFFF1D638 on 5.3.2 Kernel
prepare title function : 0xFFF18558 in Kernel too

Then these function addresses in coreinit.rpl and loader.elf
ADDRESS_OSTitle_main_entry_ptr 0x1005d180
ADDRESS_main_entry_hook 0x0101c55c
ADDRESS_LiWaitOneChunk 0x010007EC
ADDRESS_LiWaitIopComplete 0x0100FFA4
ADDRESS_LiWaitIopCompleteWithInterrupts 0x0100FE90

Ok I took these addresses from the github https://github.com/NotKit/loadiine/
mentioned in the thread https://gbatemp.net/threads/loadiine-v4-for-5-0-0-5-1-0-wiiu.406324/

Big Thx to everyone involved in this.

I'm not 100% sure about all the addresses even if its just an easy task to read it from loadiine source already ported.
Main issue is a drift in the addresses you mentioned from 5.3.2 and what I've found in the sources.
So a little math could do the trick but as I said I'm not 100% sure

The addresses for 5.0.0 / 5.1.0 should be:
Memory right (BAT, SR, etc.):
5.3.2 Cyan needs 0xFFF1D638 (+0x154)
5.3.2 kernel_hooks.S 0xFFF1D78C
5.0.0 kernel_hooks.S 0xFFF1D66C (-0x154)
5.0.0 Cyan needs 0xFFF1D518 ???
----
prepare title function :
5.3.2 Cyan needs 0xFFF18558 (+0x4)
5.3.2 kernel_hooks.S 0xFFF1855C
5.0.0 kernel_hooks.S 0xFFF18538 (-0x4)
5.0.0 Cyan needs 0xFFF18534 ???

ADDRESS_OSTitle_main_entry_ptr 0x1005CB00
ADDRESS_main_entry_hook 0x0101C15C
ADDRESS_LiWaitOneChunk 0x010007EC
ADDRESS_LiWaitIopComplete 0x0100FBC4
ADDRESS_LiWaitIopCompleteWithInterrupts 0x0100FAB0


Used sources were:
https://github.com/NotKit/loadiine/blob/master/src/kernel/kernel_hooks.S
https://github.com/NotKit/loadiine/blob/master/src/menu/menu.c
https://github.com/NotKit/loadiine/blob/master/src/link.ld

 

[matice]

hey guys I was thinking of selling my copy of smash bros (to preorder dark souls 3 ps4 )
however I still have to play the wonderful 101. is there a particular reason why it is not working in miimaker mode? will it be possible to play in miimaker mode with the next version of loadiine?

 

[josh87402]

God this thread is giving me so much nostalgia of the good old Wii Homebrew days..

 

[fiveighteen]

hey guys I was thinking of selling my copy of smash bros (to preorder dark souls 3 ps4 )
however I still have to play the wonderful 101. is there a particular reason why it is not working in miimaker mode? will it be possible to play in miimaker mode with the next version of loadiine?

Not sure of why it doesn't work with SSB if it didn't say in the compatibility guide, but dimok already stated that the next Loadiine release will have the same compatibility as the current one (v4).

 

[Reecey]

EU The Wonderful 101 does work with v4.0 MiiMaker, has done for ages, just takes along time loading on the white screen that's all. The Compatibility says that's for v3.0, its outdated.

 

[Rob Blou]

how much work would it take to port it to the latest FW? Please someone post the info

 

[memomo]

how much work would it take to port it to the latest FW? Please someone post the info

Not until a kernel exploit get released

 

[Cyan]

@z0mb3:
thanks for the 5.0.0/5.1.0 (and thanks to notkit too)
someone will have to test if it's the correct addresses.
nobody in the dev group have that console version, so maybe we will ask someone to test? I don't know, I'll let Dimok say what he prefer.

 

[ShadowOne333]

@z0mb3:
thanks for the 5.0.0/5.1.0 (and thanks to notkit too)
someone will have to test if it's the correct addresses.
nobody in the dev group have that console version, so maybe we will ask someone to test? I don't know, I'll let Dimok say what he prefer.

Doesn't Loadiine require kernel access though?
Even if the new addresses are implemented, no user in 5.5.0 and 5.5.1 would be able to load it due to the kernel exploit still being private ATM.

 

[Cyan]

it's not 5.5.0 but 5.0.0

and the wanted addresses are more for users on old versions like 4.1.0 etc.