Hacking OTP access via IOSU kernel

Status
Not open for further replies.
Ryccardo

Ryccardo

Penguin accelerator
Member
Level 17
Joined
Feb 13, 2015
Messages
7,696
Trophies
1
Age
28
Location
Imola
XP
6,927
Country
Italy
Alex S said:
Oh boy... this wont start a three page arguement XD also does this mean we will have something similar to ARM9LoaderHax on the 3ds, but on Wii U? Or EmuNAND?
Click to expand...

A9LH, as the name says, is an exploit in Arm9Loader - a component of the N3DS kernel* that uses common keys stored in the secret sector (slot0x11key95 for 8.1-9.5, key96 for 9.6+) to decrypt the rest of the firmware.

* yes, a9lh works by installing a n3ds kernel even on a o3ds

A9LH itself only exploits a bad decryption of said kernel accomplished by editing the secret sector. The OTP is only used to decrypt the secret sector for reading, edit it, and reencrypt it. (And indeed now there are otpless techniques too).


The WU certainly doesn't have arm9loader, so the OTP is not a guarantee of cfw on boot.
It however is the prime opportunity for common people to dump some keys at home...

SpongeFreak52 said:
Well, this is what was needed for A9LH on the 3DS, so it actually means quite a bit.
Click to expand...

Exactly. On 3DS.
 
  • Like
Reactions: DrkBeam and Alex658
Aletron9000

Aletron9000

Well-Known Member
Member
Level 9
Joined
May 10, 2016
Messages
1,716
Trophies
0
Location
Classified
XP
1,611
Country
United States
1. does anyone know of a good image to text converter. I took a photo of the output.

2. what can this be used for. A9LH for the wii u? lol.
 
ScienceBETCH

ScienceBETCH

GBATemp's probably not Official Tom-Zero™ Main
Member
Level 6
Joined
Oct 15, 2016
Messages
288
Trophies
0
Location
idk
XP
820
Country
Turkey
I was gone for a while and looks like lots of shit happened. Let me come to the point:
WHAT DID I FUCKING MISS
 
CeeDee

CeeDee

fuckin dork
Member
Level 20
Joined
May 4, 2014
Messages
5,370
Trophies
3
XP
10,015
Country
United States
ScienceBETCH said:
I was gone for a while and looks like lots of shit happened. Let me come to the point:
WHAT DID I FUCKING MISS
Click to expand...
An IOSU userland (and later kernel) exploit was released by a user named @Hillary_Clinton (the name of a US presidential candidate)
This user (also named after a presidential candidate) released a tool to dump your OTP from your Wii U using that same exploit.
 
migles

migles

All my gbatemp friends are now mods, except for me
Member
Level 15
Joined
Sep 19, 2013
Messages
8,033
Trophies
0
Location
Earth-chan
XP
5,300
Country
China
Aletron9000 said:
1. does anyone know of a good image to text converter. I took a photo of the output.
Click to expand...
just search on the app store for some OCR app

--------------------- MERGED ---------------------------

CeeDee said:
An IOSU userland (and later kernel) exploit was released by a user named @Hillary_Clinton (the name of a US presidential candidate)
This user (also named after a presidential candidate) released a tool to dump your OTP from your Wii U using that same exploit.
Click to expand...
i am still waiting for @Barack Obama
 
  • Like
Reactions: Deleted User
ScienceBETCH

ScienceBETCH

GBATemp's probably not Official Tom-Zero™ Main
Member
Level 6
Joined
Oct 15, 2016
Messages
288
Trophies
0
Location
idk
XP
820
Country
Turkey
CeeDee said:
An IOSU userland (and later kernel) exploit was released by a user named @Hillary_Clinton (the name of a US presidential candidate)
This user (also named after a presidential candidate) released a tool to dump your OTP from your Wii U using that same exploit.
Click to expand...
I know that. What I asked was Stuff Like the app being broken and showing wrong otp.
 
K

Kohmei

Well-Known Member
Member
Level 7
Joined
Feb 17, 2013
Messages
824
Trophies
0
XP
1,039
Country
United States
Damon_girl said:
Why do we need to write the numbers down? How will that help?
Click to expand...
It won't, and anyone with a brain would advise against doing it. If you make a single mistake, your OTP is invalid and it WILL brick your console.

This is a Proof of Concept, nothing more. Once we actually have something to do with OTP, there will be a tool for dumping an accurate .bin file and not just displaying it on screen.
 
  • Like
Reactions: migles, Zulnoth, HaloEffect17 and 1 other person
Damon_girl

Damon_girl

Well-Known Member
Member
Level 4
Joined
Oct 27, 2015
Messages
961
Trophies
0
Age
31
XP
553
Country
United States
Kohmei said:
It won't, and anyone with a brain would advise against doing it. If you make a single mistake, your OTP is invalid and it WILL brick your console.

This is a Proof of Concept, nothing more. Once we actually have something to do with OTP, there will be a tool for dumping an accurate .bin file and not just displaying it on screen.
Click to expand...
Oh okay. Thanks for the info. I wasn't going to write it down in the first place but now I'm definitely not going to. I'll just wait until this actually does something and becomes safer to do. Hopefully there will be a detailed guide on how to do the IOSU hack once it's out, like there's one for A9LH on the 3DS.
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

How can I change the Wii U and vWii region of a japanese wii u to ntsc-u, and keep compatibility with the gamepad?

ROM Hack  PMD Tempest, Wildfire, Radiant

Hacking Hardware Homebrew  Is it even possible to dump the Wii U Cleaning Disc?

Wii U is super messed up after trying to install Aroma

My WII U seems to have turned into a brick.

[Solved] BOTW voice packs after eShop shutdown

Hardware  SLC Corruption help request

Unable to install dlcs

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: https://www.youtube.com/watch?v=92nLzMC-_kc