Hacking OTP access via IOSU kernel

[pokemonster]

You can't stop the trump,

Only Wall of wiiu can be passed !!!!!

 

[Kourin]

uh, here

Is this legit? Just scanned it and there's no threats. Don't want to brick though in case this is a joke.

 

[ScienceBETCH]

uh, here

Joined today?

dafuq is even going on



Bye guys

 

[Deleted User]

someone test that download? seems sketchy

 

[Aletron9000]

Is this legit? Just scanned it and there's no threats. Don't want to brick though in case this is a joke.

it works, no brick

 

[7Robins]

Is this legit? Just scanned it and there's no threats. Don't want to brick though in case this is a joke.

Scanned through it through a text reader, doesn't look like a troll.

Wonder what this does.

 

[TheZander]

uh, here

is there a way to combine this with wiilibu and build for 532?

 

[punderino]

Is this legit? Just scanned it and there's no threats. Don't want to brick though in case this is a joke.

Yeah, it is. Check the source of it. I don't know why they "leaked" it, it was public.

 

[7Robins]

is there a way to combine this with wiilibu and build for 532?

Oh my god, just update to 5.5.1 already.

 

[Deleted User]

is there a way to combine this with wiilibu and build for 532?

You really should update to 551, just sayin

 

[Deleted User]

if someone can confirm if it's real, can they upload to hbas please

 

[Angelcraft]

uh, here

Whats this??

 

[Dylon99]

Is this legit? Just scanned it and there's no threats. Don't want to brick though in case this is a joke.

Totally fake as fuck, just ran through the code all code that is made to brick your console. Don't run it.

 

[7Robins]

if someone can confirm if it's real, can they upload to hbas please

I'm tempted to try it out, but I have no idea how to and no idea what it would possibly do.

 

[Angelcraft]

What its that iosu.zip??

 

[7Robins]

So what does that do then if it's "real"?

 

[DeslotlCL]

I downloaded it because why the hell not.

 

[Ape8000]

Whats this??

Quick browse of the code, and it is just the OTP dump program

 

[Angelcraft]

Quick browse of the code, and it is just the OTP dump program

Oh
-snip-

 

[FIX94]

whatever that zip exactly is theres some interesting magic in it, now what does this do exactly?

    int(*disable_interrupts)() = (int(*)())0x0812E778;
    int(*enable_interrupts)(int) = (int(*)(int))0x0812E78C;
    void(*test_and_clean)() = (void(*)())0x0812DCE4;
    void(*invalidate_icache)() = (void(*)())0x0812DCF0;
    void(*drain_write_buffer)() = (void(*)())0x0812DCFC;

    int ay = disable_interrupts();
    test_and_clean();
    drain_write_buffer();
    *(int*)(0x1555500) = 0;
    invalidate_icache();
    enable_interrupts(ay);

 

[Deleted User]

Looks like the otp view Code

 

[7Robins]

Maybe it looks like the OTP view code because it exploits the same kernel?

 

[Kourin]

I'm tempted to be the guinea pig to be honest.

 

[Hillary_Clinton]

whatever that zip exactly is theres some interesting magic in it, now what does this do exactly?

    int(*disable_interrupts)() = (int(*)())0x0812E778;
    int(*enable_interrupts)(int) = (int(*)(int))0x0812E78C;
    void(*test_and_clean)() = (void(*)())0x0812DCE4;
    void(*invalidate_icache)() = (void(*)())0x0812DCF0;
    void(*drain_write_buffer)() = (void(*)())0x0812DCFC;

    int ay = disable_interrupts();
    test_and_clean();
    drain_write_buffer();
    *(int*)(0x1555500) = 0;
    invalidate_icache();
    enable_interrupts(ay);

I put that in there; I don't know if it makes a difference in code's execution. It's an instruction memory barrier. The entire .zip is only meant to return from a syscall and then branch to userland IOS-USB so we're not blocking the rest of IOSU from running. It's not really cool so there was like no reason to post it.

 

[FIX94]

the ppc side of it is just that otp viewer but the arm side now has different binaries and does just shut down the console, so I cant quite say what the point of it is.

 

[DeslotlCL]

I'm tempted to be the guinea pig to be honest.

just.do.it

 

[RevX1]

Maybe it looks like the OTP view code because it exploits the same kernel?

 

[Kourin]

I ran iosu.elf from the HBL. Unless I did something wrong it just restarted my console?