Homebrew Possibility of haxchi using a wii u app?

Braedyn

Active Member
Newcomer
Joined
Apr 17, 2019
Messages
27
Trophies
0
Age
33
XP
102
Country
Australia
Well, I know it requires a ds game. And replacing one of the stock apps is stupid. So probably crunchyroll or some other free app on the store COULD be replaced with haxchi, Chances of this happening are low, I mean pretty low. But there's a possibility.
 

Braedyn

Active Member
Newcomer
Joined
Apr 17, 2019
Messages
27
Trophies
0
Age
33
XP
102
Country
Australia
Yea, health and safety would be best bet, but if you have Cold Boot Haxchi, then you wouldn't be able to uninstall it
 

EmulateLife

Well-Known Member
Member
Joined
May 30, 2016
Messages
3,979
Trophies
0
Age
42
XP
1,889
Country
United States
The exploit devs found to use Haxchi was found in a purchased virtual console DS game. So that particular hack would only work with a purchased DS game. They would have to find a completely different exploit to be able to use a different Wii U app. I'm not a betting man but if I was since Wii U is dead I wouldn't count on it ever happening, but who knows. I would assume they've already looked and found no exploit.

May as well just spend a small amount of coin and buy the DS game. It's probably the best exploit the Wii U will ever have.
 
Last edited by EmulateLife,

Cyan

GBATemp's lurking knight
Former Staff
Joined
Oct 27, 2002
Messages
23,746
Trophies
4
Age
46
Location
Engine room, learning
XP
15,663
Country
France
you can use the browser with auto-load feature to acts almost like haxchi. it'll autoload the exploit and go into HBL directly, no link to press. of course, you lose the usage of the browser, but you can reset the autoload feature to get the normal browser usage.
the only difference is that you don't have the config.txt and button combo to do homebrew shortcut, you have to actually launch these homebrew manually.

haxchi : haxchi -> HBL
browser : browser-> HBL
see, identical, one click to hbl ;)

from HBL, you can select "sigpatch2sysmenu" to patch signature and return to menu and launch a game, or "sigpatch2hbl" to patch signature and stay in hbl (to install a game).



Now, if you want detailed explanation why haxchi work with NDS and not with any other apps :

all apps contains 3 folders:
code/
content/
meta/

all the applications are located in /code/, and the folder is signed and checked at launch. it can't be patched or hacked.
content/ contains (usually) very small data used by the app, like some pictures, sound, etc., nothing active which runs and affects the processor. this folder is not signed.
meta/ contains info (game name, titleID, game icon, etc.), it's also not signed.

To launch an unsigned/patched program, you'd need to edit the program located in /code/ but the console verify if it's signed, and therefore wouldn't launch it if you don't already have CFW (which haxchi will do, you don't have CFW before launching haxchi).

It works with NDS games because nintendo placed a ROM inside the content/ folder.
the emulator is in code/ untouched and signed, so the console verify if the file is the correct one and run the app without problem.
then the emulator loads the NDS rom.zip located in content/ which is not verified, and is actually haxchi ROM instead of the NDS ROM game.
haxchi is exploiting a vulnerability in the emulator's code, which makes the emulator crash the console and gain access to kernel. the exploit is inside the emulator, and not launched by the console. this is why the NDS game is required : the emulator in code is signed, loading an unsigned file in /content/ to make the emulator crash.


other app "could" be used if they could be crashed by loading active code from content (like a ROM playing with CPU/GPU), but like I said the content/ folder mainly contains static data (picture, sound). most app have protection against exploit from these type of file, tiff image buffer overflow is not possible, etc.

To use another app, you'd need an app which break after being loaded officially. only NDS and browser have been found with such vulnerability.
it doesn't mean other app don't have vulnerabilities too, but nobody found any.
You know, the DSI still has some new found released exploit, years later. it's just a matter of someone being interested enough in understanding and analyzing the program run on the console and notice a bug in nintendo's code which can be exploited.
you don't search an exploit, you find bugs if you know very well how the console works and see a developer made a mistake. it doesn't mean it can be exploited every time.
 
Last edited by Cyan,

Forgotten_Email

Well-Known Member
OP
Newcomer
Joined
Mar 3, 2019
Messages
47
Trophies
0
Location
Manchester, England
XP
241
Country
United Kingdom
you can use the browser with auto-load feature to acts almost like haxchi. it'll autoload the exploit and go into HBL directly, no link to press. of course, you lose the usage of the browser, but you can reset the autoload feature to get the normal browser usage.
the only difference is that you don't have the config.txt and button combo to do homebrew shortcut, you have to actually launch these homebrew manually.

haxchi : haxchi -> HBL
browser : browser-> HBL
see, identical, one click to hbl ;)

from HBL, you can select "sigpatch2sysmenu" to patch signature and return to menu and launch a game, or "sigpatch2hbl" to patch signature and stay in hbl (to install a game).



Now, if you want detailed explanation why haxchi work with NDS and not with any other apps :

all apps contains 3 folders:
code/
content/
meta/

all the applications are located in /code/, and the folder is signed and checked at launch. it can't be patched or hacked.
content/ contains (usually) very small data used by the app, like some pictures, sound, etc., nothing active which runs and affects the processor. this folder is not signed.
meta/ contains info (game name, titleID, game icon, etc.), it's also not signed.

To launch an unsigned/patched program, you'd need to edit the program located in /code/ but the console verify if it's signed, and therefore wouldn't launch it if you don't already have CFW (which haxchi will do, you don't have CFW before launching haxchi).

It works with NDS games because nintendo placed a ROM inside the content/ folder.
the emulator is in code/ untouched and signed, so the console verify if the file is the correct one and run the app without problem.
then the emulator loads the NDS rom.zip located in content/ which is not verified, and is actually haxchi ROM instead of the NDS ROM game.
haxchi is exploiting a vulnerability in the emulator's code, which makes the emulator crash the console and gain access to kernel. the exploit is inside the emulator, and not launched by the console. this is why the NDS game is required : the emulator in code is signed, loading an unsigned file in /content/ to make the emulator crash.


other app "could" be used if they could be crashed by loading active code from content (like a ROM playing with CPU/GPU), but like I said the content/ folder mainly contains static data (picture, sound). most app have protection against exploit from these type of file, tiff image buffer overflow is not possible, etc.

To use another app, you'd need an app which break after being loaded officially. only NDS and browser have been found with such vulnerability.
it doesn't mean other app don't have vulnerabilities too, but nobody found any.
You know, the DSI still has some new found released exploit, years later. it's just a matter of someone being interested enough in understanding and analyzing the program run on the console and notice a bug in nintendo's code which can be exploited.
you don't search an exploit, you find bugs if you know very well how the console works and see a developer made a mistake. it doesn't mean it can be exploited every time.

Interesting read, thx for the clarification. Issue for me with the browser auto-load is that the domain I use (wiidb.de) doesn't support autoload and every other website for me is broken.
Hoping someone magically sits down and analyses some apps I guess
 

EmulateLife

Well-Known Member
Member
Joined
May 30, 2016
Messages
3,979
Trophies
0
Age
42
XP
1,889
Country
United States
Interesting read, thx for the clarification. Issue for me with the browser auto-load is that the domain I use (wiidb.de) doesn't support autoload and every other website for me is broken.
Hoping someone magically sits down and analyses some apps I guess

No offense but are you really that broke that you can't buy a cheap DS game? It's a one time purchase and you never have to use the browser exploit again.
 

Cyan

GBATemp's lurking knight
Former Staff
Joined
Oct 27, 2002
Messages
23,746
Trophies
4
Age
46
Location
Engine room, learning
XP
15,663
Country
France
Interesting read, thx for the clarification. Issue for me with the browser auto-load is that the domain I use (wiidb.de) doesn't support autoload and every other website for me is broken.
Hoping someone magically sits down and analyses some apps I guess
Ah, I didn't know the site wasn't compatible with autoload. But I don't see why, it's a trick to do console's side: load the page while you don't have internet access, shutdown the console by unplugging the cable (yes, do that). next time you launch the browser, it tries to load the last loaded URL before the "crash".

you still have the option to host it yourself, or make a local server on your computer but it'll have to be powered every time you want to use your wiiu.
I don't know if there are PHP servers for android/phone/tablet, it'll be more portable.
 
Last edited by Cyan,
  • Like
Reactions: wicksand420

wicksand420

Well-Known Member
Member
Joined
Nov 13, 2016
Messages
2,787
Trophies
1
Age
39
XP
2,296
Country
United States
I can and will but was just curious
I bought brain age and installed cbhc, and never looked back, the game was only 7 bucks, and you can sign into your nintendo account on your computer and use any pre-payed credit card to purchase the game, then all you have to do is go on the eshop and download it
 
  • Like
Reactions: Forgotten_Email

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: https://youtu.be/Iqk4BeTx-3M?si=bSBVOd68JRkdORgv