Possibility of haxchi using a wii u app?

Discussion in 'Wii U - Homebrew' started by Forgotten_Email, Jul 20, 2019.

  1. Forgotten_Email
    OP

    Forgotten_Email Member

    Newcomer
    1
    Mar 3, 2019
    United Kingdom
    Manchester, England
    Chances are this will never happen but out of curiousity would this work or even be possible?

    And yes I get haxchi's exploit can't be used on wii u apps but maybe someone could find something else
     
    wicksand420 likes this.
  2. Braedyn

    Braedyn Member

    Newcomer
    1
    Apr 17, 2019
    Australia
    Well, I know it requires a ds game. And replacing one of the stock apps is stupid. So probably crunchyroll or some other free app on the store COULD be replaced with haxchi, Chances of this happening are low, I mean pretty low. But there's a possibility.
     
  3. wicksand420

    wicksand420 GBAtemp Addict

    Member
    9
    Nov 13, 2016
    United States
    Replacing health and safety would be the best bet, if it was possible though, you think it would be done.
     
  4. Braedyn

    Braedyn Member

    Newcomer
    1
    Apr 17, 2019
    Australia
    Yea, health and safety would be best bet, but if you have Cold Boot Haxchi, then you wouldn't be able to uninstall it
     
  5. Forgotten_Email
    OP

    Forgotten_Email Member

    Newcomer
    1
    Mar 3, 2019
    United Kingdom
    Manchester, England
    The wii u scene is pretty much dead right now so I thought it'd be good to at least ask
     
    wicksand420 likes this.
  6. wicksand420

    wicksand420 GBAtemp Addict

    Member
    9
    Nov 13, 2016
    United States
    Yeah, no problem man, I'm not trying to discourage or anything, Its a very good question, one I've been wondering for a while.
     
    Forgotten_Email likes this.
  7. EmulateLife

    EmulateLife GBAtemp Psycho!

    Member
    7
    May 30, 2016
    United States
    The exploit devs found to use Haxchi was found in a purchased virtual console DS game. So that particular hack would only work with a purchased DS game. They would have to find a completely different exploit to be able to use a different Wii U app. I'm not a betting man but if I was since Wii U is dead I wouldn't count on it ever happening, but who knows. I would assume they've already looked and found no exploit.

    May as well just spend a small amount of coin and buy the DS game. It's probably the best exploit the Wii U will ever have.
     
    Last edited by EmulateLife, Jul 30, 2019
  8. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    22
    Oct 27, 2002
    France
    Engine room, learning
    you can use the browser with auto-load feature to acts almost like haxchi. it'll autoload the exploit and go into HBL directly, no link to press. of course, you lose the usage of the browser, but you can reset the autoload feature to get the normal browser usage.
    the only difference is that you don't have the config.txt and button combo to do homebrew shortcut, you have to actually launch these homebrew manually.

    haxchi : haxchi -> HBL
    browser : browser-> HBL
    see, identical, one click to hbl ;)

    from HBL, you can select "sigpatch2sysmenu" to patch signature and return to menu and launch a game, or "sigpatch2hbl" to patch signature and stay in hbl (to install a game).



    Now, if you want detailed explanation why haxchi work with NDS and not with any other apps :

    all apps contains 3 folders:
    code/
    content/
    meta/

    all the applications are located in /code/, and the folder is signed and checked at launch. it can't be patched or hacked.
    content/ contains (usually) very small data used by the app, like some pictures, sound, etc., nothing active which runs and affects the processor. this folder is not signed.
    meta/ contains info (game name, titleID, game icon, etc.), it's also not signed.

    To launch an unsigned/patched program, you'd need to edit the program located in /code/ but the console verify if it's signed, and therefore wouldn't launch it if you don't already have CFW (which haxchi will do, you don't have CFW before launching haxchi).

    It works with NDS games because nintendo placed a ROM inside the content/ folder.
    the emulator is in code/ untouched and signed, so the console verify if the file is the correct one and run the app without problem.
    then the emulator loads the NDS rom.zip located in content/ which is not verified, and is actually haxchi ROM instead of the NDS ROM game.
    haxchi is exploiting a vulnerability in the emulator's code, which makes the emulator crash the console and gain access to kernel. the exploit is inside the emulator, and not launched by the console. this is why the NDS game is required : the emulator in code is signed, loading an unsigned file in /content/ to make the emulator crash.


    other app "could" be used if they could be crashed by loading active code from content (like a ROM playing with CPU/GPU), but like I said the content/ folder mainly contains static data (picture, sound). most app have protection against exploit from these type of file, tiff image buffer overflow is not possible, etc.

    To use another app, you'd need an app which break after being loaded officially. only NDS and browser have been found with such vulnerability.
    it doesn't mean other app don't have vulnerabilities too, but nobody found any.
    You know, the DSI still has some new found released exploit, years later. it's just a matter of someone being interested enough in understanding and analyzing the program run on the console and notice a bug in nintendo's code which can be exploited.
    you don't search an exploit, you find bugs if you know very well how the console works and see a developer made a mistake. it doesn't mean it can be exploited every time.
     
    Last edited by Cyan, Jul 31, 2019
  9. Forgotten_Email
    OP

    Forgotten_Email Member

    Newcomer
    1
    Mar 3, 2019
    United Kingdom
    Manchester, England
    Interesting read, thx for the clarification. Issue for me with the browser auto-load is that the domain I use (wiidb.de) doesn't support autoload and every other website for me is broken.
    Hoping someone magically sits down and analyses some apps I guess
     
  10. EmulateLife

    EmulateLife GBAtemp Psycho!

    Member
    7
    May 30, 2016
    United States
    No offense but are you really that broke that you can't buy a cheap DS game? It's a one time purchase and you never have to use the browser exploit again.
     
  11. Forgotten_Email
    OP

    Forgotten_Email Member

    Newcomer
    1
    Mar 3, 2019
    United Kingdom
    Manchester, England
    I can and will but was just curious
     
  12. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    22
    Oct 27, 2002
    France
    Engine room, learning
    Ah, I didn't know the site wasn't compatible with autoload. But I don't see why, it's a trick to do console's side: load the page while you don't have internet access, shutdown the console by unplugging the cable (yes, do that). next time you launch the browser, it tries to load the last loaded URL before the "crash".

    you still have the option to host it yourself, or make a local server on your computer but it'll have to be powered every time you want to use your wiiu.
    I don't know if there are PHP servers for android/phone/tablet, it'll be more portable.
     
    Last edited by Cyan, Aug 2, 2019
    wicksand420 likes this.
  13. wicksand420

    wicksand420 GBAtemp Addict

    Member
    9
    Nov 13, 2016
    United States
    I bought brain age and installed cbhc, and never looked back, the game was only 7 bucks, and you can sign into your nintendo account on your computer and use any pre-payed credit card to purchase the game, then all you have to do is go on the eshop and download it
     
    Forgotten_Email likes this.
Quick Reply
Draft saved Draft deleted
Loading...