Hacking ROP from within IOS_USB (5.5.1)

  • Thread starter Thread starter Hillary_Clinton
  • Start date Start date
  • Views Views 99,762
  • Replies Replies 258
  • Likes Likes 41
Maybe you are moving the names in the wrong column... Anyway the WiFi otp dumper works great. You need loadiine-compiled udp server and you need to modify the ip of your pc IP in the WiFi otp tool sources (or hex edit the compiled elf at offset 0x00008A2C, 4 bytes starting with C0; do it at your own risk!!).

Launch the server on your pc and press " f " to start logging; go to wiiu and execute the WiFi otp tool and wait for the on screen dump; go back to your pc, you should see data streamed via udp; press " f " again to save the log.
 
Last edited by asper,
Maybe you are moving the names in the wrong column... Anyway the WiFi otp dumper works great. You need loadiine-compiled udp server and you need to modify the ip of your pc IP in the WiFi otp tool sources (or hex edit the compiled elf at offset 0x00008A2C, 4 bytes starting with C0).

Launch the server on your pc and press " f " to start logging; go to wiiu and execute the WiFi otp tool and wait for the on screen dump; go back to your pc, you should see data streamed via udp; press " f " again to save the log.
Can you post the compiled elf here? Can't seem to compile it...
 
out of curiosity since it was stressed not to share the key with anyone. What could someone do with it to screw them over? Console ID kind of stuff, for online ban evasion or something?
 
out of curiosity since it was stressed not to share the key with anyone. What could someone do with it to screw them over? Console ID kind of stuff, for online ban evasion or something?
You shouldn't share it because it is copyrighted data. Not because it's Personally Identifiable.
 
You shouldn't share it because it is copyrighted data. Not because it's Personally Identifiable.
that's it? I was guessing there was some unique part of it that could be duped on another console or something. How would Nintendo even recognize the millions of crazy long keys. I understand that they wouldn't without proper context, but even then I don't get how it's enough.
 
that's it? I was guessing there was some unique part of it that could be duped on another console or something. How would Nintendo even recognize the millions of crazy long keys. I understand that they wouldn't without proper context, but even then I don't get how it's enough.
If it was possible to overwrite a ONE TIME PROGRAMMABLE rom, the console would most likely not boot because some of the keys in the otp are required to properly decrypt data on the nananannand.
 
Abusive request: Could somebody make a version of Trump's dumper that dumps the SEEPROM instead?
 
quick thing:
I'm Trump, and I didn't work on it at all. That's dimok, Maschell, QuarkTheAwesome, and kanye_west's work, among others.

I believe IOS-KERNEL has all the permissions needed to dump it, but it's down to actually implementing it, and not much is documented about the SEEPROM from what I know.
First, thanks everyone for the dumper.
I was reading on wiibrew, not even the wii seeprom has information about reading it. Maybe tueidj knows something about it on the Wii U? He wrote the seeprom.c used in this tool https://gbatemp.net/threads/koreankii-add-or-remove-the-korean-key.336940/
 
Use a toothpick and a pair of tweezer. Use the tooth pick to try and release the push latch in the back by pushing in (it should feel springy, dont force it), then use the tweezers to pull it out, alternatively use two toothpicks.

if you cant, try to remove the piece without undoing the latch. If you can get the piece out, carefully force a good sd card in, then remove like normal.
Where is the springy thing?
 

Site & Scene News

Popular threads in this forum