Hacking ROP from within IOS_USB (5.5.1)

A

asper

Well-Known Member
Member
Level 10
Joined
May 14, 2010
Messages
942
Trophies
1
XP
2,030
Country
United States
Maybe you are moving the names in the wrong column... Anyway the WiFi otp dumper works great. You need loadiine-compiled udp server and you need to modify the ip of your pc IP in the WiFi otp tool sources (or hex edit the compiled elf at offset 0x00008A2C, 4 bytes starting with C0; do it at your own risk!!).

Launch the server on your pc and press " f " to start logging; go to wiiu and execute the WiFi otp tool and wait for the on screen dump; go back to your pc, you should see data streamed via udp; press " f " again to save the log.
 
Last edited by asper,
thisisallowed

thisisallowed

中国御宅族
Member
Level 3
Joined
Oct 8, 2015
Messages
621
Trophies
0
Age
114
Location
Jinan, Shandong
XP
371
Country
China
asper said:
Maybe you are moving the names in the wrong column... Anyway the WiFi otp dumper works great. You need loadiine-compiled udp server and you need to modify the ip of your pc IP in the WiFi otp tool sources (or hex edit the compiled elf at offset 0x00008A2C, 4 bytes starting with C0).

Launch the server on your pc and press " f " to start logging; go to wiiu and execute the WiFi otp tool and wait for the on screen dump; go back to your pc, you should see data streamed via udp; press " f " again to save the log.
Click to expand...
Can you post the compiled elf here? Can't seem to compile it...
 
TheZander

TheZander

1337
Member
Level 13
Joined
Feb 1, 2008
Messages
2,136
Trophies
2
Location
Level 7
XP
3,860
Country
United States
out of curiosity since it was stressed not to share the key with anyone. What could someone do with it to screw them over? Console ID kind of stuff, for online ban evasion or something?
 
Conn0r

Conn0r

Well-Known Member
Member
Level 5
Joined
Jan 10, 2016
Messages
355
Trophies
0
Age
27
XP
718
Country
United States
TheZander said:
out of curiosity since it was stressed not to share the key with anyone. What could someone do with it to screw them over? Console ID kind of stuff, for online ban evasion or something?
Click to expand...
You shouldn't share it because it is copyrighted data. Not because it's Personally Identifiable.
 
TheZander

TheZander

1337
Member
Level 13
Joined
Feb 1, 2008
Messages
2,136
Trophies
2
Location
Level 7
XP
3,860
Country
United States
Conn0r said:
You shouldn't share it because it is copyrighted data. Not because it's Personally Identifiable.
Click to expand...
that's it? I was guessing there was some unique part of it that could be duped on another console or something. How would Nintendo even recognize the millions of crazy long keys. I understand that they wouldn't without proper context, but even then I don't get how it's enough.
 
Conn0r

Conn0r

Well-Known Member
Member
Level 5
Joined
Jan 10, 2016
Messages
355
Trophies
0
Age
27
XP
718
Country
United States
TheZander said:
that's it? I was guessing there was some unique part of it that could be duped on another console or something. How would Nintendo even recognize the millions of crazy long keys. I understand that they wouldn't without proper context, but even then I don't get how it's enough.
Click to expand...
If it was possible to overwrite a ONE TIME PROGRAMMABLE rom, the console would most likely not boot because some of the keys in the otp are required to properly decrypt data on the nananannand.
 
Pachee

Pachee

Well-Known Member
Member
Level 5
Joined
Nov 3, 2015
Messages
480
Trophies
0
XP
562
Country
United States
Sans-Serif said:
quick thing:
I'm Trump, and I didn't work on it at all. That's dimok, Maschell, QuarkTheAwesome, and kanye_west's work, among others.

I believe IOS-KERNEL has all the permissions needed to dump it, but it's down to actually implementing it, and not much is documented about the SEEPROM from what I know.
Click to expand...
First, thanks everyone for the dumper.
I was reading on wiibrew, not even the wii seeprom has information about reading it. Maybe tueidj knows something about it on the Wii U? He wrote the seeprom.c used in this tool https://gbatemp.net/threads/koreankii-add-or-remove-the-korean-key.336940/
 
M

Mario10095

Well-Known Member
Newcomer
Level 1
Joined
Apr 25, 2016
Messages
67
Trophies
0
Age
30
XP
93
Country
United States
EclipseSin said:
Use a toothpick and a pair of tweezer. Use the tooth pick to try and release the push latch in the back by pushing in (it should feel springy, dont force it), then use the tweezers to pull it out, alternatively use two toothpicks.

if you cant, try to remove the piece without undoing the latch. If you can get the piece out, carefully force a good sd card in, then remove like normal.
Click to expand...
Where is the springy thing?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

A really, REALLY old browser exploit (for 5.3.2)?

Gaming  Online services for the 3DS and Wii U have been shutdown. Here is how to get back online!

Hacking Hardware  Wii U No Display (Logs dumped)

Hacking Gaming  Xenoblade Chronicles X - Lifeline and Enhancement Mod

Super Mario Maker Save Collection (All Event and Staff Courses Preserved, 3DS Mario Challenge Port, and More)

Watch videos on Wii U, offline, saved on SD?

Can you hack your wii u with something other than sd card

Pretendo not working with updated games?!

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: 24,000 hmmmm lol