Hacking ROP from within IOS_USB (5.5.1)

[NexoCube]

Yeah now it makes more sense on the adress you used

IOS_USB:1012EABC SysCall_0x00_IOS_USB
IOS_USB:1012EABC UND #0 // IOS_CreateThread

 

[SciresM]

I think it could be just a minor, calculated leak to boost the scene a bit. A major leak would just make Team SALT stop their efforts and most likely never release anything.

It's not a leak. Implementations of the ROP are wildly different, I know the ROP I have is very different from SALT's ROP, and this ROP is different from the one I have.

Here's my arbitrary write implementation from July, if it adds any credence.

 

[CreAtor135]

frisbiiU.rpx
Is that Nintendo's code for throwing a bone to Wii U owners?

That reminds me of the initial Wii U reveal trailer, where they showed off the interaction between the gamepad and the tv.

 

[Chakratos]

it's a small step in the right direction for a fully hacked Wii U, maybe the dev of this can collaborate with the guys from SALT to get the IOSU done

IOSU is released a page back didn't you see?
Everyone who said IOSU will make anything better, where are they now?

Its released and we can do anything we wan't.

But anyone has to so something with it.

Its nearly the same as before, when no one develops anything, we have nothing.

I bet many things you all are screaming for is possible with "just" Userland/Kernal access..

But thats just my way of thinking..

Enough of ranting.
With iosu access can't we use Smeas tools now if we launch them trough hilarys ROP?

 

[NexoCube]

Hey everyone, now we have a IOSU Kernel Exploit here's my plan if any developers want more space to do their homebrew

- Disable the memory protection (NX) with a function that is located at 0x08XXXXXX or 0x8XXXXXXX (i don't remember, i'll update once i've founded it back)
- Now, write your code in the memory then execute it !

And yeah pretty much infinite memory space

 

[thisisallowed]

Knowing Smea's tools, they can lead to piracy without anything else (WUPserver=CTRclient for Wii U). So if someone manages to launch the patched firm with this, it will be effectively like the old (Palantine) 3DS CFW but for the Wii U. But, hopefully stable.

 

[NexoCube]

Maybe someone patient will make a elf loader with just ROP x)

 

[Deleted User]

Nice to see we are finally getting somewhere!

 

[Deleted User]

I noticed there isn't a pre-built ELF in this thread yet for users to try out if they're unable to compile the source, so I took the liberty (again) of compiling it.

Working like a charm on my end.

 

[AboodXD]

Can't we just use ROP for everything, or do we still need to make an exploit?

Sorry, I don't know that much about exploiting...

 

[thisisallowed]

Can't we just use ROP for everything, or do we still need to make an exploit?

Sorry, I don't know that much about exploiting...

Pretty sure this isn't just ROP anymore. We have the exploit.

 

[iAqua]

Can't we just use ROP for everything, or do we still need to make an exploit?

Sorry, I don't know that much about exploiting...

Pretty sure this isn't just ROP anymore. We have the exploit.

Yeah, it's a full IOSU exploit here.

--------------------- MERGED ---------------------------

Developing a CFW takes time and it's very risky since the Wii U seems pretty easy to get bricked.. You see how SALT team hasn't released anything yet, not even a demo.

Loadiine is already very advanced so I"m sure we'll get a new version of it, with USB access and most likely functional online play.

First of all, sorry for a late response. And now to answer your post, it really won't take that long for a CFW to be created, we already have a base with iosuhax. Someone just needs to put them together.

 

[thisisallowed]

Yeah, it's a full IOSU exploit here.

--------------------- MERGED ---------------------------


First of all, sorry for a late response. And now to answer your post, it really won't take that long for a CFW to be created, we already have a base with iosuhax. Someone just needs to put them together.

In fact, IOSUhax looks very similar to Palantine CFW for the 3DS. There are 4 things that set them apart tho:
1. IOSUhax is open source
2. IOSUhax doesn't have vurns. Palantine had unstable vulns.
3.IOSUhax works on the latest version
4.Wii U doesn't have an unsigned WUP installer, other than wupserver.

 

[iAqua]

In fact, IOSUhax looks very similar to Palantine CFW for the 3DS. There are 4 things that set them apart tho:
1. IOSUhax is open source
2. IOSUhax doesn't have vurns. Palantine had unstable vulns.
3.IOSUhax works on the latest version
4.Wii U doesn't have an unsigned WUP installer, other than wupserver.

I'm sure there's a Wii U version of DevMenu. http://gbatemp.net/threads/wii-u-system_config_tool-devmenu.431270/

 

[PabloMK7]

I'm pretty sure there's a Wii U version of DevMenu.

http://gbatemp.net/threads/wii-u-system_config_tool-devmenu.431270/

 

[Deleted User]

So...we finally have an IOSU exploit? Sorta?

 

[iAqua]

So...we finally have an IOSU exploit? Sorta?

Yeah, pretty much.

 

[Deleted User]

Also and I think this should be stickied

 

[drewby]

Now all I need is someone to compile the IOSU exploit, host it on a public server, and Loadiine to get USB support.

 

[NWPlayer123]

Now all I need is someone to compile the IOSU exploit, host it on a public server, and Loadiine to get USB support.

People who only want loadiine USB "backup" support count: 1