1. huma_dawii

    huma_dawii GBAtemp Psycho!
    Member

    Joined:
    Apr 3, 2014
    Messages:
    3,811
    Country:
    United States
    People need to see this as a way to fix or unbrick Wii Us not to see if its faster than Aroma or Haxchi... open your minds.
     
  2. ploggy

    ploggy WAKA! WAKA!
    Member

    Joined:
    Aug 29, 2007
    Messages:
    3,824
    Country:
    United Kingdom
    I think it was stated by rw that this wont fix already bricked WiiU's?
     
  3. huma_dawii

    huma_dawii GBAtemp Psycho!
    Member

    Joined:
    Apr 3, 2014
    Messages:
    3,811
    Country:
    United States
    Already bricked are gone forever unless a "different" nand copy can be written to the flash memory via hardmod... this will be useful for all the people from release date forward!
     
    ploggy likes this.
  4. Aheago

    Aheago Advanced Member
    Newcomer

    Joined:
    Jan 4, 2021
    Messages:
    69
    Country:
    United States
    Mission control is a pretty big project. Getting other console controllers working on the system natively and with potential motion controls in the future too? What’s not to love?
     
    Dark Ronin and Brawl345 like this.
  5. MarioSilva

    MarioSilva Advanced Member
    Newcomer

    Joined:
    Apr 3, 2017
    Messages:
    84
    Country:
    Brazil
    I think it's more about accessibility, but I don't know how many Switch consoles are exploitable nowadays compared to Wii U.
     
  6. Aheago

    Aheago Advanced Member
    Newcomer

    Joined:
    Jan 4, 2021
    Messages:
    69
    Country:
    United States
    Any/all launch consoles from the first year or so are exploitable. So it’s not that hard
     
  7. rw-r-r_0644

    rw-r-r_0644 GBAtemp Fan
    Member

    Joined:
    Jan 13, 2016
    Messages:
    351
    Country:
    Italy
    Hey, cool to see a thread about this!
    Just don't get too much excited, okay? :)

    This won't be released soon. I posted the vulnerability after bricking my remaining wiiu, so if I end up loosing interest or taking way too much time, other developers can potentially work on it; just in case here are a couple of technical notes (https://pastebin.com/G2jMGD2u). For now I'm having quite a bit of fun/learning while working on the exploit

    The Aroma environment will still provide all the cool features of interest to users and developers, such as plugins, patches, apps and more, it won't be replaced by this exploit; FailST could theoretically be replaced, but keeping it in place removes the need for signature patches. Compared to simply using FailST as a boot title, it doesn't offer significant advantages other than potentially a slightly faster boot (since Aroma wouldn't have to run a kernel/iosu exploit).

    The vulnerability might not be as dangerous as I originally thought, it seems that IOS-FS will panic before attempting to repair/write back the superblock, and by creating additional disallowed FST entries (such as a file inode with the first cluster >0xfffb) we can also provoke an IOS-FS superblock sanity check to fail; however that was only tested in an emulator so far, and I still don't know how the exploit interacts with OSv255 or other firmwares. Still probably a very good idea to only ever boot patched firmwares, though.
    A system update can easily fix the boot1 bug which causes this vulnerability, so update blocking patches are also important (as a boot1 update with the exploit installed would probably result in a brick). There is no hardware protection against downgrades, so ultimately it'll always be possible to restore a vulnerable boot1 version.

    In theory with isfshax installed, it should be possible to delete all the files in slc or slccmpt and still be able to recover via software from a backup; it won't save wiius if the boot1 blocks or the superblock where the exploit is installed are accidentally overwritten or damaged.

    As others already pointed out in this thread it also unfortunately doesn't allow previously bricked wiius to be restored. The superblock is authenticated with a sha1 hmac saved in the nand spare area, which requires the 20 byte per-console slc hmac key from otp to be generated. Assuming the key is randomly generated (this might also not be the case), it's unfeasible to bruteforce its 20 bytes.

    The exploit does not give access to anything that wasn't previously accessible, it only allows us to gain execution at an earlier time during the boot process. This is nice for projects such as linux-wiiu, and could potentially allow recovery tools or custom firmwares to be loaded early on startup.
    However, I don't have the energy to work on creating or maintaining a proper custom firmware or other useful tools to go along with this exploit, so if anything does ever get released it'll probably only be the entrypoint and a minimal set of patches that still allow IOSU to boot with the exploit installed.
     
    Last edited by rw-r-r_0644, Apr 12, 2021
  8. tfocosta

    tfocosta GBAtemp Z-Warrior
    Member

    Joined:
    Jun 2, 2020
    Messages:
    595
    Country:
    Canada
    That's amazing news! :D
     
  9. rw-r-r_0644

    rw-r-r_0644 GBAtemp Fan
    Member

    Joined:
    Jan 13, 2016
    Messages:
    351
    Country:
    Italy
    Adding the exploit to the wiiubrew wiki was probably a mistake on my part. I expected people to ignore it for the most (mostly potentially interesting some developers), or consider it a cool curiosity more than anything else. FailST is already an excellent coldboot solution, and should satisfy everyone that has been waiting for a free or faster Haxchi alternative; that's probably what you should look forward to, rather than isfshax.
    I have underestimated years of waiting for a boot1 coldboot exploit to come and somehow revive the wiiu scene, sorry about this
     
    Valery0p, piete, jacobsson and 5 others like this.
  10. mitcha

    mitcha مجاهد صنديد مقاتل عنيد
    Member

    Joined:
    Dec 20, 2015
    Messages:
    373
    Country:
    Algeria
    ppl tell the wiiu is a flop , but ppl are interested 10 years later , i loved my wiiu and still ;)
     
    piete, jeannotte and alexander1970 like this.
  11. alexander1970

    Member

    Joined:
    Nov 8, 2018
    Messages:
    13,193
    Country:
    Austria
    Yes,completely true. daumen.gif

    I am curious.Where are now the "Wii U is dead" Party ?
    We had enough unnecessarily bloated Threads about this Topic from so called Homebrew Experts (not really,ey ?)
    ...and now ? Huuuhuuuu......no ones there from that Fraction. zunge2.gif
     
    piete, XDeltaone, jeannotte and 3 others like this.
  12. stranno

    stranno GBAtemp Fan
    Member

    Joined:
    Feb 17, 2013
    Messages:
    374
    Country:
    Spain
    Looks interesting. Considering the Wii U is probably the slowest console of all time to reach the main menu, the earlies it can trigger the patches the best, I guess.
     
  13. mitcha

    mitcha مجاهد صنديد مقاتل عنيد
    Member

    Joined:
    Dec 20, 2015
    Messages:
    373
    Country:
    Algeria
    mostly there was Games magasines and Games TV's who killed the WiiU by a bullet in the head , the first bullet shooted by Nintendo (the name of the wiiu=wii)
    this is i think what kills the wiiu.
    we got zelda Botw ;) and that's how miyamoto/aonuma honor it.
     
    jeannotte and alexander1970 like this.
  14. duwen

    duwen Old Man Yoshi
    Member

    Joined:
    Sep 6, 2013
    Messages:
    2,230
    Country:
    United Kingdom
    Yeah, I don't understand the mindset of any of those that think only exploits/hacks/homebrew for current systems are worthwhile... personally, I'm loving all the recent work being done in the PS/PS2/Vita/WiiU scenes more than anything for newer systems.

    I spent most of this past weekend testing all of my legit PS1 import disks with Tonyhax on my PS2 and had a great time! Ended up on ebay buying more PS1 memory cards!
     
  15. whitezombie

    whitezombie Member
    Newcomer

    Joined:
    Apr 11, 2021
    Messages:
    17
    Country:
    United States
    Fantastic news! Really excited to see what gets developed!
     
  16. wolf-snake

    wolf-snake GBAtemp Maniac
    Member

    Joined:
    Feb 5, 2009
    Messages:
    1,322
    Country:
    Mexico
    Ehhh i had better luck getting a ps5 than an exploitable Switch.
     
  17. BaamAlex

    BaamAlex CVE-2018-6242
    Member

    Joined:
    Jul 23, 2018
    Messages:
    3,663
    Country:
    Germany
    Getting an exploitable switch is easy af.
     
  18. wolf-snake

    wolf-snake GBAtemp Maniac
    Member

    Joined:
    Feb 5, 2009
    Messages:
    1,322
    Country:
    Mexico
    Not if the guy who's selling it knows exactly why you want it and wants to charge you up the ass for it. Would be easier if i had access to the US but... You know.
     
    ShadowOne333, MarioSilva and tivu100 like this.
  19. tivu100

    tivu100 GBAtemp Addict
    Member

    Joined:
    Jun 6, 2015
    Messages:
    2,250
    Country:
    United States
    It all boils down to the demand and supply.

    In Mexico, perhaps since PS5 is not exploitable, its (black market) price peak, as not as much demand. It's riskier for scalpers to hold on to expensive PS5 that depreciate once more consoles become available.

    On the other hand, in US, the market for unexploitable console is always big. Not only now due to the pandemic. This however makes second hand exploitable Switch consoles more available, as people would "upgrade" (not worth it), so they want to rid themselves of older version. Many are unaware of the exploitable value of their old Switch.
     
  20. Magnus Hydra

    Magnus Hydra 004d00610067006e00750073002000480079006400720061
    Member

    Joined:
    Dec 12, 2011
    Messages:
    129
    Country:
    United States
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - coldboot, exploit, found