simple iosu communication

[Mrrraou]

And everyone now knows that we were working on WUPDowngrader, gg. <3

--------------------- MERGED ---------------------------


I know he's just testing. Did you not read what I said in my first fucking post?

it was already known, just by following JustPingo or even TiniVi on Twitter. And you weren't part of it, afaik.

 

[punderino]

it was already known, just by following JustPingo or even TiniVi on Twitter. And you weren't part of it, afaik.

I tested 2 versions of it, and I corrected myself. <3

 

[V1Cammy]

wait.... ... it jumps right to system mode... ugh..... -_________- once the call is made
....
debug_print_bad_stack ; Bad stack upon making system call:tid=%d,pid=%d,sp=0x%08x,sysCallNum=%d\n -_-

 

[Veho]

Behave

 

[V1Cammy]

dont overwrite the wrong instruction now... otherwise you wont break in on where you want to jump...

 

[sdtg34520]

>get home
>this thread
holy shit it's a graveyard in here

--------------------- MERGED ---------------------------

If you want IOSU access, hardmod your Wii U and either help test for other developers, or work on it yourself. Don't just bitch about Ryan :S

 

[KytuzuEX]

What exactly is this?
Some information progress about IOSU?

Anyways, since IOSU is being mentioned more often, I wanted to finally ask... when approximately is going to be "announced" as finished or released?

 

[jbuck1975]

What exactly is this?
Some information progress about IOSU?

Anyways, since IOSU is being mentioned more often, I wanted to finally ask... when approximately is going to be "announced" as finished or released?

Christmas

 

[KytuzuEX]

Christmas

Like the last year?

Winter 2016 then.

 

[Kafluke]

Like the last year?

Winter 2016 then.

It's a joke. The last time it was promised was Christmas. It's a big no no on gbatemp to ask for a release date of iosu

 

[jbuck1975]

Like the last year?

Winter 2016 then.

I didn't say what year

 

[punderino]

Christmas

wrong

 

[V1Cammy]

What exactly is this?
Some information progress about IOSU?

Anyways, since IOSU is being mentioned more often, I wanted to finally ask... when approximately is going to be "announced" as finished or released?

well that depends do you care to follow so far about the documentation on whats known on iosu.

 

[V1Cammy]

and btw .... as for iosu and the elf that was provided from the google link
sure one can say it is bullshit filesystem calls for ioctl but look
at the asm....it is a elf loader.... being tested.-0x20(sp) when stack pointer... clears its register... but it has already been set if you go to ->.text:00807164 addi sp, sp, 0x20<-

ppc64 assembly really isnt as complicated...as what ppl think.

now to be more precise yes they added trolling msg to hykem which is clear.
but look through the subroutine ....it is a ELF Loader.... But they added their own stupid message because they did so...

.text:008070A0 # =============== S U B R O U T I N E =======================================
.text:008070A0
.text:008070A0
.text:008070A0 sub_8070A0: # CODE XREF: .text:00802650p
.text:008070A0 stwu sp, -0x20(sp)
.text:008070A4 mflr r0
.text:008070A8 stw r27, 0xC(sp)
.text:008070AC lis r27, [email protected]
.text:008070B0 lwz r9, (dword_808E00 & 0xFFFF)(r27)
.text:008070B4 stw r28, 0x10(sp)
.text:008070B8 lis r28, [email protected]
.text:008070BC stw r0, 0x24(sp)
.text:008070C0 mtctr r9
.text:008070C4 stw r26, 8(sp)
.text:008070C8 stw r29, 0x14(sp)
.text:008070CC lis r29, [email protected]
.text:008070D0 stw r30, 0x18(sp)
.text:008070D4 lis r30, [email protected]
.text:008070D8 stw r31, 0x1C(sp)
.text:008070DC lis r31, [email protected]
.text:008070E0 lwz r3, (dword_808E4C & 0xFFFF)(r28)
.text:008070E4 bctrl
.text:008070E8 lwz r9, (dword_808DE8 & 0xFFFF)(r29)
.text:008070EC li r3, 0
.text:008070F0 lwz r26, (dword_808DF4 & 0xFFFF)(r30)
.text:008070F4 mtctr r9
.text:008070F8 bctrl
.text:008070FC li r4, 3
.text:00807100 mtctr r26
.text:00807104 bctrl
.text:00807108 lwz r9, (dword_808E00 & 0xFFFF)(r27)
.text:0080710C lwz r3, (dword_808E50 & 0xFFFF)(r31)
.text:00807110 li r27, -1
.text:00807114 mtctr r9
.text:00807118 stw r27, (dword_808E4C & 0xFFFF)(r28)
.text:0080711C bctrl
.text:00807120 lwz r9, (dword_808DE8 & 0xFFFF)(r29)
.text:00807124 li r3, 8
.text:00807128 lwz r30, (dword_808DF4 & 0xFFFF)(r30)
.text:0080712C mtctr r9
.text:00807130 bctrl
.text:00807134 mtctr r30
.text:00807138 li r4, 3
.text:0080713C bctrl
.text:00807140 lwz r0, 0x24(sp)
.text:00807144 stw r27, (dword_808E50 & 0xFFFF)(r31)
.text:00807148 mtlr r0
.text:0080714C lwz r26, 8(sp)
.text:00807150 lwz r27, 0xC(sp)
.text:00807154 lwz r28, 0x10(sp)
.text:00807158 lwz r29, 0x14(sp)
.text:0080715C lwz r30, 0x18(sp)
.text:00807160 lwz r31, 0x1C(sp)
.text:00807164 addi sp, sp, 0x20
.text:00807168 blr

--------------------- MERGED ---------------------------

on another short note... .text:00807150 lwz r27, 0xC(sp)=
0xC

SORecvFrom (int socket, char * message, int msg_len, int flags)

http://wiibrew.org/wiki/Socket

 

[NexoCube]

and btw .... as for iosu and the elf that was provided from the google link
sure one can say it is bullshit filesystem calls for ioctl but look
at the asm....it is a elf loader.... being tested.-0x20(sp) when stack pointer... clears its register... but it has already been set if you go to ->.text:00807164 addi sp, sp, 0x20<-

ppc64 assembly really isnt as complicated...as what ppl think.

now to be more precise yes they added trolling msg to hykem which is clear.
but look through the subroutine ....it is a ELF Loader.... But they added their own stupid message because they did so...

.text:008070A0 # =============== S U B R O U T I N E =======================================
.text:008070A0
.text:008070A0
.text:008070A0 sub_8070A0: # CODE XREF: .text:00802650p
.text:008070A0 stwu sp, -0x20(sp)
.text:008070A4 mflr r0
.text:008070A8 stw r27, 0xC(sp)
.text:008070AC lis r27, [email protected]
.text:008070B0 lwz r9, (dword_808E00 & 0xFFFF)(r27)
.text:008070B4 stw r28, 0x10(sp)
.text:008070B8 lis r28, [email protected]
.text:008070BC stw r0, 0x24(sp)
.text:008070C0 mtctr r9
.text:008070C4 stw r26, 8(sp)
.text:008070C8 stw r29, 0x14(sp)
.text:008070CC lis r29, [email protected]
.text:008070D0 stw r30, 0x18(sp)
.text:008070D4 lis r30, [email protected]
.text:008070D8 stw r31, 0x1C(sp)
.text:008070DC lis r31, [email protected]
.text:008070E0 lwz r3, (dword_808E4C & 0xFFFF)(r28)
.text:008070E4 bctrl
.text:008070E8 lwz r9, (dword_808DE8 & 0xFFFF)(r29)
.text:008070EC li r3, 0
.text:008070F0 lwz r26, (dword_808DF4 & 0xFFFF)(r30)
.text:008070F4 mtctr r9
.text:008070F8 bctrl
.text:008070FC li r4, 3
.text:00807100 mtctr r26
.text:00807104 bctrl
.text:00807108 lwz r9, (dword_808E00 & 0xFFFF)(r27)
.text:0080710C lwz r3, (dword_808E50 & 0xFFFF)(r31)
.text:00807110 li r27, -1
.text:00807114 mtctr r9
.text:00807118 stw r27, (dword_808E4C & 0xFFFF)(r28)
.text:0080711C bctrl
.text:00807120 lwz r9, (dword_808DE8 & 0xFFFF)(r29)
.text:00807124 li r3, 8
.text:00807128 lwz r30, (dword_808DF4 & 0xFFFF)(r30)
.text:0080712C mtctr r9
.text:00807130 bctrl
.text:00807134 mtctr r30
.text:00807138 li r4, 3
.text:0080713C bctrl
.text:00807140 lwz r0, 0x24(sp)
.text:00807144 stw r27, (dword_808E50 & 0xFFFF)(r31)
.text:00807148 mtlr r0
.text:0080714C lwz r26, 8(sp)
.text:00807150 lwz r27, 0xC(sp)
.text:00807154 lwz r28, 0x10(sp)
.text:00807158 lwz r29, 0x14(sp)
.text:0080715C lwz r30, 0x18(sp)
.text:00807160 lwz r31, 0x1C(sp)
.text:00807164 addi sp, sp, 0x20
.text:00807168 blr

--------------------- MERGED ---------------------------

on another short note... .text:00807150 lwz r27, 0xC(sp)=
0xC

SORecvFrom (int socket, char * message, int msg_len, int flags)

http://wiibrew.org/wiki/Socket

I tried it by myself and it's just calling IOS-NET modules function and prints out ssid and key

 

[V1Cammy]

I tried it by myself and it's just calling IOS-NET modules function and prints out ssid and key

unless ppl decide to go further on the elf loader thats pretty much a "Example"
as what ppl are wanting for stupid messages aside.

--------------------- MERGED ---------------------------

I tried it by myself and it's just calling IOS-NET modules function and prints out ssid and key

you are correct as one can simply see the modules ...the elf makes it too obvious the control flow....

 

[V1Cammy]

and for extra referrence ioctl output is mflr r0

your welcome. Look the routines!

 

[EpicLPer]

BullShit or HotShit?

 

[V1Cammy]

sub_4EB770
STMFD SP!, {R4-R7}
MOV R0, SP
LDR R5, =0x1FF80000
MOV R0, R0,LSR#12
MOV R12, #0x80000
MOV R0, R0,LSL#12
MOV R3, #0
STR R5, [R0,#8]
STR R12, [R0,#0xC]
MOV R6, #8
STR R3, [R0,#0x18]
MOV R7, #0xC8 ; '+'
STR R6, [R0,#4]
MOV R1, #0x2C ; ','
STR R7, [R0]
STR R1, [R0,#0x20]
LDR R4, =0xFFF318D4
LDR R12, =0xFFF31FFC
STR R3, [R0,#0x1C]
LDR R2, =0xFFF321E8
ADD R3, R0, #0x10
STMIA R3, {R4,R12}
ADD R3, R7, #0x7E
LDR R2, [R2,#4]
MOV R4, #0x28 ; '('
MOV R12, #0xB0 ; '¦'
STR R2, [R0,#0x40]
LDR R2, =0xFFF32

on a another note do you want to know how GateShit Bricks The Console You Paid for?

ya theres the rumour that if you mess with some files on flash
gateshit bricks it no?
if you read up arm9loaderhax documentation...

gateway simply adds a check to see if the files have been tampered
with upon boot. sound familiar? you wipe the stack used to decrypt nand sector... gateway has already patched firmware header checks for rsa preboot
...and its a hash check... -_-

--------------------- MERGED ---------------------------

where the stack is wiped decrypting nand preboot....
they wipe your console instead .

 

[QuarkTheAwesome]

I love you, GBATemp.

Just in case anyone wants it~