Hacking Smea's iosuhax

[Jow Banks]

Has anybody else looked at what's inside SMEA's IOSUHax he put up on Github?
I worked with a while and was actually able to get it to run all the way through.

What it does is patch a decoded FW.IMG file, add in a whole bunch of hacks to allow access to IOSU then re-compiles a new encrypted FW.IMG file.
The new file has all of the checksums turned off and a new wupserver hook turned on that allows you to connect inside IOSU via an client app running on a PC.


Example (theres more than just this)

Spoiler

NEW_TIMEOUT equ (0xFFFFFFFF) ; over an hour

; fix 10 minute timeout that crashes MCP after 10 minutes of booting
.org 0x05022474
   .word NEW_TIMEOUT

; hook main thread to start our thread ASAP
.org 0x05056718
   .arm
   bl mcpMainThread_hook

; patch OS launch sig check
.org 0x0500A818
   .thumb
   mov r0, #0
   mov r0, #0

; patch IOSC_VerifyPubkeySign to always succeed
.org 0x05052C44
   .arm
   mov r0, #0
   bx lr

.org 0x050282AE
   .thumb
   bl launch_os_hook

; patch pointer to fw.img loader path
.org 0x050284D8
   .word fw_img_path

.org CODE_BASE
   .arm
   mcpMainThread_hook:
     mov r11, r0
     push {r0-r11,lr}
     sub sp, #8
   
     mov r0, #0x78
     str r0, [sp] ; prio
     mov r0, #1
     str r0, [sp, #4] ; detached
     ldr r0, =wupserver_entrypoint ; thread entrypoint
     mov r1, #0 ; thread arg
     ldr r2, =wupserver_stacktop ; thread stacktop
     mov r3, #wupserver_stacktop - wupserver_stack ; thread stack size
     bl MCP_SVC_CREATETHREAD

     cmp r0, #0
     blge MCP_SVC_STARTTHREAD

     ldr r1, =0x050BD000 - 4
     str r0, [r1]

     add sp, #8
     pop {r0-r11,pc}

The question is, how can we load this onto a wii-u ?
Would it help to take a older wii-u, like on 5.3.2 then figure out a way to get it to update to 5.5.1 using the modified FW.IMG file?

I'd be willing to "risk-a-bricked 5.32" to try if this might work.
(the wii-u's kinda boring anyways, so no big loss)

 

[Faxic]

Huh. Nice to finally see some IOSU exploitation documentation, even if it's only for pre-5.2.0 systems

I agree. I just hope somebody can find a way for iosu on 5.5+ to would be awesome!

 

[Jow Banks]

I'm ready to sacrifice my wiiu for the cause - anyone wanna help me figure out how to load the SMEA modified FW.img to my 5.3.2 box?

 

[Kohmei]

If I'm not mistaken wupinstaller has a whitelist of approved titles to prevent you from doing anything like this

 

[Mazamin]

If I'm not mistaken wupinstaller has a whitelist of approved titles to prevent you from doing anything like this

But there's one without this checks

 

[Jow Banks]

It seems to me that everyone was just waiting for the kexploit and now that it's out - no one cares about iosu anymore.
I couldn't care less about kexploit - I already has a 5.3.2 and am bored to bonkers with it.

The wiiu is a lame-duck console, just waiting on the final bullet-to-the-head when the NX is released.
Why did everyone give up on getting iosu working on it so fast?

Since FOF and SMEA have left the console hacking scene, this will most likely be the final console that we will ever get to hack like this.

<snip>

 

[Kohmei]

IOSU is the only reason I haven't sold my Wii U yet. It's been a rather disappointing system that I was hoping to get a little extra mileage out of, as I've long since played all the worthwhile games. I'd definitely get rid of it if we knew nothing more would come of it by the time NX comes out, but I guess there's always hope.

I'd probably scrounge up all the cheap used Wii U's on eBay if I thought it would do any good but I feel like the adults have left us with safety scissors and non-toxic glue

 

[ldeveraux]

IOSU is the only reason I haven't sold my Wii U yet. It's been a rather disappointing system that I was hoping to get a little extra mileage out of, as I've long since played all the worthwhile games. I'd definitely get rid of it if we knew nothing more would come of it by the time NX comes out, but I guess there's always hope.

I'd probably scrounge up all the cheap used Wii U's on eBay if I thought it would do any good but I feel like the adults have left us with safety scissors and non-toxic glue

you should complain more!

 

[Jow Banks]

IOSU is the only reason I haven't sold my Wii U yet. It's been a rather disappointing system that I was hoping to get a little extra mileage out of, as I've long since played all the worthwhile games. I'd definitely get rid of it if we knew nothing more would come of it by the time NX comes out, but I guess there's always hope.

I'd probably scrounge up all the cheap used Wii U's on eBay if I thought it would do any good but I feel like the adults have left us with safety scissors and non-toxic glue

Well, it looks like there were only two a few of us that cared about IOSU, and no one else wants even talk about it anymore.
I guess this proves Loadiine was all everyone was after and no one wants USB, Disk Loading, BluRay, Linux, Un-Brickable Wii U, Auto Exploit and all of the other fun stuff that could have been done.
(By the way, there's more than just Piracy - it's called HomeBrew and Console Hax)


If this was all they wanted, seems instead of waiting they could have saved a lot of time by selling their 5.5.1 and buying a 5.3.2

 

[Naked_Snake]

Wait what Smea has left the scene?

 

[brienj]

Well, it looks like there were only two of us that cared about IOSU, and no one else wants even talk about it anymore.
I guess this proves Loadiine was all everyone was after and no one wants USB, Disk Loading, BluRay, Linux and all of the other fun stuff that could have been done.


If this was all they wanted, seems instead of waiting they could have saved a lot of time by selling their 5.5.1 and buying a 5.3.2

You must only be a member on this forum ...

 

[TotalInsanity4]

You must only be a member on this forum ...

Is there another forum that discusses Wii U hacking?

 

[davetheshrew]

-snippy-

 

[VinsCool]

You must only be a member on this forum ...

Hey I have interest too! Pay me programming classes while I quit my job and I'll make homebrew stuff!

 

[kenryuakuma]

Well, it looks like there were only two of us that cared about IOSU, and no one else wants even talk about it anymore.
I guess this proves Loadiine was all everyone was after and no one wants USB, Disk Loading, BluRay, Linux and all of the other fun stuff that could have been done.
(By the way, there's more than just Piracy - it's called HomeBrew)

If this was all they wanted, seems instead of waiting they could have saved a lot of time by selling their 5.5.1 and buying a 5.3.2

Wrong I have been patiently waiting for the IOSU as well. I still do not like the way how everything has to go through the internet connection before being able to be used before there is no guarantee 100% success rate because of the race attack. With IOSU maybe people can come up with an emunand solution, which does not force users to update in order to play the game they own.

 

[Maschell]

I don't think we can do that with the kexploit

Its really easy to do this

 

[Selim873]

I'm interested too. This looks like the only step taken towards an emuNAND of any sort. Publicly at least. I mean, we have a kernel entrypoint now even on the latest FW, so surely someone's tinkering with it?

 

[depaul]

Wait what Smea has left the scene?

At least smea quit gracefully and shared everything about IOSU with other people which is appreciated, unlike some other people !

 

[dradonhunter11]

Hey I have interest too! Pay me programming classes while I quit my job and I'll make homebrew stuff!

well, same for me XD But I actually go to college soon for coding class

 

[KillzXGaming]

But there's one without this checks

Where is a non whitelisted version?