TCPGecko Java Client Implementation

Discussion in 'Wii U - Hacking & Backup Loaders' started by BullyWiiPlaza, Sep 15, 2015.

  1. BullyWiiPlaza
    OP

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,791
    1,462
    Aug 2, 2014
    Germany
    Hey,

    so I was trying to "port" tcpgecko.py to Java but I ran into difficulties. Is somebody able and willing to take a look? It would really help me out if I can get memory reading and editing working. Also since I might decide to implement actual codetypes or create applications that for instance apply a set of codes at the push of a button, such as unlock everything in a Wii U game via memory editing. The reason why I'm doing this in Java is because I'm most familiar with it. Also it helps me understand the internals better.

    I posted all the technical details on StackOverflow, so check it out:
    http://stackoverflow.com/questions/32591138

    @NWPlayer123

    Thank you :)
     
  2. NWPlayer123

    NWPlayer123 GBAtemp Addict

    Member
    2,632
    6,233
    Feb 17, 2012
    United States
    The Everfree Forest
    I'm not sure how Java handles sockets but the codehandler also has those 3 options when creating a socket (AF_INET, SOCK_STREAM, and IPPROTO_TCP). What the readmem function's doing is
    1) Make sure it's not trying to read a length of 0, since that's useless
    2) Checks the range against a range of valid addresses
    3) Checks to see if it has the right access so it won't freeze
    4) Sends a single byte to tell the codehandler which function to run, which then jumps to it and waits for the data EG what address you want to read from
    5) Codehandler's waiting for 8 bytes, address and the end address (why I just do + length). Then, send it so it can fetch the data
    6) Depending on what it finds, it's going to send back a single byte telling you the status. If it's 0xBD, then read the size you sent it. Do note that it has a max of 0x400 bytes, so if you want more you'll have to make a loop client side
    7) If it's 0xB0, then the codehandler function's done doing stuff and is back in the main loop, so just create a string with 0x00 times how much you read, and return it. If anything else happens then something went really wrong (not that you'll know since it'll probably have froze).
    8) Then just return the data it read.

    Side note, you'll probably be able to understand it better with my rewritten code. I'll push it into the main repo once I get everything reimplemented, but here's what I have right now. http://pastebin.com/3YYMUzTx
     
    paulloeduardo and BullyWiiPlaza like this.
  3. BullyWiiPlaza
    OP

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,791
    1,462
    Aug 2, 2014
    Germany
    This isn't required, just making a new Socket object should suffice. I managed to connect to the Wii U already so that probably worked.
    Code:
    Socket clientSocket = new Socket(ipAddress, 7331);
    Why does it distinguish between having read only zeros and non-zeros? It could also just read the null bytes and return them or not?
    https://github.com/wiiudev/pyGecko/blob/master/codehandler/main.c#L120-L152

    Yes, it helps. Since I put some efforts into this myself, I easily understood the theory so I just need to get it put together in Java since it's very different in code. :P

    As a side note:
    What happens if I screw up the data that is sent? Will it bring the codehandler in a corrupt state? I figured that after connecting my (faulty) application and sending data, it would still allow me to connect with tcpgecko.py but reading the memory gets stuck so maybe that function started to block since it received invalid data or already or something. Tomorrow I will try to complete the Java client then.
     
    Last edited by BullyWiiPlaza, Sep 15, 2015
  4. NWPlayer123

    NWPlayer123 GBAtemp Addict

    Member
    2,632
    6,233
    Feb 17, 2012
    United States
    The Everfree Forest
    Because when you're trying to dump a big block of memory with the dump tab in the dNet client, you want to have to send as little data as possible to make it fast, this way the processor can whiz by and make it without having to receive anything. Even with this, pyGecko is still super slow lmao. Need to like implement a compression algo or something
     
  5. BullyWiiPlaza
    OP

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,791
    1,462
    Aug 2, 2014
    Germany
    Ah, that's smart. Null bytes are very common. It needs all the tuning it can get so maybe turn off the on-screen current address display on TCP Gecko.NET to make it process faster. The one below in the status bar. The progress bar there should be enough progress symbolization I guess :P
     
  6. BullyWiiPlaza
    OP

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,791
    1,462
    Aug 2, 2014
    Germany
    @NWPlayer123
    Alright, I got it working. Thanks for your help :)
    Code:
    Sep 16, 2015 3:49:00 PM JGeckoU connect
    INFO: Connecting to IP 192.168.178.35 and port 7331...
    Sep 16, 2015 3:49:00 PM JGeckoU pokeMemory
    INFO: Sending request to poke memory at address 10000000 with value 13371337...
    Sep 16, 2015 3:49:00 PM JGeckoU readMemory
    INFO: Sending request to read memory from address 10000000 to 10000004...
    Sep 16, 2015 3:49:00 PM JGeckoU readMemory
    INFO: Receiving server status...
    Sep 16, 2015 3:49:00 PM JGeckoU readMemory
    INFO: Receiving read values...
    Sep 16, 2015 3:49:00 PM JGeckoU main
    INFO: 13371337
    Sep 16, 2015 3:49:00 PM JGeckoU endSession
    INFO: Ending session...
    
    Process finished with exit code 0
     
    Last edited by BullyWiiPlaza, Sep 16, 2015
    NWPlayer123 and EclipseSin like this.