Hacking TCPGecko Java Client Implementation

[BullyWiiPlaza]

Hey,

so I was trying to "port" tcpgecko.py to Java but I ran into difficulties. Is somebody able and willing to take a look? It would really help me out if I can get memory reading and editing working. Also since I might decide to implement actual codetypes or create applications that for instance apply a set of codes at the push of a button, such as unlock everything in a Wii U game via memory editing. The reason why I'm doing this in Java is because I'm most familiar with it. Also it helps me understand the internals better.

I posted all the technical details on StackOverflow, so check it out:
http://stackoverflow.com/questions/32591138

@NWPlayer123

Thank you

 

[NWPlayer123]

I'm not sure how Java handles sockets but the codehandler also has those 3 options when creating a socket (AF_INET, SOCK_STREAM, and IPPROTO_TCP). What the readmem function's doing is
1) Make sure it's not trying to read a length of 0, since that's useless
2) Checks the range against a range of valid addresses
3) Checks to see if it has the right access so it won't freeze
4) Sends a single byte to tell the codehandler which function to run, which then jumps to it and waits for the data EG what address you want to read from
5) Codehandler's waiting for 8 bytes, address and the end address (why I just do + length). Then, send it so it can fetch the data
6) Depending on what it finds, it's going to send back a single byte telling you the status. If it's 0xBD, then read the size you sent it. Do note that it has a max of 0x400 bytes, so if you want more you'll have to make a loop client side
7) If it's 0xB0, then the codehandler function's done doing stuff and is back in the main loop, so just create a string with 0x00 times how much you read, and return it. If anything else happens then something went really wrong (not that you'll know since it'll probably have froze).
8) Then just return the data it read.

Side note, you'll probably be able to understand it better with my rewritten code. I'll push it into the main repo once I get everything reimplemented, but here's what I have right now. http://pastebin.com/3YYMUzTx

 

[BullyWiiPlaza]

I'm not sure how Java handles sockets but the codehandler also has those 3 options when creating a socket (AF_INET, SOCK_STREAM, and IPPROTO_TCP).

This isn't required, just making a new Socket object should suffice. I managed to connect to the Wii U already so that probably worked.

Socket clientSocket = new Socket(ipAddress, 7331);

7) If it's 0xB0, then the codehandler function's done doing stuff and is back in the main loop, so just create a string with 0x00 times how much you read, and return it.

Why does it distinguish between having read only zeros and non-zeros? It could also just read the null bytes and return them or not?
https://github.com/wiiudev/pyGecko/blob/master/codehandler/main.c#L120-L152

Side note, you'll probably be able to understand it better with my rewritten code.

Yes, it helps. Since I put some efforts into this myself, I easily understood the theory so I just need to get it put together in Java since it's very different in code.

As a side note:
What happens if I screw up the data that is sent? Will it bring the codehandler in a corrupt state? I figured that after connecting my (faulty) application and sending data, it would still allow me to connect with tcpgecko.py but reading the memory gets stuck so maybe that function started to block since it received invalid data or already or something. Tomorrow I will try to complete the Java client then.

 

[NWPlayer123]

This isn't required, just making a new Socket object should suffice. I managed to connect to the Wii U already so that probably worked.

Socket clientSocket = new Socket(ipAddress, 7331);

Why does it distinguish between having read only zeros and non-zeros? It could also just read the null bytes and return them or not?
https://github.com/wiiudev/pyGecko/blob/master/codehandler/main.c#L120-L152


Yes, it helps. Since I put some efforts into this myself, I easily understood the theory so I just need to get it put together in Java since it's very different in code.

As a side note:
What happens if I screw up the data that is sent? Will it bring the codehandler in a corrupt state? I figured that after connecting my (faulty) application and sending data, it would still allow me to connect tcpgecko.py but reading the memory gets stuck so maybe that function blocked. Tomorrow I will analyze this further.

Because when you're trying to dump a big block of memory with the dump tab in the dNet client, you want to have to send as little data as possible to make it fast, this way the processor can whiz by and make it without having to receive anything. Even with this, pyGecko is still super slow lmao. Need to like implement a compression algo or something

 

[BullyWiiPlaza]

Because when you're trying to dump a big block of memory with the dump tab in the dNet client, you want to have to send as little data as possible to make it fast, this way the processor can whiz by and make it without having to receive anything. Even with this, pyGecko is still super slow lmao. Need to like implement a compression algo or something

Ah, that's smart. Null bytes are very common. It needs all the tuning it can get so maybe turn off the on-screen current address display on TCP Gecko.NET to make it process faster. The one below in the status bar. The progress bar there should be enough progress symbolization I guess

 

[BullyWiiPlaza]

@NWPlayer123
Alright, I got it working. Thanks for your help

Sep 16, 2015 3:49:00 PM JGeckoU connect
INFO: Connecting to IP 192.168.178.35 and port 7331...
Sep 16, 2015 3:49:00 PM JGeckoU pokeMemory
INFO: Sending request to poke memory at address 10000000 with value 13371337...
Sep 16, 2015 3:49:00 PM JGeckoU readMemory
INFO: Sending request to read memory from address 10000000 to 10000004...
Sep 16, 2015 3:49:00 PM JGeckoU readMemory
INFO: Receiving server status...
Sep 16, 2015 3:49:00 PM JGeckoU readMemory
INFO: Receiving read values...
Sep 16, 2015 3:49:00 PM JGeckoU main
INFO: 13371337
Sep 16, 2015 3:49:00 PM JGeckoU endSession
INFO: Ending session...

Process finished with exit code 0