Hacking [UNSURE] I MAY have found a "tickethax", unknown games fakely said as bought

[sp3off]

COMEBACK for something else. At storage_slc/rights/sys you have a title.list, containing all the titleID's of the game it found installed on the Wii U.

So, following that logic, you can fool your Wii U by telling him that you've installed a game that you do not possess.

EDIT : At storage_slc/rights/ticket you have every ticket installed, but following a bizarre order. My thoughts would have been company ID's but it do not seem to match.

EDIT2: MLC (Actual Wii U storage) do not seem to have a ticket folder, or else it would have been easy to fool.

EDIT3: Unable to retrieve storage_odd_tickets, content, content2 and updates. Sensitive content ? Even WiiUBrew doesn't talk about these folders.

EDIT4 : Does anyone knows how the ticket "machinery" on the SLC work ? That might be usable.

 

[sp3off]

Okay, results are stopping there.

I need to know how the SLC ticket machinery works. And if we can, we can directly put tickets there and install with the eShop. (if possible)

 

[nexusmtz]

And if we can, we can directly put tickets there and install with the eShop.

We don't know the hashing method, so you have to already know where to put the ticket. Note, however, that a given ticket goes into the same file on everyone's consoles. If someone else owns the title, they could run Tik2SD to tell you which file the ticket goes in.

Yes, you can copy valid tickets into those directories, then install a title without including a ticket in your sources files. You can also add fake-signed tickets, but they won't work unless signature patching is active.

No, this doesn't fool eShop, and eShop will delete unowned console-specific tickets from the console at eShop startup (while you play the slot machine.) In other words, eShop uses server-side title ownership to determine which tickets to put/leave on the console. eShop doesn't use tickets to determine which titles have been purchased. Of course, the console does use tickets to determine which titles can execute, but that doesn't really help you if you're trying to fake out eShop.

 

[nexusmtz]

Unable to retrieve storage_odd_tickets, content, content2 and updates.

What disc did you have in the optical disc drive (odd) that you were unable to read?

 

[sp3off]

What disc did you have in the optical disc drive (odd) that you were unable to read?

Actually, nothing. But it also means we can have the totality of a game disc. Cannot put any games in it due to a "sd-in-the-disc" issue;

 

[sp3off]

snip

Well thanks for that long and explained answer. Well the only trick to make it happen is to make the system think that all the tickets installed in the console are owned, and so the eShop could also think of it. The "WUP" shop site address actually starts at boot-up on the menu and verifies everything AT BOOT. Even if the eShop isn't started by user.