I tried joining #wiiuhack of efnet and I got kicked for trying to discuses development: Code: 1<Relys> Does anyone know how Mario got ahold of the Wii U binaries to find ROP gadgets? I heard comex exploit allowed full memory access but Mario said he had to use the binaries to see where he was going. Just wondering if we're going to see a ROP loader for 5.0 so I can possibly do somethinguseful. :/ 02* BillyRR (BillyRR@d205-250-229-115.bchsia.telus.net) Quit (Remote host closed the connection) 03* BillyRR (BillyRR@d205-250-229-115.bchsia.telus.net) has joined #wiiuhack <BillyRR> Relys i got no idea what u said but good luck Relys 02* voddy (~voddy@p5DD8C2C9.dip0.t-ipconnect.de) Quit (Ping timeout: 480 seconds) 01<Relys> Well, it's quite simple billy. ROP stands for return oriented programming. You can use a series of "gadgets" (which are function calls) to set up a chain to load your own code. 01<Relys> The Wii Browser exploit that was released has ROP loaders for 4.0 and 4.1. 01<Relys> The offsets of where the gadgets exist change when Nintendo compiles a new binary. 01<Relys> We need to know these offsets so we can port the CafeOS userland exploit to 5.0 01<Relys> It's easy to see where these gadgets are if you have full memory access (which is what comex did). Marionumber1 found these gadgets by looking and a dumped binary from comex it looks like. 02* afaik (~afaik@CPE-120-147-84-124.hdqu3.win.bigpond.net.au) Quit (Ping timeout: 360 seconds) 01<Relys> We need a binary dump of 5.0 before the exploit can be ported. <CwT> BillyRR u there? 01<Relys> But the vulnerability still exists. The offsets are just unknown. 01<Relys> Has anyone been poking around with RPC yet? <@|Shadow|> we dont care <BillyRR> yo im here 01<Relys> This is the wiiuhack channel correct? Am I in the wrong place? <BillyRR> ur but it aint no #ps3dev :D <BillyRR> wii stuff always has low support imo 01<Relys> What do you mean sir? 01<Relys> Where should I talk about this stuff then? <BillyRR> so if u get access to cafeos on 5.0 than what 01<Relys> I'm a dev 03* Hazard (~HazMat@99-8-148-57.lightspeed.wlfrct.sbcglobal.net) has joined #wiiuhack <BillyRR> maybe forums and such 02* CwT (~CwT@c-69-140-212-127.hsd1.md.comcast.net) Quit 03* CwT (~CwT@c-69-140-212-127.hsd1.md.comcast.net) has joined #wiiuhack 02* CwT (~CwT@c-69-140-212-127.hsd1.md.comcast.net) Quit (Connection closed) <@|Shadow|> cool story bro 01<Relys> I know PowerPC, C/C++ and Python so I thought it would be fun to start working on the Wii U now that things are coming along. I'm wondering where the technical people hang out? <@|Shadow|> in my butt 01<Relys> If you get access on cafeos you can issue RPC commands to call the SDK functions in userland. 01<Relys> The next step is to break out of userland. 03* CwT (~CwT@c-69-140-212-127.hsd1.md.comcast.net) has joined #wiiuhack 01<Relys> And that's something I could actually work on. <BillyRR> cool <BillyRR> and than piracy? :D <@|Shadow|> thats all we cre about <@|Shadow|> so if itsz just lame ass homebrew <@|Shadow|> we dont give a shit 01<Relys> That would be a side effect. 01<Relys> You need to break out of the userland sandbox and escilate your privlidge level 02* HazMat (~HazMat@99-8-148-57.lightspeed.wlfrct.sbcglobal.net) Quit (Read error: Operation timed out) 01<Relys> This can be done through a kernel or IOS exploit which is what the HSREST exploit is about from what I hear. 01<Relys> Anyways, the browser exploit released allows you to run your own code and create a RPC socket to connect to over the network. It's kind of a HUGE deal and will lead to complete PWNAGE of the system, and yes piracy. 01<Relys> But the Wii U common key needs to be found for more stuff to be encrypted (Wii U key + ancast key) <@|Shadow|> snoozvil <@|Shadow|> when piracy is live wake me up <dlukz> ^yup 01<Relys> Why don't you want to help though. It's more fun than games. <@|Shadow|> WRONG <@|Shadow|> games r more fun 01<Relys> No they aren't. 1<Relys> Games are boring compaired to gaining access to a system. 03* You were kicked by |Shadow| (yes they r) I guess these skridz are what f0f meant as "lack of interest".