I tried joining #wiiuhack of efnet and I got kicked for trying to discuses development:
I guess these skridz are what f0f meant as "lack of interest".
Code:
1<Relys> Does anyone know how Mario got ahold of the Wii U binaries to find ROP gadgets? I heard comex exploit allowed full memory access but Mario said he had to use the binaries to see where he was going. Just wondering if we're going to see a ROP loader for 5.0 so I can possibly do somethinguseful. :/
02* BillyRR ([email protected]) Quit (Remote host closed the connection)
03* BillyRR ([email protected]) has joined #wiiuhack
<BillyRR> Relys i got no idea what u said but good luck Relys
02* voddy ([email protected]) Quit (Ping timeout: 480 seconds)
01<Relys> Well, it's quite simple billy. ROP stands for return oriented programming. You can use a series of "gadgets" (which are function calls) to set up a chain to load your own code.
01<Relys> The Wii Browser exploit that was released has ROP loaders for 4.0 and 4.1.
01<Relys> The offsets of where the gadgets exist change when Nintendo compiles a new binary.
01<Relys> We need to know these offsets so we can port the CafeOS userland exploit to 5.0
01<Relys> It's easy to see where these gadgets are if you have full memory access (which is what comex did). Marionumber1 found these gadgets by looking and a dumped binary from comex it looks like.
02* afaik ([email protected]) Quit (Ping timeout: 360 seconds)
01<Relys> We need a binary dump of 5.0 before the exploit can be ported.
<CwT> BillyRR u there?
01<Relys> But the vulnerability still exists. The offsets are just unknown.
01<Relys> Has anyone been poking around with RPC yet?
<@|Shadow|> we dont care
<BillyRR> yo im here
01<Relys> This is the wiiuhack channel correct? Am I in the wrong place?
<BillyRR> ur but it aint no #ps3dev :D
<BillyRR> wii stuff always has low support imo
01<Relys> What do you mean sir?
01<Relys> Where should I talk about this stuff then?
<BillyRR> so if u get access to cafeos on 5.0 than what
01<Relys> I'm a dev
03* Hazard ([email protected]) has joined #wiiuhack
<BillyRR> maybe forums and such
02* CwT ([email protected]) Quit
03* CwT ([email protected]) has joined #wiiuhack
02* CwT ([email protected]) Quit (Connection closed)
<@|Shadow|> cool story bro
01<Relys> I know PowerPC, C/C++ and Python so I thought it would be fun to start working on the Wii U now that things are coming along. I'm wondering where the technical people hang out?
<@|Shadow|> in my butt
01<Relys> If you get access on cafeos you can issue RPC commands to call the SDK functions in userland.
01<Relys> The next step is to break out of userland.
03* CwT ([email protected]) has joined #wiiuhack
01<Relys> And that's something I could actually work on.
<BillyRR> cool
<BillyRR> and than piracy? :D
<@|Shadow|> thats all we cre about
<@|Shadow|> so if itsz just lame ass homebrew
<@|Shadow|> we dont give a shit
01<Relys> That would be a side effect.
01<Relys> You need to break out of the userland sandbox and escilate your privlidge level
02* HazMat ([email protected]) Quit (Read error: Operation timed out)
01<Relys> This can be done through a kernel or IOS exploit which is what the HSREST exploit is about from what I hear.
01<Relys> Anyways, the browser exploit released allows you to run your own code and create a RPC socket to connect to over the network. It's kind of a HUGE deal and will lead to complete PWNAGE of the system, and yes piracy.
01<Relys> But the Wii U common key needs to be found for more stuff to be encrypted (Wii U key + ancast key)
<@|Shadow|> snoozvil
<@|Shadow|> when piracy is live wake me up
<dlukz> ^yup
01<Relys> Why don't you want to help though. It's more fun than games.
<@|Shadow|> WRONG
<@|Shadow|> games r more fun
01<Relys> No they aren't.
1<Relys> Games are boring compaired to gaining access to a system.
03* You were kicked by |Shadow| (yes they r)
I guess these skridz are what f0f meant as "lack of interest".