Hacking What is stopping us from hacking into the ISOU using the Kernel exploit?

[Goopyjoe]

Well, a lot of stuff actually. I mean the developers spent a lot of time putting in security measures to make sure that nobody can get access to things they are not supposed to. Kernel and IOSU are completely different things.

But the Kernel does communicate with the IOSU, right?

 

[Deleted member 373223]

But the Kernel does communicate with the IOSU, right?

pretty much nothing

--------------------- MERGED ---------------------------

pretty much nothing

Kernel is related to IOSU just as much as in the 3ds ARM11 is related to ARM9. perrty much, litterally, nothing

 

[FR0ZN]

The "IOSU" is the nickname for a FW that runs on the ARM inside the Wii U.
Just like Cafe OS (the Wii U OS running on the PowerPC), it has a user and a kernel mode.

So to mess with the IOSU to its full extend, you need a IOSU kernel exploit.
To make a list, we have:

Public Wii U userpace exploit for 5.5.1
Public Wii U kernel exploit for 5.5.1
Public IOSU userspace exploit for everything below 5.2.0 (not coded yet? but documented: https://nwert.wordpress.com/2016/05/03/ioctlvhax/)
Non public IOSU kernel exploit for either 3.3.0 and 5.5.1 ??? -> They exist, but nobody outside of the dev circle knows whats beeing exploited to gain this level privs.

Also, some might think you need to chain exploits together (Wii U userspace -> Wii U kernel -> IOSU userspace -> IOSU kernel) to get to the IOSU kernel, but iirc Hykem confirmed that Wii U userspace can communicate with the IOSU and exploit it, so a Wii U kernel exploit isn't needed.

 

[Kohmei]

I'm simply asking what is blocking us from accessing the ISOU from the Kernel.

There are multiple processors in the Wii U. We have kernel exploits for the PPC processor, which is the system's main processor for userland apps (games). The IOSU is an ARM processor that governs the system's security, among other things, and it has its own kernel. This is why "kernel exploit" alone is deceptive -- it sounds like we should have full control over the system already but in the Wii U's case, it is like having full control over only the graphics card.

 

[Goopyjoe]

There are multiple processors in the Wii U. We have kernel exploits for the PPC processor, which is the system's main processor for userland apps (games). The IOSU is an ARM processor that governs the system's security, among other things, and it has its own kernel. This is why "kernel exploit" alone is deceptive -- it sounds like we should have full control over the system already but in the Wii U's case, it is like having full control over only the graphics card.

Thanks for clearing that up, but what makes the IOUS any different then the Kernel, other then the code they excecute?

 

[AmandaRose]

It just pisses me off that noobs like these clutter the temp with useless threads asking dumb questions like these. There is a stickied noob question thread.

Excatly the amount of dumb posts by newbies in the wiiu and 3ds forums is beyond a joke when I first joined this site we had like 95% decent and intelligent threads and 5% dumb shitposts now it's the other way about. Also why can't people be happy with what they have instead of what they don't have.

 

[Deleted member 373223]

Thanks for clearing that up, but what makes the IOUS any different then the Kernel, other then the code they excecute?

EVERYTHING!

 

[Duo8]

Excatly the amount of dumb posts by newbies in the wiiu and 3ds forums is beyond a joke when I first joined this site we had like 95% decent and intelligent threads and 5% dumb shitposts now it's the other way about. Also why can't people be happy with what they have instead of what they don't have.

For me however it has always been like that. Just the size grows.

Thanks for clearing that up, but what makes the IOUS any different then the Kernel, other then the code they excecute?

It handles low level stuff, including security and a lot of the h/w iirc.

 

[MontyQ]

why is there not a huge front page sticky size of the screen that never leaves front page, and it is says NOOBS CLICK HERE and we have a link to all answers, anyone who asks after same thing that's asked every 5 minutes perma ban. It would save time bitching and might help a few of the people who have no idea how to use search function.

 

[Deleted member 373223]

perma ban

the first two time temponary-ban

 

[MontyQ]

the first two time temponary-ban

your right gives a little bit lean way

 

[Jack Daniels]

look the noob section is so messed up... i can litterely find every question at least being post 25 time, and get no real answers. i'm a noob and if it's irritating so be it... i wanna learn something and i won't get to learn a thing in the noob section since everyone is talking through each other without clear notice who's to know the answers... here i get maybe irritated answers but at least i do get to understand it little by little... i wanna be a contrebuter and not a leech but to get to be a contrebuter i need to learn and this is the only place i know where there are answers to such questions... that being sai, i don't think i'll be any help soon since i'm years behind in learning so please be patient...

 

[dpad_5678]

Read this. @Goopyjoe

 

[Deleted member 373223]

look the noob section is so messed up... i can litterely find every question at least being post 25 time, and get no real answers. i'm a noob and if it's irritating so be it... i wanna learn something and i won't get to learn a thing in the noob section since everyone is talking through each other without clear notice who's to know the answers... here i get maybe irritated answers but at least i do get to understand it little by little... i wanna be a contrebuter and not a leech but to get to be a contrebuter i need to learn and this is the only place i know where there are answers to such questions... that being sai, i don't think i'll be any help soon since i'm years behind in learning so please be patient...

We are patient with question that aren't in the FAQ. but if someone doesn't know how an exploit works, it shoudln't stay on this forum.

 

[Jack Daniels]

We are patient with question that aren't in the FAQ. but if someone doesn't know how an exploit works, it shoudln't stay on this forum.

thanks i'll try not to ask too much. will first go and get to practise a bit of coding to get a better understanding first... sorry for taking such precious time.

 

[Deleted member 373223]

thanks i'll try not to ask too much. will first go and get to practise a bit of coding to get a better understanding first... sorry for taking such precious time.

you don't need to be a coder to be useful. you ony need to know, and help who has got REAL questions

 

[Jack Daniels]

you don't need to be a coder to be useful. you ony need to know, and help who has got REAL questions

thanks, still want to get to be a coder, just maybe a little less high a level, liked to write software when i was a kid, just that was when there was only dos and win 3.11... school took my time and there was no education for coding there so i lost practice... i already actively help those with wii and psp failures as far as i understand it, those are the 2 consoles i had myself so i have tested all instructions first. but getting off topic... sorry to clutter here thanks for responding.

 

[FlappyFalco]

Jesus, it's not like it's unprecedented. I mean the 3DS Userland exploit allowed you to downgrade your entire firmware!

All the OP was asking was if it would be possible to force the Wii U into a situation where an exploit could be ran using a custom app on Loadiine or a patch for an existing game. Back in the Wii days, you may remember the Twilight Hack, which ran off a normal copy of Twilight Princess and could not be executed any other way. It loaded a corrupt save which would allow for custom apps to be ran, including the Homebrew installer which would permanently install the Homebrew Channel on the Wii menu. The OP wanted to know if it would be possible to create our own "Twilight Princess", a "game" that would load its save in just the right way for an exploit that allowed for IOSU access. This game could then be ran on Loadiine. While the differences between the Wii OS and IOSU may be great, the OP politely basically asked if the (extremely unlikely) example I gave would be possible.

Also, STFU about the search button, I tried just to make sure:

Spoiler: Search Results for "Use Kernel Exploit IOSU"

All that comes up is this thread followed by irrelevant crap (basically any page with either "kernel" or "IOSU" is mentioned).Try it for yourself, keeping in mind that any three letter words will be ignored.

 

[Deleted member 373223]

Jesus, it's not like it's unprecedented. I mean the 3DS Userland exploit allowed you to downgrade your entire firmware!

All the OP was asking was if it would be possible to force the Wii U into a situation where an exploit could be ran using a custom app on Loadiine or a patch for an existing game. Back in the Wii days, you may remember the Twilight Hack, which ran off a normal copy of Twilight Princess and could not be executed any other way. It loaded a corrupt save which would allow for custom apps to be ran, including the Homebrew installer which would permanently install the Homebrew Channel on the Wii menu. The OP wanted to know if it would be possible to create our own "Twilight Princess", a "game" that would load its save in just the right way for an exploit that allowed for IOSU access. This game could then be ran on Loadiine. While the differences between the Wii OS and IOSU may be great, the OP politely basically asked if the (extremely unlikely) example I gave would be possible.

Also, STFU about the search button, I tried just to make sure:

Spoiler: Search Results for "Use Kernel Exploit IOSU"

View attachment 53221

All that comes up is this thread followed by irrelevant crap (basically any page with either "kernel" or "IOSU" is mentioned).Try it for yourself, keeping in mind that any three letter words will be ignored.

google "website:gbatemp [TEXTHERE]"

 

[Goopyjoe]

Jesus, it's not like it's unprecedented. I mean the 3DS Userland exploit allowed you to downgrade your entire firmware!

All the OP was asking was if it would be possible to force the Wii U into a situation where an exploit could be ran using a custom app on Loadiine or a patch for an existing game. Back in the Wii days, you may remember the Twilight Hack, which ran off a normal copy of Twilight Princess and could not be executed any other way. It loaded a corrupt save which would allow for custom apps to be ran, including the Homebrew installer which would permanently install the Homebrew Channel on the Wii menu. The OP wanted to know if it would be possible to create our own "Twilight Princess", a "game" that would load its save in just the right way for an exploit that allowed for IOSU access. This game could then be ran on Loadiine. While the differences between the Wii OS and IOSU may be great, the OP politely basically asked if the (extremely unlikely) example I gave would be possible.

Also, STFU about the search button, I tried just to make sure:

Spoiler: Search Results for "Use Kernel Exploit IOSU"

View attachment 53221

All that comes up is this thread followed by irrelevant crap (basically any page with either "kernel" or "IOSU" is mentioned).Try it for yourself, keeping in mind that any three letter words will be ignored.

Exactly what I meant, so is it possible?