What is stopping us from hacking into the ISOU using the Kernel exploit?

Discussion in 'Wii U - Hacking & Backup Loaders' started by Goopyjoe, Jun 17, 2016.

  1. ARVI80

    Member ARVI80 GBAtemp Regular

    Joined:
    Feb 25, 2016
    Messages:
    168
    Location:
    UK
    Country:
    United Kingdom
    iosu is possible, full cfw is possible, console bricking is very possible and very likely as it stands.

    Get a second hobby and be prepared to wait, and wait some more, and wait some more on top of that. :D
     


  2. Wishi

    Member Wishi Rareware Gamer

    Joined:
    Nov 24, 2015
    Messages:
    147
    Country:
    Mexico
    The problem here is that The Wii U will be Dead not only for nintendo but for its users as well :(
     
  3. Datalogger

    Member Datalogger Seeking to explain the IOSU for everyone to enjoy

    Joined:
    Dec 21, 2009
    Messages:
    415
    Location:
    Maui
    Country:
    United States
    Watch the vid again.
    You see it boot from NAND, run an "IOSU exploit", reboot FW.IMG from an SD card.
    What you don't see is it doing anything else because it would panic as soon as it tried to do much else.
    H and S both realized that the ARM was more than they could handle, hence they gave up defeated.

    It's easy to say "oh, ummm we did it and you will just have to believe us - but we aren't going to release it because...because.... urr, ummm...because we know what's best for you... yeah, that's the ticket, we are thinking of you!"

    It's all BS.
    They never got it to work.
    If they did, their ego's would have forced them to release it - plain and simple.
     
    Last edited by Datalogger, Jun 18, 2016
    Subtle Demise, smealum and NichyXD like this.
  4. Logan Pockrus

    Member Logan Pockrus Knawledge is key.

    Joined:
    Jan 1, 2016
    Messages:
    1,332
    Country:
    United States
    That's pretty cynical (for lack of a better term). But, considering Smea has a master's in Computer Science, you can safely assume he knows what he's doing. But it wasn't just him and Hykem; there were many more people contributing in some way shape or form. Anyway, the keys Hykem leaked? Proven to be legitimate. The video Smea posted? Well, as you made obvious, we can never be truly sure what goes on "behind the scenes" as they say, but Smea had a custom titled installed. Why is this relevant? Well, that would require signature patches, which requires an IOSU exploit. Things check out, to me. I think you've been burned one too many times by developers over-promising.
     
  5. Datalogger

    Member Datalogger Seeking to explain the IOSU for everyone to enjoy

    Joined:
    Dec 21, 2009
    Messages:
    415
    Location:
    Maui
    Country:
    United States
    If all you need as proof is to add a title to the menu, just IDA hack system_config_tool.rpx to run and you're done.
    The ARM is never going to allow you to run it, but changing the menu is no big deal.
    You need to look closer at what the boots have in store that keep this from ever being possible.
     
    Subtle Demise likes this.
  6. Logan Pockrus

    Member Logan Pockrus Knawledge is key.

    Joined:
    Jan 1, 2016
    Messages:
    1,332
    Country:
    United States
    Did you watch the video? He did run it. It was a port of Yeti3ds.
     
  7. Datalogger

    Member Datalogger Seeking to explain the IOSU for everyone to enjoy

    Joined:
    Dec 21, 2009
    Messages:
    415
    Location:
    Maui
    Country:
    United States
    And you can run any HB from just a kernel x.... no need for IOSU and no proof, as expected.

    It's no use to keep this going.

    You think they did it and kept it from you because they know what's best for you... - please go ahead and keep believing this if it makes you feel better. I have no problem with that.

    I know it was all a scam and they couldn't get it to work reliable so they came up with "FBI raids", "schools too much, no time to finish it" and "you can't handle this type of thing" of excuses - plain and simple.
     
    Subtle Demise and Jow Banks like this.
  8. Logan Pockrus

    Member Logan Pockrus Knawledge is key.

    Joined:
    Jan 1, 2016
    Messages:
    1,332
    Country:
    United States
    Alright, I agree; let's end this. But as a final thought, Hykem was full of shit when it came to his excuses. I'm not omniscient or anything, but as other reputable devs said he was legitimate, I think he was, as well.

    /end of stupid argument.
     
  9. depaul

    Member depaul GBAtemp Regular

    Joined:
    May 21, 2014
    Messages:
    225
    Country:
    France
    The IOSU is being worked on, and is probably already near completion. Probably DEVs just need a bit of luck in order to fully complete the exploit.
    I agree with what's posted above there are some DEVs that were able to discover interesting things but instead of releasing their knowledge they preferred to show off without releasing anything, and then quit.
     
  10. NWPlayer123

    Member NWPlayer123 GBAtemp Addict

    Joined:
    Feb 17, 2012
    Messages:
    2,570
    Location:
    The Everfree Forest
    Country:
    United States
    Warning: Spoilers inside!
     
    CJB100, moops44, Vappy and 5 others like this.
  11. zoogie

    Member zoogie simple pimp tool

    Joined:
    Nov 30, 2014
    Messages:
    5,523
    Country:
    United States
    There's the real reason for no IOSUhaxx. NWplayer is too busy posting memes. :P
     
    Subtle Demise likes this.
  12. EstPC13

    Member EstPC13 GBAtemp Fan

    Joined:
    Jan 3, 2016
    Messages:
    401
    Location:
    In your mind
    Country:
    Dominican Republic
     
    zoogie likes this.
  13. Swiftloke

    Member Swiftloke Hwaaaa!

    Joined:
    Jan 26, 2015
    Messages:
    1,767
    Location:
    Nowhere
    Country:
    United States
    This is one of the best posts I have ever seen in my time on the temp.
     
  14. Goopyjoe
    OP

    Newcomer Goopyjoe Member

    Joined:
    Jun 17, 2016
    Messages:
    14
    Country:
    United States
    *slow clap*
     
  15. punderino

    Member punderino faggot

    Joined:
    Jan 5, 2016
    Messages:
    729
    Location:
    Kansas City, Missouri
    Country:
    United States
    ISOU, please stop. <---- Title is wrong. Let me send this to Ryan to annoying him; the actual question here. I won't work. It just doesn't work like that.

    — Posts automatically merged - Please don't double post! —

    It's IOSU, not ISOU. Please, this is making me suicidal.
     
  16. Goopyjoe
    OP

    Newcomer Goopyjoe Member

    Joined:
    Jun 17, 2016
    Messages:
    14
    Country:
    United States
    Does it really matter? You still know what I'm talking about -_-
     
  17. punderino

    Member punderino faggot

    Joined:
    Jan 5, 2016
    Messages:
    729
    Location:
    Kansas City, Missouri
    Country:
    United States
    Yes. It does. You created a post for something that you could of found in other threads, and then proceeded to even spell it incorrectly meaning you didn't even look enough to see how it was spelled. :^ )
     
  18. Billy Acuña

    Member Billy Acuña GBAtemp Advanced Maniac

    Joined:
    Oct 10, 2015
    Messages:
    1,530
    Country:
    Mexico
    The only ones that have IOSU is Smea (which is agaist piracy and he is alreally out from the Wii U Scene) and "the unnamed" (which is dissapear thanks to the shitposting on this forum and no ones know about him).
     
  19. punderino

    Member punderino faggot

    Joined:
    Jan 5, 2016
    Messages:
    729
    Location:
    Kansas City, Missouri
    Country:
    United States
    Not true. There's a handful of developers with a 5.2.0 Wii U and the IOSU exploit that's widely known for it. Just have to write it yourself. Hykem left because he quit giving a shit. Never was raided, he's still in IRC. xDD
     
  20. QuarkTheAwesome

    Member QuarkTheAwesome Working for Hugs

    Joined:
    Apr 19, 2015
    Messages:
    582
    Location:
    Stuck in the PowerPC
    Country:
    Australia
    Just a quick explanation of the whole PPC=/=IOSU thing for the uninformed among us. This is heavily oversimplified.

    In essence, the Wii U has two processors (well, technically three but the third one is boring and has to do with emulating a specific, obscure bit of the vWii). Anyway! Two processors - The PowerPC (what we can run code on using browserhax/take full control of with kernel) and the ARM (IOSU). These are completely separate entities, but they can communicate. This isn't like the Wii, however - the IOSU watches the PowerPC like a hawk and halts the system if the code falls out of line. This is done through a permissions system - The IOSU "knows" what app is running (Mii Maker, Internet Browser, retail disc etc.) and changes the conditions appropriately. For example, the Internet Browser has limited memory, so if we try to use memory that the Internet Browser can't use under browserhax the IOSU rather firmly stops that. Loadiine works by loading Mii Maker and quietly replacing it with a game. The IOSU still thinks Mii Maker is running (and applies limits as such - No USB, limited internet etc) while the PowerPC is actually running something completely different.
    The point of all this is that while we can fool the IOSU, there's no simple way to modify it. Mii Maker will never need to fiddle with system settings or poke around the system's boot code, so the IOSU doesn't allow it. Since most homebrew runs under Mii Maker now, these restrictions apply to us as well. (And no, there isn't another app we can inject into to get around this. Someone public would have figured it out by now.)
    There's another thing worth noting: Yes, the PowerPC can directly communicate with the IOSU (IPCK_ functions for all you aspiring developers). In fact, we even got a nice example of such communication straight from MN1 himself (Link[​IMG]). However, this does not immediately give us full access - Communication is not control. I can communicate with one of Google's servers, but I can't take control of it. The server decides which of my instructions it obeys or denies based on my access rights. The same principle applies to the IOSU - It decides whether it follows my commands based on which app I am (Mii Maker most of the time).

    So to answer the OP, the IOSU is stopping us from hacking the IOSU. Even though we have full control of the PowerPC via the kernel, the IOSU still expects it to stay within certain boundaries and any attempts to get out of them (modifying the IOSU for instance) are quickly stopped.

    What do we need then? Simply put, we need an exploit which appears normal enough to the IOSU right up until we take control of it. Whether that means covertly doing stuff it doesn't notice or abusing existing, perfectly normal functions, I don't know. It may even involve something unimaginable right now (Say what you will about the more infamous devs, but there's no denying that abusing the graphics card (!) to write to protected memory to replace a syscall with one that allows unrestricted PowerPC code is absolute genius).

    If you're up for it, grab yourself a copy of fw.img from the NUS and the files that will literally tell you everything about it (Link[​IMG]). If you show interest, you'll soon find out about the place where the progress is being made (not GBATemp!) and hopefully we can all move towards getting a public exploit out there. There's a few awesome people working on this and they'd be damn happy to have another person on the team (You know who you are, we really appreciate all your work and the time you've sacrificed towards this!)

    Wow, this turned out waaay longer than I was hoping... Hope you guys don't mind! I'm open to questions - I don't bite ;3
     

Share This Page