Wii U Bricked and backup lost 0.o

Discussion in 'Wii U - Hacking & Backup Loaders' started by Hikari06, Nov 29, 2016.

  1. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    900
    642
    Nov 20, 2012
    France
    Hey guys!

    I was experimenting with my Wii U today (trying to inject some custom SSL certificates to spoof the Nintendo Network) when I think I've obviously done something I shouldn't have. I figured I would be okay if anything went wrong since I had dumped my nand and put it on an external drive. Well, that was until I realized my Wii U wouldn't work anymore and neither would my drive (talk about bad luck) :sad:.:hateit::hateit:

    So now I'm left with a bricked Wii U and probably no way to get it back.

    That said, I am wondering, since I still have my otp file somewhere, would it be possible for me to dump my eMMC nand by means of harmodding, decrypt the image with the key from the otp, revert the changes I have made (the file I was working on isn't checksummed it's just that I've commented by mistake a line so it would only require me to change one or two bytes) with a hex editor and then encrypt and inject it back into the eMMC? Sounds pretty far-fetched but is there any chance this could work ?
     
    Last edited by Hikari06, Nov 29, 2016


  2. DeadlyFoez

    DeadlyFoez GBAtemp Guru

    Member
    5,436
    1,469
    Apr 12, 2009
    United States
    If you do have the correct keys then it shoukd be possible with a hardware dumper, but if you are asking here then you likely are not one whom has the capabilties of doing so. I only say that because there arent any tools publicly available and you dont sound up for the task of making such tools.
     
  3. jesus96

    jesus96 Advanced Member

    Newcomer
    61
    22
    Sep 2, 2015
    Mexico
    F :(
     
    CatmanFan and Conn0r like this.
  4. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    900
    642
    Nov 20, 2012
    France
    Well when it comes to the software part I can handle it. I am not that experienced with soldering though. But from what I know dumping the eMMC isn't that hard provided you solder the wires properly. I'm just asking because I would have liked to know if anyone has attempted this before.
     
  5. ModderFokker619

    ModderFokker619 Advanced Member

    Newcomer
    57
    15
    Oct 2, 2015

    I can handle the hardware side for you.
     
  6. DeadlyFoez

    DeadlyFoez GBAtemp Guru

    Member
    5,436
    1,469
    Apr 12, 2009
    United States
    Can you code? The hardware dumping is easy with the right tools.
     
  7. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    900
    642
    Nov 20, 2012
    France
    I sure can :) I'm pretty familiar with aes-128-cbc and openssl stuff so if it is possible I should be able to do it.
    Thanks for the offer, I'll keep that in mind if I can't manage on my own :)
     
    zeldaism, jesus96 and ModderFokker619 like this.
  8. BoxNinPlay

    BoxNinPlay GBAtemp Regular

    Member
    195
    48
    Jan 4, 2016
    D
    Did you try asking to Smea if he can give you some clue or some help, a couple weeks ago he bricked his Wii U and bring it back with hardmod, there is a video and picture where he show that, perhaps he can help you in something....
     
    Last edited by BoxNinPlay, Nov 29, 2016
  9. DocAmes1980

    DocAmes1980 GBAtemp Advanced Fan

    Member
    518
    316
    Oct 31, 2016
    United States
    I dunno about getting the data off your NAND. But why have you given up getting the data off the HDD? How did it stop working? If it's a problem with the enclosure you could take the drive out and hook it up to a computer. I believe the HDDs in most enclosures just use regular SATA connectors. Sometimes connected to a weird adapter. Can you read the SMART data? It the actual drive failing?
     
  10. DeadlyFoez

    DeadlyFoez GBAtemp Guru

    Member
    5,436
    1,469
    Apr 12, 2009
    United States
    There is the whole SD/eMMC hack that is very simple to do. The actual NAND chip has two 512mb banks and that can accessed via an infectus, teensy 2.0++, or a progskeet. The NAND is certainly more difficult as it is best to actually remove the NAND chip for dumping/writing. I only have experience with using an infectus, although I do have a teensy 2.0++ I just never got around to figuring that out since my infectus works just fine.

    I still have yet to dump the flash chips from my wii u, but I am considering giving it a go if I can get everyone to stop playing games on it for a few hours.

    If you are up for working on a project together then I could do testing on my wii u. I could dump my keys and flash chips, you see if you can decrypt->modify data->re-encrypt and then I can test it out on my wii u.

    I have been hoping someone would make a program that can modify files in an encrypted image. If that gets done then wii u hacking will become a lot more interesting. I tried asking giantpune if he would be willing to work on a program like that since he has enough experience to do it but he wasn't interested as he has life and family.
     
  11. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    900
    642
    Nov 20, 2012
    France
    Well actually it's an internal drive which I have converted to an external drive. I took the enclosure out and connected it on two different computers with different sata cables and the hard drive starts making clicking noises, which isn't usually a good sign, and isn't even shown in the bios.

    Hopefully the changes I have made were on the eMMC nand so I'm going to try to dump it tomorrow via the SD method since it seems easy enough for me. As for the decryption I am going to try to decrypt the whole image without paying too much attention to the the file system. If I can decipher the data then I should be able to locate the file I have to patch, change a few bytes with a hex editor, then encrypt the image back. If this works maybe I'lltake a closer look at the fs so I can get some kind of app to patch your image on the fly :)
     
  12. ItsKipz

    ItsKipz l33t hax0r

    Member
    1,658
    990
    Sep 9, 2016
    United States
    The C: drive
    If you get this working, keep us updated! an easy unbrick tool would be really useful.
     
  13. rw-r-r_0644

    rw-r-r_0644 GBAtemp Fan

    Member
    334
    380
    Jan 13, 2016
    Italy
    What part of your wii u bricked? SLC or MLC?
    If it's SLC it may be more difficult..
     
  14. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    900
    642
    Nov 20, 2012
    France
    MLC :)
     
    rw-r-r_0644 likes this.
  15. rw-r-r_0644

    rw-r-r_0644 GBAtemp Fan

    Member
    334
    380
    Jan 13, 2016
    Italy
  16. DocAmes1980

    DocAmes1980 GBAtemp Advanced Fan

    Member
    518
    316
    Oct 31, 2016
    United States
    OK. Just making sure. Sounds like it's f___ed. Everything NAND related is above my pay grade. Good luck sir.
     
  17. pwsincd

    pwsincd Garage Flower

    Member
    3,337
    1,732
    Dec 4, 2011
    Manchester UK
  18. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    900
    642
    Nov 20, 2012
    France
    I don't want to sound too optimistic cause I'm not sure sure it will work but I think there still is a chance it will considering that I have the keys used to encrypt the mlc. I think it's worth giving it a shot at least :P
     
    Last edited by Hikari06, Nov 29, 2016
  19. ItsKipz

    ItsKipz l33t hax0r

    Member
    1,658
    990
    Sep 9, 2016
    United States
    The C: drive
    Good luck!!!
     
  20. Risingdawn

    Risingdawn GBAtemp Pickle

    Member
    647
    437
    May 22, 2010
    United Kingdom
    How important is the data on that hdd? The clicking sounds are more than likely internal mechanisms warping over time, it's probably recoverable professionally at extreme cost (a new wiiu will probably be cheaper).

    However, and this really really would be a last ditch suicide mission, there is a way of sometimes recovering it just long enough to pull some data.

    If you can seal the drive in a sandwich bag or similar and freeze it it can shrink the internal mechanism and potentially allow movement again.

    It will kill your drive. It probably wont work. If its not sealed it could short the circuit boards/the rest of your p.c.

    I have tried this on 3 hdd. It has never worked lol. My colleague reckons he's got it working once long enough to grab some photos off and I doubt he would lie.

    It might be worth a try if the data is important and your just going to bin it.