Hacking Wii U Bricked and backup lost 0.o

[Hikari06]

Hey guys!

I was experimenting with my Wii U today (trying to inject some custom SSL certificates to spoof the Nintendo Network) when I think I've obviously done something I shouldn't have. I figured I would be okay if anything went wrong since I had dumped my nand and put it on an external drive. Well, that was until I realized my Wii U wouldn't work anymore and neither would my drive (talk about bad luck) .

So now I'm left with a bricked Wii U and probably no way to get it back.

That said, I am wondering, since I still have my otp file somewhere, would it be possible for me to dump my eMMC nand by means of harmodding, decrypt the image with the key from the otp, revert the changes I have made (the file I was working on isn't checksummed it's just that I've commented by mistake a line so it would only require me to change one or two bytes) with a hex editor and then encrypt and inject it back into the eMMC? Sounds pretty far-fetched but is there any chance this could work ?

 

[DeadlyFoez]

If you do have the correct keys then it shoukd be possible with a hardware dumper, but if you are asking here then you likely are not one whom has the capabilties of doing so. I only say that because there arent any tools publicly available and you dont sound up for the task of making such tools.

 

[jesus96]

F

 

[Hikari06]

If you do have the correct keys then it shoukd be possible with a hardware dumper, but if you are asking here then you likely are not one whom has the capabilties of doing so. I only say that because there arent any tools publicly available and you dont sound up for the task of making such tools.

Well when it comes to the software part I can handle it. I am not that experienced with soldering though. But from what I know dumping the eMMC isn't that hard provided you solder the wires properly. I'm just asking because I would have liked to know if anyone has attempted this before.

 

[Deleted User]

Well when it comes to the software part I can handle it. I am not that experienced with soldering though. But from what I know dumping the eMMC isn't that hard provided you solder the wires properly. I'm just asking because I would have liked to know if anyone has attempted this before.

I can handle the hardware side for you.

 

[DeadlyFoez]

Can you code? The hardware dumping is easy with the right tools.

 

[Hikari06]

Can you code? The hardware dumping is easy with the right tools.

I sure can I'm pretty familiar with aes-128-cbc and openssl stuff so if it is possible I should be able to do it.

I can handle the hardware side for you.

Thanks for the offer, I'll keep that in mind if I can't manage on my own

 

[BoxNinPlay]

D

Hey guys!

I was experimenting with my Wii U today (trying to inject some custom SSL certificates to spoof the Nintendo Network) when I think I've obviously done something I shouldn't have. I figured I would be okay if anything went wrong since I had dumped my nand and put it on an external drive. Well, that was until I realized my Wii U wouldn't work anymore and neither would my drive (talk about bad luck) .

So now I'm left with a bricked Wii U and probably no way to get it back.

That said, I am wondering, since I still have my otp file somewhere, would it be possible for me to dump my eMMC nand by means of harmodding, decrypt the image with the key from the otp, revert the changes I have made (the file I was working on isn't checksummed it's just that I've commented by mistake a line so it would only require me to change one or two bytes) with a hex editor and then encrypt and inject it back into the eMMC? Sounds pretty far-fetched but is there any chance this could work ?

Did you try asking to Smea if he can give you some clue or some help, a couple weeks ago he bricked his Wii U and bring it back with hardmod, there is a video and picture where he show that, perhaps he can help you in something....

 

[DocAmes1980]

Hey guys!

I was experimenting with my Wii U today (trying to inject some custom SSL certificates to spoof the Nintendo Network) when I think I've obviously done something I shouldn't have. I figured I would be okay if anything went wrong since I had dumped my nand and put it on an external drive. Well, that was until I realized my Wii U wouldn't work anymore and neither would my drive

I dunno about getting the data off your NAND. But why have you given up getting the data off the HDD? How did it stop working? If it's a problem with the enclosure you could take the drive out and hook it up to a computer. I believe the HDDs in most enclosures just use regular SATA connectors. Sometimes connected to a weird adapter. Can you read the SMART data? It the actual drive failing?

 

[DeadlyFoez]

There is the whole SD/eMMC hack that is very simple to do. The actual NAND chip has two 512mb banks and that can accessed via an infectus, teensy 2.0++, or a progskeet. The NAND is certainly more difficult as it is best to actually remove the NAND chip for dumping/writing. I only have experience with using an infectus, although I do have a teensy 2.0++ I just never got around to figuring that out since my infectus works just fine.

I still have yet to dump the flash chips from my wii u, but I am considering giving it a go if I can get everyone to stop playing games on it for a few hours.

If you are up for working on a project together then I could do testing on my wii u. I could dump my keys and flash chips, you see if you can decrypt->modify data->re-encrypt and then I can test it out on my wii u.

I have been hoping someone would make a program that can modify files in an encrypted image. If that gets done then wii u hacking will become a lot more interesting. I tried asking giantpune if he would be willing to work on a program like that since he has enough experience to do it but he wasn't interested as he has life and family.

 

[Hikari06]

I dunno about getting the data off your NAND. But why have you given up getting the data off the HDD? How did it stop working? If it's a problem with the enclosure you could take the drive out and hook it up to a computer. I believe the HDDs in most enclosures just use regular SATA connectors. Sometimes connected to a weird adapter. Can you read the SMART data? It the actual drive failing?

Well actually it's an internal drive which I have converted to an external drive. I took the enclosure out and connected it on two different computers with different sata cables and the hard drive starts making clicking noises, which isn't usually a good sign, and isn't even shown in the bios.

There is the whole SD/eMMC hack that is very simple to do. The actual NAND chip has two 512mb banks and that can accessed via an infectus, teensy 2.0++, or a progskeet. The NAND is certainly more difficult as it is best to actually remove the NAND chip for dumping/writing. I only have experience with using an infectus, although I do have a teensy 2.0++ I just never got around to figuring that out since my infectus works just fine.

I still have yet to dump the flash chips from my wii u, but I am considering giving it a go if I can get everyone to stop playing games on it for a few hours.

If you are up for working on a project together then I could do testing on my wii u. I could dump my keys and flash chips, you see if you can decrypt->modify data->re-encrypt and then I can test it out on my wii u.

I have been hoping someone would make a program that can modify files in an encrypted image. If that gets done then wii u hacking will become a lot more interesting. I tried asking giantpune if he would be willing to work on a program like that since he has enough experience to do it but he wasn't interested as he has life and family.

Hopefully the changes I have made were on the eMMC nand so I'm going to try to dump it tomorrow via the SD method since it seems easy enough for me. As for the decryption I am going to try to decrypt the whole image without paying too much attention to the the file system. If I can decipher the data then I should be able to locate the file I have to patch, change a few bytes with a hex editor, then encrypt the image back. If this works maybe I'lltake a closer look at the fs so I can get some kind of app to patch your image on the fly

 

[ItsKipz]

Well actually it's an internal drive which I have converted to an external drive. I took the enclosure out and connected it on two different computers with different sata cables and the hard drive starts making clicking noises, which isn't usually a good sign, and isn't even shown in the bios.



Hopefully the changes I have made were on the eMMC nand so I'm going to try to dump it tomorrow via the SD method since it seems easy enough for me. As for the decryption I am going to try to decrypt the whole image without paying too much attention to the the file system. If I can decipher the data then I should be able to locate the file I have to patch, change a few bytes with a hex editor, then encrypt the image back. If this works maybe I'lltake a closer look at the fs so I can get some kind of app to patch your image on the fly

If you get this working, keep us updated! an easy unbrick tool would be really useful.

 

[rw-r-r_0644]

What part of your wii u bricked? SLC or MLC?
If it's SLC it may be more difficult..

 

[Hikari06]

What part of your wii u bricked? SLC or MLC?
If it's SLC it may be more difficult..

MLC

 

[rw-r-r_0644]

MLC

Ok, Nice
you probably already seen this but.. : https://www.reboot.ms/forum/threads/guide-emmc-nand-dump-backup-restore.530/

 

[DocAmes1980]

Well actually it's an internal drive which I have converted to an external drive. I took the enclosure out and connected it on two different computers with different sata cables and the hard drive starts making clicking noises, which isn't usually a good sign, and isn't even shown in the bios.

OK. Just making sure. Sounds like it's f___ed. Everything NAND related is above my pay grade. Good luck sir.

 

[pwsincd]

http://www.wiiubru.com/rip/

 

[Hikari06]

http://www.wiiubru.com/rip/

I don't want to sound too optimistic cause I'm not sure sure it will work but I think there still is a chance it will considering that I have the keys used to encrypt the mlc. I think it's worth giving it a shot at least

 

[ItsKipz]

I don't want to sound too optimistic cause I'm not sure sure it will work but I think there still is a chance it will consedering that I have the keys used to encrypt the mlc. I think it's worth giving it a shot at least

Good luck!!!

 

[Risingdawn]

How important is the data on that hdd? The clicking sounds are more than likely internal mechanisms warping over time, it's probably recoverable professionally at extreme cost (a new wiiu will probably be cheaper).

However, and this really really would be a last ditch suicide mission, there is a way of sometimes recovering it just long enough to pull some data.

If you can seal the drive in a sandwich bag or similar and freeze it it can shrink the internal mechanism and potentially allow movement again.

It will kill your drive. It probably wont work. If its not sealed it could short the circuit boards/the rest of your p.c.

I have tried this on 3 hdd. It has never worked lol. My colleague reckons he's got it working once long enough to grab some photos off and I doubt he would lie.

It might be worth a try if the data is important and your just going to bin it.