Hacking Wii U Hacking & Homebrew Discussion

[TheZander]

Not yet, we're all still pretty busy (to the point of not even signing in to Skype), so not much progress has been made. I'd expect to hear something by Monday(weekends are usually the best time to work).

The ideal situation considering the exploit for 4-5 was patched subsequently on 5.3 is to stock pile different browser exploits that achieve the same thing say every update. And a matter of >5.3 is just porting the same exploit to be compatible with different firmware. So when the stuff is released there will be a newly introduced browser exploit that will gain access to the kernel exploit thus enabling you to do all the kernel stuff. Considering the kernel exploit it is compatible with every firmware and it's a matter of porting? Also the kernel exploit could be patched too correct? So on top of stock piling browser exploits you're also looking for kernel exploits as well? Obviously this is all concerning the current firmware as anything less wouldn't matter.

You don't have to answer I was thinking out loud my comprehension of everything.

Now for a real n00b question I've stared at that diagram of all those things: cafe, espresso. Does Kernel Exploit = IOSU exploit? If not that means there is a third thing you guys need to exploit to use your caffiine deal? Or since whatever IOSU is, it involves keys so nintendo would be unable to patch IOSU?

When everything is released The general deal is. Web Browser Exploit > Kernel / IOSU something > Caffiine?

Since newer games aren't supported with Older firmware would you recommend everyone update to the most current firmware if not done so already as to greater expand the library of games used in caffiine? because it is already usable with the current firmware? Or would you say it all depends on the end user and what intend to do with said exploit, like not having any interest in caffiine or 3rd party apps that do not involve games at all. Say the homebrew pong and things such as that?

Do you know if homebrewed applications are compatible with all firmware without the need to port? Say Pong? It would make sense since it is code run off the computer in C, it wouldn't need to be ported. Thus as of now the only benefit to older firmware is the available browser exploit. Which is useful to people interested in using it currently. But once everything is released + new browser exploit Why stay on anything less than 5.3?

Once again, I realize this a plethora of stupid / redundant questions, just my current take on the state of things.

 

[EpicLPer]

Yeah sorry for asking the obvious but this thread is going nuts lately ;P 10 pages in a few days, I seriously have better things to do with my life than searching out for the cherries here

Lol no just kidding ;P

 

[NWPlayer123]

The ideal situation considering the exploit for 4-5 was patched subsequently on 5.3 is to stock pile different browser exploits that achieve the same thing say every update. And a matter of >5.3 is just porting the same exploit to be compatible with different firmware. So when the stuff is released there will be a newly introduced browser exploit that will gain access to the kernel exploit thus enabling you to do all the kernel stuff. Considering the kernel exploit it is compatible with every firmware and it's a matter of porting? Also the kernel exploit could be patched too correct? So on top of stock piling browser exploits you're also looking for kernel exploits as well? Obviously this is all concerning the current firmware as anything less wouldn't matter.

You don't have to answer I was thinking out loud my comprehension of everything.

Now for a real n00b question I've stared at that diagram of all those things: cafe, espresso. Does Kernel Exploit = IOSU exploit? If not that means there is a third thing you guys need to exploit to use your caffiine deal? Or since whatever IOSU is, it involves keys so nintendo would be unable to patch IOSU?

When everything is released The general deal is. Web Browser Exploit > Kernel / IOSU something > Caffiine?

Since newer games aren't supported with Older firmware would you recommend everyone update to the most current firmware if not done so already as to greater expand the library of games used in caffiine? because it is already usable with the current firmware? Or would you say it all depends on the end user and what intend to do with said exploit, like not having any interest in caffiine or 3rd party apps that do not involve games at all. Say the homebrew pong and things such as that?

Do you know if homebrewed applications are compatible with all firmware without the need to port? Say Pong? It would make sense since it is code run off the computer in C, it wouldn't need to be ported. Thus as of now the only benefit to older firmware is the available browser exploit. Which is useful to people interested in using it currently. But once everything is released + new browser exploit Why stay on anything less than 5.3?

Once again, I realize this a plethora of stupid / redundant questions, just my current take on the state of things.

Yeah, it's mostly just a matter of finding offsets to port it to different firmwares. And yes, it is possible to patch (as far as I know anyways).

I'm not the best person to explain how the different layers interact, but it's kinda like the picture here, applications are running in userspace (as are other RPX/RPL files).
The kernel which is protected from userspace, decrypted at boot (with the key being disabled after that), and I'm not sure what all it handles.
IOSU which is a Starbuck binary (running on the security processor), and does mostly what you'd expect an OS to handle, address conversion, alarms, atomic data, caches, compression for decoding RPX/RPLs, debug, dynamic loading (getting functions from RPX/RPL like we've been doing), error handling (with OSFatal and OSReport debug), memory management, performance monitoring, process switching (which is also handled by the loader), synchronization and threading, and some time stuff. So basically it's userspace > kernel > IOSU, though it isn't necessary to have a kernel exploit to make an IOSU exploit since we can interface with IOSU directly through coreinit.
The kernel can also access all memory except IOSU protected code, meaning we can patch coreinit, which is what Cafiine is, patching coreinit to point to our code so we handle loading files.

Also, yes, after we get code execution on 5.3.2, I would suggest absolutely everybody update while they can to that version and then make sure it can't update (with OpenDNS or whatever, might make a guide on that later), and that's all we'll really worry about since at this point in time it's the latest version. There's no point in staying on a lower firmware version with what we have now. We get functions through OSDynLoad so it works with any firmware version, it's just the exploits that need hardcoded offsets.

 

[naxil]

We can see a little proof?

 

[Marionumber1]

Yeah, it's mostly just a matter of finding offsets to port it to different firmwares. And yes, it is possible to patch (as far as I know anyways).

I'm not the best person to explain how the different layers interact, but it's kinda like the picture here, applications are running in userspace (as are other RPX/RPL files).
The kernel which is protected from userspace, decrypted at boot (with the key being disabled after that), and I'm not sure what all it handles.
IOSU which is a Starbuck binary (running on the security processor), and does mostly what you'd expect an OS to handle, address conversion, alarms, atomic data, caches, compression for decoding RPX/RPLs, debug, dynamic loading (getting functions from RPX/RPL like we've been doing), error handling (with OSFatal and OSReport debug), memory management, performance monitoring, process switching (which is also handled by the loader), synchronization and threading, and some time stuff. So basically it's userspace > kernel > IOSU, though it isn't necessary to have a kernel exploit to make an IOSU exploit since we can interface with IOSU directly through coreinit.
The kernel can also access all memory except IOSU protected code, meaning we can patch coreinit, which is what Cafiine is, patching coreinit to point to our code so we handle loading files.

Also, yes, after we get code execution on 5.3.2, I would suggest absolutely everybody update while they can to that version and then make sure it can't update (with OpenDNS or whatever, might make a guide on that later), and that's all we'll really worry about since at this point in time it's the latest version. There's no point in staying on a lower firmware version with what we have now. We get functions through OSDynLoad so it works with any firmware version, it's just the exploits that need hardcoded offsets.

That isn't completely accurate. You have Cafe OS and IOSU's roles a bit mixed up. To explain how the layers work together, it makes sense to start with the boot process. When the Wii U boots up, it's initially only the ARM chip that's running code. It begins running boot0 from its internal ROM, then loads boot1, which loads IOSU. IOSU handles two main pieces of functionality: security and hardware access. IOSU controls much of the system security policy, enforcing file permissions, checking title signatures, and handling the process of launching titles. It also arbitrates access to many of the "unseen" peripherals, like the storage, networking, and USB. A good way of explaining this is that IOSU controls most of what you don't see.

IOSU launches titles which then run on the PowerPC. But rather than letting PPC code just directly access the hardware, Nintendo created the Cafe OS kernel, which runs in the most privileged CPU mode while the rest of the code runs in a less privileged mode. The Cafe OS kernel makes sure that you only get to access the memory that it wants you to; it does this through the PowerPC's MMU. Other components of Cafe OS include the loader, which is a privileged userspace application that loads executables into memory. Finally, the system libraries like coreinit are components of Cafe OS as well, which get linked into every application. Cafe OS helps keep userspace applications in their own little sandbox, stopping them from trashing other applications' code and data. It also provides a lot of useful services through its syscalls and libraries. These libraries mean that unlike the Wii, all games can share a copy of core system routines.

 

[OncleJulien]

Now I'm not dumb but I don't understand...

Your analogy?


Edit: Oh like if as Space Exploded it would be blatantly obvious?

Edit 2: stupid confusion of analogies and metaphors...

or similes.

 

[FusionGamer]

NWPlayer123
Please make an OpenDNS guide. Would make life and switching to elementary OS (awesome Linux distribution) a whole lot easier.

 

[OriginalHamster]

Does IOSU works similar to Wii's IOS?
Is it a collection of different IOSUs or just one handle everything?

 

[Marionumber1]

Does IOSU works similar to Wii's IOS?
Is it a collection of different IOSUs or just one handle everything?

It serves pretty much the exact same purpose, but it's a rewrite. I'm pretty sure it's just one, though I haven't truly confirmed it yet.

 

[Kaynabx]

Hello world !

I'm new here, I've fckn read every single page in this thread.
BUT, I still have questions.

People will probably want to kill me or even rpe my *ss !

1) I remember the Wii's hack being kinda easy and quick at that time, what did Nintendo do to make it so hard on the Wii U ?
2) Why doesn't the DarkSide project support AMD hardware ?
3) Is it a good thing to update our Wii U's right now to avoid any issue in the future ?
4) At the moment, what's the safest Version on wich a Wii U can be, according to you guys 'Marionumber1' and 'NWPlayer123'

Sorry for these "noobish" questions .. Will try to do better next time

 

[NWPlayer123]

1) I remember the Wii's hack being kinda easy and quick at that time, what did Nintendo do to make it so hard on the Wii U ?
2) Why doesn't the DarkSide project support AMD hardware ?
3) Is it a good thing to update our Wii U's right now to avoid any issue in the future ?
4) At the moment, what's the safest Version on wich a Wii U can be, according to you guys 'Marionumber1' and 'NWPlayer123'

1) mostly because now it's a "real system" with a kernel and OS running in the background, on the Wii once you had code execution you controlled the entire system and that was it.
2) Don't ask me, probably because of laziness.
3) Yeah, I'd just update now and enjoy online/eShop for the moment
4) Considering everything should work on the latest version (5.3.2, which is also what we're targeting), just update now and you should be fine.

 

[Kaynabx]

Thank you NWPlayer for replying so fast to those newbie questions !

 

[Ninja_Carver]

NWPlayer123
Please make an OpenDNS guide. Would make life and switching to elementary OS (awesome Linux distribution) a whole lot easier.

What are you trying to accomplish with OpenDNS?

 

[ShadowOne333]

What are you trying to accomplish with OpenDNS?

Block the Domains for the Nintendo Servers.
That's what why i used OpenDNS.

 

[ShadowOne333]

NWPlayer123
Please make an OpenDNS guide. Would make life and switching to elementary OS (awesome Linux distribution) a whole lot easier.

You don't need a video tutorial nor guide.
A simple search in the Temp would be sufficient:
https://gbatemp.net/threads/blocking-the-3ds-from-receiving-the-wifi-update-using-opendns.375643/

That one applies for Wii U too, I blocked those very same domains and my Wii U doesn't download updates nor enters the eShop anymore, yet it still has browser access and I've been playing RE Revelations online just fine.

 

[Ninja_Carver]

Block the Domains for the Nintendo Servers.
That's what why i used OpenDNS.

9. User Data.

The Software together with the Service may collect certain data and information about your use and, if you are an entity, your individual users’ use of the Service (“User Data”). Any personally identifiable information contained in User Data provided to OpenDNS will be treated as set forth in the OpenDNS Privacy Policy available at http://www.opendns.com/privacy-policy/. With the exception of any personally identifiable information you or your individual users submit, any information you transmit to OpenDNS via the Services related to the functionality of the Services and Software, whether by direct entry, submission, e-mail or otherwise, including data, questions, comments, or suggestions, will be treated as non-confidential and non-proprietary and will become the property of OpenDNS. OpenDNS also owns all data generated by the Services and Software, and any statistical information related to the usage, traffic patterns and behavior of the users of the Services (“Statistical Data”) (so long as such Statistical Data will not include personally identifying User Data).

Yeah, no thanks...

 

[kardus]

You can block domains on almost any modern router if you have admin access to it. If by some chance your router doesn't support it's probably possible to install a different firmware like tomato/openwrt/ddwrt etc which supports this.

 

[SnAQ]

9. User Data.

The Software together with the Service may collect certain data and information about your use and, if you are an entity, your individual users’ use of the Service (“User Data”). Any personally identifiable information contained in User Data provided to OpenDNS will be treated as set forth in the OpenDNS Privacy Policy available at http://www.opendns.com/privacy-policy/. With the exception of any personally identifiable information you or your individual users submit, any information you transmit to OpenDNS via the Services related to the functionality of the Services and Software, whether by direct entry, submission, e-mail or otherwise, including data, questions, comments, or suggestions, will be treated as non-confidential and non-proprietary and will become the property of OpenDNS. OpenDNS also owns all data generated by the Services and Software, and any statistical information related to the usage, traffic patterns and behavior of the users of the Services (“Statistical Data”) (so long as such Statistical Data will not include personally identifying User Data).

Yeah, no thanks...

Wow, someone actually reads those things?

 

[ShadowOne333]

Keep struggling with your open internet access then

 

[VinsCool]

Keep struggling with your open internet access then

You forgot about other options, like router config (for those supporting ip blocking).