Hacking Wii U Hacking & Homebrew Discussion

[TheLoneWolfe]

Hey guys, so after discovering that the browser exploit was ported to my system menu version of 5.1, I took interest in playing around with it a bit, but I'm kinda stuck. I installed DevkitPPC and Python, cloned the wiiu-userspace repo, and ran build.sh on hello.c, but I'm supposed to get an rpx, right? I'm not getting an error, just a warning about being unable to find symbol _start, defaulting to some number and then a 0 on its own line. hello.o is appearing in the build folder, but no rpx is appearing. I'm on a Mac, by the way.

 

[Relys]

Hey guys, so after discovering that the browser exploit was ported to my system menu version of 5.1, I took interest in playing around with it a bit, but I'm kinda stuck. I installed DevkitPPC and Python, cloned the wiiu-userspace repo, and ran build.sh on hello.c, but I'm supposed to get an rpx, right? I'm not getting an error, just a warning about being unable to find symbol _start, defaulting to some number and then a 0 on its own line. hello.o is appearing in the build folder, but no rpx is appearing. I'm on a Mac, by the way.

No, you built it correctly. It will generate test<VER>.html in the root directory of the repo. Copy it along with frame.html into directory on your webserver.

 

[loco365]

I want to try hosting it locally on my computer, but I'm not having any luck. I've told MSE to not look in a particular folder used by my local hosting program, HFS, but I can't seem to get the binary into that folder before MSE strips it. Could perhaps someone make a pastebin of the working file in its hex representation so that I can open a new document and paste it in and save it? I'd like to see if I can host this without being online so that I can execute the binary without internet access so I can keep my system offline.

Edit: I'm on 5.X so that's important and yeah.

 

[Relys]

I want to try hosting it locally on my computer, but I'm not having any luck. I've told MSE to not look in a particular folder used by my local hosting program, HFS, but I can't seem to get the binary into that folder before MSE strips it. Could perhaps someone make a pastebin of the working file in its hex representation so that I can open a new document and paste it in and save it? I'd like to see if I can host this without being online so that I can execute the binary without internet access so I can keep my system offline.

Edit: I'm on 5.X so that's important and yeah.

Go to MSE quarantine and restore. Or just turn off MSE for a bit.

 

[the_randomizer]

I'm so bloody lost in this who exploit thing. Like, as in what I can or can't do at this point in time or how to do it. I'd best sit back for the next while till I feel less confused as to what's really going on.

Edit: Never mind, eff this.

 

[Relys]

I'm so bloody lost in this who exploit thing. Like, as in what I can or can't do at this point in time or how to do it. I'd best sit back for the next while till I feel less confused as to what's really going on.

My god, it's called a readme for a reason.

 

[the_randomizer]

My god, it's called a readme for a reason.

No shit, I was mostly curious as to what people were doing is all, and why, because, what does this achieve, that's what I was trying to ask. It runs the code, but then what? What's so wrong with inquiring as to what is going on? People are running the code, I understand that. You needn't be so condescending about an inquiry.

 

[NWPlayer123]

Hey guys, so after discovering that the browser exploit was ported to my system menu version of 5.1, I took interest in playing around with it a bit, but I'm kinda stuck. I installed DevkitPPC and Python, cloned the wiiu-userspace repo, and ran build.sh on hello.c, but I'm supposed to get an rpx, right? I'm not getting an error, just a warning about being unable to find symbol _start, defaulting to some number and then a 0 on its own line. hello.o is appearing in the build folder, but no rpx is appearing. I'm on a Mac, by the way.

No, we can't even run rpx files at this point, and DevKitPPC is irrelevant to the Wii U in Cafe OS mode. You should look for "test500.html" and copy it and frame.html to wherever you're testing from.

No shit, I was mostly curious as to what people were doing is all, and why, because, what does this achieve, that's what I was trying to ask. It runs the code, but then what? What's wrong with asking about what exactly is going on?

It's exactly that, it runs the code that's all there is to it, it allows code execution.

 

[darkseekerliu]

Great!!! Exploit running on the newest firmware. What are the possibilities now?

 

[loco365]

Go to MSE quarantine and restore. Or just turn off MSE for a bit.

Yeah, Quarantine/Restore failed to work, so I just disabled it and downloaded the file. I got it into my safe folder, then re-enabled it, and I have the exploit working and locally hosted for HFS to use.

 

[Goku Junior]

Great!!! Exploit running on the newest firmware. What are the possibilities now?

Same as before, but now in the newer firwares , just wait for kernel exploit and we will have more features!

 

[Deleted User]

Your anti-virus is probably removing the shell code. Inspect the HTML with editor.

Also, couldn't we encrypt the payload and do the decryption process on the Wii U with javascript so people wouldn't keep getting false AV messages?

Funny thing is, I don't have any AV software. .

 

[TheLoneWolfe]

No, you built it correctly. It will generate test<VER>.html in the root directory of the repo. Copy it along with frame.html into directory on your webserver.

Thanks Relys, I'll try that out later!

 

[zecoxao]

it'd be nice to test some homebrew from the sdk

 

[TheLoneWolfe]

Very cool, works for me. Thanks MN1 and team.

 

[Marionumber1]

Hey guys, so after discovering that the browser exploit was ported to my system menu version of 5.1, I took interest in playing around with it a bit, but I'm kinda stuck. I installed DevkitPPC and Python, cloned the wiiu-userspace repo, and ran build.sh on hello.c, but I'm supposed to get an rpx, right? I'm not getting an error, just a warning about being unable to find symbol _start, defaulting to some number and then a 0 on its own line. hello.o is appearing in the build folder, but no rpx is appearing. I'm on a Mac, by the way.

You're not supposed to get an RPX, you get an HTML file (in this case, test500.html) which you navigate to on your Wii U to run unsigned code. Make sure that test500.html and frame.html are both on your server.

EDIT: Didn't see page 26.

 

[RHOPKINS13]

Works for me! Is there any way I can help poke around for a kernel exploit? I'm a programmer but am n00bish when it comes to these exploits...

 

[TheLoneWolfe]

You're not supposed to get an RPX, you get an HTML file (in this case, test500.html) which you navigate to on your Wii U to run unsigned code. Make sure that test500.html and frame.html are both on your server.

EDIT: Didn't see page 26.

Haha, yeah someone beat you to it. But thanks for your work!

 

[TeamScriptKiddies]

I can also confirm that the exploit is working on 5.0.0 . Rock on Marionumber1 and friends!

 

[TeamScriptKiddies]

So from what I understand, the exploit for 5.0.0 also runs on 5.1.0 as well. Can anyone confirm this? I'm updating thehomebrewcometh right now. I need to know if I just need one button for both firmwares (to launch the exploit) or two separate ones for each of those firmwares. Marionumber1 NWPlayer123 Chadderz?