But the system has to call these functions as well so I assume the system RPLs are installed in the Wii U!?
(accessible at the offset @NWPlayer123 wrote a little above?)
(accessible at the offset @NWPlayer123 wrote a little above?)
In looking whether I can do it to dump the data (kind of)?Yes, but what's the fun in that?
For a moment of happiness and practice, I guess!?
Edit:
Using Cafiine would be much easier of course, but sadly it isn't public yet!
Out of curiosity, is the GX2 example supposed to print NULL (i.e. 0x00000000)? I know the code says it's supposed to print the address of the framebuffer, but it sounds like it doesn't quite work on my Wii U, sadly.
Either I reverse-engineered gx2.rpl wrong or they don't set up a framebuffer.
- Joined
- Apr 22, 2007
- Messages
- 1,567
- Trophies
- 0
- Location
- The Netherlands
- Website
- www.hyrule.net
- XP
- 737
- Country
-
Good to see some messing around, thanks to the exploit, already.
To get everyone who's down about stability issue's back up and happy, I've added bubbles to wiiulib.arndroid.nl, whoop.
Of course, these bubbles are based upon the HBC on the Wii. I tried to include the same variety of bubbles as we have on the Wii HBC, but without images, and being light-weight enough for the WiiU's browser.
Also, I made the WiiU page accessible via PC now. So it's easier to figure out what's wrong via the PC. (CTRL+U/Inspect element stuff for structure issue's, by others, if there are any?)
And so there is no more need for crappy pictures, haha.
From the other thread it seems the exploits are generally more unstable from a remote host. But doing: "Delete cookies ,Close and re-open the browser, have only one opened tab." seems to improve your chances.
To get everyone who's down about stability issue's back up and happy, I've added bubbles to wiiulib.arndroid.nl, whoop.
Of course, these bubbles are based upon the HBC on the Wii. I tried to include the same variety of bubbles as we have on the Wii HBC, but without images, and being light-weight enough for the WiiU's browser.
Also, I made the WiiU page accessible via PC now. So it's easier to figure out what's wrong via the PC. (CTRL+U/Inspect element stuff for structure issue's, by others, if there are any?)
And so there is no more need for crappy pictures, haha.
From the other thread it seems the exploits are generally more unstable from a remote host. But doing: "Delete cookies ,Close and re-open the browser, have only one opened tab." seems to improve your chances.
Alright, I got some code to boot that I had my head scratching over for the past hours.
What I did:
1) Open the Internet Browser.
2) Edit a bookmark to your exploit URL.
3) Visit a couple websites in 3 different tabs. (I used IGN, YouTube and N4G not like it matters)
4) Open a 4th tab, but don't visit any website.
5) Power off your Wii U normally.
6) Boot your Wii U back up and open the Internet Browser.
7) Hit the bookmark and pray.
Edit: To make sure it wasn't just a fluke I attempted to run the same code multiple times and it seems very consistent now.
What I did:
1) Open the Internet Browser.
2) Edit a bookmark to your exploit URL.
3) Visit a couple websites in 3 different tabs. (I used IGN, YouTube and N4G not like it matters)
4) Open a 4th tab, but don't visit any website.
5) Power off your Wii U normally.
6) Boot your Wii U back up and open the Internet Browser.
7) Hit the bookmark and pray.
Edit: To make sure it wasn't just a fluke I attempted to run the same code multiple times and it seems very consistent now.
Last edited by DarkKaine,
http://wiiulib.arndroid.nl Doesn't seem to work for me.
http://crediar.no-ip.com/wiiuhaxx Doesn't seem to work for me.
http://nwplayer123.bplaced.net/hello.html Works ONLY AFTER using:
http://nwplayer123.bplaced.net/exit.html (which also works, obviously)
5.3.2U
Later on, I will try running crediar's after exit.html.
http://crediar.no-ip.com/wiiuhaxx Doesn't seem to work for me.
http://nwplayer123.bplaced.net/hello.html Works ONLY AFTER using:
http://nwplayer123.bplaced.net/exit.html (which also works, obviously)
5.3.2U
Later on, I will try running crediar's after exit.html.
I updated hello.html and exit.html based on finding out that the copy of code we were using for execution was cut off, try this and see if it works any better.
http://nwplayer123.bplaced.net/hello.html
http://nwplayer123.bplaced.net/exit.html
http://nwplayer123.bplaced.net/hello.html
http://nwplayer123.bplaced.net/exit.html
Neither worked, for reasons we haven't yet found. However, due to the recent fix we pushed to libwiiu, they may work now (I haven't tried).
This helps. Actually i think "5) Power off your Wii U normally." does the thing. After that, both crediar's and NWplayer123 examples work everytime.
I actually got some graphics-esque stuff to work (e.g. clearing the framebuffer to white), using commit 85176959030cccf3c8cfadd20901952832d57fb9.
Using the osscreen template as a beginning template, I removed the thread count/waiting stuff since that seems to freeze the console. It hangs after entering the entryPoint though, no clue where.
Code:
#include "loader.h"
void _start()
{
/****************************> Fix Stack <****************************/
//Load a good stack
asm(
"lis %r1, 0x1ab5 ;"
"ori %r1, %r1, 0xd138 ;"
);
/****************************> Get Handles <****************************/
//Get a handle to coreinit.rpl
unsigned int coreinit_handle;
OSDynLoad_Acquire("coreinit.rpl", &coreinit_handle);
/****************************> External Prototypes <****************************/
//OSScreen functions
void(*OSScreenInit)();
unsigned int(*OSScreenGetBufferSizeEx)(unsigned int bufferNum);
unsigned int(*OSScreenSetBufferEx)(unsigned int bufferNum, void * addr);
//OS Thread functions
long(*OSCheckActiveThreads)();
//Misc OS functions
void(*OSRestartGame)();
//OS Memory functions
void(*DCFlushRange)(void *buffer, uint32_t length);
/****************************> Exports <****************************/
//OSScreen functions
OSDynLoad_FindExport(coreinit_handle, 0, "OSScreenInit", &OSScreenInit);
OSDynLoad_FindExport(coreinit_handle, 0, "OSScreenGetBufferSizeEx", &OSScreenGetBufferSizeEx);
OSDynLoad_FindExport(coreinit_handle, 0, "OSScreenSetBufferEx", &OSScreenSetBufferEx);
//OSThread functions
OSDynLoad_FindExport(coreinit_handle, 0, "OSCheckActiveThreads", &OSCheckActiveThreads);
//Misc OS functions
OSDynLoad_FindExport(coreinit_handle, 0, "OSRestartGame", &OSRestartGame);
//OS Memory functions
OSDynLoad_FindExport(coreinit_handle, 0, "DCFlushRange", &DCFlushRange);
/****************************> Initial Setup <****************************/
//Restart the web browser. This stops active threads for browser. Browser GUI thread runs on CPU0.
OSRestartGame();
//Call the Screen initilzation function.
OSScreenInit();
//Grab the buffer size for each screen (TV and gamepad)
int buf0_size = OSScreenGetBufferSizeEx(0);
int buf1_size = OSScreenGetBufferSizeEx(1);
//Set the buffer area.
OSScreenSetBufferEx(0, (void *)0xF4000000);
OSScreenSetBufferEx(1, (void *)0xF4000000 + buf0_size);
//Clear both framebuffers.
int ii = 0;
for (ii; ii < 2; ii++)
{
fillScreen(255,255,255,255);
flipBuffers();
}
//Jump to entry point.
_entryPoint();
}Edit: It's not very consistent though..a race condition maybe, since I'm not cleaning up the browser? The helloworld works for me every time, for example.
Last edited by daxtsu,
- Joined
- Apr 22, 2007
- Messages
- 1,567
- Trophies
- 0
- Location
- The Netherlands
- Website
- www.hyrule.net
- XP
- 737
- Country
-
I've recompiled the homebrews from a fresh new libwiiu just now, and uploaded them to wiiulib.arndroid.nl.
Maybe we'll have better luck this time?
Maybe we'll have better luck this time?
Similar threads
