Hacking Wii U Hacking & Homebrew Discussion

[WulfyStylez]

Holy crap, I'm so out of the loop on Wii U hacking I didn't even know the common key got leaked. Time to see if they patched coreinit, I guess. Or has anyone checked?

 

[keine]

I'm getting a failed to open content: using CDecrypt. I wonder what I'm doing wrong now.....
Tried a couple different Titles.
Using the TMD/CETK taken down by NUS Downloader.

 

[WulfyStylez]

A glance at binaries seems to imply that 5.3.0 patched the bug in coreinit. I don't feel like rewriting these rpls as elfs to more thoroughly check in IDA, though. Marionumber1 , NWPlayer123 can you guys confirm? (also hi! haven't talked to either of you in forever.)

 

[AboodXD]

Can anybody write for me a tutorial on how to use this?

 

[Bug_Checker_]

I'm getting a failed to open content: using CDecrypt. I wonder what I'm doing wrong now.....
Tried a couple different Titles.
Using the TMD/CETK taken down by NUS Downloader.

There's a "quirk" of CDecrypt. It appears you cannot set a directory.
So, Content IDs MUST be in the same directory as exe.

 

[Bug_Checker_]

A glance at binaries seems to imply that 5.3.0 patched the bug in coreinit. I don't feel like rewriting these rpls as elfs to more thoroughly check in IDA, though. Marionumber1 , NWPlayer123 can you guys confirm? (also hi! haven't talked to either of you in forever.)

https://gbatemp.net/threads/wii-u-hacking-discussion.367489/page-138#post-5293685

 

[diddy81]

I'm getting a failed to open content: using CDecrypt. I wonder what I'm doing wrong now.....
Tried a couple different Titles.
Using the TMD/CETK taken down by NUS Downloader.

i found that the nus downloader was messing up the tmd
if you manually download the tmd then copy that one to CDecrypt it works fine

 

[Hykem]

https://gbatemp.net/threads/wii-u-hacking-discussion.367489/page-138#post-5293685

Regarding that, the tool is still unfinished and I haven't had the time to work on it. Either way, I'm releasing it on GitHub: https://github.com/Hykem/rpl2elf
You can find a pre-release version under the "Releases" page that is able to decompress the zlib compressed sections and print the several sections of the file. You can manually load the binary data produced by the tool with a disassembler and analyze from there, but that still takes a lot of work.
I'm currently working on finishing it, so if anyone wishes to contribute just open a pull-request. Thanks!

 

[WulfyStylez]

I've been manually building ELFs when I needed to open RPLs in IDA. Kind of a huge pain in the ass but it works at least. Can anyone verify if that bug got patched, though?

 

[neuropunk]

I've been manually building ELFs when I needed to open RPLs in IDA. Kind of a huge pain in the ass but it works at least. Can anyone verify if that bug got patched, though?

A Wii U RPX/RPL files loader for IDA is going to be released soon.

 

[keine]

i found that the nus downloader was messing up the tmd
if you manually download the tmd then copy that one to CDecrypt it works fine

Worked!

Does anyone know how the TitleID list is built? The numbering system and the version numbers? How are they known? I'm a bit foggy on what title ids go with what system stuff and how version numbers match up with wii u version.

I wonder if I could fix the NUS Downloader source to not malform the TMD, as well as possibly call CDecrypt.exe after download. As well as parse the TitleList at WiiuBrew or make a xml.

I've been manually building ELFs when I needed to open RPLs in IDA. Kind of a huge pain in the ass but it works at least. Can anyone verify if that bug got patched, though?

What resource do you use? To get the RPL to ELF done. A hex editor and some elf -> rpl/prx docs?

 

[caffolote]

I feel that we will get to play Wii U games from USB loaders not too far away. We were able to hack the 3DS from version 4.5-9.2, so hopefully Wii U is next

 

[keine]

RPL is a library and RPX is an executable.

There's a tool for converting RPL/RPX to normal elf files ELF: https://www.sendspace.com/file/ss5pn1

Here's a good writeup for reversing RPL/RPX Wii U files: http://devram0.blogspot.it/2014/01/reversing-wii-u-executables.html

Reup or link? +1. NVM if that is this: https://github.com/Hykem/rpl2elf.
Thanks Hykem either way.

Was there ever a util developed to do the kernal.img decrypt?
Thats prolly a really dumb question I'm afraid.
I don't even know the form of encryption that the ancase/common keys used for are.
http://wiiubrew.org/wiki/Ancast_Image

That helps. It has a structure to it as well as it being AES-128-CBC.

 

[RandomUser]

I notice on CDecrypt it shows "CDecrypt.exe tmd cetk ckey". What is this file ckey? is it a vWii common key?

 

[keine]

I notice on CDecrypt it shows "CDecrypt.exe tmd cetk ckey". What is this file ckey? is it a vWii common key?

Yep.

My apologies.

 

[Bug_Checker_]

Yep.

Nope. It is the WII U CommonKey. Not the vWii key.

 

[RandomUser]

Yep.

My apologies.

Nope. It is the WII U CommonKey. Not the vWii key.

Thank you both I have the WII U common key, but pasted it wrong. When pasting it in notepad, it created 32 byte file where pasting it in a hex editor, created a 16 byte file, and the 16 byte file pass where the 32 byte file would fail. I just wanted to try to decrypt the Nintendo TVii just for shits and giggles to see if I could do it.

 

[Theeze]

Even if someone finds an exploit, you can't do anything without the kernel itself. I'm not holding my breath, Marcan was right...most of these posts are about dumping isos and modding them, which will eventually lead to online cheating and piracy.

It's very rare that the people that want homebrew, really want homebrew. You can achieve the same goal with a decent android tv box.

The mini PC era is the new thing now, it's affordable and powerful....and when it comes down to emulation, it's cake.

 

[the_randomizer]

Even if someone finds an exploit, you can't do anything without the kernel itself. I'm not holding my breath, Marcan was right...most of these posts are about dumping isos and modding them, which will eventually lead to online cheating and piracy.

It's very rare that the people that want homebrew, really want homebrew. You can achieve the same goal with a decent android tv box.

The mini PC era is the new thing now, it's affordable and powerful....and when it comes down to emulation, it's cake.

If people want to hack the Wii U, let them. Homebrew always leads to piracy, but don't lump all who want homebrew as all being pirates, and besides, who cares?

 

[TeamScriptKiddies]

I just can't wait until a browser exploit is made on 5.3.2, and we can actually run homebrew.
Speaking of which, I'm webkit bug hunting whenever I can.

Keep it up! I'm glad to see somebody plugging away at it. I would be right there with you if my Wii U was running at the moment