Wii U Homebrew Situation and FAQ

Discussion in 'Wii U - Hacking & Backup Loaders' started by NWPlayer123, Jun 18, 2014.

  1. NWPlayer123
    OP

    NWPlayer123 GBAtemp Addict

    Member
    2,629
    6,226
    Feb 17, 2012
    United States
    The Everfree Forest
    NOTE: MAY BE OUT OF DATE. PLEASE CHECK HERE TOO
    Currently, we have a userspace exploit that can be compiled and run via the Internet Browser. It currently works on versions 4.0.0 to 5.1.0. This isn't very useful at all for anyone who isn't a developer, however. All it allows is basic code execution, including access to certain parts of memory (assuming it isn't protected) and basic library functions. We cannot access anything the browser cannot access, such as an SD card. You have to run the exploit every time you want to do something. You can find the exploit here.

    Frequently Asked Questions
    Q: How do I install the Homebrew Channel?
    A: Wrong place to be looking, you're thinking of the sandboxed vWii (virtual Wii). For more info go here and here.

    Q: What is this?
    A: As mentioned before, it's an exploit that uses a bug in the (very old) version of WebKit that Nintendo is using for the Internet Browser to execute our code.

    Q: What is "Userspace" and what can I do with it?
    A: Userspace allows for basic access to running code, and accessing memory. You cannot access anything the original program cannot access. For example, you cannot access the SD card since the browser doesn't have access to that.

    Q: Why doesn't it work on anything after 5.1.0?
    A: We only ever found and developed one bug, and (I assume) Nintendo caught wind of the bug and patched it in 5.1.1. We would have to find another exploitable bug and develop it to run code on the latest version, which is being looked into.

    Q: What's the latest version the exploit works on?
    A: See above answer, it works on 4.0.0 through 5.1.0, and there are 3 separate versions for 4.0.X, 4.1.0 and 5.X. It was first made for 4.1.0 and then later back-ported to 4.0.X, since some addresses had changed. Later, the update that added the Quick Boot Menu (5.0.0) changed the code structure enough that we had to blindly find our addresses again and rebuild the ROP chain to get code execution again.

    Q: I don't want to miss out on potential homebrew, how should I update to a safe version?
    A: If you don't care about running code right now, feel free to update to the latest version. We are currently looking into more Webkit bugs to exploit that work on the latest version.
    If you do care about running code, try to find Mario Kart 8 version A (look at the serial on the back) which should have 4.1.0, or if that doesn't work out look for NES Remix Pack which has 4.0.2.

    Q: I want to update to the latest version but I don't want to miss out, am I safe in doing so?
    A: Feel free to update if you don't care about running code right now, a new Webkit bug is being looked into. Do not update online if you want to keep the webkit bug. 5.4.0 updated the browser and fixed the bugs present in lower versions. if you want to update to 5.3.2, you can use Mario Party 10 or Splatoon.

    Q: Should I be looking for a specific version Wii U?
    A: No, we're working on a new Webkit exploit that should work on all versions. Even if you update, you're still fine.

    Q: If I want to block Nintendo's updates, what should I block?
    A:
    • nus.c.shop.nintendowifi.net
    • nus.cdn.c.shop.nintendowifi.net
    • nus.cdn.shop.wii.com
    • nus.cdn.wup.shop.nintendo.net
    • nus.wup.shop.nintendo.net
    Q: I haven't heard anything in a while, when can we expect to see progress?
    A: I'm occasionally posting progress in this thread, so look there for any news.
     
    Last edited by Cyan, Jun 9, 2015 - Reason: Added warning about 5.4.0


  2. GorTesK

    GorTesK Mad Hatter

    Member
    1,101
    501
    Jan 29, 2013
    Gambia, The
    Down The Rabbit Hole
    blocking "nus.cdn.wup.shop.nintendo.net" has been working for me so far since 4.0.2
     
    Margen67 likes this.
  3. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    20,687
    9,685
    Apr 29, 2011
    United States
    Dr. Wahwee's castle

    I thought that was just for the eShop, I believe you need to block a range of actual IP addresses...?
     
  4. fatsquirrel

    fatsquirrel GBAtemp Advanced Maniac

    Member
    1,653
    1,158
    Nov 11, 2013
    Gortesk your avatar still makes me pee in pants a little.
    Fantastic post otherwise NWPlayer! I hope all new users come here and read it.
     
    CosmoCortney and Fpsrussia117 like this.
  5. NWPlayer123
    OP

    NWPlayer123 GBAtemp Addict

    Member
    2,629
    6,226
    Feb 17, 2012
    United States
    The Everfree Forest
    Nah, like I've said before, nus is nintendo's update service, it has nothing to do with the eShop, AFAIK that IP block is all of the IPs that that URL can use.
     
    Margen67 and the_randomizer like this.
  6. GorTesK

    GorTesK Mad Hatter

    Member
    1,101
    501
    Jan 29, 2013
    Gambia, The
    Down The Rabbit Hole
    makes all system software update downloads fail for me
     
    Margen67 and the_randomizer like this.
  7. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    20,687
    9,685
    Apr 29, 2011
    United States
    Dr. Wahwee's castle

    Well, that makes sense now :P
     
  8. JoostinOnline

    JoostinOnline Certified Crash Test Dummy

    Member
    10,926
    3,700
    Apr 2, 2011
    United States
    The Twilight Zone
    If it's anything like the Wii Shop Channel, then all the digital titles are also stored on NUS.
     
  9. FPSRussi4

    FPSRussi4 Clean up your act and cut the crap.

    Member
    670
    419
    Dec 1, 2013
    Laos
    You should add to the title "NOOBS READ BEFORE POSTING"
     
  10. GorTesK

    GorTesK Mad Hatter

    Member
    1,101
    501
    Jan 29, 2013
    Gambia, The
    Down The Rabbit Hole
    but if I remember correctly, someone actually found an url or ip recently, that prevents the wiiu from finding any updates..... the beforementioned url only prevents the download, but what he found actually prevented the update check... was just recently either in 5.0 update tread or 4.1 exploit leak or the hacking discussion thread... lol cant remember where, but it was a couple of days ago
     
  11. hundshamer

    hundshamer GBAtemp Advanced Maniac

    Blacklisted Trader
    1,810
    806
    May 22, 2009
    United States
    If you find it, that would be great to add to the OP!
     
  12. Etkar.H

    Etkar.H GBAtemp Regular

    Member
    228
    47
    Jul 26, 2009
    Norway
    Earth
    I don't know how to block URLs on my router, so I'll just turn off Standby download for now.
     
  13. Bladexdsl

    Bladexdsl ZOMG my posts...it's over 9000!!!

    Member
    15,976
    3,669
    Nov 17, 2008
    Australia
    Queensland
    it is it's for getting patches, updates for eshop games.
     
  14. GorTesK

    GorTesK Mad Hatter

    Member
    1,101
    501
    Jan 29, 2013
    Gambia, The
    Down The Rabbit Hole
    Margen67 and TiMeBoMb4u2 like this.
  15. Qtis

    Qtis Grey Knight Inquisitor

    Member
    3,794
    1,292
    Feb 28, 2010
    The Forge
    Modified the title a bit and stickied. NWPlayer123 if more obvious and repeating question start coming, add them in the OP :)
     
  16. Goku Junior

    Goku Junior GBAtemp Advanced Fan

    Member
    950
    288
    Dec 27, 2013
    Argentina
    Buenos Aires, Argentina
    Hi!, A little question, It would be possible to make a offline exploit in the future? Some user tell me I need to update my router with a firmware to block all the Nintendo adresses to make the Wii U don't update, but I've bricked it, so I don't have online for the web browser exploit, are some dev planning to do a non-internet exploit?

    Yeah, I know they don't have the kernel or all system access, but I'm only asking, something similar like BannerBomb with Wii, but they need to hack the Wii U Filesystem format for that...
     
  17. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States
    There aren't really any other entry points besides the browser. The browser is the only component of the system which is based on open-source code, giving us a great advantage in finding bugs. It's also one of the only places where we can feed untrusted input, since external storage is now encrypted. There is no way to "hack" it, since storage is encrypted with a per-console key. A game-based exploit is a possibility, if there are some games that access external storage without encryption, but it's highly unlikely that such a thing will surface.
     
    Margen67, filfat and Goku Junior like this.
  18. the-green

    the-green Advanced Member

    Newcomer
    71
    10
    Jan 14, 2014
    Antigua and Barbuda
    thanks for the explanation & good luck in the futur
    just one question, are those leaked wii U SDK usefull for you or it doesn't since you don't have a kernel exploit yet ?
    thanks in advance for the answer
     
  19. julialy

    julialy Homebrewer

    Member
    1,628
    557
    Nov 26, 2012
    United States
    United States
    i don't think the legit people want to use the leak.

    oh, and sdk is few help for kernel exploit.
     
  20. Some1CP

    Some1CP GBAtemp Fan

    Member
    446
    142
    Sep 12, 2009
    United States
    Sorry, but can anyone help me do this on dd-wrt? I already tried blocking addresses and IPs before and it didn't work.