Homebrew WiiU Homebrew Development

deformyer

Well-Known Member
OP
Newcomer
Joined
Jun 18, 2015
Messages
76
Trophies
0
XP
126
Country
Belgium
I did NOT create the exploits/homebrew described in this post; please thank MarioNumber1, Hykem, and the other contributors. If you find any mistakes, please let me know.

This post contains info about the wii u webkit/kernel exploits and how to run/compile them. For more practical guides, check out Summersett's guides.


WiiU homebrew situation
Updated on June 19th 2016

Wii U security has been compromised and homebrew exists. Homebrew development is still in earlier stage, so there aren't a lot of apps yet.
A homebrew launcher has been released by Dimok.
The homebrew launcher is not permanently installed to your system, you need to run it again every time you shutdown your console. Once launched, you can always return to the homebrew launcher by launching the MiiMaker application.


WiiU exploits

Before the homebrew launcher release, the developers had to merge and encapsulate their homebrew binary inside different exploitable binaries.
This is not needed anymore as the homebrew launcher is granting access to user and kernel space to most commonly used WiiU version.

For historical reasons, and to be able to compile old homebrew, this section is kept on this guide:
Types of exploits (sorted by amount of access granted)
  1. A Userspace exploit breaks the security of the specific app it's running in. This exploit has to respect the permissions of app its running in, so it's limited (e.g. the internet browser can't access SD-cards or random RAM-memory, so neither can the exploit). It allows for basic homebrew games, but is mainly import for further exploitation. The userspace exploits are referred to interchangeably as "userspace," "userland" and "WebKit/MP4" exploits.
  2. The Kernel exploit or Cafe OS exploit, is a exploit that breaks out of the userland. This allows for bigger/advanced programs.
  3. The IOSU exploit breaks the final barrier (a special security chip, the IOSU). The Wii U is entirely in your hands now. A IOSU exploit typically needs the first two to build further upon, Hykem's is an exception to this as it only needs the former.

Exploit status on firmware versions

2.0.0 - 5.1.0: Userspace exploit (Webkit), kernel exploit (OSDriver, somewhat unreliable), ioctlvhax
5.2.0-5.3.1: Same exploits possible but still undevelopped
5.3.2-5.4.0: Userspace exploit (MP4), kernel exploit (OSDriver, somewhat unreliable), private IOSU exploits
5.5.x: Userspace exploit (MP4), kernel exploit (reliable), private IOSU exploits (Might be broken)

TL;DR
Versions that can be used for fun hacks right now: 5.3.2, 5.4.0, 5.5.0, 5.5.1
Versions that are still secure: /
("Fun hacks" are TCPGecko, Cafiine, Dumpiine, ___iine, etc. Things that require both a userspace and a kernel exploit.)

Hopefully that helps some of you understand where we're at right now. I'll be around here to answer questions now and then.

Here is a maintained list of possible exploits based on WiiU version: http://rhcafe.us.to/


Preliminary steps
Before launching homebrew, be sure to prevent the console from updating to newer firmware version.
1) Block the Nintendo Update Server (NUS). There are different methods you can use:
  • Block URL manually from your router
    nus.c.shop.nintendowifi.net
    nus.cdn.c.shop.nintendowifi.net
    nus.cdn.shop.wii.com
    nus.cdn.wup.shop.nintendo.net
    nus.wup.shop.nintendo.net
    c.shop.nintendowifi.net
    cbvc.cdn.nintendo.net
    cbvc.nintendo.net
  • Block URLs using OpenDNS (NOT RECOMMENDED - UNEFFECTIVE)
  • Block URLs using a proxy (You need your computer powered)
  • Block URLs using TubeHax DNS (Recommended). Set DNS manually to 107.211.140.065
2) Disable quick launch features which silently install updates while the console is in standby mode.


Compiling homebrew

Windows/Linux/MacOS
1: install prerequisites
  • Install Devkitpro with libogc, devkitPPC and devkitARM.
    You will have to get additional libraries used by a lot of homebrew (the portlibs) from here : https://github.com/dimok789/homebrew_launcher/releases/tag/v1.0
    Download both the "libogc" and "portlibs" packages and extract them to your devkitpro folder, replacing any existing files.


    Optional, some homebrew (mainly old ones) might need this :
  • Python 2.x
  • libwiiu sources from https://github.com/wiiudev/libwiiu, Extract to a folder.
On Windows : You do not need cygwin on Windows, just open a command line windows with "start button > run > cmd" or "shift+right click in a folder">open a command line here.


2: Create or clone a project
Note: Old homebrew required that the project was created as a sub-folder of your libwiiu path. If you are creating a new project or cloning a recent homebrew, you can place its folder anywhere on your computer.
  • Clone a project or create your new homebrew project into the libwiiu folder

3: Build your homebrew.
  • Browse to the makefile location in a command line window and type "make".


Old homebrew might require you to merge the compiled homebrew binary inside an exploit binary. To do this, you need to use Libwiiu package and the provided Python script.
Since the release of the Homebrew Launcher, you don't need to merge your homebrew inside one of the existing exploit's binary anymore!
The homebrew launcher is already patching both the user and kernel space and grant these access to all launched homebrew.

If you develop a homebrew, you only need to compile it to an executable format (.elf) and launch if from the homebrew launcher, like you used to do on the Wii.
If you really need to inject your homebrew into an exploitable binary (for example to bypass the homebrew launcher completely, or if you are compiling the homebrew launcher itself), look into this spoiler:
This section is outdated, but kept for historical reason.

Webkit exploit
The webkit exploit uses a vulnerability in the opensource Wii U-webkit.
To inject your homebrew into a browser exploit format, you need to generate a html file using libwiiu and python. Then launch it by loading the generated webpage hosted on a webserver.

To generate the html with your homebrew, open a command line in libwiiu folder and run build.py with the path to the homebrew.
Example to inject helloworld homebrew into html format:
Code:
python build.py examples/helloworld


LibStagefright exploit
The stagefright exploit uses a vulnerability in the media player using the mp4 format.
You can go here for the exploit. (more detailed instructions coming)


OSDriver kernel exploit
The kernel exploit is usually integrated into a user space exploit and run automatically after succesfully getting user space access.
To generate the kernel exploit to use with the webkit exploit, you need to compile the kernel example with libwiiu and python.
To generate the kernel exploit to use with the stagefright exploit, you need ... ?

To run homebrew requiring the kernel access, first run the kernel exploit which usually exits to home menu after succesful patching.
Then run your homebrew using one of the compatible user space exploit method (browser, stagefright, etc.).

IOS EXPLOIT
Unreleased

A more detailed (outdated, pre-homebrew launcher) video from BullyWiiPlaza:





Launching homebrew

there are two different methods to launch homebrew : homebrew launcher, or the old "individual homebrew injected into an exploit".
Most homebrew has been updated to use the homebrew launcher method, but this section will detail both method for historical reason.

1) The homebrew launcher method :
If your homebrew is an executable (.elf) then you only need to copy the homebrew to your SD card and launch it with the homebrew launcher.
- copy the homebrew in sd:/wiiu/apps/<name of your homebrew>/<filename>.elf
- optionally, copy the homebrew's meta.xml and icon.png in the same folder.
- install the homebrew launcher from the web browser, and select your homebrew to launch.


2) the old method, individual homebrew merged with an exploit.
All homebrew launched using this method need to be executed from the webkit browser and thus need to be hosted on a webserver.
It can be online webserver or locally hosted webpages.

A few online sites to use existing homebrew:
Code:
http://www.wiiubru.com
http://wiiulib.arndroid.nl
http://wj44.bplaced.com

If you want to locally host some homebrew, you have to host it on your PC (the compiled html is by default in the www folder). You can do this anyway you want, but here are some examples:
  • With Python you can use the following commands to create a really simple python server:
    Code:
    cd path/to/homebrew/
    python -mSimpleHTTPServer 2343
    Then point your WiiU Browser to http://yourinternalip:2343/
  • On windows, you can install wamp, xampp, or even easyphp.
  • Or you can use a private Online webserver.
  • A Video from BullyWiiPlaza on how to host on windows:



Existing homebrew
You can find a list of released homebrew on our wiki.
http://wiki.gbatemp.net/wiki/List_of_WiiU_homebrew



F.A.Q.

  • Is my warranty void if I use this?
    As the exploit doesn't permanently change anything, your warranty is completely fine.
  • When will we get IOSU acces?
    soon™, hykem/plutoo is working on it, stop complaining to them please
  • Is there a firmware spoofer?
    Yes
  • Should I update?
    NO. If you don't have to update, don't.
If you have a relevant question that isn't answered here or in the other stickies, feel free to ask.
 
Last edited by Cyan, , Reason: little typo

Cyan

GBATemp's lurking knight
Former Staff
Joined
Oct 27, 2002
Messages
23,749
Trophies
4
Age
45
Location
Engine room, learning
XP
15,645
Country
France
Thank you.
Maybe we could make this thread the main WiiU Homebrew development thread, like we have on 3DS homebrew section.

The other wiiU hacking thread is for the hack development discussion, it's old and have a lot of old informations, not only related to homebrew development.
Having a specific place where developers could share homebrew and ask for help to develop their own homebrew is a good idea to me.

I thought creating such a thread would be a good idea, but we needed someone to create a tutorial on first post, and you did !
I'll rename your thread, if you don't mind, and put it in sticky.
 

Cyan

GBATemp's lurking knight
Former Staff
Joined
Oct 27, 2002
Messages
23,749
Trophies
4
Age
45
Location
Engine room, learning
XP
15,645
Country
France
I renamed it to match the one in 3DS section.
I hope developers will move to it instead of the old hacking discussion thread, having a fresh new place will be easier to find development information.
The hacking discussion thread is still useful to discuss and improve the exploits. they have two different purposes.

I hope you'll have time to maintain the first post, it will certainly have new releases, different compilation steps, etc.
add links to tools you think are useful to create homebrew for wiiU.

Edit:

Here one useful link:
existing libraries which can be used in homebrew:
http://wiiubrew.org/wiki/Cafe_OS#Libraries
 

BullyWiiPlaza

Nintendo Hacking <3
Member
Joined
Aug 2, 2014
Messages
1,932
Trophies
0
XP
2,467
Country
Germany
Nope. I tried it on Linux and Windows but nothing worked. Also Mr. smartass tutorial writer should have known that
is a syntax error since there's a space in the url. The url should be surrounded by parentheses. Also good job on cluttering my Desktop with useless devkitPro files during installation and not cleaning them off or avoiding it to happen in the first place.
Comment the Cygwin line out in every makeFile by putting a # in the front. This is required to build on Windows, but apparently, linux doesn't like it.
Awesome, who thought that putting that into 100 different Makefiles (yes, that's how you spell it and not "makeFile") just to edit it out again anyway was a good idea?
How to build the project yourself [Windows]
More detailed instructions coming (I don't have windows machine)
  • Install Cygwin, Devkitpro and python (2 or 3)
  • Clone the project
  • Build with:
    Code:
    python build.py examples/helloworld
  • Host with your favorite software, there's a simple example under linux/macosx
Great job, that's basically what they say on their github page but you failed to notice that only Python 2.7 installs the python command to the PATH which you tell people to use for building so 3.x would say that
Code:
python
is not a recognized command.

On Cygwin:
Code:
$ python build.py examples/helloworld
mkdir -p C:/Users/Bully/Desktop/libwiiu-master/framework/bin
# Build findcode
powerpc-eabi-gcc -nostdinc -fno-builtin -c -DVER=532+ C:/Users/Bully/Desktop/libwiiu-master/framework/src/findcode532.c
cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
C:/Users/Bully/Desktop/libwiiu-master/framework/src/findcode532.c:1:0: error: bad value (750) for -mtune= switch
#define OSFatal ((void (*)(char* msg))0x1031368)
^
make: *** [findcode532] Error 1
mkdir -p C:/Users/Bully/Desktop/libwiiu-master/libwiiu/bin/532/
mkdir -p C:/Users/Bully/Desktop/libwiiu-master/libwiiu/bin/500/
mkdir -p C:/Users/Bully/Desktop/libwiiu-master/libwiiu/bin/410/
mkdir -p C:/Users/Bully/Desktop/libwiiu-master/libwiiu/bin/400/
mkdir -p C:/Users/Bully/Desktop/libwiiu-master/libwiiu/bin/300/
powerpc-eabi-gcc -nostdinc -fno-builtin -c -DVER=532  C:/Users/Bully/Desktop/libwiiu-master/libwiiu/src/*.c
cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
C:/Users/Bully/Desktop/libwiiu-master/libwiiu/src/draw.c:1:0: error: bad value (750) for -mtune= switch
#include "draw.h"
^
cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
C:/Users/Bully/Desktop/libwiiu-master/libwiiu/src/math.c:1:0: error: bad value (750) for -mtune= switch
#include "math.h"
^
cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
C:/Users/Bully/Desktop/libwiiu-master/libwiiu/src/string.c:1:0: error: bad value (750) for -mtune= switch
#include "string.h"
^
cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
C:/Users/Bully/Desktop/libwiiu-master/libwiiu/src/uhs.c:1:0: error: bad value (750) for -mtune= switch
#include "coreinit.h"
^
make: *** [libwiiu532] Error 1
mkdir -p C:/Users/Bully/Desktop/libwiiu-master/examples/helloworld/bin/
powerpc-eabi-gcc -nostdinc -fno-builtin -c -DVER=532 src/*.c
cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
src/loader.c:1:0: error: bad value (750) for -mtune= switch
#include "loader.h"
^
make: *** [main532] Error 1
Traceback (most recent call last):
  File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 148, in <module>
    main()
  File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 56, in main
    findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read()
IOError: [Errno 2] No such file or directory: 'C:\\Users\\Bully\\Desktop\\libwiiu-master\\framework/bin/findcode532.bin'
Traceback (most recent call last):
  File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 148, in <module>
    main()
  File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 56, in main
    findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read()
IOError: [Errno 2] No such file or directory: 'C:\\Users\\Bully\\Desktop\\libwiiu-master\\framework/bin/findcode500.bin'
Traceback (most recent call last):
  File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 148, in <module>
    main()
  File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 56, in main
    findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read()
IOError: [Errno 2] No such file or directory: 'C:\\Users\\Bully\\Desktop\\libwiiu-master\\framework/bin/findcode410.bin'
Traceback (most recent call last):
  File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 148, in <module>
    main()
  File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 56, in main
    findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read()
IOError: [Errno 2] No such file or directory: 'C:\\Users\\Bully\\Desktop\\libwiiu-master\\framework/bin/findcode400.bin'
Traceback (most recent call last):
  File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 148, in <module>
    main()
  File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 56, in main
    findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read()
IOError: [Errno 2] No such file or directory: 'C:\\Users\\Bully\\Desktop\\libwiiu-master\\framework/bin/findcode300.bin'
Building for your windows platform...
Hmm, I'm wondering why there are so many errors just by trying to compile while having installed everything like described?

Damn MathewWi, you genius. Now it's all clear! *sarcasm*
igcs6p2n.png


I might have forgotten something but yeah, that's it for now. Some people suck and that's not me apparently. :mellow: Please fix your stuff. I wasted like 2 hours just to figure that it's messed up and won't work.

/rant
 
Last edited by BullyWiiPlaza,
  • Like
Reactions: DarkFlare69

dauphin327

Well-Known Member
Member
Joined
Jan 2, 2011
Messages
104
Trophies
0
XP
171
Country
Canada
Replace {0} with your directory path in findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read(), it cannot find findcode300 because your trails are wrong some are \\ others / in "C:\\Users\\Bully\\Desktop\\libwi-master\\framework/bin/findcode300.bin"
 

BullyWiiPlaza

Nintendo Hacking <3
Member
Joined
Aug 2, 2014
Messages
1,932
Trophies
0
XP
2,467
Country
Germany
Replace {0} with your directory path in findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read(), it cannot find findcode300 because your trails are wrong some are \\ others / in "C:\\Users\\Bully\\Desktop\\libwi-master\\framework/bin/findcode300.bin"
That's not due to my input but due to their script:
Code:
frameworkDir=os.path.join(rootDir,"framework")
# ...
code532 = os.path.join(projectDir, 'bin', 'code') + str(532) + '.bin'
In which file am I supposed to replace what?
 

dauphin327

Well-Known Member
Member
Joined
Jan 2, 2011
Messages
104
Trophies
0
XP
171
Country
Canada
That's not due to my input but due to their script:
Code:
frameworkDir=os.path.join(rootDir,"framework")
# ...
code532 = os.path.join(projectDir, 'bin', 'code') + str(532) + '.bin'
In which file am I supposed to replace what?
https://github.com/wiiudev/libwiiu/...0f2337a986a851a0ae/framework/generate_html.py

Change line 56, replace {0} by C:/Users/Bully/Desktop/libwi-master/framework

else if it doesnt work change the line to the following: findcode = open('{0}\\bin\\findcode{1}.bin'.format(path,ver), 'rb').read()

you may have to change all the trails below it to \\ instead of / too since you're on windows.
 

BullyWiiPlaza

Nintendo Hacking <3
Member
Joined
Aug 2, 2014
Messages
1,932
Trophies
0
XP
2,467
Country
Germany
https://github.com/wiiudev/libwiiu/...0f2337a986a851a0ae/framework/generate_html.py

Change line 56, replace {0} by C:/Users/Bully/Desktop/libwi-master/framework

else if it doesnt work change the line to the following: findcode = open('{0}\\bin\\findcode{1}.bin'.format(path,ver), 'rb').read()

you may have to change all the trails below it to \\ instead of / too since you're on windows.
Okay but it doesn't work either and it's too messy anyway. I will stop here.
 

TheZander

1337
Member
Joined
Feb 1, 2008
Messages
2,135
Trophies
2
Location
Level 7
XP
3,844
Country
United States
it's pretty convenient that it makes the payload for each fw version. because i have my nepews 3.1.0 wii to test as well. but pairing the gamepad back and forth is annoying.
 

BullyWiiPlaza

Nintendo Hacking <3
Member
Joined
Aug 2, 2014
Messages
1,932
Trophies
0
XP
2,467
Country
Germany
If you are having such a hard time compiling then maybe it's best you leave this for people that actually know what they are doing.
Lol, please just shut up. You skid have no room to talk at all as dumb as your posts are and have been. What about telling me what is wrong with what I did instead? Oh well, you can't because you don't know either and rather write a stupid comment.

EDIT:
Got it to compile, I'm going to help clarifying the readme.

---

Here is a decent Windows installation tutorial I made:



Links:
Wii U Browser Exploit: https://github.com/wiiudev/libwiiu
Python: https://www.python.org/downloads/
devkitPro: http://sourceforge.net/projects/devkitpro/
Cygwin: https://cygwin.com/install.html
 
Last edited by BullyWiiPlaza,

deformyer

Well-Known Member
OP
Newcomer
Joined
Jun 18, 2015
Messages
76
Trophies
0
XP
126
Country
Belgium
@BullyWiiPlaza
Please stop raging, I'm all about constructive feedback but this just makes you look like a little kid.
And stop blaming me or the devs, all the error you're getting are caused by following the linux tutorial on windows.
  • Python IS a command on linux/maxosx but not on windows, i wouldn't make 2 separate tutorials if the instructions were the same.
  • Same for the deleting of the cygwin files. Of course cygwin doesn't compile if you delete the cygwin lines, this is only for linux.
  • I explained the fact why the windows tutorial is so short, you can make a good one yourself, as you're so good

I might have forgotten something but yeah, that's it for now. Some people suck and that's not me apparently. :mellow: Please fix your stuff. I wasted like 2 hours just to figure that it's messed up and won't work.
I would like to see you make a WiiU exploit, you can't even follow a tutorial.
 

BullyWiiPlaza

Nintendo Hacking <3
Member
Joined
Aug 2, 2014
Messages
1,932
Trophies
0
XP
2,467
Country
Germany
And stop blaming me or the devs, all the error you're getting are caused by following the linux tutorial on windows.
Nope, if you read my post properly you would have noticed that I used Linux AND Windows systems to try to install it on so no, I wasn't doing the Linux tutorial on Windows and I did nothing wrong because I followed exactly what it said. Also I made a full Windows tutorial but according to you I'm apparently so bad. What about admitting your own mistakes instead of trying to blame it on others? I pointed out a few things so that you can fix them so will you or not?
I would like to see you make a WiiU exploit, you can't even follow a tutorial.
Wrong, you can't even write a working guide. All I'm asking for is a decent tutorial but it seems too much. Fine then, I will have to experiment myself. Did you even install it yourself? Apparently not, because you wouldn't have that many issues in the guide.

Also I surely don't have months or years of time to spend for Wii U hacking and besides it needed like 10 people to get it done. This has nothing to do with writing an own Wii U exploit anyway.
 
Last edited by BullyWiiPlaza,

nastys

ナースティス
Member
Joined
Aug 5, 2014
Messages
1,730
Trophies
0
Age
26
Location
Earth
XP
1,794
Country
Italy
How to build the project yourself [LINUX/MAC OSX]:
1: install prerequisites
  • Make sure your WII U has firmware 5.3.2 or lower
  • Make sure git is installed, then install devkitPPC by running the following commands
    curl -L http://sourceforge.net/projects/devkitpro/files/Automated Installer/devkitARMupdate.pl/download -o devkitARMupdate.pl
    chmod +x ./devkitARMupdate.pl
    sudo -s
    ./devkitARMupdate.pl /opt/devkitpro
    cd /opt/devkitpro
    git clone https://github.com/smealum/ctrulib.git
    cd ctrulib/libctru
    export DEVKITPRO=/opt/devkitpro
    export DEVKITARM=$DEVKITPRO/devkitARM
    make
    make install
    exit
    echo "export DEVKITPRO=/opt/devkitpro" >> ~/.bashrc
    echo "export DEVKITARM=$DEVKITPRO/devkitARM" >> ~/.bashrc
  • Install devkitPPC by running this script as root:
    Code:
    sudo perl ./devkitPPCupdate.pl
  • Open your .bashrc (press ALT+F2 then enter gedit .bashrc) and make sure it ends like this:
    export DEVKITPRO=/opt/devkitpro
    export DEVKITARM=/opt/devkitpro/devkitARM
    export DEVKITPPC=/opt/devkitpro/devkitPPC
    export PATH=$PATH:/opt/devkitpro/devkitPPC/bin
    (Note the lowercase p, if this doesn't work you can just enter these commands in the terminal every time you build.)
  • Make sure you have python (it can be 2 or 3).
  • Clone the libwiiu project to your desired location
    Code:
    cd myLibWIIUlocation
    git clone https://github.com/wiiudev/libwiiu

Don't forget to log out then log in again to apply the changes to .bashrc and also you don't need to install Python, since it's preinstalled.
Also I don't think you can edit .bashrc
on OS X like on Linux.
 
  • Like
Reactions: BullyWiiPlaza

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    AncientBoi @ AncientBoi: lol Syl