1. deformyer

    OP deformyer Advanced Member
    Newcomer

    Joined:
    Jun 18, 2015
    Messages:
    76
    Country:
    Belgium
    I did NOT create the exploits/homebrew described in this post; please thank MarioNumber1, Hykem, and the other contributors. If you find any mistakes, please let me know.

    This post contains info about the wii u webkit/kernel exploits and how to run/compile them. For more practical guides, check out Summersett's guides.


    WiiU homebrew situation
    Updated on June 19th 2016

    Wii U security has been compromised and homebrew exists. Homebrew development is still in earlier stage, so there aren't a lot of apps yet.
    A homebrew launcher has been released by Dimok.
    The homebrew launcher is not permanently installed to your system, you need to run it again every time you shutdown your console. Once launched, you can always return to the homebrew launcher by launching the MiiMaker application.


    WiiU exploits

    Before the homebrew launcher release, the developers had to merge and encapsulate their homebrew binary inside different exploitable binaries.
    This is not needed anymore as the homebrew launcher is granting access to user and kernel space to most commonly used WiiU version.

    For historical reasons, and to be able to compile old homebrew, this section is kept on this guide:
    Types of exploits (sorted by amount of access granted)
    1. A Userspace exploit breaks the security of the specific app it's running in. This exploit has to respect the permissions of app its running in, so it's limited (e.g. the internet browser can't access SD-cards or random RAM-memory, so neither can the exploit). It allows for basic homebrew games, but is mainly import for further exploitation. The userspace exploits are referred to interchangeably as "userspace," "userland" and "WebKit/MP4" exploits.
    2. The Kernel exploit or Cafe OS exploit, is a exploit that breaks out of the userland. This allows for bigger/advanced programs.
    3. The IOSU exploit breaks the final barrier (a special security chip, the IOSU). The Wii U is entirely in your hands now. A IOSU exploit typically needs the first two to build further upon, Hykem's is an exception to this as it only needs the former.

    Exploit status on firmware versions

    2.0.0 - 5.1.0: Userspace exploit (Webkit), kernel exploit (OSDriver, somewhat unreliable), ioctlvhax
    5.2.0-5.3.1: Same exploits possible but still undevelopped
    5.3.2-5.4.0: Userspace exploit (MP4), kernel exploit (OSDriver, somewhat unreliable), private IOSU exploits
    5.5.x: Userspace exploit (MP4), kernel exploit (reliable), private IOSU exploits (Might be broken)

    TL;DR
    Versions that can be used for fun hacks right now: 5.3.2, 5.4.0, 5.5.0, 5.5.1
    Versions that are still secure: /
    ("Fun hacks" are TCPGecko, Cafiine, Dumpiine, ___iine, etc. Things that require both a userspace and a kernel exploit.)

    Hopefully that helps some of you understand where we're at right now. I'll be around here to answer questions now and then.

    Here is a maintained list of possible exploits based on WiiU version: http://rhcafe.us.to/


    Preliminary steps
    Before launching homebrew, be sure to prevent the console from updating to newer firmware version.
    1) Block the Nintendo Update Server (NUS). There are different methods you can use:
    • Block URL manually from your router
      nus.c.shop.nintendowifi.net
      nus.cdn.c.shop.nintendowifi.net
      nus.cdn.shop.wii.com
      nus.cdn.wup.shop.nintendo.net
      nus.wup.shop.nintendo.net
      c.shop.nintendowifi.net
      cbvc.cdn.nintendo.net
      cbvc.nintendo.net
    • Block URLs using OpenDNS (NOT RECOMMENDED - UNEFFECTIVE)
    • Block URLs using a proxy (You need your computer powered)
    • Block URLs using TubeHax DNS (Recommended). Set DNS manually to 107.211.140.065
    2) Disable quick launch features which silently install updates while the console is in standby mode.


    Compiling homebrew

    Windows/Linux/MacOS
    1: install prerequisites
    • Install Devkitpro with libogc, devkitPPC and devkitARM.
      You will have to get additional libraries used by a lot of homebrew (the portlibs) from here : https://github.com/dimok789/homebrew_launcher/releases/tag/v1.0
      Download both the "libogc" and "portlibs" packages and extract them to your devkitpro folder, replacing any existing files.


      Optional, some homebrew (mainly old ones) might need this :
    • Python 2.x
    • libwiiu sources from https://github.com/wiiudev/libwiiu, Extract to a folder.
    On Windows : You do not need cygwin on Windows, just open a command line windows with "start button > run > cmd" or "shift+right click in a folder">open a command line here.


    2: Create or clone a project
    Note: Old homebrew required that the project was created as a sub-folder of your libwiiu path. If you are creating a new project or cloning a recent homebrew, you can place its folder anywhere on your computer.
    • Clone a project or create your new homebrew project into the libwiiu folder

    3: Build your homebrew.
    • Browse to the makefile location in a command line window and type "make".


    Old homebrew might require you to merge the compiled homebrew binary inside an exploit binary. To do this, you need to use Libwiiu package and the provided Python script.
    Since the release of the Homebrew Launcher, you don't need to merge your homebrew inside one of the existing exploit's binary anymore!
    The homebrew launcher is already patching both the user and kernel space and grant these access to all launched homebrew.

    If you develop a homebrew, you only need to compile it to an executable format (.elf) and launch if from the homebrew launcher, like you used to do on the Wii.
    If you really need to inject your homebrew into an exploitable binary (for example to bypass the homebrew launcher completely, or if you are compiling the homebrew launcher itself), look into this spoiler:
    This section is outdated, but kept for historical reason.

    Webkit exploit
    The webkit exploit uses a vulnerability in the opensource Wii U-webkit.
    To inject your homebrew into a browser exploit format, you need to generate a html file using libwiiu and python. Then launch it by loading the generated webpage hosted on a webserver.

    To generate the html with your homebrew, open a command line in libwiiu folder and run build.py with the path to the homebrew.
    Example to inject helloworld homebrew into html format:
    Code:
    python build.py examples/helloworld

    LibStagefright exploit
    The stagefright exploit uses a vulnerability in the media player using the mp4 format.
    You can go here for the exploit. (more detailed instructions coming)


    OSDriver kernel exploit
    The kernel exploit is usually integrated into a user space exploit and run automatically after succesfully getting user space access.
    To generate the kernel exploit to use with the webkit exploit, you need to compile the kernel example with libwiiu and python.
    To generate the kernel exploit to use with the stagefright exploit, you need ... ?

    To run homebrew requiring the kernel access, first run the kernel exploit which usually exits to home menu after succesful patching.
    Then run your homebrew using one of the compatible user space exploit method (browser, stagefright, etc.).

    IOS EXPLOIT
    Unreleased

    A more detailed (outdated, pre-homebrew launcher) video from BullyWiiPlaza:




    Launching homebrew

    there are two different methods to launch homebrew : homebrew launcher, or the old "individual homebrew injected into an exploit".
    Most homebrew has been updated to use the homebrew launcher method, but this section will detail both method for historical reason.

    1) The homebrew launcher method :
    If your homebrew is an executable (.elf) then you only need to copy the homebrew to your SD card and launch it with the homebrew launcher.
    - copy the homebrew in sd:/wiiu/apps/<name of your homebrew>/<filename>.elf
    - optionally, copy the homebrew's meta.xml and icon.png in the same folder.
    - install the homebrew launcher from the web browser, and select your homebrew to launch.


    2) the old method, individual homebrew merged with an exploit.
    All homebrew launched using this method need to be executed from the webkit browser and thus need to be hosted on a webserver.
    It can be online webserver or locally hosted webpages.

    A few online sites to use existing homebrew:
    Code:
    http://www.wiiubru.com
    http://wiiulib.arndroid.nl
    http://wj44.bplaced.com
    If you want to locally host some homebrew, you have to host it on your PC (the compiled html is by default in the www folder). You can do this anyway you want, but here are some examples:
    • With Python you can use the following commands to create a really simple python server:
      Code:
      cd path/to/homebrew/
      python -mSimpleHTTPServer 2343
      Then point your WiiU Browser to http://yourinternalip:2343/
    • On windows, you can install wamp, xampp, or even easyphp.
    • Or you can use a private Online webserver.
    • A Video from BullyWiiPlaza on how to host on windows:


    Existing homebrew
    You can find a list of released homebrew on our wiki.
    http://wiki.gbatemp.net/wiki/List_of_WiiU_homebrew



    F.A.Q.

    • Is my warranty void if I use this?
      As the exploit doesn't permanently change anything, your warranty is completely fine.
    • When will we get IOSU acces?
      soon™, hykem/plutoo is working on it, stop complaining to them please
    • Is there a firmware spoofer?
      Yes
    • Should I update?
      NO. If you don't have to update, don't.
    If you have a relevant question that isn't answered here or in the other stickies, feel free to ask.
     
    Last edited by Cyan, Jul 20, 2016 - Reason: little typo
  2. Cyan

    Cyan GBATemp's lurking knight
    Former Staff

    Joined:
    Oct 27, 2002
    Messages:
    23,148
    Country:
    France
    Thank you.
    Maybe we could make this thread the main WiiU Homebrew development thread, like we have on 3DS homebrew section.

    The other wiiU hacking thread is for the hack development discussion, it's old and have a lot of old informations, not only related to homebrew development.
    Having a specific place where developers could share homebrew and ask for help to develop their own homebrew is a good idea to me.

    I thought creating such a thread would be a good idea, but we needed someone to create a tutorial on first post, and you did !
    I'll rename your thread, if you don't mind, and put it in sticky.
     
    Maximilious and EclipseSin like this.
  3. deformyer

    OP deformyer Advanced Member
    Newcomer

    Joined:
    Jun 18, 2015
    Messages:
    76
    Country:
    Belgium
    @Cyan Go ahead, I'm happy I could help ;)
     
  4. Cyan

    Cyan GBATemp's lurking knight
    Former Staff

    Joined:
    Oct 27, 2002
    Messages:
    23,148
    Country:
    France
    I renamed it to match the one in 3DS section.
    I hope developers will move to it instead of the old hacking discussion thread, having a fresh new place will be easier to find development information.
    The hacking discussion thread is still useful to discuss and improve the exploits. they have two different purposes.

    I hope you'll have time to maintain the first post, it will certainly have new releases, different compilation steps, etc.
    add links to tools you think are useful to create homebrew for wiiU.

    Edit:

    Here one useful link:
    existing libraries which can be used in homebrew:
    http://wiiubrew.org/wiki/Cafe_OS#Libraries
     
  5. VinsCool

    VinsCool Cattus Incerta Tacitusque
    Moderator

    Joined:
    Jan 7, 2014
    Messages:
    13,790
    Country:
    Canada
    thank you! this is an excellent tutorial to build and put online our own stuff! :)

    my WiiU is ready to crash :P
     
  6. BullyWiiPlaza

    BullyWiiPlaza Nintendo Hacking <3
    Member

    Joined:
    Aug 2, 2014
    Messages:
    1,932
    Country:
    Germany
    Nope. I tried it on Linux and Windows but nothing worked. Also Mr. smartass tutorial writer should have known that
    is a syntax error since there's a space in the url. The url should be surrounded by parentheses. Also good job on cluttering my Desktop with useless devkitPro files during installation and not cleaning them off or avoiding it to happen in the first place.
    Awesome, who thought that putting that into 100 different Makefiles (yes, that's how you spell it and not "makeFile") just to edit it out again anyway was a good idea?
    Great job, that's basically what they say on their github page but you failed to notice that only Python 2.7 installs the python command to the PATH which you tell people to use for building so 3.x would say that
    Code:
    python
    is not a recognized command.

    On Cygwin:
    Code:
    $ python build.py examples/helloworld
    mkdir -p C:/Users/Bully/Desktop/libwiiu-master/framework/bin
    # Build findcode
    powerpc-eabi-gcc -nostdinc -fno-builtin -c -DVER=532+ C:/Users/Bully/Desktop/libwiiu-master/framework/src/findcode532.c
    cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
    C:/Users/Bully/Desktop/libwiiu-master/framework/src/findcode532.c:1:0: error: bad value (750) for -mtune= switch
    #define OSFatal ((void (*)(char* msg))0x1031368)
    ^
    make: *** [findcode532] Error 1
    mkdir -p C:/Users/Bully/Desktop/libwiiu-master/libwiiu/bin/532/
    mkdir -p C:/Users/Bully/Desktop/libwiiu-master/libwiiu/bin/500/
    mkdir -p C:/Users/Bully/Desktop/libwiiu-master/libwiiu/bin/410/
    mkdir -p C:/Users/Bully/Desktop/libwiiu-master/libwiiu/bin/400/
    mkdir -p C:/Users/Bully/Desktop/libwiiu-master/libwiiu/bin/300/
    powerpc-eabi-gcc -nostdinc -fno-builtin -c -DVER=532  C:/Users/Bully/Desktop/libwiiu-master/libwiiu/src/*.c
    cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
    C:/Users/Bully/Desktop/libwiiu-master/libwiiu/src/draw.c:1:0: error: bad value (750) for -mtune= switch
    #include "draw.h"
    ^
    cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
    C:/Users/Bully/Desktop/libwiiu-master/libwiiu/src/math.c:1:0: error: bad value (750) for -mtune= switch
    #include "math.h"
    ^
    cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
    C:/Users/Bully/Desktop/libwiiu-master/libwiiu/src/string.c:1:0: error: bad value (750) for -mtune= switch
    #include "string.h"
    ^
    cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
    C:/Users/Bully/Desktop/libwiiu-master/libwiiu/src/uhs.c:1:0: error: bad value (750) for -mtune= switch
    #include "coreinit.h"
    ^
    make: *** [libwiiu532] Error 1
    mkdir -p C:/Users/Bully/Desktop/libwiiu-master/examples/helloworld/bin/
    powerpc-eabi-gcc -nostdinc -fno-builtin -c -DVER=532 src/*.c
    cc1: warning: '-mcpu=' is deprecated; use '-mtune=' or '-march=' instead [enabled by default]
    src/loader.c:1:0: error: bad value (750) for -mtune= switch
    #include "loader.h"
    ^
    make: *** [main532] Error 1
    Traceback (most recent call last):
      File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 148, in <module>
        main()
      File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 56, in main
        findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read()
    IOError: [Errno 2] No such file or directory: 'C:\\Users\\Bully\\Desktop\\libwiiu-master\\framework/bin/findcode532.bin'
    Traceback (most recent call last):
      File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 148, in <module>
        main()
      File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 56, in main
        findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read()
    IOError: [Errno 2] No such file or directory: 'C:\\Users\\Bully\\Desktop\\libwiiu-master\\framework/bin/findcode500.bin'
    Traceback (most recent call last):
      File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 148, in <module>
        main()
      File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 56, in main
        findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read()
    IOError: [Errno 2] No such file or directory: 'C:\\Users\\Bully\\Desktop\\libwiiu-master\\framework/bin/findcode410.bin'
    Traceback (most recent call last):
      File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 148, in <module>
        main()
      File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 56, in main
        findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read()
    IOError: [Errno 2] No such file or directory: 'C:\\Users\\Bully\\Desktop\\libwiiu-master\\framework/bin/findcode400.bin'
    Traceback (most recent call last):
      File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 148, in <module>
        main()
      File "C:\Users\Bully\Desktop\libwiiu-master\framework\generate_html.py", line 56, in main
        findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read()
    IOError: [Errno 2] No such file or directory: 'C:\\Users\\Bully\\Desktop\\libwiiu-master\\framework/bin/findcode300.bin'
    Building for your windows platform...
    Hmm, I'm wondering why there are so many errors just by trying to compile while having installed everything like described?

    Damn MathewWi, you genius. Now it's all clear! *sarcasm*
    [​IMG]

    I might have forgotten something but yeah, that's it for now. Some people suck and that's not me apparently. :mellow: Please fix your stuff. I wasted like 2 hours just to figure that it's messed up and won't work.

    /rant
     
    Last edited by BullyWiiPlaza, Jun 18, 2015
    DarkFlare69 likes this.
  7. dauphin327

    dauphin327 GBAtemp Regular
    Member

    Joined:
    Jan 2, 2011
    Messages:
    106
    Country:
    Canada
    Replace {0} with your directory path in findcode = open('{0}/bin/findcode{1}.bin'.format(path,ver), 'rb').read(), it cannot find findcode300 because your trails are wrong some are \\ others / in "C:\\Users\\Bully\\Desktop\\libwi-master\\framework/bin/findcode300.bin"
     
  8. BullyWiiPlaza

    BullyWiiPlaza Nintendo Hacking <3
    Member

    Joined:
    Aug 2, 2014
    Messages:
    1,932
    Country:
    Germany
    That's not due to my input but due to their script:
    Code:
    frameworkDir=os.path.join(rootDir,"framework")
    # ...
    code532 = os.path.join(projectDir, 'bin', 'code') + str(532) + '.bin'
    In which file am I supposed to replace what?
     
  9. Crass

    Crass Rock me Dr. Zaius
    Member

    Joined:
    Nov 3, 2006
    Messages:
    1,002
    Country:
    United States
    Wow this is really impressive.
     
  10. dauphin327

    dauphin327 GBAtemp Regular
    Member

    Joined:
    Jan 2, 2011
    Messages:
    106
    Country:
    Canada
    https://github.com/wiiudev/libwiiu/...0f2337a986a851a0ae/framework/generate_html.py

    Change line 56, replace {0} by C:/Users/Bully/Desktop/libwi-master/framework

    else if it doesnt work change the line to the following: findcode = open('{0}\\bin\\findcode{1}.bin'.format(path,ver), 'rb').read()

    you may have to change all the trails below it to \\ instead of / too since you're on windows.
     
  11. BullyWiiPlaza

    BullyWiiPlaza Nintendo Hacking <3
    Member

    Joined:
    Aug 2, 2014
    Messages:
    1,932
    Country:
    Germany
    Okay but it doesn't work either and it's too messy anyway. I will stop here.
     
  12. Dr.Hacknik

    Dr.Hacknik Developer | Artist | Trans
    Member

    Joined:
    Mar 26, 2014
    Messages:
    1,767
    Country:
    United States
    Quit impressive! Sadely im on 5.4.0
     
  13. Marionumber1

    Marionumber1 GBAtemp Maniac
    Member

    Joined:
    Nov 7, 2010
    Messages:
    1,234
    Country:
    United States
    If people have problems, they can file issues on Github rather than complaining in a forum thread, which I'll probably forget soon.
     
  14. FaTaL_ErRoR

    FaTaL_ErRoR AKA ŦƕƎ ƠṀƐƝ
    Member

    Joined:
    Mar 9, 2014
    Messages:
    491
    Country:
    United States
    If you are having such a hard time compiling then maybe it's best you leave this for people that actually know what they are doing.
     
    DarkFlare69 and RichKK like this.
  15. TheZander

    TheZander King of the Level 7's
    Member

    Joined:
    Feb 1, 2008
    Messages:
    1,937
    Country:
    United States
    it's pretty convenient that it makes the payload for each fw version. because i have my nepews 3.1.0 wii to test as well. but pairing the gamepad back and forth is annoying.
     
  16. jonathanb9595

    jonathanb9595 Member
    Newcomer

    Joined:
    Apr 28, 2009
    Messages:
    15
    Country:
    United States
    Just got everything loaded up, the helloworld works like a charm! Good work guys! :yayu:
     
  17. BullyWiiPlaza

    BullyWiiPlaza Nintendo Hacking <3
    Member

    Joined:
    Aug 2, 2014
    Messages:
    1,932
    Country:
    Germany
    Lol, please just shut up. You skid have no room to talk at all as dumb as your posts are and have been. What about telling me what is wrong with what I did instead? Oh well, you can't because you don't know either and rather write a stupid comment.

    EDIT:
    Got it to compile, I'm going to help clarifying the readme.

    ---

    Here is a decent Windows installation tutorial I made:



    Links:
    Wii U Browser Exploit: https://github.com/wiiudev/libwiiu
    Python: https://www.python.org/downloads/
    devkitPro: http://sourceforge.net/projects/devkitpro/
    Cygwin: https://cygwin.com/install.html
     
    Last edited by BullyWiiPlaza, Jun 19, 2015
  18. deformyer

    OP deformyer Advanced Member
    Newcomer

    Joined:
    Jun 18, 2015
    Messages:
    76
    Country:
    Belgium
    @BullyWiiPlaza
    Please stop raging, I'm all about constructive feedback but this just makes you look like a little kid.
    And stop blaming me or the devs, all the error you're getting are caused by following the linux tutorial on windows.
    • Python IS a command on linux/maxosx but not on windows, i wouldn't make 2 separate tutorials if the instructions were the same.
    • Same for the deleting of the cygwin files. Of course cygwin doesn't compile if you delete the cygwin lines, this is only for linux.
    • I explained the fact why the windows tutorial is so short, you can make a good one yourself, as you're so good

    I would like to see you make a WiiU exploit, you can't even follow a tutorial.
     
    hugofestA and Quantumcat like this.
  19. BullyWiiPlaza

    BullyWiiPlaza Nintendo Hacking <3
    Member

    Joined:
    Aug 2, 2014
    Messages:
    1,932
    Country:
    Germany
    Nope, if you read my post properly you would have noticed that I used Linux AND Windows systems to try to install it on so no, I wasn't doing the Linux tutorial on Windows and I did nothing wrong because I followed exactly what it said. Also I made a full Windows tutorial but according to you I'm apparently so bad. What about admitting your own mistakes instead of trying to blame it on others? I pointed out a few things so that you can fix them so will you or not?
    Wrong, you can't even write a working guide. All I'm asking for is a decent tutorial but it seems too much. Fine then, I will have to experiment myself. Did you even install it yourself? Apparently not, because you wouldn't have that many issues in the guide.

    Also I surely don't have months or years of time to spend for Wii U hacking and besides it needed like 10 people to get it done. This has nothing to do with writing an own Wii U exploit anyway.
     
    Last edited by BullyWiiPlaza, Jun 19, 2015
  20. nastys

    nastys ナースティス
    Member

    Joined:
    Aug 5, 2014
    Messages:
    1,710
    Country:
    Italy

    Don't forget to log out then log in again to apply the changes to .bashrc and also you don't need to install Python, since it's preinstalled.
    Also I don't think you can edit .bashrc
    on OS X like on Linux.
     
    BullyWiiPlaza likes this.
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - Development, Homebrew,