BluUBomb exploits the Wii U's bluetooth stack to gain IOSU kernel access via bluetooth.

Not to be confused with BlueBomb for the Wii and Wii Mini.

What does this mean?
This means you can get IOSU code execution by only pairing an emulated Wii Remote to the system.

This should be useful to fix a few softbricks on the Wii U side.
You don't need a working browser or Mii Maker.
if you've messed up with regionhax and can no longer access the browser, BluUBomb can fix this as well.

The BluUBomb repository contains a few different kernel binaries for different purposes:

loadrpx.bin
Launches a launch.rpx from the root of your SD card on the next application launch.

regionfree.bin
Applies IOSU patches to temporarily remove region restrictions.
This should be helpful if you've locked yourself out of your applications due to permanent region modifications.

wupserver.bin
Launches a wupserver instance directly after using bluubomb.
This gets you full system access remotely via wupclient (replace the IP in line 29 with the one of your Wii U).
This works without having to leave the controller pairing screen.

Check out the repository for additional instructions:
https://github.com/GaryOderNichts/bluubomb

The write-up and technical details can be found here:
https://github.com/GaryOderNichts/bluubomb/blob/master/WRITEUP.md

Credits

• GaryOderNichts - bluUbomb
• rnconrad for the WiimoteEmulator
• dimok789 and everyone else who made mocha possible

 

[Helvetica]

Ignore that error and run "sudo hciconfig hci0 reset". Then check if it's still enabled.

Ran the command and it still says it's enabled.

May I ask, what Linux Distro are you using?

 

[testing_this]

Ran the command and it still says it's enabled.

May I ask, what Linux Distro are you using?

How I make it work with Ubuntu 21.10 (and 21.04).

Disable the bluetooth service with:

sudo systemctl disable --now bluetooth

Reboot

Then enter:

sudo hciconfig hci0 reset

Now it will appear as Disabled.

 

[Helvetica]

How I make it work with Ubuntu 21.10 (and 21.04).

Disable the bluetooth service with:

sudo systemctl disable --now bluetooth

Reboot

Then enter:

sudo hciconfig hci0 reset

Now it will appear as Disabled.

Tried this and it worked! however, i ran into another issue. I injected the wupserver file and when I attempt to connect using wupclient on my windows machine, I get thie error in my screenshot.
@GaryOderNichts Any reason this may happen? I simply need to download and edit system.xml to load a different system menu title id and then upload it back to the console.

 

[godreborn]

Try it on the desktop or give users privileges. Iirc, you need your ip address in wupclient. Edit it with idle.

 

[Helvetica]

Try it on the desktop or give users privileges. Iirc, you need your ip address in wupclient. Edit it with idle.

Tried that and I still get the same error. I'm tempted to try the rpx launch payload but i'm not sure how to load it since my console instantly freezes at the warawara plaza

 

[GaryOderNichts]

Make sure your SD card is formatted properly and detected. Try blowing some air into the SD slot.

 

[Helvetica]

Make sure your SD card is formatted properly and detected. Try blowing some air into the SD slot.

Still nothing. I've made sure everything on my sd card is correct and the terminal shows that everything worked. For wupserver, do I have to stay in Linux for it to work or is rebooting back to windows to run wupclient ok?

Edit: so after trying on another wii u, i can boot homebrew launcher, but wupserver still refuses to do anything

 

[Helvetica]

I finally got wupclient working! Turns out the version by dimok doesn't work, so I used FIX94's version and was able to download system.xml that way. My system menu is saved! Thank you for making this amazing tool.

 

[Mc123]

Based on a situation I posted on another thread (https://gbatemp.net/threads/trying-to-fix-my-wii-u.603025/#post-9663222), would it be possible to use this to fix my Wii U? Note that the console crash after logging in.

 

[GaryOderNichts]

Based on a situation I posted on another thread (https://gbatemp.net/threads/trying-to-fix-my-wii-u.603025/#post-9663222), would it be possible to use this to fix my Wii U? Note that the console crash after logging in.

Can you get to the controller pairing screen?

 

[Mc123]

Can you get to the controller pairing screen?

Yes. But if I leave, it crash.

 

[GaryOderNichts]

Yes. But if I leave, it crash.

Well while bluubomb might be able to run on your console, I'm not sure if you can do anything.
From looking at your original thread, this seems like a dying mlc.

 

[strnadik]

I am wondering the same with the 160-0103 error. I have Teensy2.0 on the way but I only have SLC.bin and OTP.bin. The Wii U worked but has gone through Factory Reset and now doesnt work and throws the 160-0103. The controller is paired. Would there possibly be a way to save my console?

 

[YoshiCrystal]

Hello, everytime I try to use a kernel binary it turns off my Wii U. I'm using an EU console and version 5.5.5 E.

 

[xstas13]

Alright so here is a binary which copies a file named "cert.der" from the root of your SD card to the correct certificate path.
You can get the original cert from the decrypted NUS title or if you have a backup.
So what you need to do:
- extract the attached .zip
- rename the "ssl_unbrick.bin" to "bluu_kern.bin" and copy it to the root of the SD
- rename the cert to "cert.der" and copy it to the root
- power on your Wii U
- run bluubomb
- wait

Once finished successfully the console will reboot. If it fails it will power off without rebooting.
Let me know how it goes.

I have locked my console by changed sys_prod.xml
I change parameter <product_area>
From: <product_area type="unsignedInt" length="4" access="710">1</product_area>
To: <product_area type="unsignedInt" length="4" access="710">4</product_area>

The console now freezes on the first logo screen and music plays.
I tried to connect via BluUBomb

After running command: sudo ./bluubomb <bdaddr>
console reboots to black screen
My SD Card:
loadrpx.bin -> bluu_kern.bin

homebrew_launcher.rpx -> launch.rpx

I already realized that I cannot run Homebrew Launcher in this state.
But I think that through running the binary file, I can rewrite sys_prod.xml
@GaryOderNichts
Could you create such binary file?
Or send me sources of ssl_unbrick.bin and I try to build it for my case?

Thank you in advance

 

[Gaboliux]

My Bluetooth chip isn't compatible with bluubomb . If you know which ones are compatible, please let me know

Sent from my Redmi 6 Pro using Tapatalk

 

[GaryOderNichts]

My Bluetooth chip isn't compatible with bluubomb . If you know which ones are compatible, please let me know

Sent from my Redmi 6 Pro using Tapatalk

What do you mean with "not compatible"?
Does it give you an error? Or just no response from the Wii U?

 

[Gaboliux]

What do you mean with "not compatible"?
Does it give you an error? Or just no response from the Wii U?

The terminal says: Unsupported manufacturer and I can't disable Simple pairing mode. The manufacturer is Realtek

Sent from my Redmi 6 Pro using Tapatalk

 

[Bertuga]

Very nice!

My WiiU is bricked in the formatting screen, I don't think it is a state in which is possible to pair wiimotes, so it won't work for me, but it is good to see the WiiU getting new stuff.

 

[GaryOderNichts]

Version 4 is now released!
Changelog:

• Cleaned up and removed unnecessary code.
  This increases stability and compatibility with some bluetooth adapters.
• Add a longer delay between data transfers.
  This fixes an issue where bluubomb just did nothing on some bluetooth adapters.
• Add a "install_wup" binary which installs valid signed WUP from the SD Card.
  Refer to the README for instructions.