Hacking OTP access via IOSU kernel

[MRJPGames]

"Grab em by the IOSU" ~Donald Trump October 2016

 

[Aerocool]

Time to get a WiiU

 

[TheZander]

anyone try 532?

 

[thisisallowed]

try downloading the program again or try running it again. I got more than just a bunch of zeros.

I mean, even when it runs fine there are 0s.

 

[MRJPGames]

I mean, even when it runs fine there are 0s.

Just retry, got it my first time to, second time worked for me. Just reboot the system and try again. (It might take you more attempts but it does work)

 

[Zero72463]

Just retry, got it my first time to, second time worked for me. Just reboot the system and try again. (It might take you more attempts but it does work)

What does yours end with?

 

[DKB]

anyone try 532?

please dont tell me your still on firmware 5.3.2 lol

 

[TheZander]

nah on 532, just black screens and back to hbl

 

[thisisallowed]

Just retry, got it my first time to, second time worked for me. Just reboot the system and try again. (It might take you more attempts but it does work)

Again. Not everything is 0, but only some stuff. Matches the pastebin from before.

 

[MRJPGames]

What does yours end with?

That's private XD
Nah ends with 00E1 (Not more than that because 4 characters can't be copyrighted right?)

--------------------- MERGED ---------------------------

Again. Not everything is 0, but only some stuff. Matches the pastebin from before.

Then it's correct. There should be 0s at some points.

 

[Aurora Wright]

Time to get a WiiU

Yeah, time to get some console-unique encryption keys to encrypt... something, I guess

 

[retrofan_k]

Later on in Gbatemp:
Bernie Sanders: Title Installer Released
N00bs: I brixxed mey konsole!!!!
Some people: RELSAE TEH SURSE CODDDDDDDDD!!!111

George Bush Unbricker to the rescue

 

[ShadowOne333]

The only missing stuff right now are the boot0/1 portion of the OTP to get it completely.
That's the 0's from 2E0-2FF and from 380-3BF.
After that we are golden.

EDIT:
BTW, my OTP.BIN file ended up being exactly 1.00 KB.
I typed it byte by byte, and verified my otp dump in HxD like 4 times against both the image I got and the Pastebin to be sure.

 

[thisisallowed]

The only missing stuff right now are the boot0/1 portion of the OTP to get it completely.
That's the 0's from 2E0-2FF and from 380-3BF.
After that we are golden.

That's what I meant.

 

[Plaguereign]

Any way to get this to write the output to a bin file for later use?
Thanks!

View attachment 66184​

This will print your console's OTP region to the screen. Do not share it. The readout contains console-specific encryption data, which is property of Nintendo. It has NAND keys, the Ancast key, the common key, and others.

Remember to vote in November!
http://www8.zippyshare.com/v/V6tZbKcr/file.html

ROP Thread

 

[Aletron9000]

Any way to get this to write the output to a bin file for later use?
Thanks!

Nope, write it down and hex edit it into a file

 

[MRJPGames]

Any way to get this to write the output to a bin file for later use?
Thanks!

no, As you can see source is not made public so you cannot do this (at least right now), just type it Byte for Byte like the rest of us.

 

[jbuck1975]

Anyone notice that in the pastebin
"MORE NX NEWS" is encoded in it?

 

[ShadowOne333]

Anyone notice that in the pastebin
"MORE NX NEWS" is encoded in it?

You forgot the SOON:
"MORE NX NEWS SOON"

 

[barack_obama]

Are you ready for something better?
( ͡° ͜ʖ ͡°)

 

[mariogamer]

Check the source,you will see the function read_otp_internal,that is described in wiki,a prove that it is not fake...

And it is public,so maybe we can write a file with it...