Hacking ROP from within IOS_USB (5.5.1)

A

asper

Well-Known Member
Member
Level 10
Joined
May 14, 2010
Messages
942
Trophies
1
XP
2,030
Country
United States
Maybe you are moving the names in the wrong column... Anyway the WiFi otp dumper works great. You need loadiine-compiled udp server and you need to modify the ip of your pc IP in the WiFi otp tool sources (or hex edit the compiled elf at offset 0x00008A2C, 4 bytes starting with C0; do it at your own risk!!).

Launch the server on your pc and press " f " to start logging; go to wiiu and execute the WiFi otp tool and wait for the on screen dump; go back to your pc, you should see data streamed via udp; press " f " again to save the log.
 
Last edited by asper,
thisisallowed

thisisallowed

中国御宅族
Member
Level 3
Joined
Oct 8, 2015
Messages
621
Trophies
0
Age
114
Location
Jinan, Shandong
XP
371
Country
China
asper said:
Maybe you are moving the names in the wrong column... Anyway the WiFi otp dumper works great. You need loadiine-compiled udp server and you need to modify the ip of your pc IP in the WiFi otp tool sources (or hex edit the compiled elf at offset 0x00008A2C, 4 bytes starting with C0).

Launch the server on your pc and press " f " to start logging; go to wiiu and execute the WiFi otp tool and wait for the on screen dump; go back to your pc, you should see data streamed via udp; press " f " again to save the log.
Click to expand...
Can you post the compiled elf here? Can't seem to compile it...
 
TheZander

TheZander

1337
Member
Level 13
Joined
Feb 1, 2008
Messages
2,137
Trophies
2
Location
Level 7
XP
3,886
Country
United States
out of curiosity since it was stressed not to share the key with anyone. What could someone do with it to screw them over? Console ID kind of stuff, for online ban evasion or something?
 
Conn0r

Conn0r

Well-Known Member
Member
Level 5
Joined
Jan 10, 2016
Messages
355
Trophies
0
Age
27
XP
718
Country
United States
TheZander said:
out of curiosity since it was stressed not to share the key with anyone. What could someone do with it to screw them over? Console ID kind of stuff, for online ban evasion or something?
Click to expand...
You shouldn't share it because it is copyrighted data. Not because it's Personally Identifiable.
 
TheZander

TheZander

1337
Member
Level 13
Joined
Feb 1, 2008
Messages
2,137
Trophies
2
Location
Level 7
XP
3,886
Country
United States
Conn0r said:
You shouldn't share it because it is copyrighted data. Not because it's Personally Identifiable.
Click to expand...
that's it? I was guessing there was some unique part of it that could be duped on another console or something. How would Nintendo even recognize the millions of crazy long keys. I understand that they wouldn't without proper context, but even then I don't get how it's enough.
 
Conn0r

Conn0r

Well-Known Member
Member
Level 5
Joined
Jan 10, 2016
Messages
355
Trophies
0
Age
27
XP
718
Country
United States
TheZander said:
that's it? I was guessing there was some unique part of it that could be duped on another console or something. How would Nintendo even recognize the millions of crazy long keys. I understand that they wouldn't without proper context, but even then I don't get how it's enough.
Click to expand...
If it was possible to overwrite a ONE TIME PROGRAMMABLE rom, the console would most likely not boot because some of the keys in the otp are required to properly decrypt data on the nananannand.
 
Pachee

Pachee

Well-Known Member
Member
Level 5
Joined
Nov 3, 2015
Messages
480
Trophies
0
XP
562
Country
United States
Sans-Serif said:
quick thing:
I'm Trump, and I didn't work on it at all. That's dimok, Maschell, QuarkTheAwesome, and kanye_west's work, among others.

I believe IOS-KERNEL has all the permissions needed to dump it, but it's down to actually implementing it, and not much is documented about the SEEPROM from what I know.
Click to expand...
First, thanks everyone for the dumper.
I was reading on wiibrew, not even the wii seeprom has information about reading it. Maybe tueidj knows something about it on the Wii U? He wrote the seeprom.c used in this tool https://gbatemp.net/threads/koreankii-add-or-remove-the-korean-key.336940/
 
M

Mario10095

Well-Known Member
Newcomer
Level 1
Joined
Apr 25, 2016
Messages
67
Trophies
0
Age
30
XP
93
Country
United States
EclipseSin said:
Use a toothpick and a pair of tweezer. Use the tooth pick to try and release the push latch in the back by pushing in (it should feel springy, dont force it), then use the tweezers to pull it out, alternatively use two toothpicks.

if you cant, try to remove the piece without undoing the latch. If you can get the piece out, carefully force a good sd card in, then remove like normal.
Click to expand...
Where is the springy thing?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  SDUSB - The modern way to play Wii U games from SD - at full speed

Tutorial Homebrew app  USB Partition - Use partitioned USB HDDs with the Wii U

Hacking Homebrew Tutorial  How to get Nintendo TVii icon back without downgrading + extras

Unable to dump OTP.bin

Hacking Emulation Homebrew  Could you explain to me why there are no standalone emulators on Wiiu using aroma?

Very annoying that Nintendo never fixed this bug

Wii U (bricked) Mii Maker

Using a single external partitioned hard drive.

General chit-chat
Help Users
  • No one is chatting at the moment.
  • SylverReZ @ SylverReZ:
    @Veho, Stepcroc, I'm stuck.
  • Veho @ Veho:
    Those are monitor lizards you dunce.
     +1
  • SylverReZ @ SylverReZ:
    :tpi: :rofl2:
  • SylverReZ @ SylverReZ:
    I'm funny. lol.
  • SylverReZ @ SylverReZ:
    https://youtu.be/WwFuB1GRKz4
  • SylverReZ @ SylverReZ:
    @K3Nv2, WTF?
  • K3Nv2 @ K3Nv2:
    Eggs and roasted potatoes came out good
  • K3Nv2 @ K3Nv2:
    Watching the first omen and so far it's not the priest doing the scaring
  • Veho @ Veho:
    Shouldn't the kid be the scary one?
  • K3Nv2 @ K3Nv2:
    The second omen: the chior boy gets his revenge
  • Veho @ Veho:
    Reverse exorcist: it's when you hire a demon to remove the priest out of a small child.
  • K3Nv2 @ K3Nv2:
    Hire Kendrick Drake possessed a minor again
  • Veho @ Veho:
    Yeah, I'd run away from his singing too.
  • K3Nv2 @ K3Nv2:
    I wonder if Drakes still allowed to use his Instagram
  • ZeroT21 @ ZeroT21:
    sounds like everyone has some great imaginary friends
  • SylverReZ @ SylverReZ:
    @K3Nv2, Yeah, that was insane.
  • SylverReZ @ SylverReZ:
    Don't know what Drake was even thinking.
  • K3Nv2 @ K3Nv2:
    What every rich scumbag thinks that they can put their dick on anything and get away with it
  • ZeroT21 @ ZeroT21:
    I better hide my silicone Tifa doll
     +1
  • Veho @ Veho:
    What did Drake do, exactly? I don't follow celeb gossip.
  • SylverReZ @ SylverReZ:
    @Veho, Supposed accusations that Drake groomed a minor.
  • K3Nv2 @ K3Nv2:
    Allegedly groomed a 17 year old Instagram model or something along those lines
  • SylverReZ @ SylverReZ:
    Yep, something like that.
  • SylverReZ @ SylverReZ:
    https://www.youtube.com/watch?v=dbSORc_3_Yw
  • SylverReZ @ SylverReZ:
    https://www.youtube.com/watch?v=F1MJtV0UPI8
    SylverReZ @ SylverReZ: https://www.youtube.com/watch?v=F1MJtV0UPI8