D
Deleted User
Guest
I don't think it's even within Derrek's right to "release" the boot1 key. There's a good summary of the situation here. If I understand correctly, the mere act of having the boot1 key doesn't even enable anything, it just allows the community to decrypt boot1 and search for other potential exploits.
At the 3c33 hacking conference, Derrek discussed in extremely vague terms a "glitching" solution (private unreliable hardmod) to decrypt and dump boot1. He then looked at the boot1 code for potential system flaws/entry points but couldn't find any.
As of this time (August 2017) the only evidence the public has that Derrek even has the boot1 key is his word. The only people who can verify this tweet are Derrek and Nintendo. However, in the future if someone else does discover the key, that tweet is "proof" that Derrek had it first, which is cool enough hacker cred.
It's possible he doesn't want to divulge more information about the hardmod as maybe it's very hacky/bricky, and the only positive thing that he would get out of it is someone else potentially finding a bug in boot1 where he couldn't, which wouldn't be good hacker cred. That's just an opinion, however. Keep in mind though, it's within his right entirely to not want to go into detail about his escapades (although that makes it a particularly cheap "discussion" point to use during a hacking conference).
His on record reason for not wanting to discuss further details on the hardmod/boot1 situation is that it's "just the Wii U". He's implied that the homebrew scene isn't good enough and most people benefitting from the scene are pirates. There's plenty of non-warez apps on http://www.wiiubru.com/appstore/#/ , but he asserted that those games and apps are not popular.
According to the app store stats some of the more popular apps are modding/emulators, but the fact remains that it's not a "flourishing" homebrew scene like on the Wii. In my opinion, and almost ironically, the fact that any Wii homebrew works on a Wii U leads to less interest in the Wii U, as some of the Wii libraries are more developed and there's no porting work that needs to be done.
The best the community at large can really do about this is to just continue modding and using/making homebrew apps. There's a guide for getting started on homebrew development here. Derrek's glitching setup aside, more interest in the console as a whole will always drive more interest to something like a boot1hax ever being a possible future.
This turned into a larger post than I wanted it to!!... But anyway, that's why we are where we are. Haxchi is an exploit in a DS virtual console game, which allows it to be persistent, and coldboothax allows that DS game to be executed on startup. It's much more hacky and risky than a lower level entry point, but none exists at this time.
As devices keep using cryptographic checks at lower and lower levels, we may see "stable" exploits becoming rarer and rarer. The iPhone jailbreaking community hasn't really seen a good jailbreak since iOS 8 (They're going on 11 now) and I think most Android phones with locked bootloaders are more or less hopeless at this point.
It's more productive to spend time focusing on what we have rather than what we want. In other words, what exactly can't be done on a soft-modded Wii U today that magically the boot1 key would allow us to do? (Keeping in mind that all the boot1 key would strictly enable is checking boot1 for entry points). There's plenty of progress to be made in the modding/app scene alone (media player! easy way to stack mods, ocarina-style cheat codes, wii u linux) that has nothing to do with persistent boot1 mods.
At the 3c33 hacking conference, Derrek discussed in extremely vague terms a "glitching" solution (private unreliable hardmod) to decrypt and dump boot1. He then looked at the boot1 code for potential system flaws/entry points but couldn't find any.
As of this time (August 2017) the only evidence the public has that Derrek even has the boot1 key is his word. The only people who can verify this tweet are Derrek and Nintendo. However, in the future if someone else does discover the key, that tweet is "proof" that Derrek had it first, which is cool enough hacker cred.
It's possible he doesn't want to divulge more information about the hardmod as maybe it's very hacky/bricky, and the only positive thing that he would get out of it is someone else potentially finding a bug in boot1 where he couldn't, which wouldn't be good hacker cred. That's just an opinion, however. Keep in mind though, it's within his right entirely to not want to go into detail about his escapades (although that makes it a particularly cheap "discussion" point to use during a hacking conference).
His on record reason for not wanting to discuss further details on the hardmod/boot1 situation is that it's "just the Wii U". He's implied that the homebrew scene isn't good enough and most people benefitting from the scene are pirates. There's plenty of non-warez apps on http://www.wiiubru.com/appstore/#/ , but he asserted that those games and apps are not popular.
According to the app store stats some of the more popular apps are modding/emulators, but the fact remains that it's not a "flourishing" homebrew scene like on the Wii. In my opinion, and almost ironically, the fact that any Wii homebrew works on a Wii U leads to less interest in the Wii U, as some of the Wii libraries are more developed and there's no porting work that needs to be done.
The best the community at large can really do about this is to just continue modding and using/making homebrew apps. There's a guide for getting started on homebrew development here. Derrek's glitching setup aside, more interest in the console as a whole will always drive more interest to something like a boot1hax ever being a possible future.
This turned into a larger post than I wanted it to!!... But anyway, that's why we are where we are. Haxchi is an exploit in a DS virtual console game, which allows it to be persistent, and coldboothax allows that DS game to be executed on startup. It's much more hacky and risky than a lower level entry point, but none exists at this time.
As devices keep using cryptographic checks at lower and lower levels, we may see "stable" exploits becoming rarer and rarer. The iPhone jailbreaking community hasn't really seen a good jailbreak since iOS 8 (They're going on 11 now) and I think most Android phones with locked bootloaders are more or less hopeless at this point.
It's more productive to spend time focusing on what we have rather than what we want. In other words, what exactly can't be done on a soft-modded Wii U today that magically the boot1 key would allow us to do? (Keeping in mind that all the boot1 key would strictly enable is checking boot1 for entry points). There's plenty of progress to be made in the modding/app scene alone (media player! easy way to stack mods, ocarina-style cheat codes, wii u linux) that has nothing to do with persistent boot1 mods.
q8
But as far as I remember he actually said at 33c3 "... maybe we found a bug ...". Probably he thought that Wii U scene is pretty shitty and he didn't tried to exploit it (he says this too ".. but we haven't really tried to exploit it"). IMO it is a bit shitty, it's actually 8% developers 90% ppl that wants "FREE GAMEZ", i think that a boot1 exploit would be cool for
1- less people "i don't have 7$"
2- easier NAND backup/restore and such (TSOP hardmod has a pretty high change to fuck with the hardware)
3- if that famous boot1 bug is good enough, less users "oh my god, i'll brick if i launch this app"
And having a safe and clean space to work is actually good (redNAND isn't really one of the best things to work with, it eats 33 GB of an SD card, if the sdcard is slow then it'll be slow af,...)
So yeah, this boot1 bug wont be as good as PPC kernel or IOSU but it may help a little bit
boo1 is the final step for Wii U hacking.
It would finally be a proper CFW which runs at boot without modifying system titles or risking bricks very often.
Even better, we might have a neat recovery tool at boot, instead of CBHC's system modification as well, which is only another system title redirection.
With boot1 we could finally fuck around with sysnand+CFW and be on the safe side of things.
And hopefully Home menu themes, because fuck white
you can still fuck with you wii u IMO, CBHC runs early, not the earliest state you could get, but it runs before the wii u menuboo1 is the final step for Wii U hacking.
It would finally be a proper CFW which runs at boot without modifying system titles or risking bricks very often.
Even better, we might have a neat recovery tool at boot, instead of CBHC's system modification as well, which is only another system title redirection.
With boot1 we could finally fuck around with sysnand+CFW and be on the safe side of things.
And hopefully Home menu themes, because fuck white
Still, if you screw up the install of CBHC or make a mistake in the system title which should run, there is little to no chance of recovery, which is why boot1 would be ideal for these situations.
Not necessarily: you can have a legitimate Haxchi compatible game and another one installed with wup installer and install CBHC on the wrong game by mistake.
Well, yeah haha.
I'm just talking for those that are really clueless or tend to be messy.
Something of this magnitude should be somewhat user friendly and having a backup failsafe as well for those situations.
I am running just Haxchi with HBL, I haven't setup CBHC because to me it's somewhat of a messy workaround to run sigpatches at boot.
I can hold off for boot1.
D
Deleted User
Guest
well what happens if coldboothax breaks? Keep in mind (I think the dev for coldboot mentioned this) that uninstalling coldboothax (using the installer) could still created a brick just by doing that. Meaning if you remove coldboothax you are really playing with fire. (let alone the installation of coldboot itself is very dangerous due to the fact that the sys.xml is already corrupted or something like that) So having boothax would allow people to have a safer method. And not having to buy a ds vc, nor use the internet browser. And for those with coldboot who use the bootexploit... could then safely remove coldboot without much worry because they would have a fall back system, in case coldboot doesn't restore the xml properly. Plus, I don't think many people want to buy a ds vc, just to see it never to be used except for a exploit.still dumb stuff. (piracy isn't the only thing about the Wii U
Last edited by ,
You didn't really understand that system.xml brick, it isn't like "it doesn't overwrite the xml", the problem is that the sector of the system.xml gets corrupted and without a system.xml you can't boot at all. We don't know if the bug is before or after the xml parser (it's not in the xml parser afaik), and 7$ for persistent code execution seems a good price
Btw, that sector bricks happens when you write the system.xml a kinda high number of times, not 2-3 times
-
-
-
-
-
-
@
Psionic Roshambo:
Here on crazy farm we have milk from every mammal known to man, including man!+1 -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
