Post: Wii U hack for firmware 5.5.0 Slightly Delayed
Options
12-22-2015, 02:26 PM
#1
Tristan
< ^ > < ^ >
Quote From Hykem's GBA Temp
Originally posted by another user
So, I've got good news and bad news.
The bad news is that I'm going to postpone the release again. I said this week would be a more realistic release date, but I never confirmed it would happen then. Still, it's not a huge delay and it's definitely not to wait for a new firmware update.
Like I stated before, I have the entire month of January free just to work on this and the exploit will be released and maintained before February (yes, I'm sure of that).
Now the good news, which should explain the additional delay. I need some time to pursue something I found in the MCP module. If I'm correct about this, we should be able to get a boot-time exploit. The reason for that is that the MCP module is responsible for launching "master" titles (like the PPC kernel, for example) and I found a bug that, if it turns out to be exploitable, should allow to hijack execution while MCP is still preparing to launch stuff. This means, early IOSU access and a direct boot into an exploitable environment. Not to mention that MCP is the IOSU user module with most privileges (next to BSP that is) and having access to it alone is more than enough to own the IOSU kernel at any given time.
I believe it's important to look into this because if it works, no one will have to worry about possibly bricking consoles by installing custom titles (homebrew channel, for example) and then attempting to launch them before triggering the exploit again after a fresh boot.
With that said, if this turns out to be nothing, I'll release the exploit right away.
The bad news is that I'm going to postpone the release again. I said this week would be a more realistic release date, but I never confirmed it would happen then. Still, it's not a huge delay and it's definitely not to wait for a new firmware update.
Like I stated before, I have the entire month of January free just to work on this and the exploit will be released and maintained before February (yes, I'm sure of that).
Now the good news, which should explain the additional delay. I need some time to pursue something I found in the MCP module. If I'm correct about this, we should be able to get a boot-time exploit. The reason for that is that the MCP module is responsible for launching "master" titles (like the PPC kernel, for example) and I found a bug that, if it turns out to be exploitable, should allow to hijack execution while MCP is still preparing to launch stuff. This means, early IOSU access and a direct boot into an exploitable environment. Not to mention that MCP is the IOSU user module with most privileges (next to BSP that is) and having access to it alone is more than enough to own the IOSU kernel at any given time.
I believe it's important to look into this because if it works, no one will have to worry about possibly bricking consoles by installing custom titles (homebrew channel, for example) and then attempting to launch them before triggering the exploit again after a fresh boot.
With that said, if this turns out to be nothing, I'll release the exploit right away.
Previous Post
And here I was, complaining that this year’s Christmas hacks were not coming. Now we’ve got announces of a Kernel exploit on the PS4, Black-fin on the PS Vita, and today, an IOSU exploit release on the Wii U.
Hykem, known for his hacking work on many, many consoles, just confirmed he’ll try to release a Christmas present for Wii U owners. He’s clarified today on GBATemp that he has an exploit running on IOSU, up to firmware 5.5.0, the latest and greates Wii U Firmware.
Wait, what’s IOSU on the Wii U?
Alright, for those of us not familiar with Wii U hacking, IOSU is basicallly the operating system of the Wii U when it runs in Wii U mode. It’s what we could compare to the “native” world on the PS Vita per opposition to the PSP Emu. In particular, IOSU is responsible for security checks on the Wii U, verifying that you’re not trying to run unsigned code, etc.
So yep, having compromised IOSU is a big deal.
You must login or register to view this content.
Hykem’s exploit on Wii U 5.5.0
Hykem confirmed he compromised IOSU, and that his exploit works up to firmware 5.5.0. His exploit does not require PPC Kernel access, which means kernel exploits won’t need to be revealed for this one to work. (in other words, the Wii U scene has several aces up its sleeves and won’t need to reveal all of them at once).
Hykem wants to release the exploit for Christmas, but he points out there is still lots of work to do, specifically:
- Port the exploit to all firmwares where it makes sense (I’d say that it’s most important to release it for the latest firmware first?)
- Obfuscate the exploit so that Nintendo have a hard(er) time patching it, giving more time for users to be aware of the exploit release.
- Add mechanisms to the exploit so that people don’t update by mistake. This probably means an option set by default to block auto updates and block specific Nintendo addresses such as nus.c.shop.nintendowifi.net
So, at this point there’s no guarantee this will be released exactly on December 24, but Hykem’s confirmed the exploit and his intent to meet this deadline. His full statement:
Originally posted by another user
Time to clear the air again. :rolleyes:
The following statements are facts:
– I have successfully compromised the Wii U’s IOSU;
– The exploit being used works from 2.0.0 up to 5.5.0, but it obviously needs to be ported for each firmware;
– The exploit doesn’t need PPC kernel access, so the new kernel exploit won’t have to be released.
I want to do some kind of Christmas surprise yes, but take that with a grain of salt. I can’t promise I will have the time to get everything ready by then and I’m not disclosing what will be released.
Keep in mind that releasing the exploit “as-is” is pointless, so it will have to be ported first and most likely obfuscated so it will take a little longer to patch. It’s also worth noting that I will have to develop an easy way to block updates so no one updates past 5.5.0 by accident.
If you don’t believe in anything stated above, that’s not my problem. The best (and easiest) thing to do is wait and see.
The following statements are facts:
– I have successfully compromised the Wii U’s IOSU;
– The exploit being used works from 2.0.0 up to 5.5.0, but it obviously needs to be ported for each firmware;
– The exploit doesn’t need PPC kernel access, so the new kernel exploit won’t have to be released.
I want to do some kind of Christmas surprise yes, but take that with a grain of salt. I can’t promise I will have the time to get everything ready by then and I’m not disclosing what will be released.
Keep in mind that releasing the exploit “as-is” is pointless, so it will have to be ported first and most likely obfuscated so it will take a little longer to patch. It’s also worth noting that I will have to develop an easy way to block updates so no one updates past 5.5.0 by accident.
If you don’t believe in anything stated above, that’s not my problem. The best (and easiest) thing to do is wait and see.
see the original post You must login or register to view this content.
Last edited by
Tristan ; 12-31-2015 at 12:59 PM.
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
