Jump to content

Wii U

Conéctate para seguir esto  

32 archivos

  1. 64Inject

    64Inject is a program that allows you to inject games into the Nintendo 64 virtual console of the Wii U. Focused on streamlining the testing of different combination of ROM, ".ini" configuration file and base game.
    Features
    Two modes of use, graphic and by commands. Contextual help and two languages, English and Spanish. Virtual console configuration, easily disable the dark filter, aspect ratio and display scale of the game. Simplify the incorporation of the ".ini" configuration file for the game. Support for ROM formats *.z64, *.n64, *.v64 and *.u64 Support images *.png, *.jpg and *.bmp The Title ID reflects if you have used the same combination of ROM, ".ini" configuration file and base game. Multiple options through the command window, you can define each thing or simply an input folder and an output folder, or combine.

    by phacoxcll.

    0 descargas

  2. CBHC

    Installing just Haxchi is perfectly safe and will give you simple channel access to other homebrew programs without the need of the browser exploit anymore.
    Installing CBHC though is FAR, FAR more dangerous but will allow coldboot into patched menu/homebrew.
    WARNING
    Please ONLY INSTALL THIS if you already have the normal Haxchi installed and know that it works perfectly, just install it over your existing Haxchi installation, again, DO NOT INSTALL IT from a freshly downloaded, never started/tested game or you may brick. Also ONLY INSTALL THIS IF THE DS VC IS BOUGHT FROM THE ESHOP ON THAT CONSOLE AND ON NAND AND YOU HAVE NO USB CONNECTED WHEN USING THE INSTALLER.
    If a new CBHC version comes out you can just run the installer again and let it overwrite the existing CBHC installation, same rules as on the first installation still apply.
    Infos
    Installing this will execute the DS VC of your choice directly on system boot - giving you a direct coldboot exploit, the features you have after installing it are explained down below.
    After installing it you better go ahead and set up some DNS server protection to block potential future system updates, while CBHC will fake the system version to 99.99.99 it still adds another safety factor just in case Disable standby for extra safety, again just in case NEVER try to delete/install over the DS VC you used to install since it is now basically your system menu so if you break it your console bricks too, there are several protections against overwriting, moving to usb and deleting, but you should still not try your luck and trigger that protection over and over again, just generally be smart about it, I am not responsible for your dead wiiu because of user error. Do NOT do a system format while CBHC is installed and autoboots your system or you will brick because you delete CBHC in the process Do NOT delete the user profile you used to buy the DS VC since that will make it not properly licensed anymore on your console. Also there still is a myth going around it will brick if you move its icon in the menu or put the icon into a folder; that is false and is perfectly safe as it is only a visual change in the system menu. Features
    Anyways, enough of that - what can this actually do when installed?
    It offers a basic menu from which you can boot into:
    The system menu which will get full signature and region patching and support this ftpiiu-everywhere version; CBHC comes with its own sysnand CFW included. You can boot into the .elf version of homebrew launcher. You can boot a fw.img or Mocha CFW on your sd card which could be useful for rednand and if you really need to connect to wupserver from a pc, but thats really only interesting as a developer. For pretty much anyone the system menu setting (which uses the included CBHC CFW) is enough, on top of that using Mocha or fw.img for sysnand can lead to bootup problems and takes far longer to boot so please just dont do it, I dont know how often I can repeat that point anymore. You can boot into the vWii system menu or the vWii homebrew channel, also if you hold down B on boot you will automatically boot into the vWii system menu as the menu originally did If after installing CBHC no menu pops up when you turn on your console then you may have run into the very rare case in which CBHC did not properly install and your Haxchi installation still runs, in this case just go back into the homebrew launcher and try installing it again.
    Autoboot
    If you want to automatically go to any of these options just enable the autoboot option for it.
    The menu controls are very simplistic, up/down to move the cursor and A to either select the option or change the autoboot option, you can control it using the gamepad or any wiimote, classic controller or wiiu pro controller OR if you are really desperate the the "sync" button on the console itself will work too - click once to move the cursor down and double click to simulate what A does normally.
    Once autoboot is set up you can easily cancel it by pressing the home/sync button while the "Autobooting..." message is shown to get back into the little menu and change your settings or launch something different from there.
    by FIX94.

    0 descargas

  3. CDecrypt

    Aplicación  para Windows que nos permite desencriptar el contenido de los archivos NUS.

    48 descargas

  4. DiscU

    A Windows Tool that can Extract and Decrypt Wii U Game Images in WUD Format
    New in this Release:
    Fixes wrong IV in sys part Adds content extraction for WUP install Few other minor changes & fixes.

    156 descargas

  5. fuse-wiiu

    fuse-wiiu is an easy way to extract data from Wii U titles in various formats. It's compatible to:
    Title in the installable format (.tmd, .app, .h3 etc.) Multiple versions of a title in the installable format (.tmd, .app, .h3 etc.) Wii U disc images (WUD, WUX and splitted WUD), including kiosk discs fuse-wiiu requires Java 8 and fuse implementation thats compatible to you OS and CPU architecture.

    0 descargas

  6. Haxchi

    This is the continuation of the POC Haxchi exploit by smea.
    It features compatibility with a lot of DS VC and can be easly installed and further configured.
    Installation
    Just extract the contents of it onto your sd card. The "haxchi" folder right now just consists of a simple replacement icon, logo and replacing the game title with "Haxchi", its example config.txt will boot homebrew launcher by default and a fw.img on your sd card when holding A. For a full list of all compatible buttons that you can use for the config.txt go here.
    The content of this haxchi folder can be changed to your liking - if you want to you can also add in an alternative bootSound.btsnd to replace the original startup sound which I did not do in this example haxchi folder.
    After setting up the content to your liking all you have to do is run the Haxchi Installer in homebrew launcher, select the game you want to install it on and that is it! If you ever want to make changes to the content folder it installed to then just re-run the Haxchi Installer and install it again, you dont have to reinstall the game beforehand, it'll just overwrite the previous haxchi installation with your new data.
    Please note, this will ONLY WORK WITH DS VC GAMES ON NAND, if you have a ds vc game on USB you want to use then please move it to your NAND first and ideally detach your usb device before using this installer .elf, if you dont remove your usb devices it may freeze up on exiting or not install properly.
    This also ONLY LOADS THE .ELF VERSION OF THE HOMBEBREW LAUNCHER which as of right now is v1.4 so make sure to keep that on your sd card or you will just get error -5 when starting your haxchi channel. Once you are in the homebrew launcher it is also perfectly compatible with loading .rpx files, you just cant use haxchi itself to load .rpx files.
    Credits
    smea, plutoo, yellows8, naehrwert, derrek, FIX94 and dimok
    by FIX94.

    2 descargas

  7. Homebrew App Store

    Description
    Homebrew App Store allows you to download homebrew apps for HBL directly in the app. Installed apps can also be reinstalled, updated, or deleted. It is an attempt at a poor man's Cydia for Wii U!
    Apps featured within HBAS are made by other homebrew developers. If anyone takes an issue with their work being distributed in this manner, contact the respective repository owner.
    Although "store" is in the name, the apps within are all free-- If a specific homebrew developer wants to charge for their app, they would have to do so outside of HBAS. The name just refers to the concept of an App Store.
    Requirements
    - Internet connection - SD card - A way to run HBL (see stickies) How to Use Unzip the "appstore" folder from the zip at the above download link. This is the bundled HBAS app. Place this folder inside the /apps/wiiu/ folder on your SD card. After this, run HBL and select it from the menu.
    Once the app launches, press A or touch the screen to dismiss the splash screen. You can scroll with either stick, the D-pad or the touch screen. To download an app, touch its icon and choose "GET".
    Guide:
    LOCAL - An app that is only on your SD card INSTALLED - An app on your SD card and the server UPDATE - An app on your SD card and the server, with a different version number GET - An app only on the server Changelog
    It's been a while, but here's the second release of the HBAS!
    In particular, the 1.5 release seeks to address major crashing/freezing issues as well as a way to help sift through the growing number of apps on the store.
    There are a lot of much needed changes in this build:
    Icons are cached and no longer load asynchronously (#20 and #6) Categories added based on web frontend (#13) App loading restructured, more Stabiity™ (#14) "Random" button added to help discover new apps App re-themed to mimic the new wiiubru.com Elf is 35% smaller Minor text fixes

    10 descargas

  8. JsTypeHax

    It loads WiiU Homebrew Launcher, I successfully haxchied a 5.5.2 ;)
    Currently in beta test, you can follow this guide to use it:
    Prepare the needed files
    Prepare your FAT32 SD card with Homebrew launcher, and preferably Haxchi installer to get a persistent and more stable entry point for homebrew.Extract the homebrew launcher 1.4 on your SD card. 
    sd:/wiiu/apps/homebrew_launcher/homebrew_launcher.elf
    If you plan to install Haxchi, be sure you already have a compatible NDS game installed on NAND. Prepare any other homebrew you want to use, for example Homebrew App Store. Find a web host or create your own
    Visit a website hosting it, like http://dlae.life/, http://wiiu.insanenutter.com, http://www.wiiubru.com/x or http://u.drg.li/ or host the sources on your computer. If it's on your computer, you need python installed, and launch "startServer.bat" on windows, or use any other webserver you want. Run the browser hack on WiiU
    Clear your browser's data, launch the browser again. Open the server's URL in your browser, or your computer's IP if you are hosting it yourself. select Exploit If it freezes, shutdown and try this step again. It can be quick if you are lucky, or taking hours of retries... If it works, use that opportunity to install haxchi, it will be more stable. Note: As it is still in beta test phase, http://u.drg.li/ is hosting different versions of that exploit. You should prefer it over other currently available web hosts, and select exploits from delta 0 to 4 until one works (2 seems to be the one is working the most).
    If your screen goes grey-white but your console freezes, that's the correct delta, so keep trying that exploit number.
    by JmpCallPoo.

    0 descargas

  9. JWUDTool

    Here is just a simple program that uses the Jnuslib. The usage should be pretty self explaining.
    STILL EXPERIMENTAL. Bugs may occur, please report them!
    Features
    Compressing .wud and splitted wud files into .wux Decompressing a .wux back to .wud Extracting from the GI or GM partition Extracting .app/-h3/.tmd/.cert/.tik files from a .wud/.wux or splitted .wud Extracting just the contents/hashes/ticket. Decrypting the full game partition from a .wud/.wux or splitted .wud Decrypting specific files the game partition from a .wud/.wux or splitted .wud Verify a image / Compare two images (for example a .wud with .wux to make sure its legit) Usage
    Optional:
    Copy the common.key into the folder next to the .jar or provide the key via the command line Copy the game.key into the folder next to the wud image or provide the key via the command line usage: -commonkey <WiiU common key> Optional. HexString. Will be used if no "common.key" in the folder of this .jar is found -dev Required when using discs without a titlekey. -compress Compresses the input to a .wux file. -decompress Decompresses the input to a .wud file. -decrypt Decrypts full the game partition of the given wud. -decryptFile <regular expression> Decrypts files of the game partition that match the regular expression of the given wud. -extract <all|content|ticket|hashes> Extracts files from the game partition of the given wud (Arguments optional) -help shows this text -in <input file> Input file. Can be a .wux, .wud or a game_part1.wud -noVerify Disables verification after (de)compressing -out <output path> The path where the result will be saved -overwrite Optional. Overwrites existing files -titlekey <WUD title key> Optional. HexString. Will be used if no "game.key" in the folder of the wud image is found -verify <wudimage1|wudimage2> Compares two WUD images to find differences Examples
    Getting .app files from an Wii U Image:
    Extract .app etc. from a WUD:
    Get .app files from "game.wud" to the folder "extracted" with game.key in the same folder
    java -jar JWUDTool.jar -in "game.wud" -out "extracted" -extract all Extract .app etc. from a WUX (compressed WUD):
    Get .app files from "game.wux" to the folder "extracted" with game.key in the same folder
    java -jar JWUDTool.jar -in "game.wux" -out "extracted" -extract all Extract .app etc. from a splitted WUD (dump with wudump):
    Get .app files from "game_part1.wud" to the folder "extracted" with game.key in the same folder
    java -jar JWUDTool.jar -in "game_part1.wud" -out "extracted" -extract all Compressing into .wux examples:
    Compress a .wud to .wux:[/B]
    Compress a "game.wud" to "game.wux"
    java -jar JWUDTool.jar -in "game.wud" -compress Compress a splitted game_part1.wud to .wux:
    Compress a "game_part1.wud" from a wudump dump to "game.wux"
    java -jar JWUDTool.jar -in "game_part1.wud" -compress Decryption game files examples:
    Decrypt a WUD image to game files
    Input can be a .wud, game_part1.wud or a .wux. This decrypted the full game partition. Given a game.key and common.key in the same folder.
    java -jar JWUDTool.jar -in "game.wud" -decrypt //WUD java -jar JWUDTool.jar -in "game.wux" -decrypt //WUX java -jar JWUDTool.jar -in "game_part1.wud" -decrypt //game_part1 Decrypt a single file from an WUD
    Input can be a .wud, game_part1.wud or a .wux. This decrypted the full game partition. Given a game.key and common.key in the same folder.
    Extracting the code/app.xml file.
    java -jar JWUDTool.jar -in "game.wud" -decryptFile /code/app.xml java -jar JWUDTool.jar -in "game.wux" -decryptFile /code/app.xml java -jar JWUDTool.jar -in "game_part1.wud" -decryptFile /code/app.xml Extracting all .bfstm files.
    java -jar JWUDTool.jar -in "game.wud" -decryptFile /.*.bfstm java -jar JWUDTool.jar -in "game.wux" -decryptFile /.*.bfstm java -jar JWUDTool.jar -in "game_part1.wud" -decryptFile /.*.bfstm Extracting the folder /content/Sound
    java -jar JWUDTool.jar -in "game.wud" -decryptFile /content/Sound/.* java -jar JWUDTool.jar -in "game.wux" -decryptFile /content/Sound/.* java -jar JWUDTool.jar -in "game_part1.wud" -decryptFile /content/Sound/.* Compiling
    clean assembly:single package
    Credits
    Maschell
    Thanks to:
    Crediar for CDecrypt
    All people who have contributed to vgmtoolbox
    Exzap for the .wux file format
    FIX94 for wudump
    The creators of lombok.

    10 descargas

  10. Loadiine

    RPX/RPL and File Replacement Tool.
    - 1......Requirements 
    - 2......How to Use 
    - 3......Preparing the SD Card 
    /******************************************************************************/
    /*                              Requirements                                  */
    /******************************************************************************/
    Wii U FW 5.3.2 SD(HC) Card Super Smash Bros for Wii U (Disc or EShop version) - optional but may be needed for some games
    /******************************************************************************/
    /*                               How to Use                                   */
    /******************************************************************************/
    - 1. Setup your SD Card (see below)
    - 2. In the Internet Browser, launch the included kernel exploit (www/kexploit)
    (You need a modified kernel exploit that sets 0xA0000000 virtual memory range to 0x10000000 physical memory address)
    - 3. Relaunch the Internet Browser
    - 4. Insert your SD Card into the Wii U, if it's not already done.
    - 5. Launch loadiine (www/loadiine)
        - Press A to install loadiine
       or
        - Press X to install loadiine with server enabled (use it for debug purpose, the server must be running before pressing X).
    - 6. The loadiine menu should open. Now, Select your App/Game using the D-Pad.
        - Press A to use Smash Bros mode and launch directly the disk
            - Note : auto-launch does not work for everyone, launch manually Smash Bros instead
            - Note : if you are using Smash Bros EShop version, press Y instead, it returns to Home Menu, then launch Smash Bros.
       or
        - Press X to use Mii Maker mode (Smash Bros disk is not needed)
            - The game should start
    - 7. Enjoy
    - Note: When exiting the Game/Application, you must relaunch the Mii Maker and select the game again.
            If you don't, launching Super Smash Bros will result in a crash.

    /******************************************************************************/
    /* Preparing the SD Card / How to add a Game or Application                   */
    /******************************************************************************/
    Note: You may add multiple Games/Applications, but ALL STEPS are REQUIRED
    -------------------------------------------------------------------------------
    Setting Up RPX/RPL and Data Files
    1. Create a folder named "wiiu" in the root of the SD Card.
        - ex : SDCARD/wiiu
    2. In "wiiu", create another folder named "games"
        - ex : SDCARD/wiiu/games
    3. In "games", create a new folder with the name of your app
        - ex : SDCARD/wiiu/games/MyApplication/
    4. Copy the "code" folder of your app/game inside your application folder (with rpx, rpl and xml files)
        - ex : SDCARD/wiiu/games/MyApplicatin/code/my_application.rpx
        - ex : SDCARD/wiiu/games/MyApplicatin/code/my_application_library.rpl
        - ex : SDCARD/wiiu/games/MyApplicatin/code/app.xml
        - ex : SDCARD/wiiu/games/MyApplicatin/code/cos.xml
        - note : if you don't have the xml files, loadiine will try to use default values instead
    5. Copy the "content" folder of your app/game inside your application folder
        - ex : SDCARD/wiiu/games/MyApplication/content/...
        - ex : H:/MyApplication/vol/content/data.bin -> SDCARD/wiiu/games/MyApplication/content/data.bin
        - ex : H:/MyApplication/vol/content/datab/datab.bin -> SDCARD/wiiu/games/MyApplication/content/datab/datab.bin
    Note : Do not rename RPX and RPL files
    -------------------------------------------------------------------------------
    Summary
    Your file structure should look like this if the above information was used :
    - SDCARD/wiiu/games/MyApplication/code/my_application.rpx
    - SDCARD/wiiu/games/MyApplication/code/*.rpl [only if application contains .rpl files]
    - SDCARD/wiiu/games/MyApplication/code/app.xml
    - SDCARD/wiiu/games/MyApplication/code/cos.xml
    - SDCARD/wiiu/games/MyApplication/content/[content files/folders]

    /******************************************************************************/
    /* Limitations :                                                              */
    /******************************************************************************/
    - The total size of each RPX and RPL files must be less than 65.7 MB (tested up to 47.3 MB)
    - Don't go in the wiiu settings it breaks everything

    /******************************************************************************/
    /* Notes :                                                                    */
    /******************************************************************************/
    - If you have problems with saves, try delete your Smash Bros saves.

    /******************************************************************************/
    /* Special thanks :                                                           */
    /******************************************************************************/
    - To everyone involved in libwiiu and webkit/kernel exploit !
    - To the testers !

    Feel free to modify and improve this software.
    Golden45.
    Dimok.
     

    14 descargas

  11. Loadiine GX2

    Loadiine is a WiiU homebrew. It launches WiiU game backups from SD card. Its Graphical User Interface is based on the WiiU GX2 graphics engine.
    Credits
    Dimok Cyan Maschell n1ghty dibas The anonymous graphics dude (he knows who is ment) and several more contributers

    51 descargas

  12. Mario Kart 8 Exploit

    A implementation of the Mario Kart 8 exploit which allows abritrary Userland code execution and read/write with kernel permissions.
    Preparation
    Before using the ROP-chain, some files need to be generated, you can do it with make.
    The makefile expects some binaries/files.
    Download RPX Gadget Finder (requires Java 11(!)) tmp/550/coreinit.rpl from 00050010-1000400A OSv10 v15702 tmp/550/gx2.rpl from 00050010-1000400A OSv10 v15702 tmp/Turbo.rpx the binary of the Mario Kart 8 version you want to exploit (only tested with EUR v64) When you have all needed files, you can use make.
    On success, you can now find the following files:
    ropgadget_addr.py The default ropgadget_addr.py can be used with the EUR V64 of Mario Kart on EUR 5.5.x consoles.
    Usage
    Download Nintendo Clients. Checkout commit d044b3f9717e096862517b060c2370627a4bcf56 or rewrite exploit.py to be compatible with the latest commit. Fill in the required information, like your device id and serial number in the config.py. Make sure have a valid ropgadget_addr.py with the needed gadgets addresses. Create a friend room in Mario Kart 8 and run do_memory_mapping.py. If everything went right, the game should restart. Create an other friend room in Mario Kart 8 and run run_codebin_loader_ropchain.py. If everything went right, the given payload should be executed. Technical details
    The exploit itself allows to abritrary 4 byte writes which is enough to get a (size limited) rop chain execution by carefully overriding a vtable. This allows us to remotely execute rop chain < ~1000 bytes. 1000 bytes are enough to create a new thread on the main core and implement a small TCP client which receives a bigger payload that will be copied into memory. With the help of a stack pivot this new (and bigger) rop chain can be executed. From now on it's possible execute a bigger rop chain (as long as it fits in one TCP packet) which can be used to:
    Perform a kernel exploit to get read/write with kernel priviliges Which is enough to restart the game with a different memory mapping, which allows modifcations of executable memory, effectively bypasing the NX-Bit. After the restart the exploit will be executed again with a different payload which copies a code.bin into memory and executes it. => This leads to: userland code execution with a usable kernel memcpy syscall (0x25) (for copying data with kernel priviliges). Credits
    Maschell: Ideas, testing, rop chain implementation, adding serveral rop gadgets, implementing all other rop chains NexoCube: Ideas, testing, rop chain implementation and creating the rop chain to load bigger one via TCP Kinnay: Discovery and initial implementation of the exploit

    0 descargas

  13. Mario Kart 8 Exploit Payload

    This is an example payload for the Mario Kart 8 Exploit. It simply copies a given statically linked payload (main_hook/main_hook.elf) into memory and executes it.
    Usage
    This payload meant to be used with Mario Kart 8 Exploit, a exploit for the Wii U (tested with latest european version of the game, v64 on EU Wii U with 5.5.4). Copy the created code.bin into the Mario Kart 8 Exploit folder and run the exploit according to the readm. Read the README of the repository for more information.
    The game will switch to Mii Maker and run your main_hook.elf. From now your payload will be loaded every time you switch to another application.
    Overwrite the address 0x0101c56c (our main entry hook) with 0x4E800421 (= bctrl) to override this behaviour. Note This address is not writeable from user/kernel, you need to either set up a DBAT or disable memory translation temporarily. Then disabling the memory translation, make sure to use physical addresses, OSEffectiveToPhysical might help there.
    Building
    Place the a project with Makefile into a subfolder /main_hook that creates a main_hook.elf. Using a .elf directly requires changes on the Makefile. This repository provides a generic .elf as submodule, see it's README for detailed information and usage.
    Clone via git init --recursive URL.
    In order to be able to compile this, you need to have installed devkitPPC with the following pacman packages installed.
    pacman -Syu devkitPPC Make sure the following environment variables are set:
    DEVKITPRO=/opt/devkitpro DEVKITPPC=/opt/devkitpro/devkitPPC
    The command make should produce a code.bin, meant to be used with Mario Kart 8 Exploit.
    Technical details
    This payload expects:
    To be run inside the Mii Maker The Syscall 0x25 to be a memcpy with kernel privileges This payload does:
    A small function to modify IBAT0 is copied to kernel space and registers as syscall 0x09 The declaration of this function is extern void SC_0x09_SETIBAT0(uint32_t upper, uint32_t lower);. Copies the embedded main_hook.elf to the address where it's statically linked to. Currently these sections are supported. .text, .rodata, .data and .bss. In theory this could be placed anywhere, but keep in mind that the memory area may be cleared (like the codegen area, or the whole heap), and needs to be executable in user mode (even after switching the application). Due to size limits it need to be somewhere between 0x011DD000...0x011DE200 or in a completly different region (0x011DE200...0x011E0000 is used by this payload) Afterwards the main entry hook is set up to jump to this position on every application switch. You also may have to modify this if the jump turns out to be too big. The entrypoint of themain_hook.elf will be called directly as we are already in Mii Maker. What this payload offers to the loaded .elf
     
    The loaded main_hook.elf can expect:
    To be called everytime the application switches. (Mii Maker has sd access!) Syscall 0x09 to be available. Declaration: extern void SC_0x09_SETIBAT0(uint32_t upper, uint32_t lower); , call via asm. This function can be used to set IBAT0 to allow the kernel to execute new created syscall (the kernel has for example no access to 0x011DD000...0x011E0000). Syscall 0x34 (kern_read) and 0x35 (kern_write) to be available. Use the following functions to use them: /* Read a 32-bit word with kernel permissions */ uint32_t __attribute__ ((noinline)) kern_read(const void *addr) {     uint32_t result;     asm volatile (         "li 3,1\n"         "li 4,0\n"         "li 5,0\n"         "li 6,0\n"         "li 7,0\n"         "lis 8,1\n"         "mr 9,%1\n"         "li 0,0x3400\n"         "mr %0,1\n"         "sc\n"         "nop\n"         "mr 1,%0\n"         "mr %0,3\n"         :    "=r"(result)         :    "b"(addr)         :    "memory", "ctr", "lr", "0", "3", "4", "5", "6", "7", "8", "9", "10",         "11", "12"     );     return result; } /* Write a 32-bit word with kernel permissions */ void __attribute__ ((noinline)) kern_write(void *addr, uint32_t value) {     asm volatile (         "li 3,1\n"         "li 4,0\n"         "mr 5,%1\n"         "li 6,0\n"         "li 7,0\n"         "lis 8,1\n"         "mr 9,%0\n"         "mr %1,1\n"         "li 0,0x3500\n"         "sc\n"         "nop\n"         "mr 1,%1\n"         :         :    "r"(addr), "r"(value)         :    "memory", "ctr", "lr", "0", "3", "4", "5", "6", "7", "8", "9", "10",         "11", "12"     ); }
    Credits
    orboditilt: Putting everything together. dimok789: This is based on the Wii U Homebrew Launcher. by wiiu-env.

    0 descargas

  14. Mario Kart 8 primary userland exploit for the WiiU

    Actual implementation (base ROP chain to ACE) of the exploit Kinnay found in the WiiU version of Mario Kart 8. Running this will boot the homebrew launcher.
    Requirements
    A WiiU Two NNIDs logged into your WiiU A computer logged on the same network than the console README, for real
    The exploit may not work on the first try (~85% success rate) Do not run any homebrew using memory before launching MK8 (like TCPGecko, Cafiine or Diibugger) How to use
    Edit exploit.py and fill in your Nintendo Network IDs + console informations Edit main_exploit.py and edit the local computer IP Run make to build the payload0 binary (you need devkitPro + devkitPPC) Go on your WiiU, log on the victim NNID Open MK8, go online and host a private match, stay in the "earth menu", make sure you're alone in the room Start stage0.py and press ENTER (leave it in the background), then start main_exploit.py and press ENTER Wait for the game to reboot and rehost a private match, stay in the "earth menu", make sure you're alone in the room Start stage1.py and press ENTER (leave it in the background), then start main_exploit.py and press ENTER It should open the HOME Menu, return to the WiiU Menu, and tadaa, magic, you're on the HBL Credits
    Kinnay for the Nintendo Clients library that allows use to communicate with NEX game servers and its protocols. Maschell for working with me on this exploit (and being as addicted as i was doing this), there was a lot of co-operation Rambo6Glaz / NexoCube / TheBrick for working on this, and all the chains here. wiiu-env for the payload_loader that's inside payload0/main_hook.h by NexoDevelopment.

    0 descargas

  15. Nintendont

    A Wii Homebrew Project to play GC Games on Wii and vWii on Wii U
    Features:
    Works on Wii and Wii U (in vWii mode) Full-speed loading from a USB device or an SD card. Loads 1:1 and shrunken .GCM/.ISO disc images. Loads games as extracted files (FST format) Loads CISO-format disc images. (uLoader CISO format) Memory card emulation Play audio via disc audio streaming Bluetooth controller support (Classic Controller (Pro), Wii U Pro Controller) HID controller support via USB Custom button layout when using HID controllers Cheat code support Changeable configuration of various settings Reset/Power off via button combo (R + Z + Start) (R + Z + B + D-Pad Down) Advanced video mode patching, force progressive and force 16:9 widescreen Auto boot from loader Disc switching Use the official Nintendo GameCube controller adapter Features: (Wii only)
    Play retail discs Play backups from writable DVD media (Old Wii only) Use real memory cards GBA-Link cable WiiRd Allow use of the Nintendo GameCube Microphone What Nintendont doesn't do yet:
    BBA/Modem support What Nintendont will never support:
    Game Boy Player Quick Installation:
    Get the loader.dol, rename it to boot.dol and put it in /apps/Nintendont/ along with the files meta.xml and icon.png. Copy your GameCube games to the /games/ directory. Subdirectories are optional for 1-disc games in ISO/GCM and CISO format. For 2-disc games, you should create a subdirectory /games/MYGAME/ (where MYGAME can be anything), then name disc 1 as "game.iso" and disc 2 as "disc2.iso". For extracted FST, the FST must be located in a subdirectory, e.g. /games/FSTgame/sys/boot.bin . Connect your storage device to your Wii or Wii U and start The Homebrew Channel. Select Nintendont. Notes
    The Wii and Wii U SD card slot is known to be slow. If you're using an SD card and are having performance issues, consider either using a USB SD reader or a USB hard drive. USB flash drives are known to be problematic. Nintendont runs best with storage devices formatted with 32 KB clusters. (Use either FAT32 or exFAT.)

    60 descargas

  16. NKit

    NKit is a Nintendo ToolKit that can Recover and Preserve Wii and GameCube disc images
    Recovery is the ability to rebuild source images to match the known good images verified by Redump
    Preserve is the ability to shrink any image and convert it back to the source iso
    NKit can convert to ISO and NKit format. The NKit format is designed to shrink an image to it's smallest while ensuring it can be restored back to the original source data. NKit images are also playable by Dolphin
    by nanook.

    0 descargas

  17. Payload Loader

    This is a generic payload loader for the Wii U to load arbitrary from the SD Card.
    Currently it's hardcoded to loads a .elf file from sd:/wiiu/payload.elf.
    Preconditions
    This loader expects:
    to be able to run at 0x011DD000 (and copied to this place and then executed). to be running inside Mii Maker (for the SD card access), the common kern_write (0x35) and kern_read (0x34) syscalls installed (hooks on 0x0xFFF02234 (write) / 0x0xFFF02214 (read) on FW 5.5.0+) the 0x09 syscall installed which is expected to be a function manipulate IBAT0 (extern void SC_0x09_SETIBAT0(uint32_t upper, uint32_t lower);) Running in any other application with sd access may also work, the IBAT0 setup may be to be adjusted though (set back to orignal values at the end)
    Usage
    A common usage for this would be to exploit an application, do a kernel exploit to be able to have kernel read/write, somehow copy the sections of the payload loader .elf file to the expected destination in memory fulfill the mentioned preconditions.
    After that, simply put the .elf to be loaded in sd:/wiiu/payload.elf
    The loaded .elf needs to be statically linked somewhere between 0x00800000 and 0x0‭1000000‬. This whole area is has rwx for both, user and supervisor (kernel) mode and can be used.
    This mapping only lasts for this exeuction! As soon as you leave the running application (in this case the Mii Maker), the mapping will be reset and you will loose access to the 0x00800000 region.
    Compiling
    In order to be able to compile this, you need to have installed devkitPPC with the following pacman packages installed.
    pacman -Syu devkitPPC
    Make sure the following environment variables are set:
    DEVKITPRO=/opt/devkitpro DEVKITPPC=/opt/devkitpro/devkitPPC Technical details
    This payload loader is supposed to loaded somewhere between 01000000..01800000 (virtual address), 0x011DD000...0x011E0000 should be free to use. The 0x09 syscall is used to set IBAT0 to map 01000000..01800000 (virtual address) to 32000000..32800000 (physical address) with r/w for user and kernel. This includes the region where payload loader is, and allows us to register and execute kernel syscall. This setting is meant to match the orignal IBAT0 values (at least in Mii Maker), but with r/w for the kernel. Resetting is not needed when using the Mii Maker, but may be needed to be adjusted. Afterwards it's possible to register an own syscall (we use 0x36 as it's unused) to setup IBAT4 and DBAT5 to make 00800000..01000000 (virtual address) to 30800000..31000000 (physical address) with r/w for user and supervisor. This allows full user/kernel access to this region, for data and code. The mapping is done for all 3 cores. Credits
    orboditilt dimok789: Most parts (especially sd loading, elf copying) are based on the homebrew launcher sd loader. by wiiu-env.

    0 descargas

  18. Pimp my Wii

    Here is "Pimp My Wii", an homebrew that will Hack your Wii, install missing or outdated IOS / titles, install the cIOS and mIOS necessary.
    The program will detect missing or outdated IOS and check that you have the latest version of the Wii System Menu. It also checks if you have the latest versions of BC, MIOS and those channels : Wii Shop, News, Weather, Mii, Photo and Photo 1.1
    If you don't have the latest versions of those titles, the program will download them, or read them from USB or SD to install them. When using this program, you will have all advantages from 4.1 cumulated from those of 3.2, and this without drawbacks !
    It also install cIOS d2x (based on Waninkoko) (249, 250) v10 and 10 alt and cIOS from Hermes 202/222/223/224 rev5.1. You can if you want install the cIOS from
    Waninkoko rev20/21 or d2x v6, 7, 8 or 9beta (you'll have to install it manually from the menu "Install cIOS").
    Pimp install the cMIOS from WiiGator.
    Pimp will avert you if some homebrews aren't updated. Pimp check the version of the following homebrew (the dirnames must match, and are not case sensible) :
    -> Neogamma, in version R9 beta 50 minimum. Dirname : neogamma -> Usb Loader gx, in version 2.2 minimum. Dirname : usbloader_gx -> Uloader, in version 5.1 minimum. Dirname : uloader -> Wiiflow, in version 2.2 (or r302) minimum. Dirname : wiiflow -> Configurable usb loader, in version 70 minimum. Dirname : usbloader or usbloader_cfg Pimp does not update those homebrews itself. No verification will be made on channels, only on the files installed on the SD card in the directory /apps/.
    The homebrew is displayed automatically in english, french, italian, german or spanish depending of your Wii's language. It is also compatible with NTSC-U, NTSC-J and PAL Wii consoles. (Korean Wii theoricaly compatible).
    Warning: I do not take any responsibility for any damage in your wii because of a improper usage of this software.
    Menu:
    - Pass the test and fix problems
    Check if everything is alright on the Wii, and install what need to be installed, after asking user.
    - Pass the test
    Only check if everything is alright on the Wii, without installing anything.
    - Manual installation
    Will propose to install every IOS and titles possible.. By default, the installation will be on "no".
    - Hack te Wii/Minimal installation
    Pass the test and only install the minimal requirement to hack your Wii. It patch IOS 36.
    Also install the cIOSes 249, 250, 202, 222, 223, 224 from d2x and Hermes and the cMIOS.
    - Install cIOS
    Install a cIOS of your choice between cIOS from Hermes, Waninkoko and Waninkoko d2x. You can choose the IOS source of your choice, the destination slot and the revision.
    For Waninkoko's/d2x cIOS, you can choose this IOS source: IOS36 v3607 IOS37 v5662 IOS38 v4123 IOS53 v5662 IOS55 v5662 IOS56 v5661 IOS57 v5918 IOS58 v6175 IOS60 v6174 IOS61 v5661 IOS70 v6687 IOS80 v6943 (IOS 58 only for revision above 20).
    For Hermes cIOS, you have the choice between IOS60 v6174, IOS38 v3867, IOS37 v3869 and IOS57 v5661.
    Button "minus", "safe mode". In this mode, the IOS test is disabled, you will be asked instead to choose an IOS to use for the installation. You must know that in this mode, you will not know if your installed IOS have the differents bugs, and then the program will not know if they need to be patched.
    Note: Pimp my Wii is compatible with the WiiU Wii emulator, but some options are disabled. Moreover, you absolutely need to place the wad files on your SD/USB device because the IOS for the WiiU can't be downloaded directly.
    ----------------------------------------------------
    --------Correction of encountered problems----------
    ----------------------------------------------------
    Here is a lit of common problems that you could have on your Wii (even on latest version) and the solutions that "Pimp My Wii" will do.
    - Black screen at loading of dvd games :
    Missing IOS -> Install those IOS (patching them)
    - The Wii asks for an upgrade when inserting games :
    Old IOS -> Update those IOS (patching them).
    - A modified game (trucha signed) can't load on the disc channel with my modchip :
    The IOS used by game has the trucha bug corrected -> Install a new IOS and patch the bug inside.
    The IOS used by system menu has the trucha bug corrected -> Install a new IOS and patch the bug inside.
    - The preloader and other homebrew does not work :
    The IOS36 has the ES_Identify patched -> Install a new IOS 36 and patch the bug.
    - I got reading problems with my backup launcher :
    Old cIOS installed (older than rev20) -> Ask user to update this.
    - No SD menu, no latest functionnality :
    Old version of Wii (system menu, by example 3.2) -> Upgrade to 4.1 (but patching everything) for more compatibility, functionnality.
    - The Wii Shop ask me to update :
    Old version of Wii Shop (older than v20) -> Upgrade to this version (and install IOS 56 associated).
    - I don't have any IOS that has the trucha bug (if you have a virgin Wii) :
    The homebrew put the trucha bug back in IOS15.
    - I can't install the Hackmii Install, because I have some kind of cIOSCorp :
    You need a unmodified IOS 58 -> Install this IOS.
    !!!!!!!!!Leave the parameters by default if you don't know what you do ! A bad choice of "hacks" could leave your system unstable!!!!!!!!!!!!

    ----------------------------------------------------
    -----------------Questions / answers----------------
    ----------------------------------------------------
    - Does it works without internet ? / I got errors during download, what can i do ?
    It works without internet, you just need to put necessary wad files to the root of the SD card, or of a USB device in FAT32.
    Follow this (french) tutoriel to get those files : http://www.wii-info.fr/article-53-comment-recuperer-un-ios-mios-chaine.htm
    The necessary IOS are those, in their specific versions :
    9 v1034, 12 v526, 13 v1032, 14 v1032, 15 v1032, 17 v1032, 21 v1039, 22 v1294, 28 v1807, 30 v2576, 31 v3608, 33 v3608, 34 v3608, 35 v3608, 36 v3608, 37 v5663, 38 v4124, 50 v4889, 53 v5663, 55 v5663, 56 v5662, 57 v5919, 58 v6175, 60 v6174, 61 v5661, 70 v6687 and 80 v6944.
    And thoses "stub" IOSes, within their specific versions : IOS4v65280, IOS10v768, IOS11v10, IOS16v512, IOS20v12, IOS41v3607, IOS43v3607, IOS45v3607, IOS46v3607, IOS48v4124, IOS51v4633 and IOS254v260.
    IOs must be named this way : IOSX-64-vY.wad, where X and Y are respectively the version and revision number.
    To update the System Menu, you need the file RVL-WiiSystemmenu-vX.wad, where X is 448 for 4.1J, 449 for 4.1U, 450 for 4.1E and 454 for 4.1K.
    For Wii Shop, you need RVL-Shopping-v20.wad
    For bc, RVL-bc-v6.wad
    For MIOS, RVL-mios-v10.wad
    For other channels, XY-NUS-vZ.wad, where X is the "type", Y the number and Z the version. By example for Mii Channel it's 1000248414341-NUS-v6.wad (or RVL-NigaoeNR-v6.wad).
    For the cIOS installation:
    - cIOS 249 : IOS 56 rev 5661
    - cIOS 250 : IOS 57 rev 5918
    - cIOS 202 : IOS 60 rev 6174
    - cIOS 222 : IOS 38 rev 3867
    - cIOS 223 : IOS 37 rev 3869
    - cIOS 224 : IOS 57 rev 5661
    - I got the preloader, will it work ?
    If you are not in 4.1 and if you accept the installation of this system menu, you will need to reinstall the preloader and the specifics hacks to this version. Follow this (french) tutoriel to install and configure preloader : http://www.wii-info.fr/article-52-installer-et-configurer-le-preloader.htm
    - I have the preloader and i got "system files are corrupted", what can I do ?
    If you have the preloader, you must patch "ES_Identify" on the IOS used by this. For Wii 4.x, it's IOS60, else it's IOS 30. Leave the parameters by default if you don't know what you do.
    - I have a custom theme, will it stay ?
    If you change your Wii version, you will lose all themes and you will need to reinstall a compatible theme with the version of System Menu you have.
    - I have cIOSCorp or equivalent installed (to read backup games from disc channel), what will happened ?
    If you install IOSes, it will replace those installed by cIOSCorp and you will loose the ability to launch games via disc channel without modchip. But cIOSCorp isn't recommanded, you just need a loader like Neogamma to read backups. If you reinstall cIOSCorp, you will get your old IOS back then Pimp My Wii will tell you that they are outdated
    - Should I upgrade my console to 4.1 ? I thougt I must stay to 3.2 ?
    If you use this program to put your console to 4.1, you will have exactly the same advantages as a 3.2 Wii, but you will have the improvements of 4.1. You won't have any disadvantages to put your Wii to 4.1.
    - Should I install all IOS asked ?
    It is recommanded to install IOS indicated as "not present" and IOS 30, 34, 36 and 60. You should also leave parameters by default. If you install at least those, you will avoid most of problems.
    - The other IOS, are they useless ?
    For other IOS, patching them help launching Trucha Signed gamed on Wii with a modchip.
    - I got a message saying that my Custom IOS is outdated, what can I do ?
    Follow this (french) tutoriel to upgrade your cIOS : http://www.wii-info.fr/article-40-installer-ou-desinstaller-un-custom-ios.htm

    24 descargas

  19. RetroArch for WiiU

    RetroArch is a frontend for emulators, game engines and media players.
    It enables you to run classic games on a wide range of computers and consoles through its slick graphical interface. Settings are also unified so configuration is done once and for all.
    RetroArch has advanced features like shaders, netplay, rewinding, next-frame response times, and more!

    1 descarga

  20. RPX Gadget Finder

    Needed for use Mario Kart 8 Exploit.
    by wiiu-env.

    0 descargas

  21. Snes9xRX

    Snes9x RX is a Super Nintendo™ / Super Famicom emulator for the Nintendo Wii and Wii U. Snes9x RX is a fork from Snes9x GX, a port of Snes9x.
    Snes9x RX is a "homebrew application" which means you will need a way to run unsigned code on your Nintendo Wii/Wii U.
    Features
    Based on Snes9x 1.52 Wiimote, Nunchuk, Wii Classic/Classic Pro, and Gamecube controller support Wii U Pro, NES and SNES Classic controller support SNES Superscope, Justifier, Mouse peripherals emulation support Cheat support Auto Load/Save Game Snapshots and SRAM Custom controller configurations SD, USB, DVD, SMB, Zip, and 7z support Autodetect PAL/NTSC, 16:9 widescreen support Original/filtered (Sharp & Soft))/Unfiltered video modes Turbo Mode - up to 2x the normal speed Zoom option to zoom in/out Open Source!

    5 descargas

  22. Ultimate Wii U Hack Script

    This is a set of batch scripts that automate many things.
    Features
    Wiivc Injector Script
    Injection of Wii games, Gamecube, Wii homebrews and Wiivc Chan Booter thanks to a modified version of Wiivc Injector Script 2.2.6. Backup, restore and reset various parameters. Create a blacklist to prevent an injection from having the same Title ID. Injectiine
    Injection of games NES, SNES, GBA, N64 and NDS thanks to a modified version of Injectiine. Backup, restore and reset various parameters. Create a blacklist to prevent an injection from having the same Title ID. Other features
    Installation of required elements while using scripts (Java 8). Set up the necessary files for the basic Wii U hack, the v-wii hack, the Haxchi installation or the CBHC installation. For more information, see this page of the documentation. Creation of a web server to host the browser exploit locally for system versions 5.5.0, 5.5.1 and 5.5.2 of the Wii U. Unbrick the V-wii part, see this page of the documentation for more information. Block or allow the console firmware update by deleting / restoring the correct folder via Wup_server, see this page for more information on the changed folder. Known bugs:
    The injection of a game via Wiivc Injector Script will crash or give a game that does not work if it is run from a medium formatted in FAT, FAT16 or FAT32. This problem can not be corrected because a temporary file is obligatorily more than 4 GB during the injection and therefore poses a problem on media formatted in FAT, FAT16 or FAT32. Using quotation marks or exclamation points in user input causes the script to crash. When a console output made by an "echo" is performed, this produces an error in the log file. The UTF-8 encoding seems to be the cause of this problem but I have not found how to solve it for now. In Wiivc Injector Script, if the Wii game is splited (except for "wbfs" files) and its path or name contains an accent or any other symbols refused by Wit, the script will not work, even with the attempted fix. errors. For now, the script for extracting the MLC dump from Wii U nand does not allow extraction to a folder in a path with spaces and is forced to manipulate files that should not not be necessary but Wfs-extract does not seem to want paths with spaces, I'm looking for a solution. Credits:
     
    There is really too much to thank for all the projects included in this script but I thank each contributor of these projects because without them this script could not even exist (some are credit in the documentation). I also thank all those who help me to test the scripts and those who suggest me new features.
    by shadow2560.

    0 descargas

  23. Universal controller driver for Nintendont

    Use your Switch Pro Controller, Xbox One Controller and more controllers wirelessly on Nintendont.
    by Missingphy.

    0 descargas

  24. USBLoaderGX

    Game backup loader for Wii and vWii
    USBLoaderGX is a GUI for Waninkoko's USB Loader, based on libwiigui.
    It allows listing and launching Wii games, Gamecube games and homebrew on Wii and WiiU vWii mode.
    Its interface, based on the official theme from Nintendo Wii, is easy to use and perfect for kids and all the family. A lot of options are available and directly editable from the loader's interface.

    1 descarga

  25. Uwizard

    Uwizard is an all-in-one Wii U PC program.
    Instructions:
    To import a system key, open the settings tab, and enter the key in the text box, or click "Import" and select a .bin or.txt file that contains the key.
    The open a WUD (Wii U disc image), open the WUD Manager tab, then click "Open Wii U Game Backup", then select your WUD file.
    Uwizard will automatically download covers from http://www.gametdb.com/WiiU/List
    You may also extract the contents of the game using Crediar's DiscU by clicking the "Extract Game Files" button.
    To do this, you must enter the disc title key. Because of legal reasons, the keys are not included with Uwizard,  but SHA-1 hashes are included for most games to help verify your keys.
    To download a title from NUS, open the NUS Downloader U tab, then either type in the 16-character title ID, or choose a title from the list. The title version is optional. You may also decrypt and extract the contents of the title using Crediar's CDecrypt by checking the "Decrypt Contents" check box.
    Use the "Add Title" button to add the currently entered title ID and version to the list. Use the "Delete Title" button to delete the selected item from the list. Use the "Clear List" button to remove all titles from the list. This includes titles that came pre-entered with Uwizard.
    To decode a BFSTM Wii U sound stream to a WAV audio file, open the BFSTM Decoder tab, then click "Convert a BFSTM to a WAV", then select the input BFSTM and the output WAV. You may also display all BFSTM and WAV files within a folder in the list on the left by clicking "Select Folder".
    In the settings tab, the "Check for Updates" button makes updating to the latest game list and Uwizard versions easy.
    ChangeLog:

      v1.1.3
        German language added.
        Spanish language added.
        Minor bug fixes.
      v1.1.2
        BFWAV decoder added.
        MP3 compiler added.
      v1.1.1
        SZS and SARC archive management added.
        BFSTM multi-select and optional channel separation added.
        Command line interface added.
        More NUS titles added to the easy-access list.
        Multiple languages added.
        Minor bug fixes.
        
      v1.1.0
        NUS Downloader U added.
        BFSTM decoder added.
        List selection of Wii U games added.
        Minor bug fixes.
        
      v1.0.1
        Option to hide keys added.
        Minor bug fixes.
      v1.0.0
        Program Creation
    Credits:
      Mr. Mysterio - Programmer of Uwizard
      Crediar - Programmer of DiscU and CDecrypt
      MasterF0x - Distributor of BFSTM Decoder
      GameTDB - Game Covers
      VinsCool, capito27, Phanteon, send0r - Translation

    188 descargas

Conéctate para seguir esto  
×