Wii U Homebrew

Kieran

CEO
Staff member
Administrator
Senior Management
Verified Modder
Joined
Jul 27, 2015
Messages
1,567
Points
98
Location
Bristol
Website
kieranmodding.com
WiiU homebrew situation

Homebrew development is still in earlier stage and no user friendly environment has been released yet.
Homebrew can still be run, but are currently using low level exploits to be launched as there's no simple Elf or rpx launching environment yet, but one could be released one day.

As no homebrew launcher is available yet, homebrew needs to be encapsulated into an available exploitable format to launch them.
You need to run the exploit every time you want to launch a new homebrew.


Wii U exploits

Types of exploits (sorted by amount of access granted)
  1. A Userspace exploit breaks the security of the specific app it's running in (in reality always the Internet browser). This exploit has to respect the permissions of app its running in, so it's limited (e.g. the internet browser can't access SD-cards or random RAM-memory, so neither can the exploit). It allows for basic homebrew games, but is mainly import for further exploitation. The userspace exploits are referred to interchangeably as "userspace," "userland" and "WebKit" exploits.
  2. The Kernel exploit or Cafe OS exploit, is a exploit that breaks out of the userland. This allows for bigger/advanced programs.
  3. The IOSU exploit breaks the final barrier (a special security chip, the IOSU). The Wii U is entirely in your hands now. A IOSU exploit typically needs the first two to build further upon, Hykem's is an exception to this as it only needs the first.

Exploit status on firmware versions

2.0.0 - 5.3.2: Userspace exploit (Webkit), unreliable kernel exploit (OSDriver), private IOSU exploits
5.4.0: Userspace exploit (MP4), unreliable kernel exploit (OSDriver), private IOSU exploits
5.5.0-5.5.1: Userspace exploit (MP4), private kernel exploit (but reliable), private IOSU exploits (Might be broken)

TL;DR
Versions that can be used for fun hacks right now: 5.3.2, 5.4.0
Versions that can be used for fun hacks by private teams now, and by you in the future: 5.5.0, 5.5.1
("Fun hacks" are TCPGecko, Cafiine, Dumpiine, ___iine, etc. Things that require both a userspace and a kernel exploit.)

Hopefully that helps some of you understand where we're at right now. I'll be around here to answer questions now and then.

Here is a maintained list of possible exploits based on WiiU version:
http://rhcafe.us.to/



Preliminary steps
Before launching homebrew, be sure to prevent the console from updating to newer firmware version.
1) Block the Nintendo Update Server (NUS). There are different methods you can use:
  • Block URL manually from your router
  • List of urls to block
    nus.c.shop.nintendowifi.net
    nus.cdn.c.shop.nintendowifi.net
    nus.cdn.shop.wii.com
    nus.cdn.wup.shop.nintendo.net
    nus.wup.shop.nintendo.net
    c.shop.nintendowifi.net
    cbvc.cdn.nintendo.net
    cbvc.nintendo.net
  • Block URLs using OpenDNS (NOT RECOMMENDED - UNEFFECTIVE)
  • Block URLs using a proxy (You needs your computer powered)
  • Block URLs using TubeHax DNS (Recommended). Set DNS manually to 107.211.140.065
2) Disable quick launch features which silently install updates while the console is in standby mode.


Compiling homebrew

Windows
1: Install prerequisites
  • Install Devkitpro and python (2 or 3)
  • Get libwiiu sources from https://github.com/wiiudev/libwiiu
    Extract to a folder.
  • Clone a project or create your new homebrew project into the libwiiu folder

2: Build your homebrew.
Browse to the makefile location in a command line window and type "make"

Injecting your homebrew into an exploitable format
Webkit exploit
The webkit exploit uses a vulnerability in the opensource Wii U-webkit.
To inject your homebrew into a browser exploit format, you need to generate a html file using libwiiu and python. Then launch it by loading the generated webpage hosted on a webserver.

To generate the html with your homebrew, open a command line in libwiiu folder and run build.py with the path to the homebrew.
Example to inject helloworld homebrew into html format:

Code:
python build.py examples/helloworld
LibStagefright exploit
The stagefright exploit uses a vulnerability in the media player using the mp4 format.
You can go here for the exploit. (more detailed instructions coming)


OSDriver kernel exploit
The kernel exploit is usually integrated into a user space exploit and run automatically after succesfully getting user space access.
To generate the kernel exploit to use with the webkit exploit, you need to compile the kernel example with libwiiu and python.
To generate the kernel exploit to use with the stagefright exploit, you need ... ?

To run homebrew requiring the kernel access, first run the kernel exploit which usually exits to home menu after succesful patching.
Then run your homebrew using one of the compatible user space exploit method (browser, stagefright, etc.).

IOS EXPLOIT
Unreleased

Launching homebrew

As there's currently no homebrew launcher application, all homebrew need to be executed from the webkit browser and thus need to be hosted on a webserver.
It can be online webserver or locally hosted webpages.

A few online sites to use existing homebrew:
Code:
Code:
http://www.wiiubru.com
http://wiiulib.arndroid.nl
http://wj44.bplaced.com
If you want to locally host some homebrew, you have to host it on your PC (the compiled html is by default in the www folder). You can do this anyway you want, but here are some examples:
  • With Python you can use the following commands to create a really simple python server:
  • Code:
    cd path/to/homebrew/
    [LIST][*]python -mSimpleHTTPServer 2343
  • On windows, you can install wamp, xampp, or even easyphp.
  • Or you can use a private Online webserver.
  • A Video from BullyWiiPlaza on how to host on windows:
    Video
[/LIST]



Existing homebrew
You can find a list of released homebrew on our wiki.
http://wiki.gbatemp.net/wiki/List_of_WiiU_homebrew



F.A.Q.

  • My WiiU is unresponsive when I run a hello world example, what's wrong?
    This is normal: the hello wold program calls OSFatal()
  • Some/all of the examples don't work, why?
    Type in the link manually and make sure cookies are cleared and you only have one tab open. If it still doesn't work, report on this thread. Take note that the kernel exploit is unstable, so it could need a couple of tries.
  • Is my warranty void if I use this?
    No, it isn't.
  • I'm on [insert version], when will the [insert exploit type] ever support this firmware?
    soon™, check the list in this post.
  • When will we get IOSU acces?
    soon™, hykem/plutoo is working on it, stop complaining to them please
  • Is there a firmware spoofer?
    Yes, Crediar has one that works on 5.3.2 and 5.4.0
 
Top