EurAsiayour console hacking resource
Select topic
  Create an account Home  ·  Your Account  ·  Online Shop  ·  Forums  ·  Downloads new  ·  Wiki  
Main Menu
· Home
· About Us
· Downloads
· FAQ
· Forums
· Info Pages
· Members List
· Online Shop
· PDA - AvantGo
· Private Messages
· Search Stories
· Statistics
· Stories Archive
· Submit Story
· Top 10
· Topics
· Upload
· WAP
· Web Links
· Wiki
· Your Account

Online Shop
Credit Card

Bitcoin

Namecoin

EurAsia Online Shop
enter

new products
· Mars Pro GM-816HD
· EurAsia File Collection 2017
· Matrix Infinity 2.0
· Sky3DS Plus
· Modbo 5.0
· Screwdriver GC/SNES
· X360ACE V3
· E3 NOR Flasher
· TX J-R Programmer v2
· Corona Postfix Adapter V2
· SuperCIC SNES kit
· SuperCIC cart key
· Gateway 3DS
· X360ACE V1
· Wasp Fusion
· 3k3y 3KR (SATA)
· Mtx Glitcher v1
· Xk3y Reloaded (XKR)
· 3k3y Ripper v2
· Corona Postfix Adapter

complete price list

Tor Hidden Service
Tor Project
EurAsia Onion URL: wrqgfbrcgttkp6pi.onion

Who's Online
There are currently 288 guest(s) and 13 member(s) online.

gross7 - jbs - LordX - Lurch666 - masim - multimod - mushy408 - NEOSD - patte - pirataria - razor1003 - samox360 - seem360

Welcome honored guest. You can register for free by clicking here.

Site Protection
INFOSEC
BM

Hot Wikis
PS4 firmware updates
3k3y nokeys ISO tutorial
3DS game fw updates
3k3y microSD recovery
PS3 SKU Models
PS3 Metldrpwn
Xk3y microSD recovery
Xbox360 motherboards
Xbox360 Reset Glitch Hack
PS3 Blu-ray Drive
Homemade Sputnik360
PS3 BD drive swap
PSP Crypto Keys
PS3_Crypto_Keys
PS3 Hypervisor RE
PS3 Dongle User Guide
PSGroove tutorial
Xecuter LT Fakir
PS3 YLOD Fix
NSMB Modchip Tutorial
PS3 Glitch Hack
Xbox360NoDvdRom
Ps3FactoryRestore
Free60JtagHack
Ps3HddDecrypt
WiiKey2EjectFix
SaveMiiFree
WiiHwDiagram
Ps3OsRels
PandoraNoHomebrewPsp
GcOsMultiGameWiiHowTo
Xbox360LinuxBurn
Xbox360EraserFix
Xbox360Kernel
Xbox360DisasmXtreme
Ps2HdlPatchTutorial
Ps2VersionTable
XboxErrorCodes
XboxVersionTable
GameCubeLaserTweak
ModchipSolderingGuide
PspUmdIsoHaxorLinux

RSS Feed
News & Downloads & Wiki

IRC
#eur
EFnet

Hosted By

Ad

Respected Sites
Home of the Hitmen
radare
gc-forever
pouet.net
English Amiga Board
GXArena OFW Repo
WiiBrew
WiiUBrew
3DBrew
SwitchBrew
Games and Consoles
Maxconsole.com
Console Wizard
GameCube Linux
Xbox Linux
Xbox-Scene.com
XboxHacker.Net
xbins.org
Doom9.net
bunnie's blog
debugmo.de
GX-Mod.com
ElOtroLado.net
uCON64
GBADEV.ORG
GBAtemp.net
PocketHeaven.com
PDRoms
GameSX.com
ASSEMbler
phrack.org
Woz.org
Captain Crunch

Support...

Pirate Party

Bitcoin

Namecoin

radare

OpenCores
Electronic Frontier Foundation
Amnesty International

Nectarine Radio

Demovibes Radio

GNU
Linux
Mozilla

Total Page Views
We received
132028559
page views since June 2002

Progress in the public IOSU hacking!
Posted on Saturday, October 15, 2016 @ 11:39:54 GMT

wii u modrobert writes: "Thanks to Hillary_Clinton (yes, she is apparently good for something besides instigating war) over at gbatemp.net there is significant progress in the public research into IOSU on the WiiU. As mentioned in my previous story about what the IOSU is and why it is important, several hackers have successfully exploited the IOSU in the past, but have so far refused to share their findings.

Quote Hillary_Clinton: 'I didn't find the IOSU syscall table myself, although I understand how it must have been found. The syscall handler is installed at address 0xFFFF0004. It is located at 0x0812DD6C. You can see that at address 0x0812DDF4 the syscall handler loads the address of the syscall table (0x081419F0) and uses the syscall number as an index into this table to find the address of the code for that particular syscall. That's how the syscall table and the code for each syscall must have been found. The negative value of the root hub index: it was just an arbitrary value that I chose to make the read end up in the middle of MEM1. I knew from reading the vulnerable code in IDA that a root hub structure is 0x144 bytes and that the root hub structures were located in IOS-USB's internal structure at offset 0x39EC. I knew the structure must have been located at the beginning of IOS-USB's local process heap at 0x10146060, but I didn't know where exactly at the time so I just sprayed the area in MEM1 where I thought it would read from with the appropriate values. I didn't know whether the read from MEM1 would actually work; I just tried it and it worked. I knew where MEM1 was mapped on the PPC side and the ARM side from reading the wiiubrew wiki.'

This is great news for the future of game loaders such as loadiine on WiiU where no browser exploit will be needed, and games can be loaded from USB port instead of SD card slot."

Note: The EurAsia forum topic is here.

 
Login
Nickname

Password

Member Registration

Related Links
· More about wii u


Most read story about wii u:
Wiike‹ - Its True!


Story Rating
Average Score: 5
Votes: 2



Options

Printer Friendly Page  Printer Friendly Page


"Login" | Login/Create an Account | 2 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.
Re: Progress in the public IOSU hacking! (Score: 1)
by modrobert on Saturday, October 15, 2016 @ 11:45:37 GMT
(User Info | Send a Message)
In case the source code post gets deleted at gbatemp.net, you can find a mirror here.


[ Please login if you wish to reply to this comment ]

Re: Progress in the public IOSU hacking! (Score: 1)
by modrobert on Sunday, October 16, 2016 @ 01:02:56 GMT
(User Info | Send a Message)
...and now OTP access via IOSU kernel from Donald Trump:

http://gbatemp.net/threads/otp-access-via-iosu-kernel.445063/

The competition is on!


[ Please login if you wish to reply to this comment ]

 

All trademarks and copyrights on this page are owned by their respective owners.
Comments and forum messages are owned by the Poster.