Persistent WiiU DS VC Exploit
Go to file
2016-11-17 02:39:36 +01:00
cfw_booter -added file loading with button configuration, make sure to check the README for instructions. 2016-11-14 00:18:10 +01:00
hbl_loader -keep the hbl loader in sync with the latest commits 2016-11-15 01:49:12 +01:00
meta added some custom tga files which could be used to replace the default ones in your ds vc meta folder 2016-11-17 02:39:36 +01:00
option_select -keep the hbl loader in sync with the latest commits 2016-11-15 01:49:12 +01:00
zip -fixed screen corruption when loading homebrew launcher by properly clearing the screen 2016-11-12 22:16:06 +01:00
brainage_defs.s -keep the hbl loader in sync with the latest commits 2016-11-15 01:49:12 +01:00
coreinit.s added support for kirby squeak squad/mouse attack as well as yoshis island ds 2016-11-11 06:47:56 +01:00
haxchi_rop.s -added file loading with button configuration, make sure to check the README for instructions. 2016-11-14 00:18:10 +01:00
haxchi.s -added ported cfw booter to directly boot into a fw.img on sd card 2016-11-12 03:29:35 +01:00
kirby_defs.s -keep the hbl loader in sync with the latest commits 2016-11-15 01:49:12 +01:00
Makefile -added port for new super mario bros EUR 2016-11-17 00:00:59 +01:00
mariokartds_defs.s -keep the hbl loader in sync with the latest commits 2016-11-15 01:49:12 +01:00
newsmb_eur_defs.s -added port for new super mario bros EUR 2016-11-17 00:00:59 +01:00
README.md document 2016-11-16 14:56:22 +08:00
sfcommand_defs.s -keep the hbl loader in sync with the latest commits 2016-11-15 01:49:12 +01:00
sm64ds_defs.s -added super mario 64 ds port 2016-11-16 05:55:00 +01:00
yoshids_defs.s -keep the hbl loader in sync with the latest commits 2016-11-15 01:49:12 +01:00
zeldaph_defs.s -keep the hbl loader in sync with the latest commits 2016-11-15 01:49:12 +01:00

haxchi

This is a ported version of the haxchi exploit created by smea and others for all sorts of different ds vc games.
In addition to being ported it also includes a homebrew launcher loader as its payload so you can use it for a lot of things.

install process

haxchi can be very easily installed using iosuhax's wupclient. for example, if hachihachi is installed to the MLC, it suffices to do:

  w.up("rom.zip", "/vol/storage_mlc01/usr/title/00050000/YOUR_GAME_TITLE_ID/content/0010/rom.zip")

of course, using wupclient to install haxchi permanently requires that redNAND be disabled, unless hachihachi is installed to USB, in which case it can be installed from redNAND using:

  w.up("rom.zip", "/vol/storage_usb01/usr/title/00050000/YOUR_GAME_TITLE_ID/content/0010/rom.zip")

To upload a config.txt as well you will have to do the following if the title is installed on NAND:

  w.up("config.txt", "/vol/storage_mlc01/usr/title/00050000/YOUR_GAME_TITLE_ID/content/config.txt")  
  w.chmod("/vol/storage_mlc01/usr/title/00050000/YOUR_GAME_TITLE_ID/content/config.txt", 0x644)  

and for the title being installed to USB you do the following:

  w.up("config.txt", "/vol/storage_usb01/usr/title/00050000/YOUR_GAME_TITLE_ID/content/config.txt")  
  w.chmod("/vol/storage_usb01/usr/title/00050000/YOUR_GAME_TITLE_ID/content/config.txt", 0x644)  

make sure to replace YOUR_GAME_TITLE_ID with one of the following:

Game JPN US PAL
Brain Age(Traing) 10179A00 10179B00 10179C00
Yoshi Touch and Go 10179D00 10179E00 10179F00
Mario Kart DS 10195600 10195700 10195800
New Super Mario Bros 10195900 10195A00 10195B00
Yoshi's Island DS 10198800 10198900 10198A00
WarioWar: Touched 101A1E00 101A1F00 101A2000
Kirby Squeak Squad(Mouse Attack) 101A5500 101A5600 101A5700
Star Fox Command 101AC000 101AC100 101AC200
Super Mario 64 DS 101C3300 101C3400 101C3500
Zelda Phantom Hourglass 101C3600 101C3700 101C3800

a config.txt can look like this for example:

a=fw.img
b=rednand/fw.img
x=wiiu/apps/ftpiiu/ftpiiu.elf
down=wiiu/apps/snes9x2010_libretro/snes9x2010_libretro.elf
default=wiiu/apps/homebrew_launcher/homebrew_launcher.elf

please note though that if you want to load a fw.img the name HAS to be named fw.img in whatever folder you use, nothing else will work.

contents

  • hbl_loader: a loader which will load up the homebrew launcher from sd card
  • haxchi_rop.s: hachihachi process ROP which will emit hbl_loader as executable
  • haxchi.s: generates a malicious SRL file

credit

smea, plutoo, yellows8, naehrwert, derrek, FIX94 and dimok