GaryoderNichts hat einen WiiU Exploit gefunden, über den man IOSU-Kernel-Zugriff bekommt.
BluUBomb
Exploits the Wii U's bluetooth stack to gain IOSU kernel access via bluetooth.
For a more detailed write-up see WRITEUP.md.
Not to be confused with BlueBomb for the Wii and Wii Mini.
Requirements
- A Wii U which is able to pair a Wii Remote
- A PC with bluetooth
- A PC or VM running a version of Linux which is able to run the custom build of BlueZ
I recommend using Debian 10, BlueZ 4 just crashes for me on Ubuntu 20.04
How to use
- Run
sudo apt install build-essential libbluetooth-dev libglib2.0-dev libdbus-1-dev
to install the required dependencies. - Clone https://github.com/rnconrad/WiimoteEmulator
- Run
source ./build-custom.sh
to build BlueZ. Don't worry if building the emulator itself fails. - Stop the already running bluetooth service
sudo systemctl disable --now bluetooth
- Run the custom built bluetoothd
sudo ./bluez-4.101/dist/sbin/bluetoothd -d -n
- Download the
bluubomb
binary and the kernel binary of your choice from the releases page. Take a look at Kernel binaries for more information. - Power on the Wii U and press the sync button.
- Run
sudo ./bluubomb arm_kernel.bin
and wait for the pairing process to complete.
This might take a minute.
Write down the Wii U's bd address that should be displayed after the pairing is complete.
You can now run sudo ./bluubomb arm_kernel.bin <bdaddr here>
to connect directly to the Wii U and skip the pairing process.
Kernel binaries
arm_kernel_loadfile
Launches a launch.rpx from the root of your SD card on the next application launch.
arm_kernel_fw_launcher
Launches a fw.img from the root of your SD card on the next OS relaunch (for example when exiting System Settings).
arm_kernel_region_free
Applies IOSU patches to temporarily remove region restrictions.
This should be helpful if you've locked yourself out of your applications due to permanent region modifications.
Building
To build you need to have gcc and devkitARM installed.
Then run make
.
Credits
- GaryOderNichts - bluubomb
- rnconrad for the WiimoteEmulator
- dimok789 and everyone else who made mocha possible
Quelle: https://gbatemp.net/threads/bl…int-via-bluetooth.588522/
Changelog:
Release 4:
- Cleaned up and removed unnecessary code.
This increases stability and compatibility with some bluetooth adapters. - Add a longer delay between data transfers.
This fixes an issue where bluubomb just did nothing on some bluetooth adapters. - Add a "install_wup" binary which installs valid signed WUP from the SD Card.
Refer to the README for instructions.
Release 3:
- Bluubomb now loads kernel binaries from the SD Card.
This allows for much larger kernel binaries with more possibilities. - Added wupserver binary (See README for more info).
- The loadrpx binary (previously loadfile) now comes with region free patches and gives every application full cos.xml permissions.
- Removed load fw.img binary.
Use one of the other methods to recover your console and launch a fw.img with a proper fw launcher. - Don't set SSP mode if it's already disabled to avoid a warning (thanks @linkmauve).
Refer to the README for updated instructions.
- Fix pairing on Intel Bluetooth chips
This release supports pairing with the Wii U on Intel Bluetooth chips.
Release 1:
Diese Exploit gab es auch bei der Switch aber er wurde mit den aktuellen Update Switch Firmware 12.0.2 released behoben.