A really, REALLY old browser exploit (for 5.3.2)?

[Jediweirdo]

Someone I'm helping got a fatal NAND corruption error on their Wii U and I'm trying to help them homebrew it so they can get RedNAND before their NAND is too far gone. However, they're stuck on 5.3.2U and can't update (a fatal error code happens). So, is there any remaining old exploits they could possibly use, and would bluubomb work? We've already tried a lot of newer exploits like the wifi exploit and the more modern web exploits.

Edit: stupid mistake with the version numbers. Sorry! The are on 5.3.2, not 5.5.X

 

[SDIO]

Did you try dnspresso?

 

[xpermian]

Did you try dnspresso?

I'm the person who has this issue

Yeah, I tried DNSpresso, but it didn't work. The connection test just kept loading forever. Although, all the videos I saw on DNSpresso used Wired Connections, but I used a normal network connection cuz I don't have a LAN adapter. Not sure if that was the reason why it failed.

I followed this old browser exploit guide: gbatemp dot net/threads/homebrew-launcher-for-wiiu.416905/
This was able to work for me, and I was able to launch the Homebrew Launcher.

I'm not sure how to proceed with installing ISFShax, however, because I tried rerunning the exploit with the ISFShax files, but it just reopened the Homebrew Launcher instead of the minute main menu.

 

[SDIO]

Try replacing SD:/wiiu/apps/homebrew_launcher/homebrew_launcher.elf with the payload.elf from the fw_img loader.

 

[xpermian]

After I launched the exploit, I got a black screen with white text saying:

"Could not load file /wiiu/apps/homebrew_launcher/homebrew_launcher.elf"

BTW, the website I'm using is wiiu dot insanenutter dot com.

 

[SDIO]

Is it 5.3.2 or 5.5.3 the text and the title have different Numbers

 

[Jediweirdo]

Is it 5.3.2 or 5.5.3 the text and the title have different Numbers

5.3.2 lol sorry it was pretty late when I made this. Updated post to reflect this

 

[SDIO]

The problem is we don't have a IOSU exploit for such an old IOSU, and we would need that for a fw_img loader.

The only option I see, without back porting an exploit to an older IOSU (which I don't see happening anytime soon) would be to update IOSU. Since you say the update isn't working, we could try to install the latest OSv10 using the WUP Installer, which we can launch from the Browser exploit.
If that install works, we can use the 5.5.x IOSU exploit to launch a fw.img.
But this has some risk, since I am not sure if the newer OSv10 title works with the older rest of the firmware. We could also try to update all titles, but that would mean more eMMC writes, which also is a risk.
But even if it can't boot anymore completely with the new OS, we should still be able to use UDPIH.

If you want to do that I can look into WUP Installer later to remove the checks.

 

[xpermian]

The problem is we don't have a IOSU exploit for such an old IOSU, and we would need that for a fw_img loader.

The only option I see, without back porting an exploit to an older IOSU (which I don't see happening anytime soon) would be to update IOSU. Since you say the update isn't working, we could try to install the latest OSv10 using the WUP Installer, which we can launch from the Browser exploit.
If that install works, we can use the 5.5.x IOSU exploit to launch a fw.img.
But this has some risk, since I am not sure if the newer OSv10 title works with the older rest of the firmware. We could also try to update all titles, but that would mean more eMMC writes, which also is a risk.
But even if it can't boot anymore completely with the new OS, we should still be able to use UDPIH.

If you want to do that I can look into WUP Installer later to remove the checks.

Sure, I can try using the WUP Installer once you remove the checks. I'm assuming the checks are for checking your Wii U firmware version.

 

[SDIO]

First You understand there is a Risk with this, and I didn't test this exact scenario. If it goes mildly wrong, you will need to use UDPIH or if it goes really wrong you need to defuse (solder). But It's not like there are many options to chose from...

Use the MLCRestorerDownloader https://github.com/Xpl0itU/MLCRestorerDownloader/releases to download the SLC titles.
Create an install folder on the SD, copy the 000500101000400a (OSv10) title the install folder. It will ask you for a Common Key.. You will need to find that somwhere...

There is already a patched version of the WUP Installer: https://hb-app.store/wiiu/wup_installer_gx2_mod
The original WUP Installer doesn't allow installing system titles.
You should be able to launch it from the Homebrew Launcher.

From the WUP Installer you can then install the 000500101000400a title.

After that is done reboot and hope that it still boots from the browser.

You should then be able to use the CFW Booter: https://hb-app.store/wiiu/cfwbooter to load minute from the Homebrew Launcher. (Use the fw_encrypted.img renamed to fw.img on the SD)

 

[xpermian]

Before I try the exploit, can you verify that my SD card files are correct?

• fw.img
• ios.img
• superblock.img
• superblock.img.sha
• wiiu
  • apps
    • cfwbooter
      • cfwboot.elf
      • icon.png
      • meta.xml
    • homebrew_launcher
      • homebrew_launcher.elf
      • icon.png
      • meta.xml
    • wup_installer_gx2_mod
      • wup_installer_gx2.elf
      • icon.png
      • meta.xml
  • ios_plugins
    • wafel_core.ipx
    • wafel_isfshax_patch.ipx
• install
  • 000500101000400a
    • all files downloaded from the MLCRestorerDownloader

 

[SDIO]

looks good to me.
Inside the 000500101000400a folder, you just have the app and other files and no subfolders, right?

 

[xpermian]

Yeah, it's just the app and files.

I tried the Browser exploit with this SD card, but I got an error saying:

"FSGetMountSource failed."

edit: it was FSGetMountSource, not FSGetMountExploit

 

[SDIO]

Make sure it is FAT32 formatted. For Now you can also just use the card that worked with the Browser exploit

 

[xpermian]

The card I'm using rn is the one that worked with the Browser exploit. I formatted it to FAT32 a couple of days ago with GUIFormat.

 

[SDIO]

maybe it just made bad contact.

 

[xpermian]

Yeah, you were right. I replugged the SD card in and the browser exploit worked.

I ran the WUP installer, and installed 000500101000400a to the NAND.

However, after I rebooted and retried the browser exploit, the Browser exploit is now stuck on the wiiu.insanenutter.com/payload532.html website, without going to the Homebrew Launcher.

 

[SDIO]

Then now maybe try the u.wiidb.de one.
But it will look for a wiiu/payload.elf. Make sure you place the fw.img loader payload.elf there https://github.com/wiiu-env/fw_img_payload/releases

If we can't get a browser exploit to work, you could try DNSpresso again. And if that doesn't work maybe bluuebomb. And after that we would need to resort to UDPIH. Do you have a modded switch or a raspberry pi pico?

 

[xpermian]

Can i still use u.wiidb.de if i don't have a payload.elf in SD://wiiu?

 

[SDIO]

You can try it and it would tell you that it can't find the payload.elf, in case it works