Nintendo Pinky's Wii-U Tutorials

[pinky]

remember: a fake ticket will always have a repeating pattern in hex near the beginning. mine says D1 5E A5 ED 15 A BE 11 A over and over again or "Diseased Isabella." who came up with that? lol

 

[pinky]

added tutorial on deleting fake ticket after I saw someone struggling to do so on gbatemp. his game bought from the eshop wouldn't install, so I thought this tutorial might fix that as well as prevent cbhc bricks in case a game is installed on cfw.

 

[PS3HackersMod]

Nice posts, very useful.

 

[pinky]

Nice posts, very useful.

thanks. I got the idea for the last tutorial after someone on temp couldn't install "brain age." I helped him to delete the ticket (on his wii u, the ticket was by itself in the .tik file, so all he had to do was delete the .tik file). this is assuming the person has a fake ticket by being on cfw. that fake ticket won't work on ofw, and things usually affected by this r dlc and downloadable games. and, as u probably know, haxchi requires a downloaded ds game ("brain age" for example). I think that game is still the cheapest ds game for the exploit. lastly, some people have been downloading one of those games on cfw, and testing it on cfw, when u need to be on ofw for cbhc to work. since deleting a game doesn't delete the ticket, they'll brick their systems by installing cbhc.

oh, and I didn't see this tutorial on gbatemp, but a lot of the members there already know how to do this anyway. I just thought it might help those who don't know how to do it or what's wrong with their system (i.e. failed ofw purchased eshop downloads failing).

I've not posted these tutorials on gbatemp since they're somewhat outdated. mongoose isn't the preferred method to launch the web exploit anymore. xampp works much better, and it's required for the latest firmware. I'm using it for the ps4 web exploit as well. I just need to wait for the kernel aspect to be ported to 4.07+.

 

[pinky]

Added info about xampp to the self-hosting files tutorial. it's so short that it doesn't need its own tutorial really, just a few sentences. btw, the same method can be used for self hosting the ps4 web exploit files. that's how I have mine setup. just create another folder named PS4 or whatever in xampp/htdocs and drop the web exploit files in there. then, on your ps4, type in the ip address of your laptop/pc followed by PS4 (i.e. xxx.xxx.x.xxx/PS4).

 

[pinky]

I think I found a bug with ustealth. whenever ustealth is active, emuNAND games, such as wiiware and the vc, kick me back to usb loader gx. it could also be a bug with usb loader gx. when it's not enabled, emuNAND games run fine. I reinstalled the cIOS and reformatted the hdd (had a backup, ) 'til I figured out that was the issue. I'm posting this in case anyone else has this issue. wii, and I think cube, games r unaffected by this btw. I'm using an hdd with a toggle switch, so it's not that big a deal. I can just turn on the hdd whenever I plan to use it instead of using ustealth or see if I have the latest version of usb loader gx which I believe I do.

 

[pinky]

alright. it wasn't a bug. it was a lack of ustealth support for cIOS d2x v10 (r52). I've installed a modified version of it to cIOS 249, 250, and 251. it works!

 

[Joonie]

5.5.2 Update is out, patches browser exploit entry, other than that, everything seems working fine [kernel stays the same, which is why the old dsexploit[haxchi] still works as well as CBHC, since the auto update does partial update, it won't overwrite the system title that used for CBHC, so my CBHC still booted just fine as well as the homebrews.

CBHC's spoofing worked just fine [99.99.99] until I launched the eshop. As soon as I entered the eshop, it checked the FW then started auto downloading 5.5.2 update, I could've probably tried deleting the downloaded FW but I was lazy to do the research, and it turns out, started auto-updating on the next boot.

Anyways, if you guys changed DNS to prevent the access to the Nintendo server, it would completely block the FW update which I didn't

It kinda sucks that I lost one entry that works for all, but at least I still have my VC entry [DSGame/Haxchi] so I guess I can live with it.

btw, those who are using redNAND can freely update the FW except it "MAY" or "MAY NOT" brick the redNAND [which I haven't tried since I got stuck with sysNAND setup only], even if you get brick on redNAND you can just start from the scratch as long as your sysNAND is alive.

 

[pinky]

that sucks. losing an entry point is y I haven't updated. I have no real reason to enter the eshop either, so I'm good. I downloaded the spoofing files using nus, but I haven't installed them yet. I'm not sure if it will still ask me to update or not when entering the eshop while spoofed. I know during the 5.3.2 days, updates would still be downloaded or attempted to download even if a spoofer was being used. spoofing was only for playing online iirc. it might be the same way here. I noticed a lot of people who were using browser hax r in a panic about what to do. can't buy a haxchi compatible game now even if on 5.5.1. I'm surprised that Nintendo sneaked in an update now. y not when zelda was released??? it's all very bizarre.

 

[pinky]

@Joonie , I found this out on temp, but if u delete the update folder in storage_mlc/sys via ftpii everywhere, the system won't be able to download any updates. it should error when trying to do so. u can undo it as well in case u want to update.

also, for anyone unaware of this, there's a special version of ftpii everywhere for cbhc. the regular version won't work with cbhc. use the regular version if not using cbhc.

 

[pinky]

seems someone typo'd, 'cause the actual location is located on the mlc partition. that's what I was thinking originally, but someone mentioned slc, so I thought I was wrong. I say that because the mlc is the storage partition while the slc is the system software partition. I guess it makes sense. lol

 

[pinky]

I just deleted the update folder on my wii u. nothing bad came of it. lol I didn't test an update though since I'm already blocking them through cc proxy. I should be 100% protected now.

 

[pinky]

I checked the virtual Wii's home screen without a theme (backed it up before I applied a theme). the location is:

storage_slccmpt01/title/00000001/00000002/content

the file name is: 0000001f.app for the USA (different depending on region)

the file size (unmodified) is: 6,344KBs.

 

[pinky]

btw, @Joonie , I read on temp that u can turn off automatic updates with system config tool. I used that app to back up all of my saves and install all of my games, but I didn't look through all the options since many r dangerous to use.

 

[pinky]

I read about a nifty, little trick with cbhc to determine ur actual firmware version. as u all probably know, cbhc/haxchi cfw spoofs the firmware to 99.99.99(?). well, u can see the true firmware version without uninstalling cbhc by loading up mocha. so, ur essentially using one cfw to load up another. I had to disable redNAND to do this which can be done in the config.ini next to the mocha.elf. I have redNAND enabled by default with mocha on cbhc. and, yeah, it showed 5.5.1.

 

[pinky]

I believe something's up with crunchy roll. there's talk of there being a possible exploit using that app. I downloaded it earlier (it's free!) despite not being on 5.5.2 (it's supposed to be an exploit for this firmware, possibly lower as well). I had to disable my proxy (first enabling the dns servers to block updates - not sure if they would've downloaded though with having deleted the update folder). apparently, nnu patcher doesn't like proxies as it err'd for me immediately while using one. I've since reenabled the proxy as added protection. oh, and u need a legit ticket with crunchy roll as a fake one won't run without sig patches which is the reason I downloaded it from the eshop. u may need to delete the fake ticket first, because the first ticket in the .tik file is what's used with the app/game, so if it's fake, it won't run without cfw. I have a tutorial on how to do that in case u need to do that. (reads past few pages), I talk about it all the time.

edit: crunchy roll's ticket is at:

storage_slc/rights/tickets/apps/0000/00000000.tik

 

[pinky]

looks like deleting crunchy roll deleted the fake ticket somehow. I just redumped that .tik file, and the only crunchy roll ticket present is the legit ticket. that doesn't always happen which is y I wrote that tutorial. I originally had this issue with Lucadian Chronicles which I had a legit ticket for, but accidentally installed a fake ticket over it. I checked a few other tickets, and Twilight Princess is located in the same .tik file. also, the tickets won't occupy a full 16 bytes in their final line, just look for 00 01 00 04 to differentiate between tickets. the title id will be located in them as well (obviously).

 

[pinky]

I think I may have found a bug with wup installer gx 2's channel. if there r no installable files, it's supposed to kick u back to the homebrew launcher. however, the forwarder channel can't seem to do that. it may be due to the fact that channel can't find the homebrew launcher since the channel is self-contained on the NAND/USB drive. the wup installer elf file can since it's a part of the wiiu/apps section. as long as u have the homebrew launcher present, it will kick u back there. this doesn't seem to be the case with the channel though. I don't think it has access to the hbl channel nor the sd card. that's my thinking on that.

 

[pinky]

@Joonie , u may be in luck on 5.5.2. I read a few posts on temp stating that the browser can be downgraded. I'm not sure what all is involved though.

 

[Joonie]

@Joonie , u may be in luck on 5.5.2. I read a few posts on temp stating that the browser can be downgraded. I'm not sure what all is involved though.

That sounds doable maybe even downgrading the entire fw is possible as well like 3DS can


Sent from my iPhone using Tapatalk