5.5.2 Browser with 5.5.1 vulnerability [CFW required]

Discussion in 'Wii U - Tutorials' started by Create_, Aug 11, 2017.

  1. Create_
    OP

    Create_ GBAtemp Regular

    Member
    102
    64
    Jul 10, 2017
    United States
    (insert wacky and amusing place here)
    WARNING: DO NOT FOLLOW THIS GUIDE IF YOU DON'T HAVE HAXCHI OR CBHC INSTALLED!
    You will lose all hacks entry points, the browser will not be usable anymore.

    This guide has been written when there was no 5.5.2 exploit and users couldn't downgrade their browser without CFW already installed CFW DOES NOT INCLUDE MOCHA, IF YOU LAUNCH MOCHA FROM THE BROWSER!
    If you are on 5.5.2 you can now use this hacking method, and install haxchi instead of downgrading your browser!

    This guide is NOT a 5.5.2 exploit, and will not get you Homebrew on 5.5.2, this is purely for those with CBHC or Haxchi who want the old browser exploit back for any reason.

    Follow this guide only if you want both CFW and a relatively stable browser hax. (This is more stable than the 5.5.2 browser hax, but doesn't matter too much because it requires Haxchi or CBHC)

    Downgraded browser's with NO CFW (Haxchi or CBHC) = no more Homebrew for you! (until a new update comes out, or a new exploit that doesn't require the browser comes out.)


    Important note: BEFORE doing any permanent changes to your console's internal files, you should always make sure you have a backup (AppStore). if you don't make a full NAND backup, at least do a OTP/SEEPROM dump, that will save your console if you brick the browser, as you can install Haxchi with your Seeprom and OTP. Backing up your Seeprom and OTP will NOT fix full CBHC or FTPiiU bricks (Console not booting). Not necessarily only before following this guide, it's common advice for EVERY console's hacking projects. Always read and understand all the guide before starting it.


    DISCLAIMER


    -Beginning-

    Hello, this is a guide on how to downgrade your Internet Browser as to use the old browser vulnerability.
    This means you will be able to use https://loadiine.ovh on 5.5.2, but first read the requirements, your Wii U might not be supported depending on what Homebrew you use.

    -Requirements and warnings-

    This requires CBHC, or Haxchi (you should have either Haxchi or CBHC if you're on 5.5.2, and if not you're out of luck) an FTP client, FTPiiU Everywhere, and an encrypted version of the Wii U Internet Browser, which can be gained through JNUSTool.
    IMPORTANT WARNINGS, READ ME OR DIE

    -Starting-

    First off, you want to go to the directory where JNUSTool.jar is and open a Command Prompt window there by putting your mouse cursor in an open area, and holding shift and right clicking. You should see an option that says "Open command window here" and you want to click it. Then paste in this command to get the Internet Browser code folder.
    "java -jar JNUSTool.jar 000500301001210A v241"
    It should do a long string of things in the terminal and then a window should appear.
    First, select the arrow that looks like this, next to code (make sure that you don't select the checkbox next to code)
    upload_2017-8-11_1-32-20.png
    Scroll down until you find mvplayer.rpl, and click the arrow next to it, and then hit download.
    What mvplayer and download look like
    It should go through it's download process, and eventually finish. Once it's finished, find the output folder which should have the name "Internet Browser [HBAE01]" open the folder, and then open the "code" folder.

    -Wii U Side-

    Now, head over to your Wii U, and open the Homebrew Launcher with CFW on, otherwise known as signature patches. Load FTPiiU Everywhere, and open Filezilla or whatever FTP client you use.

    -FTP and the Wii U-

    In the box that says "host" type the IP address displayed on your gamepad screen and select "connect" on your FTP client.
    If your console region is USA, go to /storage_mlc/sys/title/00050030/1001210a/code
    If your console region is EUR, go to /storage_mlc/sys/title/00050030/1001220a/code
    If your console region is JPN, go to /storage_mlc/sys/title/00050030/1001200a/code
    Then, copy the mvplayer.rpl file from /Internet Browser [HBAE01]/code which you opened earlier to your FTP client that's open in the directory I told you to go to. It should prompt you to overwrite another file called mvplayer.rpl, and when it does, select yes. Once the file transfer is completed, press the home button on your gamepad, and do all the necessary steps to get to the home menu.

    -Final steps!-

    Once you're at the home menu, power down your console (TURNING OFF YOUR WII U IS REQUIRED, DO NOT SKIP THIS STEP OR THE DOWNGRADE WILL NOT WORK), then power it on, and navigate to the Internet Browser with CFW on. Go to https://loadiine.ovh on your Internet Browser, and if it redirects you to a page saying you're on 5.5.2, go to the URL that it redirects you to, and change the "l=552" to "l=551" and hit ok. Once you've done that, launch the browser exploit as you normally would and you should be good to go.
    back to 5.5.2

    -Thanks-

    I hope you enjoyed this tutorial! It's my first one on here, so I do understand it's not very helpful for a beginner, but I'll try my best, thanks.
     

    Attached Files:

    Last edited by Create_, Sep 23, 2017


  2. ShadowOne333

    ShadowOne333 GBAtemp Guru

    Member
    7,117
    4,509
    Jan 17, 2013
    Mexico
    Absolutely fantastic.
    Can we do the same if we are on 5.5.1 to downgrade the browser to 5.3.2's version?

    I hate using Yahoo as the default browser since they removed the in-browser Google search to instead redirect you to a Google search page.
     
  3. Create_
    OP

    Create_ GBAtemp Regular

    Member
    102
    64
    Jul 10, 2017
    United States
    (insert wacky and amusing place here)
    Well, the process wouldn't be exactly the same, and I don't know exactly if it would work. This method only works since the exploitable thing was the old mvplayer and that doesn't overwrite any data, but with something like the 5.3.2 version of it, it might. I'm going to test it right now, and I'll get back to you when I'm finished.

    — Posts automatically merged - Please don't double post! —

    (yay this post is gonna get merged)
    I also think that you can change the default search engine? I use Google on here it works pretty well, although with the Ninty modified version of Google.
     
    ShadowOne333 likes this.
  4. ShadowOne333

    ShadowOne333 GBAtemp Guru

    Member
    7,117
    4,509
    Jan 17, 2013
    Mexico
    Thanks!
    And yeah that's what I meant.
    I don't like the Ninty modified version of it, I like the old normal search engine of the 5.3.2 browser, which is why I wanna try that.

    — Posts automatically merged - Please don't double post! —

    Also, I'm not sure if 5.5.0 had the old Google engine for the browser, perhaps a downgrade to that one could do as well if the new Nintendo/Google engine was introduced in 5.5.1 only.
     
  5. Create_
    OP

    Create_ GBAtemp Regular

    Member
    102
    64
    Jul 10, 2017
    United States
    (insert wacky and amusing place here)
    (EDIT: THIS UPDATE HAS BEEN ADDED TO MY TUTORIAL)
     

    Attached Files:

    Last edited by Create_, Aug 11, 2017
    ShadowOne333 likes this.
  6. ShadowOne333

    ShadowOne333 GBAtemp Guru

    Member
    7,117
    4,509
    Jan 17, 2013
    Mexico
    Wait so we can actually install parts of the browser?
    Or did I get that wrong?

    Like let's say I want to overwrite only the Google engine with the previous version, can I simply download that and overwrite it on the console?
     
  7. Create_
    OP

    Create_ GBAtemp Regular

    Member
    102
    64
    Jul 10, 2017
    United States
    (insert wacky and amusing place here)
    Well yes, but this isn't very ethical. The only reason it worked here is because not a lot was changed in the update.
     
    Last edited by Create_, Aug 11, 2017
  8. Kleyon

    Kleyon GBAtemp Regular

    Member
    229
    57
    Jul 11, 2017
    France
    What ?! Excuse me, correct me if I'm wrong, but since v2.0 Haxchi is including CFW capabilities, so signature patches included...

    http://gbatemp.net/threads/haxchi-v2-0-a-persistent-wiiu-hack.451071/

    So what do you mean by launching Mocha over it ?!
     
  9. Create_
    OP

    Create_ GBAtemp Regular

    Member
    102
    64
    Jul 10, 2017
    United States
    (insert wacky and amusing place here)
    I believe Haxchi CFW only works if you have a part of your config file set to "sysmenu" and most people use Haxchi for Homebrew Launcher access. Launching Mocha over it would be loading up the Homebrew Launcher via Haxchi, and then launching Mocha. Of course, you can use Haxchi CFW and the Homebrew Launcher via Haxchi, but I'd prefer to give the best method out.
     
  10. Kleyon

    Kleyon GBAtemp Regular

    Member
    229
    57
    Jul 11, 2017
    France
    Hummm ok I assume you're right since I changed my config.txt for Haxchi coming back to sysmenu by default (cause I use CBHC too), I just installed Homebrew Launcher Channel and launch it when needed. Anyway Haxchi users will just have to get back to sysmenu before launching internet browser.
     
  11. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,310
    8,769
    Oct 27, 2002
    France
    Engine room, learning
    Haxchi 2.0 only patches the signature check, it doesn't have access to IOSU node* (which provide access to internal NAND file system instead of just SD card).

    if you want to use FTPiiU everywhere, you need either Mocha or CBHC.
    Haxchi is a "fast loading" cfw, to just play installed games easily. more features require a longer patching process.
    I guess it could be added, as CBHC "sysmenu" option is doing it fast too, right?


    what you can do is launch Mocha with Haxchi !
    assign a button to Mocha path in the config.txt and (re)install haxchi, or use ftpiiu everywhere to overwrite the file. it's easier to reinstall.



    *edit: I was partially wrong, NAND access is available, but only since Haxchi 2.4.
     
    Last edited by Cyan, Aug 17, 2017
    bashgr likes this.
  12. Kleyon

    Kleyon GBAtemp Regular

    Member
    229
    57
    Jul 11, 2017
    France
    Seriously, so I was wrong, thanks for clarifying, I though CBHC was just a cold boot starting Haxchi at startup, I didn't know it was doing further patching !
     
    Last edited by Kleyon, Aug 11, 2017
  13. Create_
    OP

    Create_ GBAtemp Regular

    Member
    102
    64
    Jul 10, 2017
    United States
    (insert wacky and amusing place here)
    It is basically that, but it definitely does more.
    Also, this guide requires Mocha to do the file transfers to downgrade (or upgrade back) but other than that you can use Haxchi CFW to launch the Internet Browser just fine.
     
  14. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,310
    8,769
    Oct 27, 2002
    France
    Engine room, learning
    I'm not sure to understand your warning section.
    you say it requires signature patch to access the browser, but you are not replacing the full browser with a non-signed one, just the mvplayer.rpl file.
    does it check the checksum of that file, because it's in code folder?
    But if you have to launch haxchi first, then you don't need the browser exploit anymore.

    edit:
    also, can I rename your thread's title a little?
    it's not really a "browser" downgrade, you only replace the video module to get 5.5.1 vulnerability in 5.5.2 browser version.
     
    Last edited by Cyan, Aug 11, 2017
    ShadowOne333 likes this.
  15. Kleyon

    Kleyon GBAtemp Regular

    Member
    229
    57
    Jul 11, 2017
    France
    I learnt something, thanks @Create_ & @Cyan, sorry for my mistake ! :(
     
  16. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,310
    8,769
    Oct 27, 2002
    France
    Engine room, learning
    don't worry, that's how we learn :P

    Edit:
    And that's how I learned Haxchi did have MCP Hook too !
    It was my mistake.
     
    Last edited by Cyan, Aug 14, 2017
    Wolfer473 and Kleyon like this.
  17. Create_
    OP

    Create_ GBAtemp Regular

    Member
    102
    64
    Jul 10, 2017
    United States
    (insert wacky and amusing place here)
    Some people just want the browser exploit back. I've tested it, it detects the old mvplayer and therefore you need signature patches to launch the browser once you've downgraded.
    You aren't replacing the browser, and I've made sure not to since that is unstable, and can easily destroy your browser. I'm just going to assume that it detects it because it's in there? Either way, sig patches are required.

    — Posts automatically merged - Please don't double post! —

    (merge wow)
    In fact, it detects it and automatically updates for you if you don't shut off your console when you downgrade.
     
  18. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,310
    8,769
    Oct 27, 2002
    France
    Engine room, learning
    well, I guess more available vulnerabilities access are always better.
    browser has not a good success rate and launching homebrew launcher from haxchi or cbhc is more stable/faster, but now they have more choices :P

    Also, I edited my post above but I put it here too in case you didn't see :
    can I rename your thread's title a little?
    it's not really a "browser" downgrade, you only replace the video module to get 5.5.1 vulnerability in 5.5.2 browser version.
     
  19. Create_
    OP

    Create_ GBAtemp Regular

    Member
    102
    64
    Jul 10, 2017
    United States
    (insert wacky and amusing place here)
    It's fine by me, although I called it that jokingly due to how Nintendo considers updating one small module an 'update'
    Oh, and I just wanted to say that it's not really helpful in the long run, but there is one program that requires the browser exploit so I thought I should make this.
     
  20. urherenow

    urherenow GBAtemp Addict

    Member
    2,988
    889
    Mar 8, 2009
    United States
    Japan
    Isn't haxchii just the dsiware injection thingy? I'm thousands of miles away from my WiiU (literally), but I guarantee you that I have TWO such titles with different versions, and one of them sure as heck goes directly to my home menu, with FTP everywhere already activated and signatures patched. I've never (directly) bothered with this mocha thing at all. Whatever is there, is simply a part if the image file that's run when I open the appropriate icon on my home screen (I never had a desire to set up the coldboot).

    EDIT: I believe the second one I set up goes directly to HBL. Also, I did the all regions tweak as well.
     
    Last edited by urherenow, Aug 11, 2017