←back to thread

Wii U SDBoot1 Exploit “paid the beak”

(consolebytes.com)
160 points sjuut | 2 comments | 18 Jul 25 20:30 UTC | HN request time: 0.441s | source
1. bri3d ◴[18 Jul 25 22:19 UTC] No.44610405[source]
This reminds me a lot of the PSP Pandora's Battery: a special factory "boot from external flash" system with exploitable vulnerabilities - on PSP, the special Pandora's Battery "JigKick" serial number 0xFFFFFFFF or the factory battery challenge/response "Baryon Sweeper" on newer consoles, followed by a rather complicated exploit in the "ipl.bin" signature checking process on the external hardware. On the Wii U, the "unstable power" battery jig followed by a simple overflow in SDBoot1.

https://www.psdevwiki.com/psp/Pandora

https://github.com/khubik2/pysweeper

replies(1): >>44614539 #
2. kotaKat ◴[19 Jul 25 11:22 UTC] No.44614539[source]
Oh. TIL they found the pins to trigger Manufacturing Mode in the last ~4 years on the final few 'unbrickable' PSP models... neat!