|c? c17cc73d2d seperate file for hosted index||3 weeks ago|
|diibugger||1 year ago|
|miniloader||1 year ago|
|payload||1 year ago|
|tools||1 year ago|
|README.md||3 weeks ago|
|a.out||1 year ago|
|code550.bin||1 year ago|
|codebin2js.py||1 year ago|
|codebin2js_DEV.py||1 year ago|
|diibugger.mp4||1 year ago|
|hostedindex.html||3 weeks ago|
|illuminati.mp4||1 year ago|
|index.html||3 weeks ago|
|payload.js||1 year ago|
|post-merge.example||1 year ago|
|ropChainToAsm.py||1 year ago|
|startDiibugger.bat||1 year ago|
|startServer.bat||1 year ago|
|tcpgecko.mp4||1 year ago|
|wiiuhaxx_loader.bin||1 year ago|
This is the git repository for stUpiidhax, a very popular homebrew entrypoint access gate for the Wii U’s 5.5.2 firmware.
This is based on the JumpCallPop JSTypeHax (aka WiiUTest) exploit. Unfortunately, JumpCallPop’s GitHub account was removed, leaving this repo.
The latest changes to upstream are available in this repo under the
fast branch. While these changes do make the exploit much faster, they
also make it far less reliable. The most reliable version of the exploit
available is on the
stable branch, which is also the version actively
hosted on my servers.
fast branches have changes to make them
compatible with SSI, or Server Side Includes, an Nginx feature that
allows the server to generate certain parts of pages without requiring
PHP or something similar. A version of
stable with the SSI
requirements removed is available under the
cg method was used to improve reliability with some
older versions of the exploit. I no longer believe that this is
nesessary as the current
stable exploit is quite reliable, but I
figure it’s worth documenting anyway.
With an old version of the exploit, it seemed more effective than placebo to run the access gate behind a very specific server configuration. We accidentally discovered that it seemed to help if the access gate was specifically hosted on GitHub Pages, but proxied behind Cloudflare’s POPs. We tried Cloudflare’s POPs in front of a normal server as well as GitHub Pages without Cloudflare’s POPs, all to no avail. It seems something specific about running the gate on GitHub Pages and putting Cloudflare’s DDOS protection service in front of it would cause the exploit to become more reliable.
Once again, I no longer believe this is nessesary or even useful with
stable version, but I still believe that it’s worth
The cg method was accidentally discovered by Creation_ and researched extensively by myself.
Self-hosting the exploit can help improve the reliability if you have a
slow internet connection. You can checkout the
nossi branch of this
repo and host it with any old webserver, or you can checkout the
stable branch and host it with Nginx, assuming SSI is enabled (simply
ssi on; in the config file). More detailed instructions for
self-hosting may be posted soon.
Once again, all credit for the exploit itself goes to JumpCallPop and everyone else who helped him get this working. I just made a nice gateway, helped lots of people get it working, and compiled all this information.