Views: 8,987,817 Home | Forums | Uploader | Wiki | Object databases | IRC
Rules/FAQ | Memberlist | Calendar | Stats | Online users | Last posts | Search
12-12-18 07:26 PM
Guest:

0 users reading WiiU gamepad haxing | 1 bot

Main - Computers and technology - WiiU gamepad haxing New reply

Pages: 1 2
StapleButter
Posted on 09-11-16 08:36 AM (rev. 32 of 01-13-17 03:13 PM) Link | #77118
The idea is to program a WiiU gamepad, but as a standalone device.

You can use libdrc to connect a gamepad to your PC (given compatible wifi hardware) and send it shit to display, but I want to do more.

I have yet to find a gamepad at an acceptable price tho. They tend to be expensive.


So, what does the gamepad have?

4MB RAM, 32MB Flash storage. As far as memory is concerned, it's about on par with a DS.

Three processors: ARM9 (main firmware), Cortex-M3 (wifi), STM8 (microcontroller). Clock speeds unknown. All I know is a quote from someone saying it'd be powerful enough to emulate a GameBoy.

[edit: according to mobo shots, the crystal next to the CPU is rated 32000, which would be 32MHz]

Framebuffer. Hardware h.264 decoder. Other than that, pretty simple hardware. Speakers, camera, microphone, buttons, gyro/accel, that kind of shit.


I like the idea of using it as a standalone device. And trying to make things in a limited environment.

Interestingly, Nintendo didn't bother securing the gamepad. Makes sense, they spent less time and effort developing that device, and as long as the WiiU-side interface is secure, haxing the gamepad gets you nowhere (no piracy, no WiiU homebrew).


First thing to do would be hooking up wires and shit so I could directly read/write the Flash.

Uploading new firmware via wifi would be a possibility, but if a crapoed firmware is uploaded, the thing is bricked.


Next is, well, the fun part. I'd start by basic things, writing my own code, doing shit like writing to the LCD framebuffer. Also, dumping the on-chip bootloader, must be at address 0xFFFF0000 (typical of ARM9) and likely unprotected.

Some fun reverse-engineering of the gamepad internals. Figuring out the fun things one could do. All that.





FINDING DUMP


MOVED: http://kuribo64.net/wup/


Notes

bootloader:
first 4 bytes are the size of the bootloader
next 0x40 bytes are exception vectors for the bootloader, loaded at 0x00000000
next N bytes are the bootloader code, loaded at 0x003F0000 (N=size of the bootloader)

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

tonks

cros107
Posted on 09-11-16 04:07 PM Link | #77130
Posted by StapleButter
ARM9 (main firmware)


Wait, so...

Native DS games? Or is there more?

I didn't know about the libdrc thing. Is it possible to reverse what you were talking about, and capture game footage from the gamepad? Slightly off topic, but... wundrin'.

Anyway, you said it had similar specs to the DS, and would probably just be powerful enough to emulate a gameboy. But doesn't the DS have GBA emulators?

Look forward to seeing what comes of this. Though I won't hack my gamepad, it looks like it would be something interesting to look into.





____________________
No, not doing SM64DS hacking, just here for the waffles.

StapleButter
Posted on 09-11-16 04:34 PM Link | #77133
no, DS games can't run on a gamepad. it only has 4MB of RAM, which is the amount the DS has (it would have to hold the emulator code and data alongside the emulated RAM, so it'd need more than 4MB).

oh and the DS has more than 4MB if you count its extra memory (WRAM, VRAM, etc), too.

you would also need to emulate the DS video hardware and other shit -- the DS has 2D tile engines and a primitive 3D engine, the gamepad has none of that.

basically, the only thing similar to the DS is that it uses an ARM9 CPU.


as for capturing game footage from it, it's surely doable, but not what I'm aiming for.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

tonks

cros107
Posted on 09-12-16 04:02 AM Link | #77153
Ah, ok. But if it had the same hardware as the DS... it would theoretically be possible?

And... DS as gamepad replacement confirmed?

____________________
No, not doing SM64DS hacking, just here for the waffles.

RoadrunnerWMC
Posted on 09-12-16 04:19 AM Link | #77157
If it had the same hardware as the DS, it would be able to play DS games, because it would, in fact, be a DS.

____________________
The Red Hat Café

StapleButter
Posted on 09-12-16 04:45 AM Link | #77162
blarg


does the DS have a camera? or accelerometer? or NFC reader?

not to mention its wifi hardware is vastly obsolete and incompatible with the gamepad's needs

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

tonks

Sparsite
Posted on 09-12-16 05:02 AM (rev. 2 of 09-12-16 05:02 AM) Link | #77164
You should post all your notes and findings, something similar to GBATEK but for the gamepad. It'd be interesting to read.

____________________
ASMR:
*quietly whispers*
move r0 r7
push r4 to r14
load register r4 into r0
POP

StapleButter
Posted on 09-12-16 05:03 AM Link | #77165
I will. It'll likely go on Wiiubrew.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

tonks

StapleButter
Posted on 09-16-16 07:28 AM (rev. 2 of 09-16-16 07:42 AM) Link | #77462
teh gamepad has been ordered. we'll see when it arrives.


in the meantime: investigating how to access the Flash chip. will be using a raspi as it needs 3.3V logic. other than that, bog standard SPI.



Posted by StapleButter
I have yet to find a gamepad at an acceptable price tho. They tend to be expensive.

haha, so much for that.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

tonks

Sparsite
Posted on 09-22-16 05:02 PM Link | #77805
did you just find a cheap one on ebay or something or did you do some digging?

____________________
ASMR:
*quietly whispers*
move r0 r7
push r4 to r14
load register r4 into r0
POP

StapleButter
Posted on 09-22-16 05:49 PM Link | #77806
It was cheap... when the auction started. It climbed to... the same prices as a new gamepad.

Well, atleast I allow a no-longer-needed gamepad to be reused, which avoids waste.


Anyway, I had to receive 3 parcels for this project. Current status:

1. Got a notice yesterday. "Your parcel will be available from tomorrow at the post office". I went there today, they didn't have it and told me to come back tomorrow. 10/10. Anyway, this parcel is presumably the gamepad.

2. Retrieved, all is fine. This parcel is the wires and crap I'll need.

3. No sign of life yet. Presumably the gamepad power supply.


Life lesson: in this region, the less you have to deal with the post, the better you feel.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

tonks

Sparsite
Posted on 09-22-16 06:51 PM Link | #77807
Aha, I ordered an r4 and had been waiting for around 2 monthes wondering if I had been scammed until my mom randomly says, "oh yeah, theres a package at the post office for my you." Usually they just deliver all the shit to my door, but I guess not this time, lol.

____________________
ASMR:
*quietly whispers*
move r0 r7
push r4 to r14
load register r4 into r0
POP

StapleButter
Posted on 09-23-16 09:12 AM Link | #77833
can take time to refill stocks. it took a while when I ordered a Gateway.


anyway, parcel 1 is retrieved, finally. it is the gamepad, and it seems to be working fine, except turning it on drained what little power was left in the battery.

I have yet to see parcel 3 arrive.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

tonks

Sparsite
Posted on 09-23-16 01:44 PM Link | #77849
Are you worried about bricking it at all?

____________________
ASMR:
*quietly whispers*
move r0 r7
push r4 to r14
load register r4 into r0
POP

StapleButter
Posted on 09-23-16 04:26 PM Link | #77861
I'm more worried about... frying it. At some point there's been a bad smell.


I spent hours soldering those wires to the Flash chip, and in the end, the raspi doesn't start when the chip is powered. zeofjhsjgldshbfdslkjfsdklflk


Should maybe try taking it off the mobo.

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

tonks

Isaac
Posted on 09-23-16 10:48 PM Link | #77893
I'm still reading this but like how the heck do you know this? and how do you hook it up?
I cant wait to see some anime pussy

shibboleet
Posted on 09-24-16 03:29 PM Link | #77936
you find the pins that supply power

____________________
a

StapleButter
Posted on 09-24-16 03:35 PM Link | #77938
'hook it up' as in?


Anyway, I guess the issue is indeed that the Flash chip is connected to the rest of the mobo, and that drains more power than the raspi can provide. So this leaves me with two options:

a) have the gamepad powered and turned on, and hope it won't interfere. It would be perfect if it got into a state where it stopped feeding its own clock to the Flash chip.

b) have a badass 3.3V power supply powering the Flash chip independently. Maybe use USB or Nintendo's power supply with resistors to get the right voltage?

____________________
NSMBHD - Kafuka - Jul
melonDS the most fruity DS emulator there is

tonks

Isaac
Posted on 09-24-16 06:22 PM Link | #77955
Soooo Staple, I remember reading that the WiiU can have 2 gamepads and it still wont lag. Is it true?
I cant wait to see some anime pussy

Sparsite
Posted on 10-13-16 03:49 PM Link | #78693
Would it be wise to program some sort of emulator first before messing with the firmware on the device (and possibly bricking it)?

____________________
ASMR:
*quietly whispers*
move r0 r7
push r4 to r14
load register r4 into r0
POP
Pages: 1 2

Main - Computers and technology - WiiU gamepad haxing New reply

Page rendered in 0.032 seconds. (2048KB of memory used)
MySQL - queries: 27, rows: 231/231, time: 0.017 seconds.
[powered by Acmlm] Acmlmboard 2.064 (2018-07-20)
© 2005-2008 Acmlm, Xkeeper, blackhole89 et al.