Where did the Wii-U source extract come from? I know there was some Wii source code dumped in May, 2020, but that was for the original Wii and nothing really that wasn't already known. That the source extract is s casually dumped suggests access to the code that the average person really couldn't dream of.

It's all reverse engineered and manually re-labeled code from assembly. It's just .. an insane amount of work from the community :).

this isn't the first time the wii u has been hacked. the most common wii u hack was simply because only code was encrypted, not the assets. so someone was able to buffer overflow the Nintendo DS emulator by replacing the assets. You run the DS game, wii u reboots jailbroken. My guess is part of the initial jailbreak the OS was dumped and decrypted and what you are seeing is from ghidra not from C source.

Like the other two comments mention this was all reverse engineered by hand using ghidra. I don't think there was ever a source code leak for the Wii U anyways.

I believe this is the exact same exploit that was used to eventually jailbreak the PS3 using USB dongles.

It certainly is a very similar exploit, but I'm not sure if it's the exact same bug.

Edit: After looking through the PSJailbreak writeup it seems like they are really similar after all. Both target the descriptors allocated on the heap.

Yeah, very similar. They both use time-of-allocation vs time-of-use style attacks on the length of the descriptor to trigger some kind of buffer overflow which corrupt heap data structures.

However the PSJailbreak writeup doesn't actually go into details of the buffer overflow (it wasn't written by the original exploiter, just by people re-implementing it; They didn't care enough to fully work out how it worked) so it's not clear if it's the byte-swapping function that was overflowing, or some other function.

Finally, a reason for taking cpsc 323