27w ago - Following up on the
Wii U Specifications with the US launch being today, NeoGAF user
Trike has already uncovered what appears to be a Wii U Miiverse Debug Menu with details below.
Also of note, a
Nintendo Wii U Teardown Guide is now available followed by a second
Nintendo Wii U Teardown Tutorial and
Geoff Keighley of GameTrailers TV has
Tweeted that: The Wii U Firmware update is apparently about 5 gigs. No wonder it takes about an hour+ to download.
Additionally, the Wii U is able to run Nintendo Wii homebrew at launch (
WiiXplorer ELF) and run Wii U games Off an SD Card, as demonstrated in the videos below!
From
Rodger Combs: Let me stress this: the Hackmii installer (1.0) does NOT WORK. There may eventually be a version released that does work (I've been testing different beta exploits, to no success so far), but for now, nothing that requires Hackmii, uses current kernel exploits, or uses AHBPROT will work. That includes Devolution, USB loaders, cIOS installers, and Wii linux.
Nintendo can NOT patch Stack Smash using their current architecture. While it's definitely technically possible, it'd require a lot of work on their part, and could result in SSBB being unstable for all users. Plus, they most likely already knew Stack Smash worked before this video, so this isn't going to cause it to be fixed.
Potentially upcoming Nintendo Wii U upcoming games include the following:
- Donkey Kong
- Dragon Quest 10
- Final Fantasy 3
- Flipnote Studio
- Metal gear solid
- Metroid
- Resident evils
- Soul Hackers
- Super Mario WiiU
- Wii Fit
- Yoshi’s Land Wii U
- Zombie
To quote: Well, I was messing around in Miiverse trying to find out how the hell to do the initial set-up of my friends list to no avail. In doing so I accidentally found the "debug" menu on Miiverse.
At first I thought, "Hey, neat!" thinking it was just a legit secret or something. I can even access something with the name "prototype" that seems to be the actual prototype Miiverse in Japanese.
Apparently John Lennon is still alive and is posting on the Japanese Miiverse. Most buttons that I tried don't work (Acid_Test?) so I thought, hay, maybe GAF could have fun with this or translate it. That is when I found the admin list.
At first it asked me to sign in, because my login information didn't match. Then I pressed a button and it sent me to a list of admins anyway. They had buttons in the same row as the names, and I could "regenerate password" or "Delete Admin" or something along those lines. I didn't do it it because I didn't want to risk getting my god damn Wii U banned on day 1.
What should I do with this information? Is there anyway I can contact Nintendo about this directly without going through their customer service email crap? Should I let everyone know how to do it? Am I an idiot and this is already well known somehow? I can post pics, but they are going to have to be shitty cellphone pictures. Unless The Wii U has a built in snapshot thing.
I may be able to avenge Jim Sterlings Batman review post by deleting admins, what should I do?
Secrets revealed. Summary of events from my end.
I found out I could access the debug menu on Miiverse by hitting the "X" button on the gamepad while hovering over the exit button. I found an admin access list or something to that effect. I couldn't really do anything from there though.
I could view different messages from a developer though. One mentioned that there would be big games coming out (announced?) on the 10th of December. A different said "POKEMON" and "SUICIDE". Sorry, bro.
I went to another link that lead me to some test messages. I thought they were real when I found them, because they were posted 20 minutes ago from the time I accessed them. I could flag them for prohibited content, spoilers, and something else that I forget.
Then I went to a different link on the debug menu and it showed three different Miiverse subforums I could access that would be coming out on December 20th. I clicked on the "games for teens, kids and blahblah" (forgot the other two, I think family games was one of them?) and it lead to some sort of dispute between Timelord celebrities Tom Cruise and Brad Pitt.
There were even more subforums for games specifically, including Yoshi's Island Wii U and Soul Hackers, and less specific ones like "Metal Gear Solid" and "Resident Evils". By the time I stopped posting on gaf to check for more it was fixed, and someone pointed out that Nintendo put up a tweet (twitter.com/NintendoAmerica/status/270333253729271808) about a miiverse fix.
I don't know if I really could flag posts to be deleted or whatever, but I know I could not make myself an admin or delete admins. At least when I pressed the buttons nothing happened.
Kotaku has cracked open Nintendo's Wii U revealing the System Memory and Speed as follows to quote:
The crew at PC Perspective raced home and opened a launch-day Wii U up on a livestream. While they didn't solve all the system's mysteries, like what its GPU is like, they did claim to ascertain how much system memory the Wii U is packing, and how fast that memory is.
According to PC Perspective's teardown, the Wii U has 2GB of DDR3 memory (provided by Samsung). User
AlStrong on the Beyond 3D forums says this means the memory runs at a maximum speed of 17GB/s.
For reference, NeoGAF user
Durante writes for comparison's sake:
- 360: 22.4 GB/s + eDRAM for framebuffer
- PS3: 25.6 GB/s main memory BW + 22.4 GB/s graphics memory BW, no eDRAM
- GTX 680: 192.2 GB/s
The Wii U's North American launch today (November 18, 2012) offers consumers an 8GB model for $300 and for $350 the 32GB version which includes a copy of Nintendo Land.
Finally,
crediar has leaked the
WiiMode Keys and shared some
Wii U Files for those interested!
Update: Nintendo officially stated the following to
CVG regarding the Debug Menu: “It has come to our attention that some people were able to access a mock up menu on Miiverse following the launch of Wii U in the US.”
“Please note that this was only a mock up menu and has now been removed and is not accessible.”
I hope it won't be too much $$...
Never underestimate the power of one guy with 29 guys cheering him on: fail0verflow.com/blog/2012/30days.html
30 Days and a Congress
Brought to you by 30 hackers and 3 tables:
2b30b703c6676c8124c7347b30c7972ffeae2b39
6a0b87fc98b306ae3366f0e0a88d0b06a2813313
Update: The first WiiU dumps have also been spotted in the wild, as follows: The_Avengers_Battle_for_Earth_PAL_WiiU-VENOM
______ /\__________________________ __________ __/\ _______
____\ \/ / _ / _ \/ _ \/ \/ /
| \ // / / / / / // \/ / _
| \ / _______/ / // _/ / / // rtx/
| VENOM \\ /\__________/_____/_____/\____\_____/______/_____/ /art: \ /
`——– \ / –> Proudly Presents: The Avengers – Battle for Earth (EUR)
\/
Publisher: Ubisoft Platform: Nintendo WiiU
Developer: Ubisoft Origin: Europe
Release Date: May 2013 Size/Format: *.ISO (WUOD)
Release Info ————————————————————–>
Wow, things are starting to heaten up, eh?
We think a teensy bit of disc image header is cute and courageous.. but
here at VENOM we go for GOLD!
Today we give you the first full WiiU disc image! Nothing more to add, enjoy
For the curious tinkerers, if you EVENTUALLY want to play this disc image
by whatever means, you will probably need this AES key:
>> 027c9557648a1a999aa7848319bb5ef2
LEGACY . CAPITAL . RISING SUN . DUAL CREW SHINING . ECHELON . MODE7
KALISTO . MENACE . TRIFORCE . JESUS . SUXXORS . F4CG
COMPLEX . DUPLEX . MONEY . ESPRiT iSO
__
\/ ———————————–>
“The Playmakers”
From Fail0verFlow's blog (via fail0verflow.com/blog/2013/espresso.html) to quote:
The future of console homebrew (and a shot of Espresso) by marcan
It’s been almost 7 years since the Wii was released. Back in 2006, not many owned a living room PC. PCs were still relatively bulky, and the Chinese offerings were limited to horrible media players. At the time, the prospect of having a game console double as a HTPC and being able to browse the web, play games for older platforms with emulation, and run homebrew games on a device which you already had in the living room was rather appealing.
Fast forward to today. Mobile SoCs have made huge advances - you can get a quad-core chip in a phone these days - and have made the jump to the living room. Spend $25 and you can get a Raspberry Pi, which is about on par with the Wii at 1/10 of the launch price and 1/7th of the power consumption (with HD video). Spend $100 and you can get an Ouya, which beats the Wii U’s CPU and doesn’t have too shabby graphics at one third the cost.
These mobile-derived devices aren’t quite a replacement for game consoles yet, but they’re catching up fast. They’re cheap enough that they’re almost disposable. The software ecosystem is much larger and wider than any console has ever had. More importantly, they’re open, and the development tools and environments are way better for open development than any game console ever was.
The Wii U isn’t a particularly interesting device. It has the same old Wii CPU, times three. The GPU is a standard, and somewhat outdated Radeon core. The peripheral hardware is standard - SD, USB, SATA, WiFi, etc. The Wii hardware has been either kept as-is or replaced with compatibility shims. The only interesting bit is the controller, but there is already significant work underway to be able to use it with a PC (all you need is a wireless card capable of 5GHz 802.11n AP mode and special software). Even on the Wii U itself, the gamepad is managed by an independent Broadcom SoC that has its own firmware and communicates with the rest of the system via bog-standard USB and one of the video output heads on the Radeon.
The same goes, by the way, for the Xbox Durango and the Playstation Orbis. They’re both glorified PCs. With Valve’s Steam Box coming up, there will be little advantage to either of the first consoles other than potentially new input devices and exclusive games. And the Steam Box will almost certainly be hackable with trivial to no effort.
So where does that leave us? When the Wii U came out, our hacker instincts kicked in and we started looking into ways of breaking into the hardware. A few days before launch we had a firmware update scraper going. Over the next 30 days, we reached most of the milestones required to be able to say that we hacked the device; without going into details, there is basically no security left to break into, other than a mostly unimportant step of the boot process.
What would remain is the tedious work of developing the open frameworks required to bootstrap a homebrew community, documenting everything, reverse engineering all of the new hardware, developing a persistent exploit (think tethered vs. untethered iPhone jailbreak, except without any extra hardware or cables), and packaging it all up.
Over the next few months, interest faded. I took a break to work on other projects. There wasn’t much of a reaction from the Wii homebrew community. Is it really worth going through all that effort when we already have open devices that are affordable and widely available? About 31 trustworthy people, most of them well-known people in the homebrew community, have access to what we developed, yet nobody stepped up to start working on a homebrew platform for the Wii U.
At the same time, there is an eternal clash between the homebrew community and those interested in pirating games. Writing homebrew software and frameworks is rather difficult - it requires new code to be written to support the hardware, which must be reverse engineered first. Convincing a game console to load copied games is comparatively simpler, as only the bare minimum amount of code patches required to convince the game/OS to load the game from alternate storage media are required.
For example, on the PS3, the kernel payload of the first game loaders was a tiny system call patch, and I wrote an (unreleased) Wii USB loader using existing homebrew frameworks in a couple hundred lines of code, as a proof of concept. Every console after the PS2 was initially broken to run open homebrew code, and only later did piracy show up (excluding disc-drive-based hacks, which I consider a different category).
I think we may have reached the point where homebrew on closed game consoles is no longer appealing. The effort required to develop and maintain an environment for a big, complex modern game console is huge. The cat and mouse game with the manufacturer requires ongoing effort. There is a very real threat of litigation. Game pirates would become not just big users of the result of those efforts, but by far the overwhelming majority (not because there are more pirates, but because there are fewer homebrewers). The fact that the Wii U isn’t selling nearly as well as the Wii did doesn’t help drive enthusiasm either.
I could be wrong, of course. Maybe it’s just that I have a full-time job now and less of a chance to spend all-nighters staring at assembly code. Maybe there are tons of prospective Wii U homebrew developers quietly waiting in the sidelines for a release. Maybe we’ve just gotten lazy.
We could just release everything as-is, of course. However, we tried that with the PS3, and the results were not only disappointing, but we actually ended up in an undeserved legal mess. Homebrew for the PS3 is basically nonexistent, and all anyone cares about is piracy. This is not a situation which we want to see happen again.
So, instead, we can go for a compromise. Our original idea for Wii U homebrew was to “escape” from the Wii mode sandbox and enable the new Wii U hardware. This appeared possible initially, but unfortunately, it turned out that a few critical hardware registers were irreversibly disabled in Wii mode. However, due to the design of the Wii U’s architecture, a few things can be re-enabled. One of those is the multicore support of the Espresso CPU.
On the Wii, the Broadway CPU had no built-in security: games ran on the bare metal and the Starlet handled all security. The Starlet was responsible for kickstarting the Broadway and feeding it code to run. The Wii U extends this architecture by putting some extra security inside the Espresso CPU: now, the Espresso has its own secure boot ROM, like the Starbuck, and will only boot a signed and encrypted code package. This package (which we call an ancast image) is delivered by the Starbuck and verified and decrypted when the Espresso is reset.
This happens in Wii mode too. However, Wii mode software knows nothing of this mechanism. Nintendo worked around this by transparently replacing the NANDloader (which is usually the first code that runs on the Broadway when it boots) with a modified version, encrypted and signed using the new format. The Starbuck (running vWii IOS) loads the new NANDLoader to RAM as it normally would, but when the Espresso is reset, it instead runs its boot ROM.
The ROM decrypts the NANDLoader in-place and verifies it against its hardcoded ECDSA public key. If the verification succeeds, it jumps to its entrypoint. The very first thing that the NANDLoader does is turn off the Espresso features and put it into Wii compatibility mode. The new NANDLoader is stored in dedicated vWii mode titles 1-200 and 1-201 (there are two variants, but 1-200 is equivalent to the “normal” NANDLoader).
Incidentally, for vWii mode, we made a minor tweak to HBC so that its binary can both be loaded standalone as was the case on the Wii, and also works together with a NANDloader - this means we can use the same binary for both platforms, and we don’t have to ship a separate NANDloader that would be replaced in vWii mode.
Thankfully, even though the Espresso has ROM security now, unlike the Starlet/Starbuck, it has no memory firewall or similar protection (i.e. AHBPROT). This means that we are free to mess with the contents of memory while the Espresso boots. We can perform a completely trivial and reliable race attack and gain control before the NANDloader has a chance to disable anything. Here’s how. You will have to be able to run code on the Starlet: you can either use Mini or hotpatch IOS using the AHBPROT feature of HBC.
Load the NANDloader to RAM (it is a standard DOL binary and should be loaded as indicated in its header). Note that you’ll have to gain access to 1-200 or 1-201 for this. Don’t bundle it in your app; that would not be redistributable and wrong. Instead, read it from NAND directly (mini), or patch IOS to let you access it, or use the existing title boot functionality in IOS (that already loads the NANDloader from 1-200) and just patch the part where the PPC is reset (see below).
Perform the standard PowerPC reset sequence (this is Mini code, see hollywood.h for the constants):
clear32(HW_RESETS, 0x30);
udelay(100);
set32(HW_RESETS, 0x20);
udelay(100);
set32(HW_RESETS, 0x10);
Note that it is not necessary to load any EXI bootstrap code, as the Espresso always boots from ROM.
Immediately start watching memory location 0x1330100 (0x81330100). Make sure to either use an uncached mapping or invalidate the cache every time. You may need to perform an ahb_flush_from(AHB_1) every time to make sure the AHB buffers don’t bite you. Look for a change in the data at that address: it is the first instruction of the NANDloader, and the ROM will start decrypting there. Verification happens simultaneously with decryption.
Replace the (now decrypted) instruction at that address with a jump to your own PowerPC code. Make sure to flush if not using an uncached mapping. The timing is pretty lenient here; the ROM is busy decrypting and verifying the rest of the NANDloader at this point, so you have plenty of time to detect and swap the instruction before the ROM jumps to it.
Congratulations, you are now running Espresso code.
To be able to use the extra cores, you will have to initialize them. There are also a number of settings related to the bus and memory coherency. Some of these may not be applicable to Wii mode, so you will have to experiment. These are the important steps (in pseudo-C), reverse engineered from the early initialization code of the Cafe OS (Wii U mode) kernel (this runs initially for core0, and then every other core also runs this code as it is bootstrapped):
hid5 |= 0xc0000000; // enable HID5 and PIR
// At this point, upir contains the core ID (0, 1, 2) that is currently
// executing.
// Global init
if (upir == 0) {
scr &= ~0x40000000; // scr, car, and bcr are global SPRs
scr |= 0x80000000;
car |= 0xfc100000; // these bit assignments are unknown
bcr |= 0x08000000;
}
// Per-core init
// these registers and bits already exist in Broadway
hid0 = 0x110024; // enable BHT, BTIC, NHR, DPM
hid2 = 0xf0000; // enable cache and DMA errors
hid4 = 0xb3b00000; // 64B fetch, depth 4, SBE, ST0, LPE, L2MUM, L2CFI
// HID5 is new and unknown, probably mostly controls coherency and the
// new L2 and core interface units
if(pvr & 0xFFFF == 0x101)
hid5 |= 0x6FBD4300;
else
hid5 |= 0x6FFDC000;
hid2 |= 0xe0000000; // LSQE, WPE, PSE
msr |= 0x2000; // enable floating point
// boring floating point reg, TB, decrementer, mmu init omitted
hid0 |= 0xc00; // flash invalidate ICache, DCache
hid0 &= ~0x100000; // disable DPM
l2cr = new_l2cr = 0
if (pvr & 0xffff == 0x100)
new_l2cr |= 0x8;
hid5 |= 0x01000000;
if (core == 1)
new_l2cr |= 0x20000000; // probably has something to do with the
// extra L2 for core1
l2cr = new_l2cr;
new_l2cr |= 0x200000; // L2 global invalidate
l2cr = new_l2cr;
while (l2cr & 1); // wait for global invalidate to finish
l2cr &= ~0x200000; // clear L2 invalidate
l2cr |= 0x80000000; // L2 enable
hid0 |= 0x100000; // enable DPM
hid0 |= 0xc000; // enable DCache+ICache
// optional: enable locked L1 cache as usual
// boring standard GPR init omitted
// Core is now initialized. Check core ID (upir) and jump to wherever
// you want, set a flag for the main core, spin in a loop waiting for
// a vector, or whatever
// To kickstart the other cores (from core 0):
// core 1
scr |= 0x00200000;
// (wait for some flag set from core 1 when initialized)
// core 2
scr |= 0x00400000;
// (wait for some flag set from core 2 when initialized)
// Note: the Cafe OS kernel actually then uses core 2 as the main core
// after starting all three. This is probably unimportant.
Note that cores 1 and 2 will start at the system reset vector, which should jump to code equivalent to the above. It is currently unclear what controls whether the cores end up with MSR[IP]=1 (high vectors) or MSR[IP]=0 (low vectors), but I’m pretty sure that at least in Wii mode you end up booting with IP=0 by default (vector 0x100 in MEM1), although one of the above settings might change that. Experiment. Just flipping the two boot bits in SCR is enough to get the two other cores up without doing anything else, although coherency will probably be broken/disabled. Also, keep in mind that this trick gets you access to all 3 cores but they still run at the old Wii speed (729MHz). Speeding up the Espresso probably requires full access to Wii U mode.
The important SPRs are these:
dec hex name
287 0x11f pvr
920 0x398 hid2
944 0x3b0 hid5
947 0x3b3 scr
948 0x3b4 car
949 0x3b5 bcr
1007 0x3ef upir
1008 0x3f0 hid0
1009 0x3f1 hid1
1011 0x3f3 hid4
1017 0x3f9 l2cr
So what can you do with this? Well, libogc is probably near impossible to turn into an SMP-capable scheduler (and there are so many other problems with it that trying to keep using it for Wii U mode would be a terrible plan). However, it should be possible to port Linux to have tri-core support on the Wii U. It might also be possible to use the two extra cores in libogc apps purely for number crunching, with carefully designed locking (outside of libogc) and without calling any libogc functions from the other two cores (or any non-reentrant libc functions).
Personally, I’d like to see a Linux port taking advantage of this (using Linux was my initial goal in Wii U mode, though I never got around to starting the port). Linux is the ideal choice for Wii U mode, as it has native drivers for most of the remaining hardware, and most importantly, it should be a lot easier to port the existing open source Radeon drivers to work on the Latte than to write one from scratch. The Wii U has tons of RAM, unlike the Wii, and natively runs a multitasking OS with paging and memory protection anyway, so there’s little advantage to not just using Linux.
Getting multicore support into some kind of homebrew platform is one of the many steps required to get to a Wii U homebrew ecosystem, so consider this a test to gauge the interest of the homebrew community. If there ends up being significant interest and progress is made, we will reconsider working towards a Wii U-mode homebrew ecosystem (or perhaps just pass on what we have to those who are more motivated than we are).
One final note: on the Espresso, the exclusive load and store instructions (lwarx and stwcx) are subtly broken and need a workaround. If you are seriously interested in this, and you have started working on it, ping me on IRC and I’ll let you know about the specific workaround that is required (I’m just too lazy to write it all out right now) and also gladly answer any other questions.
Finally, from IRC:
17:44:49 < marcan> 31 trustworthy people have the info from last year. if nobody has released anything yet it’s because nobody is motivated/interested enough to do anything with it.
17:45:31 < m_b_v> indeed
17:45:39 < marcan> I think there’s a collective “meh” sentiment about the WiiU. it was fun breaking it but nobody really feels like building an ecosystem out of it
17:45:56 < marcan> and we saw what happens when you just throw your stuff at people and tell them to run with it (see PS3), so that’s not going to happen
17:46:09 < marcan> 31 is a lot of people; if nobody feels like it maybe it isn’t worth it.
Update: To clarify, this only yields access to the extra cores, not the extra RAM and the rest of the hardware. For that, you’ll need a Wii U mode exploit. We do have such an exploit, but right now I believe that, if it were released, there wouldn’t be enough developer interest to kickstart a healthy homebrew ecosystem; if e.g. a Linux port to vWii-mode Espresso is developed, I will gladly stand corrected (and such a Linux port would be directly applicable to Wii U mode, modulo a few minor memory mapping differences, so it’s not wasted effort).
I think it's apparent that he is trying to drum up interest or see who, if anybody, is interested in this work. So far it seems as if only end users are showing interest.
How to Get Nintendo Wii Backups Working on the Wii U Guide
Step #1: Follow the .Wad Manager Tutorial if you haven't already done so. (If you've run it before and are having problems getting backups working after this tutorial, follow that tutorial again and start this one from the beginning.)
Step #2 (optional): Backup your Wii Mode NAND.
Step #3: Download D2X cIOS Installer 2.2 (d2x-cios-installer.googlecode.com/files/d2x%20cIOS%20Installer%20v2.2.rar) and d2x-v10-beta53-alt-vWii.zip (d2x-cios.googlecode.com/files/d2x-v10-beta53-alt-vWii.zip) You should have a folder 'd2x-v10-beta53-alt-vWii' in the d2x cios installer v2.2 folder. So it should look something like this: /apps/d2x cIOS Installer 2.2/d2x-v10-beta53-alt-vWii. Also download the latest version of WiiFlow (code.google.com/p/wiiflow/downloads/list).
Step #4: Extract the D2x cIOS 2.2 installer first. Move to the APPS folder on your SD card. Then extract and move the d2x-v10-beta53-alt.vWii.zip files to the D2X Installer folder in your \apps\ Extract the latest version of WiiFlow to your \apps\ folder too
Step #5: You need the following THREE files in the root of your SD card:
• IOS56-64-v5918.wad
• IOS57-64-v6175.wad
• IOS58-64-v6432.wad
How to get them:
• Download Bluedump 0.3 (bluedump.googlecode.com/svn/trunk/HBC/BlueDump%20Alpha%203/boot.dol) and extract the files to folder titled Bluedump 0.4a
• Rename bluedump-alpha04.dol to boot.dol and place it in a folder titled Bluedump 0.4a in your /apps/ folder of your SD card (You should have /apps/Bluedump 0.4a/boot.dol)
• Launch BlueDump via HBC. With the arrow on "00000001 - SYSTEM TITLES" Press the A Button. Using the D-PAD press DOWN until you are on the desired system title and then press the '1? Button on your Wii Mote. Using the D-PAD change the bracket selection to "Save as WAD" and press the A button, press A Button again for "Save to SD".
• Go to the \BlueDump\WAD\ folder on your SD. Rename the 56, 57, 58 WADs according to the filenames: IOS56-64-v5918.wad, IOS57-64-v6175.wad, and IOS58-64-v6432.wad Move them to the ROOT of your SD card.
Step #6: Boot into Wii Mode, launch HBC, and from there launch d2x cios installer. Press A to get past the intro screen, and press A again when prompted about selecting IOS 236.
Step #7: You should now be at the INSTALLATION PROCESS screen. There should be an arrow under SETTINGS on "Select Cios".
• Using the D-PAD press RIGHT until you can see "d2x-v10-beta53-alt.vWii" in the "Select cIOS" brackets. Once that is selected, press DOWN on the DPAD, moving the arrow to "Select cIOS base". Press RIGHT until "56? is in the brackets. (leave "Select cIOS slot" at "249?) With "d2x-v10-beta53-alt.vWii" under "Select cIOS" and "Select cIOS base" on "56? Press A.
• Once it installs press A to continue. Now change the "Select cIOS base" to "57? and Press A, then Press A again to continue.
• Now finally change the "Select cIOS" base to "58? and Press A then press B to quit once the installation successfully completes.
Step #8: Return to HBC, plug in your USB device to the Wii U's back upper-most USB port, launch WiiFlow and enjoy playing Wii Backups on your Wii U!
That's it! You should now be able to launch WiiFlow and load Wii Backups. (NOTE: as of the time of this writing USBLoader GX does not appear to work, future updates should fix this)
A special thanks to bubba for his contributions to this tutorial.
8 Days: 3d331b3165f9638c6cd6221702b2f736f7fcf931
From marcan42: Pro tip: 40 character hex strings are usually SHA1 hashes, not encryption keys.
Update: Another brief update from fail0verflow (via twitter.com/fail0verflow/status/281164792000045057) of a picture showing output to the Wii U's control pad with their logo and a picture of Nintendo of America President and COO Reggie Fils-Aime with the caption:
"The Wii U is a system we can all enjoy together" - Reggie Fils-Aime (twitter.yfrog.com/gymu6fjp)