Hacking Wii U Hacking & Homebrew Discussion

M

Marionumber1

Well-Known Member
Member
Level 14
Joined
Nov 7, 2010
Messages
1,234
Trophies
3
XP
4,045
Country
United States
Damieh79 said:
Does the WiiU crash when running it's layout/unit test or it didn't have one and he had to try it by himself?
If I'm not supposed to ask/know this then I'm sorry, just tell me so.
Click to expand...


There was a unit test we found on Google Code, and a description of what it did on PC. We verified that it crashed the Wii U, saw what it did to another PPC WebKit browser in an emulator, got binaries from comex, and found similar code in the Wii U binaries.
 
  • Like
Reactions: CosmoCortney, Damieh79, VinsCool and 2 others
O

Onion_Knight

Well-Known Member
Member
Level 6
Joined
Feb 6, 2014
Messages
878
Trophies
0
Age
45
XP
997
Country
Marionumber1 said:
There was a unit test we found on Google Code, and a description of what it did on PC. We verified that it crashed the Wii U, saw what it did to another PPC WebKit browser in an emulator, got binaries from comex, and found similar code in the Wii U binaries.
Click to expand...

Thank you for the very clear and succinct answer. What emulator did you use if don't mind answering?

EDIT:

One other question, Do you know what the base address of coreinit.rpl is in 5.3.2?
 
VinsCool

VinsCool

Persona Secretiva Felineus
Global Moderator
Level 31
Joined
Jan 7, 2014
Messages
14,604
Trophies
4
Location
Another World
Website
www.gbatemp.net
XP
25,283
Country
Canada
Marionumber1 said:
There was a unit test we found on Google Code, and a description of what it did on PC. We verified that it crashed the Wii U, saw what it did to another PPC WebKit browser in an emulator, got binaries from comex, and found similar code in the Wii U binaries.
Click to expand...

That is neat progress :) Keep up the good work.
 
  • Like
Reactions: TeamScriptKiddies
H

Hykem

Well-Known Member
Member
Level 10
Joined
May 22, 2014
Messages
109
Trophies
0
Age
123
XP
2,017
Country
IbbyPlays said:
I just want to thank MN1 and NWP. Whenever I look online for information on a Webkit exploit all I see is PS4 WebKit Exploit! and same for the PSVita. Most of the PS4 news points to the PSVita. However, none of the news for these systems really acknowledges the Wii U. I see things like "A talented team of hackers made and exploit on the PSVita using the internet browser." and "The exploit that some people made for the PSVita has been ported to the PS4."

What I don't see is "A hacking group led by Marionumber1 and NWPlayer123 made a WebKit based exploit for the Wii U that has been ported to sony systems!"
Click to expand...


That's because it never happened...
I've worked and I'm still working on exploiting both the Vita and the Wii U, so I know pretty accurately how the exploits were developed.

The PlayStation Vita's exploit is a heap buffer overflow known as CVE-2012-3648 (a Proof of Concept for this exploit was released under the tag PSA-2013-0903-1). It was being used for a long time by Vita developers before it went public and, it terms of security, it's a considerably powerful exploit.

The Wii U's exploit is a use-after-free bug that was published here: https://code.google.com/p/chromium/issues/detail?id=226696
It's not as powerful and it's definitely not the bug used in the Vita.

The exploit found for the Vita works on the PS4 as well, so it makes sense it was simply ported over.
This exploit drew more attention because people thought those systems were quite secure and nothing had been done with them yet. On the other hand, Fail0verflow had already cracked the Wii U wide open and even gave a detailed on presentation on how to do it.
Obviously, finding a WebKit and exploiting it wouldn't get as much attention since it was already expected to happen.

What you could have mentioned is that Gateway is using the exact same bug to exploit the 3DS, as Yifan Lu posted here: http://yifan.lu/2015/01/10/reversing-gateway-ultra-first-stage-part-1/
 
  • Like
Reactions: TotalInsanity4, VinsCool, OriginalHamster and 1 other person
Reecey

Reecey

Mario 64 (favorite game of all time)
Member
Level 14
Joined
Mar 7, 2010
Messages
5,873
Trophies
2
Location
At Home :)
XP
4,504
Country
Are we on 5.3.2 now on the WiiU. I thought the WiiU had updated since then to 5.3.4 now, I'm not sure anyone know please? Cause some are saying they are updating to 5.3.2 to go online but I thought the WiiU had gone on since then?
 
IbbyPlays

IbbyPlays

Well-Known Member
Member
Level 3
Joined
Dec 20, 2014
Messages
236
Trophies
0
Age
23
XP
272
Country
United States
Hykem said:
That's because it never happened...
I've worked and I'm still working on exploiting both the Vita and the Wii U, so I know pretty accurately how the exploits were developed.

The PlayStation Vita's exploit is a heap buffer overflow known as CVE-2012-3648 (a Proof of Concept for this exploit was released under the tag PSA-2013-0903-1). It was being used for a long time by Vita developers before it went public and, it terms of security, it's a considerably powerful exploit.

The Wii U's exploit is a use-after-free bug that was published here: https://code.google.com/p/chromium/issues/detail?id=226696
It's not as powerful and it's definitely not the bug used in the Vita.

The exploit found for the Vita works on the PS4 as well, so it makes sense it was simply ported over.
This exploit drew more attention because people thought those systems were quite secure and nothing had been done with them yet. On the other hand, Fail0verflow had already cracked the Wii U wide open and even gave a detailed on presentation on how to do it.
Obviously, finding a WebKit and exploiting it wouldn't get as much attention since it was already expected to happen.

What you could have mentioned is that Gateway is using the exact same bug to exploit the 3DS, as Yifan Lu posted here: http://yifan.lu/2015/01/10/reversing-gateway-ultra-first-stage-part-1/
Click to expand...

Oh, It's just I read an article saying that the Wii U exploit worked on the PSVita and assumed it was the current PSVita exploit.
 
Reecey

Reecey

Mario 64 (favorite game of all time)
Member
Level 14
Joined
Mar 7, 2010
Messages
5,873
Trophies
2
Location
At Home :)
XP
4,504
Country
dojafoja said:
My wiiu is online 24/7 with No ip blacklisting of any sort and I'm only on 5.3.2
Click to expand...

Thanks you are US though? I wounder if the UK the same, I presume it is.

Edit: yeah just looked we are on 5.3.2 might as well update then and enjoy MK8 & SSB online while it lasts don't see the point in staying on 5.3.0 anymore when they are just the same position as each other
 
O

Onion_Knight

Well-Known Member
Member
Level 6
Joined
Feb 6, 2014
Messages
878
Trophies
0
Age
45
XP
997
Country
Hykem said:
That's because it never happened...
I've worked and I'm still working on exploiting both the Vita and the Wii U, so I know pretty accurately how the exploits were developed.

The PlayStation Vita's exploit is a heap buffer overflow known as CVE-2012-3648 (a Proof of Concept for this exploit was released under the tag PSA-2013-0903-1). It was being used for a long time by Vita developers before it went public and, it terms of security, it's a considerably powerful exploit.

The Wii U's exploit is a use-after-free bug that was published here: https://code.google.com/p/chromium/issues/detail?id=226696
It's not as powerful and it's definitely not the bug used in the Vita.

The exploit found for the Vita works on the PS4 as well, so it makes sense it was simply ported over.
This exploit drew more attention because people thought those systems were quite secure and nothing had been done with them yet. On the other hand, Fail0verflow had already cracked the Wii U wide open and even gave a detailed on presentation on how to do it.
Obviously, finding a WebKit and exploiting it wouldn't get as much attention since it was already expected to happen.

What you could have mentioned is that Gateway is using the exact same bug to exploit the 3DS, as Yifan Lu posted here: http://yifan.lu/2015/01/10/reversing-gateway-ultra-first-stage-part-1/
Click to expand...
Thank you for the insight!
 
F

fatsquirrel

Well-Known Member
Member
Level 13
Joined
Nov 11, 2013
Messages
2,648
Trophies
2
Age
35
XP
3,480
Country
Marionumber1 said:
I believe 0x101c400 is the coreinit base on 5.3.2. Got this by adding the size of the loader's .text section to 0x01000000 and rounding to the nearest 0x400.
Click to expand...


MarioNumber1:

I know you get these questions a lot and Im sorry for making another one but I cant help myself Im too worried that I will lose the ability to run the exploit.
The thing is I bought Captain Toad for my sons birthday yesterday and I just figured out that it has 5.1.2. patch on it. Im currently on 4.1.0.
Are you absolutely sure that updating to 5.1.2. is safe for homebrew and possible backup (only the ones i own ofc) loading? Is there anything that I could miss going from 4.1.0 to 5.1.2 for a final user like me?
Again im sorry for the annoying question but I and my son would really like to be absolutely sure.

Regards
N
 
  • Like
Reactions: Gruntzer

Site & Scene News

Go to forum More news

Popular threads in this forum

Tutorial Homebrew app  USB Partition - Use partitioned USB HDDs with the Wii U

How can I change the Wii U and vWii region of a japanese wii u to ntsc-u, and keep compatibility with the gamepad?

ROM Hack  PMD Tempest, Wildfire, Radiant

Wii U is super messed up after trying to install Aroma

[Solved] BOTW voice packs after eShop shutdown

My WII U seems to have turned into a brick.

Hacking Hardware Homebrew  Is it even possible to dump the Wii U Cleaning Disc?

Unable to install dlcs

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: @Psionic Roshambo, wut