Hacking How to run the kernel exploit on your WiiU! (Tips)

[Selim873]

I'm looking forward to one for 5.4.0. Fortunately, it didn't download the 5.5.0 update yet so I'm in the clear.

I'll have to double check the web filter and see that I block the servers to disable automatic updating. Don't want to have my system update on me by accident.

Edit: Blocked the update, my system is totally unaware of it, and still grants me online access. I cannot complain about this.

I managed to do it while the system update was at 10% downloaded. I just wish there was a way to remove that.

 

[karloz25]

So what does this exploit do? Or should I say, what can be done once the wiiu is exploited using this method? Thanks for the guide.

 

[loco365]

So what does this exploit do? Or should I say, what can be done once the wiiu is exploited using this method? Thanks for the guide.

You can modify anything that is in memory, so, performing memory writes and reads. Nothing else though. This will allow for, at least, Virtual Console injection.

 

[Reecey]

Thanks Mr. Rean I'm testing it out now. Is there anything we can do with this now just for a bit of fun?

Edit: also how do you setup XAMPP and grab the file from your PC to the wiiu to execute the payload?

 

[xXDungeon_CrawlerXx]

Looking forward for a KExploit for FW 5.4.0. Is there already the time to make it public?

 

[MichiS97]

Looking forward for a KExploit for FW 5.4.0. Is there already the time to make it public?

They (rightfully so) want to wait until Nintendo patches it or until they find a way to avoid having to update (like emuNAND)

 

[The Real Jdbye]

They (rightfully so) want to wait until Nintendo patches it or until they find a way to avoid having to update (like emuNAND)

Which they now have in 5.5.0. They patched at least one kernel exploit in that version.

 

[Marionumber1]

Which they now have in 5.5.0. They patched at least one kernel exploit in that version.

We're talking about userspace exploits, not kernel exploits.

 

[BullyWiiPlaza]

If people are still having problems, check out my Wii U video tutorials playlist:
https://www.youtube.com/playlist?list=PLKHNWhJawkhgisx0p0Fmv0E3UvwFWTADN

 

[Reecey]

If people are still having problems, here are video tutorials:

Spoiler

Thanks man, really appreciate your thorough guides!

--------------------- MERGED ---------------------------

Thanks man, really appreciate your thorough guides!

Edit: just a quiky bud, when I have set up all that at the end and go to my wiiu chrome browser, what would I type in say if my ip address was 101.1001.1.89, to get to the payload file in Wampserver to activate the exploit? Would it be like this> (http://101.1001.1.89/payload532.html for example? to get it to work. This has nothing to do with the browser exploit I presume you don't need to enter the browser exploit first and then run this?

 

[mariogamer]

hello,if I use dns of opendns,how to lunch the exploit with a ip or other?

and how to use tcp gecko and cafiine?

 

[BullyWiiPlaza]

Edit: just a quiky bud, when I have set up all that at the end and go to my wiiu chrome browser, what would I type in say if my ip address was 101.1001.1.89, to get to the payload file in Wampserver to activate the exploit? Would it be like this> (http://101.1001.1.89/payload532.html for example? to get it to work. This has nothing to do with the browser exploit I presume you don't need to enter the browser exploit first and then run this?

An IP address can not have a number bigger than 255 so 1001 is invalid. Asuming it is 101 instead. You would enter 101.101.1.89 only because it implicitly opens the index.html file which then redirects you to the correct payload ("browser detection code by Relys") so indeed nice job by the developers there.

 

[Reecey]

An IP address can not have a number bigger than 255 so 1001 is invalid. Asuming it is 101 instead. You would enter 101.101.1.89 only because it implicitly opens the index.html file which then redirects you to the correct payload ("browser detection code by Relys") so indeed nice job by the developers there.

I'm trying to get it going but I am having an error access with wampserver> you dont have permission to access/on this server on my wiiu screen? that IP was only an example mines 192.168.1.xx

 

[BullyWiiPlaza]

I'm trying to get it going but I am having an error access with wampserver> you dont have permission to access/on this server on my wiiu screen?

This didn't happen to me so I'm not sure how to fix it, but try looking at tutorials like this one:

 

[YugamiSekai]

Waiting on 5.4.0 like:

 

[nastys]

How to host the kernel exploit (or any other homebrew) on Ubuntu:


How to install devkitPro and build the kernel exploit on Ubuntu:

Spoiler

Yep, it's easier on Ubuntu because you don't need to install Python and Cygwin, and Apache is easy to install
These tutorials, except for the first one, might apply to OS X as well
All the tutorials apply to other GNU/Linux distros, but with some changes.

 

[Relys]

Waiting on 5.4.0 like:

1) Go find a WebKit CVE that crashes latest firmware (Google).
2) Hook exception vectors and get stack trace for crash using the kernel exploit on lower firmware (dantarion just committed this).
3) Port the WebKit CVE PoC you found to Wii U arch on lower firmware.
4) Port ROP chain and any other memory offsets from lower firmware to latest firmware blindly.

Don't expect to see 5.4.0 in the wild unless an 0day gets burned (i.e. Nintendo patches it). We're more than happy to release exploits that Nintendo has already patched, but want to keep the good stuff under the hood. Also, we'll probably shy away from releasing anything on the absolute latest firmware because we don't want a lot of online cheaters wreaking havoc. People cheating online just gives us a bad name.

 

[chrrox]

Can i use this to dump a game disc I have not launched yet?
Can I dump a Japanese games files?

 

[mariogamer]

How to host the kernel exploit (or any other homebrew) on Ubuntu:


How to install devkitPro and build the kernel exploit on Ubuntu:

Spoiler

Yep, it's easier on Ubuntu because you don't need to install Python and Cygwin, and Apache is easy to install
These tutorials, except for the first one, might apply to OS X as well
All the tutorials apply to other GNU/Linux distros, but with some changes.

what I have I do with Kubuntu?

 

[nastys]

what I have I do with Kubuntu?

Use Konsole instead of Terminal and launch it from Kickoff (the "K" menu), as the shortcut is disabled by default.
Instead of gedit, type kate.
Instead of Ubuntu Software Centre, use Apper or the following command in Konsole:

sudo apt-get install apache2

EDIT: and dolphin instead of nautilus.