Hacking How to run the kernel exploit on your WiiU! (Tips)

[fiveighteen]

If people are still having problems, here are video tutorials:
[/SPOILER]

I used MrRean's kexploits.zip so I didn't have to compile them myself. Set up Wamp, placed all the files into the www folder, made sure the server is online, etc. When I type "localhost" into my browser I only see a blank page, and typing my IP into the Wii U gives me nothing. Any ideas?

EDIT: Switched to Mongoose, working fine now.

 

[YugamiSekai]

1) Go find a WebKit CVE that crashes latest firmware (Google).
2) Hook exception vectors and get stack trace for crash using the kernel exploit on lower firmware (dantarion just committed this).
3) Port the WebKit CVE PoC you found to Wii U arch on lower firmware.
4) Port ROP chain and any other memory offsets from lower firmware to latest firmware blindly.

And why haven't I known this months ago?

 

[neobrain]

How to self-host the kernel-exploit on Linux (or well, anything where python is installed on, really):

cd directory_with_the_payload_html_files; python -m SimpleHTTPServer

.. why toy around with apache when it's actually that easy?

 

[endoverend]

So how do you people live with this race attack? I'm still getting "race attack failed" after like 30 tries.

 

[s3phir0th115]

So how do you people live with this race attack? I'm still getting "race attack failed" after like 30 tries.

You're not the only one having trouble. I tried it a good 30 or 40 times and didn't get anything but a black screens, black screens with white pixels throughout, black screens with red throughout, and straight freezes.

I ran an original nook exploit to root it that also wasn't very stable. Some of them just aren't stable and need repeated tries, though I've yet to get this one working myself.

 

[endoverend]

You're not the only one having trouble. I tried it a good 30 or 40 times and didn't get anything but a black screens, black screens with white pixels throughout, black screens with red throughout, and straight freezes.

I ran an original nook exploit to root it that also wasn't very stable. Some of them just aren't stable and need repeated tries, though I've yet to get this one working myself.

It's good to know it's happening to other people. I'll just watch TV or something while I'm doing it I guess.

 

[loco365]

1) Go find a WebKit CVE that crashes latest firmware (Google).
2) Hook exception vectors and get stack trace for crash using the kernel exploit on lower firmware (dantarion just committed this).
3) Port the WebKit CVE PoC you found to Wii U arch on lower firmware.
4) Port ROP chain and any other memory offsets from lower firmware to latest firmware blindly.

Don't expect to see 5.4.0 in the wild unless an 0day gets burned (i.e. Nintendo patches it). We're more than happy to release exploits that Nintendo has already patched, but want to keep the good stuff under the hood. Also, we'll probably shy away from releasing anything on the absolute latest firmware because we don't want a lot of online cheaters wreaking havoc. People cheating online just gives us a bad name.

Perhaps I'll take the time to mention that I'm on 5.4.0 and somehow still have online access despite 5.5.0 being the latest. Additionally, wasn't one of the exploits in 5.4.0 patched in 5.5.0, and as well, isn't online play purposely disabled when the exploit is run? Or am I just completely misunderstanding everything?

 

[rufuszombot]

Though I have no use for it, since I wouldn't know what to do with it, I still attempted to run the exploit just for fun, and it always froze about 3/4 of the way through. I'm not too worried about it, but I thought I would throw it out there.

 

[BullyWiiPlaza]

I used MrRean's kexploits.zip so I didn't have to compile them myself. Set up Wamp, placed all the files into the www folder, made sure the server is online, etc. When I type "localhost" into my browser I only see a blank page, and typing my IP into the Wii U gives me nothing. Any ideas?

Did you rename the default index.php file so that your own index.html file is used?

 

[moops44]

i got a problem
i did all with your tutorials and it work well with localhost
but when i type my ip in the wii u i got an error that the site cant be open
my wii u is on 5.3.2E
i use open dns with wireless

 

[BullyWiiPlaza]

but when i type my ip in the wii u i got an error that the site cant be open

Are you sure that it's the right local IP of your PC that you're typing?

 

[moops44]

Are you sure that it's the right local IP of your PC that you're typing?

i typed in cmd ipconfig and then wrote down my ipv4 adress

 

[BullyWiiPlaza]

i typed in cmd ipconfig and then wrote down my ipv4 adress

You need to look under "Wireless LAN adapter WiFi" or something similar. Maybe you took the IPv4 address from another adapter.

 

[moops44]

You need to look under "Wireless LAN adapter WiFi" or something similar. Maybe you took the IPv4 address from another adapter.

i got only one ethernet network adapter
and the ip dont work

 

[Deleted User]

ok but in the end...what can i do with this exploit? is there a homebrew list? what about isoloader?

 

[nastys]

How to self-host the kernel-exploit on Linux (or well, anything where python is installed on, really):

cd directory_with_the_payload_html_files; python -m SimpleHTTPServer

.. why toy around with apache when it's actually that easy?

nastys@ULNS:~/Desktop/homebrew$ python -m SimpleHTTPServer
Serving HTTP on 0.0.0.0 port 8000 ...

And when I go there with Firefox... it actually works!!! WTF??
Yes, 0.0.0.0:8000...

 

[neobrain]

Yeah, that output is perfectly normal. No idea why it prints that IP address, but it probably has some very logical explanation

 

[Reecey]

I suggest anyone having difficulties running this which I had. Bullys vids are great, no doubt the man but I suggest use XAMPP instead, unpack in documents folder not in C:/programfiles and put your .html files into XAMPP/htdocs folder/Payload or pyGecko folders and click on start/Apache, it should turn green, then use Mr Reans from page 1 /payload532.html file and also use wj44's link> http://wj44.bplaced.net/py/ as your pygecko.html file just save to htdocs folder as html format. Run your wiiu make sure you have OPENDNS sorted and you get the red cross on download management box then run your google browser type in the url bar your <IP>/payload532.html or just <IP> then it should go to the XAMPP menu and you choose from there instead, it should then return back to the wiiu pause menu so you know the exploit has kicked in correct and then go back in to google/url bar on your wiiu and then load your pygecko.html then run your game, say NSMBU and then go to your PC open Geckodotnet run as admin put your IP in and connect it should come up. Goodluck!

 

[nastys]

I've tried ~20 times so far and it's not working...
Either the browser freezes or (mostly) the HDMI signal stops. The browser always freezes on the GamePad.
Am I doing something wrong? Do I have to open the browser from the Wii U Menu or from the Home menu? Or within a game?

 

[wj44]

I've tried ~20 times so far and it's not working...
Either the browser freezes or (mostly) the HDMI signal stops. The browser always freezes on the GamePad.
Am I doing something wrong? Do I have to open the browser from the Wii U Menu or from the Home menu? Or within a game?

clear your Cookies, close all Tabs, restart, Type in the URL direct.