Anyway we'd need a specific exploit for this browser and we have none.
This could potentially be an additional entrypoint but a skilled reverser has to analyse the code to develop the proper payloads.
This could potentially be an additional entrypoint but a skilled reverser has to analyse the code to develop the proper payloads.
I see people are trying to use the 5.5.1 browser exploits with this.
Those browser exploits were created to exploit the browser on 5.5.1. If you use a different browser for the exploit, why or how would that even work? The point of the exploit is to exploit a very specific vulnerability in the WiiU browser.
So if you use a completely different browser, or the WiiU browser on 5.5.2, the vulnerability is no longer there, it's been patched.
Edit:
I honestly think browser exploits are done. We need to figure out a better way to launch HBL without using the browser. Maybe with a game, that can access the SD Card? Idk. But we need a better way to access HBL.
I am using Haxchi BTW, on 5.5.1 still. I refuse to update right now, until I know for sure everything I need and use is working 100%.
Also, look at it from Nintendo point of view, they had years and years to work on this update. And the update basicly only did one thing after all this time, patched the browser. Which means they had enough time to secure the browser the best way they can, and they had years to think about it and do it.
They know if they would of patched CFW, there would be a lot of people with bricked consoles complaining online saying the WiiU update bricked there consoles. Who cares if they were using CFW or not, it's thousands of people's word against Nintendo. That's a bad PR move for Nintendo, and they knew it.
Those browser exploits were created to exploit the browser on 5.5.1. If you use a different browser for the exploit, why or how would that even work? The point of the exploit is to exploit a very specific vulnerability in the WiiU browser.
So if you use a completely different browser, or the WiiU browser on 5.5.2, the vulnerability is no longer there, it's been patched.
Edit:
I honestly think browser exploits are done. We need to figure out a better way to launch HBL without using the browser. Maybe with a game, that can access the SD Card? Idk. But we need a better way to access HBL.
I am using Haxchi BTW, on 5.5.1 still. I refuse to update right now, until I know for sure everything I need and use is working 100%.
Also, look at it from Nintendo point of view, they had years and years to work on this update. And the update basicly only did one thing after all this time, patched the browser. Which means they had enough time to secure the browser the best way they can, and they had years to think about it and do it.
They know if they would of patched CFW, there would be a lot of people with bricked consoles complaining online saying the WiiU update bricked there consoles. Who cares if they were using CFW or not, it's thousands of people's word against Nintendo. That's a bad PR move for Nintendo, and they knew it.
Last edited by TheTechGenius,
It's a really old browser. What is the idea? Exploring the UAF bug to run a kernel exploit?
Enviado de meu 6039J usando Tapatalk
- Joined
- Apr 19, 2015
- Messages
- 1,023
- Trophies
- 1
- Location
- Stuck in the PowerPC
- Website
- heyquark.com
- XP
- 3,914
- Country
I diffed some parts of the browser after the update; and I can say that Nintendo changed one or two lines of mvplayer.rpl code at most. Admittedly there were changes to the JavaScript core that I didn't look at; but they definitely haven't merged in all the latest and greatest patches, that's for sure.
Like it or not, WebKit or an associated library is the best option here. I searched around pretty thoroughly before settling on Crunchyroll; and can say the best other possible method I've found is to do with the Miiverse headshots under Sm4sh. Not exactly convenient hacking. (cc: @jam1garner? Pretty sure that's where the PNGs fit in)
The RenderArena one? I gave it a go, and couldn't get more than a null deref. If you can get user-controlled data into it I'll love you forever.
- Joined
- Apr 19, 2015
- Messages
- 1,023
- Trophies
- 1
- Location
- Stuck in the PowerPC
- Website
- heyquark.com
- XP
- 3,914
- Country
The bug may still be there, but in order to make it work you'd need to re-implement it from scratch.
Nah there is no PNGs, just JPGs and album data. I haven't looked into it too much but you could potentially exploit the album data read.
Thanks for the tutorial, iAqua, and thanks for the explanation Quarktheawesome!
Sent from my SM-T580 using Tapatalk
Sent from my SM-T580 using Tapatalk
I used nnu patcher to download crunchy roll. I already had it installed with a fake ticket. deleting the game, deleted the fake ticket. I guess it sometimes does that, 'cause another game I deleted - the fake ticket remained in the slc. I'm still on 5.5.1, but I wanted to be prepared if I ever update. I've already deleted the update folder and am blocking updates through my laptop. I may rectify that some day, but at present, there's no reason to update. anyway, I wanted to grab the app before Nintendo removes it (if they ever do) due to exploits. 
Oh ok, that's great. I guess Nintendo didn't want to spent time and resources for patching all the weak code. Lol. That's good news for us though.
This browser seems extremely limited.
Is there any difference at all between running some tests in the message box vs running them in the fullscreen browser? I wouldn't think there would be and so far in all my testing, they have behaved identically both ways. I ask because it's much faster for me to test in the message box since I can back out of it, remap to a different file and try again. Instead of going into full screen browser and being forced to restart the crunchyroll application after each test.
Last edited by dojafoja,
Actually, you can load an external webpage by mapping a local webpage with links. For me, it works just with some websites, as Crunchyroll and Google (the search mechanism doesn't work).
Last edited by Corredor,
- Joined
- Apr 19, 2015
- Messages
- 1,023
- Trophies
- 1
- Location
- Stuck in the PowerPC
- Website
- heyquark.com
- XP
- 3,914
- Country
You can load one external page, but from there no further external content will load (links, stuff requested by scripts, embeds etc.) This pretty heavily limits what you can do, so you're better off just injecting things into Crunchyroll.com rather than trying to redirect out of there.
Similar threads
