Hacking Wii U 5.1.2U JavaScript Browser Crash

Mr. Mysterio

Super Genius
OP
Member
Joined
Sep 16, 2014
Messages
661
Trophies
0
Age
24
Location
Rosalina's Comet Observatory
XP
1,124
Country
United States
This JavaScript code will crash the wii u internet browser on firmware 5.1.2U. This was taken from crashmybrowser.com Navigate here with the wii u browser, then select "Heap death of the blogoverse". I was so looking forward to modding Mario Kart 8 with the original browser exploit, but I carlessly updated my wii u to 5.1.2. :sad: Maybe some of the more expert hackers can turn this JS code into a way of running C code and eventually game hacking!:)

function Test_HeapDeath ()
{
(function () {
'use strict';

var i,
methods = [
'quote', 'substring', 'toLowerCase', 'toUpperCase', 'charAt',
'charCodeAt', 'indexOf', 'lastIndexOf', 'startsWith', 'endsWith',
'trim', 'trimLeft', 'trimRight', 'toLocaleLowerCase',
'toLocaleUpperCase', 'localeCompare', 'match', 'search',
'replace', 'split', 'substr', 'concat', 'slice'
],
methodCount = methods.length,
assignStringGeneric = function (methodName) {
var method = String.prototype[methodName];
String[methodName] = function (arg1) {
return method.apply(arg1, Array.prototype.slice.call(arguments, 1));
};
};

for (i = 0; i < methodCount; i++) {
assignStringGeneric(methods);
}
}());
x = '0123456789';
for ( i = 0; i < 22; i++ ) { x = x.slice(0) + String.charCodeAt(Math.floor(Math.random() * 256)) + x.slice(0) + String.charCodeAt(Math.floor(Math.random() * 256)); }
setInterval(_HeapDeath, 5);
}

function _HeapDeath ()
{
x = [x.slice(0) + String.charCodeAt(Math.floor(Math.random() * 256)), x.slice(0) + String.charCodeAt(Math.floor(Math.random() * 256))];
}

Test_HeapDeath();
 

gypsynimrod

Banned!
Banned
Joined
Sep 2, 2014
Messages
368
Trophies
0
Age
35
XP
156
Country
Fiji
Is anyone even actively working towards Wii U hacking? There was a guy who posted a picture, but he refused to record a video or actually show off how it was done leading people to believe it was all fake. Outside of that, has there really been anything?
 

Jackall4BDN

Haunter of Daydreams and Nightmares
Member
Joined
Nov 8, 2013
Messages
780
Trophies
0
Age
30
Location
Within your Mind
XP
704
Country
Gambia, The
Is anyone even actively working towards Wii U hacking? There was a guy who posted a picture, but he refused to record a video or actually show off how it was done leading people to believe it was all fake. Outside of that, has there really been anything?
You didn´t watch the work MrBean35000vr and his pals done in the past months, did you? xD
 

Jackall4BDN

Haunter of Daydreams and Nightmares
Member
Joined
Nov 8, 2013
Messages
780
Trophies
0
Age
30
Location
Within your Mind
XP
704
Country
Gambia, The
You mean the guys who have said multiple times that they have 0 plans of releasing their hacks?
they will release it, just won´t tell people how their code can be used for other things, and other hackers will figure that out by themselves eventually once their mods are out
 
  • Like
Reactions: Ray Lewis

Jackall4BDN

Haunter of Daydreams and Nightmares
Member
Joined
Nov 8, 2013
Messages
780
Trophies
0
Age
30
Location
Within your Mind
XP
704
Country
Gambia, The
They have said numerous times that they have no plans on releasing anything.
You seem quite sure about that, dunno where you got that idea.
They even ask in their streams what to work on next, just for entertainment, or what?
But i don´t wanna start an argument here. No fun behind it and also way to close a thread in minutes
so actually: nope
 

Mr. Mysterio

Super Genius
OP
Member
Joined
Sep 16, 2014
Messages
661
Trophies
0
Age
24
Location
Rosalina's Comet Observatory
XP
1,124
Country
United States
The screen does not go black like the original browser exploit. It just freezes on the current frame. Button pressing does no good. I have to do a hard reboot (unplug or hold power for 5 sec.). How does the original exploit crash the browser? Also, what makes a crash exploitable?
 

FPSRussi4

Well-Known Member
Member
Joined
Dec 1, 2013
Messages
671
Trophies
0
XP
609
Country
Laos
The screen does not go black like the original browser exploit. It just freezes on the current frame. Button pressing does no good. I have to do a hard reboot (unplug or hold power for 5 sec.). How does the original exploit crash the browser? Also, what makes a crash exploitable?

The exploit cannot be handled by the Wii U's security system. You should read the 5.1 browser crash results and compare it with yours.
 

Marionumber1

Well-Known Member
Member
Joined
Nov 7, 2010
Messages
1,234
Trophies
3
XP
4,045
Country
United States
How does the original exploit crash the browser? Also, what makes a crash exploitable?

What makes a crash exploitable is whether it allows us to overwrite arbitrary memory that would give us control of the execution path. The 4.0.0-5.1.0 browser exploit was based off a use-after-free, which allowed us to fill memory that the browser thought was allocated, but in reality was free. Doing this let us point a object's vtable to a Javascript buffer we controlled. A vtable is a list of function addresses used to make virtual method calls in certain objects, so controlling the object's vtable allowed us to make the browser jump to wherever we wanted.
 
  • Like
Reactions: Obveron

Mr. Mysterio

Super Genius
OP
Member
Joined
Sep 16, 2014
Messages
661
Trophies
0
Age
24
Location
Rosalina's Comet Observatory
XP
1,124
Country
United States
I think I understand how the original exploit works now (Thanks Marionumber1 :)). I also understand now that because the crashmybrowser.com code froze the screen instead of turning it black, the entire system crashed and not just the browser. :sad:

Does anybody have any bright ideas? maybe:

Anti-Updating from 5.1.2 to 5.1.0.
Porting the original exploit to 5.1.2. (Maybe the addresses just got scrambled again?)
Maybe this crash will work: http://gbatemp.net/threads/crash-wiiu-via-browser-exploitable.370605/
De-encrypting the usb drive file system. (Possibly comparing the same file from multiple wii u systems to find a common key)

Please forgive my ignorance if some of these suggestions are absolutely impossible. I just want to help other unlucky people with 5.1.2 firmware. Also, please note that I do NOT support piracy and other illegal activities. I just want to make my games a little more interesting and eventually (maybe) write homebrew apps for the Wii U.
 

gypsynimrod

Banned!
Banned
Joined
Sep 2, 2014
Messages
368
Trophies
0
Age
35
XP
156
Country
Fiji
You seem quite sure about that, dunno where you got that idea.
They even ask in their streams what to work on next, just for entertainment, or what?
But i don´t wanna start an argument here. No fun behind it and also way to close a thread in minutes
so actually: nope




"None of this is in any state to be released at present, and it's unlikely that we ever will in the interest of preventing cheaters."



"Currently, this texture hack is not released. We don't have a good, copyright-free way to release it, and right now nobody could use it anyway even if we did."

It's not an argument if one side is stating facts while the other is basking in its own willful unknowing.
 

Mr. Mysterio

Super Genius
OP
Member
Joined
Sep 16, 2014
Messages
661
Trophies
0
Age
24
Location
Rosalina's Comet Observatory
XP
1,124
Country
United States
Even if MrBean35000vr and Chadderz don't release their work, I'm sure that somebody else will figure it out. I have done a little Mario Kart Wii hacking using USB Gecko and I don't think that changing simple values in memory (like Moo Moo Meadows = Hello!) should be too hard once we have a kernel exploit.
 

FusionGamer

Well-Known Member
Member
Joined
Jul 12, 2014
Messages
507
Trophies
0
XP
507
Country
United States
Even if MrBean35000vr and Chadderz don't release their work, I'm sure that somebody else will figure it out. I have done a little Mario Kart Wii hacking using USB Gecko and I don't think that changing simple values in memory (like Moo Moo Meadows = Hello!) should be too hard once we have a kernel exploit.


Plus, other groups will always find a way to dump games and thus their files. Meaning, that with or without Chadderz & Bean, we'll have MK8 mods either way.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • S @ salazarcosplay:
    @Xdqwerty why cant they do so for the switch :sad:
  • A @ anotherthing:
    Online was free on the 3DS as well, and it worked well.
    +1
  • S @ salazarcosplay:
    I can't help but think nintendo switch online is the reason we did not get a gameboy/n64/gamecube
    mini classic edition
    +1
  • Xdqwerty @ Xdqwerty:
    @salazarcosplay, i think it would have been impossible to see anything in a gameboy mini
  • S @ salazarcosplay:
    well I meant that as a figure of speech
  • S @ salazarcosplay:
    they could just rerelease a modern gameboy
  • S @ salazarcosplay:
    like the pocket analogue
  • S @ salazarcosplay:
    but nintendo licensed
  • LeoTCK @ LeoTCK:
    dammit that thread got moved from offtopic to edge, well since that happened
  • Xdqwerty @ Xdqwerty:
    @LeoTCK, atleast it's still avaliable
  • LeoTCK @ LeoTCK:
    yes but it wasn't meant to be a comedy thread
  • LeoTCK @ LeoTCK:
    and edge of the forum is mostly comedy and games
  • LeoTCK @ LeoTCK:
    so I don't get why it got moved at all
  • Xdqwerty @ Xdqwerty:
    @LeoTCK, mods are probably hating you
  • LeoTCK @ LeoTCK:
    on most sites mods hated me, sooner or later, but usually over time I get either banned or the mods get used to me
  • LeoTCK @ LeoTCK:
    sometimes to the point of thanking me for my quick actions etc against spam and other stuff, but yea...its either they come to respect me or outright hate me
    +1
  • BigOnYa @ BigOnYa:
    If it's not game related, it will be moved to the Egde of the forum. Mods have moved a few of my threads also.
  • Xdqwerty @ Xdqwerty:
    @BigOnYa, it was in the off topic chat forum
  • BigOnYa @ BigOnYa:
    Well atleast they didn't delete it completely.
  • LeoTCK @ LeoTCK:
    hmm
  • Xdqwerty @ Xdqwerty:
    uoiea
  • LeoTCK @ LeoTCK:
    huh?
    LeoTCK @ LeoTCK: huh?