Hacking Wii U Hacking & Homebrew Discussion

[FaTaL_ErRoR]

Alright, here's a video sniffing hex through wired ad hoc. (wii u to pc) Connecting online. Just hex dump. I'll post more videos when I have time. This is turning out to be a very good source of info. There are ethernet connection debuggers on kali. Maybe I'll post that video next. I really don't have much time to spend on videos but will when I have it. This isn't much but more of a proof of concept. I love kali. Just went to my garage and made up a crossover cable real quick then connected the U to my laptop.
In the video I started hex inject then connected to online multiplayer. My video player started lagging otherwise you would have seen the hex flying real fast and it was real obvious when I connected.
But with other kali programs you can freeze then edit. Also programs to show inbound and outbound. And abiltity to freeze and edit those too.

 

[WulfyStylez]

Alright, here's a video sniffing hex through wired ad hoc. (wii u to pc) Connecting online. Just hex dump. I'll post more videos when I have time. This is turning out to be a very good source of info. There are ethernet connection debuggers on kali. Maybe I'll post that video next. I really don't have much time to spend on videos but will when I have it. This isn't much but more of a proof of concept. I love kali. Just went to my garage and made up a crossover cable real quick then connected the U to my laptop.
In the video I started hex inject then connected to online multiplayer. My video player started lagging otherwise you would have seen the hex flying real fast and it was real obvious when I connected.
But with other kali programs you can freeze then edit. Also programs to show inbound and outbound. And abiltity to freeze and edit those too.

Sniffing network traffic is 100% useless, and spewing hex to your terminal isn't going to help you in any way. C'mon, if you're going to pretend like you're doing some crazy hacks, at least use wireshark or something...

 

[FaTaL_ErRoR]

Sniffing network traffic is 100% useless, and spewing hex to your terminal isn't going to help you in any way. C'mon, if you're going to pretend like you're doing some crazy hacks, at least use wireshark or something...

Can you not read? Never once said I was "doing some crazy hacks". But you obviously know nothing when it comes to anything other than trolling. If you did you would take notice in the hex strings what info is being cast. Hex sniffing is always a good thing to do. And dumping to terminal was just a proof of concept that connecting ad hoc has a ton of potential. Every site has some 18-20 year old troll that knows absolutely nothing but sh1t talks everyone that isn't "wii famous".
And on this site it's Wulfy Stylez. If you have no clue what you are looking then this wasn't posted for you. Wireshark would be useless in this sense. And if you look at the beginning you would see that there is a inject option. But I mean "you are an almighty 1337 haxxor rejected from CL" aren't you? So you must know all things hacked right? With people like you here this site will suffer the same lost users CL did. And fade into the shadows. So please stop trolling.

 

[WulfyStylez]

Can you not read? Never once said I was "doing some crazy hacks". But you obviously know nothing when it comes to anything other than trolling. If you did you would take notice in the hex strings what info is being cast. Hex sniffing is always a good thing to do. And dumping to terminal was just a proof of concept that connecting ad hoc has a ton of potential. Every site has some 18-20 year old troll that knows absolutely nothing but sh1t talks everyone that isn't "wii famous".
And on this site it's Wulfy Stylez. If you have no clue what you are looking then this wasn't posted for you. Wireshark would be useless in this sense. And if you look at the beginning you would see that there is a inject option. But I mean "you are an almighty 1337 haxxor rejected from CL" aren't you? So you must know all things hacked right? With people like you here this site will suffer the same lost users CL did. And fade into the shadows. So please stop trolling.

Sorry to make you mad, jeez. I'm just a bit quick to shoot people down because there's a lot of BS in this thread, and if you don't quickly refute it people tend to get hopeful for nothing. See: that one osfatal screenshot that was posted on MaxConsole. That made everyone go crazy for some reason.

That being said, I could care less about who's 'wii famous'. I don't even know what CL is. I'm just in a position where I see the state of affairs a lot more often than most people. Consequently I like to keep everyone, or at least most people in this thread, properly informed.

Last note, using hexinject still won't help you at all, even injecting data. You can't just inject whatever you want in the middle of an SSL (or otherwise encrypted) stream.

 

[NWPlayer123]

Sorry to make you mad, jeez. I'm just a bit quick to shoot people down because there's a lot of BS in this thread, and if you don't quickly refute it people tend to get hopeful for nothing. See: that one osfatal screenshot that was posted on MaxConsole. That made everyone go crazy for some reason.

That being said, I could care less about who's 'wii famous'. I don't even know what CL is. I'm just in a position where I see the state of affairs a lot more often than most people. Consequently I like to keep everyone, or at least most people in this thread, properly informed.

Last note, using hexinject still won't help you at all, even injecting data. You can't just inject whatever you want in the middle of an SSL (or otherwise encrypted) stream.

You can do a lot of stuff if you know what bugs the system has (EG The Wii U uses OpenSSL, and possibly an older version too, in the same way they use a super old version of Webkit and then patch bugs)

 

[FaTaL_ErRoR]

Sorry to make you mad, jeez. I'm just a bit quick to shoot people down because there's a lot of BS in this thread, and if you don't quickly refute it people tend to get hopeful for nothing. See: that one osfatal screenshot that was posted on MaxConsole. That made everyone go crazy for some reason.

That being said, I could care less about who's 'wii famous'. I don't even know what CL is. I'm just in a position where I see the state of affairs a lot more often than most people. Consequently I like to keep everyone, or at least most people in this thread, properly informed.

Last note, using hexinject still won't help you at all, even injecting data. You can't just inject whatever you want in the middle of an SSL (or otherwise encrypted) stream.

Well, you actually can inject whatever you want. I am not looking for server entry. More looking for inbound traffic back to console. And just one example of running whatever you want read here. http://projects.webappsec.org/w/page/13246949/Null Byte Injection

 

[WulfyStylez]

Well, you actually can inject whatever you want. I am not looking for server entry. More looking for inbound traffic back to console. And just one example of running whatever you want read here. http://projects.webappsec.org/w/page/13246949/Null Byte Injection

I mean, I'll leave you to your research then. Might be a bit impossible black-boxing it like you seem to be right now, though.

 

[Onion_Knight]

I saw Mac addresses and 08 00 (Call to IPv4 in the ethernet header) followed by IPv4 (4(5) normal header size, so 20 bytes) traffic. You might be doing something real cool, but what I saw is what Wulfy saw...normal IPv4 traffic. Yes you can dump the hex with hexinject, but you can do the same thing with tcpdump or tshark or wireshark. Counting 20 bytes showed no connections on port 443 (SSL). The traffic didn't appear unencrypted. You literally said you dumped a game. I'd like to see a video of that...

 

[FaTaL_ErRoR]

I saw Mac addresses and 08 00 (Call to IPv4 in the ethernet header) followed by IPv4 (4(5) normal header size, so 20 bytes) traffic. You might be doing something real cool, but what I saw is what Wulfy saw...normal IPv4 traffic. Yes you can dump the hex with hexinject, but you can do the same thing with tcpdump or tshark or wireshark. Counting 20 bytes showed no connections on port 443 (SSL). The traffic didn't appear unencrypted. You literally said you dumped a game. I'd like to see a video of that...

Never said you use this program to "completely hack the console". This is just a mere demonstration. Wow you people see a video and completely ignore all writting in the post. You know is this opposite day? Did I need to put we completely hacked this console using hexinject? Then maybe you guys stop assuming someone posted a completely hacked console with one single terminal program. I mean hell just go read the description in the video on youtube. The title made it eye catching. (due to the fact more is coming) I really should have videoed the tv screen too. Then you would see what the breaks in the hex were. In another terminal I was injecting, it caused quite a few server disconnects. And caused my console to dump code on screen. This video was nothing more than a proof of concept. (as stated quite a few times already)

@ everyone else: fire up your linux, get out your crossover cables, and start doing something.

 

[Onion_Knight]

Never said you use this program to "completely hack the console". This is just a mere demonstration. Wow you people see a video and completely ignore all writting in the post. You know is this opposite day? Did I need to put we completely hacked this console using hexinject? Then maybe you guys stop assuming someone posted a completely hacked console with one single terminal program. I mean hell just go read the description in the video on youtube. The title made it eye catching. (due to the fact more is coming) I really should have videoed the tv screen too. Then you would see what the breaks in the hex were. In another terminal I was injecting, it caused quite a few server disconnects. And caused my console to dump code on screen. This video was nothing more than a proof of concept. (as stated quite a few times already)

@ everyone else: fire up your linux, get out your crossover cables, and start doing something.

I never said you did that either. However you did say that dumped a game. Injecting code as a man in the middle attack is pretty cool, but anyone sitting in between can do that. You don't even need a crossover cable. Just set your laptop as a AP point, point your Wii U at it and capture and inject. I'm not taking away from what your doing, which is cool, but not quite the same as dumping a game, which is what you said you did.

 

[yahoo]

For clarity, when you said

...we just dumped a game...

, is this video you later posted supposed to be be evidence of that?:

 

[Bug_Checker_]

For clarity, when you said , is this video you later posted supposed to be be evidence of that?:

It can not be the evidence because he said

Sorry to double post, but some serious strides have been made today.
First ever release of homebrewU may be just around the corner. (Yes, TeAm_FaTaL is making claims to have broken the wii u) I hope someone is ready to help writing loader because we just dumped a game with no added hardware.

A crossover cable would be added hardware.

Btw did he ever show up on irc to answer questions?

 

[WulfyStylez]

@ everyone else: fire up your linux, get out your crossover cables, and start doing something.

Ah yes, my favorite pastime. Staring at walls of SSL-encrypted traffic. And not only could you have just done it over an ad-hoc AP, you didn't need to make a crossover cable either. Modern LAN cards automatically handle assigning Tx and Rx pairs regardless of how the cable's wired.

There is a (super minor) probable exploit you'd be able to pull off with your current hardware setup, but even then it won't help you a lot.

 

[filfat]

Marionumber1 How did you guys find the Webkit bug? was it many hours of just trial and error, or where you guys searching BugZilla for useful info? (or the two combined?) I,m wondering because i would like to know which path is best to go

 

[Ninja_Carver]

Alright, here's a video sniffing hex through wired ad hoc. (wii u to pc) Connecting online. Just hex dump. I'll post more videos when I have time. This is turning out to be a very good source of info. There are ethernet connection debuggers on kali. Maybe I'll post that video next. I really don't have much time to spend on videos but will when I have it. This isn't much but more of a proof of concept. I love kali. Just went to my garage and made up a crossover cable real quick then connected the U to my laptop.
In the video I started hex inject then connected to online multiplayer. My video player started lagging otherwise you would have seen the hex flying real fast and it was real obvious when I connected.
But with other kali programs you can freeze then edit. Also programs to show inbound and outbound. And abiltity to freeze and edit those too.

this is the dumbest shit i have ever seen. anyone else who has seen this is now consequently dumber for having seen it. it AMAZES me that you even remotely think you achieved something here, and for the love of god you haven't "dumped" anything even closely resembling a game. and what exactly is this a proof on concept of? that you can build a crossover cable and connect one end to your laptop and the other to the wiiu? cheers bro that's fucking amazing.

 

[NWPlayer123]

Marionumber1 How did you guys find the Webkit bug? was it many hours of just trial and error, or where you guys searching BugZilla for useful info? (or the two combined?) I,m wondering because i would like to know which path is best to go

https://fail0verflow.com/media/30c3-slides/#/25/2

 

[rumblpak]

You aren't going to find more bugs using that method. The new browser build is based off of a may 15, 2014 changelog and there haven't been use after free bugs disclosed since then. (I've already looked into it)

 

[WulfyStylez]

You aren't going to find more bugs using that method. The new browser build is based off of a may 15, 2014 changelog and there haven't been use after free bugs disclosed since then. (I've already looked into it)

Are you sure? 5.1.1 only patched the bugs we were using, they didn't update the browser. Unless you're saying 5.1.2 is different? (I'm pretty sure they didn't even change the browser in 5.1.2 though)

 

[FaTaL_ErRoR]

If a mod would combine these that would be cool or just delete these edited ones.

 

[FaTaL_ErRoR]

Uh, not sure why it triple posted??