Hacking Wii U Browser Exploit Leaked for v4.10

[opal]

"Finally the secret 'Wii U Browser Exploit' is now out in the wild for everyone to enjoy on their Nintendo Wii U Console, if you lucky enough to still be at v4.10 firmware."

Source: Maxconsole.com

 

[markehmus]

"Finally the secret 'Wii U Browser Exploit' is now out in the wild for everyone to enjoy on their Nintendo Wii U Console, if you lucky enough to still be at v4.10 firmware."

Source: Maxconsole.com

yay , and whats it load ?

nothing ? eh

still need some homebrew IMO , a shame nintendo will get there hands on this now, no ?

 

[crwys]

Assuming this is even true. It doesn't matter for those who upgraded to 5.0 because it has already been confirmed that the browser exploit is still there.

 

[WulfyStylez]

Ah yes, nothing like blowing your zero-days through unfinished leaks.

Seems to be legit though, for what it's worth.

 

[yuyuyup]

I checked maxconsole, sorted by "wii" (which also catches wii u news) and no such story.

edit: I guess it's in their "underground" section.

 

[VashTS]

i've got the files here at work. interesting leak! I'm hoping a 5.0 port comes along soon and something becomes of this!

 

[uyjulian]

Image:

I have not verified it.

To get the archive search the quote on the OP on google.

 

[Deleted User]

Exploit is legitimate, but is very unfinished - /golfclap. There went your only way in.

 

[paulttt]

IKR fucktards.

 

[Goku Junior]

I'm in 5.0.0, but I'll try it and I see what happends...

 

[NWPlayer123]

I'm in 5.0.0, but I'll try it and I see what happends...

No need, we've already done so. Doesn't work. Like we've said many times, the bug is still there (though in future updates it won't be because some idiot decided to leak an unfinished exploit for nintendo to patch), but we have no code execution.

 

[markehmus]

I checked maxconsole, sorted by "wii" (which also catches wii u news) and no such story.

edit: I guess it's in their "underground" section.

here

wow

 

[WulfyStylez]

It's old webkit. Finding another exploit isn't an issue. The real issue would be if nintendo tightened the browser's permissions.

Also what's this about no code execution? This package clearly is able to do ROP stuff. If that's not code execution, I'm not entirely sure what is.

 

[Snailface]

What's interesting is the name on some of the files in the exploit are similar to NWPlayer, who first-replied under GaryOPA's announcement thread on Maxconsole. He didn't sound happy.

I don't think this leak is the end-of-the-world since people can just stay put on the vulnerable firmware, but ticked off devs are never a good thing.

Edit: Speak of the devil.

 

[NWPlayer123]

It's old webkit. Finding another exploit isn't an issue. The real issue would be if nintendo tightened the browser's permissions.

Also what's this about no code execution? This package clearly is able to do ROP stuff. If that's not code execution, I'm not entirely sure what is.

The addresses moved/the code changed, so the ROP chain broke from 4.1.0 to 5.0.0.

 

[Goku Junior]

No need, we've already done so. Doesn't work. Like we've said many times, the bug is still there (though in future updates it won't be because some idiot decided to leak an unfinished exploit for nintendo to patch), but we have no code execution.

Yes I know it won't work but I'm a veru curiosity person, I like to test some things, and I want to see what kind of error code shows up, it is a stupid thing, I know. And yes, I don't know what stupid person did that, but I WON'T UPDATE ANYMORE! I'll stay in 5.0 from now to the end!, I'm not scared about 5.0 because I trust Marionumber1 so I belive him and the others sceners working in this exploit, thanks for all!

EDIT:Code execution... I didn't read that, so it is useless because it can't launch nothing now... right?

 

[markehmus]

No need, we've already done so. Doesn't work. Like we've said many times, the bug is still there (though in future updates it won't be because some idiot decided to leak an unfinished exploit for nintendo to patch), but we have no code execution.

love your 1st and only post on max

 

[Deleted User]

It's old webkit. Finding another exploit isn't an issue. The real issue would be if nintendo tightened the browser's permissions.

As a developer, it isn't fun having your work released unfinished and untested (See PS3 CFW) and having an exploit closed before future fimrwares can take advantage of it. Just look at the exploit itself. The idea is to have a way in so you can document the entire system and find further vulnerabilities. Now 5.0 will be the last hackable firmware you can take advantage of. Even if it's as easy as "Old webkit", I doubt any dev would be willing to put forth the effort after this.

 

[yuyuyup]

here

wow

Read the message I wrote that you responded to

 

[WulfyStylez]

As a developer, it isn't fun having your work released unfinished and untested (See PS3 CFW) and having an exploit closed before future fimrwares can take advantage of it. Just look at the exploit itself. The idea is to have a way in so you can document the entire system and find further vulnerabilities. Now 5.0 will be the last hackable firmware you can take advantage of. Even if it's as easy as "Old webkit", I doubt any dev would be willing to put forth the effort after this.

One leak isn't going to singlehandedly slaughter the scene like you seem to think it will.

Anyways, anyone try this yet? You should just be able to host a local server and browse to index.html. Opens an RPC on 192.168.1.4, but you can change that in socket.h. Should also throw logs somewhere.