Hacking What are the differences between exploits?

[Bryan Vázquez]

What I mean by this, is what are the differences between (for example) userland exploit and a kernel exploit?
What limits are to them?

thanks!

 

[Marionumber1]

A userspace exploit is the first step to doing anything. It provides initial code execution, but under the restrictions of Cafe OS and IOSU. You can actually do quite a bit in userspace, like using Nintendo's libraries to write apps. Relys demonstrated this with his Pong demo. But userspace limits your control to your app's own code: it can't change its memory mappings, access other processes, or get full access to the CPU and hardware. A (Cafe OS) kernel exploit is needed to allow all those things.

 

[capito27]

A userspace exploit is the first step to doing anything. It provides initial code execution, but under the restrictions of Cafe OS and IOSU. You can actually do quite a bit in userspace, like using Nintendo's libraries to write apps. Relys demonstrated this with his Pong demo. But userspace limits your control to your app's own code: it can't change its memory mappings, access other processes, or get full access to the CPU and hardware. A (Cafe OS) kernel exploit is needed to allow all those things.

Would you mind also adding what an ISOU would achieve, concretely ?

 

[Marionumber1]

Would you mind also adding what an ISOU would achieve, concretely ?

Direct access to storage, network, USB, and DRH hardware (not that useful), defeating restrictions on storage access for apps, replacing FS or disc calls to access another source (emuNAND and backup loading, respectively), getting most Starbuck keys, using the Trinux loader, and probably more stuff I forgot.

 

[Bryan Vázquez]

Okay! So, is there a guarantee of a kernel exploit if one has control of userspace?

 

[loco365]

Okay! So, is there a guarantee of a kernel exploit if one has control of userspace?

It's possible, but it really depends. Userland is usually sandboxed, however, it's been proven again and again that it is possible to break out of imposed sandboxes. Picture it like this:

You're in a park, sitting in a literal sandbox, however, there's plexiglas around it. You want to leave, but you can't break the glass, or climb the slippery surface, making escape seemingly impossible. However, from time to time, sandboxes have holes in them that people can pry open. In this example, you have a shovel, and you start digging a hole to escape the sandbox by digging underneath the glass to escape. When leaks in a sandbox occur, it's like having the shovel in this area. As long as there isn't something to stop you outright, it's usually possible to escape the sandbox limitation and gain full access to the system.

 

[NWPlayer123]

Okay! So, is there a guarantee of a kernel exploit if one has control of userspace?

As of 5.3.2, yes. We have verified that our exploit hasn't been patched, it's just a matter of being able to use it (with the initial Webkit exploit). Until they patch it (which is doubtful considering how long it's been that people have been exploiting it), we're in the clear.

 

[Bryan Vázquez]

Alright! Thanks for the replies. I know the exploit will work on 5.3.2, I just wanted to actually understand what most people are talking about.