Hacking Executing Arbitrary Code in Virtual Console

[Flaflo]

SethBling released a Video showing how he has done code execution in the Virtual Console using the game SMW.

Take a look, it could be a possibility for switch code execution.

 

[proflayton123]

This looks fun hopefully it will lead to something, maybe.

 

[lisreal2401]

I mean you couldn't do anything using this without a way to externally load your own data from somewhere - not to mention, even if you could say, add your own save file with code you want to jump to it would still be sandboxed within the emulator. Really neat bug I think.

 

[_v3]

Take a look, it could be a possibility for switch code execution.

No it won't. This is a game running within a closed environment (emulator), unless you can find a way to exploit the emulator itself there is no way you'll be able to exploit the system using this method.

 

[Flaflo]

No it won't. This is a game running within a closed environment (emulator), unless you can find a way to exploit the emulator itself there is no way you'll be able to exploit the system using this method.

That's exactly what I meant. If you find a way out of this environment, switch codexecution maybe possible.

--------------------- MERGED ---------------------------

I mean you couldn't do anything using this without a way to externally load your own data from somewhere - not to mention, even if you could say, add your own save file with code you want to jump to it would still be sandboxed within the emulator. Really neat bug I think.

Sethbling already provides a way to create a corrupted savefile with this method, which creates a hex editor like feature to smw to edit memory. The only thing missing is breaking out of this "sandbox"

 

[osm70]

No it won't. This is a game running within a closed environment (emulator), unless you can find a way to exploit the emulator itself there is no way you'll be able to exploit the system using this method.

Quote from the video (2:28): "This could actually be a way to take control of the emulator and maybe even the Wii U itself."

 

[Conn0r]

"COULD"

Possible? Yes. Probable? Maybe not.
All the code you write for this exploit has to be done 8 (or is it 7??) bytes at a time. Do this enough times and you can get the hex editor. Then still, you need to code the rest by hand.

Assuming someone finds a sandbox escape, it would have to fit into the save files of the game.

I don't think you will get much past sandboxed execution. But I also thought that an IOSU hack would never be released, so I guess anything can happen ???

 

[daxtsu]

It's not without precedent:

https://dougallj.wordpress.com/2016/11/13/exploiting-dolphin-part-1/
https://github.com/FIX94/haxchi
https://bulbapedia.bulbagarden.net/wiki/Arbitrary_code_execution

But that being said, you'd have to go to quite some length to break out of the sandbox, especially when you don't have source code to look at (Dolphin's open source for example, so that makes it much easier to check for possible vulnerabilities).

 

[_v3]

Quote from the video (2:28): "This could actually be a way to take control of the emulator and maybe even the Wii U itself."

That's exactly what I was meant to be. If you find a way out of this environment, switch codexecution maybe possible.
Sethbling already provides a way to create a corrupted savefile with this method, which creates a hex editor like feature to smw to edit memory. The only thing missing is breaking out of this "sandbox"

And again, it'll never be possible, as you pointed out: it's running in a sandbox. It's like trying to exploit a machine running a VM while running an exploit in the VM itself.

 

[Ryccardo]

And again, it'll never be possible, as you pointed out: it's running in a sandbox. It's like trying to exploit a machine running a VM while running an exploit in the VM itself.

Uh, sandbox breakouts are a fact...

...not necessarily in this specific case, of course

 

[szymon170]

"Take a look, it could be a possibility for switch code execution."
Oh my god, it's cringe on another level. This sentence is wrong in so many ways...
Basically the ROM is running in a sandboxed environment, and the space onto which you can write is tiny. Also, it's not permament. I mean that after you restart the emulator, you only keep the jailbreak part, and not the mod (unless you do a save-state). How do you imagine an exploit which would run from a sandboxed ROM on an emulator which is probably also sandboxed (because why would an emulator write stuff to the os), and you are limited to editing RAM of the game?

 

[Flaflo]

And again, it'll never be possible, as you pointed out: it's running in a sandbox. It's like trying to exploit a machine running a VM while running an exploit in the VM itself.

of course there are existing exploits to escape sandboxes, sandboxie is escapable and there are some escapes for vmware known

 

[_v3]

of course there are existing exploits to escape sandboxes, sandboxie is escapable and there are some escapes for vmware known

Not replying anymore after this, because this isn't making sense in any way.
Sandboxie only isolates the process itself allowing the user to run multiple instances of a software which only allows one instance to run at any time. I'm aware or VMware escapes but in this case it just won't happen. The emulator doesn't "talk" to the system like genuine WiiU software does and as such it doesn't have full access to all the WiiU functions.

 

[Ryccardo]

...better known as "userland exploit"

 

[wolf-snake]

Of course, you gotta mention Switch because why not...

 

[Vieela]

I doubt it's possible. It's just not the same thing.

 

[QuarkTheAwesome]

C'mon guys, it's totally viable for Switch ACE! All you have to do is make an exploit for the Wii U SNES emulator, then just wave your hands around a bit and have it work on the Switch!
there isn't even a SNES vc on the Switch yet

As an aside: I'm now gonna skim the VC for obvious sandbox escapes because that's one hell of a potential TAS!

 

[Flaflo]

The thing is, that with his glitch, he can install his smw jailbreak, that has a hex editor, which can edit ram and can execute bytes are written in unused ram

--------------------- MERGED ---------------------------

Not replying anymore after this, because this isn't making sense in any way.
Sandboxie only isolates the process itself allowing the user to run multiple instances of a software which only allows one instance to run at any time. I'm aware or VMware escapes but in this case it just won't happen. The emulator doesn't "talk" to the system like genuine WiiU software does and as such it doesn't have full access to all the WiiU functions.

we'll see

 

[BlastedGuy9905]

SethBling released a Video showing how he has done code execution in the Virtual Console using the game SMW.

Take a look, it could be a possibility for switch code execution.

We either wait for the retro-game-netflix-library thingy to release, or we find an exploit in Shovel Knight maybe? I think that's the only 2D game in which you can actually see the pixels.

 

[Deleted User]

Wii U VC "exploit"

• Switch exploit
• Switch exploit
• Switch exploit

jesus fuck, people are so uneducated on shit nowadays, also wrong forum fam. Go make these type of posts in Switch - Hacking section since that's where 99% of false claims and false promises.