Homebrew Idea for Wii U 5.5.2 exploit?

[C0mm4nd_]

Are you sure they only patched a single bug? If that were the case, why didn't we see loads of guides/sites on the Temp advertising they work with a new browser exploit?

Yes, I AM sure, and you didn't see it because they aren't exploited, there are just a lot of bugs, exploits are coming.

 

[Deleted User]

vWii leaves Wii U menu completely, meaning there's no use for remote code execution.
Unless you'll fool Wii U menu redirect app to load into .mp4 exploit then execute HBL, straight on-boot.

 

[OrGoN3]

Yes, I AM sure, and you didn't see it because they aren't exploited, there are just a lot of bugs, exploits are coming.

Cool beans. Thanks for the info, friend!

--------------------- MERGED ---------------------------

vWii leaves Wii U menu completely, meaning there's no use for remote code execution.
Unless you'll fool Wii U menu redirect app to load into .mp4 exploit then execute HBL, straight on-boot.

Assuming you can find a new .mp4 exploit that wasn't patched. Evidently they are working on that part. Still, you'd have to reload the OS while retaining control of a system that is locked out. So unless you can buffer overflow from the lockout and get out of the jail, you're SOL.

 

[fenix530]

Has no one checked if pegasus works?

Pegasus Exploit? I can Checked! But Where find info to this? ... sorry for my english!! and I have DKTF, I can Help?

 

[iAqua]

Pegasus Exploit? I can Checked! But Where find info to this? ... sorry for my english!! and I have DKTF, I can Help?

watch this and educate yourself about CVE-2016-4657

 

[The Real Jdbye]

Has no one checked if pegasus works?

I would guess probably not, because there's a lot of platform specific code in it. It was originally tested on Switch by removing all the platform specific code beforehand.
I think it has a decent chance of working but it all depends on which WebKit version the Wii U is using. I'm sure it's pretty old, but it might be too old for Pegasus to work, since bugs are often introduced in a specific version and then later fixed.
I don't know if anyone knows what WebKit version the Wii U is using or what versions Pegasus supports, but by knowing both of those it would be easy to tell if it's likely to work or not.

 

[iAqua]

I would guess probably not, because there's a lot of platform specific code in it. It was originally tested on Switch by removing all the platform specific code beforehand.
I think it has a decent chance of working but it all depends on which WebKit version the Wii U is using. I'm sure it's pretty old, but it might be too old for Pegasus to work, since bugs are often introduced in a specific version and then later fixed.
I don't know if anyone knows what WebKit version the Wii U is using or what versions Pegasus supports, but by knowing both of those it would be easy to tell if it's likely to work or not.

wii u uses webkit 536.30 and switch uses 601.6

 

[The Real Jdbye]

wii u uses webkit 536.30 and switch uses 601.6

As Pegasus was aimed specifically at iOS there doesn't seem to be any mentions of which specific WebKit versions it works with. But as every single iOS version before 9.3.5 seem to be vulnerable, it looks like a wide range of WebKit versions are vulnerable.

 

[iAqua]

As Pegasus was aimed specifically at iOS there doesn't seem to be any mentions of which specific WebKit versions it works with. But as every single iOS version before 9.3.5 seem to be vulnerable, it looks like a wide range of WebKit versions are vulnerable.

601.6 (vulnerable) > 536.30 (probably vulnerable due to being older)

 

[TylerZM]

No. not everything can be an exploit.

The issue here though is, vWii runs in a virtual container. It doesn't have access to the Wii U features, and even has less RAM available. You'd have to hack it, then keep the hack persistent after leaving vWii with new abilities to circumvent WiiU security.

I already said that the vWii would not work

 

[Doctor_U]

DKCTF should work, i'll probably figure something out for it tomorrow.

Any results? worked?

 

[iAqua]

Any results? worked?

it calls osfatal correctly!

 

[Doctor_U]

How exactly Wiiu browser exploit works?

 

[C0mm4nd_]

How exactly Wiiu browser exploit works?

It causes an Integer Overflow to execute a ROP Chain

 

[tunip3]

Wii U games can be an exploit? if a VC DS can be,why not GBA,SNES or even wiiu games be a exploit?

ds vc requires system acsess to actually install and save game exploits require code execution to install the only games that could be exploited would be ones where you can import files from the sd card (sm4sh), games where you can share stuff online (such as mario maker) or maybe a corrupted mii as miis can be installed via qr

--------------------- MERGED ---------------------------

wii u uses webkit 536.30 and switch uses 601.6

but the mp4 exploit does not exploit the webkit but it is a stagefright exploit that uses the mp4 player

 

[soterman]

Using the QR mii could execute code? Or saving a mi on the Sd card

 

[Doctor_U]

Using the QR mii could execute code? Or saving a mi on the Sd card

Probably Wiiu goin say the Mii is corrupted

 

[fenix530]

it calls osfatal correctly!

with this function(OsFatal()), we have a entry? We can execute a HC? I am systems engiener, but never programmed in wii u... again, sorry for my english

 

[Deleted User]

with this function(OsFatal()), we have a entry? We can execute a HC? I am systems engiener, but never programmed in wii u... again, sorry for my english

OSFatal() just freezes/crashes your Wii U

 

[fenix530]

OSFatal () acaba de bloquear / bloquea tu Wii U [/ QUOTE] [QUOTE = "Felek666, post: 7469656, member: 410194"
Then, DKTF exploit doesn't work for execute HC or other app?