5.4.0/5.5.0 MP4 Exploit

Discussion in 'Wii U - Hacking & Backup Loaders' started by Mathew_Wi, Jan 12, 2016.

Thread Status:
Not open for further replies.
  1. Mathew_Wi
    OP

    Mathew_Wi bye

    Member
    233
    790
    Sep 29, 2009
    Since it was patched, there's no point in keeping this anymore. R.I.P StageFright.

    - Info -
    With this you can build (and in theory, run) homebrew for Wii U version 5.4.0 and 5.5.0. It is incredibly bad, and likely won't run any code for you whatsoever. Sounds good right? Yeah? Right on!

    - For Developers -
    We have been incredibly lazy about fixing this. However, I have a hint for you. Use the code spray code from previous HTML exploits, and embed the MP4 exploit to run code that way.

    In template540 and template550, at offset 0x79 to 0x7C contains the value that is in r30 when it crashes, which is an address to a point in the ROP buffer. Essentially leave the rest of the MP4 file unchanged if you plan on doing it via HTML/JS. If you want to use another ROP gadget, then the address that is spammed at the end of the file is the gadget that we initially jump to.

    - Download -
    http://puu.sh/mt6LQ/45a4ab7ae8.zip (Only builds 5.5.0 payloads, edit generate_mp4.py to generate 5.4.0 payloads.)

    - Credits -
    zhuowei - Pointing out the bug to Marionumber1 and I.
    Marionumber1 - All the fantastic ROP chain work. Plus all around masterful work. Wouldn't have been possible without him.
    Mathew_Wi - Shitty initial exploitation/debugging/5.5.0 ROP Gadgets
    MrRean - Helping in a way I can't quite remember.
    NWPlayer123 - Something!
    Hykem - I think he did something too, I can't remember, sue me.
    Original Crew - comex, Relys, TheKit, and of course Mr. Chadderz himself.

    - Special Thanks -
    NWPlayer123 for convincing Marionumber1 to allow me to participate in the group. <3

    If I forgot you, feel free to verbally abuse me on IRC or Skype.
     
    Last edited by Mathew_Wi, Jan 12, 2016
    Benuno, Korin, MiZ J0K3R and 31 others like this.


  2. WiiFoundLove

    WiiFoundLove GBAtemp Regular

    Member
    182
    60
    Jan 18, 2015
    Afghanistan
    YAY! Thanx! :D
     
  3. JohnathanMonkey

    JohnathanMonkey GBAtemp Advanced Fan

    Member
    577
    185
    Apr 26, 2013
    United States
    lol.jk nice touch
     
    MAXLEMPIRA likes this.
  4. OriginalHamster

    OriginalHamster UStealthy

    Member
    3,381
    641
    Nov 2, 2008
    Cote d'Ivoire
    Hykem exploit will make it compatible with 5.5.1, kappa.
     
    paulloeduardo likes this.
  5. Chuardo

    Chuardo GBAtemp Regular

    Member
    292
    178
    Oct 4, 2015
    Uruguay
  6. Droyd

    Droyd GBAtemp Regular

    Member
    159
    91
    Jan 3, 2016
    Macau
    So will 5.5.0 users be able to install homebrew channel without using any game for the exploit to run ?
     
  7. soniczx123

    soniczx123 GBAtemp Advanced Fan

    Member
    572
    162
    Jul 24, 2015
    What power does the End-User have with this?
     
  8. AboodXD

    AboodXD I hack NSMB games, and other shiz.

    Member
    2,654
    1,378
    Oct 11, 2014
    United Arab Emirates
    Not under a rock.
     
  9. kingraa777

    kingraa777 boom!

    Member
    1,040
    265
    Apr 17, 2015
    So what can I do with this ?
     
  10. shaneod

    shaneod GBAtemp Fan

    Member
    346
    252
    Mar 3, 2011
    5.5.0 users can't do much with this alone. 5.4.0 users will be able to do the same as 5.3.2 users basically, but 5.5.0 users won't be able to until an IOSU or kernel exploit is released
     
  11. KiiWii

    KiiWii GBAtemp Psycho!

    Member
    3,677
    1,220
    Nov 17, 2008
    United Kingdom
    This is a great release of information, thank you and all involved.
     
  12. NexoCube

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    it'a fake
     
  13. JohnathanMonkey

    JohnathanMonkey GBAtemp Advanced Fan

    Member
    577
    185
    Apr 26, 2013
    United States
    Could loadiine 5 come of this? Sorry if it's a stupid question and feel free to bash away! I'm a big boy and can handle it ;)
     
  14. Droyd

    Droyd GBAtemp Regular

    Member
    159
    91
    Jan 3, 2016
    Macau
    Aww, I was hoping to get a homebrew channel since I can't get the games needed for triggeing the exploit, but great reveal for 5.4 users, enjoy.
     
  15. Mathew_Wi
    OP

    Mathew_Wi bye

    Member
    233
    790
    Sep 29, 2009
    You could try it. However, chances are you won't be running code until someone else decides to fix it.
     
    ant888 likes this.
  16. oumoumad

    oumoumad GBAtemp Advanced Fan

    Member
    798
    727
    Apr 20, 2015
    France
    So you guys all abondoned this project and no one of you is planning to fix it ?
     
  17. MrKeplerton

    MrKeplerton Member

    Newcomer
    17
    14
    Dec 24, 2015
    but hey, it's someting :D
     
  18. NexoCube

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    Oh my god. If w fix it, we can launch kexploit from a mp4 file :P
     
  19. Mathew_Wi
    OP

    Mathew_Wi bye

    Member
    233
    790
    Sep 29, 2009
    I forgot to replace build.py, I updated the download in the original post.
     
    MAXLEMPIRA likes this.
  20. NexoCube

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    It didn't contain support for 5.5.0 ... If i compile it with the 5.4.0 format will it work in 550 ?
     
    MAXLEMPIRA likes this.
Thread Status:
Not open for further replies.