Hacking 5.4.0/5.5.0 MP4 Exploit

Status
Not open for further replies.

Mathew_Wi

bye
OP
Member
Joined
Sep 29, 2009
Messages
233
Trophies
0
XP
1,111
Country
Since it was patched, there's no point in keeping this anymore. R.I.P StageFright.

- Info -
With this you can build (and in theory, run) homebrew for Wii U version 5.4.0 and 5.5.0. It is incredibly bad, and likely won't run any code for you whatsoever. Sounds good right? Yeah? Right on!

- For Developers -
We have been incredibly lazy about fixing this. However, I have a hint for you. Use the code spray code from previous HTML exploits, and embed the MP4 exploit to run code that way.

In template540 and template550, at offset 0x79 to 0x7C contains the value that is in r30 when it crashes, which is an address to a point in the ROP buffer. Essentially leave the rest of the MP4 file unchanged if you plan on doing it via HTML/JS. If you want to use another ROP gadget, then the address that is spammed at the end of the file is the gadget that we initially jump to.

- Download -
http://puu.sh/mt6LQ/45a4ab7ae8.zip (Only builds 5.5.0 payloads, edit generate_mp4.py to generate 5.4.0 payloads.)

- Credits -
zhuowei - Pointing out the bug to Marionumber1 and I.
Marionumber1 - All the fantastic ROP chain work. Plus all around masterful work. Wouldn't have been possible without him.
Mathew_Wi - Shitty initial exploitation/debugging/5.5.0 ROP Gadgets
MrRean - Helping in a way I can't quite remember.
NWPlayer123 - Something!
Hykem - I think he did something too, I can't remember, sue me.
Original Crew - comex, Relys, TheKit, and of course Mr. Chadderz himself.

- Special Thanks -
NWPlayer123 for convincing Marionumber1 to allow me to participate in the group. <3

If I forgot you, feel free to verbally abuse me on IRC or Skype.
 
Last edited by Mathew_Wi,

JohnathanMonkey

Well-Known Member
Member
Joined
Apr 26, 2013
Messages
633
Trophies
1
Age
36
XP
744
Country
United States
Since it was patched, there's no point in keeping this anymore. R.I.P StageFright.

- Info -
With this you can build (and in theory, run) homebrew for Wii U version 5.4.0 and 5.5.0. It is incredibly bad, and likely won't run any code for you whatsoever. Sounds good right? Yeah? Right on!

- For Developers -
We have been incredibly lazy about fixing this. However, I have a hint for you. Use the code spray code from previous HTML exploits, and embed the MP4 exploit to run code that way.

In template540 and template550, at offset 0x79 to 0x7C contains the value that is in r30 when it crashes, which is an address to a point in the ROP buffer. Essentially leave the rest of the MP4 file unchanged if you plan on doing it via HTML/JS. If you want to use another ROP gadget, then the address that is spammed at the end of the file is the gadget that we initially jump to.

- Download -
http://puu.sh/mt27J/b994df006e.zip

- Credits -
zhuowei - Pointing out the bug to Marionumber1 and I.
Marionumber1 - All the fantastic ROP chain work. Plus all around masterful work. Wouldn't have been possible without him.
Mathew_Wi - Shitty initial exploitation/debugging/5.5.0 ROP Gadgets
MrRean - Helping in a way I can't quite remember.
NWPlayer123 - Something!
Hykem - I think he did something too, I can't remember, sue me.
Original Crew - comex, Relys, TheKit, and of course Mr. Chadderz himself.

- Special Thanks -
NWPlayer123 for convincing Marionumber1 to allow me to participate in the group. <3

If I forgot you, feel free to verbally abuse me on IRC or Skype.
lol.jk nice touch
 
  • Like
Reactions: MAXLEMPIRA

Droyd

Well-Known Member
Member
Joined
Jan 3, 2016
Messages
159
Trophies
0
Age
103
XP
170
Country
Antarctica
So will 5.5.0 users be able to install homebrew channel without using any game for the exploit to run ?
 

shaneod

Well-Known Member
Member
Joined
Mar 3, 2011
Messages
348
Trophies
0
XP
427
Country
So will 5.5.0 users be able to install homebrew channel without using any game for the exploit to run ?
5.5.0 users can't do much with this alone. 5.4.0 users will be able to do the same as 5.3.2 users basically, but 5.5.0 users won't be able to until an IOSU or kernel exploit is released
 

JohnathanMonkey

Well-Known Member
Member
Joined
Apr 26, 2013
Messages
633
Trophies
1
Age
36
XP
744
Country
United States
Could loadiine 5 come of this? Sorry if it's a stupid question and feel free to bash away! I'm a big boy and can handle it ;)
 

Droyd

Well-Known Member
Member
Joined
Jan 3, 2016
Messages
159
Trophies
0
Age
103
XP
170
Country
Antarctica
5.5.0 users can't do much with this alone. 5.4.0 users will be able to do the same as 5.3.2 users basically, but 5.5.0 users won't be able to until an IOSU or kernel exploit is released
Aww, I was hoping to get a homebrew channel since I can't get the games needed for triggeing the exploit, but great reveal for 5.4 users, enjoy.
 
Status
Not open for further replies.

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: uoiea