Crash WiiU via browser. Exploitable?

Discussion in 'Wii U - Hacking & Backup Loaders' started by ChrisX930, Aug 27, 2014.

Thread Status:
Not open for further replies.
  1. ChrisX930
    OP

    ChrisX930 Banned

    Banned
    788
    317
    Sep 3, 2013
    Gambia, The
    Germany
    Hey Guys,

    today I installed Plex (Media Server) on my PC to stream Movies and Animes on my Wii U.
    All Videos works fine, but one of them crash my Wii U.
    I thought: "Can I replicate this crash?" and "is it exploitable?"
    If I try this video on a other PC, it works, but the Wii U always crash on it.
    I'm not able to get back to the WiiU-Menü again. I have to hardreset my Wii U.

    I uploaded a Video to show you this crash.

    What do you think? Is it exploitable?
    Current Firmware: 5.1.2E
    It works with Firmware: 5.2.0, too!



    After some time, I'll get some glitchy thing on the Wii U Gamepad.
    Glitchy Thing


    Heres a Video that shows you that it works on PC, but it crashes on Wii U
    Warning: Spoilers inside!


    EDIT:
    And yea, if you want to replicate this crash, you should try it with the file I used.
    You can download the Video HERE, (~70kb)
    After you downloaded it, install PLEX on your PC, place the video into the library and open it on your WiiU
     
    FM360, endoverend, filfat and 3 others like this.


  2. gudenau

    gudenau Never a unique idea

    Member
    3,257
    1,224
    Jul 7, 2010
    United States
    /dev/random
    What is the size of the file? What type is it? What is the header?
     
  3. ChrisX930
    OP

    ChrisX930 Banned

    Banned
    788
    317
    Sep 3, 2013
    Gambia, The
    Germany

    Filesize: ~220MB
    Filetype: mkv
    fileheader:
     
    TeamScriptKiddies likes this.
  4. gudenau

    gudenau Never a unique idea

    Member
    3,257
    1,224
    Jul 7, 2010
    United States
    /dev/random
    That should help.
     
    TeamScriptKiddies and ChrisX930 like this.
  5. ChrisX930
    OP

    ChrisX930 Banned

    Banned
    788
    317
    Sep 3, 2013
    Gambia, The
    Germany
    I hope this "crash" could help us to find something like a Exploit.
    I'm surprised that there is no error message, even after restarting the console
     
    TeamScriptKiddies likes this.
  6. Bladexdsl
    This message by Bladexdsl has been removed from public view by BORTZ, Aug 27, 2014, Reason: no.
    Aug 27, 2014
  7. TeamScriptKiddies

    TeamScriptKiddies Licensed Nintendo (indie) Game Developer

    Member
    1,900
    1,317
    Apr 3, 2014
    United States
    Planet Earth :P
    Lets see some code execution w00t! Nice discovery ChrisX930. Marionumber1 Chadderz NWPlayer123 are you seeing this?

    EDIT: It looks like this exception is not being handled in any way shape or form by any aspect of the Wii U's security :). Now that this is out in wild, I don't recommend anyone download the next update whenever Nintendo rolls it out. I betcha they're going to try like hell to stamp this out.
     
    ChrisX930 likes this.
  8. Izen

    Izen GBAtemp Regular

    Member
    180
    85
    Jan 28, 2012
    United States
    Are you trying to tell me that god damned anime is helping to hack the Wii U? This is unacceptable.
     
    c4p0 and Edgarska like this.
  9. ChrisX930
    OP

    ChrisX930 Banned

    Banned
    788
    317
    Sep 3, 2013
    Gambia, The
    Germany
    It's not the anime itself! XD
    It's only the Video. I'm not sure why it crashes :/
    On other videos that wouldn't work on WiiU, I only get a message that the video cannot be played (or something, my wii u isn't in english).
     
  10. TeamScriptKiddies

    TeamScriptKiddies Licensed Nintendo (indie) Game Developer

    Member
    1,900
    1,317
    Apr 3, 2014
    United States
    Planet Earth :P

    LOL its likely something to do with the header info, or perhaps the file size or something else that the Wii U just simply cannot handle. It has nothing to do with it being an anime XD.

    ChrisX930 can you make sure you backup that exact video file in like a dozen places so you don't lose it. More examination is needed to be done to figure out whats happening here (whats causing the crash) and to see how we can proceed with tweaking it for code execution :). Just don't share the actual file itself with others of course, because it would be a copyright violation and would likely be DMCA'd and EUCD'd to death. The end user could always recreate the crash with his/her own video collection once we pinpoint whats causing the crash. It would only require some tweaking once we know whats going on. And that way, we don't have to worry about lawsuits etc lol. We want LEGAL exploits, not illegal haha

    EDIT: What we really need is the experts I tagged above to weigh in on this. I'm sure they would be a lot more helpful putting these puzzle pieces together then myself :P. But nonetheless, I'm willing to lend a hand as much as I can. I want full blown cafeos kernel access too :). If you just found yet another webkit exploit for later firmwares, this brings us a step closer to making that a reality :).
     
    endoverend and ChrisX930 like this.
  11. ChrisX930
    OP

    ChrisX930 Banned

    Banned
    788
    317
    Sep 3, 2013
    Gambia, The
    Germany
    Hahahahaha xD Yea, you're right :D
    I have some copys of the video and I'll not lose it :D
    It would be great if we can get some great things working with it :)
    If you need more information or something, feel free to ask me.
     
    TeamScriptKiddies likes this.
  12. TeamScriptKiddies

    TeamScriptKiddies Licensed Nintendo (indie) Game Developer

    Member
    1,900
    1,317
    Apr 3, 2014
    United States
    Planet Earth :P


    Well for one, whats the (exact) file size of that video? As for plex I'll need to set that up here at home XD. We need to start ruling stuff out.
     
  13. DinohScene

    DinohScene Capture the Dino

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    15,824
    12,271
    Oct 11, 2011
    Antarctica
    В небо
    Wasn't the Wii U's browser already exploited?
     
  14. ChrisX930
    OP

    ChrisX930 Banned

    Banned
    788
    317
    Sep 3, 2013
    Gambia, The
    Germany
    Sure, but Not for firmware 5.1.2(E).
    Filesize: 225525 KByte
     
    TeamScriptKiddies likes this.
  15. TeamScriptKiddies

    TeamScriptKiddies Licensed Nintendo (indie) Game Developer

    Member
    1,900
    1,317
    Apr 3, 2014
    United States
    Planet Earth :P
    hmmmm i'll have to see if i can get plex set up and make a dummy video file of that exact file size to see if i can recreate it. Unfortunately, I'm on 5.0.0U so I'm not sure we'll end up with the same result but its worth a shot.
     
  16. ChrisX930
    OP

    ChrisX930 Banned

    Banned
    788
    317
    Sep 3, 2013
    Gambia, The
    Germany
    I don't think that the Crash caused by the filesize. I'm able to Play Videos with more Kbytes.
    Possibly it's because the Header or the fileformat?
     
  17. TeamScriptKiddies

    TeamScriptKiddies Licensed Nintendo (indie) Game Developer

    Member
    1,900
    1,317
    Apr 3, 2014
    United States
    Planet Earth :P
    could be, have you tried any other videos in the mkv format?
     
  18. ChrisX930
    OP

    ChrisX930 Banned

    Banned
    788
    317
    Sep 3, 2013
    Gambia, The
    Germany
    Yes. Some others worked, some others crashed on the same way
     
  19. TeamScriptKiddies

    TeamScriptKiddies Licensed Nintendo (indie) Game Developer

    Member
    1,900
    1,317
    Apr 3, 2014
    United States
    Planet Earth :P
    hmmmmmmm
     
    OncleJulien likes this.
  20. filfat

    filfat Musician, Developer & Entrepreneur

    Member
    1,229
    858
    Nov 24, 2012
  21. Some1CP

    Some1CP GBAtemp Fan

    Member
    463
    180
    Sep 12, 2009
    United States
    So, is it safe to update now? A new security hole has been found?
     
Thread Status:
Not open for further replies.