Hacking CVE-2016-4657 walk-through and intro to browser exploitation

  • Thread starter Deleted User
  • Start date
  • Views 30,615
  • Replies 62
  • Likes 3

AecdArmy

Biscuit#0001
Member
Joined
Jan 4, 2016
Messages
505
Trophies
0
Age
21
Location
The Ninty Ninja HQ
Website
mariebot.tech
XP
605
Country
Australia
Yes, it's a proof of concept, but a critical part of the proof is seeing that the length changed, and I'm not reaching that alert. So this makes me curious exactly what his setup was, if he was reliably having success.

Edit: Okay, now if I set up my server with his exact files freshly unzipped from his github master (not just poc1.html but also his index.html which redirects to it), then I am able to get to the end of the PoC reliably.

Same thing when im using it on my domain instead of localhosting it.
 

ehnoah

Well-Known Member
Member
Joined
Oct 9, 2012
Messages
918
Trophies
0
XP
781
Country
Netherlands
New
Well I understood absolute nothing :D But it was informative and I watched it til the End :X

So the exploit give us access to the Memory Range of the Web Browser? Like we can access 100 MB of the RAM? From there we can try go deeper?
 

gluffl

New Member
Newbie
Joined
Jun 10, 2014
Messages
3
Trophies
0
XP
104
Country
really bad, this was published. now it's a matter of hours or a few days, until it's fixed. IT's also really easy for Nintendo to fix it, just updating a few files of the webkit.
 

ehnoah

Well-Known Member
Member
Joined
Oct 9, 2012
Messages
918
Trophies
0
XP
781
Country
Netherlands
I don't own a Switch (yet). Really really bad, the exploit was made public until an useful hack was developed...

Well that is the reason why I think about buy switch now and keep it. But since there is lot of Hardware Protection I doubt we get any useful without wire cables to the board.
 

empulse

New Member
Newbie
Joined
Oct 27, 2008
Messages
3
Trophies
0
XP
185
Country
United States
Think it was released because there is more coming, has advanced further. already have seen 2 diff emulators load -- no gameplay, but they loaded.
 

koffieleut

Well-Known Member
Member
Joined
Jan 22, 2009
Messages
683
Trophies
1
Age
39
Location
probably at home
XP
1,857
Country
Netherlands
I loved the part where he stated that he was just a noob. On that point I thought that I would understand what he was saying about the code.... I understood like 5% of the story :wacko:
 

McHaggis

Fackin' Troller
Member
Joined
Oct 24, 2008
Messages
1,749
Trophies
0
XP
1,466
Country
The Switch notices and recovers from the exception much like the 3DS used to for non-exploitable vulnerabilities, so I'm skeptical as to how useful this is.
 
  • Like
Reactions: peteruk

studio1b

Well-Known Member
Member
Joined
Mar 14, 2009
Messages
146
Trophies
1
Age
43
Location
NEW YORK CITY
XP
444
Country
United States
this is just the start and this is a great tool that will lead to alot of stuff.

right now we are looking for aes key for dfu mode.

but with this we might be able to hit something that gives us the info we need
to everyone that keeps saying a hack will make they devs run away this is not true at all. every console get a hacked and only effects Sales of the console. so more and more people will buy the console. and just beause some one runs backups don't mean they don't buy games
 

yeddish

Active Member
Newcomer
Joined
Feb 2, 2016
Messages
25
Trophies
0
Age
45
XP
146
Country
United States
Does fiddler work with this? And what about the public dns's for browsing?
Fiddler will work. It has many of the same basic features that Burp Suite has. Burp Suite is better, though, IMO. It also has a basic free version that will do what is needed for this hack. I would recommend giving it a look.

EDIT: Also, the public DNS works for me for browsing.
 
Last edited by yeddish,

hitodesu

Well-Known Member
Member
Joined
Mar 10, 2017
Messages
136
Trophies
0
Age
25
XP
259
Country
United States
Fiddler will work. It has many of the same basic features that Burp Suite has. Burp Suite is better, though, IMO. It also has a basic free version that will do what is needed for this hack. I would recommend giving it a look.

EDIT: Also, the public DNS works for me for browsing.
If you went to the CVE page on that with the public DNS, did it do a successful run through?
 

chaoskagami

G̷̘̫̍̈́̊̓̈l̴̙͔̞͠i̵̳͊ţ̸̙͇͒̓c̵̬̪̯̥̳͒͌̚h̵̹̭͛̒̊̽̚
Developer
Joined
Mar 26, 2016
Messages
1,365
Trophies
1
Location
↑↑↓↓←→←→BA
Website
github.com
XP
2,262
Country
United States

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • S @ salazarcosplay:
    @K3Nv2 what was your ps4 situation
  • S @ salazarcosplay:
    did you always have a ps4 you never updated
  • S @ salazarcosplay:
    or were you able to get new ps4 tracking it \
    as soon as the hack was announced
  • S @ salazarcosplay:
    or did you have to find a used one with the lower firm ware that was not updated
  • K3Nv2 @ K3Nv2:
    I got this ps4 at launch and never updated since 9.0
  • K3Nv2 @ K3Nv2:
    You got a good chance of buying a used one and asking the seller how often they used or even ask for a Pic of fw and telling them not to update
  • RedColoredStars @ RedColoredStars:
    Speaking of PLaystation. I see Evilnat put out a beta for PS3 CFW 4.91.2 on the 22nd.
  • K3Nv2 @ K3Nv2:
    Don't really see the point in updating it tbh
  • BigOnYa @ BigOnYa:
    Yea you right, I thought about updating my PS3 CFW to 4.91, but why really, everything plays fine now. I guess for people that have already updated past 4.9 it would be helpful.
  • K3Nv2 @ K3Nv2:
    Idk if online servers are still active that would be my only thought
    +1
  • BigOnYa @ BigOnYa:
    Thats true, personally I don't play it online at all, in fact, I deleted all wifi details on it once I installed CFW, so it won't connect and auto-update itself
  • BigOnYa @ BigOnYa:
    I play most games that are on both PS3/360 strickly on the 360, but PS3 exclusives are really only games I play on the PS3 (You know me, I'm more of a Xbox junkie)
  • K3Nv2 @ K3Nv2:
    Ps3 really has no titles worth going online
  • BigOnYa @ BigOnYa:
    what is nps?
  • Xdqwerty @ Xdqwerty:
    @K3Nv2, what about GTA v onl... O Yea the PS3 versión got discontinued
  • K3Nv2 @ K3Nv2:
    I feel like the world's cheapest pc build can play gtaV
  • K3Nv2 @ K3Nv2:
    In modern standards
  • Xdqwerty @ Xdqwerty:
    @K3Nv2, then why mine can't?
  • BigOnYa @ BigOnYa:
    @K3Nv2 What is nps you mentioned?
  • K3Nv2 @ K3Nv2:
    Because your pc has a hamster innit
    +3
  • BakerMan @ BakerMan:
    R.I.P. LittleBigPlanet PS3 servers
  • BakerMan @ BakerMan:
    LBP2 still the goat tho
  • K3Nv2 @ K3Nv2:
    That can be played on ps5 iirc
  • BigOnYa @ BigOnYa:
    I'm surprised any PS3 servers are still up, tbh
  • K3Nv2 @ K3Nv2:
    Alot of manufactures do care about older consoles they just want to whine about piracy
    +2
    K3Nv2 @ K3Nv2: Alot of manufactures do care about older consoles they just want to whine about piracy +2