Executing Arbitrary Code in Virtual Console

Discussion in 'Wii U - Hacking & Backup Loaders' started by Flaflo, Jun 10, 2017.

  1. Flaflo
    OP

    Flaflo Member

    Newcomer
    26
    10
    Apr 24, 2014
    Gambia, The
    SethBling released a Video showing how he has done code execution in the Virtual Console using the game SMW.

    Take a look, it could be a possibility for switch code execution.

     


  2. proflayton123

    proflayton123 Undeclared Shitposter 2.1

    Member
    5,704
    2,109
    Jan 11, 2016
    Japan
    日本
    This looks fun :) hopefully it will lead to something, maybe.
     
    Flaflo likes this.
  3. lisreal2401

    lisreal2401 GBAtemp Fan

    Member
    469
    191
    Jun 4, 2013
    United States
    I mean you couldn't do anything using this without a way to externally load your own data from somewhere - not to mention, even if you could say, add your own save file with code you want to jump to it would still be sandboxed within the emulator. Really neat bug I think.
     
    Last edited by lisreal2401, Jun 10, 2017
  4. _v3

    _v3 GBAtemp Advanced Fan

    Member
    515
    254
    Oct 12, 2013
    Croatia
    No it won't. This is a game running within a closed environment (emulator), unless you can find a way to exploit the emulator itself there is no way you'll be able to exploit the system using this method.
     
    piratesephiroth likes this.
  5. Flaflo
    OP

    Flaflo Member

    Newcomer
    26
    10
    Apr 24, 2014
    Gambia, The
    That's exactly what I meant. If you find a way out of this environment, switch codexecution maybe possible.

    — Posts automatically merged - Please don't double post! —

    Sethbling already provides a way to create a corrupted savefile with this method, which creates a hex editor like feature to smw to edit memory. The only thing missing is breaking out of this "sandbox"
     
    Last edited by Flaflo, Jun 11, 2017
  6. osm70

    osm70 GBAtemp Advanced Fan

    Member
    954
    394
    Apr 17, 2011
    Czech Republic
    Quote from the video (2:28): "This could actually be a way to take control of the emulator and maybe even the Wii U itself."
     
    Flaflo likes this.
  7. Conn0r

    Conn0r GBAtemp Fan

    Member
    327
    187
    Jan 10, 2016
    United States
    Possible? Yes. Probable? Maybe not.
    All the code you write for this exploit has to be done 8 (or is it 7??) bytes at a time. Do this enough times and you can get the hex editor. Then still, you need to code the rest by hand.

    Assuming someone finds a sandbox escape, it would have to fit into the save files of the game.

    I don't think you will get much past sandboxed execution. But I also thought that an IOSU hack would never be released, so I guess anything can happen ???
     
  8. daxtsu

    daxtsu GBAtemp Guru

    Member
    5,536
    3,925
    Jun 9, 2007
    Antarctica
    CuriousTommy, VinsCool and Flaflo like this.
  9. _v3

    _v3 GBAtemp Advanced Fan

    Member
    515
    254
    Oct 12, 2013
    Croatia
    And again, it'll never be possible, as you pointed out: it's running in a sandbox. It's like trying to exploit a machine running a VM while running an exploit in the VM itself.
     
  10. Ryccardo

    Ryccardo WiiUaboo

    Member
    3,026
    1,457
    Feb 13, 2015
    Italy
    Imola
    Uh, sandbox breakouts are a fact...

    ...not necessarily in this specific case, of course
     
    CuriousTommy and Joel16 like this.
  11. szymon170

    szymon170 Pr0FessiuNal HelPeR wiTh HaxXX

    Member
    367
    108
    Jan 2, 2016
    Poland
    Where I live
    "Take a look, it could be a possibility for switch code execution."
    Oh my god, it's cringe on another level. This sentence is wrong in so many ways...
    Basically the ROM is running in a sandboxed environment, and the space onto which you can write is tiny. Also, it's not permament. I mean that after you restart the emulator, you only keep the jailbreak part, and not the mod (unless you do a save-state). How do you imagine an exploit which would run from a sandboxed ROM on an emulator which is probably also sandboxed (because why would an emulator write stuff to the os), and you are limited to editing RAM of the game?
     
  12. Flaflo
    OP

    Flaflo Member

    Newcomer
    26
    10
    Apr 24, 2014
    Gambia, The
    of course there are existing exploits to escape sandboxes, sandboxie is escapable and there are some escapes for vmware known
     
    CuriousTommy likes this.
  13. _v3

    _v3 GBAtemp Advanced Fan

    Member
    515
    254
    Oct 12, 2013
    Croatia
    Not replying anymore after this, because this isn't making sense in any way.
    Sandboxie only isolates the process itself allowing the user to run multiple instances of a software which only allows one instance to run at any time. I'm aware or VMware escapes but in this case it just won't happen. The emulator doesn't "talk" to the system like genuine WiiU software does and as such it doesn't have full access to all the WiiU functions.
     
  14. Ryccardo

    Ryccardo WiiUaboo

    Member
    3,026
    1,457
    Feb 13, 2015
    Italy
    Imola
    ...better known as "userland exploit"
     
    QuarkTheAwesome likes this.
  15. wolf-snake

    wolf-snake GBAtemp Advanced Fan

    Member
    933
    558
    Feb 5, 2009
    Mexico
    Of course, you gotta mention Switch because why not...
     
  16. Vieela

    Vieela GBATemp's official violin™

    Member
    196
    67
    Jan 18, 2017
    Brazil
    Location: Location: Location:
    I doubt it's possible. It's just not the same thing.
     
  17. QuarkTheAwesome

    QuarkTheAwesome Working for Hugs

    Member
    784
    1,920
    Apr 19, 2015
    Australia
    Stuck in the PowerPC
    C'mon guys, it's totally viable for Switch ACE! All you have to do is make an exploit for the Wii U SNES emulator, then just wave your hands around a bit and have it work on the Switch!
    there isn't even a SNES vc on the Switch yet

    As an aside: I'm now gonna skim the VC for obvious sandbox escapes because that's one hell of a potential TAS!
     
    bennyman123abc, Brawl345 and Felek666 like this.
  18. Flaflo
    OP

    Flaflo Member

    Newcomer
    26
    10
    Apr 24, 2014
    Gambia, The
    The thing is, that with his glitch, he can install his smw jailbreak, that has a hex editor, which can edit ram and can execute bytes are written in unused ram

    — Posts automatically merged - Please don't double post! —

    we'll see
     
  19. BlastedGuy9905

    BlastedGuy9905 Ace Bricker

    Member
    1,158
    683
    Apr 13, 2017
    United States
    Outside your windows ᕙ(◔ᗜ◔)ᕗ
    We either wait for the retro-game-netflix-library thingy to release, or we find an exploit in Shovel Knight maybe? I think that's the only 2D game in which you can actually see the pixels.
     
    Last edited by BlastedGuy9905, Jun 11, 2017
  20. Felek666

    Felek666 Archdemon | #AMDForever

    Member
    3,389
    3,620
    Jan 3, 2017
    Poland
    reddit.com/r/satania/
    Wii U VC "exploit"
    • Switch exploit
    • Switch exploit
    • Switch exploit
    jesus fuck, people are so uneducated on shit nowadays, also wrong forum fam. Go make these type of posts in Switch - Hacking section since that's where 99% of false claims and false promises.
     
    Ryccardo and Brawl345 like this.