Has anyone tried using PDF as an exploit?

Discussion in 'Wii U - Homebrew' started by CXNELP, Jul 26, 2017.

  1. CXNELP
    OP

    CXNELP Advanced Member

    Newcomer
    57
    8
    Mar 5, 2017
    United States
    just wondering if it would be possible to create a hidden payload inside a pdf file to access homebrew?
     
    Kvnrdrguez likes this.


  2. OrGoN3

    OrGoN3 GBAtemp Advanced Maniac

    Member
    1,843
    399
    Apr 23, 2007
    United States
    How would you open the pdf file? A Wii U can't read a pdf file.
     
  3. CXNELP
    OP

    CXNELP Advanced Member

    Newcomer
    57
    8
    Mar 5, 2017
    United States
    Kvnrdrguez likes this.
  4. yusuo

    yusuo GBAtemp Addict

    Member
    2,551
    900
    Oct 19, 2006
    This is getting a little silly now. Why not a psd or a dwg extension file
     
  5. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    12,107
    5,176
    Mar 17, 2010
    Norway
    Alola
  6. C0mm4nd_

    C0mm4nd_ Aspirant Wii U homebrew dev :P

    Member
    697
    337
    Oct 9, 2016
    Italy
    lol no, finding another bug is easier
     
    TotalInsanity4 likes this.
  7. iCEQB

    iCEQB GBAtemp Advanced Fan

    Member
    682
    447
    Nov 2, 2013
    United States
    It's not about hiding a payload, it would be about finding a bug in the PDF parser which could be exploited with a "maliciously" crafted PDF and from there take over the browser process.
     
    TotalInsanity4 likes this.
  8. Ne2buntu

    Ne2buntu Advanced Member

    Newcomer
    83
    98
    Feb 6, 2016
    France
    In facts, Wii U can read PDF natively. The Manuals of N64 Virtual Console (and maybe others) are just online PDF's.

    You can see here a demo where I replaced the PDF file path by a MP4 payload in Ocarina Of Time N64 VC on Wii U. But this was made on an already hacked console (to modify the path of the file).

     
  9. CXNELP
    OP

    CXNELP Advanced Member

    Newcomer
    57
    8
    Mar 5, 2017
    United States
    Yeah but really that's pretty much just the old exploit but using pdf to access it instead of the gate
     
  10. Ne2buntu

    Ne2buntu Advanced Member

    Newcomer
    83
    98
    Feb 6, 2016
    France
    Yep it is ! This was just to show that PDF's are readable by Wii U.
     
    Last edited by Ne2buntu, Jul 26, 2017
    KiiWii likes this.
  11. KiiWii

    KiiWii GBAtemp Psycho!

    Member
    3,818
    1,339
    Nov 17, 2008
    United Kingdom
    I could be wrong here, but:

    Wasn't there a way (on PS3) years ago to intercept a pkg from Sony, to your laptop, replace it with your own, and send your file disguised as sonys to the PS3?

    This is pretty useless exploitwise until it can link to something useful, but it wouldn't require a hacked console to start it.
     
  12. Ne2buntu

    Ne2buntu Advanced Member

    Newcomer
    83
    98
    Feb 6, 2016
    France
    Yep, it was just done by using a proxy. M8b it can be used here, no idea (I got no free time this days....). If i find some free time these days, I will try to see this possibility
     
    Last edited by Ne2buntu, Jul 26, 2017
    KiiWii likes this.
  13. CXNELP
    OP

    CXNELP Advanced Member

    Newcomer
    57
    8
    Mar 5, 2017
    United States
    I believe you are talking about the backup exploit where you insert a pkg file into your backup then restore it through the backup utility, though the wii u does not have anything like that. Also installing wii u roms is impossible without CFW and even if you managed to install a modified version of a game I'm pretty sure you'd need CFW to actually run it.

    — Posts automatically merged - Please don't double post! —

    Huh, I guess I didnt know about this one lol, can I have a link?
     
  14. KiiWii

    KiiWii GBAtemp Psycho!

    Member
    3,818
    1,339
    Nov 17, 2008
    United Kingdom
    I'm definitely not thinking of that.
     
  15. Felek666

    Felek666 Demonically Uncontrollable

    Member
    3,520
    3,973
    Jan 3, 2017
    Poland
    reddit.com/r/satania/
    Wii U browser is able to load .pdf files. That's how Nintendo loads instructions books in VC games.
    But, can you exploit using .pdf? I heard there was one exploit for it that malwared your PC but that's all
     
  16. OrGoN3

    OrGoN3 GBAtemp Advanced Maniac

    Member
    1,843
    399
    Apr 23, 2007
    United States
    Doh. Wii U prior to 4.0.0 cannot natively read PDF. :( I suck.

    If the in-game manuals simply point to online PDFs, can't you simply run that through a proxy, intercept, and return the mp4 package instead of the pdf package?
     
  17. gudenau

    gudenau Largely ignored

    Member
    3,278
    1,250
    Jul 7, 2010
    United States
    /dev/random
    Probably not, plus if it's using the browser that's patched anyway. Now to screw up a PDF....
     
    KiiWii likes this.
  18. jockep

    jockep GBAtemp Regular

    Member
    166
    58
    Apr 12, 2017
  19. epicmartin7

    epicmartin7 GBAtemp Fan

    Member
    370
    240
    Aug 5, 2015
    United States
    Hey guys, take this with a grain of salt, but apparently footage has appeared of a new exploit within the Internet Browser on 5.5.2.

    https://twitter.com/shixhax/status/891013292407304192

    Now, of course, just like the last one it could be fake. However, there's something interesting I notice. If you look at the screen that pops up before the exploit is supposedly triggered, you can see what looks like a PDF file screen.

    I say that because there's no buffering whatsoever, and I can't seem to find the video playback numbers at all.

    Again, skepticism is required, but I just wanted to point all of this out.

    EDIT: Seems like the twitter account was just made today. Take this with even more of a grain of salt.
     
    Last edited by epicmartin7, Jul 28, 2017
    OrdinaryFefan- likes this.
  20. monkeyman4412

    monkeyman4412 GBAtemp Advanced Fan

    Member
    728
    169
    Jun 16, 2016
    United States
    It could be fake. As far as I know there is no such thing as homebrew launcher beta 5.5.2. That seems suspicious to me