Homebrew Has anyone tried using PDF as an exploit?

FR0ZN

Well-Known Member
Member
Joined
Nov 2, 2013
Messages
1,362
Trophies
1
Age
37
XP
3,818
Country
United States
just wondering if it would be possible to create a hidden payload inside a pdf file to access homebrew?

It's not about hiding a payload, it would be about finding a bug in the PDF parser which could be exploited with a "maliciously" crafted PDF and from there take over the browser process.
 
  • Like
Reactions: TotalInsanity4

Ne2buntu

Well-Known Member
Newcomer
Joined
Feb 6, 2016
Messages
83
Trophies
0
Age
41
XP
300
Country
France
How would you open the pdf file? A Wii U can't read a pdf file.

In facts, Wii U can read PDF natively. The Manuals of N64 Virtual Console (and maybe others) are just online PDF's.

You can see here a demo where I replaced the PDF file path by a MP4 payload in Ocarina Of Time N64 VC on Wii U. But this was made on an already hacked console (to modify the path of the file).

 

CXNELP

Well-Known Member
OP
Newcomer
Joined
Mar 5, 2017
Messages
57
Trophies
0
Age
32
XP
142
Country
United States
In facts, Wii U can read PDF natively. The Manuals of N64 Virtual Console (and maybe others) are just online PDF's.

You can see here a demo where I replaced the PDF file path by a MP4 payload in Ocarina Of Time N64 VC on Wii U. But this was made on an already hacked console (to modify the path of the file).



Yeah but really that's pretty much just the old exploit but using pdf to access it instead of the gate
 

KiiWii

Editorial Team
Editorial Team
Joined
Nov 17, 2008
Messages
16,544
Trophies
3
Website
defaultdnb.github.io
XP
26,786
Country
United Kingdom
I could be wrong here, but:

Wasn't there a way (on PS3) years ago to intercept a pkg from Sony, to your laptop, replace it with your own, and send your file disguised as sonys to the PS3?

This is pretty useless exploitwise until it can link to something useful, but it wouldn't require a hacked console to start it.
 

Ne2buntu

Well-Known Member
Newcomer
Joined
Feb 6, 2016
Messages
83
Trophies
0
Age
41
XP
300
Country
France
I could be wrong here, but:

Wasn't there a way (on PS3) years ago to intercept a pkg from Sony, to your laptop, replace it with your own, and send your file disguised as sonys to the PS3?

This is pretty useless exploitwise until it can link to something useful, but it wouldn't require a hacked console to start it.

Yep, it was just done by using a proxy. M8b it can be used here, no idea (I got no free time this days....). If i find some free time these days, I will try to see this possibility
 
Last edited by Ne2buntu,
  • Like
Reactions: KiiWii

CXNELP

Well-Known Member
OP
Newcomer
Joined
Mar 5, 2017
Messages
57
Trophies
0
Age
32
XP
142
Country
United States
I could be wrong here, but:

Wasn't there a way (on PS3) years ago to intercept a pkg from Sony, to your laptop, replace it with your own, and send your file disguised as sonys to the PS3?

This is pretty useless exploitwise until it can link to something useful, but it wouldn't require a hacked console to start it.

I believe you are talking about the backup exploit where you insert a pkg file into your backup then restore it through the backup utility, though the wii u does not have anything like that. Also installing wii u roms is impossible without CFW and even if you managed to install a modified version of a game I'm pretty sure you'd need CFW to actually run it.

--------------------- MERGED ---------------------------

Yep, it was just done by using a proxy. M8b it can be used here, no idea (I got no free time this days....). If i find some free time these days, I will try to see this possibility
Huh, I guess I didnt know about this one lol, can I have a link?
 
D

Deleted User

Guest
Wii U browser is able to load .pdf files. That's how Nintendo loads instructions books in VC games.
But, can you exploit using .pdf? I heard there was one exploit for it that malwared your PC but that's all
 

OrGoN3

Well-Known Member
Member
Joined
Apr 23, 2007
Messages
3,239
Trophies
1
XP
3,231
Country
United States
In facts, Wii U can read PDF natively. The Manuals of N64 Virtual Console (and maybe others) are just online PDF's.

You can see here a demo where I replaced the PDF file path by a MP4 payload in Ocarina Of Time N64 VC on Wii U. But this was made on an already hacked console (to modify the path of the file).


Doh. Wii U prior to 4.0.0 cannot natively read PDF. :( I suck.

If the in-game manuals simply point to online PDFs, can't you simply run that through a proxy, intercept, and return the mp4 package instead of the pdf package?
 

gudenau

Largely ignored
Member
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,313
Country
United States
Doh. Wii U prior to 4.0.0 cannot natively read PDF. :( I suck.

If the in-game manuals simply point to online PDFs, can't you simply run that through a proxy, intercept, and return the mp4 package instead of the pdf package?
Probably not, plus if it's using the browser that's patched anyway. Now to screw up a PDF....
 
  • Like
Reactions: KiiWii

epicmartin7

Well-Known Member
Member
Joined
Aug 5, 2015
Messages
425
Trophies
0
Age
24
XP
992
Country
United States
Hey guys, take this with a grain of salt, but apparently footage has appeared of a new exploit within the Internet Browser on 5.5.2.

https://twitter.com/shixhax/status/891013292407304192

Now, of course, just like the last one it could be fake. However, there's something interesting I notice. If you look at the screen that pops up before the exploit is supposedly triggered, you can see what looks like a PDF file screen.

I say that because there's no buffering whatsoever, and I can't seem to find the video playback numbers at all.

Again, skepticism is required, but I just wanted to point all of this out.

EDIT: Seems like the twitter account was just made today. Take this with even more of a grain of salt.
 
Last edited by epicmartin7,
  • Like
Reactions: OrdinaryFefan-
D

Deleted User

Guest
Hey guys, take this with a grain of salt, but apparently footage has appeared of a new exploit within the Internet Browser on 5.5.2.

https://twitter.com/shixhax/status/891013292407304192

Now, of course, just like the last one it could be fake. However, there's something interesting I notice. If you look at the screen that pops up before the exploit is supposedly triggered, you can see what looks like a PDF file screen.

I say that because there's no buffering whatsoever, and I can't seem to find the video playback numbers at all.

Again, skepticism is required, but I just wanted to point all of this out.

EDIT: Seems like the twitter account was just made today. Take this with even more of a grain of salt.
It could be fake. As far as I know there is no such thing as homebrew launcher beta 5.5.2. That seems suspicious to me
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: @salazarcosplay, Morning