Toggle sidebar

Homebrew Has anyone tried using PDF as an exploit?

  • Thread starter Thread starter CXNELP
  • Start date Start date
  • Views Views 4,069
  • Replies Replies 21
  • Likes Likes 1
This is getting a little silly now. Why not a psd or a dwg extension file
 
CXNELP said:
just wondering if it would be possible to create a hidden payload inside a pdf file to access homebrew?
Click to expand...

It's not about hiding a payload, it would be about finding a bug in the PDF parser which could be exploited with a "maliciously" crafted PDF and from there take over the browser process.
 
  • Like
Reactions: TotalInsanity4
OrGoN3 said:
How would you open the pdf file? A Wii U can't read a pdf file.
Click to expand...

In facts, Wii U can read PDF natively. The Manuals of N64 Virtual Console (and maybe others) are just online PDF's.

You can see here a demo where I replaced the PDF file path by a MP4 payload in Ocarina Of Time N64 VC on Wii U. But this was made on an already hacked console (to modify the path of the file).

 
Ne2buntu said:
In facts, Wii U can read PDF natively. The Manuals of N64 Virtual Console (and maybe others) are just online PDF's.

You can see here a demo where I replaced the PDF file path by a MP4 payload in Ocarina Of Time N64 VC on Wii U. But this was made on an already hacked console (to modify the path of the file).

Click to expand...


Yeah but really that's pretty much just the old exploit but using pdf to access it instead of the gate
 
I could be wrong here, but:

Wasn't there a way (on PS3) years ago to intercept a pkg from Sony, to your laptop, replace it with your own, and send your file disguised as sonys to the PS3?

This is pretty useless exploitwise until it can link to something useful, but it wouldn't require a hacked console to start it.
 
KiiWii said:
I could be wrong here, but:

Wasn't there a way (on PS3) years ago to intercept a pkg from Sony, to your laptop, replace it with your own, and send your file disguised as sonys to the PS3?

This is pretty useless exploitwise until it can link to something useful, but it wouldn't require a hacked console to start it.
Click to expand...

Yep, it was just done by using a proxy. M8b it can be used here, no idea (I got no free time this days....). If i find some free time these days, I will try to see this possibility
 
Last edited by Ne2buntu,
  • Like
Reactions: KiiWii
KiiWii said:
I could be wrong here, but:

Wasn't there a way (on PS3) years ago to intercept a pkg from Sony, to your laptop, replace it with your own, and send your file disguised as sonys to the PS3?

This is pretty useless exploitwise until it can link to something useful, but it wouldn't require a hacked console to start it.
Click to expand...

I believe you are talking about the backup exploit where you insert a pkg file into your backup then restore it through the backup utility, though the wii u does not have anything like that. Also installing wii u roms is impossible without CFW and even if you managed to install a modified version of a game I'm pretty sure you'd need CFW to actually run it.

--------------------- MERGED ---------------------------

Ne2buntu said:
Yep, it was just done by using a proxy. M8b it can be used here, no idea (I got no free time this days....). If i find some free time these days, I will try to see this possibility
Click to expand...
Huh, I guess I didnt know about this one lol, can I have a link?
 
Wii U browser is able to load .pdf files. That's how Nintendo loads instructions books in VC games.
But, can you exploit using .pdf? I heard there was one exploit for it that malwared your PC but that's all
 
Ne2buntu said:
In facts, Wii U can read PDF natively. The Manuals of N64 Virtual Console (and maybe others) are just online PDF's.

You can see here a demo where I replaced the PDF file path by a MP4 payload in Ocarina Of Time N64 VC on Wii U. But this was made on an already hacked console (to modify the path of the file).

Click to expand...

Doh. Wii U prior to 4.0.0 cannot natively read PDF. :( I suck.

If the in-game manuals simply point to online PDFs, can't you simply run that through a proxy, intercept, and return the mp4 package instead of the pdf package?
 
OrGoN3 said:
Doh. Wii U prior to 4.0.0 cannot natively read PDF. :( I suck.

If the in-game manuals simply point to online PDFs, can't you simply run that through a proxy, intercept, and return the mp4 package instead of the pdf package?
Click to expand...
Probably not, plus if it's using the browser that's patched anyway. Now to screw up a PDF....
 
  • Like
Reactions: KiiWii
Hey guys, take this with a grain of salt, but apparently footage has appeared of a new exploit within the Internet Browser on 5.5.2.

https://twitter.com/shixhax/status/891013292407304192

Now, of course, just like the last one it could be fake. However, there's something interesting I notice. If you look at the screen that pops up before the exploit is supposedly triggered, you can see what looks like a PDF file screen.

I say that because there's no buffering whatsoever, and I can't seem to find the video playback numbers at all.

Again, skepticism is required, but I just wanted to point all of this out.

EDIT: Seems like the twitter account was just made today. Take this with even more of a grain of salt.
 
Last edited by epicmartin7,
  • Like
Reactions: OrdinaryFefan-
epicmartin7 said:
Hey guys, take this with a grain of salt, but apparently footage has appeared of a new exploit within the Internet Browser on 5.5.2.

https://twitter.com/shixhax/status/891013292407304192

Now, of course, just like the last one it could be fake. However, there's something interesting I notice. If you look at the screen that pops up before the exploit is supposedly triggered, you can see what looks like a PDF file screen.

I say that because there's no buffering whatsoever, and I can't seem to find the video playback numbers at all.

Again, skepticism is required, but I just wanted to point all of this out.

EDIT: Seems like the twitter account was just made today. Take this with even more of a grain of salt.
Click to expand...
It could be fake. As far as I know there is no such thing as homebrew launcher beta 5.5.2. That seems suspicious to me
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew Project  Modernized YouTube for Wii U

[discussion] what game do you wanna see next?

[discussion] Paper Mario Wii U or Mario Kart 64 wii u?

Wii Games Performance on Wii U (vWii C2W Overclock) – Community Testing & Results Sharing

[PRERELEASE] Sonic 3 A.I.R. (finally) Wii U

Can the Wii u pro controller works for Wii games ?

Homebrew Misc  Wii U Homebrew — accessing certain apps causes 160-0103 error, uncertain if Homebrew attempt is responsible

Sonic Advance 2 Wii U (another release, this time it's playable)