How did it works exactly ?

Discussion in 'Wii U - Hacking & Backup Loaders' started by NexoCube, Jan 8, 2016.

  1. NexoCube
    OP

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    Hello, i want to know somethings :

    - Did the payload page for the exploits run a .elf or some raw C++ Code ?

    - How does it launch it from a JavaScript page (HTML <script>)

    And also btw, can we run or read code or elf with another way than this ? ...
     
  2. NexoCube
    OP

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    I suppose that nobody knows that here except the creators of it ... (@Marionumber1 etc...)
     
  3. Onion_Knight

    Onion_Knight GBAtemp Advanced Fan

    Member
    878
    832
    Feb 6, 2014
    ajd4096 likes this.
  4. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States
    It uses a vulnerability in the web browser code to force the CPU to jump to our own code (oversimplified explanation), which is often raw compiled C. There are other similar vulnerabilities, but browser ones are simplest.
     
    Subtle Demise and Dark Ronin like this.
  5. NexoCube
    OP

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    Thanks for the help Mr.Obvious ....

    — Posts automatically merged - Please don't double post! —

    I thought i see someone like Hykem or you telling that the 5.5.0 exploit or IOSU exploit others vulnerabilities ?

    Can i see a little bit chunks of code ? ^^ (If it's NO i totally understand secret is secret)
     
  6. Onion_Knight

    Onion_Knight GBAtemp Advanced Fan

    Member
    878
    832
    Feb 6, 2014
    DarkFlare69, Azel and ajd4096 like this.
  7. NexoCube
    OP

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
  8. urherenow

    urherenow GBAtemp Addict

    Member
    2,917
    847
    Mar 8, 2009
    United States
    Japan
    Edit: don't mind me. Confusing myself between 3ds and Wii U progress...
     
    Last edited by urherenow, Jan 9, 2016
  9. NexoCube
    OP

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    You're not alone think me :P A lot of people are confused between these 2 things :)
     
  10. NexoCube
    OP

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    Hey @Marionumber1 ! (Sorry for "spamming" i don't really know others wii u devs gbatemp username)

    What about loading raw compiled C code or elf file from the Notification app ?

    We just have to know where the Notification app store his cache files or something then add our own notification that load these files :P

    Tell me if you don't undesrtand
     
  11. NexoCube
    OP

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
     
  12. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States
    Not sure what you're asking? Is it whether we can modify other apps?

    No, they are private.
     
  13. NexoCube
    OP

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    I was asking for nothing :P

    Just, can you tell me where is the others non-webbrowser vulnerability ? (Or other browser vulnerability) ?

    That isn't used with Hykem's IOSU
     
  14. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States
    The exploits we have are: 2.0.0-5.1.0 browser (patched), 5.3.2 browser (patched), 5.4.0-5.5.0 browser (private), 2.0.0-5.4.0 kernel (patched), 2.0.0-5.5.0 kernel (private), and two private IOSU exploits in the works for all versions.
     
  15. NexoCube
    OP

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    I asked where are the vulnerabilities :(

    — Posts automatically merged - Please don't double post! —

    And i think that you can relase the kernel exploit because you have two IOSU working exploit.
     
  16. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States
    I said where they are as specifically as I will. As for the kernel exploit, those may be even rarer than IOSU exploits, since the Cafe OS kernel is much smaller. But we'll be the ones deciding when exploits are released.
     
    TotalInsanity4 and dojafoja like this.
  17. NexoCube
    OP

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    Oh ok. Now last question : how a js script (in the payload) can run C++ Code after. What the script exactly do ? (Please this time a real technical description, as little you want but a technical desc.)
     
  18. NexoCube
    OP

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    Ok, if there's devellopers here :

    I was in devellopement mode with a custom kernel exploit payload then after a few modifications (i mean a lot) it seems to work everything loaded except the frame.html ! There's wasn't any error except in the Network Tab !

    upload_2016-1-10_15-10-23.png

    What FLC Mean ?

    And yeah i use the AIO Kernel exploit !
     
    paulloeduardo likes this.
  19. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States
    It's exactly what I said already. There is a bug in the Wii U browser's parsing of the page, which the JS exploits to get code running.
     
  20. Scuba156

    Scuba156 GBAtemp Fan

    Member
    340
    131
    Jan 19, 2010
    This looks like your trying to use the <5.0 webkit exploits, they will only work on their target version no matter how much editing you do (unless that edit is targeting an existing vulnerability, which would be classed as a rewrite anyway). Same as the AIO Kernel exploit, it will only work on a kernel version is has been targeted for.

    If your looking to exploit the 5.4/5.5 webkit, then just look for information on recent webkit exploits. There has been alot released recently and there is a major one that works on 5.4 and 5.5 *hint hint*