1. NexoCube

    OP NexoCube GBAtemp Maniac
    Member

    Joined:
    Nov 3, 2015
    Messages:
    1,222
    Country:
    France
    Hello, i want to know somethings :

    - Did the payload page for the exploits run a .elf or some raw C++ Code ?

    - How does it launch it from a JavaScript page (HTML <script>)

    And also btw, can we run or read code or elf with another way than this ? ...
     
  2. NexoCube

    OP NexoCube GBAtemp Maniac
    Member

    Joined:
    Nov 3, 2015
    Messages:
    1,222
    Country:
    France
    I suppose that nobody knows that here except the creators of it ... (@Marionumber1 etc...)
     
  3. Onion_Knight

    Onion_Knight GBAtemp Advanced Fan
    Member

    Joined:
    Feb 6, 2014
    Messages:
    878
    Country:
    ajd4096 likes this.
  4. Marionumber1

    Marionumber1 GBAtemp Maniac
    Member

    Joined:
    Nov 7, 2010
    Messages:
    1,234
    Country:
    United States
    It uses a vulnerability in the web browser code to force the CPU to jump to our own code (oversimplified explanation), which is often raw compiled C. There are other similar vulnerabilities, but browser ones are simplest.
     
    Subtle Demise and Dark Ronin like this.
  5. NexoCube

    OP NexoCube GBAtemp Maniac
    Member

    Joined:
    Nov 3, 2015
    Messages:
    1,222
    Country:
    France
    Thanks for the help Mr.Obvious ....

    — Posts automatically merged - Please don't double post! —

    I thought i see someone like Hykem or you telling that the 5.5.0 exploit or IOSU exploit others vulnerabilities ?

    Can i see a little bit chunks of code ? ^^ (If it's NO i totally understand secret is secret)
     
  6. Onion_Knight

    Onion_Knight GBAtemp Advanced Fan
    Member

    Joined:
    Feb 6, 2014
    Messages:
    878
    Country:
    DarkFlare69, Azel and ajd4096 like this.
  7. NexoCube

    OP NexoCube GBAtemp Maniac
    Member

    Joined:
    Nov 3, 2015
    Messages:
    1,222
    Country:
    France
  8. urherenow

    urherenow GBAtemp Psycho!
    Member

    Joined:
    Mar 8, 2009
    Messages:
    3,879
    Country:
    United States
    Edit: don't mind me. Confusing myself between 3ds and Wii U progress...
     
    Last edited by urherenow, Jan 9, 2016
  9. NexoCube

    OP NexoCube GBAtemp Maniac
    Member

    Joined:
    Nov 3, 2015
    Messages:
    1,222
    Country:
    France
    You're not alone think me :P A lot of people are confused between these 2 things :)
     
  10. NexoCube

    OP NexoCube GBAtemp Maniac
    Member

    Joined:
    Nov 3, 2015
    Messages:
    1,222
    Country:
    France
    Hey @Marionumber1 ! (Sorry for "spamming" i don't really know others wii u devs gbatemp username)

    What about loading raw compiled C code or elf file from the Notification app ?

    We just have to know where the Notification app store his cache files or something then add our own notification that load these files :P

    Tell me if you don't undesrtand
     
  11. NexoCube

    OP NexoCube GBAtemp Maniac
    Member

    Joined:
    Nov 3, 2015
    Messages:
    1,222
    Country:
    France
     
  12. Marionumber1

    Marionumber1 GBAtemp Maniac
    Member

    Joined:
    Nov 7, 2010
    Messages:
    1,234
    Country:
    United States
    Not sure what you're asking? Is it whether we can modify other apps?

    No, they are private.
     
  13. NexoCube

    OP NexoCube GBAtemp Maniac
    Member

    Joined:
    Nov 3, 2015
    Messages:
    1,222
    Country:
    France
    I was asking for nothing :P

    Just, can you tell me where is the others non-webbrowser vulnerability ? (Or other browser vulnerability) ?

    That isn't used with Hykem's IOSU
     
  14. Marionumber1

    Marionumber1 GBAtemp Maniac
    Member

    Joined:
    Nov 7, 2010
    Messages:
    1,234
    Country:
    United States
    The exploits we have are: 2.0.0-5.1.0 browser (patched), 5.3.2 browser (patched), 5.4.0-5.5.0 browser (private), 2.0.0-5.4.0 kernel (patched), 2.0.0-5.5.0 kernel (private), and two private IOSU exploits in the works for all versions.
     
  15. NexoCube

    OP NexoCube GBAtemp Maniac
    Member

    Joined:
    Nov 3, 2015
    Messages:
    1,222
    Country:
    France
    I asked where are the vulnerabilities :(

    — Posts automatically merged - Please don't double post! —

    And i think that you can relase the kernel exploit because you have two IOSU working exploit.
     
  16. Marionumber1

    Marionumber1 GBAtemp Maniac
    Member

    Joined:
    Nov 7, 2010
    Messages:
    1,234
    Country:
    United States
    I said where they are as specifically as I will. As for the kernel exploit, those may be even rarer than IOSU exploits, since the Cafe OS kernel is much smaller. But we'll be the ones deciding when exploits are released.
     
    TotalInsanity4 and dojafoja like this.
  17. NexoCube

    OP NexoCube GBAtemp Maniac
    Member

    Joined:
    Nov 3, 2015
    Messages:
    1,222
    Country:
    France
    Oh ok. Now last question : how a js script (in the payload) can run C++ Code after. What the script exactly do ? (Please this time a real technical description, as little you want but a technical desc.)
     
  18. NexoCube

    OP NexoCube GBAtemp Maniac
    Member

    Joined:
    Nov 3, 2015
    Messages:
    1,222
    Country:
    France
    Ok, if there's devellopers here :

    I was in devellopement mode with a custom kernel exploit payload then after a few modifications (i mean a lot) it seems to work everything loaded except the frame.html ! There's wasn't any error except in the Network Tab !

    upload_2016-1-10_15-10-23.png

    What FLC Mean ?

    And yeah i use the AIO Kernel exploit !
     
    paulloeduardo likes this.
  19. Marionumber1

    Marionumber1 GBAtemp Maniac
    Member

    Joined:
    Nov 7, 2010
    Messages:
    1,234
    Country:
    United States
    It's exactly what I said already. There is a bug in the Wii U browser's parsing of the page, which the JS exploits to get code running.
     
  20. Scuba156

    Scuba156 GBAtemp Fan
    Member

    Joined:
    Jan 19, 2010
    Messages:
    340
    Country:
    This looks like your trying to use the <5.0 webkit exploits, they will only work on their target version no matter how much editing you do (unless that edit is targeting an existing vulnerability, which would be classed as a rewrite anyway). Same as the AIO Kernel exploit, it will only work on a kernel version is has been targeted for.

    If your looking to exploit the 5.4/5.5 webkit, then just look for information on recent webkit exploits. There has been alot released recently and there is a major one that works on 5.4 and 5.5 *hint hint*
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - exactly, works,