Hacking How did it works exactly ?

  • Thread starter Thread starter NexoCube
  • Start date Start date
  • Views Views 3,046
  • Replies Replies 19

NexoCube

Well-Known Member
Member
Joined
Nov 3, 2015
Messages
1,222
Reaction score
643
Trophies
0
Age
31
Location
France
XP
1,360
Country
France
Hello, i want to know somethings :

- Did the payload page for the exploits run a .elf or some raw C++ Code ?

- How does it launch it from a JavaScript page (HTML <script>)

And also btw, can we run or read code or elf with another way than this ? ...
 
Hello, i want to know somethings :

- Did the payload page for the exploits run a .elf or some raw C++ Code ?

- How does it launch it from a JavaScript page (HTML <script>)

And also btw, can we run or read code or elf with another way than this ? ...

It uses a vulnerability in the web browser code to force the CPU to jump to our own code (oversimplified explanation), which is often raw compiled C. There are other similar vulnerabilities, but browser ones are simplest.
 
Thanks for the help Mr.Obvious ....

--------------------- MERGED ---------------------------

It uses a vulnerability in the web browser code to force the CPU to jump to our own code (oversimplified explanation), which is often raw compiled C. There are other similar vulnerabilities, but browser ones are simplest.

I thought i see someone like Hykem or you telling that the 5.5.0 exploit or IOSU exploit others vulnerabilities ?

Can i see a little bit chunks of code ? ^^ (If it's NO i totally understand secret is secret)
 
Hey @Marionumber1 ! (Sorry for "spamming" i don't really know others wii u devs gbatemp username)

What about loading raw compiled C code or elf file from the Notification app ?

We just have to know where the Notification app store his cache files or something then add our own notification that load these files :p

Tell me if you don't undesrtand
 
It uses a vulnerability in the web browser code to force the CPU to jump to our own code (oversimplified explanation), which is often raw compiled C. There are other similar vulnerabilities, but browser ones are simplest.

mmhhh, thx for the little explanation.

But

What's the other vulnerabilities ?

If they're unused can you send me one of these ?(Private message or skype : fhtuto.tarik)
 
Hey @Marionumber1 ! (Sorry for "spamming" i don't really know others wii u devs gbatemp username)

What about loading raw compiled C code or elf file from the Notification app ?

We just have to know where the Notification app store his cache files or something then add our own notification that load these files :P

Tell me if you don't undesrtand

Not sure what you're asking? Is it whether we can modify other apps?

Can i see a little bit chunks of code ? ^^ (If it's NO i totally understand secret is secret)

No, they are private.
 
Not sure what you're asking? Is it whether we can modify other apps?



No, they are private.

I was asking for nothing :P

Just, can you tell me where is the others non-webbrowser vulnerability ? (Or other browser vulnerability) ?

That isn't used with Hykem's IOSU
 
I was asking for nothing :P

Just, can you tell me where is the others non-webbrowser vulnerability ? (Or other browser vulnerability) ?

That isn't used with Hykem's IOSU

The exploits we have are: 2.0.0-5.1.0 browser (patched), 5.3.2 browser (patched), 5.4.0-5.5.0 browser (private), 2.0.0-5.4.0 kernel (patched), 2.0.0-5.5.0 kernel (private), and two private IOSU exploits in the works for all versions.
 
The exploits we have are: 2.0.0-5.1.0 browser (patched), 5.3.2 browser (patched), 5.4.0-5.5.0 browser (private), 2.0.0-5.4.0 kernel (patched), 2.0.0-5.5.0 kernel (private), and two private IOSU exploits in the works for all versions.
I asked where are the vulnerabilities :(

--------------------- MERGED ---------------------------

The exploits we have are: 2.0.0-5.1.0 browser (patched), 5.3.2 browser (patched), 5.4.0-5.5.0 browser (private), 2.0.0-5.4.0 kernel (patched), 2.0.0-5.5.0 kernel (private), and two private IOSU exploits in the works for all versions.
And i think that you can relase the kernel exploit because you have two IOSU working exploit.
 
I asked where are the vulnerabilities :(

--------------------- MERGED ---------------------------


And i think that you can relase the kernel exploit because you have two IOSU working exploit.

I said where they are as specifically as I will. As for the kernel exploit, those may be even rarer than IOSU exploits, since the Cafe OS kernel is much smaller. But we'll be the ones deciding when exploits are released.
 
I said where they are as specifically as I will. As for the kernel exploit, those may be even rarer than IOSU exploits, since the Cafe OS kernel is much smaller. But we'll be the ones deciding when exploits are released.
Oh ok. Now last question : how a js script (in the payload) can run C++ Code after. What the script exactly do ? (Please this time a real technical description, as little you want but a technical desc.)
 
Ok, if there's devellopers here :

I was in devellopement mode with a custom kernel exploit payload then after a few modifications (i mean a lot) it seems to work everything loaded except the frame.html ! There's wasn't any error except in the Network Tab !

upload_2016-1-10_15-10-23.png


What FLC Mean ?

And yeah i use the AIO Kernel exploit !
 
  • Like
Reactions: paulloeduardo
Oh ok. Now last question : how a js script (in the payload) can run C++ Code after. What the script exactly do ? (Please this time a real technical description, as little you want but a technical desc.)

It's exactly what I said already. There is a bug in the Wii U browser's parsing of the page, which the JS exploits to get code running.
 
Ok, if there's devellopers here :

I was in devellopement mode with a custom kernel exploit payload then after a few modifications (i mean a lot) it seems to work everything loaded except the frame.html ! There's wasn't any error except in the Network Tab !

View attachment 35040

What FLC Mean ?

And yeah i use the AIO Kernel exploit !
This looks like your trying to use the <5.0 webkit exploits, they will only work on their target version no matter how much editing you do (unless that edit is targeting an existing vulnerability, which would be classed as a rewrite anyway). Same as the AIO Kernel exploit, it will only work on a kernel version is has been targeted for.

If your looking to exploit the 5.4/5.5 webkit, then just look for information on recent webkit exploits. There has been alot released recently and there is a major one that works on 5.4 and 5.5 *hint hint*
 

Site & Scene News

Popular threads in this forum