How do I start looking for IOSU exploit?

Discussion in 'Wii U - Hacking & Backup Loaders' started by martyjake, Jun 18, 2016.

  1. martyjake
    OP

    martyjake Member

    Newcomer
    28
    11
    Jun 16, 2016
    Canada
    I have some decent coding knowledge, and have programmed many things in Python and JavaScript, but the Wii U's architecture is completely foreign to me.

    Is there any programs or guides I can follow to get started?

    If more people work on this, the sooner we can find an exploit.

    (Btw I'm not talking about how to hack my console, that's easy, I'm talking about researching and trying to find exploits/backdoors in the code)
     
    Last edited by martyjake, Jun 18, 2016
  2. Spidey_BR

    Spidey_BR GBAtemp Regular

    Member
    199
    10
    Feb 1, 2008
    Brazil
    You should start learning C, then learning about operating systems, then research exploits on libraries and softwares with high probability of being embedded on the WiiU and with kernel mode access.
    If you can find an exploit that is already known (and probably fixed), but Nintendo hasn't cared to patch, you can use it to gain code execution access.
     
    pustal likes this.
  3. martyjake
    OP

    martyjake Member

    Newcomer
    28
    11
    Jun 16, 2016
    Canada
    But if an exploit has already been fixed, then how can I further it?
     
  4. Spidey_BR

    Spidey_BR GBAtemp Regular

    Member
    199
    10
    Feb 1, 2008
    Brazil
    The key part is "Nintendo hasn't cared to patch". Find a brand new exploit is a job for veteran hackers and testers, it's not easy as one might think. You need to have a strong background on how computer works and on the history of exploitation, so you can search the viable spots.

    What I suggested is for you to research security forums and websites for newish exploits on software that WiiU uses, i.e. Webkit (but this doesn't have kernel mode access), and test if it has already being patched by Nintendo. If it hasn't, PROFIT! After finding the exploit, you have to program the code that makes it usable and useful, but that's the easy part, there are plenty of programmers and also SDKs floating around for this already (think homebrew launcher libs).
     
    pustal and CreeperMario like this.
  5. martyjake
    OP

    martyjake Member

    Newcomer
    28
    11
    Jun 16, 2016
    Canada
    Ah ok, thanks for the clarification. Is there any known apps/games that have full permissions granted by the IOSU? Or do we not know any?
     
  6. JustPingo

    JustPingo GBAtemp Fan

    Member
    497
    996
    Jan 11, 2015
    France
    Not even CafeOS kernel has every permissions (IOSU keeps most of them for itself, like for example the sweet sweet global arbitrary RAM R/W).
    Learning C and assembly (and so detailed low level computer science in general) is the best way to start thinking about how it could go wrong.
    Train yourself at reverse-engineering, for example trying to figure out functions in IOSU is a good way to get yourself familiarised with ARM ASM.
    Document yourself on typical attacks, for example buffer overflows, race attacks, or techniques like ROP (or stack pivot).
    Read http://www.wiiubrew.org/ a lot too.
    Good luck!
     
    Last edited by JustPingo, Jun 18, 2016
  7. QuarkTheAwesome

    QuarkTheAwesome Working for Hugs

    Member
    808
    1,989
    Apr 19, 2015
    Australia
    Stuck in the PowerPC
    Worth noting that if you can get your hands on a copy of IDA these files will prove invaluable in your reverse engineering efforts. Also say hi to @Datalogger.
    Might also be worth reading this as a bit of an introduction to how the IOSU works and communicates.
     
  8. chaosrunner

    chaosrunner Substitute Soul Reaper

    Banned
    711
    267
    Sep 27, 2015
    Canada
    Hueco Mundo
    good lock many have tried and failed hope u finish your journey
     
    Subtle Demise and CreeperMario like this.
  9. VinLark

    VinLark This machine kills bourgeois sentimentality.

    Member
    4,119
    4,889
    Jun 11, 2016
    Trinidad and Tobago
    Psychosystem Denomination
    Many haven't even tried. They whine and bitch about "they need to work harderr". I'm glad this guy is trying