So they developed a userland webkit exploit at first which gives them basic user access right? To contrast this would be like on a Linux terminal or windows machine without administrative privileges?
Yeah, kind of like that. In userland, you can do anything that a regular game or app can do. In this case, we would be limited to the environment of the web browser. The browser is allowed to access things like the internet, sound, screen and GamePad input. No way to access the SD card, though.
Then they had to elevate their privileges by exploiting a Kernel bug and developing a Kernel exploit? Which then allowed them to use the Homebrew launcher
Yes. Once the kernel has been exploited, it is possible to "hook" into the launcher program, allowing us to run software before a title launches, but within that title's userspace. So we can hook into, for example, Mii Maker's launch process and run code there. Mii Maker is one of four titles that are allowed to access the SD card without additional exploits. And so we can load programs from the SD card (e.g. Homebrew Launcher) and run them in Mii Maker's userspace.
which then could use apps with this elevated privilege to modify the nand and do other cool stuff?
In addition to the PowerPC processor that runs your games, there's also an ARM processor which performs security operations, within its own operating system called IOSU. Once we have the ability to run our own software on the PowerPC, we can exploit IOSU and launch a custom firmware (CFW) on it, which gives us the ability to modify NAND, install unsigned programs, redNAND, and all those other things that IOSU would usually get in the way of.
