Homebrew How does Homebrew work?

RebelJake17

Well-Known Member
OP
Newcomer
Joined
May 14, 2016
Messages
74
Trophies
0
Age
32
XP
225
Country
United States
Hello, I have a few questions I've been wondering how does it all work? So they developed a userland webkit exploit at first which gives them basic user access right? To contrast this would be like on a Linux terminal or windows machine without administrative privileges? Then they had to elevate their privileges by exploiting a Kernel bug and developing a Kernel exploit? Which then allowed them to use the Homebrew launcher which then could use apps with this elevated privilege to modify the nand and do other cool stuff? If something is wrong or could be added onto I'd appreciate it I'd like to learn more about console explotation and Homebrew.
 

Exnor

Member
Newcomer
Joined
Dec 9, 2017
Messages
17
Trophies
0
Age
92
XP
68
Country
Portugal
Hello, I have a few questions I've been wondering how does it all work? So they developed a userland webkit exploit at first which gives them basic user access right? To contrast this would be like on a Linux terminal or windows machine without administrative privileges? Then they had to elevate their privileges by exploiting a Kernel bug and developing a Kernel exploit? Which then allowed them to use the Homebrew launcher which then could use apps with this elevated privilege to modify the nand and do other cool stuff? If something is wrong or could be added onto I'd appreciate it I'd like to learn more about console explotation and Homebrew.

Would also like to know.
 
D

Deleted User

Guest
So they developed a userland webkit exploit at first which gives them basic user access right? To contrast this would be like on a Linux terminal or windows machine without administrative privileges?
Yeah, kind of like that. In userland, you can do anything that a regular game or app can do. In this case, we would be limited to the environment of the web browser. The browser is allowed to access things like the internet, sound, screen and GamePad input. No way to access the SD card, though.

Then they had to elevate their privileges by exploiting a Kernel bug and developing a Kernel exploit? Which then allowed them to use the Homebrew launcher
Yes. Once the kernel has been exploited, it is possible to "hook" into the launcher program, allowing us to run software before a title launches, but within that title's userspace. So we can hook into, for example, Mii Maker's launch process and run code there. Mii Maker is one of four titles that are allowed to access the SD card without additional exploits. And so we can load programs from the SD card (e.g. Homebrew Launcher) and run them in Mii Maker's userspace.

which then could use apps with this elevated privilege to modify the nand and do other cool stuff?
In addition to the PowerPC processor that runs your games, there's also an ARM processor which performs security operations, within its own operating system called IOSU. Once we have the ability to run our own software on the PowerPC, we can exploit IOSU and launch a custom firmware (CFW) on it, which gives us the ability to modify NAND, install unsigned programs, redNAND, and all those other things that IOSU would usually get in the way of.
 

You may also like...

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3N1 @ K3N1: https://youtu.be/9mZug4fT8mM lol someone got triggered