how to find an exploit?

Discussion in 'Wii U - Hacking & Backup Loaders' started by ryuutseku85, Dec 14, 2015.

  1. ryuutseku85
    OP

    ryuutseku85 Advanced Member

    Newcomer
    92
    150
    Dec 14, 2015
    France
    Hi everyone , i want to help in the Wii u hacking scene .

    I would like to learn how can I find exploit . I am learning the basics of the code right now . I know I will have to do much more than this to hack the Wii u or find an exploit . But my question is simple . What have I to do to find an exploit ? Do I have to connect my pc and Wii u to find the code and try to modify it later to launch something ? if yes how I do it ?

    I have no idea where I have to start .
     
  2. TheKawaiiDesu

    TheKawaiiDesu Ball of Kawaiiness

    Member
    1,432
    1,506
    Aug 23, 2015
    Korea, North
    Lowee
    Well, even if I'm clearly more a noob than an expert, I don't think that just knowing how to code is enough. The thing is that consoles like the Wii U, PS4, 3DS, etc etc, are *extremely* "secure", and won't let you run your own code like this. While lurking on some forums, I've seen that a background in computer science is heavily recommended, and even if you're an expert, many people who attempted to hack those systems failed.

    To start, you can probably learn how to code, and probably master some common programming languages (C / C++ / Assembly) and then try to lurk around on the Internet :)

    For example, Smealum's website seems to give detailed info about NinjHax and can probably help you a lot once you understand what he's saying (I mostly don't):P
     
    Last edited by TheKawaiiDesu, Dec 14, 2015
  3. Ammako

    Ammako GBAtemp Guru

    Member
    6,424
    3,547
    Dec 22, 2009
    Canada
    Well, first off, you don't find exploits, you find vulnerabilities. Exploits are later created to take advantage of vulnerabilities.
     
  4. ryuutseku85
    OP

    ryuutseku85 Advanced Member

    Newcomer
    92
    150
    Dec 14, 2015
    France
    Ok thank you. So how do I find vulnerabilities ?
     
  5. DrCrygor07

    DrCrygor07 Italian Wario Ware bootleg©

    Member
    1,711
    634
    Sep 4, 2014
    Italy
    Search them on Nintendo website, or contact support
     
    Swiftloke, nh6574, Otelo2 and 6 others like this.
  6. mech

    mech ♥️♥️♥️♥️♥️♥️♥️♥️

    Member
    4,973
    3,256
    Oct 26, 2014
    Vanuatu
    try and crash the console :)
     
  7. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,715
    9,015
    Oct 27, 2002
    France
    Engine room, learning
    Usually, you don't "search" for a vulnerability, you find it by seeing a crash, or by knowing an unpatched bug in the browser and trying it.
    Nintendo doesn't use their own browser but Opera/webkit, which is open source so they NEED to release the source code for that program. Analyzing the sources can help find vulnerabilities, if you understand what would make the browser crash.

    If you really want to "search" (and not find), then you need to first understand how the chipsets are working (PPC, ARM, ASM, registers, etc.)
    then what's good or bad coding (like using string comparison instead of memory comparison to compare two strings --> it's the Wii vulnerability)
    then either analyze the sources, or decompile existing programs to get ASM sources (machine language) and understand what's happening in low level and could be exploited.

    it could be race attacks (registers not correctly verified before read, or random slowdown allowing another program to edit it between two accesses -> this is the current OSDriver exploit we are using on 5.3.2)
    It could be encryption algorithm bug (like PS3), so you need to learn cryptology.

    So, to search/find exploit, you need to understand low level coding and how the console is working internally (from power ON to program execution).
    And you don't decide to search for it, usually you find an issue by understanding how everything is working. you look at the sources, decompile programs, etc. and you learn from it, see what happens, and if you are a good developer you notice something that the nintendo developers should have done better and you know why, so you see if you can use that vulnerability to do anything with that "bug" (or bad coding style from official devs). That's not always possible, not all errors can be exploited.
     
  8. EmceeKerser

    EmceeKerser GBAtemp Maniac

    Member
    1,374
    503
    Jun 3, 2014
    The fuckin' Blue Mountains brah
    I too just started coding, just finished my first class and I am now an expert. Here's a vulnerability I created, put it in a text file on your SD root

    /code start/
    ;;This is my exploit
    /Start Hax
    /Exploit wii u
    /Downgrade to 5.2
    /Patch IOSU
    /Done
    ;;Hack is done
     
  9. ryuutseku85
    OP

    ryuutseku85 Advanced Member

    Newcomer
    92
    150
    Dec 14, 2015
    France
    Thank you
    Emcee love the sarcasme ....
     
    Last edited by ryuutseku85, Dec 14, 2015
    TotalInsanity4 likes this.
  10. fatsquirrel

    fatsquirrel GBAtemp Advanced Maniac

    Member
    1,955
    1,461
    Nov 11, 2013
    roflmao
     
  11. GalladeGuy

    GalladeGuy Freeze Kirby :3

    Member
    2,589
    2,656
    Oct 28, 2015
    United States
    You don't search for vulnerabilities, you find them. Just find a game that you know has a game crashing glitch in it. Then, keep trying to replicate that glitch, and find out how it happens, and why. I would try to find a glitch that reads a certain point in memory, which could be modified to have custom code in it. Once you find a vulnerability, then, and only then, can you start working on an exploit.

    Also, what language are you learning? Like TheKawiiDesu said, C, C++, or Assembly would be the best. Although, I wouldn't recommend starting anything until you are more experienced in programming.

    Sorry if any of this information is inaccurate. Feel free to PM me if you have any more questions.
     
  12. ajd4096

    ajd4096 GBAtemp Regular

    Member
    176
    187
    Feb 17, 2009
    10. Think.
    20. Think harder.
    30. Write code.
    40. Test code.
    40. GOTO 20

    This code may have a bug.
     
    TeamScriptKiddies likes this.
  13. FaTaL_ErRoR

    FaTaL_ErRoR AKA ŦƕƎ ƠṀƐƝ

    Member
    491
    346
    Mar 9, 2014
    United States
    It really depend on what vulnerability you are exploiting as to what you need to be looking for in an exploit.
    If by chance it is webkit you are exploiting vulnerable bugs in coding. You would have great luck with access to webkit developers bug fixes. (You know the ones some are locked out from viewing) It's an old version of webkit running on the wii u. This speeds things up greatly having logs of issues on other platforms.
    Same goes for software running on ppc processors. Looking at bugs from other platforms having similar hardware helps with attempting similar things on the current device.
    Now the particular device in the section you posted this question has a secondary processor running software that handles signing and main OS functions.
    Now, getting at it is a little bit more difficult as there aren't too many other platforms that are running this type of hardware in the way it is being used. But none the less it is an arm processor and there are only so many ways to write an OS in arm.
    But I wish you the best of luck. Just keep in mind you are competing against people who have had access to a fully functional IOSU exploit in 3.1 and have exploited consoles in that firmware. With having that already in hand they can see exactly what is getting changed throughout the updates in the firmware. And if they keep the exploited 3.1 they are also able to tear the rest of IOSU and pretty much all of OS v11. Anyway, knowledge of coding is mildly important. During your dig into previous exploits on different devices will help with gaining knowledge. Also, asking questions to those that exploited them will help as well. You can script kiddie most of the way through.
    Finding a vulnerability and exploiting just requires a ton of research. That's pretty much it. Then from there a little coding knowledge is needed because from there it is trial and error.
    Then you finally exploit it and now you have to run it a thousand times to ensure it is mapping in the correct area. You could be a few bytes off and have a 30 percent functional exploit.
    Perfection is key even if someone is just gonna patch it out or update it to non functional.
    What exactly are you interested in finding and exploiting a vulnerability in?
     
    mech and ryuutseku85 like this.
  14. TheZander

    TheZander member

    Member
    1,096
    783
    Feb 1, 2008
    United States
    well basically, the wiiu uses both mega and giga bytes. exploits are harder to come by in in gigabytes thats why you need to start with mb (short for mega byte)) now. you need a binary translator 1s and 0s etc... so if you wanted to exploit lets say the left trigger button. you need a basic understanding of psedo code such as hack_exploit_trigger_left=true this will then allow you to run unsigned code in binary.

    unsigned code is basically normal code that no one has signed there name yet on it once its printed out. from there its pretty self explainitory
     
    kudofan, GalladeGuy and Kelton2 like this.
  15. GalladeGuy

    GalladeGuy Freeze Kirby :3

    Member
    2,589
    2,656
    Oct 28, 2015
    United States
    I can't tell if you are being sarcastic, or you just don't know what your talking about. (Probably the first one.)
     
  16. VinsCool

    VinsCool Detached from Reality

    Member
    GBAtemp Patron
    VinsCool is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    12,075
    29,430
    Jan 7, 2014
    Canada
    Another World
    A lot of luck, mostly.
     
    ryuutseku85 likes this.
  17. TheZander
    This message by TheZander has been removed from public view by Cyan, Dec 15, 2015, Reason: offtopic.
    Dec 15, 2015
  18. GalladeGuy
    This message by GalladeGuy has been removed from public view by Cyan, Dec 15, 2015, Reason: offtopic.
    Dec 15, 2015
  19. TheZander
    This message by TheZander has been removed from public view by Cyan, Dec 15, 2015, Reason: offtopic.
    Dec 15, 2015
  20. ryuutseku85
    OP

    ryuutseku85 Advanced Member

    Newcomer
    92
    150
    Dec 14, 2015
    France
    Thanks for your complete answer . My goal is to make homebrew after this , and if I find something that can be helping piracy I would not release it because I do not support the piracy , after this said everyone do what he want and for those who are saying : haha he know nothing and want to hack . I just have to answer : at least I try .
     
  21. VinsCool

    VinsCool Detached from Reality

    Member
    GBAtemp Patron
    VinsCool is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    12,075
    29,430
    Jan 7, 2014
    Canada
    Another World
    Documentation at wiiubrew may be useful
     
    ryuutseku85 likes this.
  22. ryuutseku85
    OP

    ryuutseku85 Advanced Member

    Newcomer
    92
    150
    Dec 14, 2015
    France
    Indeed I get my head in it since last week . And for those interested I am in 5.5.0 .
     
  23. marksteele

    marksteele GBAtemp Advanced Fan

    Member
    822
    402
    Jan 16, 2011
    Canada
    This thread reminded me that the GBATemp community is toxic as fuck