Hacking how to find an exploit?

ryuutseku85

Well-Known Member
Member
Joined
Dec 14, 2015
Messages
110
Trophies
0
Age
36
XP
386
Country
France
Hi everyone , i want to help in the Wii u hacking scene .

I would like to learn how can I find exploit . I am learning the basics of the code right now . I know I will have to do much more than this to hack the Wii u or find an exploit . But my question is simple . What have I to do to find an exploit ? Do I have to connect my pc and Wii u to find the code and try to modify it later to launch something ? if yes how I do it ?

I have no idea where I have to start .
 

TheKawaiiDesu

Ball of Kawaiiness
Member
Joined
Aug 23, 2015
Messages
1,436
Trophies
0
Location
Lowee
XP
1,579
Country
Korea, North
Well, even if I'm clearly more a noob than an expert, I don't think that just knowing how to code is enough. The thing is that consoles like the Wii U, PS4, 3DS, etc etc, are *extremely* "secure", and won't let you run your own code like this. While lurking on some forums, I've seen that a background in computer science is heavily recommended, and even if you're an expert, many people who attempted to hack those systems failed.

To start, you can probably learn how to code, and probably master some common programming languages (C / C++ / Assembly) and then try to lurk around on the Internet :)

For example, Smealum's website seems to give detailed info about NinjHax and can probably help you a lot once you understand what he's saying (I mostly don't):P
 
Last edited by TheKawaiiDesu,
D

Deleted-236924

Guest
Well, first off, you don't find exploits, you find vulnerabilities. Exploits are later created to take advantage of vulnerabilities.
 

Cyan

GBATemp's lurking knight
Former Staff
Joined
Oct 27, 2002
Messages
23,410
Trophies
0
Location
Engine room, learning
XP
14,456
Country
France
Usually, you don't "search" for a vulnerability, you find it by seeing a crash, or by knowing an unpatched bug in the browser and trying it.
Nintendo doesn't use their own browser but Opera/webkit, which is open source so they NEED to release the source code for that program. Analyzing the sources can help find vulnerabilities, if you understand what would make the browser crash.

If you really want to "search" (and not find), then you need to first understand how the chipsets are working (PPC, ARM, ASM, registers, etc.)
then what's good or bad coding (like using string comparison instead of memory comparison to compare two strings --> it's the Wii vulnerability)
then either analyze the sources, or decompile existing programs to get ASM sources (machine language) and understand what's happening in low level and could be exploited.

it could be race attacks (registers not correctly verified before read, or random slowdown allowing another program to edit it between two accesses -> this is the current OSDriver exploit we are using on 5.3.2)
It could be encryption algorithm bug (like PS3), so you need to learn cryptology.

So, to search/find exploit, you need to understand low level coding and how the console is working internally (from power ON to program execution).
And you don't decide to search for it, usually you find an issue by understanding how everything is working. you look at the sources, decompile programs, etc. and you learn from it, see what happens, and if you are a good developer you notice something that the nintendo developers should have done better and you know why, so you see if you can use that vulnerability to do anything with that "bug" (or bad coding style from official devs). That's not always possible, not all errors can be exploited.
 

EmceeKerser

Well-Known Member
Member
Joined
Jun 3, 2014
Messages
1,374
Trophies
0
Age
31
Location
The fuckin' Blue Mountains brah
XP
628
Country
I too just started coding, just finished my first class and I am now an expert. Here's a vulnerability I created, put it in a text file on your SD root

/code start/
;;This is my exploit
/Start Hax
/Exploit wii u
/Downgrade to 5.2
/Patch IOSU
/Done
;;Hack is done
 

GalladeGuy

Cool and Epic
Member
Joined
Oct 28, 2015
Messages
2,687
Trophies
0
XP
2,908
Country
United States
You don't search for vulnerabilities, you find them. Just find a game that you know has a game crashing glitch in it. Then, keep trying to replicate that glitch, and find out how it happens, and why. I would try to find a glitch that reads a certain point in memory, which could be modified to have custom code in it. Once you find a vulnerability, then, and only then, can you start working on an exploit.

Also, what language are you learning? Like TheKawiiDesu said, C, C++, or Assembly would be the best. Although, I wouldn't recommend starting anything until you are more experienced in programming.

Sorry if any of this information is inaccurate. Feel free to PM me if you have any more questions.
 
  • Like
Reactions: Scott_pilgrim

FaTaL_ErRoR

AKA ŦƕƎ ƠṀƐƝ
Member
Joined
Mar 9, 2014
Messages
491
Trophies
0
XP
423
Country
United States
It really depend on what vulnerability you are exploiting as to what you need to be looking for in an exploit.
If by chance it is webkit you are exploiting vulnerable bugs in coding. You would have great luck with access to webkit developers bug fixes. (You know the ones some are locked out from viewing) It's an old version of webkit running on the wii u. This speeds things up greatly having logs of issues on other platforms.
Same goes for software running on ppc processors. Looking at bugs from other platforms having similar hardware helps with attempting similar things on the current device.
Now the particular device in the section you posted this question has a secondary processor running software that handles signing and main OS functions.
Now, getting at it is a little bit more difficult as there aren't too many other platforms that are running this type of hardware in the way it is being used. But none the less it is an arm processor and there are only so many ways to write an OS in arm.
But I wish you the best of luck. Just keep in mind you are competing against people who have had access to a fully functional IOSU exploit in 3.1 and have exploited consoles in that firmware. With having that already in hand they can see exactly what is getting changed throughout the updates in the firmware. And if they keep the exploited 3.1 they are also able to tear the rest of IOSU and pretty much all of OS v11. Anyway, knowledge of coding is mildly important. During your dig into previous exploits on different devices will help with gaining knowledge. Also, asking questions to those that exploited them will help as well. You can script kiddie most of the way through.
Finding a vulnerability and exploiting just requires a ton of research. That's pretty much it. Then from there a little coding knowledge is needed because from there it is trial and error.
Then you finally exploit it and now you have to run it a thousand times to ensure it is mapping in the correct area. You could be a few bytes off and have a 30 percent functional exploit.
Perfection is key even if someone is just gonna patch it out or update it to non functional.
What exactly are you interested in finding and exploiting a vulnerability in?
 

TheZander

King of the Level 7's
Member
Joined
Feb 1, 2008
Messages
2,043
Trophies
0
Location
Level 7
Website
www.InternetScam.Link
XP
3,060
Country
United States
well basically, the wiiu uses both mega and giga bytes. exploits are harder to come by in in gigabytes thats why you need to start with mb (short for mega byte)) now. you need a binary translator 1s and 0s etc... so if you wanted to exploit lets say the left trigger button. you need a basic understanding of psedo code such as hack_exploit_trigger_left=true this will then allow you to run unsigned code in binary.

unsigned code is basically normal code that no one has signed there name yet on it once its printed out. from there its pretty self explainitory
 

GalladeGuy

Cool and Epic
Member
Joined
Oct 28, 2015
Messages
2,687
Trophies
0
XP
2,908
Country
United States
well basically, the wiiu uses both mega and giga bytes. exploits are harder to come by in in gigabytes thats why you need to start with mb (short for mega byte)) now. you need a binary translator 1s and 0s etc... so if you wanted to exploit lets say the left trigger button. you need a basic understanding of psedo code such as hack_exploit_trigger_left=true this will then allow you to run unsigned code in binary.

unsigned code is basically normal code that no one has signed there name yet on it once its printed out. from there its pretty self explainitory
I can't tell if you are being sarcastic, or you just don't know what your talking about. (Probably the first one.)
 
  • Like
Reactions: Scott_pilgrim

ryuutseku85

Well-Known Member
Member
Joined
Dec 14, 2015
Messages
110
Trophies
0
Age
36
XP
386
Country
France
It really depend on what vulnerability you are exploiting as to what you need to be looking for in an exploit.
If by chance it is webkit you are exploiting vulnerable bugs in coding. You would have great luck with access to webkit developers bug fixes. (You know the ones some are locked out from viewing) It's an old version of webkit running on the wii u. This speeds things up greatly having logs of issues on other platforms.
Same goes for software running on ppc processors. Looking at bugs from other platforms having similar hardware helps with attempting similar things on the current device.
Now the particular device in the section you posted this question has a secondary processor running software that handles signing and main OS functions.
Now, getting at it is a little bit more difficult as there aren't too many other platforms that are running this type of hardware in the way it is being used. But none the less it is an arm processor and there are only so many ways to write an OS in arm.
But I wish you the best of luck. Just keep in mind you are competing against people who have had access to a fully functional IOSU exploit in 3.1 and have exploited consoles in that firmware. With having that already in hand they can see exactly what is getting changed throughout the updates in the firmware. And if they keep the exploited 3.1 they are also able to tear the rest of IOSU and pretty much all of OS v11. Anyway, knowledge of coding is mildly important. During your dig into previous exploits on different devices will help with gaining knowledge. Also, asking questions to those that exploited them will help as well. You can script kiddie most of the way through.
Finding a vulnerability and exploiting just requires a ton of research. That's pretty much it. Then from there a little coding knowledge is needed because from there it is trial and error.
Then you finally exploit it and now you have to run it a thousand times to ensure it is mapping in the correct area. You could be a few bytes off and have a 30 percent functional exploit.
Perfection is key even if someone is just gonna patch it out or update it to non functional.
What exactly are you interested in finding and exploiting a vulnerability in?

Thanks for your complete answer . My goal is to make homebrew after this , and if I find something that can be helping piracy I would not release it because I do not support the piracy , after this said everyone do what he want and for those who are saying : haha he know nothing and want to hack . I just have to answer : at least I try .
 

VinsCool

Persona Secretiva Felineus
Global Moderator
GBAtemp Patron
Joined
Jan 7, 2014
Messages
14,261
Trophies
0
Age
26
Location
Another World
Website
www.gbatemp.net
XP
20,399
Country
Canada
Thanks for your complete answer . My goal is to make homebrew after this , and if I find something that can be helping piracy I would not release it because I do not support the piracy , after this said everyone do what he want and for those who are saying : haha he know nothing and want to hack . I just have to answer : at least I try .
Documentation at wiiubrew may be useful
 
  • Like
Reactions: ryuutseku85

Site & Scene News

General chit-chat
Help Users
    jurassicplayer @ jurassicplayer: yabai, it has something keeping track of how many messages