Hacking how to find an exploit?

[ryuutseku85]

Hi everyone , i want to help in the Wii u hacking scene .

I would like to learn how can I find exploit . I am learning the basics of the code right now . I know I will have to do much more than this to hack the Wii u or find an exploit . But my question is simple . What have I to do to find an exploit ? Do I have to connect my pc and Wii u to find the code and try to modify it later to launch something ? if yes how I do it ?

I have no idea where I have to start .

 

[Deleted member 370671]

Well, even if I'm clearly more a noob than an expert, I don't think that just knowing how to code is enough. The thing is that consoles like the Wii U, PS4, 3DS, etc etc, are *extremely* "secure", and won't let you run your own code like this. While lurking on some forums, I've seen that a background in computer science is heavily recommended, and even if you're an expert, many people who attempted to hack those systems failed.

To start, you can probably learn how to code, and probably master some common programming languages (C / C++ / Assembly) and then try to lurk around on the Internet

For example, Smealum's website seems to give detailed info about NinjHax and can probably help you a lot once you understand what he's saying (I mostly don't)

 

[Deleted-236924]

Well, first off, you don't find exploits, you find vulnerabilities. Exploits are later created to take advantage of vulnerabilities.

 

[ryuutseku85]

Ok thank you. So how do I find vulnerabilities ?

 

[Mazamin]

Ok thank you. So how do I find vulnerabilities ?

Search them on Nintendo website, or contact support

 

[Deleted-355425]

try and crash the console

 

[Cyan]

Usually, you don't "search" for a vulnerability, you find it by seeing a crash, or by knowing an unpatched bug in the browser and trying it.
Nintendo doesn't use their own browser but Opera/webkit, which is open source so they NEED to release the source code for that program. Analyzing the sources can help find vulnerabilities, if you understand what would make the browser crash.

If you really want to "search" (and not find), then you need to first understand how the chipsets are working (PPC, ARM, ASM, registers, etc.)
then what's good or bad coding (like using string comparison instead of memory comparison to compare two strings --> it's the Wii vulnerability)
then either analyze the sources, or decompile existing programs to get ASM sources (machine language) and understand what's happening in low level and could be exploited.

it could be race attacks (registers not correctly verified before read, or random slowdown allowing another program to edit it between two accesses -> this is the current OSDriver exploit we are using on 5.3.2)
It could be encryption algorithm bug (like PS3), so you need to learn cryptology.

So, to search/find exploit, you need to understand low level coding and how the console is working internally (from power ON to program execution).
And you don't decide to search for it, usually you find an issue by understanding how everything is working. you look at the sources, decompile programs, etc. and you learn from it, see what happens, and if you are a good developer you notice something that the nintendo developers should have done better and you know why, so you see if you can use that vulnerability to do anything with that "bug" (or bad coding style from official devs). That's not always possible, not all errors can be exploited.

 

[EmceeKerser]

I too just started coding, just finished my first class and I am now an expert. Here's a vulnerability I created, put it in a text file on your SD root

/code start/
;;This is my exploit
/Start Hax
/Exploit wii u
/Downgrade to 5.2
/Patch IOSU
/Done
;;Hack is done

 

[ryuutseku85]

Thank you
Emcee love the sarcasme ....

 

[fatsquirrel]

roflmao

 

[GalladeGuy]

You don't search for vulnerabilities, you find them. Just find a game that you know has a game crashing glitch in it. Then, keep trying to replicate that glitch, and find out how it happens, and why. I would try to find a glitch that reads a certain point in memory, which could be modified to have custom code in it. Once you find a vulnerability, then, and only then, can you start working on an exploit.

Also, what language are you learning? Like TheKawiiDesu said, C, C++, or Assembly would be the best. Although, I wouldn't recommend starting anything until you are more experienced in programming.

Sorry if any of this information is inaccurate. Feel free to PM me if you have any more questions.

 

[ajd4096]

Ok thank you. So how do I find vulnerabilities ?

10. Think.
20. Think harder.
30. Write code.
40. Test code.
40. GOTO 20

This code may have a bug.

 

[FaTaL_ErRoR]

It really depend on what vulnerability you are exploiting as to what you need to be looking for in an exploit.
If by chance it is webkit you are exploiting vulnerable bugs in coding. You would have great luck with access to webkit developers bug fixes. (You know the ones some are locked out from viewing) It's an old version of webkit running on the wii u. This speeds things up greatly having logs of issues on other platforms.
Same goes for software running on ppc processors. Looking at bugs from other platforms having similar hardware helps with attempting similar things on the current device.
Now the particular device in the section you posted this question has a secondary processor running software that handles signing and main OS functions.
Now, getting at it is a little bit more difficult as there aren't too many other platforms that are running this type of hardware in the way it is being used. But none the less it is an arm processor and there are only so many ways to write an OS in arm.
But I wish you the best of luck. Just keep in mind you are competing against people who have had access to a fully functional IOSU exploit in 3.1 and have exploited consoles in that firmware. With having that already in hand they can see exactly what is getting changed throughout the updates in the firmware. And if they keep the exploited 3.1 they are also able to tear the rest of IOSU and pretty much all of OS v11. Anyway, knowledge of coding is mildly important. During your dig into previous exploits on different devices will help with gaining knowledge. Also, asking questions to those that exploited them will help as well. You can script kiddie most of the way through.
Finding a vulnerability and exploiting just requires a ton of research. That's pretty much it. Then from there a little coding knowledge is needed because from there it is trial and error.
Then you finally exploit it and now you have to run it a thousand times to ensure it is mapping in the correct area. You could be a few bytes off and have a 30 percent functional exploit.
Perfection is key even if someone is just gonna patch it out or update it to non functional.
What exactly are you interested in finding and exploiting a vulnerability in?

 

[TheZander]

well basically, the wiiu uses both mega and giga bytes. exploits are harder to come by in in gigabytes thats why you need to start with mb (short for mega byte)) now. you need a binary translator 1s and 0s etc... so if you wanted to exploit lets say the left trigger button. you need a basic understanding of psedo code such as hack_exploit_trigger_left=true this will then allow you to run unsigned code in binary.

unsigned code is basically normal code that no one has signed there name yet on it once its printed out. from there its pretty self explainitory

 

[GalladeGuy]

well basically, the wiiu uses both mega and giga bytes. exploits are harder to come by in in gigabytes thats why you need to start with mb (short for mega byte)) now. you need a binary translator 1s and 0s etc... so if you wanted to exploit lets say the left trigger button. you need a basic understanding of psedo code such as hack_exploit_trigger_left=true this will then allow you to run unsigned code in binary.

unsigned code is basically normal code that no one has signed there name yet on it once its printed out. from there its pretty self explainitory

I can't tell if you are being sarcastic, or you just don't know what your talking about. (Probably the first one.)

 

[VinsCool]

A lot of luck, mostly.

 

[ryuutseku85]

It really depend on what vulnerability you are exploiting as to what you need to be looking for in an exploit.
If by chance it is webkit you are exploiting vulnerable bugs in coding. You would have great luck with access to webkit developers bug fixes. (You know the ones some are locked out from viewing) It's an old version of webkit running on the wii u. This speeds things up greatly having logs of issues on other platforms.
Same goes for software running on ppc processors. Looking at bugs from other platforms having similar hardware helps with attempting similar things on the current device.
Now the particular device in the section you posted this question has a secondary processor running software that handles signing and main OS functions.
Now, getting at it is a little bit more difficult as there aren't too many other platforms that are running this type of hardware in the way it is being used. But none the less it is an arm processor and there are only so many ways to write an OS in arm.
But I wish you the best of luck. Just keep in mind you are competing against people who have had access to a fully functional IOSU exploit in 3.1 and have exploited consoles in that firmware. With having that already in hand they can see exactly what is getting changed throughout the updates in the firmware. And if they keep the exploited 3.1 they are also able to tear the rest of IOSU and pretty much all of OS v11. Anyway, knowledge of coding is mildly important. During your dig into previous exploits on different devices will help with gaining knowledge. Also, asking questions to those that exploited them will help as well. You can script kiddie most of the way through.
Finding a vulnerability and exploiting just requires a ton of research. That's pretty much it. Then from there a little coding knowledge is needed because from there it is trial and error.
Then you finally exploit it and now you have to run it a thousand times to ensure it is mapping in the correct area. You could be a few bytes off and have a 30 percent functional exploit.
Perfection is key even if someone is just gonna patch it out or update it to non functional.
What exactly are you interested in finding and exploiting a vulnerability in?

Thanks for your complete answer . My goal is to make homebrew after this , and if I find something that can be helping piracy I would not release it because I do not support the piracy , after this said everyone do what he want and for those who are saying : haha he know nothing and want to hack . I just have to answer : at least I try .

 

[VinsCool]

Thanks for your complete answer . My goal is to make homebrew after this , and if I find something that can be helping piracy I would not release it because I do not support the piracy , after this said everyone do what he want and for those who are saying : haha he know nothing and want to hack . I just have to answer : at least I try .

Documentation at wiiubrew may be useful

 

[ryuutseku85]

Documentation at wiiubrew may be useful

Indeed I get my head in it since last week . And for those interested I am in 5.5.0 .

 

[marksteele]

This thread reminded me that the GBATemp community is toxic as fuck