Mocha CFW leaves the wii u vulnerable? (Dumb questions for days)

Discussion in 'Wii U - Hacking & Backup Loaders' started by wiiuparanoia, Jan 6, 2017.

  1. wiiuparanoia
    OP

    wiiuparanoia Newbie

    Newcomer
    1
    0
    Jan 6, 2017
    Mexico
    Hi, I'm new here

    So simple question, if I install this custom firmware in my wii u, am I expose to some kind of viruses or malware?, since the program "patches" the Sysnand, breaking its security protocol (or at least I think thats how it works :P, not a professional here).

    I'm asking because I go into a lot of pages that spawn lots of pop ups such as animeflv which, some of them, have contained malware that my pc has detected
     
  2. RyDog

    RyDog Lazy Animal Crossing hacker

    Member
    1,596
    1,147
    Apr 26, 2015
    United States
    Wii u has no known viruses. the only known viruses is if you're dumb and you install something bad to your console and brick it.
     
    DinckelMan likes this.
  3. xtheman

    xtheman GBAtemp Guru

    Member
    5,843
    5,252
    Jan 28, 2016
    No such thing exists but with the extra permissions that Mocha allows one could make a code that renders the console useless on launch of the app.

    Then again you don't even need Mocha for that. A simple .elf is enough.
     
  4. QuarkTheAwesome

    QuarkTheAwesome Working for Hugs

    Member
    761
    1,852
    Apr 19, 2015
    Australia
    Stuck in the PowerPC
    You think that's vulnerable? The Wii U has classic IoT vulns right out of the box. With absolute zero modification, the console can leak your WiFi passwords simply by loading a website. I built a PoC of this aaages ago as a joke, but it could be a serious issue. Of course, that's with pure browserhax - no PowerPC kernel, no IOSU userspace or kernel, nothing.
    There's many more glaring issues but to cut a long story short, your Wii U is already vulnerable to malware if someone was bothered to make it. Homebrew usage makes no difference to that; if anything making the system more secure due to moving everything around.
     
  5. subcon959

    subcon959 teh retro

    Member
    703
    412
    Dec 24, 2008
    Maybe do your pr0n surfing on PC instead?
     
  6. AdmiralSpeedy

    AdmiralSpeedy GBAtemp Regular

    Member
    104
    25
    Apr 4, 2016
    Canada
    Popups can't even infect a PC like people seem to think they can.
     
  7. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,429
    4,751
    Mar 17, 2010
    Norway
    Alola
    Driveby exploits exist. So theoretically, they can, but it rarely happens.
    Usually it's from people being dumb and downloading/running anything the popup tells them to.
     
  8. AdmiralSpeedy

    AdmiralSpeedy GBAtemp Regular

    Member
    104
    25
    Apr 4, 2016
    Canada
    Driveby exploits exist yes, and they are simply able to force a download and drop it on your machine. As far as I'm aware, nothing can force you to install anything.
     
  9. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,429
    4,751
    Mar 17, 2010
    Norway
    Alola
    You don't have to install anything, a driveby exploit can run code on your machine to do anything, like steal passwords or download and run malware.
     
  10. Pajar0

    Pajar0 Member

    Newcomer
    29
    9
    Oct 24, 2016
    Barbados
    Using those dodgy DNS servers to block updates, can also redirect your wiiU to a website that triggers any attack.
     
  11. AdmiralSpeedy

    AdmiralSpeedy GBAtemp Regular

    Member
    104
    25
    Apr 4, 2016
    Canada
    That's not entirely true.
     
  12. AboodXD

    AboodXD I hack NSMB games, and other shiz.

    Member
    2,649
    1,374
    Oct 11, 2014
    United Arab Emirates
    Not under a rock.
    Anyone could make a virus.
    A virus doesn't exist ATM, everyone should already know this.
     
    Last edited by AboodXD, Jan 6, 2017
  13. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,429
    4,751
    Mar 17, 2010
    Norway
    Alola
    Which part of it isn't?
     
  14. mikey420

    mikey420 GBAtemp Fan

    Member
    388
    111
    Dec 11, 2015
    United States
    In short a "CFW" grants root to the main user. Though it makes you no more vulnerable than you already were. Using a web exploit to gain code execution would allow a malicious page to gain kernel/iosu through the known exploits and use it to brick your device or install a malicious software to the system. Theoretically the wiiU or for that matter any device with known privilege escalation exploits for the current firmware and a web browser can be maliciously attacked through an exploit for the browser that gains code execution. Mind you even without privilige escalation a sandboxed browser hack can often. Leak valuable info such as stored passwords.
     
  15. AboodXD

    AboodXD I hack NSMB games, and other shiz.

    Member
    2,649
    1,374
    Oct 11, 2014
    United Arab Emirates
    Not under a rock.
    Luckily, no one is willing to do that. :)
     
  16. mikey420

    mikey420 GBAtemp Fan

    Member
    388
    111
    Dec 11, 2015
    United States
    Hopefully not but the possibility is still there. After all there were malicious "game dumps" released for the vita that just bricked users who installed and ran them. So its not like those with the desire to do these this sort of thing don't exist. Its just highly unlikely
     
  17. AboodXD

    AboodXD I hack NSMB games, and other shiz.

    Member
    2,649
    1,374
    Oct 11, 2014
    United Arab Emirates
    Not under a rock.
    Guys, I'm gonna go make dat SMM mod/exploit that will download you every game on the eShop. :D
    Scam-free, malware-free, recommended by most famous developers. ;)

    #Sarcasm
     
  18. QuarkTheAwesome

    QuarkTheAwesome Working for Hugs

    Member
    761
    1,852
    Apr 19, 2015
    Australia
    Stuck in the PowerPC
    It kinda is. We use such an exploit on the Wii U (shown to be capable of accessing WiFi passwords and ofc further exploitation), but they exist on other platforms too - stagefright on Android allows userspace code exec, as did the lsass bug on unpatched XP systems, Flashback on OSX, whatever the heck jailbreak.me used on iOS - pretty much every OS has had a code exec bug in its web browser at one point or another. The lsass bug was particularly devastating since it didn't even need user interaction like loading a website - a public-facing machine was vulnerable simply by being powered on.