Toggle sidebar

Hacking OSDriver kernel exploit - a technical description

  • Thread starter Thread starter Marionumber1
  • Start date Start date
  • Views Views 43,194
  • Replies Replies 81
  • Likes Likes 63
Don Jon said:
so ive got a question
ive found a working kernel exploit for firmware 5.5.1 through the process of brute forcing

my intentions are to either release it with a working emulator
or release it alone and let someone finish it

the thing is that I am fairly new to the community(was a microsoft guy)
and i would hate to release something that has already been discovered?
could I check @DeVS your exploit and compare
if they are different
there is no reason for holding back if it turns out mine is different

btw I AM open for donations
Click to expand...
How about you show us yours?
 
  • Like
Reactions: Phantom90, josh87402, nonameboy and 3 others
Don Jon said:
btw I AM open for donations
Click to expand...
61266408.jpg
 
  • Like
Reactions: josh87402, ant888, driverdis and 2 others
Don Jon said:
so ive got a question
ive found a working kernel exploit for firmware 5.5.1 through the process of brute forcing

my intentions are to either release it with a working emulator
or release it alone and let someone finish it

the thing is that I am fairly new to the community(was a microsoft guy)
and i would hate to release something that has already been discovered?
could I check @DeVS your exploit and compare
if they are different
there is no reason for holding back if it turns out mine is different

btw I AM open for donations
Click to expand...
I remember you saying recently that you modified 5.3.2 kernel to work on 5.5.1, now you're saying you 'bruteforced' the system to give up the kernel. Cmon man, stop lying all the time and admit it, you cant code for skittles.
 
NexoCube said:
How did you find that the spinlock were sometimes unlocked ? @Marionumber1
Click to expand...
Um, I don't remember how we started, I think either someone told us it existed and we tried to replicate it (I still remember it first working in February last year, "Race attack succeeded" and MN1 was shocked that it finally worked to some degree), and shortly after Bean and chadderz showed off that they had made their own using the userspace bug we released for 4.0 to 5.1, that's how chadderz originally made TCPGecko dotNet and Cafiine. I'm not actually sure they ever disclosed what their bug was. I also remember chadderz having some fun with MN1 to blindly get userspace working on 5.1, and we just kept using it up until it got patched in 5.5.0 (MN1 made the second one before this cause the OSDriver one was so unreliable)
 
  • Like
Reactions: NexoCube, Deleted User, paulloeduardo and 1 other person
NWPlayer123 said:
Um, I don't remember how we started, I think either someone told us it existed and we tried to replicate it (I still remember it first working in February last year, "Race attack succeeded" and MN1 was shocked that it finally worked to some degree), and shortly after Bean and chadderz showed off that they had made their own using the userspace bug we released for 4.0 to 5.1, that's how chadderz originally made TCPGecko dotNet and Cafiine. I'm not actually sure they ever disclosed what their bug was. I also remember chadderz having some fun with MN1 to blindly get userspace working on 5.1, and we just kept using it up until it got patched in 5.5.0 (MN1 made the second one before this cause the OSDriver one was so unreliable)
Click to expand...

Okay ^^ But now how to find another bug that can exploit the kernel :c ?
 
So, if i understand everything, the ROP Chains's are just here to says to Core 0 and 2 to start, and freeing one of your "Driver" (The B one) ?

And kern_read and kern_write syscalls are installed in DRVHAX (C) ?
 
Last edited by NexoCube,

Site & Scene News

Go to forum More news

Popular threads in this forum

Strange Blue Blinking Wii U

Hacking Homebrew Project  Modernized YouTube for Wii U

Struggling to get WiiFlow/USBLoaderGX to recognize USB sticks

Feedback  Community Overclock Stats: A5X vs B1X Motherboards

Wii Games Performance on Wii U (vWii C2W Overclock) – Community Testing & Results Sharing

My dad's Wii U cannot install Aroma. HELP!!

Gaming Homebrew Misc Project  Roséverse - a 1:1 Miiverse revival by Project Rosé!

I broken my wii u