1. H0neyBadger

    OP H0neyBadger Advanced Member
    Newcomer

    Joined:
    Oct 4, 2015
    Messages:
    95
    Country:
    France
    Hello,
    I have few questions about cafiine client code? (sources here)

    First of all, thanks a lot for this amazing tool and for sharing the sources (an official release on github would be perfect).

    If I understand well, this code allows us to intercept file system calls.
    I would like to know the name of this kind of expoit(method/patch/technique) ? I have seen many example base on LD_PRELOAD but it’s doesn’t seem applicable to the wiiu.

    My goal is intercept nlibcurl (and eventually socket calls) to read network traffic in clear text.
    Do you have any clue on how to achieve this?

    I tried to draft some stuff, but it always fails during the compilation process with the error :

    Code:
    powerpc-eabi-gcc -c -O2 -Wall -x c -std=gnu99 -ffreestanding -mrvl -mcpu=750 -meabi -mhard-float -fshort-wchar -msdata=none -memb -ffunction-sections -fdata-sections -Wno-unknown-pragmas -Wno-strict-aliasing  -o wiiurl.o wiiurl.c
    powerpc-eabi-ld -T wiiurl532.ld main.o wiiurl.o
    `.rodata.str1.4' referenced in section `.text.my_curl_easy_getinfo' of main.o: defined in discarded section `.rodata.str1.4' of main.o
    `.rodata.str1.4' referenced in section `.text.my_curl_easy_getinfo' of main.o: defined in discarded section `.rodata.str1.4' of main.o
    `.rodata.str1.4' referenced in section `.text.my_curl_easy_send' of main.o: defined in discarded section `.rodata.str1.4' of main.o
    `.rodata.str1.4' referenced in section `.text.my_curl_easy_send' of main.o: defined in discarded section `.rodata.str1.4' of main.o
    Any documents or examples are welcome.
     
  2. H0neyBadger

    OP H0neyBadger Advanced Member
    Newcomer

    Joined:
    Oct 4, 2015
    Messages:
    95
    Country:
    France
    Hello,
    I think the technics used here is called hooking (but I’m not sure).
    I finally reworked the cafiine code to hook the nlibcurl.rpl lib,
    but I do not understand why the curl_easy_init function is not hooked with my code.

    https://github.com/H0neyBadger/wiiurl/

    It works perfectly for coreinit.rpl functions. But regarding nlibcurl (curl_easy_init & curl_global_init) nothing happens…

    I think my issue comes from the installer.

    https://github.com/H0neyBadger/wiiurl/blob/master/installer/wiiurl.c#L200

    https://github.com/H0neyBadger/wiiurl/blob/master/installer/wiiurl.c#L225


    Do you have an idea to explain why my custom curl functions are not called?
    Do you have some details about the cafiine installer (or any other wiiu project installer)?
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - Questions, regarding, cafiine