Questions regarding cafiine code

Discussion in 'Wii U - Hacking & Backup Loaders' started by H0neyBadger, Dec 18, 2015.

  1. H0neyBadger
    OP

    H0neyBadger Member

    Newcomer
    22
    7
    Oct 4, 2015
    France
    Hello,
    I have few questions about cafiine client code? (sources here)

    First of all, thanks a lot for this amazing tool and for sharing the sources (an official release on github would be perfect).

    If I understand well, this code allows us to intercept file system calls.
    I would like to know the name of this kind of expoit(method/patch/technique) ? I have seen many example base on LD_PRELOAD but it’s doesn’t seem applicable to the wiiu.

    My goal is intercept nlibcurl (and eventually socket calls) to read network traffic in clear text.
    Do you have any clue on how to achieve this?

    I tried to draft some stuff, but it always fails during the compilation process with the error :

    Code:
    powerpc-eabi-gcc -c -O2 -Wall -x c -std=gnu99 -ffreestanding -mrvl -mcpu=750 -meabi -mhard-float -fshort-wchar -msdata=none -memb -ffunction-sections -fdata-sections -Wno-unknown-pragmas -Wno-strict-aliasing  -o wiiurl.o wiiurl.c
    powerpc-eabi-ld -T wiiurl532.ld main.o wiiurl.o
    `.rodata.str1.4' referenced in section `.text.my_curl_easy_getinfo' of main.o: defined in discarded section `.rodata.str1.4' of main.o
    `.rodata.str1.4' referenced in section `.text.my_curl_easy_getinfo' of main.o: defined in discarded section `.rodata.str1.4' of main.o
    `.rodata.str1.4' referenced in section `.text.my_curl_easy_send' of main.o: defined in discarded section `.rodata.str1.4' of main.o
    `.rodata.str1.4' referenced in section `.text.my_curl_easy_send' of main.o: defined in discarded section `.rodata.str1.4' of main.o
    Any documents or examples are welcome.
     
  2. H0neyBadger
    OP

    H0neyBadger Member

    Newcomer
    22
    7
    Oct 4, 2015
    France
    Hello,
    I think the technics used here is called hooking (but I’m not sure).
    I finally reworked the cafiine code to hook the nlibcurl.rpl lib,
    but I do not understand why the curl_easy_init function is not hooked with my code.

    https://github.com/H0neyBadger/wiiurl/

    It works perfectly for coreinit.rpl functions. But regarding nlibcurl (curl_easy_init & curl_global_init) nothing happens…

    I think my issue comes from the installer.

    https://github.com/H0neyBadger/wiiurl/blob/master/installer/wiiurl.c#L200

    https://github.com/H0neyBadger/wiiurl/blob/master/installer/wiiurl.c#L225


    Do you have an idea to explain why my custom curl functions are not called?
    Do you have some details about the cafiine installer (or any other wiiu project installer)?