Toggle sidebar

Hacking (this is a guide) accessing crunchyrolls hidden browser

  • Thread starter Thread starter iAqua
  • Start date Start date
  • Views Views 9,851
  • Replies Replies 44
  • Likes Likes 14
piratesephiroth said:
yeah I just noticed it. We can't load videos from that message box but it can launch crunchyroll's website and from there we can redirect links anywhere freely (mostly).
Click to expand...
Yes you can load videos from the message box, locally map the homepage to a video and it'll load
 
Anyway we'd need a specific exploit for this browser and we have none.
This could potentially be an additional entrypoint but a skilled reverser has to analyse the code to develop the proper payloads.
 
I see people are trying to use the 5.5.1 browser exploits with this.

Those browser exploits were created to exploit the browser on 5.5.1. If you use a different browser for the exploit, why or how would that even work? The point of the exploit is to exploit a very specific vulnerability in the WiiU browser.

So if you use a completely different browser, or the WiiU browser on 5.5.2, the vulnerability is no longer there, it's been patched.

Edit:

I honestly think browser exploits are done. We need to figure out a better way to launch HBL without using the browser. Maybe with a game, that can access the SD Card? Idk. But we need a better way to access HBL.

I am using Haxchi BTW, on 5.5.1 still. I refuse to update right now, until I know for sure everything I need and use is working 100%.

Also, look at it from Nintendo point of view, they had years and years to work on this update. And the update basicly only did one thing after all this time, patched the browser. Which means they had enough time to secure the browser the best way they can, and they had years to think about it and do it.

They know if they would of patched CFW, there would be a lot of people with bricked consoles complaining online saying the WiiU update bricked there consoles. Who cares if they were using CFW or not, it's thousands of people's word against Nintendo. That's a bad PR move for Nintendo, and they knew it.
 
Last edited by TheTechGenius,
Is there any way to know in which browser version Crunchyroll browser is based on? Maybe it still has a vulnerability that was already discovered.

Enviado de meu 6039J usando Tapatalk
 
TheTechGenius said:
Also, look at it from Nintendo point of view, they had years and years to work on this update. And the update basicly only did one thing after all this time, patched the browser. Which means they had enough time to secure the browser the best way they can, and they had years to think about it and do it.

They know if they would of patched CFW, there would be a lot of people with bricked consoles complaining online saying the WiiU update bricked there consoles. Who cares if they were using CFW or not, it's thousands of people's word against Nintendo. That's a bad PR move for Nintendo, and they knew it.
Click to expand...

I diffed some parts of the browser after the update; and I can say that Nintendo changed one or two lines of mvplayer.rpl code at most. Admittedly there were changes to the JavaScript core that I didn't look at; but they definitely haven't merged in all the latest and greatest patches, that's for sure.

Like it or not, WebKit or an associated library is the best option here. I searched around pretty thoroughly before settling on Crunchyroll; and can say the best other possible method I've found is to do with the Miiverse headshots under Sm4sh. Not exactly convenient hacking. (cc: @jam1garner? Pretty sure that's where the PNGs fit in)

Corredor said:
It's a really old browser. What is the idea? Exploring the UAF bug to run a kernel exploit?

Enviado de meu 6039J usando Tapatalk
Click to expand...

The RenderArena one? I gave it a go, and couldn't get more than a null deref. If you can get user-controlled data into it I'll love you forever.
 
  • Like
Reactions: iAqua
QuarkTheAwesome said:
I diffed some parts of the browser after the update; and I can say that Nintendo changed one or two lines of mvplayer.rpl code at most. Admittedly there were changes to the JavaScript core that I didn't look at; but they definitely haven't merged in all the latest and greatest patches, that's for sure.

Like it or not, WebKit or an associated library is the best option here. I searched around pretty thoroughly before settling on Crunchyroll; and can say the best other possible method I've found is to do with the Miiverse headshots under Sm4sh. Not exactly convenient hacking. (cc: @jam1garner? Pretty sure that's where the PNGs fit in)



The RenderArena one? I gave it a go, and couldn't get more than a null deref. If you can get user-controlled data into it I'll love you forever.
Click to expand...
Nah there is no PNGs, just JPGs and album data. I haven't looked into it too much but you could potentially exploit the album data read.
 
I used nnu patcher to download crunchy roll. I already had it installed with a fake ticket. deleting the game, deleted the fake ticket. I guess it sometimes does that, 'cause another game I deleted - the fake ticket remained in the slc. I'm still on 5.5.1, but I wanted to be prepared if I ever update. I've already deleted the update folder and am blocking updates through my laptop. I may rectify that some day, but at present, there's no reason to update. anyway, I wanted to grab the app before Nintendo removes it (if they ever do) due to exploits. ;)
 
QuarkTheAwesome said:
I diffed some parts of the browser after the update; and I can say that Nintendo changed one or two lines of mvplayer.rpl code at most. Admittedly there were changes to the JavaScript core that I didn't look at; but they definitely haven't merged in all the latest and greatest patches, that's for sure.

Like it or not, WebKit or an associated library is the best option here. I searched around pretty thoroughly before settling on Crunchyroll; and can say the best other possible method I've found is to do with the Miiverse headshots under Sm4sh. Not exactly convenient hacking. (cc: @jam1garner? Pretty sure that's where the PNGs fit in)



The RenderArena one? I gave it a go, and couldn't get more than a null deref. If you can get user-controlled data into it I'll love you forever.
Click to expand...
Oh ok, that's great. I guess Nintendo didn't want to spent time and resources for patching all the weak code. Lol. That's good news for us though.
 
This browser seems extremely limited.
iAqua said:
Yes you can load videos from the message box, locally map the homepage to a video and it'll load
Click to expand...
Is there any difference at all between running some tests in the message box vs running them in the fullscreen browser? I wouldn't think there would be and so far in all my testing, they have behaved identically both ways. I ask because it's much faster for me to test in the message box since I can back out of it, remap to a different file and try again. Instead of going into full screen browser and being forced to restart the crunchyroll application after each test.
 
Last edited by dojafoja,
I am on 5.5.2U and I downloaded Crunchyroll and updated it and there is no clickable link, will I be able to use the exploit if there is one?
 
Corredor said:
Actually, you can load an external webpage by mapping a local webpage with links. For me, it works just with some websites, as Crunchyroll and Google (the search mechanism doesn't work).
Click to expand...
You can load one external page, but from there no further external content will load (links, stuff requested by scripts, embeds etc.) This pretty heavily limits what you can do, so you're better off just injecting things into Crunchyroll.com rather than trying to redirect out of there.
 
QuarkTheAwesome said:
You can load one external page, but from there no further external content will load (links, stuff requested by scripts, embeds etc.) This pretty heavily limits what you can do, so you're better off just injecting things into Crunchyroll.com rather than trying to redirect out of there.
Click to expand...
are you planning on using this in an exploit? or use something else?
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew  [PRERELEASE] Sonic Advance 2 Wii U

Strange Blue Blinking Wii U

Hacking Homebrew Project  Modernized YouTube for Wii U

Struggling to get WiiFlow/USBLoaderGX to recognize USB sticks

Feedback  Community Overclock Stats: A5X vs B1X Motherboards

Sonic 3 AIR Wii U teaser screenshot

Wii Games Performance on Wii U (vWii C2W Overclock) – Community Testing & Results Sharing

My dad's Wii U cannot install Aroma. HELP!!