What are the differences between exploits?

Discussion in 'Wii U - Hacking & Backup Loaders' started by Bryan Vázquez, Apr 15, 2015.

  1. Bryan Vázquez
    OP

    Bryan Vázquez Member

    Newcomer
    39
    7
    Nov 26, 2014
    Arecibo, Puerto Rico
    What I mean by this, is what are the differences between (for example) userland exploit and a kernel exploit?
    What limits are to them?

    thanks! :)
     
  2. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States
    A userspace exploit is the first step to doing anything. It provides initial code execution, but under the restrictions of Cafe OS and IOSU. You can actually do quite a bit in userspace, like using Nintendo's libraries to write apps. Relys demonstrated this with his Pong demo. But userspace limits your control to your app's own code: it can't change its memory mappings, access other processes, or get full access to the CPU and hardware. A (Cafe OS) kernel exploit is needed to allow all those things.
     
  3. capito27

    capito27 GBAtemp Advanced Fan

    Member
    873
    1,005
    Jan 19, 2015
    Swaziland
    Would you mind also adding what an ISOU would achieve, concretely ?
     
  4. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States
    Direct access to storage, network, USB, and DRH hardware (not that useful), defeating restrictions on storage access for apps, replacing FS or disc calls to access another source (emuNAND and backup loading, respectively), getting most Starbuck keys, using the Trinux loader, and probably more stuff I forgot.
     
  5. Bryan Vázquez
    OP

    Bryan Vázquez Member

    Newcomer
    39
    7
    Nov 26, 2014
    Arecibo, Puerto Rico
    Okay! So, is there a guarantee of a kernel exploit if one has control of userspace?
     
  6. loco365

    loco365 GBAtemp Guru

    Member
    5,458
    2,673
    Sep 1, 2010
    It's possible, but it really depends. Userland is usually sandboxed, however, it's been proven again and again that it is possible to break out of imposed sandboxes. Picture it like this:

    You're in a park, sitting in a literal sandbox, however, there's plexiglas around it. You want to leave, but you can't break the glass, or climb the slippery surface, making escape seemingly impossible. However, from time to time, sandboxes have holes in them that people can pry open. In this example, you have a shovel, and you start digging a hole to escape the sandbox by digging underneath the glass to escape. When leaks in a sandbox occur, it's like having the shovel in this area. As long as there isn't something to stop you outright, it's usually possible to escape the sandbox limitation and gain full access to the system.
     
  7. NWPlayer123

    NWPlayer123 GBAtemp Addict

    Member
    2,629
    6,226
    Feb 17, 2012
    United States
    The Everfree Forest
    As of 5.3.2, yes. We have verified that our exploit hasn't been patched, it's just a matter of being able to use it (with the initial Webkit exploit). Until they patch it (which is doubtful considering how long it's been that people have been exploiting it), we're in the clear.
     
    Margen67 likes this.
  8. Bryan Vázquez
    OP

    Bryan Vázquez Member

    Newcomer
    39
    7
    Nov 26, 2014
    Arecibo, Puerto Rico
    Alright! Thanks for the replies. I know the exploit will work on 5.3.2, I just wanted to actually understand what most people are talking about. :)
     
    TotalInsanity4 likes this.