Wii U Hacking & Homebrew Discussion

Discussion in 'Wii U - Hacking & Backup Loaders' started by filfat, Jun 15, 2014.

  1. filfat
    OP

    filfat Musician, Developer & Entrepreneur

    Member
    1,229
    858
    Nov 24, 2012
    Latest Wide Exploited Version: 5.5.1

    Useful Links
    Block Auto Updates
    Go into the router and block the following domains:
    • nus.c.shop.nintendowifi.net
    • nus.cdn.c.shop.nintendowifi.net
    • nus.cdn.shop.wii.com
    • nus.cdn.wup.shop.nintendo.net
    • nus.wup.shop.nintendo.net
    Tools/Homebrew By The Community
    Current Public *Useful* Exploits
    (This post does not reflect Filiph Sandström's own personal opinions neither does it reflect filfat Studios AB's stand on these kind of issues/projects)
     
    Last edited by filfat, May 3, 2016


  2. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States
    NeKit and I are planning to clean up the build system and release it, along with instructions on how to use it.
     
  3. Kargaroc

    Kargaroc GBAtemp Regular

    Member
    176
    83
    Nov 29, 2013
    United States
    I wonder why you still need a ROP chain even though NX is disabled for the browser?
     
  4. filfat
    OP

    filfat Musician, Developer & Entrepreneur

    Member
    1,229
    858
    Nov 24, 2012
    Thats great, btw you wouldn't mind setting up a github so we all can work now when its up in public anyway? :)
     
    Margen67 likes this.
  5. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States

    fail0verflow never actually said that NX was disabled in the browser. NX is active just as it is on all other applications, meaning the stack and heap are still non-executable.The difference is that the web browser has a special region of memory, called the JIT or codegen area, which you're allowed to create code inside. You obviously need your own code running to copy the shellcode into the JIT area and run it. That code is the ROP chain.


    It will be a public repo, whether on Github, Bitbucket, or elsewhere.
     
    Margen67, filfat and Kargaroc like this.
  6. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    21,227
    10,081
    Apr 29, 2011
    United States
    Dr. Wahwee's castle
    Should people be advised to blacklist the Nintendo update servers so they can take all precautions to block any future updates? While this will prevent eShop access, it should still allow online gaming for those who wish to use it. Failing that, disabling auto updates and standby mode wouldn't hurt. All precautions should be considered :)
     
  7. filfat
    OP

    filfat Musician, Developer & Entrepreneur

    Member
    1,229
    858
    Nov 24, 2012
    Sure, give me a second to add that to the op :)
     
    Last edited by filfat, Aug 25, 2015
    Margen67 and the_randomizer like this.
  8. Nexus

    Nexus Newbie

    Newcomer
    5
    4
    Jun 15, 2014
    what should happen when running the webkit exploit on a exploitable firmware?

    I take it the main function in the html is var pointer = sprayInc(30000);
     
  9. Marionumber1

    Marionumber1 GBAtemp Maniac

    Member
    1,234
    3,933
    Nov 7, 2010
    United States

    It will load and execute the PowerPC shellcode that was sprayed by sprayCode().
     
    Margen67 likes this.
  10. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    21,227
    10,081
    Apr 29, 2011
    United States
    Dr. Wahwee's castle

    Would one of these IP adresses being blacklisted in the advanced router settings help with update prevention?

    96.17.161.145,
    184.50.229.137,
    184.50.229.158

    I haven't tested these personally, but other users state that it does work, but need confirmation. I refuse to update, not now, now that we're slowly but surely making progress.

    Edit: last deleted address was for eShop only, not necessary to add to blacklist.
    filfat is that exploit site supposed to be empty or is that a placeholder for when it actually does get released?
     
  11. filfat
    OP

    filfat Musician, Developer & Entrepreneur

    Member
    1,229
    858
    Nov 24, 2012
    Updated post with the IP's needed to get blocked,
    nus.cdn.wup.shop.nintendo.net
     
    Last edited by filfat, Aug 25, 2015
    the_randomizer likes this.
  12. NWPlayer123

    NWPlayer123 GBAtemp Addict

    Member
    2,629
    6,226
    Feb 17, 2012
    United States
    The Everfree Forest
    Nope, since nus == nintendo update service
     
    Margen67 and Goku Junior like this.
  13. filfat
    OP

    filfat Musician, Developer & Entrepreneur

    Member
    1,229
    858
    Nov 24, 2012
    Yeah, that makes sense.

    The website is currently hosting the latest "leak" of the exploit, so unless you are looking on it through a Wii U so is everything you will see a iframe.
     
    Margen67 and Fpsrussia117 like this.
  14. Goku Junior

    Goku Junior GBAtemp Advanced Fan

    Member
    951
    288
    Dec 27, 2013
    Argentina
    Buenos Aires, Argentina
    So, it could be stupid to ask this, but you are currently working in the exploit? you know a lot about Wii U Hacking
    Edit.
    I tried the exploit in 5.0.0 and it frezze, I know it isn't working in 5.0, but it happends the same in 4.1.0?
     
  15. kettenschutz

    kettenschutz Member

    Newcomer
    23
    4
    Jul 15, 2010
    France
    So i guess no Script was compiled, fe hello.c
     
  16. NWPlayer123

    NWPlayer123 GBAtemp Addict

    Member
    2,629
    6,226
    Feb 17, 2012
    United States
    The Everfree Forest
    Yes, I was with MN1 watching him put it all together since the very beginning, starting with me testing extracting the BootROM for him when his Wii U was broken (the release from 4 months ago that got so much fkn useless attention) up until now, and I try to help as best I can, whether it's answering questions or what.

    As for 4.1.0, hello.c basically calls OSFatal which makes the system shutdown, creates a black screen, and print a specific message, in this case "Hello from the new buffer!", and it shows up on both the gamepad and TV screen. As for the others, it depends.
     
    Margen67, filfat and Goku Junior like this.
  17. WulfyStylez

    WulfyStylez SALT/Bemani Princess

    Member
    1,149
    2,609
    Nov 3, 2013
    United States
    How'd you guys find addresses for ROP gadgets? I can't imagine it was totally trial and error...?
     
  18. Goku Junior

    Goku Junior GBAtemp Advanced Fan

    Member
    951
    288
    Dec 27, 2013
    Argentina
    Buenos Aires, Argentina
    OK, so, in 4.1.0 shows that message? or we need to have the donwloaded exploit in the SD?, because in Wii you need the SD to make exploits works (exept for letterbomb and Wilbrand) but I don't think the SD would be useful (because the Wii U ignore it) I don't lose anything by asking this.
     
  19. NWPlayer123

    NWPlayer123 GBAtemp Addict

    Member
    2,629
    6,226
    Feb 17, 2012
    United States
    The Everfree Forest
    Heheh, we kinda had some help from F0F with that.



    Yes, but the exploit is useless on an SD, this is through the web browser so you need to host it through XAMPP or something similar.
     
    Margen67 likes this.
  20. filfat
    OP

    filfat Musician, Developer & Entrepreneur

    Member
    1,229
    858
    Nov 24, 2012
    Updated <non-working-url> to show warning before the user runs the exploit.
     
    Last edited by filfat, Jan 26, 2016
    Margen67 and TeamScriptKiddies like this.