Close

Results 1 to 8 of 8
  1. #1
    DF Moderator EvilBoB's Avatar
    Join Date
    Jan 2001
    Location
    Bedfordshire
    Posts
    6,351
    Thanks
    580
    Thanked:        619
    Karma Level
    565

    Default Exploit for 5.5.0 and 5.5.1

    Hykem is still working on his exploit apparantly but spotted this over the weekend : [Only registered and activated users can see links. ]

    This repo contains Wii U Internet Browser exploit(s) under PowerPC userland, for libstagefright vuln(s). This was designed for the Internet Browser, but this could be used with anything requesting MP4s over plaintext HTTP in theory(titles which use mvplayer.rpl), if one would update the payload heap addr/etc used in the source. This requires the following repo:[Only registered and activated users can see links. ]This repo is based on a seperate repo, that repo is from November 2015.
    If payload-loading would be implemented in wiiuhaxx_common itself at some point, then the payload-heap-addr mentioned here wouldn't be needed/matter anymore.
    Supported system-versions for "browserhax_fright_tx3g_wiiu.php":

    • 5.3.2: This isn't fully supported since the payload-heap-addr is off.
    • 5.4.0
    • 5.5.0
    • 5.5.1: Originally this exploit was thought to be fixed via doing manual code-RE(hence why it was released when it was). However, that was actually wrong due to misreading that code: this exploit works fine as-is on 5.5.1(no testing on 5.5.1 was done before release, only code-RE).

    To use this you must host the exploit script on a server, then you must setup wiiuhaxx_common as documented in that repo. If you're going to use libwiiu with your payload binary, then you must use a coreinit.h which actually supports your system-version. The max size of the final payload(loader included) is 0x4000-bytes, so your input payload max size is a bit less than 0x4000-bytes(the script will throw an error if the size is too large). Once all setup, just access an URL like the below one where "browserhax_fright_tx3g_wiiu.php" is hosted, with the browser.
    Note that issues occur when the final URL you use is too long, so you should keep it short like with the following: "http(s)://{server}/wiiuhaxx.php?sysver={version listed in wiiuhaxx_common}". This hasn't been debugged yet.
    The only known time this exploit has ever failed pre-native-code-exec(on a supported system-version), was when the URL was too long as described above. However, this is mostly with testing with just one open tab(in particular with automatically loading the page).
    Browser HTTP(S) URLs

    As of 5.5.1 the only HTTP(S) URLs for code-binaries under Internet Browser "code/" are: internal-testing URLs, web-searching, "favorites" URLs, the Wii U version of the browser-filter also used for JPN-New3DS([Only registered and activated users can see links. ]), etc. That is, as of 5.5.1 there's no known Wii U equivalent to the following with 3DS: [Only registered and activated users can see links. ]


    Anyone know if this can be used with any loaders yet?
    DF Moderator
    XBox One | Panasonic 4k | MS Surface Pro 3 | 3DSXL | WiiU | RPi3
    XBL : TheSumOfAllEvil

  2. #2
    DF Jedi iNSPECTA's Avatar
    Join Date
    Dec 2005
    Location
    UK
    Posts
    1,590
    Thanks
    230
    Thanked:        267
    Karma Level
    292

    Default Re: Exploit for 5.5.0 and 5.5.1

    There's been some success running loadiine on 5.4.0 (as the old kernel exploit works fine).

    Few pong demos and image draw demos for 5.5.0 & 5.5.1 (as the kernel exploit has been patched. Needs IOS or a private kernel exploit to be released).

    Thanks to iNSPECTA

    EvilBoB (25th January 2016) 


  3. #3
    DF Moderator EvilBoB's Avatar
    Join Date
    Jan 2001
    Location
    Bedfordshire
    Posts
    6,351
    Thanks
    580
    Thanked:        619
    Karma Level
    565

    Default Re: Exploit for 5.5.0 and 5.5.1

    Typical. I hadn't used my WiiU for a while as I had been between houses and I plugged it in, walked out of the room to get a drink and when I walked back in the missus tells me she started an update as it popped up on the screen lmao. I've disabled my wifi no so staying on 5.5.0.

    Thanks for the info. I'll be keeping my ear to the ground.
    DF Moderator
    XBox One | Panasonic 4k | MS Surface Pro 3 | 3DSXL | WiiU | RPi3
    XBL : TheSumOfAllEvil

  4. #4
    DF Jedi iNSPECTA's Avatar
    Join Date
    Dec 2005
    Location
    UK
    Posts
    1,590
    Thanks
    230
    Thanked:        267
    Karma Level
    292

    Default Re: Exploit for 5.5.0 and 5.5.1

    Best thing to do now is stick the tubehax DNS into your connection settings.

    It is recommended to deleted all current connections and add a new one with the tubehax DNS (this ensures deletion of any DNS cache).

    Use 107.211.140.065 as both primary and secondary DNS.

    This blocks eshop and updates but still allows you to play games online and use the browser to execute exploits that aren't self hosted.

    2 Thanks given to iNSPECTA

    crazyal (3rd May 2016), EvilBoB (27th January 2016) 


  5. #5
    DF Jedi iNSPECTA's Avatar
    Join Date
    Dec 2005
    Location
    UK
    Posts
    1,590
    Thanks
    230
    Thanked:        267
    Karma Level
    292

    Default Re: Exploit for 5.5.0 and 5.5.1

    Exploit leaked last night for 5.5.0 & 5.5.1

    3 Thanks given to iNSPECTA

    EvilBoB (3rd May 2016), fanni (3rd May 2016), WRATH OF BOD (3rd May 2016) 


  6. #6
    DF Moderator EvilBoB's Avatar
    Join Date
    Jan 2001
    Location
    Bedfordshire
    Posts
    6,351
    Thanks
    580
    Thanked:        619
    Karma Level
    565

    Default Re: Exploit for 5.5.0 and 5.5.1

    Quote Originally Posted by iNSPECTA View Post
    Exploit leaked last night for 5.5.0 & 5.5.1
    Awesome news. Can finally dust off the console
    DF Moderator
    XBox One | Panasonic 4k | MS Surface Pro 3 | 3DSXL | WiiU | RPi3
    XBL : TheSumOfAllEvil

  7. #7
    DF Jedi plug1's Avatar
    Join Date
    Jan 2001
    Location
    glesga
    Posts
    1,931
    Thanks
    359
    Thanked:        233
    Karma Level
    332

    Default Re: Exploit for 5.5.0 and 5.5.1

    Bah , iv bought all the games worth having , is there much home brew out yet ?

  8. #8
    DF PlaYa Hippie on hill's Avatar
    Join Date
    Mar 2002
    Location
    Nottingham UK
    Posts
    738
    Thanks
    101
    Thanked:        136
    Karma Level
    238

    Default Re: Exploit for 5.5.0 and 5.5.1

    It's still early days imo

    There's a list here
    wiki.gbatemp.net/wiki/List_of_WiiU_homebrew

Similar Threads

  1. Exploit 360 v1.0.1.0
    By Raptor in forum Microsoft Consoles
    Replies: 0
    Last Post: 2nd October 2011, 10:30 PM
  2. Exploit 360 v1.0.0
    By Raptor in forum Microsoft Consoles
    Replies: 0
    Last Post: 11th September 2011, 04:00 PM
  3. 2.5 Exploit Found!
    By stimpy in forum Hall Of Shame
    Replies: 5
    Last Post: 15th November 2005, 11:15 AM
  4. Possible 2.50 Overflow Exploit
    By Spennyboy in forum Sony Handhelds
    Replies: 4
    Last Post: 14th November 2005, 03:46 PM
  5. mc exploit
    By wreksta in forum Sony Consoles
    Replies: 0
    Last Post: 23rd September 2004, 03:34 PM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •