JsTypeHax/README.md

# JsTypeHax

Wii U browser exploit for system version 5.5.x (5.5.1 and 5.5.3 has been tested,
but any 5.5.x should work).  

The exploit may even work on older versions, but this has not been tested yet.

# Usage

Requires a valid payload (`"code550.bin"`) in the root dir and the release files
from the [wiiuhaxx_common repo](https://github.com/wiiu-env/wiiuhaxx_common/releases)
inside a subfolder called `"wiiuhaxx_common"`.  

The environment after getting code execution is **very** fragile. It's recommended
to use the [JsTypeHax_payload](https://github.com/wiiu-env/JsTypeHax_payload) to
get into a limited, but stable one.

# Useful tips

- **Make sure to run the exploit via a link (like the `index.php`), visiting
the exploit page (`index-hax.php`) directly may fail.**  
- If you have any issues, try to reset your browser save data.
- Don't visit any other pages before doing the exploit (open browser -> open
  index.php -> click on "HAXX")

# Requirements
A webserver with php support.

# The bug

`CVE-2013-2857`, Use after free https://bugs.chromium.org/p/chromium/issues/detail?id=240124 .

# Credits

- JumpCallPop, jam1garner, hedgeberg: Inital exploit
- yellows8: ROP
- orboditilt: increasing stability
Add a readme 2019-01-06 18:23:43 +01:00			`# JsTypeHax`

Add a "landing page" as index.php Update the README to add useful tips and some more information 2019-01-15 11:26:39 +01:00			`Wii U browser exploit for system version 5.5.x (5.5.1 and 5.5.3 has been tested,`
			`but any 5.5.x should work).`
Add a readme 2019-01-06 18:23:43 +01:00
Add a "landing page" as index.php Update the README to add useful tips and some more information 2019-01-15 11:26:39 +01:00			`The exploit may even work on older versions, but this has not been tested yet.`

			`# Usage`

			Requires a valid payload (`"code550.bin"`) in the root dir and the release files
			`from the [wiiuhaxx_common repo](https://github.com/wiiu-env/wiiuhaxx_common/releases)`
			inside a subfolder called `"wiiuhaxx_common"`.

			`The environment after getting code execution is very fragile. It's recommended`
			`to use the [JsTypeHax_payload](https://github.com/wiiu-env/JsTypeHax_payload) to`
			`get into a limited, but stable one.`

			`# Useful tips`

Update README.md 2023-06-27 16:13:42 +02:00			- **Make sure to run the exploit via a link (like the `index.php`), visiting
Add a "landing page" as index.php Update the README to add useful tips and some more information 2019-01-15 11:26:39 +01:00			the exploit page (`index-hax.php`) directly may fail.**
			`- If you have any issues, try to reset your browser save data.`
			`- Don't visit any other pages before doing the exploit (open browser -> open`
			`index.php -> click on "HAXX")`
Reducing the amount of hardcoded (rop)values and payloads. Now you can just put in your payload in form of a "code.bin". 2019-01-07 00:32:47 +01:00
			`# Requirements`
			`A webserver with php support.`
no message 2019-01-06 18:26:35 +01:00
Add a readme 2019-01-06 18:23:43 +01:00			`# The bug`

Use a different ropchaintype to increase stability. 2019-01-13 13:19:20 +01:00			`CVE-2013-2857`, Use after free https://bugs.chromium.org/p/chromium/issues/detail?id=240124 .

			`# Credits`

			`- JumpCallPop, jam1garner, hedgeberg: Inital exploit`
			`- yellows8: ROP`
			`- orboditilt: increasing stability`