diff --git a/README.md b/README.md index 634163f..1d1dbe6 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ # JsTypeHax Wii U browser exploit for system version 5.5.2 and 5.5.3. -This PoC currently uses the homebrew launcher 1.4 payload, you can find the original file [here](https://github.com/dimok789/homebrew_launcher/releases/download/1.4/codebin.zip) . -To create a own usable payload, grab any `code550.bin` and `wiiuhaxx_loader.bin` from the [wiiuhaxx_common repo](https://github.com/wiiu-env/wiiuhaxx_common/releases) and place it in root of this repo. -Afterwards you can convert it to a JS arrays using `codebin2js.py`, replace line 53-56 on the `index.html` with this output. +Requires a valid payload ("code550.bin") in the root dir and the release files from the [wiiuhaxx_common repo](https://github.com/wiiu-env/wiiuhaxx_common/releases) inside a subfolder "wiiuhaxx_common". -# Dependencies -Python 3 +Tested with the [homebrew launcher 1.4 payload](https://github.com/dimok789/homebrew_launcher/releases/download/1.4/codebin.zip) + +# Requirements +A webserver with php support. # The bug diff --git a/codebin2js.py b/codebin2js.py deleted file mode 100644 index 3b587b3..0000000 --- a/codebin2js.py +++ /dev/null @@ -1,46 +0,0 @@ -import struct -import os - - -j = 0; - -payload = "" -try: - f = open("wiiuhaxx_loader.bin", "rb") - while True: - B = struct.unpack(">B", f.read(1))[0]; - payload += "0x%02x, " % (B) - j+=1 -except: - payload += "\n" - -for i in range(j&0x03): - payload += "0x00, " -payload += "\n" - -payload += "0x00, 0x80, 0x00, 0x00,\n" -j+=4 - -try: - f = open("code550.bin", "rb") - while True: - B = struct.unpack(">B", f.read(1))[0]; - payload += "0x%02x, " % (B) - j+=1 -except: - payload += "" - -for i in range(j&0x03): - payload += "0x00," -payload += "\n" - -#nop -nop = ""; -for i in range(j, 0x8000, 4): - nop += "0x60, 0x00, 0x00, 0x00, " -nop += "\n" - -print("[") -#print(nop) -print(payload) -print("]") \ No newline at end of file diff --git a/index.html b/index.html deleted file mode 100644 index b25ec82..0000000 --- a/index.html +++ /dev/null @@ -1,258 +0,0 @@ - - - - diff --git a/index.php b/index.php new file mode 100644 index 0000000..467d81c --- /dev/null +++ b/index.php @@ -0,0 +1,174 @@ + + + + + + diff --git a/startServer.bat b/startServer.bat deleted file mode 100644 index f4e3ade..0000000 --- a/startServer.bat +++ /dev/null @@ -1 +0,0 @@ -python -m http.server \ No newline at end of file diff --git a/wiiuhaxx_common_cfg.php b/wiiuhaxx_common_cfg.php new file mode 100644 index 0000000..4e00951 --- /dev/null +++ b/wiiuhaxx_common_cfg.php @@ -0,0 +1,6 @@ + \ No newline at end of file