From 416bec26c7a2ee81a03dc00477643f1aba835910 Mon Sep 17 00:00:00 2001
From: orboditilt <45944072+orboditilt@users.noreply.github.com>
Date: Mon, 7 Jan 2019 00:32:47 +0100
Subject: [PATCH] Reducing the amount of hardcoded (rop)values and payloads.
Now you can just put in your payload in form of a "code.bin".
---
README.md | 10 +-
codebin2js.py | 46 -------
index.html | 258 ----------------------------------------
index.php | 174 +++++++++++++++++++++++++++
startServer.bat | 1 -
wiiuhaxx_common_cfg.php | 6 +
6 files changed, 185 insertions(+), 310 deletions(-)
delete mode 100644 codebin2js.py
delete mode 100644 index.html
create mode 100644 index.php
delete mode 100644 startServer.bat
create mode 100644 wiiuhaxx_common_cfg.php
diff --git a/README.md b/README.md
index 634163f..1d1dbe6 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,12 @@
# JsTypeHax
Wii U browser exploit for system version 5.5.2 and 5.5.3.
-This PoC currently uses the homebrew launcher 1.4 payload, you can find the original file [here](https://github.com/dimok789/homebrew_launcher/releases/download/1.4/codebin.zip) .
-To create a own usable payload, grab any `code550.bin` and `wiiuhaxx_loader.bin` from the [wiiuhaxx_common repo](https://github.com/wiiu-env/wiiuhaxx_common/releases) and place it in root of this repo.
-Afterwards you can convert it to a JS arrays using `codebin2js.py`, replace line 53-56 on the `index.html` with this output.
+Requires a valid payload ("code550.bin") in the root dir and the release files from the [wiiuhaxx_common repo](https://github.com/wiiu-env/wiiuhaxx_common/releases) inside a subfolder "wiiuhaxx_common".
-# Dependencies
-Python 3
+Tested with the [homebrew launcher 1.4 payload](https://github.com/dimok789/homebrew_launcher/releases/download/1.4/codebin.zip)
+
+# Requirements
+A webserver with php support.
# The bug
diff --git a/codebin2js.py b/codebin2js.py
deleted file mode 100644
index 3b587b3..0000000
--- a/codebin2js.py
+++ /dev/null
@@ -1,46 +0,0 @@
-import struct
-import os
-
-
-j = 0;
-
-payload = ""
-try:
- f = open("wiiuhaxx_loader.bin", "rb")
- while True:
- B = struct.unpack(">B", f.read(1))[0];
- payload += "0x%02x, " % (B)
- j+=1
-except:
- payload += "\n"
-
-for i in range(j&0x03):
- payload += "0x00, "
-payload += "\n"
-
-payload += "0x00, 0x80, 0x00, 0x00,\n"
-j+=4
-
-try:
- f = open("code550.bin", "rb")
- while True:
- B = struct.unpack(">B", f.read(1))[0];
- payload += "0x%02x, " % (B)
- j+=1
-except:
- payload += ""
-
-for i in range(j&0x03):
- payload += "0x00,"
-payload += "\n"
-
-#nop
-nop = "";
-for i in range(j, 0x8000, 4):
- nop += "0x60, 0x00, 0x00, 0x00, "
-nop += "\n"
-
-print("[")
-#print(nop)
-print(payload)
-print("]")
\ No newline at end of file
diff --git a/index.html b/index.html
deleted file mode 100644
index b25ec82..0000000
--- a/index.html
+++ /dev/null
@@ -1,258 +0,0 @@
-
-
-
-
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..467d81c
--- /dev/null
+++ b/index.php
@@ -0,0 +1,174 @@
+
+
+
+
+
+
diff --git a/startServer.bat b/startServer.bat
deleted file mode 100644
index f4e3ade..0000000
--- a/startServer.bat
+++ /dev/null
@@ -1 +0,0 @@
-python -m http.server
\ No newline at end of file
diff --git a/wiiuhaxx_common_cfg.php b/wiiuhaxx_common_cfg.php
new file mode 100644
index 0000000..4e00951
--- /dev/null
+++ b/wiiuhaxx_common_cfg.php
@@ -0,0 +1,6 @@
+
\ No newline at end of file