Go to file
orboditilt 45741b8d58 Add a "landing page" as index.php
Update the README to add useful tips and some more information
2019-01-15 11:26:39 +01:00
index-hax.php Rename index.php to index-hax.php 2019-01-15 11:17:42 +01:00
index.php Add a "landing page" as index.php 2019-01-15 11:26:39 +01:00
README.md Add a "landing page" as index.php 2019-01-15 11:26:39 +01:00
wiiuhaxx_common_cfg.php Use a different ropchaintype to increase stability. 2019-01-13 13:19:20 +01:00

JsTypeHax

Wii U browser exploit for system version 5.5.x (5.5.1 and 5.5.3 has been tested, but any 5.5.x should work).

The exploit may even work on older versions, but this has not been tested yet.

Usage

Requires a valid payload ("code550.bin") in the root dir and the release files from the wiiuhaxx_common repo inside a subfolder called "wiiuhaxx_common".

The environment after getting code execution is very fragile. It's recommended to use the JsTypeHax_payload to get into a limited, but stable one.

Useful tips

  • Make sure to run the exploit via an link (like the index.php), visiting the exploit page (index-hax.php) directly may fail.
  • If you have any issues, try to reset your browser save data.
  • Don't visit any other pages before doing the exploit (open browser -> open index.php -> click on "HAXX")

Requirements

A webserver with php support.

The bug

CVE-2013-2857, Use after free https://bugs.chromium.org/p/chromium/issues/detail?id=240124 .

Credits

  • JumpCallPop, jam1garner, hedgeberg: Inital exploit
  • yellows8: ROP
  • orboditilt: increasing stability