2017-07-31 22:35:07 +02:00
# ROBChain
2018-04-08 21:40:58 +02:00
PoC exploit for Super Smash Brothers Wii U to get arbitrary ROP execution under userland
2017-07-31 22:39:15 +02:00
Can go over any fighter (and possibly article) to gain arbitrary code execution (Only ROP atm). This is a variation of contenthax based around MSC (the main character scripting language) exploiting a heap overflow to gain arbitrary read/write within the MSC script. Use [pymsc ](https://github.com/jam1garner/pymsc ) to build.
2019-01-18 23:05:13 +01:00
### Build PoC
Required:
* Python 3.6 or greater in path as python3 (Edit Makefile for other configs)
* make
2019-01-23 21:31:59 +01:00
* php
* A copy of the [wiiuhaxx_common release files (>=0.3 ](https://github.com/wiiu-env/wiiuhaxx_common/releases ) inside a folder `wiiuhaxx_common.`
2019-01-18 23:05:13 +01:00
```
git clone --recurse-submodules https://github.com/jam1garner/ROBChain.git & & \
cd ROBChain/poc & & \
make clean & & make
```
### Install
Take the generated exploit.mscsb and install it in a patch over
```
/data/fighter/[fighter]/script/msc/[fighter].mscsb
```
then install via SDCafiine or fs contents replacement.
### Video of PoC
2017-07-31 22:39:15 +02:00
https://youtu.be/u3qKsbGPgn0
### Write up
2017-09-21 01:55:30 +02:00
https://github.com/jam1garner/ROBChain/blob/master/WRITE-UP.md
