2017-07-31 16:35:07 -04:00
# ROBChain
2018-04-08 15:40:58 -04:00
PoC exploit for Super Smash Brothers Wii U to get arbitrary ROP execution under userland
2017-07-31 16:39:15 -04:00
Can go over any fighter (and possibly article) to gain arbitrary code execution (Only ROP atm). This is a variation of contenthax based around MSC (the main character scripting language) exploiting a heap overflow to gain arbitrary read/write within the MSC script. Use [pymsc ](https://github.com/jam1garner/pymsc ) to build.
2019-01-18 17:05:13 -05:00
### Build PoC
Required:
* Python 3.6 or greater in path as python3 (Edit Makefile for other configs)
* make
2019-01-23 21:31:59 +01:00
* php
* A copy of the [wiiuhaxx_common release files (>=0.3 ](https://github.com/wiiu-env/wiiuhaxx_common/releases ) inside a folder `wiiuhaxx_common.`
2019-01-18 17:05:13 -05:00
```
git clone --recurse-submodules https://github.com/jam1garner/ROBChain.git & & \
cd ROBChain/poc & & \
make clean & & make
```
### Install
Take the generated exploit.mscsb and install it in a patch over
```
/data/fighter/[fighter]/script/msc/[fighter].mscsb
```
then install via SDCafiine or fs contents replacement.
### Video of PoC
2017-07-31 16:39:15 -04:00
https://youtu.be/u3qKsbGPgn0
### Write up
2017-09-20 19:55:30 -04:00
https://github.com/jam1garner/ROBChain/blob/master/WRITE-UP.md
