PoC exploit for Super Smash Brothers Wii U to execute arbitrary ROP in userland
Go to file
2017-08-06 04:39:13 -04:00
generate_string.py Initial commit 2017-07-31 16:35:28 -04:00
LICENSE Initial commit 2017-07-31 16:35:07 -04:00
mario.mscsb Initial commit 2017-07-31 16:35:28 -04:00
README.md Update README.md 2017-07-31 16:39:15 -04:00
ROP-NOTES.txt Initial commit 2017-07-31 16:35:28 -04:00
script_0.txt Initial commit 2017-07-31 16:35:28 -04:00
Scripts Initial commit 2017-07-31 16:35:28 -04:00
string.bin Initial commit 2017-07-31 16:35:28 -04:00
string.txt Initial commit 2017-07-31 16:35:28 -04:00
WRITE-UP.md Add a writeup for those who want to know how it works 2017-08-06 04:39:13 -04:00

ROBChain

PoC exploit for Super Smash Brothers Wii U to get arbitrary code execution

Can go over any fighter (and possibly article) to gain arbitrary code execution (Only ROP atm). This is a variation of contenthax based around MSC (the main character scripting language) exploiting a heap overflow to gain arbitrary read/write within the MSC script. Use pymsc to build.

Video

https://youtu.be/u3qKsbGPgn0

Write up

Coming soon