The-Homebrew-Cloud/ROBChain

mirror of https://github.com/wiiu-env/ROBChain.git synced 2025-10-30 19:16:08 +01:00

Go to file

Maschell b174973730 Add ropchains to setup the memory mapping and actually executing a code.bin

2020-03-06 20:06:07 +01:00

Add ropchains to setup the memory mapping and actually executing a code.bin

2020-03-06 20:06:07 +01:00

Set Makefiles to use 'python' if 'python3' not present

2020-02-11 17:53:10 -05:00

Set Makefiles to use 'python' if 'python3' not present

2020-02-11 17:53:10 -05:00

pymsc @ dfaf2f4fcc

More organization

2019-01-18 13:58:28 -05:00

Add the config files for the RPXGadgetFinder (RPXGadgetFinder) to get the needed ropgadgets

2020-03-06 19:54:25 +01:00

.gitignore

Implement a rop chain which loads another ropchain via the network.

2020-03-06 19:51:36 +01:00

.gitmodules

More organization

2019-01-18 13:58:28 -05:00

inject.py

Add file injector

2020-02-11 17:00:37 -05:00

LICENSE

Initial commit

2017-07-31 16:35:07 -04:00

Makefile

Set Makefiles to use 'python' if 'python3' not present

2020-02-11 17:53:10 -05:00

README.md

- Use wiiuhaxx_common for creating a ROP

2019-01-23 21:31:59 +01:00

robot_packed

Add file injector

2020-02-11 17:00:37 -05:00

ROP-NOTES.txt

Initial commit

2017-07-31 16:35:28 -04:00

WRITE-UP.md

Fix spelling/grammer

2017-08-06 13:23:17 -04:00

README.md

ROBChain

PoC exploit for Super Smash Brothers Wii U to get arbitrary ROP execution under userland

Can go over any fighter (and possibly article) to gain arbitrary code execution (Only ROP atm). This is a variation of contenthax based around MSC (the main character scripting language) exploiting a heap overflow to gain arbitrary read/write within the MSC script. Use pymsc to build.

Build PoC

Required:

Python 3.6 or greater in path as python3 (Edit Makefile for other configs)
make
php
A copy of the wiiuhaxx_common release files (>=0.3 inside a folder wiiuhaxx_common.

git clone --recurse-submodules https://github.com/jam1garner/ROBChain.git && \
cd ROBChain/poc && \
make clean && make

Install

Take the generated exploit.mscsb and install it in a patch over

/data/fighter/[fighter]/script/msc/[fighter].mscsb

then install via SDCafiine or fs contents replacement.

Video of PoC

https://youtu.be/u3qKsbGPgn0

Write up

https://github.com/jam1garner/ROBChain/blob/master/WRITE-UP.md