Changes

Jump to navigation Jump to search

Wii U system flaws (view source)

Revision as of 08:24, 8 November 2016

1,038 bytes added ,  08:24, 8 November 2016
no edit summary
Line 35: Line 35:     
Documented libstagefright MP4 integer overflow.
 
Documented libstagefright MP4 integer overflow.
 +
 +
===contenthax===
 +
'''Present in system versions''': All
 +
 +
'''Publicly exploited''': Yes
 +
 +
'''Discovered by''': yellows8, smea
 +
 +
The Wii U's data management system does not include provisions to validate title content integrity. As such, any game or app's contents may be altered by attackers. In particular, attackers with IOSU code execution may use FSA commands to alter the content files in USB or MLC filesystems. Alternatively, an attacker with control over certain PPC usermode processes (such as home menu or system settings) may use commands such as MCP:CopyTitle to copy title contents over from SD to MLC or USB.
 +
 +
===haxchi===
 +
'''Present in system versions''': N/A
 +
 +
'''Publicly exploited''': Yes
 +
 +
'''Discovered by''': smea
 +
 +
The Wii U Nintendo DS virtual console emulator is vulnerable to contenthax attacks. In particular, the rom parsing code lets an attacker perform fully controled arbitrary write operations, which very easily leads to ROP and code execution, because these titles are among the few that have JIT capabilities.
    
==PPC kernel exploits==
 
==PPC kernel exploits==
Smea
1

edit

Retrieved from "https://wiiubrew.org/wiki/Special:MobileDiff/2329"

Navigation menu