mirror of
https://github.com/wiiu-env/ROBChain.git
synced 2024-11-23 08:59:42 +00:00
PoC exploit for Super Smash Brothers Wii U to execute arbitrary ROP in userland
| homebrew | ||
| kexploit | ||
| poc | ||
| pymsc@dfaf2f4fcc | ||
| utils | ||
| .gitignore | ||
| .gitmodules | ||
| inject.py | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| robot_packed | ||
| ROP-NOTES.txt | ||
| WRITE-UP.md | ||
ROBChain
PoC exploit for Super Smash Brothers Wii U to get arbitrary ROP execution under userland
Can go over any fighter (and possibly article) to gain arbitrary code execution (Only ROP atm). This is a variation of contenthax based around MSC (the main character scripting language) exploiting a heap overflow to gain arbitrary read/write within the MSC script. Use pymsc to build.
Build PoC
Required:
- Python 3.6 or greater in path as python3 (Edit Makefile for other configs)
- make
- php
- A copy of the wiiuhaxx_common release files (>=0.3 inside a folder
wiiuhaxx_common.
git clone --recurse-submodules https://github.com/jam1garner/ROBChain.git && \
cd ROBChain/poc && \
make clean && make
Install
Take the generated exploit.mscsb and install it in a patch over
/data/fighter/[fighter]/script/msc/[fighter].mscsb
then install via SDCafiine or fs contents replacement.
Video of PoC
Write up
https://github.com/jam1garner/ROBChain/blob/master/WRITE-UP.md