Views: 9,287,104 Home | Forums | Uploader | Wiki | Object databases | IRC
Rules/FAQ | Memberlist | Calendar | Stats | Online users | Last posts | Search
01-16-19 03:32 PM

0 users reading OSDriver kernel exploit released | 1 bot

Main - WiiU game hacking and emulation - OSDriver kernel exploit released New reply

Posted on 08-19-15 05:32 PM (rev. 4 of 08-20-15 01:10 PM) Link | #63429
The recent 5.5.0 update patched one of the kernel exploits that I developed, so I decided to release it yesterday. This is an exploit in the OSDriver functions, a race attack that takes advantage of improper locking. OSDriver_CopyToSaveArea() drops a spinlock before copying data into the kernel save area, allowing another core to delete the driver during the copy. You can then put something else in its place and the copy will overwrite it.

Source code is in the libwiiu repo, and shibboleet made a GBATemp guide for the end-user. Once the kernel exploit successfully runs, you can use apps that require kernel access, like TCPGecko and Cafiine. These aren't readily available yet, but A Wii U webpage for TCPGecko is here, TCPGecko's source is here, and Cafiine is lying around on NWPlayer123's computer. You can build a TCPGecko installer from libwiiu, with this code.

Greater technical details of how the exploit works are available here, for those who are interested. Thanks to comex and Hykem the Demon for helping develop this exploit.

Main - WiiU game hacking and emulation - OSDriver kernel exploit released New reply

Page rendered in 0.019 seconds. (2048KB of memory used)
MySQL - queries: 29, rows: 103/103, time: 0.015 seconds.
[powered by Acmlm] Acmlmboard 2.064 (2018-07-20)
© 2005-2008 Acmlm, Xkeeper, blackhole89 et al.