- Notifications
You must be signed in to change notification settings - Fork1
PoC exploit for Super Smash Brothers Wii U to execute arbitrary ROP in userland
License
NotificationsYou must be signed in to change notification settings
jam1garner/ROBChain
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
PoC exploit for Super Smash Brothers Wii U to get arbitrary ROP execution under userland
Can go over any fighter (and possibly article) to gain arbitrary code execution (Only ROP atm). This is a variation of contenthax based around MSC (the main character scripting language) exploiting a heap overflow to gain arbitrary read/write within the MSC script. Usepymsc to build.
Required:
- Python 3.6 or greater in path as python3 (Edit Makefile for other configs)
- make
- php
- A copy of thewiiuhaxx_common release files (>=0.3 inside a folder
wiiuhaxx_common.
git clone --recurse-submodules https://github.com/jam1garner/ROBChain.git && \cd ROBChain/poc && \make clean && makeTake the generated exploit.mscsb and install it in a patch over
/data/fighter/[fighter]/script/msc/[fighter].mscsbthen install via SDCafiine or fs contents replacement.
https://github.com/jam1garner/ROBChain/blob/master/WRITE-UP.md