WiiU Browser Exploit Leaked, Possible Vita Compatibility?
The Wii U scene has been up in arms over a web browser exploit that was recently leaked (then later on, officially released). Though the files were only recently leaked, Nintendo had already partially patched the exploit in firmware 5.0.
The files are readily available to the public, but won’t do anyone without access to a web server any good (though it’s reasonably easy for anyone to set on up on their local network. If required, some tools will definitely show up). I personally don’t own a Wii U but we all know that leaks hurt any scene more than they help. That being said, since the files are readily available I decided to test them out. On the PC the exploit simply shows up as an empty iframe, but when tested on on the Vita, this exploit appears to put the Vita into an infinite loop on the browser. I made a YouTube video of the exploit in action on my Vita you can watch below.
For those of you reading this on your Vita you can check out the Wii U browser exploit in action by following this link. http://hackinformer.com/p/wiiu/index.html
So what does this mean for the Vita, could a possible native Vita hack come from this? In the hands of the right devs could this lead to the first Vita CFW? Or is it little more than an auto reloading browser?
Don’t get your hopes too high: Fail0verflow had explained a while ago that the reason such exploits can run on the Wii U is because the NX bit is not set within the browser on the Wii U. This, as far as we know, is not the case on the PS Vita (and has been confirmed at least by Yifan Lu here).
Nonetheless, it is interesting to see this Wii U hack running on our beloved handheld, and people might find additional vulnerabilities on the Vita that could make this useful eventually.
Please direct all comments/questions/flames to me on Twitter @heleius or here on the forums. 🙂
Source and downloads: Marionumber1 on bitbucket
That would be crazy if another scene accidentally unlocked the vita for us. I would love to see what home brews could be crated from a native vita cfw although we all k ow the risks that would run from that.
I’m more interested to know how well properly coded emulators for newerish systems like N64, or PS2, or possibly Gamecube would run on native Vita CFW. The Vita certainly has the power to handle emulating those systems but it would take a talented dev to properly code the emulator. This has me a bit excited. If a native Vita CFW comes from this I’ll never update my Vita firmware again. It’s not like any decent, non-JRPG, games are coming out for it any time soon. And with the rebranding of the VIta TV to Playstation TV it seems Sony is losing interest in support the Vita beyond selling it as a PS4 companion device.
I Def agree with you. So long have I wanted a functional ps2 emu on the vita. I have mastered the r2/3 and l2/3 simulated buttons and can only hope for this, Lol. Now with tnv-9.5 I am willing to update my second vita considering the extra 12mb have been added for all fw. I would cherish that as the days are long. Lol
The vita cannot handle PS2/Gamecube hardware emulation. No way. You realize what beefy PC you need to run those emulators?
Gamecube? Don`T make yourself look like a fool! YOu need about 1000x of the power to emulate something that does not have same kind of processor (e.g. RISC => CISC). ARM is not the same as the PowerPC. Emulating a PowerPC costs 4 Ghz of Power, which PS Vita does not have. Every High-End-PC comes into sweat-breaking, when using “Dolphin” do just emulate a little bit faster gamecube, called Wii!
PS Vitas CPU does not run with 1 Ghz, but rather guessed 500 Mhz. Each CPU-core only can run with around 500 Mhz and thus is faaaar to slow to even emulate Gamecube. But for N64 => there you go. And you could emulate PSP but thats it. Gamecube is nowhere to reach without powerful PC today. And with Powerful i mean, having more than 2 CPU-core with more than 3 Ghz! And i mean at least a core 2 Quad-cpu type of cpu. At least! Thats what Power today means.
PS Vita is not slow- but you cannot use all 4 cores of PS Vitas ~500 Mhz quadcore for gaming. One of those cpu-cores is locked and cannot used in games, as its used for things like downloading, notifications, chatting etc. Thus not available.
Another of those cores is used for sound-calculations in games. So- don`t expect wonders if you emulate a gamecube-485 Mhz cpu.
I would expect PS Vitas cpu to be about only 2-3x as powerful as the Gamecube Gekko. And that is solely cause it does have 3 usable cores for games.
it happened a few times (infinite loop, that’s it) to mine, without any exploit. so i bet at NO.
There are a couple things about this though, its still only a partial exploit to begin with and I bet people would need to modify the files a little bit for proper compatibility with the Vita/PS4.
specifically, the entire ROP chain would be different for the vita.
*gets ready to buy his first vita if vita gets a full exploit!!*
People who leak things need a Plug in their leak. And they need to be flogged.
I don’t know why having tight lips is such a rarity. You could beat your wife and I wouldn’t tell anyone.
I think whats causing the browser to reload, over and over again is the fact that it is running out of memory to use maybe? because it seems (to me) the buffer overlow that the wii u exploit is using is adding a whole lot of string to itself then…maybe the ps vita is attempting the same thing, but once it reaches the maximum amount of string memory the variable is allowed to hold it reloaded the page, instead of letting it go past it and potentially over wright important data… although i am still kind of a noob when it comes to programming o.o ive only had 1 year of experience with c++ programming and that has usually been fixing buffer overlows or memory leaks or out of range errors that i caused… lol … i could be entirely wrong though
The browser reloading is most likely caused by it crashing as a result of running the exploit. I should point out that despite what many people believe, this exploit is not a buffer overflow. It’s a use-after-free that allows us to control a vtable from Javascript. This vtable is mistakenly used by WebKit code (due to a bug) to make a virtual function call, giving us control of the browser thread. From there, we run a ROP chain to copy and execute our shellcode.
Even if it is a possible exploit, is it even possible to turn this into proper one?
I mean we don’t have any debugger or some sort for vita to correctly inject the code using the exploit.
The same happen to me trying to open the Vandal page. And the link open it on iPad Crsh the browser 😀
Ummm….Pretty sure I already did this for vita I just didn’t release my method…Its been in the forum for almost a month now…
Wii U seems to have NX bit.
If not , we don’t have to use ROP.
Yes, it always had NX enabled and fail0verflow never said otherwise. Even in the browser, NX is still active. The difference between the browser and other Wii U apps is that the browser has a specical area of memory, called the codegen area, which you’re allowed to write to and then make executable. This is necessary for Javascript JITs. The ROP chain copies code to the codegen area from a Javascript buffer, turns it executable, and jumps to it.
interesting……..
Its just an reloading scrept, nothing interesting
No, A reloading exploit would be just that, this is different.
Yes, what’s most likely happening is that the browser is running the exploit, crashing because the exploit is designed for Wii U and not Vita, then reloading the browser.