Skip to content
/ ROBChain Public

PoC exploit for Super Smash Brothers Wii U to execute arbitrary ROP in userland

License

MIT license
17 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jam1garner/ROBChain

BranchesTags

Repository files navigation

ROBChain

PoC exploit for Super Smash Brothers Wii U to get arbitrary ROP execution under userland

Can go over any fighter (and possibly article) to gain arbitrary code execution (Only ROP atm). This is a variation of contenthax based around MSC (the main character scripting language) exploiting a heap overflow to gain arbitrary read/write within the MSC script. Use pymsc to build.

Build PoC

Required:

git clone --recurse-submodules https://github.com/jam1garner/ROBChain.git && \
cd ROBChain/poc && \
make clean && make

Install

Take the generated exploit.mscsb and install it in a patch over

/data/fighter/[fighter]/script/msc/[fighter].mscsb

then install via SDCafiine or fs contents replacement.

Video of PoC

https://youtu.be/u3qKsbGPgn0

Write up

https://github.com/jam1garner/ROBChain/blob/master/WRITE-UP.md

About

PoC exploit for Super Smash Brothers Wii U to execute arbitrary ROP in userland

Topics

wiiu smash wii-u exploitation msc wiiu-hacking

Resources

Readme

License

MIT license
Activity

Stars

17 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages