Jump to content

Mario Kart 8 primary userland exploit for the WiiU


¿Quieres enterarte al momento de las nuevas descargas? Síguenos en Twitter!

Actual implementation (base ROP chain to ACE) of the exploit Kinnay found in the WiiU version of Mario Kart 8. Running this will boot the homebrew launcher.

    Requirements

    • A WiiU
    • Two NNIDs logged into your WiiU
    • A computer logged on the same network than the console

    README, for real

    • The exploit may not work on the first try (~85% success rate)
    • Do not run any homebrew using memory before launching MK8 (like TCPGecko, Cafiine or Diibugger)

    How to use

    1. Edit exploit.py and fill in your Nintendo Network IDs + console informations
    2. Edit main_exploit.py and edit the local computer IP
    3. Run make to build the payload0 binary (you need devkitPro + devkitPPC)
    4. Go on your WiiU, log on the victim NNID
    5. Open MK8, go online and host a private match, stay in the "earth menu", make sure you're alone in the room
    6. Start stage0.py and press ENTER (leave it in the background), then start main_exploit.py and press ENTER
    7. Wait for the game to reboot and rehost a private match, stay in the "earth menu", make sure you're alone in the room
    8. Start stage1.py and press ENTER (leave it in the background), then start main_exploit.py and press ENTER
    9. It should open the HOME Menu, return to the WiiU Menu, and tadaa, magic, you're on the HBL

    Credits

    • Kinnay for the Nintendo Clients library that allows use to communicate with NEX game servers and its protocols.
    • Maschell for working with me on this exploit (and being as addicted as i was doing this), there was a lot of co-operation
    • Rambo6Glaz / NexoCube / TheBrick for working on this, and all the chains here.
    • wiiu-env for the payload_loader that's inside payload0/main_hook.h

    by NexoDevelopment.


    ¿Tienes alguna duda, petición o aporte? Utiliza el foro!

    ×
    ×
    • Crear nuevo...