Mario Kart 8 as Wii U main feat

Mario Kart 8 as Wii U main feat

MaschellDev offers us a brand new article on his blog which takes as its theme the use of Mario Kart 8 as the main exploit for the use of homebrew on Nintendo Wii U.

His blog post should give you an overview of the implementation of the Mario Kart 8 exploit as the main entry point for homebrew. Technical details and problems that have arisen during development should therefore be addressed. This time, he decided to talk about ideas that didn't work, instead of just telling you about the ideas that worked.

At the start of this year, Rambo6Glaz made another implementation of GX2, which uses a different PM4 package to manipulate the kernel. This new implementation brought the idea of implementing a kernel exploit inside an ROP chain.

In addition to the browser exploit and haxchi, there are currently three other exploits in user mode.

- ROBChain, a feat in the script of the main character of Super Smash Brothers Wii U
- a feat in the network protocol of Mario Kart 8
- a savegame feat in the Donkey Kong Tropical Freeze game.

But there is a problem with all of these exploits: None of them have access to the JIT area. This means that no access to an area in memory that is writable and executable. This makes it impossible to execute arbitrary code without a kernel exploit.

Among these exploits, that of Mario Kart 8 is special. It can be run on a previously unmodified console and could be a potential primary entry point into the system. It is for this reason that the focus has been on the exploit Mario Kart 8.

The developer then approaches the execution of the code through the exploitation of the network code of Mario Kart 8 through the launch of ROP gadgets. He explains why he was drawn to this addictive feat. He would like to thank Ramboglaz6 (alias NexoCube) who worked on this project at the same time. This post may not be the most technical or the most exciting, but that's how such a feat takes place.

All the code is on Github:

The ticket is here: MK8 Exploit

Post a Comment