Sunday, January 1, 2017

New year, same challenges...

WARNING: The following blog post is filled with the author's own opinions. Reader discretion is advised!

New year, new blog post.

I would like to start off by issuing a public apology to Wii U's homebrew developer dimok. I've given my opinion publicly about the "Mocha CFW" project and I'm afraid I may have expressed myself poorly.
I do think Mocha CFW's code base is weak. It lacks structure and has plenty of poorly optimized solutions for certain features. That doesn't mean it won't change in the future or that my work is any better.
I appreciate, like many others, dimok's contributions to the Wii U scene and I think him and other developers have been doing great work under the public eyes.
I clarified my opinions on IRC with MaschellDev, but I haven't been able to contact dimok directly yet. Meanwhile, MaschellDev brought to my attention that a Reddit user made a negative comment on dimok's work using arguments very similar to mine.
My suspicion is that some user in IRC saw my arguments and attempted to bash dimok's work with them without having a clear idea on what they meant.
I'm not going to play the drama game that has turned many developers against each other, so I'm taking this chance to publicly address dimok and apologize for my comment on Twitter and also to report that I have nothing to do with whoever made negative remarks on Reddit or whatever.

Anyway, on to more interesting things!

33C3... Unfortunately, I was unable to attend the event, but I spent the past days watching talk after talk on multiple ingenious exploitation methods and achievements.
If you have been following this blog for a while, you know I've been recently researching and developing tools for the Wii U. Therefore, I was particularly excited to know that derrek and naehrwert were going to talk about the Wii U and it's vulnerabilities.
I was glued to the live stream and watched the whole talk, but I ended up feeling very disappointed.

I'm aware that the 3DS is a much more popular console and I was already expecting it to be the main focus of the talk, with just a brief overview of the Wii U exploitation path.
On that note, Ned Williamson was certainly the star of the talk for me. While the bugs presented were nothing particularly new (UAFs, overflows), he presented novel ways to exploit them ("soundhax" and "fasthax") and was very assertive in detailing the attacks.
Hacker naehrwert only talked during the Wii U portion and detailed two distinct exploits: "ioctlvhax" and "mqhax". The "ioctlvhax" exploit was already publicly disclosed by naehrwert himself, but it's understandable why it was brought to the talk. This flaw exposes a large attack surface, both on the PPC and ARM sides.
IOSU userspace flaws were not presented during the talk, which is a bummer, but I can also understand their reasons specially due to time constraints.
A new IOSU kernel exploit was present though, "mqhax". Interesting, but nothing really groundbreaking.
It's also worth noting that IOSU userspace and kernel exploits were already available publicly and had been implemented by several people (myself included).
There was also a brief mention to "contenthax", "haxchi" and "coldboothax" which, despite the names, are not exactly exploits but design choices (a.k.a. flaws) instead.

Up to this point, nothing new was presented since fail0verflow had achieved this level of access years ago. Then came the part I was really excited for: boot1.
This was something that fail0verflow didn't manage to crack and remained the last mystery of the Wii U.
Now, I had high expectations for this so I guess it was my fault I was let down. Hacker derrek had published, quite some time ago, a tweet with boot1 key's hash were you could read "BOOT1_FAIL":
I naively assumed he had found a flaw in boot1 itself (whence boot1 + fail) and managed to blindly exploit boot1's execution and stumbled upon some silly mistake from Nintendo (like leaving a duplicate boot1's key inside boot1's binary :P).

Unfortunately, they simply confirmed something I had found and documented days before: boot0 has no useful bugs.
I had reversed and fully documented boot0 ( and even left a small note regarding the dangerous size check done on the boot1's ancast image (see "
Stages 0x15, 0x16 and 0x17").
If that size check was flawed, it would be trivial to overflow boot1's memory region into boot0's region and hijack the next instruction. I wasted a lot of time looking into this but all I could do was verify that all checks were in place.
Nonetheless, a fault injection is an attack and a lot of hackers resort to that when nothing else works. I was expecting that derrek would go into detail on his setup and the specifics of the attack, but that didn't happen. This confused me.
Why bother to include the Wii U in this talk when your most important achievement (and, actually, the only new thing to present) was going to be left out?
That made no sense to me, but that was still not the worst. Apparently, when analyzing boot1, the team found a potential bug in XML parsing. Interesting, right?
However, they got bored and didn't bother to look into it... Seriously? I get that the Wii U is not exactly popular but, again, why bring this up at all just to end with "we didn't care"?

At this point I was a bit revolted with their attitude. This talk started to sound more like a bragfest than anything useful.
Watching Ned Williamson's part caught my interest again, but then derrek proceeded to unveil how they cracked the 3DS bootROMs. Again, nothing groundbreaking, but still an incredible achievement. The bootROM was the last line of defense for the 3DS and no one had manage to break it.
I was very eager to see what kind of setup they used, since they had to resort to fault injection again, but, once more, they preferred to keep that in secret.
The last exploit presented was "sighax". Very interesting finding and somewhat hilarious to see that Nintendo had messed up RSA again.

The parting note about the Switch was completely unnecessary in my opinion and so was the remark about them being "nice" by not presenting this earlier considering they had achieved this back in the summer of 2015.

Also, after the talk was over, hacker plutoo released the group's notes on the Wii U:
Unfortunately, aside from a few tidbits, most of the documentation is very incomplete in comparison to the public documentation available at

It's great to achieve something against all odds, to break a system it's designer deemed "perfect" and learn from that experience. Unfortunately, I feel that this talk pushed things a bit too far and focused a lot on rubbing on Nintendo's face how much they suck.
I don't feel comfortable with this attitude at all. I believe there's room for healthy mockery, I mean come on, talented guys breaking a product that had millions of dollars invested in it (and in it's security) deserves some bragging.
However, we must not forget that hackers are not winning anything. Hacking consumer electronics IS illegal and it's up to these multimillionaire companies to decide the fate of perpetrators.
With that said, I really felt that this talk pushed the limits in an unhealthy way. By all means, that doesn't mean it was the only one doing that throughout the history, but after seeing something like HENkaku happening, I believe we hackers must drop the attitude a bit and start being more serious and professional in our activities.

Anyway, end of rant. I have nothing against these talented hackers and regardless of the means, they still achieved what others were unable to, so, congratulations to them all!

Moving on, I have a couple things I wish to achieve this year and I'm very happy with the results so far.
On the Wii U, I'm still going to work on hexFW, but right now my main focus is to attempt dumping boot1's key. While exploiting the Vita, I ended developing a XML fuzzing framework to look for bugs in the updatelist's parsing and I'm very eager to put it to good use in looking for that potential XML parsing bug in boot1.
For this task, I plan on attempting standard hardware fault injection techniques to replicate what derrek did. Unfortunately, while this kind of attacks aren't particularly difficult to deploy, they are very, very dangerous to the console.
What was presented during the talk relied on NAND readings to figure out the necessary timing for the attack. This requires the attacker to purposefully corrupt the Wii U's boot1 image in the NAND.
However, there might be another venue that was not explored by the group. The same size check is performed when reading a boot1 image from the SD card. This could potentially be a safer way of developing the attack, but I have yet to find out how to tell boot0 to load boot1 from the SD card (a specific event combo is needed).

As for the Vita, I have a bunch of tools I'll be releasing as necessary and tons of documentation that I'll be pushing to the HENkaku wiki. I have also recently managed to break TrustZone, but, unfortunately, the bug I've exploited was patched long ago. I suspect I stumbled upon the same bug Team molecule may have used in the past, but I plan on doing a proper write-up later on if they agree.

My next blog post will be a complete write-up on how I implemented the two public Wii U exploits to bring hexFW to life (IOS_CreateThread memset bug and uhshax). I was waiting for 33C3 just in case any of the hackers would present the IOS_CreateThread exploit, but since they decided to present "mqhax" instead and hykem is nowhere to be found, I'll just go ahead and detail my own experiences.
I believe these two exploits deserve a proper write-up and it would be a nice tribute to ex-hacker hykem who documented extensively and publicly the internals of the Wii U.

As always, stay tuned!

No comments:

Post a Comment