Browse Source

new index and readme

coltondrg? 11 months ago
parent
commit
bf0d5c43b9
2 changed files with 74 additions and 7 deletions
  1. 71
    2
      README.md
  2. 3
    5
      index.html

+ 71
- 2
README.md View File

@@ -1,3 +1,72 @@
1
-this is the code in use on http://u.drg.li/ and http://stupiid.ovh/
1
+# stUpiidhax: Wii U 5.5.2 browser pwn
2 2
 
3
-you can download and host it on your own if you want, but you'll require an nginx server with SSI enabled.
3
+This is the git repository for stUpiidhax, a very popular homebrew 
4
+entrypoint access gate for the Wii U's 5.5.2 firmware.
5
+
6
+- Hosted access gate urls:
7
+- http://stupiid.ovh/
8
+- http://u.drg.li/
9
+
10
+## JSTypeHax
11
+
12
+This is based on the JumpCallPop JSTypeHax (aka WiiUTest) exploit. 
13
+Unfortunately, JumpCallPop's GitHub account was removed, leaving this 
14
+repo.
15
+
16
+The latest changes to upstream are available in this repo under the 
17
+`fast` branch. While these changes do make the exploit much faster, they 
18
+also make it far less reliable. The most reliable version of the exploit 
19
+available is on the `stable` branch, which is also the version actively 
20
+hosted on my servers.
21
+
22
+## SSI
23
+
24
+Both the `stable` and `fast` branches have changes to make them 
25
+compatible with SSI, or Server Side Includes, an Nginx feature that 
26
+allows the server to generate certain parts of pages without requiring 
27
+PHP or something similar. A version of `stable` with the SSI 
28
+requirements removed is available under the `nossi` branch.
29
+
30
+## The cg Method
31
+
32
+The so-called `cg` method was used to improve reliability with some 
33
+older versions of the exploit. I no longer believe that this is 
34
+nesessary as the current `stable` exploit is quite reliable, but I 
35
+figure it's worth documenting anyway.
36
+
37
+With an old version of the exploit, it seemed more effective than 
38
+placebo to run the access gate behind a very specific server 
39
+configuration. We accidentally discovered that it seemed to help if the 
40
+access gate was specifically hosted on GitHub Pages, but proxied 
41
+behind Cloudflare's POPs. We tried Cloudflare's POPs in front of a 
42
+normal server as well as GitHub Pages without Cloudflare's POPs, all 
43
+to no avail. It seems something specific about running the gate on 
44
+GitHub Pages and putting Cloudflare's DDOS protection service in front 
45
+of it would cause the exploit to become more reliable.
46
+
47
+Once again, I no longer believe this is nessesary or even useful with 
48
+the current `stable` version, but I still believe that it's worth 
49
+noting.
50
+
51
+The cg method was accidentally discovered by 
52
+[Creation_](https://twitter.com/CreaTion_DG) and researched extensively 
53
+by myself.
54
+
55
+## Self-hosting
56
+
57
+Self-hosting the exploit can help improve the reliability if you have a 
58
+slow internet connection. You can checkout the `nossi` branch of this 
59
+repo and host it with any old webserver, or you can checkout the 
60
+`stable` branch and host it with Nginx, assuming SSI is enabled (simply 
61
+put `ssi on;` in the config file). More detailed instructions for 
62
+self-hosting may be posted soon.
63
+
64
+## And Finally, Credits
65
+
66
+Once again, all credit for the exploit itself goes to JumpCallPop and 
67
+everyone else who helped him get this working. I just made a nice gateway, 
68
+helped lots of people get it working, and compiled all this information.
69
+
70
+- [Original GBAtemp thread](https://gbatemp.net/threads/webhack-on-5-5-2-jstypehax.480938/)
71
+
72
+- [ColtonDRG's Twitter](https://twitter.com/ColtonDRG)

+ 3
- 5
index.html View File

@@ -1,4 +1,4 @@
1
-<title>stUpiidhax</title>
1
+<title>stUpiidhax stable</title>
2 2
 <style>
3 3
 .align{text-align:center;}
4 4
 body{background:#222;color:#fff;}
@@ -14,9 +14,7 @@ a{color:009ac7;}
14 14
 <a href="payload/exploit.html?delta=3">3</a>
15 15
 <a href="payload/exploit.html?delta=4">4</a>
16 16
 </h2>
17
-<a href="/fast/">Go here if you want to try a new faster version</a><br/>
18 17
 <br/>
19
-If you're getting really demoralized and want another gateway to try, <a href="http://cg.stupiid.ovh/">give the cg version a shot</a> at cg.stupiid.ovh<br/>
20 18
 If you're in Europe and it's not working, try <a href="http://eur.stupiid.ovh/">this European gateway</a> at eur.stupiid.ovh<br/>
21 19
 Remember to purchase and download your Haxchi compatible VC to the internal storage before doing the exploit if you want to install Haxchi. It would suck if it finally worked but you couldn't install Haxchi.<br/>
22 20
 Try the big exploit button a few times first. Clearing your browser save data or choosing another delta might also help. The important thing is to <b><i>just keep trying</i></b>!
@@ -24,7 +22,7 @@ Try the big exploit button a few times first. Clearing your browser save data or
24 22
 <br/>
25 23
 <br/>
26 24
 <br/>
27
-This service provided by <a href="https://twitter.com/ColtonDRG">ColtonDRG</a> | <a href="https://github.com/coltondrg/stupiidhax">Source for this site</a><br/>
28
-This uses the <a href="https://github.com/JumpCallPop/JSTypeHax">JSTypeHax exploit by JumpCallPop</a><br/>
25
+Service provided by <a href="https://twitter.com/ColtonDRG">ColtonDRG</a> | <a href="https://git.drg.li/ColtonDRG/stUpiidhax">Source for this site</a><br/>
26
+This uses the JSTypeHax exploit by JumpCallPop<br/>
29 27
 git commit <!--#include file="commit.html" -->
30 28
 </div>