What do Nintendo Switch and iOS 9.3 have in common? CVE-2016-4657 walk-through

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=xkdPjbaLngE


Category:
Walkthrough
Duration: 18:44
314,231 views
6,933

Using the webkit bug CVE-2016-4657 to start hacking the Nintedno Switch. I have taken the first part from qwerty's iOS 9.3 jailbreak and adapt it to the Nintendo Switch. We craft a Uint32Array to get a arbitrary read/write primitive.

Demo at 16:19

The basic PoC: https://github.com/LiveOverflow/lo_nintendoswitch/blob/master/poc1.html
Phrack article: phrack.org/papers/attacking_javascript_engines.html

-=[ ❤ī¸ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#SecurityResearch #BrowserExploitation #CVE



Other Videos By LiveOverflow


2017-05-12Reversing an unkown digital protocol with an Arduino - rhme2 Whac the mole (misc 200)
2017-05-05Blind Buffer Overflow exploitation to leak secret data - rhme2 Animals (pwn 200)
2017-05-02How (not) to ask a technical question
2017-04-28Format string exploit on an arduino - rhme2 Casino (pwn 150)
2017-04-21Recover RSA private key from public keys - rhme2 Key Server (crypto 200)
2017-04-14Defeat a stack cookie with bruteforce - rhme2 Photo manager (pwn 100)
2017-04-07Attacking an Electronic Combination Lock (ft. Electronics Idiot)
2017-03-31A day in the life of a pen-tester
2017-03-24Solving AVR reverse engineering challenge with radare2 - rhme2 Jumpy (reversing 100)
2017-03-17Start reverse engineering AVR - Memory Map and I/O Registers - rhme2 Reverse Engineering
2017-03-12What do Nintendo Switch and iOS 9.3 have in common? CVE-2016-4657 walk-through
2017-03-10SHA1 length extension attack on the Secure Filesystem - rhme2 Secure Filesystem (crypto 100)
2017-03-05Using UART / Serial to interact with an embedded device - rhme2 Setup
2017-03-03riscure embedded hardware CTF is over - loopback 0x03
2017-02-25Developing an intuition for binary exploitation - bin 0x20
2017-02-17Showing various security issue of the Wifi-Cloud Hub
2017-02-14GynvaelEN Hacking Livestreams and how stack cookies work
2017-02-10How safe is a Wifi Cloud Hub Router (from hackers)?
2017-02-03Bash injection without letters or numbers - 33c3ctf hohoho (misc 350)
2017-01-27[Live] A basic Heap Feng Shui intro - 33c3ctf babyfengshui (pwn 150)
2017-01-20PHP include and bypass SSRF protection with two DNS A records - 33c3ctf list0r (web 400)


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
CVE-2016-4657
Nintendo switch
iOS
jailbreak
webkit bug
webkit exploit
webkit jailbreak
pegasus
trident
NSO group
qwertyoruiop
qwertyoruiopz
switchdev
homebrew
chrome exploit
safari exploit
modern exploitation
javascript explot
jbme
jailbreak me
9.3.X
jailbreak 9.3
iOS 9.3
switch 2.0
arbitrary read
rwx
rce
hacking switch
switch hacked
exploit
heap corruption