A Wii U DNS exploit.
The technical write-up can be found here!
- Place all files required for booting into your homebrew environment on your SD Card (for example from aroma.foryour.cafe).
- Place a RPX you want to boot on the root of your SD Card and rename it to
launch.rpx(for example PayloadFromRPX). - On your Wii U head over to System Settings -> Internet -> Connect to the Internet and setup a new connection (Recommended!).
- Go to (X) Connection List and select your newly created connection.
- Select Change Settings -> DNS -> Do not auto-obtain.
- Enter
85.215.57.182as the Primary DNS and select Confirm. - Press (B) Back and select Connection Test.
Your console will now start a connection test which should freeze after a few seconds.
After waiting for a few more seconds you should be greeted by the DNSpresso splash screen and your console will boot the launch.rpx.
The following steps are for selfhosting on Debian 12, and should be treated as an example setup.
- Disable the systemd-resolved
DNSStubListener(otherwise you get an error that port 53 is already in use): See here or here. - Install dnslib:
apt install python3-dnslib- Edit
REDIRECT_IPandSTAGE2_IPindnsserver.pyto your server IP. - Run the server (use screen or a systemd service to keep it running permanently):
python3 dnsserver.py- (Optional) To setup the landing page install a webserver:
apt install apache2
cp index.html /var/www/html/index.htmland add something like this to your apache2 configuration to redirect all requests to the document root:
# Redirect all traffic to document root
RewriteEngine On
RewriteCond %{REQUEST_URI} !=/
RewriteRule ^ / [R=302]- Forescout Research Labs and JFrog Security Research for INFRA:HALT.
- @dimok789 for mocha and @Maschell for the MochaPayload.
- decaf-emu for a lot of IOS documentation.
- Also thanks to: Maschell, Lazr1026, Nightkingale, quarky, rw-r-r-0644, exjam, vgmoose, and a lot of other people from the Wii U scene!