It is not a browser exploit, and didn't require a game.. pretty sure it would work well if someone has a dump.. I could even take a shot if someone either dumped NAND, or did SSL man in the middle during an exploit (hoping that its not encrypted beyond SSL.. but probably is).. either way msg me here, or [email protected] with SWITCH in subject...
Even if it doesn't turn out to be something useful it is nice to see people actively trying to find exploits, so good luck with everything
LOL.. check out a patent with things ive designed: http://www.freepatentsonline.com/y2015/0186296.html
then tell me if u have doubts
everything i work on is very low level (asm modifications, exploits, security.. etc).. Just not for game systems in the past...but BOTW is the first game ive played in 15 years.It's definitely a vulnerability.. whether or not code execution is to be continued.. although I'm pretty sure you can prepare memory on these devices one way or another.. its possible it may be tricky.. I won't lie about that, but a vuln it is for sure.
as i said, you may never knowLOL.. check out a patent with things ive designed: http://www.freepatentsonline.com/y2015/0186296.html
then tell me if u have doubts
It's definitely a vulnerability.. whether or not code execution is to be continued.. although I'm pretty sure you can prepare memory on these devices one way or another.. its possible it may be tricky.. I won't lie about that, but a vuln it is for sure.
A reproducible crash doesn't imply it's a vulnerability. You have to have a possibility, to load custom code (In form of a modified Savegame or a exploitable file (f.e. a exploitable image format (a PSP exploit used TIFF files to do that) inside the RAM to cause a Puffer Overflow, but that's simply not possible with a simple crash.
Last edited by DarkOrb,
True but I'm pretty sure you could setup some memory.. It is between 3 subsystems and it depends on their memory allocation functions. I will do my best to work with it a little, although its difficult since I'm traveling. I'm positive its using external manipulable resources, so it really depends on whether or not you can chain it easily (several times to inject code,etc) or maybe loading a game, or the browser and then triggering this could allow having the shell code, or other things required in memory...I'd be shocked if it wasn't a stack overflow... but your right. I don't know for sure. I'm going to do what I can but its extremely lengthy in my situation right now. I am using a phone as tether, etc...
theres a decent (30-50%) chance that this would not be something you'd want to do every time youd like to execute game code, although for jail breaking once I can see it taking place.. will post if i find out anyting further, or if i speak to anyone about it
--------------------- MERGED ---------------------------
Yes i am sure the route to go would be to use DNS hijacking, and then load memory into the device (shell code, etc) and then trigger it.. it would ensure things are in memory... whether or not it allows jumping easily to that memory is to be continued.. but from a engineer standpoint, I believe it shouldn't clear that memory, and fully deallocate before the trigger
theres a decent (30-50%) chance that this would not be something you'd want to do every time youd like to execute game code, although for jail breaking once I can see it taking place.. will post if i find out anyting further, or if i speak to anyone about it
--------------------- MERGED ---------------------------
Yes i am sure the route to go would be to use DNS hijacking, and then load memory into the device (shell code, etc) and then trigger it.. it would ensure things are in memory... whether or not it allows jumping easily to that memory is to be continued.. but from a engineer standpoint, I believe it shouldn't clear that memory, and fully deallocate before the trigger
I've been considering how the device works.. using DNS, and the browser (or manipulation of news, or eshop) should work to load things into memory for almost any exploit (whether you get to control data for a game through their own protocols like multi player, or others with the OS itself, or wifi, etc.. It should be a universal way to prepare the switch.. just for anyone to keep in mind who attempts to work on bugs for it.
Mikeg you should make a new thread about this possible exploit. It's getting quite hard to see what's going on here.
If all this is true.... I am excited to see whats going to happen!
Lots of work, research and drama from the the secretive hacking club.
A hello world leaked by "inadvertance" by some member of the project three years later.
A way to play backups made by somebody who doesn't care about morals 1 month agter the previous event.
It's not exploitable if the OS "handles" it (i.e. throws an error screen). Typically the only exploitable crashes are ones that would freeze the console or produce a RAM dump onscreen
It's an OS crash.. not game specific...
Similar threads
