Hacking Finding memory boundaries quickly

BullyWiiPlaza

BullyWiiPlaza

Nintendo Hacking <3
OP
Member
Level 11
Joined
Aug 2, 2014
Messages
1,932
Trophies
0
XP
2,477
Country
Germany
As you guys know it can be annoying to freeze if you access a bad memory range and you don't know how big the App MEM2 region is? Wrong! This can be prevented quite easily by tracking down the boundaries with the OSEffectriveToPhysical() function. I'll just leave this JGecko U Java code here for anyone who is enlightened by this binary search implementation :P

Code: 
private static int getMemoryBoundary(int startingAddress, int lastAddress, boolean convergeDownwards) throws IOException
{
    int middle = (lastAddress - startingAddress) / 2 + startingAddress;
    int physicalAddress = CoreInit.getEffectiveToPhysical(middle);

    while (true)
    {
        // Is it mapped?
        if ((physicalAddress != 0 && convergeDownwards)
                || (physicalAddress == 0 && !convergeDownwards))
        {
            lastAddress = middle;

        } else
        {
            startingAddress = middle;
        }

        int previousMiddle = middle;
        middle = (lastAddress - startingAddress) / 2 + startingAddress;

        // The middle does no longer update, algorithm terminates
        if (previousMiddle == middle)
        {
            break;
        }

        physicalAddress = CoreInit.getEffectiveToPhysical(middle);
    }

    return middle;
}
For Mario Kart 8 for example the output of this code...
Code: 
Connector.getInstance().connect("192.168.178.35");

int boundary = getMemoryBoundary(0x10000000, 0x50000000, false);
System.out.println("Upper Bound: " + Integer.toHexString(boundary).toUpperCase());
boundary = getMemoryBoundary(0x01800000, 0x10000000, true);
System.out.println("Lower Bound: " + Integer.toHexString(boundary).toUpperCase());

Connector.getInstance().closeConnection();
... is the following:
Code: 
Upper Bound: 4E11FFFF
Lower Bound: E17FFFF
Indeed, these are the last readable address boundaries. It took 29 iterations to find the first one so it's not too slow (about 2 seconds).

This is how NWPlayer123 did it but it's not very efficient how it seems.

Note:
This will be a feature in Gecko U so just in case you're worried that this is too nerdy and hard for you to make use of, you're pretty much covered.
 
Last edited by BullyWiiPlaza,
  • Like
Reactions: OriginalHamster and oldsk00l

Site & Scene News

Go to forum More news

Popular threads in this forum

Gaming  Online services for the 3DS and Wii U have been shutdown. Here is how to get back online!

Hacking Hardware  Wii U No Display (Logs dumped)

Super Mario Maker Save Collection (All Event and Staff Courses Preserved, 3DS Mario Challenge Port, and More)

Hacking Gaming  Xenoblade Chronicles X - Lifeline and Enhancement Mod

Watch videos on Wii U, offline, saved on SD?

Can you hack your wii u with something other than sd card

Pretendo not working with updated games?!

Hacking Hardware  Broken WII U, MLC replaced with an SD card De_fuse 0.8 not working

General chit-chat
Help Users
  • K3Nv2 @ K3Nv2:
    Sorry I sat on them when they were open
  • AncientBoi @ AncientBoi:
    eeewww
  • K3Nv2 @ K3Nv2:
    I thought it was the toilet
  • AncientBoi @ AncientBoi:
    lol
  • AncientBoi @ AncientBoi:
    okies. Time to go watch YT paranormal ghost things. L8er my luvs :D
     +1
  • K3Nv2 @ K3Nv2:
    I got a massive clue
  • BakerMan @ BakerMan:
    this mf def ain't watching ghost shit, he boutta beat his meat fr
     +1
  • K3Nv2 @ K3Nv2:
    Nah he's about to be the ghost in your bedroom
     +1
  • Xdqwerty @ Xdqwerty:
    @K3Nv2, and leave ectoplasm all over the place
  • BakerMan @ BakerMan:

    this is him being described
     +2
  • Xdqwerty @ Xdqwerty:
    Sigh
  • SylverReZ @ SylverReZ:
    @AncientBoi, https://www.youtube.com/watch?v=7jUWpmU-X8k
  • Xdqwerty @ Xdqwerty:
    Yawn
  • SylverReZ @ SylverReZ:
    https://www.youtube.com/watch?v=pRSjvck1WTI
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, I dislike the kind of drm where you have to play single player games online all the time bc of some verification bs
     +1
  • SylverReZ @ SylverReZ:
    @Xdqwerty, Don't use games that have Easy Anti-Cheat as its been exploited many times.
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, my PC can't run most AAA games so i wont
     +1
  • Xdqwerty @ Xdqwerty:
    Most of the modern AAA games
     +1
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, I also heard one of the Prince of Persia games was so unfinished that it required the "24/7 online" drm so a puzzle could be done and the game could be finished. And that when the Ubisoft servers were closed the (cracked) game was impossible to finish or something like that
  • SylverReZ @ SylverReZ:
    @Xdqwerty, That's extra scummy. Ubisoft nowadays ship out incomplete games like Skull and Bones which was being worked on for nearly a decade now.
     +1
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, i think they have been doing that since late 2000s
     +1
  • Xdqwerty @ Xdqwerty:
    Either that or their old games were unfinished aswell but we can't notice it
  • Psionic Roshambo @ Psionic Roshambo:
    I like that games can be fixed after the fact, hate that it's being abused via beta tests... And DLC... I was a 7800 owner back in the day and loved Impossible Mission, turns out I couldn't beat it because it was actually impossible lol
  • Psionic Roshambo @ Psionic Roshambo:
    I never knew about it at the time but a fixed version was available but you had to mail in your broken copy lol
  • Psionic Roshambo @ Psionic Roshambo:
    So that version is semi rare
    Psionic Roshambo @ Psionic Roshambo: So that version is semi rare