Hacking how to find an exploit?

[Heran Bago]

Usually, you don't "search" for a vulnerability, you find it by seeing a crash, or by knowing an unpatched bug in the browser and trying it.
Nintendo doesn't use their own browser but Opera, which is open source so they NEED to release the source code for that program. Analyzing the sources can help find vulnerabilities, if you understand what would make the browser crash.

If you really want to "search" (and not find), then you need to first understand how the chipsets are working (PPC, ARM, ASM, registers, etc.)
then what's good or bad coding (like using string comparison instead of memory comparison to compare two strings --> it's the Wii vulnerability)
then either analyze the sources, or decompile existing programs to get ASM sources (machine language) and understand what's happening in low level and could be exploited.

it could be race attacks (registers not correctly verified before read, or random slowdown allowing another program to edit it between two accesses -> this is the current OSDriver exploit we are using on 5.3.2)
It could be encryption algorithm bug (like PS3), so you need to learn cryptology.

So, to search/find exploit, you need to understand low level coding.
And you don't decide to search for it, usually you find an issue by understanding how everything is working. you look at the sources, decompile programs, etc. and you learn from it, see what happens, and if you are a good developer you notice something that the nintendo developers should have done better and you know why, so you see if you can use that vulnerability to do anything with that "bug" (or bad coding style from official devs). That's not always possible, not all errors can be exploited.

Good on you giving a legit answer, your patience is admirable.

 

[Cyan]

I always try to help. even if it's the 100th times a user ask the same question, it's the 100th for me not for him.
we all should help instead of being sarcastic or mean.

If we don't have anything to provide, we shouldn't even post and let someone else take care of it.
now, the forum is full of kids (or immature adults who likes to bully other people?), so it's hard to have a nice discussion in all threads.
hopefully there are still a lot of helping users with legit answers.

 

[TheZander]

so everyone is under the the impression this is a genuine request for guidance? i kind of figured he was joking and it was just a little dry. 'im just learning to code... i know it wont be enough... do i just connect my pc to the wiiuu...'

i dont know maybe on second read its not funny at all. no blatant winks towards being facetious.

edit: does telling him look for vulnerabilities really help? you guys are already surmising what his question was. i think you could let that slide the case on semantics.

read some boring books on security and encryption, try and recreate an already existing exploit. figure out those things front to back and then try to exploit a tam

 

[Cyan]

unfortunately, this question comes back very often.
A lot of people think exploits can be searched given they made a hello wold program and therefore have coding "knowledge".
I understand some users think it's a joke or troll question.

he thinks it's a legit question, even if it seems a joke to ask that question for you because you understand how far away he is from the truth. he just want to know how far he is from being able to hack a console, program homebrew and what it takes to exploit a vulnerability.
Seeing that he wants to find exploit and not vulnerability gives us a good information to his knowledge in this domain (pretty much nothing). He needs direction and maybe a "back to reality" explanation post that few users gave him already. Someone needs to tell him why he can't do it, or how much he still needs to learn.

I would recommend him to start writing homebrew first, to understand the targeted console architecture and environment. that will be a big step in the direction he chose.
Reading a lot of information, like wiibrew, wiiubrew, etc., or, even if not recommendable, official SDK documentation (illegal if not an official dev, but I know a lot of people read them to understand how the console is working, memory area, existing functions, etc.)

At least, he has a goal and hope to reach it. it's good way to achieve anything and he needs to keep that target in mind. it can be hard, he can forfeit, but some users start small and achieve a lot (look at smealum !).
Things in common in all devs/hackers : curiosity ! never give up, always be curious, learn all you want.

Edit:
I saw your edit.
That's also a good way to start. reproducing existing hacks/exploits, do lot of exercises and understand how it works, instead of wanting to find new ones.


Edit2:
https://gbatemp.net/threads/some-hacking-concepts-and-links.287721/
could be helpful to learn different hacking methods, from software to hardware.

 

[-pm-]

Actually, I think the answers in this thread were astonishing helpful already (what's wrong with you guys, this is gbatemp!), so I have not that much to add to it; one thing I want to point out is, what an vulnerability really is - on a specific example, or at least something which is already the essence, the summary of an example.

It might be a benefit to know how it was done before, as the Wii U is a system based upon the Wii, which was based on the GameCube. But don't be greenish, as developers at least try not to make an error twice (there are already automated systems to point out such known faults, or 'regressions')

No one out there is stupid and therefore, no one at Nintendo would write code like

searchForHomebrew();
if (homebrewIsOnSDCard()) {
    executeHomebrew();
}

I really doubt this, as Nintendo has high interest in providing content they think is valuable and high-quality, like Apple does (in its own way). But probably, its common knowledge it wouldn't be easy.

Therefore, as already stated, modern gaming devices usually use cryptography, as they now know that "we" are able to create hardware devices (referencing to for example the USB Gecko, which docks on the EXI Bus on the Gamecube / Wii, providing full access to the hardware via USB. Or early flashcards on consoles before) which may be able to break their closed environment concept - and cryptography is way harder to break than some plain wires.

On the Wii, Nintendo combined several aspects, as each console contains an unique id / key, as a hardware secret. To give some background:

The custom made Hollywood GPU Chip contained an ARM-Co-Processor called Starlet (supporting the PowerPC main cpu in a way like an operating system would, providing interfaces for hardware and so on - the so called IOS) - and this custom made ARM 'starlet' for itself contained an one-time-programmable (OTP) storage chip, which doesn't contain much but 128 byte (4x32), that the security system relies on.

Those 128 byte are enough to contain
- Encryption Keys for storing Software from Wii Shop
- A random number generation seed (→ each systems rand()-functionality can behave differently)
- A hash for the bootloader (boot1 on NAND, NAND = Flash storage in the console, the Wii does have 512MB of it)

and is written on production. As it is an OTP, it is only one time writeable and after that readonly.

The boot sequence of the Wii is divided into several stages - boot0 to boot2; boot0 is contained inside of starlet on a different chip - a ROM (readonly memory) - and is the first code the system runs on powerup.

This code does not really more than pulling boot1 from the first pages of the NAND. As the code of boot0 needed to be very compact - it had to fit into 4 Kilobytes of storage - Nintendo's developer couldn't integrate everything they might need for a "proper" boot. It doesn't know anything about filesystems, network or software updates, nothing. It only contains everything needed for accessing the NAND Storage and initializing the PowerPC main cpu environment, so that boot1 could continue - but wait, there's more.

As Nintendo needed to harden their hardware against "us", they put a barrier in there to hinder us just flashing a "Pr0 Piracy and Homebrew Custom ROM", as already happened on other systems. They knew, if anybody would be able to put anything of the NAND, the system would be able to execute anything. This is something Nintendo wouldn't want, as they are a company.

Therefore, they used a cryptographic hash function to *check* if the loaded code is "in summary" something around the expected value - a kind of checksum.

You can imagine that - strongly simplified - like if I would add every byte I read to a 32-bit-Counter, like

    1
+   2
+   3
+   4
=  10

I - the programmer - know that the sum must be 10 and this is my checksum for the code I read. This provides me the advantage that the storage needed to ensure the correct data is a minimum, as I can reconstruct the correctness by a specific formula. If I got anything else than '10' as a result, its pretty sure not the code I expected. Unfortunately, this genius trick has some flaws - as

    5
+   3
+   1
+   1
=  10

also gives the right checksum, but has completely different data. This is an attack we call "hash collision". But this kind of attack is way too hard to achieve, because Nintendo of course doesn't use a simple math operation but more complex - like RSA and SHA-1. The wii system even comes with a cryptographic hardware support unit, which allows it to easily use cryptography for nearly everything.

This unit is also used at a later point to check if the code which is coming from game discs is cryptographicly signed by Nintendo - such a sign is loosely comparable to such a checksum described before.

Unfortunately, and here is where the magic of vulnerability comes in, the developers at Nintendo probably relied too much on the un-break-able hardware encryption unit - well, there's not that much to do wrong. You (as a Nintendo EAD Technology Hardware Developer) have your reference checksum (cryptographic hash, cryptographic sign, whatever) and some data you want to verify. You initialize that hardware unit (setup the keys you have, which should be used by Nintendo to create the signage / hash), stream the data you want to verify (like the binary you want to execute) and the hardware unit returns a checksum.
Now, everything you have to do is compare the actual checksum returned by the chip to the one you have and believe to be valid ("the reference").

And if those two checksums don't match, do everything but DONT execute the code, as it isn't validated by Nintendo.

Therefore, someone may come to the code

if (strncmp(payload_hash, sig_hash, SHA1_LENGTH) != 0) {
    // GOTO FAIL
}

as the c-stdlib 'strncmp' - http://www.cplusplus.com/reference/cstring/strncmp/?kw=strncmp - returns if there is at least one difference in between both supplied strings with a maximum length of the specified SHA1_LENGTH (which should be 20 or 40 then). And every hash coming from the cryptographic engine has the same length, those 20/40 bytes.
Everything seems to be okay, doesn't it?

Well... actually, nope, it doesn't.
strncmp has *also* the characteristic - as it should compare C-STRINGS - that it stops comparing, when it finds an '0'-Byte, which is a standard for termination in C-Strings. And if you are able to manipulate *one* of the two checksums - like the one you read from NAND, Disc or anywhere else - you also are able to set the first byte to exactly this '0'-Byte termination mark.
strncmp compares the first character, sees there's a '0'-Byte, ends abruptly (hello, string ending!) - and returns 'no differences!', as there were no differences yet in the sequence - we just started comparing.

This is some sort of summary of the wii bug we know nowadays as 'trucha bug'.
Nintendo soon fixed it, as the fix was trivial (use memcmp - http://www.cplusplus.com/reference/cstring/memcmp/ - instead of strncmp, as it checks exactly the specified length, not more and not less) - but this kind of bug was wide-spread.

It allowed us many things to do - create the homebrew channel, but also make the wii semi-unbrickable via 'BootMii' as custom boot2-replacement / custom bootloader, as we were able to run unsigned code.

Of course, knowledge of trucha may not help on the Wii U, but this was just an example of an actual exploitable vulnerability. It shows up what could be expected *at least* from the Wii U in terms of security and hardening.
Other possibilities to look at are DMA-Components (like breaking out of modern virtual machines by using GPUs DMA-Abilities, which requires to execute own shader programs; imagine this like your program is unable to overwrite the operating system as it detects this and stops your program because of simple memory protection; but the GPU has the ability to write to RAM, designed to return results or status fields independently from the OS - and might be able to actually overwrite it via a custom shader program [i don't say this works on wii u, this is an example what could be!] - usually, a DMA Controller Chip should block such operations, but you never know if you don't try that out) or the already stated known flaws of an opensourced but outdated browser engine (webkit, which is used by Nintendo on the Wii U) as an initial entrance door to the Wii U, like it was done before already on System Software < 5.4.0 / 5.5.0. It allows you to get own data to the Wii U easily by setting up a local webserver. If your own webserver transfers data to the Wii U Webbrowser (as requested by the user via entering the URL of the local webserver), which is then not correctly handled by webkit rendering engine (for example a buffer overflow whilst javascript execution), you might be able to execute some native code, which then could be used to break out of the virtual machine environment (if the wii u uses something like that) and pewpew, you mastered the system.

Someone may correct me if I got something wrong, as I wasn't involved breaking the Wii, I currently feel more homelike in the mobile department (GB/GBA/DS/3DS). Its just my understanding and interpretation of what happened on the Wii.

You might notice, to understand, whats going on, you need to go beyond what an usual programmer does. If you want to find an vulnerability, you not only need to know vaguely that you got a wii u in front of you and it runs some software like a pc would; you need to master the system, tame its software and find a way to get own code running by poking the code it runs already until it does something you want - its kind of detective work, but in a more technical, engineering way - as it is reverse engineering gone further. You need to be simply better than the developers of the original system - or at least the faulty parts.

Just visiting courses on computer science and studying books about 'this and that does work this way' isn't enough, as it takes you only to the 'usual programmer level', even if it is the base requirement for anything beyond. You might then be able to create homebrews, but you will be still unable to find and use vulnerabilities, as it requires you to know - or guess - what others did and what they could have improved on that. And, as already stated before in this thread, the good knowledge of C and C++ AND the assembly language of the platform you want to study (there isn't 'the one assembler'! The Wii already has at least 3 different assembly languages involved: PowerPC Assembler, ARM Assembler (starlet) and the shader assembler for the GPU) is an essential advantage.

I wish you good luck and stay strong - its never wrong to learn, but don't be disappointed if you are not done learning when the next console generation starts - who knows, maybe you are the one who breaks nx, nobody knows.

You said it already, at least you try; this is good. And I think, its important to have a dream which seems to be impossible to reach for most ones out there - as it gives you a target, a direction. This helped me much to learn, what I learned in all the past years and allowed me to get the job I do today.

--
I'd added some detail information.
In terms of Wii U, there were talks on the chaos communication congress a few years ago, they may be of interest for you:
- Wii U Gamepad (as it is an independent system)
- Console Hacking

This year, smea is present on the chaos communication congress (according to the Fahrplan), talking about what happened to the 3DS and how they broke its security.
I bet, this year there will be also livestreams of that event, like the years before - and it gives good opportunity to learn how to achive such things.

 

[TheZander]

i dont personally know anything, i couldnt hack my way out of a paper bag. i jave no idea his comprehension level. thats pretty tricky with the first post and a vague description of starting to code...

i guess i dont know how people learn these types of skills which arent really taught in school 'wii hackong 101' but i know network/ computer security is pretty close

 

[EclipseSin]

i dont personally know anything, i couldnt hack my way out of a paper bag. i jave no idea his comprehension level. thats pretty tricky with the first post and a vague description of starting to code...

i guess i dont know how people learn these types of skills which arent really taught in school 'wii hackong 101' but i know network/ computer security is pretty close

Computer Forensics/Science/Programming/Security are fields which are helpful and are taught in school/college. If you want to do it at home without school, it's going to take longer unless you have a good understanding/learning capacity already. That said, some learn faster by doing than reading. So go mess with some sources if it feels right.


Here are a couple sites I've used in the past.
http://www.learn-c.org/
http://www.learncpp.com/
http://www.tutorialspoint.com/assembly_programming/
http://www.pravaraengg.org.in/Download/MA/assembly_tutorial.pdf

 

[ryuutseku85]

Thanks to all the supporter and screw you alll the hater , just like I said before : at least I try ! And what are you doing in your corner ? Nothing , you came here every night and day and crying to the devs to know when they will release they work .... Just like someone said ( do not remember who ) try to do it yourself ....

Thank you for all the explanation , and for some of you who are interested try to search something call libstagefright .... It s use for the 3ds and yellow8 say that it still on on the Wii u .

 

[Deleted User]

Thanks to all the supporter and screw you alll the hater , just like I said before : at least I try ! And what are you doing in your corner ? Nothing , you came here every night and day and crying to the devs to know when they will release they work .... Just like someone said ( do not remember who ) try to do it yourself ....

Thank you for all the explanation , and for some of you who are interested try to search something call libstagefright .... It s use for the 3ds and yellow8 say that it still on on the Wii u .

To help you out finding vulnerabilities, here's the link to the Open-Source Software that Nintendo distributed.

https://www.nintendo.co.jp/support/oss/

I think it's all webkit stuff, but like the helpful others said, you can examine that said source code and get to grips with how the browser works!

 

[BullyWiiPlaza]

If 10 year oldish people ask for how to make Wii U exploits it's quite obvious that troll answers are attracted. You're like light-years away from what you're asking for. In English you by the way don't put a space before dots, that's for French so this is really where you need to start, learning proper English. In fact, I would be surprised if you even managed to learn how to write, compile & run a hello world program 1 year after posting this topic. As soon as this topic dies you will definitely have stopped caring. People who ask like that are not to be taken seriously by default. Yes, I'm uber toxic but because it's true from experience. Thank me later for being right. Don't waste your time on spoon-feeding these kiddies

 

[Deleted User]

If 10 year oldish people ask for how to make Wii U exploits it's quite obvious that troll answers are attracted. You're like lightyears away from what you're asking for. In English you by the way don't put a space before dots, that's for French so this is really where you need to start, learning proper English. In fact, I would be surprised if you even managed to learn how to write, compile & run a hello world program 1 year after posting this topic. As soon as this topic dies you will definitely have stopped caring. People who ask like that are not to be taken seriously by default. Yes, I'm uber toxic but because it's true from experience. Thank me later for being right. Don't waste your time on spoon-feeding these kiddies

Good advice. If people have little-to-no experience of coding or hacking, and make (dick?) moves asking how to find a vuln, then they are certainly going to attract the haters in a flash. But obviously, everyone needs to respect eachother anyway, whether it's a n00b question or not. It doesn't excuse people's behaviour against the new and the curious. It's not like they're gonna instantly find an old thread about the same topic either (the search function sucks, for god's sake), so to be honest, I would hold back the hate and give them the answer once more. Insulting doesn't make things any better.

 

[FaTaL_ErRoR]

If 10 year oldish people ask for how to make Wii U exploits it's quite obvious that troll answers are attracted. You're like light-years away from what you're asking for. In English you by the way don't put a space before dots, that's for French so this is really where you need to start, learning proper English. In fact, I would be surprised if you even managed to learn how to write, compile & run a hello world program 1 year after posting this topic. As soon as this topic dies you will definitely have stopped caring. People who ask like that are not to be taken seriously by default. Yes, I'm uber toxic but because it's true from experience. Thank me later for being right. Don't waste your time on spoon-feeding these kiddies

Actually, this is wrong . . . . . Yep spaces before dots....lolol . . . .
It is by far easier to teach someone who is genuinely interested in learning that has little to no knowledge then it is to teach someone with a ton of knowledge in the incorrect area.
Someone with heavy knowledge in x86 programming will have a difficult time with ARM RE. Someone with no knowledge will not be attempting to program from a different language they are used to writing in. (because they don't have that knowledge of other structures)
Sure there will be more learning involved but there won't be any other stuff getting in their way. Everything they learn won't be overlooked because they aren't looking for familiar coding. (because nothing is familiar yet)
Things in other types of structure IE x86, ect may be vulnerable to certain attacks that ppc or ARM are not. They won't have that comparison to go by so they won't be held back by attempting to exploit that area because to them it is already not exploitable.
Many great hackers never attended one class in computer forensics or computer programming. Many of the greats never completed high school.
Everything learned was learned on their own. Self education on hacking in general and a strong will to break it is usually how they make their claim to fame. Don't be so quick to dismiss people, did you have a bad childhood?? Would explain your general bitterness.


My advice to the OP would be to spend little time in already exploited vulnerabilities in older nintendo architecture as most of it is fixed on the newer console. And spend more time with the unknown. One area I can for sure tell you is worth looking into is during the "checking disc" (aka checking format and set up of usb device)
IOS is very vulnerable. To the point that telling it to reset does just that. (This holds true for every device on the market currently not just the wii u)
It is doing a full read on the device and a ton of it's security protocol is terminated during this process. A little bit of firmware alteration to the usb device and some knowledge on IOSU and you have a viable entrypoint. From there it will be a series of attacks that cause IOSU to basically shut down (at least from a security aspect) and allow code execution. Sound simple? It's not really as simple as it sounds. There is a tremendous amount of information that needs to be learned. But, I have faith that you will become a very knowledgeable person in the art of hacking.
Best advice would be to ignore the hate from all websites and just get to work. Keep your mind open and don't become discouraged when attempts fail. Also, learn to know when to stop attempting to exploit a vulnerability that you are having trouble with executing and move on to another area to exploit. With that also don't give up too quickly and don't assume since nothing happened with 5 minutes of attempts that it is no longer exploitable.
And many times patches to already existing exploits only require slight changes to re exploit. As in making flooded attempts at something that has been "patched" sometimes will also resurrect a once thought to be patched exploit. Most of the time the patch attempts to resolve the issue by returning either the rendered item (by actually displaying it) or it sends "fail". Sometimes if requested enough times that area that is patched becomes very vulnerable once again because it still hasn't processed the original request before it was sent to it 100 more times. This can cause it to leak and can allow for a buffer overflow. And now you have a new/old functional exploit. Anyway, you have much learning to do so I will leave you to it.

 

[Deleted User]

Actually, this is wrong . . . . . Yep spaces before dots....lolol . . . .
It is by far easier to teach someone who is genuinely interested in learning that has little to no knowledge then it is to teach someone with a ton of knowledge in the incorrect area.
Someone with heavy knowledge in x86 programming will have a difficult time with ARM RE. Someone with no knowledge will not be attempting to program from a different language they are used to writing in. (because they don't have that knowledge of other structures)
Sure there will be more learning involved but there won't be any other stuff getting in their way. Everything they learn won't be overlooked because they aren't looking for familiar coding. (because nothing is familiar yet)
Things in other types of structure IE x86, ect may be vulnerable to certain attacks that ppc or ARM are not. They won't have that comparison to go by so they won't be held back by attempting to exploit that area because to them it is already not exploitable.
Many great hackers never attended one class in computer forensics or computer programming. Many of the greats never completed high school.
Everything learned was learned on their own. Self education on hacking in general and a strong will to break it is usually how they make their claim to fame. Don't be so quick to dismiss people, did you have a bad childhood?? Would explain your general bitterness.


My advice to the OP would be to spend little time in already exploited vulnerabilities in older nintendo architecture as most of it is fixed on the newer console. And spend more time with the unknown. One area I can for sure tell you is worth looking into is during the "checking disc" (aka checking format and set up of usb device)
IOS is very vulnerable. To the point that telling it to reset does just that. (This holds true for every device on the market currently not just the wii u)
It is doing a full read on the device and a ton of it's security protocol is terminated during this process. A little bit of firmware alteration to the usb device and some knowledge on IOSU and you have a viable entrypoint. From there it will be a series of attacks that cause IOSU to basically shut down (at least from a security aspect) and allow code execution. Sound simple? It's not really as simple as it sounds. There is a tremendous amount of information that needs to be learned. But, I have faith that you will become a very knowledgeable person in the art of hacking.
Best advice would be to ignore the hate from all websites and just get to work. Keep your mind open and don't become discouraged when attempts fail. Also, learn to know when to stop attempting to exploit a vulnerability that you are having trouble with executing and move on to another area to exploit. With that also don't give up too quickly and don't assume since nothing happened with 5 minutes of attempts that it is no longer exploitable.
And many times patches to already existing exploits only require slight changes to re exploit. As in making flooded attempts at something that has been "patched" sometimes will also resurrect a once thought to be patched exploit. Most of the time the patch attempts to resolve the issue by returning either the rendered item (by actually displaying it) or it sends "fail". Sometimes if requested enough times that area that is patched becomes very vulnerable once again because it still hasn't processed the original request before it was sent to it 100 more times. This can cause it to leak and can allow for a buffer overflow. And now you have a new/old functional exploit. Anyway, you have much learning to do so I will leave you to it.

.........

How long did it take for you to write all that?

 

[ryuutseku85]

Actually, this is wrong . . . . . Yep spaces before dots....lolol . . . .
It is by far easier to teach someone who is genuinely interested in learning that has little to no knowledge then it is to teach someone with a ton of knowledge in the incorrect area.
Someone with heavy knowledge in x86 programming will have a difficult time with ARM RE. Someone with no knowledge will not be attempting to program from a different language they are used to writing in. (because they don't have that knowledge of other structures)
Sure there will be more learning involved but there won't be any other stuff getting in their way. Everything they learn won't be overlooked because they aren't looking for familiar coding. (because nothing is familiar yet)
Things in other types of structure IE x86, ect may be vulnerable to certain attacks that ppc or ARM are not. They won't have that comparison to go by so they won't be held back by attempting to exploit that area because to them it is already not exploitable.
Many great hackers never attended one class in computer forensics or computer programming. Many of the greats never completed high school.
Everything learned was learned on their own. Self education on hacking in general and a strong will to break it is usually how they make their claim to fame. Don't be so quick to dismiss people, did you have a bad childhood?? Would explain your general bitterness.


My advice to the OP would be to spend little time in already exploited vulnerabilities in older nintendo architecture as most of it is fixed on the newer console. And spend more time with the unknown. One area I can for sure tell you is worth looking into is during the "checking disc" (aka checking format and set up of usb device)
IOS is very vulnerable. To the point that telling it to reset does just that. (This holds true for every device on the market currently not just the wii u)
It is doing a full read on the device and a ton of it's security protocol is terminated during this process. A little bit of firmware alteration to the usb device and some knowledge on IOSU and you have a viable entrypoint. From there it will be a series of attacks that cause IOSU to basically shut down (at least from a security aspect) and allow code execution. Sound simple? It's not really as simple as it sounds. There is a tremendous amount of information that needs to be learned. But, I have faith that you will become a very knowledgeable person in the art of hacking.
Best advice would be to ignore the hate from all websites and just get to work. Keep your mind open and don't become discouraged when attempts fail. Also, learn to know when to stop attempting to exploit a vulnerability that you are having trouble with executing and move on to another area to exploit. With that also don't give up too quickly and don't assume since nothing happened with 5 minutes of attempts that it is no longer exploitable.
And many times patches to already existing exploits only require slight changes to re exploit. As in making flooded attempts at something that has been "patched" sometimes will also resurrect a once thought to be patched exploit. Most of the time the patch attempts to resolve the issue by returning either the rendered item (by actually displaying it) or it sends "fail". Sometimes if requested enough times that area that is patched becomes very vulnerable once again because it still hasn't processed the original request before it was sent to it 100 more times. This can cause it to leak and can allow for a buffer overflow. And now you have a new/old functional exploit. Anyway, you have much learning to do so I will leave you to it.

Thank you sir ( or miss) what you just say make me more motivated . Indeed I do not have any barrier in front of me , I learning code , yes that's true , but I am an auto didacte for all the things that I do ( 3D , music , work , computer , drawing ... ) so I am gonna try and at least I can be proud of my self and say that I try.

 

[Ruby Gloom]

This thread reminded me that the GBATemp community is toxic as fuck

Sometimes, it's just a bunch of trolls....

 

[Sonansune]

hacking is not like normal coding

--------------------- MERGED ---------------------------

Thank you sir ( or miss) what you just say make me more motivated . Indeed I do not have any barrier in front of me , I learning code , yes that's true , but I am an auto didacte for all the things that I do ( 3D , music , work , computer , drawing ... ) so I am gonna try and at least I can be proud of my self and say that I try.

not being mean.... I doubt u can get anything other than nothing

 

[Sheimi]

That's also a good way to start. reproducing existing hacks/exploits, do lot of exercises and understand how it works, instead of wanting to find new ones.

This answers is the best answer. Creating homebrew for the system also works.

 

[FaTaL_ErRoR]

This answers is the best answer. Creating homebrew for the system also works.

That goes without saying. Cyan is a user that genuinely helps everyone with tons of stuff.
Cyan is a user that every other user on this site should attempt to model when posting....(definitely myself included)


@Voxel Studios It took longer than it should have. Honestly, I was preoccupied with other things. I honestly think it took like 10 minutes to write while I was working on something else. It was written while resting my brain from something else. (I know you were cracking at the long post but you did ask)
You can read between the lines here.....And you'll get it.
That's right...lol

 

[Soundtoxin]

Thanks for your complete answer . My goal is to make homebrew after this , and if I find something that can be helping piracy I would not release it because I do not support the piracy , after this said everyone do what he want and for those who are saying : haha he know nothing and want to hack . I just have to answer : at least I try .

Oh boy. Another moralfag. Let's start off with this: https://www.gnu.org/philosophy/words-to-avoid.en.html#Piracy

Now I want you to consider that limiting your exploit just because of what people might do with it is foolish and you might as well not even bother. Let's say you're a memester like Smea and you think "piracy" heresy, but somehow emulators are cool in your book. Now these emulators you've got running with your homebrew aren't going to run as well as they would with kernel access. This is one of the jarring differences between Smea's homeberw and what the 3DS scene on <=9.2 has cooked up.

You can't stop "piracy", and trying to will just punish the good guys as well. Let's say I'd like to buy a bunch of physical games and then make backups so I don't have to swap cartridges, basically getting the advantage of both physical and digital. Now let's say my friend wants to borrow that game. While the cartridge that I paid for is in his position, should I avoid playing my digital backup of that game since two people are playing it at the cost of one? That would be ridiculous. People lend games all the time, or sell used games. Neither gives money to the developers or publishers, however neither is THEFT either. The original was not removed. The original was not harmed. The game is becoming more well-known, and more people may even pay for it after deciding they enjoyed it. Funding games indiscriminately buy buying them all leads to as many more bad games as good games. Please think about your twisted philosophies that have been fed to you by the corporations.

 

[TheZander]

i'm seriously gone on this thread. this guy makes a simple post everyone helps him and he makes hypothetical plans in the future then you get on him for the hypothetical? this whole thing is hurting my brain.

Edit: Dude will you please clarify now? Was is a joke? I am really doubting on my detection now. You then mentioned how you're not going to support piracy once you've become a leet hacker due to all the great advice.

If I joined a car forum and made a thread asking how do I put a car together, simple as that and give no indication I know anything other than I want to put a car together. Then people post that I should read books on engines and give me diagrams and blueprints of car chastises. Then I make another post saying how I don't plan on mauling people over once I build my car or something. That would be a joke. And now I kind of feel like doing it. But that's the impression I get from this thread.
Also to further the thing I would mentioned in the first post how I'm learning to change my own oil.