I was wondering, how does someone find a stack buffer overflow? is it ripping and wading through tons of data until one is found? what does someone look for when looking for a stack buffer overflow location?
Anti said:I was wondering, how does someone find a stack buffer overflow? is it ripping and wading through tons of data until one is found? what does someone look for when looking for a stack buffer overflow location?
fogbank said:Anti said:I was wondering, how does someone find a stack buffer overflow? is it ripping and wading through tons of data until one is found? what does someone look for when looking for a stack buffer overflow location?
If you were looking for a buffer overflow in a Wii game, for example, you would need to rip the game from the disc, decrypt it, and disassemble the executable (e.g. dol) file. Then you would need to identify an "unchecked" buffer in the program code, meaning a buffer that is assigned data without checking the length of the data first. Even then this is probably only useful if the data assigned to the buffer can somehow be manipulated by the user. Like the name of a character's horse that the user supplies when playing the game. Otherwise the program itself would be assigning the data to the buffer, and it is unlikely that the game developers would exploit their own unchecked bufferOnce an unchecked buffer is found it has to be correctly exploited to inject user generated code, otherwise the program would probably just crash.
FenrirWolf said:I thought they let you copy Wifi game saves TO a Wii, but not FROM one. That's what I recall, anyway. Maybe I'm wrong.
SifJar said:You CAN copy saves of WiFi games to an unmodded Wii, you just need to remove the NoCopy flag. In the decrypted save, there is a byte in the header.bin that makes it "NoCopy", changing it will allow it to be copied to any Wii with no issues. In a few games (only one I know of is COD:MWR) this causes the game to read the save as corrupted, but it definitely works in older games. Alternatively, you can install the save, and use Gecko OS's rebooter to copy the save, as in more recent versions of Gecko OS, this makes it remove the NoCopy flag from the save, rather than just ignore it.
Are you sure that works in an unmodded wii with no ability to run homebrew? Sometimes that nocopy flag is not used and the data resides in a folder named nocopy... system menu doesn't allow such savegames to be copied... And then if there is important stuff in that nocopy folder exploit attempt is useless. Let me check it with internet channel and see what we got there...
QUOTE(Drag0nflamez @ Jul 24 2010, 02:24 PM) Or you decrypt the savefile, get it into a HEX editor and check for user set things (like location, name). I guess this must have created the Twilight Hack. If you found a buffer overflow, you just put twilight hack code in the save, try it then put it on Hackmii including source code so others can port the save to other regions.
And please, make the exploits for games available in every region (Korea should be ignored, because their Wii catalog is so small, they just got Wii Sports Resort, and every game in there can't be exploited, it seems)
WiiCrazy said:Are you sure that works in an unmodded wii with no ability to run homebrew? Sometimes that nocopy flag is not used and the data resides in a folder named nocopy... system menu doesn't allow such savegames to be copied... And then if there is important stuff in that nocopy folder exploit attempt is useless. Let me check it with internet channel and see what we got there...
WiiCrazy said:Indeed,
You can't copy Internet Channel's save from nand->sd but you can copy it patching system menu. Then you can copy that save back from sd card to nand without doing any patching...
Btw, possibly there are numerous attack vectors in Internet Channel... Why? It's savefile is just some binary plus lots of configuration text... Still it's not a good candidate for exploiting though
Tried one wifi game Tatsunoko vs Capcom, same way it copies back perfectly... So Fenrirwolf is right... To sum it up, it's possible to exploit wifi games too (unsure of those games that use nocopy folders...Tatsunoko was not one of them)