- Joined
- Jun 27, 2017
- Messages
- 734
- Trophies
- 0
- Location
- The Ruins of GBATemp (3DSTemp.net)
- XP
- 2,009
- Country
- Joined
- Feb 26, 2017
- Messages
- 4,046
- Trophies
- 2
- Age
- 20
- Location
- Hollister, CA
- Website
- dionicio3.com
- XP
- 7,218
- Country
OP has a second bug (which hasn't been publicly posted) which is the "promising one" that's being referenced here. 
- Joined
- Feb 26, 2017
- Messages
- 4,046
- Trophies
- 2
- Age
- 20
- Location
- Hollister, CA
- Website
- dionicio3.com
- XP
- 7,218
- Country
Oh, must have missed thatOP has a second bug (which hasn't been publicly posted) which is the "promising one" that's being referenced here.
- Joined
- Feb 26, 2017
- Messages
- 4,046
- Trophies
- 2
- Age
- 20
- Location
- Hollister, CA
- Website
- dionicio3.com
- XP
- 7,218
- Country
If I understand correctly:
Just because an app crashes, that means it’s an exploit (as long as you have a payload in the right place) So anyone can make an exploit as long as they get an app to crash
Am I correct?
I honestly have no understanding of how exploits are even made
Just because an app crashes, that means it’s an exploit (as long as you have a payload in the right place) So anyone can make an exploit as long as they get an app to crash
Am I correct?
I honestly have no understanding of how exploits are even made
Last edited by Alex4nder001,
This is what alot of people think. The amount of threads here titled "I think i found an exploit" with the contents being an app crashing are too high. While a crash is part of most exploits, the crash has to open up a flaw in the system to allow a payload to run. Also, a crash is when a piece of software encounters an error and causes something to happen which prevents the software from continuing. Occasionally it allows an exploit but most of the time its a simple error.
*throws ds on floor*
Person: oo it crashed, must be an exploit
Everyone Else: -_-
There are two camps here with regards to exploit discovery.
1. I made Thing crash! I found exploit! I will make a thread on GBAtemp and become famous!
2. You made Thing crash? Useless! Nothing ever comes from non-programmers finding crashes! GBAfail, amirite?
Both camps here are wrong, but the truth is closer to #2.
In any event, the best thing to do if you find a crash is to contact someone with a record of exploitation and tell them about it rather than make a gbatemp thread and risk embarrassment. The hacker will give you some credit if the crash amounts to something.
1. I made Thing crash! I found exploit! I will make a thread on GBAtemp and become famous!
2. You made Thing crash? Useless! Nothing ever comes from non-programmers finding crashes! GBAfail, amirite?
Both camps here are wrong, but the truth is closer to #2.
In any event, the best thing to do if you find a crash is to contact someone with a record of exploitation and tell them about it rather than make a gbatemp thread and risk embarrassment. The hacker will give you some credit if the crash amounts to something.
Last edited by zoogie,
You know what. Given the number of people there are round here taking credit for exploits they didn't discover I'd say post away and understand that not all crashes are necessarily exploits. The potential is there for every crash though.
This isn't a viable exploit, as I cannot find a single way to use a ROP chain.
The amount of memory available is greatly limited, and I don't even know if the browser has SD card access privileges.
The amount of memory available is greatly limited, and I don't even know if the browser has SD card access privileges.
Yes memory is limited but there are still many options if you can get ROP.... I have a IS-TWL-DEBUGGER so if you need anything tested please let me know.
There is absolutely no way whatsoever to get ROP using this method.
EDIT: Holy shit! Completely ignore everything I just said! This is 100% exploitable!
I was able to send arbitrary addresses to RAM to make the top or bottom screen turn a chosen colour on crash!
Someone else needs to modify the code to send a ROP chain, I'm not an expert with this, and I'm not sure what to send to kernel.
Last edited by SimonMKWii,
Trust me, it was 100% intentional!Quoting this so people can see your edit.
Best unintentional April Fools ever
Unfortunately nobody seemed to get it...
You need to change 0x18000 RAM addresses to fill both screens with a solid colour anyway, and good luck fitting that in the 2KB html file...
All it does is crash the browser, which I can do about 100 other ways!
Looking at the script, from the outset, it would be literally impossible to send any kind of arbitrary code whatsoever to the kernel.
Similar threads
-
-
@
SylverReZ:
@AncientBoi, Yeah, believe you can do PSP games as well. But a Pi5 is much powerful in comparison.+2 -
-
@
Psionic Roshambo:
Not sure about other models of Pi4 but the Pi 4 B with 8GBs OCed to 2Ghz handles PSP really great except like 1 game I found and it is playable it just looks bad lol Motor Storm Arctic something or other. -
@
Psionic Roshambo:
Other games I can have turned up to like 2X and all kinds of enhancements, Motorstorm hmmm nope 1X and no enhancements lol
-
-
@
Psionic Roshambo:
I will admit that one does seem more interesting than the usual Ambernic ones, and I already liked those.
-
-
-
-
-
-
@
Veho:
I mean yeah sure but the specs are the same as a $50 model, it's just those pesky "quality of life" things driving up the price, like an actually working speaker, or buttons that don't melt, and stuff like that.+1 -
@
Psionic Roshambo:
I think all in my Pi 4 was well north of 200 bucks 150ish for the Pi 4 the case the fancy cooler, then like 70 for the 500GB MicroSD then like 70 for the Xbox controller. But honestly it's a nice set up I really enjoy and to me was worth every penny. (even bought more controllers for 2 or 4 player games.) hmmm have never played any 2 player games yet
-
@
Veho:
Yeah that's what I hate about the RPi, it's supposedly $30 or something but it takes an additional $200 of accessories to actually turn it into a working something.
-
-
-
@
Psionic Roshambo:
Yeah a lot of it I consider a hobby, using Batocera I am constantly adjusting the collection adding and removing stuff, scraping the artwork. Haven't even started on some music for the theme... Also way down the road I am considering attempting to do a WiiFlow knock off lol
-
-
-
@
Veho:
Hmm, with that in mind, maybe a complete out-the-box solution with all the games collected, pacthed and optimized for me would be worth $150
-
-
-
-
@
SylverReZ:
What its like to do online shopping in 1998: https://www.youtube.com/watch?v=vwag5XE8oJo
