Hacking Could this be exploitable?

CosmoCortney

CosmoCortney

Lawn Meower
OP
Member
Level 12
Joined
Apr 18, 2013
Messages
1,769
Trophies
2
Location
on the cool side of the pillow
Website
follow-the-white-rabbit.wtf
XP
3,024
Country
Germany
Hi,
I've found a way to turn off the music/make the game unable to load the music. I simply inserted an SD card into a card reader and plugged in the card reader into my Wii U. Then I moved a game to the SD card and started it. While being in a stage i removed the SD card to have a look what will happen. Surprisingly the game was running quite well. But very soon the music turned off (no more data in the buffer/cache). Funny but nothing meaningful.
But as I cleared the stage the game pseudo-freezed. As soon as I reinserted the SD card the game continued running. I can also insert another SD card to make the console loading foreign data (I could see this because the card reader's LED was blinking). But it logically crashed the system.
My idea was to use this to read/run any unsigned code.. Unfortunately I don't have enough hacking experience to guess if this could be exploitable or not.
Well, if not, then please never mind.

here's a video where the game pseudo-freezes unles I reinsert the SD card (go to 07:01)
 
  • Like
Reactions: DinohScene
yusuo

yusuo

Well-Known Member
Member
Level 16
Joined
Oct 19, 2006
Messages
3,504
Trophies
2
Age
38
XP
6,175
Country
United Kingdom
I'll come out and say that im also no expert but i don't think this will result in much purely for the fact that I used to do this with the wii as well as the ps2 and the flashing light only means its trying to read the next logical part of the data, regardless of whether it exists or not.

I could be wrong however and I kinda hope I am.

Thanks for contributing though, all it takes it one little crash to swing those doors wide open
 
  • Like
Reactions: CheatFreak47 and CosmoCortney
BvanBart

BvanBart

Gaming addict #2 and some
Member
Level 8
Joined
Apr 16, 2007
Messages
1,315
Trophies
1
Age
36
Location
Bikini Bottom
XP
1,466
Country
Netherlands
Funny that it restarted the game when you reinserted the game SD.
Made you wonder if you would edit some files and reinsert the game what would happen :P
 
F

FPSRussi4

Well-Known Member
Member
Level 5
Joined
Dec 1, 2013
Messages
671
Trophies
0
XP
609
Country
Laos
That sounds a lot like taking the disc out of a PS2 Slim while it's running. Then again, that led to the game swap trick, so it does have potential. I agree with yusuo, it sounds like it was just reading the next logical part of the data, but again, the PS2 laser worked in the same way, and we got an exploit out of it. So I hope to see something out of this. Are you on 5.1.2?
 
D

duffmmann

Well-Known Member
Member
Level 10
Joined
Mar 11, 2009
Messages
3,966
Trophies
2
XP
2,306
Country
United States
B4rtj4h said:
Funny that it restarted the game when you reinserted the game SD.
Made you wonder if you would edit some files and reinsert the game what would happen :P
Click to expand...


This kinda makes me think of the original Twilight Hack. In a game where you save your character's name, perhaps you give it a normal name, take out the sd card, take another SD card with the same game on it, but with the save data hacked to have a much too long name for the game to handle and forcing a code dump when you talk to someone that says your name.

I dunno, I'm not well versed in this stuff, but it seems like if this really works, then maybe that could do it.
 
F

FPSRussi4

Well-Known Member
Member
Level 5
Joined
Dec 1, 2013
Messages
671
Trophies
0
XP
609
Country
Laos
duffmmann said:
This kinda makes me think of the original Twilight Hack. In a game where you save your character's name, perhaps you give it a normal name, take out the sd card, take another SD card with the same game on it, but with the save data hacked to have a much too long name for the game to handle and forcing a code dump when you talk to someone that says your name.

I dunno, I'm not well versed in this stuff, but it seems like if this really works, then maybe that could do it.
Click to expand...
How so? All you did was copy over a save from the SDto SysMenu,and it worked by causing a buffer overflow, that was correct. Seeing as they had the game on the SD, and took it out and tried to replace it with another SD card, it's a lot more like disc swapping. If you took out the SD with the game and inserted in the same game that has modified code without the system recognizing it, this could work.
 
WulfyStylez

WulfyStylez

SALT/Bemani Princess
Member
Level 12
Joined
Nov 3, 2013
Messages
1,149
Trophies
0
XP
2,877
Country
United States
USB storage would need to be exploited before this would be useful. Also, since we're still able to use webkit exploits, there's no real reason to develop an exploit that would take much more time to develop and affect much fewer people.
 
D

duffmmann

Well-Known Member
Member
Level 10
Joined
Mar 11, 2009
Messages
3,966
Trophies
2
XP
2,306
Country
United States
Fpsrussia117 said:
How so? All you did was copy over a save from the SDto SysMenu,and it worked by causing a buffer overflow, that was correct. Seeing as they had the game on the SD, and took it out and tried to replace it with another SD card, it's a lot more like disc swapping. If you took out the SD with the game and inserted in the same game that has modified code without the system recognizing it, this could work.
Click to expand...


I just meant it could be similar in how you could use it to exploit it. In the Twilight Hack, epona's name had been changed to bee too long, perhaps a similar method could be used here. I'm well aware that the method of making such an exploit happen would differ, but the way in game it causes a buffer overflow could be similar, that's all.
 
  • Like
Reactions: Fpsrussia117
F

FPSRussi4

Well-Known Member
Member
Level 5
Joined
Dec 1, 2013
Messages
671
Trophies
0
XP
609
Country
Laos
duffmmann said:
I just meant it could be similar in how you could use it to exploit it. In the Twilight Hack, epona's name had been changed to bee too long, perhaps a similar method could be used here. I'm well aware that the method of making such an exploit happen would differ, but the way in game it causes a buffer overflow could be similar, that's all.
Click to expand...

That's fair, I agree. I wonder what game it was.
 
CosmoCortney

CosmoCortney

Lawn Meower
OP
Member
Level 12
Joined
Apr 18, 2013
Messages
1,769
Trophies
2
Location
on the cool side of the pillow
Website
follow-the-white-rabbit.wtf
XP
3,024
Country
Germany
I have found something new. I swapped the SD card while being in the menu. But the icons from the games stored in the previous SD card were still being displayed. So I told the console to launch one of those games. Then the console tried to install an update (what failed because my Wii U isn't online), I have no idea why. Then, if I go to the Memory and USB storage manager the console partly crashes. There was an error message being displayed. I could still use the scrollbar bar even the rest of the system crashed.
So... this way allows us to insert an unformatted SD card without the Wii U asking to format it. In the USB storage manager it also tries to read data from it.
 
  • Like
Reactions: supermalloch, Ray Lewis, Kargaroc and 3 others

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  SDUSB - The modern way to play Wii U games from SD - at full speed

Unable to dump OTP.bin

Very annoying that Nintendo never fixed this bug

Hacking Homebrew Tutorial  How to get Nintendo TVii icon back without downgrading + extras

Hacking Emulation Homebrew  Could you explain to me why there are no standalone emulators on Wiiu using aroma?

Wii U (bricked) Mii Maker

A Tale of Two vWii Systems

De_Fuse: Unable to Dump OTP.bin: Firmware Mismatch

General chit-chat
Help Users
  • K3Nv2 @ K3Nv2:
    Too bad Hitler didn't make camps for immigrants oh wait
  • Psionic Roshambo @ Psionic Roshambo:
    Isn't the latest method for slim like self right?
  • Psionic Roshambo @ Psionic Roshambo:
    Rgh
  • Psionic Roshambo @ Psionic Roshambo:
    Like a 1 wire mod?
  • K3Nv2 @ K3Nv2:
    Still two wire with resistor if you don't count the 7 wire pc probes cause hardware likes a good probing
     +1
  • BigOnYa @ BigOnYa:
    2 wires left on motherboard, 7 temp soldered to a flasher, then removed after flashed
  • K3Nv2 @ K3Nv2:
    Technically don't even have to remove it could just keep it on
     +1
  • K3Nv2 @ K3Nv2:
    I don't really mess with hard mods due to neuro issues
  • BigOnYa @ BigOnYa:
  • realtimesave @ realtimesave:
    I tried to get a slim on a black friday once, but they ran out of stock for the $100 one
  • realtimesave @ realtimesave:
    many ages ago
  • BigOnYa @ BigOnYa:
    You can find them $50-75 nowdays if catch a deal
  • K3Nv2 @ K3Nv2:
    Still remember grabbing this ps4 slim on black Friday for $200 when the msrp was still around 300
     +1
  • BigOnYa @ BigOnYa:
    I went to auction at a mom/pops video game store few months ago that was closing, and bought 11 slims for $200, 1 was DOA but 10 work fine. so hella deal. Already rgh3'ed 8 of them. But most younger kids don't even want anymore, unless it plays stupid "fortnight", or newer shit.
  • K3Nv2 @ K3Nv2:
    Think I'm gonna use my giftcard balance on a nice pair of headphones but $100 is still limited
  • K3Nv2 @ K3Nv2:
    Soundcore q30s are nice but they leak so much sound it sounds like speakers
  • Psionic Roshambo @ Psionic Roshambo:
    Ken spend the 100 on a gun and skii mask, wait for a jogger at the park jewelry money and headphones!
     +1
  • K3Nv2 @ K3Nv2:
    If only Amazon sold guns
  • K3Nv2 @ K3Nv2:
    Fucking dick heads think it's a bad idea to get a gun 2 days later
  • BigOnYa @ BigOnYa:
    Wait, I thought you were the dickhe...nvm
  • K3Nv2 @ K3Nv2:
    I got balls on my chin and two dicks on my forehead sir
     +1
  • BigOnYa @ BigOnYa:
    Sorry, no offense there double dickhead chinballs.
  • K3Nv2 @ K3Nv2:
    Chicks still love it
     +1
  • BigOnYa @ BigOnYa:
    "Mommy, look, what is that?". "That's your soon to be daddy."
  • K3Nv2 @ K3Nv2:
    That you'll only see once
     +1
    K3Nv2 @ K3Nv2: That you'll only see once +1