Toggle sidebar

Hacking Could this be exploitable?

  • Thread starter Thread starter LawnMeower
  • Start date Start date
  • Views Views 3,669
  • Replies Replies 19
  • Likes Likes 1
LawnMeower

LawnMeower

Well-Known Member
Member
Level 12
Joined
Apr 18, 2013
Messages
1,787
Reaction score
1,763
Trophies
2
Location
on the cool side of the pillow
Website
lawnmeower.de
XP
3,268
Country
Germany
Hi,
I've found a way to turn off the music/make the game unable to load the music. I simply inserted an SD card into a card reader and plugged in the card reader into my Wii U. Then I moved a game to the SD card and started it. While being in a stage i removed the SD card to have a look what will happen. Surprisingly the game was running quite well. But very soon the music turned off (no more data in the buffer/cache). Funny but nothing meaningful.
But as I cleared the stage the game pseudo-freezed. As soon as I reinserted the SD card the game continued running. I can also insert another SD card to make the console loading foreign data (I could see this because the card reader's LED was blinking). But it logically crashed the system.
My idea was to use this to read/run any unsigned code.. Unfortunately I don't have enough hacking experience to guess if this could be exploitable or not.
Well, if not, then please never mind.

here's a video where the game pseudo-freezes unles I reinsert the SD card (go to 07:01)
 
  • Like
Reactions: DinohScene
I'll come out and say that im also no expert but i don't think this will result in much purely for the fact that I used to do this with the wii as well as the ps2 and the flashing light only means its trying to read the next logical part of the data, regardless of whether it exists or not.

I could be wrong however and I kinda hope I am.

Thanks for contributing though, all it takes it one little crash to swing those doors wide open
 
  • Like
Reactions: CheatFreak47 and LawnMeower
Funny that it restarted the game when you reinserted the game SD.
Made you wonder if you would edit some files and reinsert the game what would happen :P
 
That sounds a lot like taking the disc out of a PS2 Slim while it's running. Then again, that led to the game swap trick, so it does have potential. I agree with yusuo, it sounds like it was just reading the next logical part of the data, but again, the PS2 laser worked in the same way, and we got an exploit out of it. So I hope to see something out of this. Are you on 5.1.2?
 
Fpsrussia117 said:
Well there's already an exploit for that firmware, if someone could replicate this using current firmware that would be good.
Click to expand...


yes, i had the same thought. but i am afraid i'd miss anything useful if i update to the latest fw :(
 
  • Like
Reactions: Fpsrussia117
B4rtj4h said:
Funny that it restarted the game when you reinserted the game SD.
Made you wonder if you would edit some files and reinsert the game what would happen :P
Click to expand...


This kinda makes me think of the original Twilight Hack. In a game where you save your character's name, perhaps you give it a normal name, take out the sd card, take another SD card with the same game on it, but with the save data hacked to have a much too long name for the game to handle and forcing a code dump when you talk to someone that says your name.

I dunno, I'm not well versed in this stuff, but it seems like if this really works, then maybe that could do it.
 
Kippykip said:
Wasn't the web browser the only way for kernel control or something?
Click to expand...
You're thinking of that whole discussion on NX (No Execute), but that's only for the current exploit method (running code in memory), there are definitely other ways to do it.
 
  • Like
Reactions: Fpsrussia117 and Kippykip
duffmmann said:
This kinda makes me think of the original Twilight Hack. In a game where you save your character's name, perhaps you give it a normal name, take out the sd card, take another SD card with the same game on it, but with the save data hacked to have a much too long name for the game to handle and forcing a code dump when you talk to someone that says your name.

I dunno, I'm not well versed in this stuff, but it seems like if this really works, then maybe that could do it.
Click to expand...
How so? All you did was copy over a save from the SDto SysMenu,and it worked by causing a buffer overflow, that was correct. Seeing as they had the game on the SD, and took it out and tried to replace it with another SD card, it's a lot more like disc swapping. If you took out the SD with the game and inserted in the same game that has modified code without the system recognizing it, this could work.
 
USB storage would need to be exploited before this would be useful. Also, since we're still able to use webkit exploits, there's no real reason to develop an exploit that would take much more time to develop and affect much fewer people.
 
WulfyStylez said:
USB storage would need to be exploited before this would be useful. Also, since we're still able to use webkit exploits, there's no real reason to develop an exploit that would take much more time to develop and affect much fewer people.
Click to expand...

/thread
 
Fpsrussia117 said:
How so? All you did was copy over a save from the SDto SysMenu,and it worked by causing a buffer overflow, that was correct. Seeing as they had the game on the SD, and took it out and tried to replace it with another SD card, it's a lot more like disc swapping. If you took out the SD with the game and inserted in the same game that has modified code without the system recognizing it, this could work.
Click to expand...


I just meant it could be similar in how you could use it to exploit it. In the Twilight Hack, epona's name had been changed to bee too long, perhaps a similar method could be used here. I'm well aware that the method of making such an exploit happen would differ, but the way in game it causes a buffer overflow could be similar, that's all.
 
  • Like
Reactions: Fpsrussia117
duffmmann said:
I just meant it could be similar in how you could use it to exploit it. In the Twilight Hack, epona's name had been changed to bee too long, perhaps a similar method could be used here. I'm well aware that the method of making such an exploit happen would differ, but the way in game it causes a buffer overflow could be similar, that's all.
Click to expand...

That's fair, I agree. I wonder what game it was.
 
I have found something new. I swapped the SD card while being in the menu. But the icons from the games stored in the previous SD card were still being displayed. So I told the console to launch one of those games. Then the console tried to install an update (what failed because my Wii U isn't online), I have no idea why. Then, if I go to the Memory and USB storage manager the console partly crashes. There was an error message being displayed. I could still use the scrollbar bar even the rest of the system crashed.
So... this way allows us to insert an unformatted SD card without the Wii U asking to format it. In the USB storage manager it also tries to read data from it.
 
  • Like
Reactions: supermalloch, Ray Lewis, Kargaroc and 3 others

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew Project  Modernized YouTube for Wii U

[discussion] what game do you wanna see next?

Wii Games Performance on Wii U (vWii C2W Overclock) – Community Testing & Results Sharing

[discussion] Paper Mario Wii U or Mario Kart 64 wii u?

Homebrew Misc  Wii U Homebrew — accessing certain apps causes 160-0103 error, uncertain if Homebrew attempt is responsible

[PRERELEASE] Sonic 3 A.I.R. (finally) Wii U

Can the Wii u pro controller works for Wii games ?

Sonic Advance 2 Wii U (another release, this time it's playable)