Hacking [Devs] Automated crash reports for vulnerability discovery?

DrDaxxy

Member
OP
Newcomer
Joined
Jan 24, 2015
Messages
13
Trophies
0
Age
27
XP
84
Country
Gambia, The
Dunno where to put this since it's more of a general console hacking idea than anything totally 3DS-specific, and I guess the right people would better be reached on IRC instead of here, but I don't feel like going there right now so here goes:

Say we already have code execution on a normally locked-down platform, like the 3DS. And we're developing system software (like a CFW) that's destined to be used by the general public, not just privately shared among a few console hackers.

Why not put in an opt-in feature to inject exception handlers everywhere we can and automatically send crash dumps to us? Not for catching bugs in homebrew - but among the countless CFW/homebrew/etc. end users, surely some of them have gotten random crashes due to browser or savegame corruption bugs that could be exploited to gain userland code execution. And hey, we might even hit the jackpot and have someone get a kernel panic, save a dump to disk, then submit it on next boot.

Of course, on the 3DS it's not that big of a deal anymore since we have no shortage of very useful exploits, but I shouldn't have to tell you it's always good to have alternatives (or spares for when something we use right now gets patched).

Possible problems I see with this: For one, it would require a bunch of effort. There's also the same problems you get with regular error reporting: generates lots of data/traffic, and that data may contain sensitive private information. That said, we should be able to keep traffic down at least a little by shipping an updated blacklist of already investigated bugs that we don't want to get more reports of, and we should of course let users know that what kind of data these reports may contain when asking for their permission to send them.

So, can anyone tell me whether this is a terrible idea and why? ^_^
 

shinyquagsire23

SALT/Sm4sh Leak Guy
Member
Joined
Nov 18, 2012
Messages
1,970
Trophies
0
Age
25
Location
Las Vegas
XP
3,648
Country
United States
This would probably just end with a bunch of people looking for crashes and finding a bunch of useless ones. Anyone capable of finding exploitable crashes probably also is able to know if it's exploitable, and is possibly able to actually exploit it.
 
  • Like
Reactions: Sono

DrDaxxy

Member
OP
Newcomer
Joined
Jan 24, 2015
Messages
13
Trophies
0
Age
27
XP
84
Country
Gambia, The
Doesn't LUMA (Dev version) already have something like this?

Sort of. It can take crash dumps. It doesn't have functionality for automatically posting them on the Internet. The feature's intended for homebrew developers debugging their own code on their own hardware, not detecting bugs in Nintendo software or commercial games.
Of course, that's already exactly the low-level functionality one would need to implement this; the rest is fairly easy.

This would probably just end with a bunch of people looking for crashes and finding a bunch of useless ones. Anyone capable of finding exploitable crashes probably also is able to know if it's exploitable, and is possibly able to actually exploit it.

For what it's worth, my intention isn't to have users actively look for bugs, but to collect data from a massive amount of them (as with regular crash reporters included in popular software). Sure, this doesn't make examining crashes any easier, but it does show you where to look.

As per Sturgeon's law, I'd expect 90% of (raw) reports to be garbage caused by either user error, unstable hax and two dozen boring issues in the browser and some popular games. Filtering them is a challenge. In addition to the aforementioned blacklist I'd suggest ratelimiting (if one person gets 50 crashes a day, it's probably nothing interesting), ignoring what can be identified as homebrew, and ignoring (or at least flagging) patched code. Happy to hear other ideas.

That said: Let's assume we build this and a large enough number of people use it but not a single interesting crash is submitted. That could still be useful. A game with an abnormally high crash rate (in relation to global playtime - obviously you'll get more reports about Pokémon than Face Racers: Photo Finish) is probably rather poorly written and I'd suspect you'd have better than average chances of finding some silly buffer overflow in the savegame handling code.
 

NintenDavid

Well-Known Member
Member
Joined
May 25, 2016
Messages
450
Trophies
0
Age
23
Location
Soobway
XP
228
Country
United States
Sort of. It can take crash dumps. It doesn't have functionality for automatically posting them on the Internet. The feature's intended for homebrew developers debugging their own code on their own hardware, not detecting bugs in Nintendo software or commercial games.
Of course, that's already exactly the low-level functionality one would need to implement this; the rest is fairly easy.



For what it's worth, my intention isn't to have users actively look for bugs, but to collect data from a massive amount of them (as with regular crash reporters included in popular software). Sure, this doesn't make examining crashes any easier, but it does show you where to look.

As per Sturgeon's law, I'd expect 90% of (raw) reports to be garbage caused by either user error, unstable hax and two dozen boring issues in the browser and some popular games. Filtering them is a challenge. In addition to the aforementioned blacklist I'd suggest ratelimiting (if one person gets 50 crashes a day, it's probably nothing interesting), ignoring what can be identified as homebrew, and ignoring (or at least flagging) patched code. Happy to hear other ideas.

That said: Let's assume we build this and a large enough number of people use it but not a single interesting crash is submitted. That could still be useful. A game with an abnormally high crash rate (in relation to global playtime - obviously you'll get more reports about Pokémon than Face Racers: Photo Finish) is probably rather poorly written and I'd suspect you'd have better than average chances of finding some silly buffer overflow in the savegame handling code.
Now I think about this, it seems awesome, but who would we send it to?
 

DrDaxxy

Member
OP
Newcomer
Joined
Jan 24, 2015
Messages
13
Trophies
0
Age
27
XP
84
Country
Gambia, The
Someone would have to run a service (with HTTP API or whatever) for consoles to send data to. Could be me, could be a CFW author, could be someone else entirely. Or multiple people, sharing their data, so that if someone's service goes down (whether intentionally or because of technical issues) things keep working.

...I'm not sure why I ever suggested uploading full dumps, that's totally impractical. Keeping it to stack traces (and other similarly small data), this should be cheap enough to host too. Unless I seriously underestimate the amount of CFW users (who would turn this on). Or the bugginess of the average 3DS game/modded system ;)

Also mostly solves the privacy concerns. It might even be okay to publicly post the data. Admittedly that would also allow Nintendo to access it; then again, they could just build error reporting into the firmware and get reports from most if not all consoles on their own.
 
Last edited by DrDaxxy,

You may also like...

General chit-chat
Help Users
  • ZeroT21 @ ZeroT21:
    while i simply make stinkbombs with pingpong balls
  • ZeroT21 @ ZeroT21:
    cops got called while suspecting arson ,c'mon

    :rofl:
  • K3N1 @ K3N1:
    I stole their bag of Halloween candy last year and the parents said stop being a little bitch and go get it
    +1
  • ZeroT21 @ ZeroT21:
    is it still trick and treat? or steal and cheat?
  • K3N1 @ K3N1:
    I think it's like trick or get kidnapped these days
  • M4x1mumReZ @ M4x1mumReZ:
    Stealing is treating
  • ZeroT21 @ ZeroT21:
    honestly, i find lots of kids nowadays like devils that need to be locked up forever
    +1
  • M4x1mumReZ @ M4x1mumReZ:
    Blame the kind of music that's affecting them
  • K3N1 @ K3N1:
    Issue is we got beat as kids now days it's prison if you flick their head
  • ZeroT21 @ ZeroT21:
    and here i thought they were lacking brain supplements
  • ZeroT21 @ ZeroT21:
    no sheet
  • ZeroT21 @ ZeroT21:
    seeing brats simply calling the cops on the parents just cus they dont wanna do homework or take a friggin bath tsk
  • K3N1 @ K3N1:
    You can't blame technology or what they do it's how they're raised
  • ZeroT21 @ ZeroT21:
    having ''smart tech'' dont always make someone smarter
  • ZeroT21 @ ZeroT21:
    you can blame alexa for teaching weird shit
  • K3N1 @ K3N1:
    Kids are smart or they would get away with what they do
  • ZeroT21 @ ZeroT21:
    we're all taught in school to cheat
  • ZeroT21 @ ZeroT21:
    cheat while not getting caught is not a crime
  • K3N1 @ K3N1:
    If a kid doesn't have the right sponge to learn from then that's what they imitate
  • ZeroT21 @ ZeroT21:
    sounds like my old man who had like 10 flings he brought home and demanding i call them mum the following day
  • ZeroT21 @ ZeroT21:
    is that the current free game?
  • K3N1 @ K3N1:
    Ye
    K3N1 @ K3N1: https://youtube.com/shorts/STu5S3NWaYo?feature=share