How do I make an exploit run my own code?

jaimin1k

New Member
OP
Newbie
Joined
Jan 3, 2015
Messages
3
Trophies
0
XP
83
Country
United States
I’m not new to the homebrew scene but I’m just starting to learn more about how this exploit stuff actually works. I just recently found my 3DS in storage and got homebrew set up on it. After watching a bunch of videos of different exploits (soundhax, browserhax, pichaxx, ninjhax, etc.) I’m very interested in learning how it actually works; using a software vulnerability to execute unsigned code. I used the devkit to write a simple “hello world” program in C++ which I can execute via the homebrew launcher but I want to execute it directly via one of the existing exploits on a stock firmware. How would I go about doing this? I want to learn as much as I can about software vulnerabilities and see how far I can go with it, perhaps on a different system in the future, using the 3DS as a way to learn more. I know this stuff isn’t simple so if you guys could send me as many resources as possible that would be awesome. I hope I can give you guys back something great in the future. Thanks!

Edit: The exploit that intrigued me the most is the buffer overflow in the Nintendo DS profile settings. It honestly amazes me how tiny little errors like that on the developers end can leave wide open doors for hackers to crack the system wide open.
 

FAST6191

Techromancer
Editorial Team
Joined
Nov 21, 2005
Messages
36,795
Trophies
3
XP
28,452
Country
United Kingdom
I did cover some basics quite a few years ago now
https://gbatemp.net/threads/some-hacking-concepts-and-links.287721/

More generally then many of the devs of such exploits will hold talks (usually at the C3 conferences) as to how they did it. If you wanted to follow along, maybe adapt such things for later games/firmwares/whatever after replicating the same things, then that will probably be a start.

In addition to the above then

Not the best thing I have ever seen but might help in some ways.
 

ghjfdtg

Well-Known Member
Member
Joined
Jul 13, 2014
Messages
1,400
Trophies
2
XP
3,424
Country
Things are... complicated. To write your own code ran by the exploit you jeed to understand how it works and how the whole system works. Usually it goes like this:
First a flaw of a game is getting exploited to take control of execution. Since we can't execute our code directly (execute never or XN) we have to resort to tricks. Namely ROP or return oriented programming. From there you can abuse gspwn (GPU overwrites existing code via DMA) to actually execute own code. It's a rough overview and there are many more details to it.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    Veho @ Veho: Keep away from head when satellite feature is enabled.