Homebrew How does one go about making an exploit?

[trashfloozy]

Just curious. I read that the game needs to crash, but Doodlebomb didn't, and that's an exploit. Also, what exactly would I need to do? I randomized a backup of my Pokemon Moon save and it gave a "save data corrupted" message.

Thanks in advance

 

[PrincessLillie]

Just curious. I read that the game needs to crash, but Doodlebomb didn't, and that's an exploit. Also, what exactly would I need to do? I randomized a backup of my Pokemon Moon save and it gave a "save data corrupted" message.

Thanks in advance

Well, first you need to spot a part of a game/app that is so poorly coded that it can be exploited to load custom code. Then, hope to god that the developer doesn't patch it. The game/app rarely doesn't need to crash, but in most cases, it does.

 

[Lariatoooooooooooooooo]

Short answer: No

Long answer: You can't so don't worry about it

 

[PrincessLillie]

To be honest, I would rather look on Smealum's website than code my own exploit. If you're going to make one, good luck.

 

[Deleted User]

Just curious. I read that the game needs to crash, but Doodlebomb didn't, and that's an exploit. Also, what exactly would I need to do? I randomized a backup of my Pokemon Moon save and it gave a "save data corrupted" message.

Thanks in advance

Step 1: Know what you're doing. Personally, I don't know a whole lot about exploit creation, but you should research first.
Step 2: For the love of God, please make sure you have looked deep into the process before posting "My save crashes! I found an exploit"

I know this isn't very helpful, but just make sure you know what you are doing before you even do it.

 

[Dionicio3]

To find an exploit, you need to know how each bit of the 3DS's software and hardware works, so you better get to 3dbrew and get researching

 

[Zidapi]

Learn a basic programming language
+ learn a more advanced one (or two)
+ learn how to reverse engineer
+ study 3dsbrew
+ study write ups of previous exploits
+ a few years of real world experience
---------------
= Exploit Wizard

When you've completed every one of these steps come back and help us with Switch exploits.

 

[elhobbs]

I think this is one of those cases where:
If you asked the question then you already failed.

Primarily you are trying to use something in an undocumented/unintended way. There is no documentation for something like this. You need to be extremely knowledgeable about how processors/hardware/software function.

 

[trashfloozy]

I think this is one of those cases where:
If you asked the question then you already failed.

Primarily you are trying to use something in an undocumented/unintended way. There is no documentation for something like this. You need to be extremely knowledgeable about how processors/hardware/software function.

I haven't tried, I was just curious as to how everyone does it.

 

[Coto]

search around the term "return oriented programming". Depending on your desire to learn, it will give you a bottom up (reverse order) of learning from machine to high level development.

edit: and that's because exploits attack compiled code that only a machine (or gifted minds) understand. Games have compiled code embedded (so called rom images when mapped directly), or iso format (through a filesystem layer, or whatever)

 

[MRJPGames]

You won't be able to just do it easily. You will have to invest a huge amount of time before you can write you're first exploit.

If you're just interested in how 3DS exploits work you can watch the CCC talks on 3DS hacking.

As for crashes and exploits, no that's not how it works. A crash only very rarely means that it can be exploited. However basically a things that can be exploited if done incorrectly in any way will crash. Doodlebomb would crash if certain parts were even a bit off.
This is because what an exploit in this case essentially means is getting your code to run on the device. This is done by abusing a fault in the code that allows you to redirect the execution of code to your code instead of the game's/apps code. Now if you redirect it to anything else, this is most likely "garbage" and if read as code does some nonsense which will end up crashing the system. This is also where the myth that a crash=exploit comes from I think.

 

[jockep]

If you're interessted Soundhax is based on a heap overflow. You can read some about it here:

https://en.m.wikipedia.org/wiki/Buffer_overflow

 

[dubbz82]

If you're willing to sink a few years into learning, it might be possible, that being said being that you've had to ask about this, you're already behind the curve so to speak. As was mentioned by others, there's a crazy learning curve, which is why only a handful of people out there release exploits. Quite bluntly, it's not something most people will ever be capable of figuring out.

 

[Zidapi]

I haven't tried, I was just curious as to how everyone does it.

This is definitely one of those "if you have to ask, you probably don't have the capability to do it" situations, I fall into this category myself.