[Idea/Question] Possibility of using Mii Amiibos to launch payload.

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by NitroCipher, May 26, 2017.

  1. NitroCipher
    OP

    NitroCipher GBAtemp Regular

    Member
    2
    Jan 24, 2016
    United States
    I was creating a Mii on my Switch today, and I noticed that you can copy a Mii over from an Amiibo.

    Could you create a fake Mii Amiibo (using a nfc tag), that overflows executing a payload? I am not quite sure if this would work at all, or if it is even slightly feasible. I am a novice to the whole console hacking scene, so sorry if this isn't useful.
     
  2. SANIC

    SANIC GBATemp's Sonic Fan in Residence, 後

    Member
    4
    Jan 13, 2017
    United States
    Last Seen: Green Hill
    Except that no payloads exist
     
    :-infern:, ogioto and badpix11 like this.
  3. Somebody Whoisbored

    Somebody Whoisbored it's all okeydokey

    Member
    2
    May 12, 2016
    United States
    hypeland
    Well no shit. He is asking if it's possible to make one.
     
  4. itsjch

    itsjch GBAtemp Regular

    Member
    2
    Feb 22, 2016
    Australia
    Sydney
    Maybe like if someone made one and injected via blank NFC or amiiqo that would be great but lets keep dreaming.
     
  5. badpix11

    badpix11 Member

    Newcomer
    1
    Mar 14, 2017
    Serbia, Republic of
    Fairy World
    The Amiibo structure has a fix size/length, so beside no payload exists there is no overflow either.

    For more information about the structure:
    https://3dbrew.org/wiki/Amiibo
     
    Alkéryn likes this.
  6. Seelbreaker

    Seelbreaker GBAtemp Regular

    Member
    3
    Mar 22, 2010
    Gambia, The

    sooo...
    as long as the size/lenght are somehow get spoofed you could try to load code trough Games which reads Amiibo-Data like Breath of the Wild - IF Games like Breath of the Wild even allow running Code from that amiibos?
     
  7. TiMeBoMb4u2

    TiMeBoMb4u2 GBAtemp Advanced Maniac

    Member
    6
    Oct 25, 2008
    United States
    Hyrule
    Well... At the moment, the only amiibo I'm thinking this may be a possibility with is Wolf Link, in Breath of the Wild. Since the game reads in the Heart Container data from the amiibo, and not just the amiibo ID, someone might be able to reverse-engineer how this Heart Container data is handled in memory. I say this very loosely, since I can't recall hearing of any amiibo attack vectors in the past (I'd like someone to correct me on this, though).
     
  8. urherenow

    urherenow GBAtemp Psycho!

    Member
    8
    Mar 8, 2009
    United States
    Japan
    504 bytes. Not kilobytes. BYTES.

    Not no, but hell no.
     
  9. migles

    migles All my gbatemp friends are now mods, except for me

    Member
    13
    GBAtemp Patron
    migles is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Sep 19, 2013
    China
    Earth-chan
    INb4, hey newbie here!!! couldn't couldn't just just....
    couldn't you just stick 2 amibbo fake cards taped togheter to create extra memory so could overflow????
     
    Jacklack3 likes this.
  10. Seelbreaker

    Seelbreaker GBAtemp Regular

    Member
    3
    Mar 22, 2010
    Gambia, The
    And this part seems to be bugged afair?

    i played TP but never got all heart pieces there and tried the dark cave of shadows with... i dunno 10? Hearts and didn't even finished and my Wolf Link in BotW has 20 Heart Pieces...
     
  11. DeadlyFoez

    DeadlyFoez GBAtemp Guru

    Member
    10
    Apr 12, 2009
    United States
    Even better, if you tape a 3.5" floppy disk to it then you will get even more data through.
     
    :-infern: and TheDarkGreninja like this.
  12. TheDarkGreninja

    TheDarkGreninja Toying with my mind

    Member
    7
    Aug 25, 2014
    United Kingdom
    On his bed
    Yeah, 504 bytes is just a great size for a payload, yep /s
     
  13. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy

    Member
    12
    Nov 18, 2012
    United States
    Las Vegas
    Even if there were an overflow, ASLR makes this kind of overflow not viable because you'd need an address leak (ie data coming out and incorrectly) for it to possibly work. Generally only doable using something like JavaScript where it can leak addresses and craft ROP on the console itself based on the leaks.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice