Hacking Mail box bomb

obcd

Well-Known Member
Member
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
Now the question is... When will big N make the next move? Assuming they will continue the game...

I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
 

DeadlyFoez

XFlak Fanboy
Banned
Joined
Apr 12, 2009
Messages
5,920
Trophies
0
Website
DeadlyFoez.zzl.org
XP
2,873
Country
United States
obcd said:
I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.
 

hanibel

Banned!
Banned
Joined
Aug 9, 2011
Messages
29
Trophies
0
Website
Visit site
XP
-9
Country
Argentina
DeadlyFoez said:
obcd said:
I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.

This is simple. 4 lines of code should do the trick:

CODE
int main() {
IOS_ReloadIOS(254);
return(0);
}

IOS254 is the bootmii IOS. Replacing the bootmii binary on the sd card with the uneek binaries results in uneek being launched directly.
 

obcd

Well-Known Member
Member
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
I obvious wasn't clear enough about that part. Sorry folks.
It should indeed work without the install of an ios.
I need to find a way to embed and execute armcode in a ppc elf file.
I can't think of anything that comes into the neiborhood of such functionallity.
 

Lothlorian

Well-Known Member
Member
Joined
Jul 9, 2009
Messages
207
Trophies
0
Location
Berdoo
XP
46
Country
United States
Looks like TT has released or is getting ready to release a similar exploit based on the same Idea. A Mail Exploit. Says they could not wait for Pune to release it so they reversed engineered it based on what they saw on Youtube... or something like that.

Brand new blog post on hackmii site
 

Arm the Homeless

Custom Title
Member
Joined
May 26, 2008
Messages
1,762
Trophies
0
Location
/home/andy/
Website
Visit site
XP
125
Country
United States
hanibel said:
DeadlyFoez said:
obcd said:
I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.

This is simple. 4 lines of code should do the trick:

CODE
int main() {
IOS_ReloadIOS(254);
return(0);
}

IOS254 is the bootmii IOS. Replacing the bootmii binary on the sd card with the uneek binaries results in uneek being launched directly.
You can download that already built here: https://github.com/Vithon/bootios/downloads
It's been there for over 2 years (first commit: May 16, 2009). xD

I'm not gonna try and bullshit anyone by saying I made some grand project though. It's even under the WTFPL...
 

DeadlyFoez

XFlak Fanboy
Banned
Joined
Apr 12, 2009
Messages
5,920
Trophies
0
Website
DeadlyFoez.zzl.org
XP
2,873
Country
United States
hanibel said:
DeadlyFoez said:
obcd said:
I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.

This is simple. 4 lines of code should do the trick:

Code:
int main() {
IOS_ReloadIOS(254);
return(0);
}
DeadlyFoez said:
obcd said:
IOS254 is the bootmii IOS. Replacing the bootmii binary on the sd card with the uneek binaries results in uneek being launched directly.


QUOTE(XFlak @ Aug 9 2011, 04:51 PM)
They meant if there is a way to launch s/uneek on a virgin wii without installing anything onto the Wii, including bootmii @ IOS254
^^Exactly. This is what would be freaking sweet. To be able to go to a friends house and just bring your hard drive and sd card and play your games and your own save games on their wii without having anything that will show that the warranty has been voided by use of unauthorized software because their will be no traces left behind as evidence on the nand of use of said unauthorized software. So basically you in the end feel safe that you did nothing wrong to your friends wii.
 

wrettcaughn

Well-Known Member
Member
Joined
Mar 14, 2009
Messages
3,819
Trophies
0
XP
1,492
Country
United States
hanibel said:
tueidj said:
JoostinOnline said:
Lol, you know they are just going to move onto something else to complain about.
Dead right, I'd like to complain about this exploit. How dare I have the balls to do exactly what I said would happen.
According to this you are the one who did the exploiting part. Kudos to you if this is true.

Yup. That looks like it's exactly what happened.

i can't be bothered to download it since I don't even have a Wii...but I'm assuming that the readmii states something along the lines of...

"Brought to you by Team Twiizers, Giantpune, and tueidj...
Special thanks to Giantpune for finding an exploit and sharing with us where to look"
 

Bladexdsl

My posts...it's over 9000!!!
Member
Joined
Nov 17, 2008
Messages
19,778
Trophies
1
Location
Queensland
XP
9,175
Country
Australia
there's 2 threads about this now
smileipb2.png
 

wrettcaughn

Well-Known Member
Member
Joined
Mar 14, 2009
Messages
3,819
Trophies
0
XP
1,492
Country
United States
QUOTE said:
blasty // Aug 9, 2011 at 1:36 pm

@0ld8oy/bushing: giantpune _did_ mention a overflow in the message body. I simply started working out the fileformat, encryption, signature, etc. (creating some useful utilities along the road, heh) in order to play with the data in these files. One thing led to another and tueidj managed to forge a crash and eventually exploit it.
 

tueidj

I R Expert
Member
Joined
Jan 8, 2009
Messages
2,569
Trophies
0
Website
Visit site
XP
999
Country
ohnoes, you found the sekrit log where he gave all the technical details away!

Seriously, that's like me saying an exploit works by overwriting some data in memory. Of course it does, but that won't help you recreate it.
 
General chit-chat
Help Users
    KennieDaMeanie @ KennieDaMeanie: Okay *gets machete*