Hacking Mail box bomb

obcd · Aug 9, 2011

Now the question is... When will big N make the next move? Assuming they will continue the game...

I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...

DeadlyFoez · Aug 9, 2011

obcd said:
I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...

I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.

JoostinOnline · Aug 9, 2011

obcd said:
I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...

Give me a minute and I'll PM you instructions.

hanibel · Aug 9, 2011

DeadlyFoez said:
obcd said:

I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.

This is simple. 4 lines of code should do the trick:

CODE

Click to expand...

int main() {
IOS_ReloadIOS(254);
return(0);
}

IOS254 is the bootmii IOS. Replacing the bootmii binary on the sd card with the uneek binaries results in uneek being launched directly.

XFlak · Aug 9, 2011

They meant if there is a way to launch s/uneek on a virgin wii without installing anything onto the Wii, including bootmii @ IOS254

obcd · Aug 9, 2011

I obvious wasn't clear enough about that part. Sorry folks.
It should indeed work without the install of an ios.
I need to find a way to embed and execute armcode in a ppc elf file.
I can't think of anything that comes into the neiborhood of such functionallity.

Lothlorian · Aug 9, 2011

Looks like TT has released or is getting ready to release a similar exploit based on the same Idea. A Mail Exploit. Says they could not wait for Pune to release it so they reversed engineered it based on what they saw on Youtube... or something like that.

Brand new blog post on hackmii site

tueidj · Aug 9, 2011

JoostinOnline said:
Lol, you know they are just going to move onto something else to complain about.

Dead right, I'd like to complain about this exploit. How dare I have the balls to do exactly what I said would happen.

Arm the Homeless · Aug 9, 2011

hanibel said:
DeadlyFoez said:

obcd said:

I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.

This is simple. 4 lines of code should do the trick:

CODE

Click to expand...

int main() {
IOS_ReloadIOS(254);
return(0);
}

Click to expand...

IOS254 is the bootmii IOS. Replacing the bootmii binary on the sd card with the uneek binaries results in uneek being launched directly.

You can download that already built here: https://github.com/Vithon/bootios/downloads
It's been there for over 2 years (first commit: May 16, 2009). xD

I'm not gonna try and bullshit anyone by saying I made some grand project though. It's even under the WTFPL...

DeadlyFoez · Aug 9, 2011

hanibel said:
DeadlyFoez said:

obcd said:

I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.

This is simple. 4 lines of code should do the trick:

Code:

int main() { IOS_ReloadIOS(254); return(0); }

Click to expand...

Click to expand...

DeadlyFoez said:

obcd said:

IOS254 is the bootmii IOS. Replacing the bootmii binary on the sd card with the uneek binaries results in uneek being launched directly.

Click to expand...

QUOTE(XFlak @ Aug 9 2011, 04:51 PM)

Click to expand...

They meant if there is a way to launch s/uneek on a virgin wii without installing anything onto the Wii, including bootmii @ IOS254

^^Exactly. This is what would be freaking sweet. To be able to go to a friends house and just bring your hard drive and sd card and play your games and your own save games on their wii without having anything that will show that the warranty has been voided by use of unauthorized software because their will be no traces left behind as evidence on the nand of use of said unauthorized software. So basically you in the end feel safe that you did nothing wrong to your friends wii.

hanibel · Aug 9, 2011

tueidj said:
JoostinOnline said:

Lol, you know they are just going to move onto something else to complain about.

Click to expand...

Dead right, I'd like to complain about this exploit. How dare I have the balls to do exactly what I said would happen.

According to this you are the one who did the exploiting part. Kudos to you if this is true.

retKHAAAN · Aug 9, 2011

hanibel said:
tueidj said:

JoostinOnline said:

Lol, you know they are just going to move onto something else to complain about.

Click to expand...

Dead right, I'd like to complain about this exploit. How dare I have the balls to do exactly what I said would happen.

Click to expand...

According to this you are the one who did the exploiting part. Kudos to you if this is true.

Yup. That looks like it's exactly what happened.

i can't be bothered to download it since I don't even have a Wii...but I'm assuming that the readmii states something along the lines of...

"Brought to you by Team Twiizers, Giantpune, and tueidj...
Special thanks to Giantpune for finding an exploit and sharing with us where to look"

tueidj · Aug 9, 2011

Except he didn't do any of that, he just posted a youtube video.

retKHAAAN · Aug 9, 2011

so what is Blasty talking about then?

Bladexdsl · Aug 9, 2011

there's 2 threads about this now

tueidj · Aug 9, 2011

Old8oy said:
so what is Blasty talking about then?

When he says "reverse engineering"? He's talking about the file formats and the system menu's code.

retKHAAAN · Aug 9, 2011

QUOTE said:
blasty // Aug 9, 2011 at 1:36 pm

@0ld8oy/bushing: giantpune _did_ mention a overflow in the message body. I simply started working out the fileformat, encryption, signature, etc. (creating some useful utilities along the road, heh) in order to play with the data in these files. One thing led to another and tueidj managed to forge a crash and eventually exploit it.

tueidj · Aug 9, 2011

Wherever he mentioned it, it didn't reach my ears.

hanibel · Aug 9, 2011

At least this is proof that he didn't just post a youtube video, but talked about how the exploits works (more or less).

tueidj · Aug 9, 2011

ohnoes, you found the sekrit log where he gave all the technical details away!

Seriously, that's like me saying an exploit works by overwriting some data in memory. Of course it does, but that won't help you recreate it.

Hacking Mail box bomb

Well-Known Member

XFlak Fanboy

Certified Crash Test Dummy

Banned!

Wiitired but still kicking

Well-Known Member

Well-Known Member

I R Expert

Custom Title

XFlak Fanboy

Banned!

Well-Known Member

I R Expert

Well-Known Member

Master PieRat

I R Expert

Well-Known Member

I R Expert

Banned!

I R Expert

Similar threads

Popular threads in this forum