Hacking Mail box bomb

O

obcd

Well-Known Member
Member
Level 4
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
Now the question is... When will big N make the next move? Assuming they will continue the game...

I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
 
DeadlyFoez

DeadlyFoez

XFlak Fanboy
Banned
Level 12
Joined
Apr 12, 2009
Messages
5,920
Trophies
0
Website
DeadlyFoez.zzl.org
XP
2,875
Country
United States
obcd said:
I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
Click to expand...
I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.
 
H

hanibel

Banned!
Banned
Level 0
Joined
Aug 9, 2011
Messages
29
Trophies
0
Website
Visit site
XP
-9
Country
Argentina
DeadlyFoez said:
obcd said:
I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.

This is simple. 4 lines of code should do the trick:

CODE
Click to expand...
int main() {
IOS_ReloadIOS(254);
return(0);
}
Click to expand...

IOS254 is the bootmii IOS. Replacing the bootmii binary on the sd card with the uneek binaries results in uneek being launched directly.
 
O

obcd

Well-Known Member
Member
Level 4
Joined
Apr 5, 2011
Messages
1,594
Trophies
0
XP
432
Country
Belgium
I obvious wasn't clear enough about that part. Sorry folks.
It should indeed work without the install of an ios.
I need to find a way to embed and execute armcode in a ppc elf file.
I can't think of anything that comes into the neiborhood of such functionallity.
 
Lothlorian

Lothlorian

Well-Known Member
Member
Level 1
Joined
Jul 9, 2009
Messages
207
Trophies
0
Location
Berdoo
XP
46
Country
United States
Looks like TT has released or is getting ready to release a similar exploit based on the same Idea. A Mail Exploit. Says they could not wait for Pune to release it so they reversed engineered it based on what they saw on Youtube... or something like that.

Brand new blog post on hackmii site
 
Arm the Homeless

Arm the Homeless

Custom Title
Member
Level 2
Joined
May 26, 2008
Messages
1,762
Trophies
0
Location
/home/andy/
Website
Visit site
XP
125
Country
United States
hanibel said:
DeadlyFoez said:
obcd said:
I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.

This is simple. 4 lines of code should do the trick:

CODE
Click to expand...
int main() {
IOS_ReloadIOS(254);
return(0);
}
Click to expand...

IOS254 is the bootmii IOS. Replacing the bootmii binary on the sd card with the uneek binaries results in uneek being launched directly.
Click to expand...
You can download that already built here: https://github.com/Vithon/bootios/downloads
It's been there for over 2 years (first commit: May 16, 2009). xD

I'm not gonna try and bullshit anyone by saying I made some grand project though. It's even under the WTFPL...
 
DeadlyFoez

DeadlyFoez

XFlak Fanboy
Banned
Level 12
Joined
Apr 12, 2009
Messages
5,920
Trophies
0
Website
DeadlyFoez.zzl.org
XP
2,875
Country
United States
hanibel said:
DeadlyFoez said:
obcd said:
I guess nobody knows a way to boot into uneek directly with this exploit? I really need to find an elf for that...
I've been wanting to see that for a long time. That would make things complete.

I've talked with pune about it, basically he said that it's not something he's interested in working on. But just to ask him if it was possible, he said yes.

This is simple. 4 lines of code should do the trick:

Code: 
int main() {
IOS_ReloadIOS(254);
return(0);
}
Click to expand...
Click to expand...
DeadlyFoez said:
obcd said:
IOS254 is the bootmii IOS. Replacing the bootmii binary on the sd card with the uneek binaries results in uneek being launched directly.
Click to expand...


QUOTE(XFlak @ Aug 9 2011, 04:51 PM)
Click to expand...
They meant if there is a way to launch s/uneek on a virgin wii without installing anything onto the Wii, including bootmii @ IOS254
Click to expand...
^^Exactly. This is what would be freaking sweet. To be able to go to a friends house and just bring your hard drive and sd card and play your games and your own save games on their wii without having anything that will show that the warranty has been voided by use of unauthorized software because their will be no traces left behind as evidence on the nand of use of said unauthorized software. So basically you in the end feel safe that you did nothing wrong to your friends wii.
 
retKHAAAN

retKHAAAN

Well-Known Member
Member
Level 9
Joined
Mar 14, 2009
Messages
3,840
Trophies
1
XP
1,597
Country
United States
hanibel said:
tueidj said:
JoostinOnline said:
Lol, you know they are just going to move onto something else to complain about.
Click to expand...
Dead right, I'd like to complain about this exploit. How dare I have the balls to do exactly what I said would happen.
Click to expand...
According to this you are the one who did the exploiting part. Kudos to you if this is true.
Click to expand...

Yup. That looks like it's exactly what happened.

i can't be bothered to download it since I don't even have a Wii...but I'm assuming that the readmii states something along the lines of...

"Brought to you by Team Twiizers, Giantpune, and tueidj...
Special thanks to Giantpune for finding an exploit and sharing with us where to look"
 
Bladexdsl

Bladexdsl

fanboys triggered 9k+
Member
Level 22
Joined
Nov 17, 2008
Messages
21,122
Trophies
2
Location
Queensland
XP
12,192
Country
Australia
there's 2 threads about this now
smileipb2.png
 
retKHAAAN

retKHAAAN

Well-Known Member
Member
Level 9
Joined
Mar 14, 2009
Messages
3,840
Trophies
1
XP
1,597
Country
United States
QUOTE said:
blasty // Aug 9, 2011 at 1:36 pm

@0ld8oy/bushing: giantpune _did_ mention a overflow in the message body. I simply started working out the fileformat, encryption, signature, etc. (creating some useful utilities along the road, heh) in order to play with the data in these files. One thing led to another and tueidj managed to forge a crash and eventually exploit it.
Click to expand...
 
tueidj

tueidj

I R Expert
Member
Level 7
Joined
Jan 8, 2009
Messages
2,569
Trophies
0
Website
Visit site
XP
999
Country
ohnoes, you found the sekrit log where he gave all the technical details away!

Seriously, that's like me saying an exploit works by overwriting some data in memory. Of course it does, but that won't help you recreate it.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hardware  Help my Wii‘s broken !!!

Hacking  Bricked Wii Family Edition

Wiiflow brings me back to sys menu... sometimes.

Emulation  Snes9x unacceptable input latency

All Channels Discussion

Hacking  Wii randonly slowing down mid-game

64DD on Wii?

Hacking  AARTool for Wii archives

General chit-chat
Help Users
  • No one is chatting at the moment.
    cearp @ cearp: Welcome hazbeans