Hacking Master boot record exploit?

Fishaman P

Fishaman P

Speedrunner
Member
Level 10
Joined
Jan 2, 2010
Messages
3,323
Trophies
1
Location
Wisconsin
Website
twitch.tv
XP
2,197
Country
United States
That depends on its MBR-finding code. If I were the Nintendo programmer, I'd just check to see if the bytes in the expected location looked valid; I wouldn't even know how to try and execute code from there.
 
Cyan

Cyan

GBATemp's lurking knight
Former Staff
Level 25
Joined
Oct 27, 2002
Messages
23,749
Trophies
4
Age
46
Location
Engine room, learning
XP
15,662
Country
France
to run an exploit, you usually need to overflow the buffer size defined by the developer to write your own code in another part of the memory which will be executed by the console without knowing it's not the correct function anymore.
there's no way to overflow the MBR verification process, as they are reading the sector 0 themselves, using their own defined size.

they create a buffer with a fixed size (usually of the size of one sector, so either 512byte, or 4k).
they Read the first sector's data and store it into the buffer up to the specified size (it will not overflow, they specifically tell how many byte to read/write, the console will not continue to write more data outside of the buffer)
they check the buffer's bytes 511 and 512 to see if they match what they expect. (you cant code anything in two byte, it's only 2 characters, and it's doing a comparison, not executing any part of the MBR's data)
 
  • Like
Reactions: osaka35 and Ray Lewis
Ray Lewis

Ray Lewis

Banned!
Banned
Level 4
Joined
Dec 30, 2012
Messages
1,518
Trophies
0
XP
419
Country
United States
Cyan said:
to run an exploit, you usually need to overflow the buffer size defined by the developer to write your own code in another part of the memory which will be executed by the console without knowing it's not the correct function anymore.
there's no way to overflow the MBR verification process, as they are reading the sector 0 themselves, using their own defined size.

they create a buffer with a fixed size (usually of the size of one sector, so either 512byte, or 4k).
they Read the first sector's data and store it into the buffer up to the specified size (it will not overflow, they specifically tell how many byte to read/write, the console will not continue to write more data outside of the buffer)
they check the buffer's bytes 511 and 512 to see if they match what they expect. (you cant code anything in two byte, it's only 2 characters, and it's doing a comparison, not executing any part of the MBR's data)
Click to expand...
Ahhh, then some games have "situations" that this stuff happens in. I recall some interesting "hacks." 360 needed reset glitch after JTAG was locked down. Then install a file (general terms) using flashing and off you went. Remember PSP 1000? Open battery, cut one pin, then boot with SD card;-)

I love reading stuff like this. A long time ago, a guy proposed reset glitch on an xbox360 specific site. I was in that thread, some wrote it off until later on it was shown to be true. NOT sure that was where it originated though. I really note everything I see. Marcan said sandboxing is Wii U approach. Some proposed internet exploits (HIGHLY possible) but Marcan shot that down. People have lied or tricked me in private before but if true, I believe I know ONE of the games. Not even sure about DELIVERY but game alone may be true;-) Some proposed reading/writing emmc like 3ds is now doing, and using it to DOWNGRADE which basically should expose to previous exploits.

Take system update and then cut out auto updates, and there you go with SDK. If we could write any update to nand like 3ds (one you backed up) then basically any exploits COULD NOT be patched . Might have efuse type of security but I don't know about:-( I like the thinking on this type of stuff.

Seriously, if Wii U can be downgraded like 3ds then patching won't matter. This was why I wanted a way to at least read/write to the eMMC of the Wii U. Some laughed, but look at 3ds now. Downgrading with a backup you make basically makes updates futile. If we had a way to get keys, sign/decrypt/mod those reads, then basically there is a FULL hack right there. I spent a lot of time in technical forums but only READING. I think Cyan knows his stuff. Thanks for sharing that Cyan.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Very annoying that Nintendo never fixed this bug

Pretendo not working with updated games?!

Can you hack your wii u with something other than sd card

Hacking Hardware  Broken WII U, MLC replaced with an SD card De_fuse 0.8 not working

Hacking Emulation Homebrew  Could you explain to me why there are no standalone emulators on Wiiu using aroma?

Wii U (bricked) Mii Maker

Installing a dumped Disc Title as digital on Wii U?

A Tale of Two vWii Systems

General chit-chat
Help Users
  • Psionic Roshambo @ Psionic Roshambo:
    When I worked for Dell we had access to data about military contracts and addresses for high ranking people.
  • Psionic Roshambo @ Psionic Roshambo:
    I personally handled a call from the second highest person at Raytheon. That call bothered me a lot... The guy was nice and smart what bothered me was the way management basically just blew him off instead of going the extra mile to help him.
  • Psionic Roshambo @ Psionic Roshambo:
    In the end that call ended up costing Dell millions in lost contracts with Raytheon, and really the issue could have been solved for like 450 bucks lol
  • NinStar @ NinStar:
    sometimes I wonder why anyone would ever buy mega man x legacy collection 2
  • NinStar @ NinStar:
    I always thought that capcom shuffled the games in these collection, but apparently they are all in chronological order, which makes legacy collection 2 worthless
  • BakerMan @ BakerMan:
    guys, i want to start singing pirate metal songs and sea shanties if i play sea of thieves
  • The Real Jdbye @ The Real Jdbye:
    do it
  • The Real Jdbye @ The Real Jdbye:
    find a pirate metal playlist
     +2
  • The Real Jdbye @ The Real Jdbye:
    and sing along
  • BakerMan @ BakerMan:
    nevermind i just learned swearing is against the rules in sea of thieves

    i was about to start singing the song i last put in "what song are you currently listening to" yesterday
  • BakerMan @ BakerMan:
    but yeah ig so
  • The Real Jdbye @ The Real Jdbye:
    swearing not allowed in a pirate game? what has the world come to
  • BakerMan @ BakerMan:
    (here's the song for context)
  • BigOnYa @ BigOnYa:
    Just add -izle to the end of every curse word, you will be fine.
     +2
  • The Real Jdbye @ The Real Jdbye:
    i like alestorm
     +1
  • The Real Jdbye @ The Real Jdbye:
    @BigOnYa too many syllables
     +1
  • BakerMan @ BakerMan:
    same lmao
  • memeguyonyt123 @ memeguyonyt123:
    hi
  • BigOnYa @ BigOnYa:
    hi, welcome to the Temp!
     +1
  • BakerMan @ BakerMan:
    Welcome to the Underground!
     +1
  • BakerMan @ BakerMan:
    the booty boogie from (once again) the donkey kong country cartoon could also be a good song to sing while playing sea of thieves
  • BigOnYa @ BigOnYa:
    Please insert 25 cents for an additional 30 minutes of talk time.
     +2
  • Psionic Roshambo @ Psionic Roshambo:
    https://www.youtube.com/watch?v=tG7fk_DUz5g
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    https://www.nintendolife.com/news/2024/05/rumour-switch-successors-codename-may-have-been-uncovered
  • Psionic Roshambo @ Psionic Roshambo:
    It's the Switcheroo
    Psionic Roshambo @ Psionic Roshambo: It's the Switcheroo