Hacking Master boot record exploit?

Fishaman P

Fishaman P

Speedrunner
Member
Level 10
Joined
Jan 2, 2010
Messages
3,323
Trophies
1
Location
Wisconsin
Website
twitch.tv
XP
2,205
Country
United States
That depends on its MBR-finding code. If I were the Nintendo programmer, I'd just check to see if the bytes in the expected location looked valid; I wouldn't even know how to try and execute code from there.
 
Cyan

Cyan

GBATemp's lurking knight
Former Staff
Level 25
Joined
Oct 27, 2002
Messages
23,749
Trophies
4
Age
46
Location
Engine room, learning
XP
15,662
Country
France
to run an exploit, you usually need to overflow the buffer size defined by the developer to write your own code in another part of the memory which will be executed by the console without knowing it's not the correct function anymore.
there's no way to overflow the MBR verification process, as they are reading the sector 0 themselves, using their own defined size.

they create a buffer with a fixed size (usually of the size of one sector, so either 512byte, or 4k).
they Read the first sector's data and store it into the buffer up to the specified size (it will not overflow, they specifically tell how many byte to read/write, the console will not continue to write more data outside of the buffer)
they check the buffer's bytes 511 and 512 to see if they match what they expect. (you cant code anything in two byte, it's only 2 characters, and it's doing a comparison, not executing any part of the MBR's data)
 
  • Like
Reactions: osaka35 and Ray Lewis
Ray Lewis

Ray Lewis

Banned!
Banned
Level 4
Joined
Dec 30, 2012
Messages
1,518
Trophies
0
XP
419
Country
United States
Cyan said:
to run an exploit, you usually need to overflow the buffer size defined by the developer to write your own code in another part of the memory which will be executed by the console without knowing it's not the correct function anymore.
there's no way to overflow the MBR verification process, as they are reading the sector 0 themselves, using their own defined size.

they create a buffer with a fixed size (usually of the size of one sector, so either 512byte, or 4k).
they Read the first sector's data and store it into the buffer up to the specified size (it will not overflow, they specifically tell how many byte to read/write, the console will not continue to write more data outside of the buffer)
they check the buffer's bytes 511 and 512 to see if they match what they expect. (you cant code anything in two byte, it's only 2 characters, and it's doing a comparison, not executing any part of the MBR's data)
Click to expand...
Ahhh, then some games have "situations" that this stuff happens in. I recall some interesting "hacks." 360 needed reset glitch after JTAG was locked down. Then install a file (general terms) using flashing and off you went. Remember PSP 1000? Open battery, cut one pin, then boot with SD card;-)

I love reading stuff like this. A long time ago, a guy proposed reset glitch on an xbox360 specific site. I was in that thread, some wrote it off until later on it was shown to be true. NOT sure that was where it originated though. I really note everything I see. Marcan said sandboxing is Wii U approach. Some proposed internet exploits (HIGHLY possible) but Marcan shot that down. People have lied or tricked me in private before but if true, I believe I know ONE of the games. Not even sure about DELIVERY but game alone may be true;-) Some proposed reading/writing emmc like 3ds is now doing, and using it to DOWNGRADE which basically should expose to previous exploits.

Take system update and then cut out auto updates, and there you go with SDK. If we could write any update to nand like 3ds (one you backed up) then basically any exploits COULD NOT be patched . Might have efuse type of security but I don't know about:-( I like the thinking on this type of stuff.

Seriously, if Wii U can be downgraded like 3ds then patching won't matter. This was why I wanted a way to at least read/write to the eMMC of the Wii U. Some laughed, but look at 3ds now. Downgrading with a backup you make basically makes updates futile. If we had a way to get keys, sign/decrypt/mod those reads, then basically there is a FULL hack right there. I spent a lot of time in technical forums but only READING. I think Cyan knows his stuff. Thanks for sharing that Cyan.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  SDUSB - The modern way to play Wii U games from SD - at full speed

Unable to dump OTP.bin

Very annoying that Nintendo never fixed this bug

Hacking Homebrew Tutorial  How to get Nintendo TVii icon back without downgrading + extras

Hacking Emulation Homebrew  Could you explain to me why there are no standalone emulators on Wiiu using aroma?

Wii U (bricked) Mii Maker

A Tale of Two vWii Systems

De_Fuse: Unable to Dump OTP.bin: Firmware Mismatch

General chit-chat
Help Users
  • No one is chatting at the moment.
    BigOnYa @ BigOnYa: Wish they would let us play the NCAA football 14 on newer xbox, its one of the only games I love...