Homebrew New Super Mario Bros 2 crash. Could an exploit would be possible

[Ordim3n]

So i was messing with NSMB2's save and i encountered a crash.
Things that i know:
There is no checksums in the save
I changed the streetpass tags to get the crash
The game will still accept the save even if the Streetpass section of the save is filled with FF and will look like this

Video of the crash happening on both a N3ds and a O3ds

I know that a crash doesn't always lead to an exploit

 

[Nyap]

incoming hate

 

[Ordim3n]

That is a risk that need to be taken

 

[vb_encryption_vb]

There should be a separate sub section for "crashed games" so devs can investigate if they want.

 

[Ordim3n]

So... i'll probably upload some "docs"

 

[Swiftloke]

Not quite SMILEBasic in terms of actual reasoning but at least there's some period.

 

[DKB]

Unlike the Fateshax..there's something here. Ugh.

 

[DarkFlare69]

I don't see a way to get any code execution through this

 

[Ordim3n]

Well, the game has access to the shell

 

[Swiftloke]

I don't see a way to get any code execution through this

Well, clearly there are no checks whatsoever in the actual Streetpass data. First we need to find out what we can potentially overflow into, and if the game checks for overflows.

--------------------- MERGED ---------------------------

Well, the game has access to the shell

What shell? NS? Isn't that an extremely interesting target, enough to be in the 32c3 conference?
Either way, it doesn't help with code execution. It just gives us access to a very nice service if we do get code execution.

 

[Ordim3n]

What shell? NS? Isn't that an extremely interesting target, enough to be in the 32c3 conference?
Either way, it doesn't help with code execution. It just gives us access to a very nice service if we do get code execution.

Yeah, i think the NS. Because when i did the rsf gen, it had - shell iirc

 

[Swiftloke]

Yeah, i think the NS. Because when i did the rsf gen, it had - shell iirc

Look into it a bit more, please. At that, overflow Streetpass data and check the results in Citra debugging.

 

[dubbz82]

No. For the love of god, just stop while you're ahead.

 

[Ordim3n]

Look into it a bit more, please. At that, overflow Streetpass data and check the results in Citra debugging.

ok, i just need to redump my game

 

[Deleted User]

Yep a cool crash, but hey people are not going to create a thread everytime a crash occurs.
Please investigate that before posting anything, a bunch of games are crashing when fuzzing the save file.

 

[dubbz82]

So i was messing with NSMB2's save and i encountered a crash.I know that a crash doesn't always lead to an exploit

As a matter of fact, almost NEVER leads to an exploit.

 

[Swiftloke]

Yep a cool crash, but hey people are not going to create a thread everytime a crash occurs.
Please investigate that before posting anything, a bunch of games are crashing when fuzzing the save file.

He did, actually. He found out the Streetpass data content isn't checked.
Your fears are well founded, however. Things like Fateshax understandably erode trust in potentially legitimate hacks. Checking the early pages of BasicSploit are full of skeptical users crying out 'Fateshaxx 2.0'.

 

[Deleted User]

He did, actually. He found out the Streetpass data content isn't checked.

He don't know what's going on actually.

 

[DarkFlare69]

He did, actually. He found out the Streetpass data content isn't checked.
Your fears are well founded, however. Things like Fateshax understandably erode trust in potentially legitimate hacks. Checking the early pages of BasicSploit are full of skeptical users crying out 'Fateshaxx 2.0'.

But this one's actually real.

 

[Swiftloke]

But this one's actually real.

Precisely. Just because there is a crash, ironically, doesn't mean there won't be an exploit.