Toggle sidebar

Hacking Suggestion Possible exploit? WiiU>Switch

  • Thread starter Thread starter SjorsMaster
  • Start date Start date
  • Views Views 15,400
  • Replies Replies 68
  • Likes Likes 5
It's a possibility, since the exploit causes a crash. The chance of that possibility actually being able to be used for leading to ACE is slim. It's more than likely just failing sanity checks, and thus preventing further reading of the file. As @linuxares said, there's protection against overflows, but it's not just a one-size-fits-all protection.
 
It's plausible. Anyone saying "that's not how this works" obviously don't know how past exploits were discovered. It usually starts with just a crash, from there you have to debug to figure out exactly why it crashed, and try to manipulate the crash in a controllable manner.
The last part is the key. If the crash can't be manipulated in a controllable manner then it's not exploitable. There also has to be some way to get the data you need for the exploit into memory (that would be the actual "code" you want to execute)

So while this is far from an exploit, it's the first step to one. It's a good thing that people post things like this, it gives hackers an idea of where to look for exploits, even if it might turn out to be nothing.
 
  • Like
Reactions: AboodXD, TheTrueDream42, DarthDub and 3 others
The Real Jdbye said:
It's plausible. Anyone saying "that's not how this works" obviously don't know how past exploits were discovered. It usually starts with just a crash, from there you have to debug to figure out exactly why it crashed, and try to manipulate the crash in a controllable manner.
The last part is the key. If the crash can't be manipulated in a controllable manner then it's not exploitable. There also has to be some way to get the data you need for the exploit into memory (that would be the actual "code" you want to execute)

So while this is far from an exploit, it's the first step to one. It's a good thing that people post things like this, it gives hackers an idea of where to look for exploits, even if it might turn out to be nothing.
Click to expand...
there may be something related to sign posts and unsupported charecters and corrupted text
 
The Real Jdbye said:
It's plausible. Anyone saying "that's not how this works" obviously don't know how past exploits were discovered. It usually starts with just a crash, from there you have to debug to figure out exactly why it crashed, and try to manipulate the crash in a controllable manner.
The last part is the key. If the crash can't be manipulated in a controllable manner then it's not exploitable. There also has to be some way to get the data you need for the exploit into memory (that would be the actual "code" you want to execute)

So while this is far from an exploit, it's the first step to one. It's a good thing that people post things like this, it gives hackers an idea of where to look for exploits, even if it might turn out to be nothing.
Click to expand...
Yes, and it's been noted before.. A crash doesn't mean exploit.
 
Memoir said:
Yes, and it's been noted before.. A crash doesn't mean exploit.
Click to expand...

Of course no, how is a wiiu hacked map supposed to ever be an exploit ? No one is saying for sure this can lead to something concrete, but at least it's worth a try by the devs, anyone saying it's just a waste of time is an annoying arrogant saccent that is willing to let this chance get lost just to show to the world his/her pseudo knowledge. Who knows if these maps, modified in a way they can be read by switch, can someway open a crack in the switch scene..
 
  • Like
Reactions: TotalInsanity4
Shajk00 said:
Of course no, how is a wiiu hacked map supposed to ever be an exploit ? No one is saying for sure this can lead to something concrete, but at least it's worth a try by the devs, anyone saying it's just a waste of time is an annoying arrogant saccent that is willing to let this chance get lost just to show to the world his/her pseudo knowledge. Who knows if these maps, modified in a way they can be read by switch, can someway open a crack in the switch scene..
Click to expand...
The only way to achieve arbitrary rw in that way is causing a buffer overlow and using it to execute JOP/ROP chains which will execute our code, which is unlikely because of buffer overflow protection namely ASLR. Also modifying minecraft maps to cause a buffer overlow is even if there was the opportunity to, not possible without a way to bypass the ASLR at first.

You guys will probably get more webkit sploits and maybe a gallery sploit. Just wait for the 34c3.
 
Last edited by adrifcastr,
Shajk00 said:
Of course no, how is a wiiu hacked map supposed to ever be an exploit ? No one is saying for sure this can lead to something concrete, but at least it's worth a try by the devs, anyone saying it's just a waste of time is an annoying arrogant saccent that is willing to let this chance get lost just to show to the world his/her pseudo knowledge. Who knows if these maps, modified in a way they can be read by switch, can someway open a crack in the switch scene..
Click to expand...
I'm not saying it's not. I'm saying that people shouldn't get hyped over what may never be.
 
The Real Jdbye said:
It's plausible. Anyone saying "that's not how this works" obviously don't know how past exploits were discovered. It usually starts with just a crash, from there you have to debug to figure out exactly why it crashed, and try to manipulate the crash in a controllable manner.
The last part is the key. If the crash can't be manipulated in a controllable manner then it's not exploitable. There also has to be some way to get the data you need for the exploit into memory (that would be the actual "code" you want to execute)

So while this is far from an exploit, it's the first step to one. It's a good thing that people post things like this, it gives hackers an idea of where to look for exploits, even if it might turn out to be nothing.
Click to expand...
correct me if I am wrong, but buffer overflow issues were already discovered on the switch, correct? or was that the wii u?
 
adrifcastr said:
all he did was crashing the game because it can't read the file. that's it. oh and by the way, calling someone an asshole is being one yourself, since randomely insulting probably is not going to solve your agression problems.
Click to expand...

You're right. Sorry I insulted you. But the gist of your posts came across as "I know all about hacking and you don't. Go and read about hacking and come back and prove this is an exploit". OP probably doesn't have that kind of expertise. You can just politely say why it won't work. Using words like "nonsense" isn't polite.
 
Steps to crash minecraft (no exploit/hacking needed):
1. Make iron farm
2. Get 1m iron
3. Make a lot of rails and even more minecart
4.put minecarts on rails and make them move
5. Crash happening in 3...2..
 
  • Like
Reactions: TheTrueDream42
Savegame exploits on switch are extremely unlikely to ever materialize, because of ASLR being enabled on the system.

In order to create an exploit, you need two exploitable bugs in one game -- an information leak, and a memory/control flow corruption of some kind. While save files are likely to have the second, there is very little interactive about loading them, and the first would be extremely difficult to ever see in a game (it basically requires some kind of scripting engine be in place with controllable input...in the web browser, javascript + information leak bugs serve this purpose).

Even if your crash is exploitable on Wii U I would give a ~0% chance it's exploitable on the Switch.
 
  • Like
Reactions: TheMCNerd2017, Selver, DarthDub and 7 others
adrifcastr said:
There is a big difference about a game crashing because of being unable to read a file, and a game crashing because of a buffer overflow.
Click to expand...
I know this, but a buffer overflow isn't a concept everyone is aware of, even though it is a very common phrase thrown around. People don't know the technicalities. They just take in information and observe patterns like crashes and exploits and make faulty conclusions. It's not stupidity, it's just not having the information. And yes people without much information could shut up, but people want to be helpful so it's in their nature to inquire about something like this. There are much worse people out there with much worse questions. At least the guy gets to learn a bit about the nature of exploits.
 
linuxares said:
The Switch is protected against buffer overflows, so it's not that easy.
Click to expand...
How does that work?

And if that's true how does the webkit exploit work? Is it not a buffer overflow? I mean, it's possible that this isn't a buffer overflow either.
 
parrotgeek1 said:
How does that work?

And if that's true how does the webkit exploit work? Is it not a buffer overflow? I mean, it's possible that this isn't a buffer overflow either.
Click to expand...
adress space layout randomization, aslr for short it randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries , which makes it impossible to execute a ROP chain tbrough a buffer overflow. ASLR is also used by the 3DS OS. but smea is smea, and smea has bypasses.

--------------------- MERGED ---------------------------

SciresM said:
Savegame exploits on switch are extremely unlikely to ever materialize, because of ASLR being enabled on the system.

In order to create an exploit, you need two exploitable bugs in one game -- an information leak, and a memory/control flow corruption of some kind. While save files are likely to have the second, there is very little interactive about loading them, and the first would be extremely difficult to ever see in a game (it basically requires some kind of scripting engine be in place with controllable input...in the web browser, javascript + information leak bugs serve this purpose).

Even if your crash is exploitable on Wii U I would give a ~0% chance it's exploitable on the Switch.
Click to expand...
And thanks for finally someone well known in the hacking scene saying the almost exact same thing as I did. Thank you.
 
  • Like
Reactions: satan89
adrifcastr said:
adress space layout randomization, aslr for short it randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries , which makes it impossible to execute a ROP chain tbrough a buffer overflow. ASLR is also used by the 3DS OS. but smea is smea, and smea has bypasses.

--------------------- MERGED ---------------------------


And thanks for finally someone well known in the hacking scene saying the almost exact same thing as I did. Thank you.
Click to expand...
That wasn't smug... Not at all...
 
Thanks y'all who took my question seriously instead of just hammering it into the ground.

I thought it would be possible because there have been exploits before via save files, so I felt like it was worth sharing,
Even if it turns out to be nothing. I learned a bit more about it.

So thanks for taking the time to read it, and for defending/supporting my idea.
I apprentice it.

Cheers!
 
  • Like
Reactions: Quantumcat, TheTrueDream42, TotalInsanity4 and 4 others

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  New Homebrew "Foil Server"?

Homebrew  Full List of N64 Recompilation Switch ports

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Is it fixable

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Hacking Emulation  Switch Prod Keys downloading from sites okay?