- Joined
- Jun 27, 2017
- Messages
- 734
- Trophies
- 0
- Location
- The Ruins of GBATemp (3DSTemp.net)
- XP
- 1,999
- Country
- Joined
- Feb 26, 2017
- Messages
- 4,046
- Trophies
- 2
- Age
- 20
- Location
- Hollister, CA
- Website
- dionicio3.com
- XP
- 7,191
- Country
OP has a second bug (which hasn't been publicly posted) which is the "promising one" that's being referenced here. 
- Joined
- Feb 26, 2017
- Messages
- 4,046
- Trophies
- 2
- Age
- 20
- Location
- Hollister, CA
- Website
- dionicio3.com
- XP
- 7,191
- Country
Oh, must have missed thatOP has a second bug (which hasn't been publicly posted) which is the "promising one" that's being referenced here.
- Joined
- Feb 26, 2017
- Messages
- 4,046
- Trophies
- 2
- Age
- 20
- Location
- Hollister, CA
- Website
- dionicio3.com
- XP
- 7,191
- Country
If I understand correctly:
Just because an app crashes, that means it’s an exploit (as long as you have a payload in the right place) So anyone can make an exploit as long as they get an app to crash
Am I correct?
I honestly have no understanding of how exploits are even made
Just because an app crashes, that means it’s an exploit (as long as you have a payload in the right place) So anyone can make an exploit as long as they get an app to crash
Am I correct?
I honestly have no understanding of how exploits are even made
Last edited by Alex4nder001,
This is what alot of people think. The amount of threads here titled "I think i found an exploit" with the contents being an app crashing are too high. While a crash is part of most exploits, the crash has to open up a flaw in the system to allow a payload to run. Also, a crash is when a piece of software encounters an error and causes something to happen which prevents the software from continuing. Occasionally it allows an exploit but most of the time its a simple error.
*throws ds on floor*
Person: oo it crashed, must be an exploit
Everyone Else: -_-
There are two camps here with regards to exploit discovery.
1. I made Thing crash! I found exploit! I will make a thread on GBAtemp and become famous!
2. You made Thing crash? Useless! Nothing ever comes from non-programmers finding crashes! GBAfail, amirite?
Both camps here are wrong, but the truth is closer to #2.
In any event, the best thing to do if you find a crash is to contact someone with a record of exploitation and tell them about it rather than make a gbatemp thread and risk embarrassment. The hacker will give you some credit if the crash amounts to something.
1. I made Thing crash! I found exploit! I will make a thread on GBAtemp and become famous!
2. You made Thing crash? Useless! Nothing ever comes from non-programmers finding crashes! GBAfail, amirite?
Both camps here are wrong, but the truth is closer to #2.
In any event, the best thing to do if you find a crash is to contact someone with a record of exploitation and tell them about it rather than make a gbatemp thread and risk embarrassment. The hacker will give you some credit if the crash amounts to something.
Last edited by zoogie,
You know what. Given the number of people there are round here taking credit for exploits they didn't discover I'd say post away and understand that not all crashes are necessarily exploits. The potential is there for every crash though.
This isn't a viable exploit, as I cannot find a single way to use a ROP chain.
The amount of memory available is greatly limited, and I don't even know if the browser has SD card access privileges.
The amount of memory available is greatly limited, and I don't even know if the browser has SD card access privileges.
Yes memory is limited but there are still many options if you can get ROP.... I have a IS-TWL-DEBUGGER so if you need anything tested please let me know.
There is absolutely no way whatsoever to get ROP using this method.
EDIT: Holy shit! Completely ignore everything I just said! This is 100% exploitable!
I was able to send arbitrary addresses to RAM to make the top or bottom screen turn a chosen colour on crash!
Someone else needs to modify the code to send a ROP chain, I'm not an expert with this, and I'm not sure what to send to kernel.
Last edited by SimonMKWii,
Trust me, it was 100% intentional!Quoting this so people can see your edit.
Best unintentional April Fools ever
Unfortunately nobody seemed to get it...
You need to change 0x18000 RAM addresses to fill both screens with a solid colour anyway, and good luck fitting that in the 2KB html file...
All it does is crash the browser, which I can do about 100 other ways!
Looking at the script, from the outset, it would be literally impossible to send any kind of arbitrary code whatsoever to the kernel.
Similar threads
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
K3Nv2:
Aw shit sonics got that orange cloud circle whatever the hell they call it out rip cholesterol -
@
Psionic Roshambo:
I think the Mister is cool and all, but honestly I have seen some video's exploring the difference between hardware and software emulation and the advantages of both.... I would pick software over FPGA, wouldn't mind some sort of hybrid approach but I can only imagine how complex that would be and how expensive. -
-
-
-
-
-
-
-
