Did you really just reply to your own post saying lol...welp going to edit the html to make it a joke program
--------------------- MERGED ---------------------------
lol
Did you really just reply to your own post saying lol...welp going to edit the html to make it a joke program
--------------------- MERGED ---------------------------
lol
yepDid you really just reply to your own post saying lol...
any updates on the "very promising" one?
This was tested with an IS-TWL emulator. Tl;dr go home folks, it's just a null pointer dereference again :/
Oh, must have missed thatOP has a second bug (which hasn't been publicly posted) which is the "promising one" that's being referenced here.
Oh, must have missed that
But: nothing is over yet, i've an another one that looks very promising.
That one is capable of causing corruptions (look at the loading symbol in imgur picture bellow). Result is general application instability that leads then to an final crash.
PoC will come when its "stable" enough i guess it's a very fresh one.
Preview:
imgur.com/vPCf1T4.jpg
This is what alot of people think. The amount of threads here titled "I think i found an exploit" with the contents being an app crashing are too high. While a crash is part of most exploits, the crash has to open up a flaw in the system to allow a payload to run. Also, a crash is when a piece of software encounters an error and causes something to happen which prevents the software from continuing. Occasionally it allows an exploit but most of the time its a simple error.If I understand correctly:
Just because an app crashes, that means it’s an exploit (as long as you have a payload in the right place) So anyone can make an exploit as long as they get an app to crash
Am I correct?
I honestly have no understanding of how exploits are even made
I thought soThis is what alot of people think. The amount of threads here titled "I think i found an exploit" with the contents being an app crashing are too high. While a crash is part of most exploits, the crash has to open up a flaw in the system to allow a payload to run. Also, a crash is when a piece of software encounters an error and causes something to happen which prevents the software from continuing. Occasionally it allows an exploit but most of the time its a simple error.
*throws ds on floor*
Person: oo it crashed, must be an exploit
Everyone Else: -_-
There are two camps here with regards to exploit discovery.
1. I made Thing crash! I found exploit! I will make a thread on GBAtemp and become famous!
2. You made Thing crash? Useless! Nothing ever comes from non-programmers finding crashes! GBAfail, amirite?
Both camps here are wrong, but the truth is closer to #2.
In any event, the best thing to do if you find a crash is to contact someone with a record of exploitation and tell them about it rather than make a gbatemp thread and risk embarrassment. The hacker will give you some credit if the crash amounts to something.
Yes memory is limited but there are still many options if you can get ROP.... I have a IS-TWL-DEBUGGER so if you need anything tested please let me know.This isn't a viable exploit, as I cannot find a single way to use a ROP chain.
The amount of memory available is greatly limited, and I don't even know if the browser has SD card access privileges.
There is absolutely no way whatsoever to get ROP using this method.Yes memory is limited but there are still many options if you can get ROP.... I have a IS-TWL-DEBUGGER so if you need anything tested please let me know.
Quoting this so people can see your edit.There is absolutely no way whatsoever to get ROP using this method.
EDIT: Holy shit! Completely ignore everything I just said! This is 100% exploitable!
I was able to send arbitrary addresses to RAM to make the top or bottom screen turn a chosen colour on crash!
Someone else needs to modify the code to send a ROP chain, I'm not an expert with this, and I'm not sure what to send to kernel.
Trust me, it was 100% intentional!Quoting this so people can see your edit.
Best unintentional April Fools ever