Homebrew [Update] FatesHaxx results, news and exploitability

[seijinshu]

Notice: there is an edit at the bottom guys.

Sad news everyone. After further research, I can't seem to exploit FE:Fates.

Here are my findings:

Due to the way the inventory data is stored in the save data (complete unorganized mess), a buffer overflow is not feasible.

After that, I went for another attack, attacking character data.

The character data is stored in a way that there could be a way to stack overflow the data (the bane/boon data is stored after the name data with some arbitrary data in between. This also has many flaws. Example: You cannot overflow the name, as they made it like this:

(Before Name Data)....C.o.r.r.i.n......(After Name Data)

So unless someone figures out how to overflow those arbitrary bits of the name, there is nothing we can do about the name data overflow idea, nor a good entry point from FE:Fates.

If one manages to exploit this, it won't be me.

Sorry to get anyone's hopes up, but I said originally it wasn't very likely.

EDIT: The name stuff is just UTF16, so there might be a way... (Thanks shinyquagsire23)

 

[Thunder Hawk]

Sad news everyone. After further research, I can't seem to exploit FE:Fates.

Here are my findings:

Due to the way the inventory data is stored in the save data (complete unorganized mess), a buffer overflow is not feasible.

After that, I went for another attack, attacking character data.

The character data is stored in a way that there could be a way to stack overflow the data (the bane/boon data is stored after the name data with some arbitrary data in between. This also has many flaws. Example: You cannot overflow the name, as they made it like this:

(Before Name Data)....C.o.r.r.i.n......(After Name Data)

So unless someone figures out how to overflow those arbitrary bits of the name, there is nothing we can do about the name data overflow idea, nor a good entry point from FE:Fates.

If one manages to exploit this, it won't be me.

Sorry to get anyone's hopes up, but I said originally it wasn't very likely.

EDIT: The name stuff is just UTF16, so there might be a way... (Thanks shinyquagsire23)

Well... this was a really good try. Good work. c:

 

[seijinshu]

Well... this was a really good try.

Note the edit at the bottom. I still have a chance

Sent from my LG-H811 using Tapatalk

 

[Deleted member 386348]

Thanks for trying. The amount of shit you got for this was stupid.

 

[seijinshu]

Thanks for trying. The amount of shit you got for this was stupid.

I still have a chance. Read the edit.

Sent from my LG-H811 using Tapatalk

 

[Deleted member 386348]

I still have a chance. Read the edit.

Sent from my LG-H811 using Tapatalk

Regardless of whether it's accomplished or not, thank for taking your time to try this. I hope it goes through.

 

[seijinshu]

Regardless of whether it's accomplished or not, thank for taking your time to try this. I hope it goes through.

No problem

Sent from my LG-H811 using Tapatalk

 

[DKB]

Good luck, that's all I could say.

 

[Harvest God]

Notice: there is an edit at the bottom guys.

Sad news everyone. After further research, I can't seem to exploit FE:Fates.

Here are my findings:

Due to the way the inventory data is stored in the save data (complete unorganized mess), a buffer overflow is not feasible.

After that, I went for another attack, attacking character data.

The character data is stored in a way that there could be a way to stack overflow the data (the bane/boon data is stored after the name data with some arbitrary data in between. This also has many flaws. Example: You cannot overflow the name, as they made it like this:

(Before Name Data)....C.o.r.r.i.n......(After Name Data)

So unless someone figures out how to overflow those arbitrary bits of the name, there is nothing we can do about the name data overflow idea, nor a good entry point from FE:Fates.

If one manages to exploit this, it won't be me.

Sorry to get anyone's hopes up, but I said originally it wasn't very likely.

EDIT: The name stuff is just UTF16, so there might be a way... (Thanks shinyquagsire23)

Well I comprehend you on at least saying you can't seem to do it. It was so horrific reading all those posts. Also, the inventory is actually organized along with their other stuff, so don't call it a complete unorganized mess. I don't see an exploit of this possible, even though the save data is quite sensitive hehe.

 

[seijinshu]

Well I comprehend you on at least saying you can't seem to do it. It was so horrific reading all those posts. Also, the inventory is actually organized along with their other stuff, so don't call it a complete unorganized mess. I don't see an exploit of this possible, even though the save data is quite sensitive hehe.

I was never able to comprehend the inventory, but that is just me.

Sent from my LG-H811 using Tapatalk

 

[shipwreck5]

I wish this works out just so those jerks could eat their words. but seriously i wish there were more people willing to find exploits and more importantly more people who support others.

 

[Deleted-379826]

Nintendo deserves it for censoring our game smh exploit the hell out if it!

 

[shipwreck5]

Its official: Bortz is awesome!

 

[Mrrraou]

oh well. i guess i'll have to make details about this because mods

Sad news everyone. After further research, I can't seem to exploit FE:Fates.

Of course you can't. Have you even used IDA, radare2, or even any disassembler to try reading the game code, if a crash was triggered ? I even doubt you tried to use Luma3DS-dev to get the needed registers to check the crash in the game code.

Here are my findings:

Due to the way the inventory data is stored in the save data (complete unorganized mess), a buffer overflow is not feasible.

wth ? details ? something ? how is it not possible, how is it stored ?

After that, I went for another attack, attacking character data.

The character data is stored in a way that there could be a way to stack overflow the data (the bane/boon data is stored after the name data with some arbitrary data in between. This also has many flaws. Example: You cannot overflow the name, as they made it like this:

(Before Name Data)....C.o.r.r.i.n......(After Name Data)

So unless someone figures out how to overflow those arbitrary bits of the name, there is nothing we can do about the name data overflow idea, nor a good entry point from FE:Fates.

what the fuck ? you're talking about a stack overflow and then a buffer overflow (overflowing the name) !? what is the logic here ?
and it's ascii data, not hexadecimal data here, nothing is showing why it can't be overflowed. the real way to see if it a buffer can be overflowed is in the game code, not in the save data... that's completely stupid.
and overflowing names is not the only way to make exploits. most of the exploits are based on buffer overflows and stack overflows, though.

EDIT: The name stuff is just UTF16, so there might be a way... (Thanks shinyquagsire23)

There is no relation between the fact it's using utf16 and the fact it's being exploitable to me...

If one manages to exploit this, it won't be me.

Sorry to get anyone's hopes up, but I said originally it wasn't very likely.

No comment.





Also thanks Bortz for removing my video. So if I may, I'll repost it, as I explained myself about it.

 

[seijinshu]

Lets not rant here. I've done analyzing with Luma-Dev, NTR. UTF16 has the extra spaces in the ASCII plaintext.

Sent from my LG-H811 using Tapatalk

 

[Mrrraou]

Lets not rant here. I've done analyzing with Luma-Dev, NTR. UTF16 has the extra spaces in the ASCII plaintext.

Sent from my LG-H811 using Tapatalk

It's likely that it won't mean really much on the exploit side, most of the time. And analyzing with Luma-dev and NTR, I'm sorry but what ? have you even tried getting sp and lr to know where crashes were triggered and re that part of the code to understand it and then trying to exploit it ? i doubt it so, seriously, from what i'm reading here; you barely did anything.
and

UTF16 has the extra spaces in the ASCII plaintext.

i'm sorry but what ? that makes no sense.



anyway, if you want to be as famous as the prohax guys, well that's good! you're on the good way, you are just alone this time, and trying to say "hacker" stuff in a more "complicated" but illogical way !
Also, "GBATemp's young and rogue hacker.", that's pretty funny. I wonder how active you are on the Wii U atm, btw.

 

[seijinshu]

It's likely that it won't mean really much on the exploit side, most of the time. And analyzing with Luma-dev and NTR, I'm sorry but what ? have you even tried getting sp and lr to know where crashes were triggered and re that part of the code to understand it and then trying to exploit it ? i doubt it so, seriously, from what i'm reading here; you barely did anything.
and

i'm sorry but what ? that makes no sense.



anyway, if you want to be as famous as the prohax guys, well that's good! you're on the good way, you are just alone this time, and trying to say "hacker" stuff in a more "complicated" but illogical way !
Also, "GBATemp's young and rogue hacker.", that's pretty funny. I wonder how active you are on the Wii U atm, btw.

You gotta remember.
This is my first project like this. My other projects were simple mods. And why would my activity on the Wii u have any relevance?
None the less, don't post if all you are spatting out is negative crap and making this thread into a shit circle like the old one is not going to be accepted.

Bad news: I'm not feeling too well right now. Trying to get my new 3ds up and running is no fun, and on top of the fact that I am feeling a little sick... Ain't pleasant.

Sent from my LG-H811 using Tapatalk

 

[chaoskagami]

Not to jump in here, but any class of bug is worthless on the 3DS unless you can get controllable data onto the stack and overwrite lr or pc.

Neither of which seem to be happening here.

 

[Docmudkipz]

Damn, I would've never guessed that the game wasn't exploitable in the first place.

Spoiler

I'll stop now

 

[Mrrraou]

You gotta remember.
This is my first project like this. My other projects were simple mods. And why would my activity on the Wii u have any relevance?
None the less, don't post if all you are spatting out is negative crap and making this thread into a shit circle like the old one is not going to be accepted.

Sent from my LG-H811 using Tapatalk

first project != having the right to spread bullshit on the forums and claiming to be an hacker
if you really want to learn, just do it the right way. you could have learnt the ninjhax writeup, the psmdhax writeup, the (v*)hax writeup, etc...
you could have learnt ARM, C, how to use IDA/radare2/whatever disasm you wanna use, and try something. And I'm sure someone would have helped you if you needed it at some point. (however, that person wouldn't have done the work for you.)
The activity on Wii U doesn't have any relevance. I was just talking about your first post on GBAtemp.
And if all I spat out is "negative crap", then, I'm sorry for you if you can't take constructive criticism. I'm sure harsh and hard on that, but I'm not saying "this is shit, fuck you, kthxbai". And if it's not me that will do it, someone else will. Instead of trying to feel "superior and smart" because some "non-techies" praised you, you should actually try to learn something out of that, instead of spraying bullshit, which is the cause for the stuff happening here.