Would this be possible?

Discussion in 'Wii - Hacking' started by SifJar, Apr 25, 2010.

Apr 25, 2010

Would this be possible? by SifJar at 12:22 PM (825 Views / 0 Likes) 3 replies

  1. SifJar
    OP

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    Hi there. I was thinking about apps which patch the System Menu in RAM and then load the patched version, and was wondering, would the same principle be applicable to IOS?

    For example, an app is run via bannerbomb (to have extra permissions over launching via HBC) which patches Trucha Bug, ES_DiVerify (ES_Identify) and NAND permissions into IOS36 in RAM then reloads to that IOS and allows you to do anything requiring those exploits (e.g. install Priiloader etc.) without ever installing a patched IOS to NAND?

    Or is only the System Menu binary accessible when identified as System Menu (i.e. launched via bannerbomb)?

    If the later is the case, is this idea possible at all, even if you would need a patched IOS installed (if you only want one one patched IOS, but need to load an app with another patched IOS)?

    Thanks if anyone can answer my questions.
     
  2. nicksasa

    Member nicksasa GBAtemp Maniac

    Joined:
    Oct 25, 2008
    Messages:
    1,410
    Country:
    Belgium
    you could do that trough bootmii, cboot2 is an example of this
     
  3. giantpune

    Member giantpune GBAtemp Addict

    Joined:
    Apr 10, 2009
    Messages:
    2,860
    Country:
    United States
    when you launch an app from bannerbomb, it is running on the PPC. it has no access to the memory which IOS is running in except for the share stuff the ARM and PPC use to talk back and forth. it would have to somehow exploit the IOS using IPC calls across the shared memory to get the current running IOS to execute code that is not actually part of the IOS. once you have a way to access the memory which you are not supposed to be able to access, you can find what part of the IOS you want to change and directly patch the currently running IOS to let you do stuff that you are not supposed to be able to do.

    the STM release exploit explained on the hackmii blog is an example of this. i assume riivolution uses something like this as well.
     
  4. SifJar
    OP

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    I'm assuming the STM release exploit is fixed now? I did try to read that post a while back, but it confused me.
     

Share This Page