Hacking Would this be possible?

SifJar

SifJar

Not a pirate
OP
Member
Level 7
Joined
Apr 4, 2009
Messages
6,022
Trophies
0
Website
Visit site
XP
1,175
Country
Hi there. I was thinking about apps which patch the System Menu in RAM and then load the patched version, and was wondering, would the same principle be applicable to IOS?

For example, an app is run via bannerbomb (to have extra permissions over launching via HBC) which patches Trucha Bug, ES_DiVerify (ES_Identify) and NAND permissions into IOS36 in RAM then reloads to that IOS and allows you to do anything requiring those exploits (e.g. install Priiloader etc.) without ever installing a patched IOS to NAND?

Or is only the System Menu binary accessible when identified as System Menu (i.e. launched via bannerbomb)?

If the later is the case, is this idea possible at all, even if you would need a patched IOS installed (if you only want one one patched IOS, but need to load an app with another patched IOS)?

Thanks if anyone can answer my questions.
 
giantpune

giantpune

Well-Known Member
Member
Level 2
Joined
Apr 10, 2009
Messages
2,860
Trophies
0
XP
213
Country
United States
when you launch an app from bannerbomb, it is running on the PPC. it has no access to the memory which IOS is running in except for the share stuff the ARM and PPC use to talk back and forth. it would have to somehow exploit the IOS using IPC calls across the shared memory to get the current running IOS to execute code that is not actually part of the IOS. once you have a way to access the memory which you are not supposed to be able to access, you can find what part of the IOS you want to change and directly patch the currently running IOS to let you do stuff that you are not supposed to be able to do.

the STM release exploit explained on the hackmii blog is an example of this. i assume riivolution uses something like this as well.
 
SifJar

SifJar

Not a pirate
OP
Member
Level 7
Joined
Apr 4, 2009
Messages
6,022
Trophies
0
Website
Visit site
XP
1,175
Country
giantpune said:
when you launch an app from bannerbomb, it is running on the PPC. it has no access to the memory which IOS is running in except for the share stuff the ARM and PPC use to talk back and forth. it would have to somehow exploit the IOS using IPC calls across the shared memory to get the current running IOS to execute code that is not actually part of the IOS. once you have a way to access the memory which you are not supposed to be able to access, you can find what part of the IOS you want to change and directly patch the currently running IOS to let you do stuff that you are not supposed to be able to do.

the STM release exploit explained on the hackmii blog is an example of this. i assume riivolution uses something like this as well.
Click to expand...
I'm assuming the STM release exploit is fixed now? I did try to read that post a while back, but it confused me.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Tutorial Project  Wiiflow lite 5.5.4 , 10 themes in one pack 2024 - with extras

Hacking  Bricked Wii Family Edition

64DD on Wii?

Astebros doesn't work on GenPlusGx

All Channels Discussion

Feedback  Hacking The Internet Channel. "Internet Channel Deluxe" ? [WIP]

Hacking  Animal Crossing City Folk not working on any USBLoader

Gaming  Way to fully test very scratched game without a full play through?

General chit-chat
Help Users
  • Veho
  • BakerMan
    I rather enjoy a life of taking it easy. I haven't reached that life yet though.
    Veho @ Veho: https://youtube.com/watch?v=Y23PPkftXIY