Hacking Zelda Buffer overflow

DigitalDeviant

Well-Known Member
Member
Joined
Feb 14, 2010
Messages
2,082
Trophies
1
Location
Solar Federation
Website
Visit site
XP
704
Country
United States
Coto said:
DigitalDeviant said:
Rydian said:
Yeah this was somebody with an idea, but then it got shot down in the first few replies.

I'm curious Rydian, is a buffer overflow hack(in general) with in the realm of possibilities for 3DS or is it something that just cannot be discerned without
more information?

It would be too early to assume anything. The best to do now would be to sniff ram, and start from there. I get the feeling the security built in 3DS mode is much more complex than we all believe. Heck even the NDS (DS) firmware is encrypted with a 1024-bit RSA signature.

thanks for you input as well, Rydian?
 

Pippin666

SSF43DE Master
Member
Joined
Mar 30, 2009
Messages
2,098
Trophies
1
Age
42
Location
Montreal, Qc
Website
www.tetesrasees.com
XP
1,849
Country
Canada
Firemen extinguish fire and hackers, well, hack. My warez is as much important as a fireman is needed to extinguish the fire burning my house. QUICK !

Pip'

P.S. : I disagree with DF, not everyone in here is a freaking retard.
 

DeadlyFoez

XFlak Fanboy
Banned
Joined
Apr 12, 2009
Messages
5,920
Trophies
0
Website
DeadlyFoez.zzl.org
XP
2,875
Country
United States
Pippin666 said:
Firemen extinguish fire and hackers, well, hack. My warez is as much important as a fireman is needed to extinguish the fire burning my house. QUICK !

Pip'

P.S. : I disagree with DF, not everyone in here is a freaking retard.
Actually you fucking SHMUCK, I never called anyone here a 'retard'. I don't ever use that word at all. Get your shit straight before talking out your ass.

And I never said a generalization about everyone here at all. Learn to read. I used to have a little respect for you before, but now it is all gone with your utter lack of intelligence and willing to read. Reread what I said and then understand how your comments make you look like an idiot all by yourself.

It was the douche bag that I was quoting that was calling certain people 'retards', and he should be burned at the stake for that comment.
 

TankedThomas

Well-Known Member
Member
Joined
May 5, 2009
Messages
619
Trophies
1
Location
New Zealand
XP
546
Country
New Zealand
What a misleading title. This would fall under the same category as the multiple hats glitch in Super Mario 64 DS. It's not going to magically crack open the system for you and spread piracy (and homebrew, for those still using that as an excuse) to the masses.
 

walk12288

Member
Newcomer
Joined
May 10, 2011
Messages
5
Trophies
0
XP
4
Country
United States
totalnoob617 said:
great post explaining about heap and stack overflows , i was about to bring that up but was beaten to it by someone more knowledgeable,
so was the wii exploit a stack smash or was it a heap overflow that was called a stack smash
i forget if it was or if i am thinking of the ps3 jailbreak ,which is either a heap or stack overflow, i think they are both heap overflows that are misnomers being called stack smash attacks
i remember reading about this but it was awhile ago
i know the ps3 jailbreak dongles work by emulating a usb hub that emulates devices being plugged in and out really fast on different ports in a specific sequence to overflow the heap i think

Yea, the exploit on the PS3 was a heap overflow. I didn't follow the Wii hacking scene. I can't honestly tell you what the exploit was unless I went back and read on it. Later in the thread they mention naming your horse was exploited. That would most likely be a stack overflow.


Ron457x2 said:
machomuu said:
Ron457x2 said:
pachura said:
n00bz think game crashing or freezing is buffer overflow. Pathetic.
Thats what I thought.
unsure.gif


Wait...You were serious!? I thought you were joking when you put that video up.

But aren't most exploits game crashes(or so they seem)? Yes I know it will run on unassigned coding,
but I thought they were the same thing or similar, breaking the game is one, implementing a code is another.

In order for a buffer overflow to work, the game's memory must be 'corrupted' in a sense. You are writing to an area in the memory where you aren't allowed to. This halts normal runtime code. With enough work/luck you can inject your code in place of the game's normal code. Because of this, the game will freeze/crash...

QUOTE(zanfire @ Jun 30 2011, 02:07 PM)
i remember in twilight princess, th ehack for will was the overflow with naming Epona (right?). Its been a while, but cant you name it in here too? jw if anyone tried that one out yet.

(guessing someone thought that one through a while ago, but cant hurt to ask)

As I stated in my post back on page 1, string exploits require that the developer not include validation of the value. If the exploit was already found, then validation would have been coded into this version...


QUOTE(urisma @ Jul 1 2011, 10:16PM)
I know you didn't point that question at me, but I have the knowledge to answer it. It's definitely possible to do a buffer overflow exploit. The vulnerabilities exist in pretty much all types of software regardless of of the system, be it a game console, PC, embedded something, etc. The only problem is A) figuring out whether or not it's exploitable. Very few of them actually give the ability to run unsigned code and it's also impossible to figure out whether or not it's impossible without looking at the code (for the most part at least). Perhaps a proof of concept can be brewed up with a huge NOP sled and insane luck, but that's far far away from running your own programs. B) if it is exploitable, making the exploit. You'll have to read through disassemblies galore looking for how exactly to implement the exploit, since they are completely non portable. A completely unique exploit has to be made for every overflow.

Someone else didn't read my post on the first page > : D! It's only possible to perform a buffer overflow exploit if there is no hardware based protection (read this: https://lirias.kuleuven.be/bitstream/123456...77/1/paper.pdf). On top of that, if you are exploiting a string, the developer must miss a validation. The reason I've kept with stack overflows for right now is that heap overflows are insanely difficult to pull off. You need a good knowledge of the memory and coding for the system you are working on.
 

Rydian

Resident Furvert™
Member
Joined
Feb 4, 2010
Messages
27,880
Trophies
0
Age
36
Location
Cave Entrance, Watching Cyan Write Letters
Website
rydian.net
XP
9,111
Country
United States
Well the ARM11 is supposed to support an execute-disable function which attempts to eliminate overflow exploits, and there's newer concepts such as ASLR that make it so even if a direct overflow happens you end up with garbage code...

But we don't know if the 3DS has those (Nintendo is cheap, after all) or if they're implemented properly or anything.

Vague guesses are all I can give, and they don't really contribute anything, which is why I'm mostly silent in some topics.
 

walk12288

Member
Newcomer
Joined
May 10, 2011
Messages
5
Trophies
0
XP
4
Country
United States
Rydian said:
Well the ARM11 is supposed to support an execute-disable function which attempts to eliminate overflow exploits, and there's newer concepts such as ASLR that make it so even if a direct overflow happens you end up with garbage code...

But we don't know if the 3DS has those (Nintendo is cheap, after all) or if they're implemented properly or anything.

Vague guesses are all I can give, and they don't really contribute anything, which is why I'm mostly silent in some topics.

Exactly, because it's becoming more popular (and Nintendo was bragging about security), I wouldn't really be surprised if they have protection against buffer overflows. There are still ways to exploit them even then, but the chances of doing that are rare. I still think that we'll see a flashcart running in 3DS mode long before we see an exploit. Why? Just look at the original xbox's flaws. Two of the problems Microsoft had was their system security was completely compromised with one exploit, and they didn't isolate hacker groups. What do I mean? Just look at the Xbox 360 for example. In order for Linux to run on the system, unsigned code must be allowed to run. Allowing that allows piracy, xbox live hacks, changing of ID numbers, emulators, etc. Basically, the entire system is open. They had a few exploits with this, but they were quickly patched. With that said, the dvd drive on the Xbox 360 has been hacked since shortly after the launch release of the Xbox 360. Even though piracy is allowed, the entire system wasn't compromised due to this.

With that being said, a flashcart will most likely be the easiest solution for most people. By isolating the pirates from hardcore reverse engineers and linux gurus, you cut the number of people working towards a solution down. Nothing I said hasn't already been stated, but it seems like many people here still think that buffer overflows are just a crash in a game that allows people to run whatever code they want. It's not that simple, and we still need to determine if we can even use them on this system.
 

games2007

Well-Known Member
Member
Joined
Nov 28, 2008
Messages
263
Trophies
0
XP
197
Country
United States
snikerz said:
Sounds like a good idea!

As the ARM11 core used in the 3DS is a 32 Bit CPU, you'll need more than 2147483647 hearts to cause an integer overflow. Keep grabbin'!

Haha, I'd do it to get some homebrew running, if that would actually work.
 

Quincy

Your own personal guitarist :3
Member
Joined
Nov 13, 2008
Messages
1,602
Trophies
1
Age
29
Location
Your house
Website
youtek.net
XP
1,212
Country
Netherlands
walk12288 said:
totalnoob617 said:
great post explaining about heap and stack overflows , i was about to bring that up but was beaten to it by someone more knowledgeable,
so was the wii exploit a stack smash or was it a heap overflow that was called a stack smash
i forget if it was or if i am thinking of the ps3 jailbreak ,which is either a heap or stack overflow, i think they are both heap overflows that are misnomers being called stack smash attacks
i remember reading about this but it was awhile ago
i know the ps3 jailbreak dongles work by emulating a usb hub that emulates devices being plugged in and out really fast on different ports in a specific sequence to overflow the heap i think

Yea, the exploit on the PS3 was a heap overflow. I didn't follow the Wii hacking scene. I can't honestly tell you what the exploit was unless I went back and read on it. Later in the thread they mention naming your horse was exploited. That would most likely be a stack overflow.


Ron457x2 said:
machomuu said:
Ron457x2 said:
pachura said:
n00bz think game crashing or freezing is buffer overflow. Pathetic.
Thats what I thought.
unsure.gif


Wait...You were serious!? I thought you were joking when you put that video up.

But aren't most exploits game crashes(or so they seem)? Yes I know it will run on unassigned coding,
but I thought they were the same thing or similar, breaking the game is one, implementing a code is another.

In order for a buffer overflow to work, the game's memory must be 'corrupted' in a sense. You are writing to an area in the memory where you aren't allowed to. This halts normal runtime code. With enough work/luck you can inject your code in place of the game's normal code. Because of this, the game will freeze/crash...

QUOTE(zanfire @ Jun 30 2011, 02:07 PM)
i remember in twilight princess, th ehack for will was the overflow with naming Epona (right?). Its been a while, but cant you name it in here too? jw if anyone tried that one out yet.

(guessing someone thought that one through a while ago, but cant hurt to ask)

As I stated in my post back on page 1, string exploits require that the developer not include validation of the value. If the exploit was already found, then validation would have been coded into this version...


QUOTE(urisma @ Jul 1 2011, 10:16PM)
I know you didn't point that question at me, but I have the knowledge to answer it. It's definitely possible to do a buffer overflow exploit. The vulnerabilities exist in pretty much all types of software regardless of of the system, be it a game console, PC, embedded something, etc. The only problem is A) figuring out whether or not it's exploitable. Very few of them actually give the ability to run unsigned code and it's also impossible to figure out whether or not it's impossible without looking at the code (for the most part at least). Perhaps a proof of concept can be brewed up with a huge NOP sled and insane luck, but that's far far away from running your own programs. B) if it is exploitable, making the exploit. You'll have to read through disassemblies galore looking for how exactly to implement the exploit, since they are completely non portable. A completely unique exploit has to be made for every overflow.

Someone else didn't read my post on the first page > : D! It's only possible to perform a buffer overflow exploit if there is no hardware based protection (read this: https://lirias.kuleuven.be/bitstream/123456...77/1/paper.pdf). On top of that, if you are exploiting a string, the developer must miss a validation. The reason I've kept with stack overflows for right now is that heap overflows are insanely difficult to pull off. You need a good knowledge of the memory and coding for the system you are working on.
This! I can confirm this as per example I've been messing with SSFIV and succesfully created an overflow. I've edited the name and got a black screen. Where changing something in a bitfield gives an "YOUR SAVE IS CORRUPTED WE WILL NOW DELETE YOUR SAVEFILE YOUR HARD WORK HAS BEEN FOR NOTHING" message. This giving the conclusion: That particular sting is not verified.
 

ninditsu

Well-Known Member
Member
Joined
May 17, 2009
Messages
165
Trophies
0
XP
191
Country
United States
thanks to walk12288 probably others, but i didn't read many of the names of the posters
I learned so much about hacking going through all 5 pages of this thread.
now i can peacefully leave you guys alone. as i wait for the exploit.

^
 

urisma

Active Member
Newcomer
Joined
Jun 28, 2011
Messages
26
Trophies
0
XP
55
Country
United States
Quincy said:
This! I can confirm this as per example I've been messing with SSFIV and succesfully created an overflow. I've edited the name and got a black screen. Where changing something in a bitfield gives an "YOUR SAVE IS CORRUPTED WE WILL NOW DELETE YOUR SAVEFILE YOUR HARD WORK HAS BEEN FOR NOTHING" message. This giving the conclusion: That particular sting is not verified.

Or it is verified and the default action is to halt and catch fire.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Communism lol
  • SylverReZ @ SylverReZ:
    OUR products
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    +2
  • BakerMan @ BakerMan:
    @LeoTCK is your partner the sascrotch or smth?
  • Xdqwerty @ Xdqwerty:
    Good morning
  • Xdqwerty @ Xdqwerty:
    Out of nowhere I got several scars on my forearm and part of my arm and it really itches.
  • AdRoz78 @ AdRoz78:
    Hey, I bought a modchip today and it says "New 2040plus" in the top left corner. Is this a legit chip or was I scammed?
  • Veho @ Veho:
    @AdRoz78 start a thread and post a photo of the chip.
    +2
  • Xdqwerty @ Xdqwerty:
    Yawn
  • S @ salazarcosplay:
    and good morning everyone
    +1
  • K3Nv2 @ K3Nv2:
    @BakerMan, his partner is Luke
  • Sicklyboy @ Sicklyboy:
    Sup nerds
    +1
  • Flame @ Flame:
    oh hi, Sickly
  • K3Nv2 @ K3Nv2:
    Oh hi flame
  • S @ salazarcosplay:
    @K3Nv2 what was your ps4 situation
  • S @ salazarcosplay:
    did you always have a ps4 you never updated
  • S @ salazarcosplay:
    or were you able to get new ps4 tracking it \
    as soon as the hack was announced
  • S @ salazarcosplay:
    or did you have to find a used one with the lower firm ware that was not updated
  • K3Nv2 @ K3Nv2:
    I got this ps4 at launch and never updated since 9.0
  • K3Nv2 @ K3Nv2:
    You got a good chance of buying a used one and asking the seller how often they used or even ask for a picteof not updating just tell them don't update
    K3Nv2 @ K3Nv2: You got a good chance of buying a used one and asking the seller how often they used or even ask...