great post explaining about heap and stack overflows , i was about to bring that up but was beaten to it by someone more knowledgeable,
so was the wii exploit a stack smash or was it a heap overflow that was called a stack smash
i forget if it was or if i am thinking of the ps3 jailbreak ,which is either a heap or stack overflow, i think they are both heap overflows that are misnomers being called stack smash attacks
i remember reading about this but it was awhile ago
i know the ps3 jailbreak dongles work by emulating a usb hub that emulates devices being plugged in and out really fast on different ports in a specific sequence to overflow the heap i think
Yea, the exploit on the PS3 was a heap overflow. I didn't follow the Wii hacking scene. I can't honestly tell you what the exploit was unless I went back and read on it. Later in the thread they mention naming your horse was exploited. That would most likely be a stack overflow.
Ron457x2 said:
machomuu said:
Ron457x2 said:
pachura said:
n00bz think game crashing or freezing is buffer overflow. Pathetic.
Thats what I thought.
Wait...You were serious!? I thought you were joking when you put that video up.
But aren't most exploits game crashes(or so they seem)? Yes I know it will run on unassigned coding,
but I thought they were the same thing or similar, breaking the game is one, implementing a code is another.
In order for a buffer overflow to work, the game's memory must be 'corrupted' in a sense. You are writing to an area in the memory where you aren't allowed to. This halts normal runtime code. With enough work/luck you can inject your code in place of the game's normal code. Because of this, the game will freeze/crash...
QUOTE(zanfire @ Jun 30 2011, 02:07 PM)
i remember in twilight princess, th ehack for will was the overflow with naming Epona (right?). Its been a while, but cant you name it in here too? jw if anyone tried that one out yet.
(guessing someone thought that one through a while ago, but cant hurt to ask)
As I stated in my post back on page 1, string exploits require that the developer not include validation of the value. If the exploit was already found, then validation would have been coded into this version...
QUOTE(urisma @ Jul 1 2011, 10:16PM)
I know you didn't point that question at me, but I have the knowledge to answer it. It's definitely possible to do a buffer overflow exploit. The vulnerabilities exist in pretty much all types of software regardless of of the system, be it a game console, PC, embedded something, etc. The only problem is A) figuring out whether or not it's exploitable. Very few of them actually give the ability to run unsigned code and it's also impossible to figure out whether or not it's impossible without looking at the code (for the most part at least). Perhaps a proof of concept can be brewed up with a huge NOP sled and insane luck, but that's far far away from running your own programs. B) if it is exploitable, making the exploit. You'll have to read through disassemblies galore looking for how exactly to implement the exploit, since they are completely non portable. A completely unique exploit has to be made for every overflow.