Hacking Exploiting the Switch with Ocarina of Time

O

OldGnashburg

Cobra Chicken Summoner
OP
Member
Level 12
Joined
Feb 6, 2017
Messages
501
Trophies
0
Location
Alberta, Canada
XP
2,944
Country
Canada
So here's a possibly dumb question, back in 2019 Arbitrary Code Execution was discovered in OoT, it was crude, required crazy controller shenanigans, but as more things were discovered, OoT is at the point where you can get Total Control with one instance of SRM which is basically a use after free bug. It's fully within the capabilities of OoT on the Wii and GameCube to sandbox escape and in the case of the GameCube, warp to the credits in Majora's Mask, and I'm the case of Wii, anything, including homebrewing the console, the only reason it hasn't been done is because it requires designing a rather larger payload and the only way to run something like that without being a TAS is removing the character limit on the file screen and using that to type in your payload. It's been theorized that you could also pull data from system information from the host console, for example in the Wii, pulling data from a Mii, or System Name or other stuff. Anyways long story short, what ACE in N64 games mean for Switch homebrew.
 
masagrator

masagrator

The patches guy
Developer
Level 22
Joined
Oct 14, 2018
Messages
6,307
Trophies
3
XP
12,103
Country
Poland
issue with your theorem is that Gamecube and Wii don't use or use fake ASLR (with predictable randomization). This was issue with all Nintendo consoles to 3DS and WiiU lineup included.
Switch is using full-fledged ASLR. Escaping sandbox is not possible without defeating ASLR unpredictability.
 
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,025
Trophies
2
Age
29
Location
New York City
XP
13,433
Country
United States
OldGnashburg said:
So here's a possibly dumb question, back in 2019 Arbitrary Code Execution was discovered in OoT, it was crude, required crazy controller shenanigans, but as more things were discovered, OoT is at the point where you can get Total Control with one instance of SRM which is basically a use after free bug. It's fully within the capabilities of OoT on the Wii and GameCube to sandbox escape and in the case of the GameCube, warp to the credits in Majora's Mask, and I'm the case of Wii, anything, including homebrewing the console, the only reason it hasn't been done is because it requires designing a rather larger payload and the only way to run something like that without being a TAS is removing the character limit on the file screen and using that to type in your payload. It's been theorized that you could also pull data from system information from the host console, for example in the Wii, pulling data from a Mii, or System Name or other stuff. Anyways long story short, what ACE in N64 games mean for Switch homebrew.
Click to expand...
Also, we don't have Ocarina of Time for the Switch...
 
Arilys

Arilys

Active Member
Newcomer
Level 2
Joined
Feb 3, 2018
Messages
40
Trophies
0
Age
30
XP
241
Country
Portugal
Draxzelex said:
Also, we don't have Ocarina of Time for the Switch...
Click to expand...
OP probably asked this because of the N64 games that Nintendo's gonna make available with the Online Expansion Pack, where OoT is included.

But yeah, wouldn't expect too much due to what masagrator mentioned.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Paper Mario TTYD 60fps patch?

Paper Mario Thousand Year Door got leaked

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Hacking Misc Tutorial  Eiyuden Chronicle Hundred Heroes save editing

Hacking  Weird findings from that DQ trilogy switch port

Help a noob with if I need to update CFW to 18.0 or not

Emulation Misc  Is a totk memory editor possible? If so why has no one made one yet?

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Hawaii played it smart and said we're too hot for this land