Hacking Suggestion Possible exploit? WiiU>Switch

A

aSpookyNinja

Active Member
Newcomer
Level 1
Joined
Sep 26, 2017
Messages
27
Trophies
0
Age
33
XP
61
Country
United States
It's a possibility, since the exploit causes a crash. The chance of that possibility actually being able to be used for leading to ACE is slim. It's more than likely just failing sanity checks, and thus preventing further reading of the file. As @linuxares said, there's protection against overflows, but it's not just a one-size-fits-all protection.
 
The Real Jdbye

The Real Jdbye

*is birb*
Member
Level 23
Joined
Mar 17, 2010
Messages
23,256
Trophies
4
Location
Space
XP
13,813
Country
Norway
It's plausible. Anyone saying "that's not how this works" obviously don't know how past exploits were discovered. It usually starts with just a crash, from there you have to debug to figure out exactly why it crashed, and try to manipulate the crash in a controllable manner.
The last part is the key. If the crash can't be manipulated in a controllable manner then it's not exploitable. There also has to be some way to get the data you need for the exploit into memory (that would be the actual "code" you want to execute)

So while this is far from an exploit, it's the first step to one. It's a good thing that people post things like this, it gives hackers an idea of where to look for exploits, even if it might turn out to be nothing.
 
  • Like
Reactions: AboodXD, TheTrueDream42, DarthDub and 3 others
tunip3

tunip3

[debugger active]
Banned
Level 9
Joined
Oct 31, 2016
Messages
1,675
Trophies
0
XP
1,661
Country
United Kingdom
The Real Jdbye said:
It's plausible. Anyone saying "that's not how this works" obviously don't know how past exploits were discovered. It usually starts with just a crash, from there you have to debug to figure out exactly why it crashed, and try to manipulate the crash in a controllable manner.
The last part is the key. If the crash can't be manipulated in a controllable manner then it's not exploitable. There also has to be some way to get the data you need for the exploit into memory (that would be the actual "code" you want to execute)

So while this is far from an exploit, it's the first step to one. It's a good thing that people post things like this, it gives hackers an idea of where to look for exploits, even if it might turn out to be nothing.
Click to expand...
there may be something related to sign posts and unsupported charecters and corrupted text
 
Kioku

Kioku

猫。子猫です!
Member
Level 25
Joined
Jun 24, 2007
Messages
12,003
Trophies
3
Location
In the Murderbox!
Website
www.twitch.tv
XP
16,127
Country
United States
The Real Jdbye said:
It's plausible. Anyone saying "that's not how this works" obviously don't know how past exploits were discovered. It usually starts with just a crash, from there you have to debug to figure out exactly why it crashed, and try to manipulate the crash in a controllable manner.
The last part is the key. If the crash can't be manipulated in a controllable manner then it's not exploitable. There also has to be some way to get the data you need for the exploit into memory (that would be the actual "code" you want to execute)

So while this is far from an exploit, it's the first step to one. It's a good thing that people post things like this, it gives hackers an idea of where to look for exploits, even if it might turn out to be nothing.
Click to expand...
Yes, and it's been noted before.. A crash doesn't mean exploit.
 
S

Shajk00

Well-Known Member
Newcomer
Level 4
Joined
Mar 30, 2016
Messages
47
Trophies
0
Age
26
XP
387
Country
Italy
Memoir said:
Yes, and it's been noted before.. A crash doesn't mean exploit.
Click to expand...

Of course no, how is a wiiu hacked map supposed to ever be an exploit ? No one is saying for sure this can lead to something concrete, but at least it's worth a try by the devs, anyone saying it's just a waste of time is an annoying arrogant saccent that is willing to let this chance get lost just to show to the world his/her pseudo knowledge. Who knows if these maps, modified in a way they can be read by switch, can someway open a crack in the switch scene..
 
  • Like
Reactions: TotalInsanity4
adrifcastr

adrifcastr

Well-Known Member
Member
Level 10
Joined
Sep 12, 2016
Messages
2,038
Trophies
0
XP
1,947
Country
Germany
Shajk00 said:
Of course no, how is a wiiu hacked map supposed to ever be an exploit ? No one is saying for sure this can lead to something concrete, but at least it's worth a try by the devs, anyone saying it's just a waste of time is an annoying arrogant saccent that is willing to let this chance get lost just to show to the world his/her pseudo knowledge. Who knows if these maps, modified in a way they can be read by switch, can someway open a crack in the switch scene..
Click to expand...
The only way to achieve arbitrary rw in that way is causing a buffer overlow and using it to execute JOP/ROP chains which will execute our code, which is unlikely because of buffer overflow protection namely ASLR. Also modifying minecraft maps to cause a buffer overlow is even if there was the opportunity to, not possible without a way to bypass the ASLR at first.

You guys will probably get more webkit sploits and maybe a gallery sploit. Just wait for the 34c3.
 
Last edited by adrifcastr,
Kioku

Kioku

猫。子猫です!
Member
Level 25
Joined
Jun 24, 2007
Messages
12,003
Trophies
3
Location
In the Murderbox!
Website
www.twitch.tv
XP
16,127
Country
United States
Shajk00 said:
Of course no, how is a wiiu hacked map supposed to ever be an exploit ? No one is saying for sure this can lead to something concrete, but at least it's worth a try by the devs, anyone saying it's just a waste of time is an annoying arrogant saccent that is willing to let this chance get lost just to show to the world his/her pseudo knowledge. Who knows if these maps, modified in a way they can be read by switch, can someway open a crack in the switch scene..
Click to expand...
I'm not saying it's not. I'm saying that people shouldn't get hyped over what may never be.
 
HamBone41801

HamBone41801

Vipera’s Alt
Member
Level 6
Joined
Jan 16, 2017
Messages
1,083
Trophies
0
Age
23
XP
974
Country
United States
The Real Jdbye said:
It's plausible. Anyone saying "that's not how this works" obviously don't know how past exploits were discovered. It usually starts with just a crash, from there you have to debug to figure out exactly why it crashed, and try to manipulate the crash in a controllable manner.
The last part is the key. If the crash can't be manipulated in a controllable manner then it's not exploitable. There also has to be some way to get the data you need for the exploit into memory (that would be the actual "code" you want to execute)

So while this is far from an exploit, it's the first step to one. It's a good thing that people post things like this, it gives hackers an idea of where to look for exploits, even if it might turn out to be nothing.
Click to expand...
correct me if I am wrong, but buffer overflow issues were already discovered on the switch, correct? or was that the wii u?
 
bowser

bowser

Mwa ha ha ha!
Member
Level 11
Joined
Sep 1, 2008
Messages
2,377
Trophies
1
Age
37
Location
GBAtemp ↑↑↓↓← → ← →BA
XP
2,589
Country
India
adrifcastr said:
all he did was crashing the game because it can't read the file. that's it. oh and by the way, calling someone an asshole is being one yourself, since randomely insulting probably is not going to solve your agression problems.
Click to expand...

You're right. Sorry I insulted you. But the gist of your posts came across as "I know all about hacking and you don't. Go and read about hacking and come back and prove this is an exploit". OP probably doesn't have that kind of expertise. You can just politely say why it won't work. Using words like "nonsense" isn't polite.
 
D

Deleted User

Guest
Steps to crash minecraft (no exploit/hacking needed):
1. Make iron farm
2. Get 1m iron
3. Make a lot of rails and even more minecart
4.put minecarts on rails and make them move
5. Crash happening in 3...2..
 
  • Like
Reactions: TheTrueDream42
SciresM

SciresM

Developer
Developer
Level 19
Joined
Mar 21, 2014
Messages
973
Trophies
3
Age
33
XP
8,292
Country
United States
Savegame exploits on switch are extremely unlikely to ever materialize, because of ASLR being enabled on the system.

In order to create an exploit, you need two exploitable bugs in one game -- an information leak, and a memory/control flow corruption of some kind. While save files are likely to have the second, there is very little interactive about loading them, and the first would be extremely difficult to ever see in a game (it basically requires some kind of scripting engine be in place with controllable input...in the web browser, javascript + information leak bugs serve this purpose).

Even if your crash is exploitable on Wii U I would give a ~0% chance it's exploitable on the Switch.
 
  • Like
Reactions: TheMCNerd2017, Selver, DarthDub and 7 others
YamiZee

YamiZee

Well-Known Member
Member
Level 8
Joined
Aug 18, 2013
Messages
264
Trophies
0
Age
28
XP
1,310
Country
Finland
adrifcastr said:
There is a big difference about a game crashing because of being unable to read a file, and a game crashing because of a buffer overflow.
Click to expand...
I know this, but a buffer overflow isn't a concept everyone is aware of, even though it is a very common phrase thrown around. People don't know the technicalities. They just take in information and observe patterns like crashes and exploits and make faulty conclusions. It's not stupidity, it's just not having the information. And yes people without much information could shut up, but people want to be helpful so it's in their nature to inquire about something like this. There are much worse people out there with much worse questions. At least the guy gets to learn a bit about the nature of exploits.
 
D

Deleted User

Guest
linuxares said:
The Switch is protected against buffer overflows, so it's not that easy.
Click to expand...
How does that work?

And if that's true how does the webkit exploit work? Is it not a buffer overflow? I mean, it's possible that this isn't a buffer overflow either.
 
adrifcastr

adrifcastr

Well-Known Member
Member
Level 10
Joined
Sep 12, 2016
Messages
2,038
Trophies
0
XP
1,947
Country
Germany
parrotgeek1 said:
How does that work?

And if that's true how does the webkit exploit work? Is it not a buffer overflow? I mean, it's possible that this isn't a buffer overflow either.
Click to expand...
adress space layout randomization, aslr for short it randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries , which makes it impossible to execute a ROP chain tbrough a buffer overflow. ASLR is also used by the 3DS OS. but smea is smea, and smea has bypasses.

--------------------- MERGED ---------------------------

SciresM said:
Savegame exploits on switch are extremely unlikely to ever materialize, because of ASLR being enabled on the system.

In order to create an exploit, you need two exploitable bugs in one game -- an information leak, and a memory/control flow corruption of some kind. While save files are likely to have the second, there is very little interactive about loading them, and the first would be extremely difficult to ever see in a game (it basically requires some kind of scripting engine be in place with controllable input...in the web browser, javascript + information leak bugs serve this purpose).

Even if your crash is exploitable on Wii U I would give a ~0% chance it's exploitable on the Switch.
Click to expand...
And thanks for finally someone well known in the hacking scene saying the almost exact same thing as I did. Thank you.
 
  • Like
Reactions: satan89
Kioku

Kioku

猫。子猫です!
Member
Level 25
Joined
Jun 24, 2007
Messages
12,003
Trophies
3
Location
In the Murderbox!
Website
www.twitch.tv
XP
16,127
Country
United States
adrifcastr said:
adress space layout randomization, aslr for short it randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries , which makes it impossible to execute a ROP chain tbrough a buffer overflow. ASLR is also used by the 3DS OS. but smea is smea, and smea has bypasses.

--------------------- MERGED ---------------------------


And thanks for finally someone well known in the hacking scene saying the almost exact same thing as I did. Thank you.
Click to expand...
That wasn't smug... Not at all...
 
SjorsMaster

SjorsMaster

Ayy
OP
Member
Level 4
Joined
Aug 26, 2015
Messages
176
Trophies
0
Age
25
Location
Enkhuizen, North-Holland.
Website
www.sjors.eu
XP
399
Country
Netherlands
Thanks y'all who took my question seriously instead of just hammering it into the ground.

I thought it would be possible because there have been exploits before via save files, so I felt like it was worth sharing,
Even if it turns out to be nothing. I learned a bit more about it.

So thanks for taking the time to read it, and for defending/supporting my idea.
I apprentice it.

Cheers!
 
  • Like
Reactions: Quantumcat, TheTrueDream42, TotalInsanity4 and 4 others

Site & Scene News

Go to forum More news

Popular threads in this forum

The MIG Switch Thread

Kingdom Come Deliverance Nswitch MOD

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: https://youtu.be/MddR6PTmGKg?si=mU2EO5hoE7XXSbSr