Pokémon Colosseum/XD buffer overflow exploit

Game Hacks, Trainers, Cheats

Moderator: Ralf@gc-forever

Post Reply
TuxSH
Posts: 1
Joined: Thu Oct 29, 2015 12:30 pm

Pokémon Colosseum/XD buffer overflow exploit

Post by TuxSH » Thu Oct 29, 2015 12:35 pm

Spoiler
Show
Image
Full details here

I made a tool exploiting this vulnerability : http://www.mediafire.com/download/10...s/pkmgchax.zip (all NTSC-U/PAL versions supported, tested on PAL; I'm lacking the address of in-battle Pokémon for Japanese versions).

You need to copy your save file under the name "save.gci", and the code you want to be executed upon entering a Pokémon battle (NOTE: its location in RAM may is only known at runtime) under the name "payload.bin", in the same folder as the executable.

By the way, could somebody write a proper payload ?
Ichiyanagi2
Posts: 103
Joined: Wed Jun 18, 2014 12:09 am

Re: Pokémon Colosseum/XD buffer overflow exploit

Post by Ichiyanagi2 » Fri Oct 30, 2015 2:03 am

In detail, what exactly does the Buffer Overflow do? Does it allow codes, absurdly long names, or what?
Master_E
Posts: 4
Joined: Fri Oct 30, 2015 2:25 am

Re: Pokémon Colosseum/XD buffer overflow exploit

Post by Master_E » Fri Oct 30, 2015 2:30 am

Ichiyanagi2 wrote:In detail, what exactly does the Buffer Overflow do?
Man, what doesn't it allow?

Things like Underflows/Overflows open an opportunity for "arbitrary code execution", in which you give a program instructions inside that exploit to execute. Which is pretty much adding data into the free spaces of the RAM for all sorts of shenanigans to happen. A favorite of virus makers and hackers, in games it allows you to pretty much use RAM to write programs or affect/access assets of the game down to an assembly level. Look it up on YouTube for examples on how it can be used in video games. People have written entire games inside other games with enough free space.
Ichiyanagi2
Posts: 103
Joined: Wed Jun 18, 2014 12:09 am

Re: Pokémon Colosseum/XD buffer overflow exploit

Post by Ichiyanagi2 » Fri Oct 30, 2015 4:33 am

So, basically it's like a debug menu? From the image I'm seeing, I'm gathering this doesn't work on Gecko OS Mod.
User avatar
Streetwalker
Posts: 1736
Joined: Mon Dec 30, 2013 7:50 am
Location: Israel

Re: Pokémon Colosseum/XD buffer overflow exploit

Post by Streetwalker » Fri Oct 30, 2015 5:12 am

Interesting, thanks for sharing.
tueidj
Posts: 564
Joined: Fri May 03, 2013 6:57 am

Re: Pokémon Colosseum/XD buffer overflow exploit

Post by tueidj » Fri Oct 30, 2015 5:49 am

It's not a debug menu, it's like the wii savegame exploits (twilight hack, bathaxx, smashstack etc.) that let you run homebrew programs. Someone just needs to make an elf loader payload.
aenoch
Posts: 10
Joined: Sat Nov 21, 2015 4:19 pm

Re: Pokémon Colosseum/XD buffer overflow exploit

Post by aenoch » Sat Nov 21, 2015 4:40 pm

could this mean a gamecube softmod kinda thing?
User avatar
emu_kidid
Site Admin
Posts: 4496
Joined: Mon Mar 29, 2010 10:06 am
Location: Australia
Contact:

Re: Pokémon Colosseum/XD buffer overflow exploit

Post by emu_kidid » Sun Nov 22, 2015 10:21 pm

aenoch, there's already a few GameCube games capable of this, a recent one being Smash Bros. Melee... check: viewtopic.php?f=38&t=3023
Image
Post Reply