Exploit for games which load savegame at start

Discussion / Support for Softmods (SDML, AR, Game Hacks)
Post Reply
User avatar
Sierron
Posts: 157
Joined: Mon Apr 18, 2016 11:33 pm
Location: Germany

Exploit for games which load savegame at start

Post by Sierron » Sun Jun 12, 2016 12:35 am

When I see all those exploits which load code at different stages it makes me wonder if it would be possible to execute them even earlier. There are games like Resident Evil 1 and 0 which both read the savegame right at the start (even before the intro screen shows up).

Are all those exploits based upon one fatal flaw found in all of them or is everyone of them very specific?
Haha! I have two BBAs now :P | I also have HomeLand and PSO I&II
User avatar
emu_kidid
Site Admin
Posts: 4358
Joined: Mon Mar 29, 2010 10:06 am
Location: Australia
Contact:

Re: Exploit for games which load savegame at start

Post by emu_kidid » Sun Jun 12, 2016 6:52 am

The ones so far exploit unchecked string vulnerabilities which happen when you don't terminate a string with NULL. If a savegame is loaded at the start AND it tries to immediately print the string then the exploit might trigger, otherwise it'll usually trigger when it attempts to print the string.
Image
User avatar
andzlay
Posts: 432
Joined: Thu Jul 08, 2010 12:53 am
Location: Germany

Re: Exploit for games which load savegame at start

Post by andzlay » Sun Jun 12, 2016 12:22 pm

So that's probably the reason, why there is no exploit which overflows in the memory card menu of the original BIOS, isn't it?
User avatar
Sierron
Posts: 157
Joined: Mon Apr 18, 2016 11:33 pm
Location: Germany

Re: Exploit for games which load savegame at start

Post by Sierron » Sun Jun 12, 2016 5:20 pm

emu_kidid wrote:The ones so far exploit unchecked string vulnerabilities which happen when you don't terminate a string with NULL. If a savegame is loaded at the start AND it tries to immediately print the string then the exploit might trigger, otherwise it'll usually trigger when it attempts to print the string.
I see. Yeah well, that kills the thought I had about Resident Evil 0 and 1. It just checks the memorycard to look for a savegame.
Thanks for the explanation, emu_kidid. I'll look out for games which do that.
andzlay wrote:So that's probably the reason, why there is no exploit which overflows in the memory card menu of the original BIOS, isn't it?
That would be the ultimate exploit.
Haha! I have two BBAs now :P | I also have HomeLand and PSO I&II
User avatar
Streetwalker
Posts: 1624
Joined: Mon Dec 30, 2013 7:50 am
Location: Israel

Re: Exploit for games which load savegame at start

Post by Streetwalker » Sun Jun 12, 2016 9:44 pm

The IPL has already been checked and there are apparently no vulnerabilities. It would have been done ages ago otherwise.
As far as the gamecube is concerned, arbitrary code execution = full control on the entirety of the console so there are no superior exploits besides how practical they are to use.
User avatar
Sierron
Posts: 157
Joined: Mon Apr 18, 2016 11:33 pm
Location: Germany

Re: Exploit for games which load savegame at start

Post by Sierron » Sun Jun 12, 2016 10:14 pm

Would the IPL be exploitable you wouldn't need any kind of game to get into swiss (softmod wise). I would find that superior to the need to have and boot a game and wait until you are able to execute the exploit. Sad that there aren't any, but it seems that Nintendo invested some work into the IPL, huh?

off-topic:
that reminds me that the wii has issues with gamecube savegames which are missing the second line of description. You would see just random letters or if you looked at a different savegame before the exact same text this other savegame used. funny nintendo would fail to catch this
Haha! I have two BBAs now :P | I also have HomeLand and PSO I&II
User avatar
emu_kidid
Site Admin
Posts: 4358
Joined: Mon Mar 29, 2010 10:06 am
Location: Australia
Contact:

Re: Exploit for games which load savegame at start

Post by emu_kidid » Sun Jun 12, 2016 11:49 pm

It's not that they took care in the IPL, they just kept it dead simple.

Too bad they didn't leave some backdoor in the boot sequence for themselves to load code like ps2 has.
Image
Slex989
Posts: 21
Joined: Sun Sep 03, 2017 9:04 pm

Re: Exploit for games which load savegame at start

Post by Slex989 » Sun Oct 01, 2017 12:10 am

I wonder if we could exploit the fact it makes you set certain settings when the clock battery is removed, it writes to sram then right?
User avatar
Streetwalker
Posts: 1624
Joined: Mon Dec 30, 2013 7:50 am
Location: Israel

Re: Exploit for games which load savegame at start

Post by Streetwalker » Sun Oct 01, 2017 4:34 am

SRAM is 64 bytes worth of flags, nothing really interesting.
User avatar
emu_kidid
Site Admin
Posts: 4358
Joined: Mon Mar 29, 2010 10:06 am
Location: Australia
Contact:

Re: Exploit for games which load savegame at start

Post by emu_kidid » Fri Oct 06, 2017 7:07 am

The device they were less careful with is DVD discs but it's not like you can author those and even if you could why bother when you could make a bootable disc anyway
Image
User avatar
Streetwalker
Posts: 1624
Joined: Mon Dec 30, 2013 7:50 am
Location: Israel

Re: Exploit for games which load savegame at start

Post by Streetwalker » Fri Oct 06, 2017 6:26 pm

What if you have something else than a DVD drive attached to di though.
User avatar
emu_kidid
Site Admin
Posts: 4358
Joined: Mon Mar 29, 2010 10:06 am
Location: Australia
Contact:

Re: Exploit for games which load savegame at start

Post by emu_kidid » Fri Oct 06, 2017 9:49 pm

Streetwalker wrote:What if you have something else than a DVD drive attached to di though.
Then you can do whatever you want already anyway!
Image
Post Reply