gc-forever - Gamecube/Wii Forums

When I see all those exploits which load code at different stages it makes me wonder if it would be possible to execute them even earlier. There are games like Resident Evil 1 and 0 which both read the savegame right at the start (even before the intro screen shows up).

Are all those exploits based upon one fatal flaw found in all of them or is everyone of them very specific?

The ones so far exploit unchecked string vulnerabilities which happen when you don't terminate a string with NULL. If a savegame is loaded at the start AND it tries to immediately print the string then the exploit might trigger, otherwise it'll usually trigger when it attempts to print the string.

So that's probably the reason, why there is no exploit which overflows in the memory card menu of the original BIOS, isn't it?

emu_kidid wrote:The ones so far exploit unchecked string vulnerabilities which happen when you don't terminate a string with NULL. If a savegame is loaded at the start AND it tries to immediately print the string then the exploit might trigger, otherwise it'll usually trigger when it attempts to print the string.

I see. Yeah well, that kills the thought I had about Resident Evil 0 and 1. It just checks the memorycard to look for a savegame.
Thanks for the explanation, emu_kidid. I'll look out for games which do that.

andzlay wrote:So that's probably the reason, why there is no exploit which overflows in the memory card menu of the original BIOS, isn't it?

That would be the ultimate exploit.

The IPL has already been checked and there are apparently no vulnerabilities. It would have been done ages ago otherwise.
As far as the gamecube is concerned, arbitrary code execution = full control on the entirety of the console so there are no superior exploits besides how practical they are to use.

Would the IPL be exploitable you wouldn't need any kind of game to get into swiss (softmod wise). I would find that superior to the need to have and boot a game and wait until you are able to execute the exploit. Sad that there aren't any, but it seems that Nintendo invested some work into the IPL, huh?

off-topic:
that reminds me that the wii has issues with gamecube savegames which are missing the second line of description. You would see just random letters or if you looked at a different savegame before the exact same text this other savegame used. funny nintendo would fail to catch this

It's not that they took care in the IPL, they just kept it dead simple.

Too bad they didn't leave some backdoor in the boot sequence for themselves to load code like ps2 has.

I wonder if we could exploit the fact it makes you set certain settings when the clock battery is removed, it writes to sram then right?

SRAM is 64 bytes worth of flags, nothing really interesting.

The device they were less careful with is DVD discs but it's not like you can author those and even if you could why bother when you could make a bootable disc anyway

What if you have something else than a DVD drive attached to di though.

Streetwalker wrote:What if you have something else than a DVD drive attached to di though.

Then you can do whatever you want already anyway!