Pokémon Colosseum/XD buffer overflow exploit

[TuxSH]

Spoiler

Show

Full details here

I made a tool exploiting this vulnerability : http://www.mediafire.com/download/10...s/pkmgchax.zip (all NTSC-U/PAL versions supported, tested on PAL; I'm lacking the address of in-battle Pokémon for Japanese versions).

You need to copy your save file under the name "save.gci", and the code you want to be executed upon entering a Pokémon battle (NOTE: its location in RAM may is only known at runtime) under the name "payload.bin", in the same folder as the executable.

By the way, could somebody write a proper payload ?

[Ichiyanagi2]

In detail, what exactly does the Buffer Overflow do? Does it allow codes, absurdly long names, or what?

[Master_E]

In detail, what exactly does the Buffer Overflow do?

Man, what doesn't it allow?

Things like Underflows/Overflows open an opportunity for "arbitrary code execution", in which you give a program instructions inside that exploit to execute. Which is pretty much adding data into the free spaces of the RAM for all sorts of shenanigans to happen. A favorite of virus makers and hackers, in games it allows you to pretty much use RAM to write programs or affect/access assets of the game down to an assembly level. Look it up on YouTube for examples on how it can be used in video games. People have written entire games inside other games with enough free space.

[Ichiyanagi2]

So, basically it's like a debug menu? From the image I'm seeing, I'm gathering this doesn't work on Gecko OS Mod.

[novenary]

Interesting, thanks for sharing.

[tueidj]

It's not a debug menu, it's like the wii savegame exploits (twilight hack, bathaxx, smashstack etc.) that let you run homebrew programs. Someone just needs to make an elf loader payload.

[aenoch]

could this mean a gamecube softmod kinda thing?

[emu_kidid]

aenoch, there's already a few GameCube games capable of this, a recent one being Smash Bros. Melee... check: viewtopic.php?f=38&t=3023