Wii exploit idea! (Involving SSBB)

I started working on a tool to create fake Smash Bros Screenshots. But don't expect anything too soon, because I have a busy week ahead.

I am also starting to read myself into the JPEG standard.
Does somebody know some detailed descriptions about some earlier JPEG exploits, for example the Windows GDI+ exploit?


Somebody should try to exploit the stage editor, please.
As most of you may know, there is a SSBB stage editor for windows, which would be a good place to start.

Cool man...I'll see if i can cough up some more JPG exploit info....i also have to look into that stage editor for Windows

So, yes.

Pretty much, you guys are going to have to do a stack smash, and here's how it would work:

1) Mess around with the Smash image until Brawl crashes. Messing around with the source image won't work.
2) Figure out why it crashed and what it did. If you managed to a) get it to execute the stack or b) pull off a stack smash, you can do stuff.
3) Write an assembly program that fits into your template.



Edited 1 time(s). Last edit at 05/08/2009 01:01PM by WikiFSX.

Actually, if you can just crash the Wii there are coders out there who will do the rest of the work to get the exploit to load and run unsigned code after the crash.

I need to pick my friend's disc of SSBB.
I want to crash my Wii with weirdo images =P

Cool ill mess around aswell (since it was my idea :P) Cool looks like this idea is-a-go!

I know this is different but do you think the exploit might work on MKWii (Mario Kart Wii)

And may be it might load the homebrew installer by time trials.

You know, there are many possibilities, there just has to be a will (and a way helps too).

Quote
Tommywishes
I know this is different but do you think the exploit might work on MKWii (Mario Kart Wii)

And may be it might load the homebrew installer by time trials.

^Could you evaluate?



P.S. Also please share if u made any progress with the idea!



Edited 1 time(s). Last edit at 05/10/2009 04:34AM by lettman8520.

A description of the TIFF format:
[en.wikipedia.org]

A description of the JPEG format:
[en.wikipedia.org]

A description of buffer overflow exploits:
[en.wikipedia.org]


Now I know there has been exploits in the LibJPEG used for loading jpeg's in some programs, Excel comes to mind.
So the thing you will have to do is to maybe finding out how those exploits was done.
TIFF is very different that JPEG in structure so a TIFF exploit wont automaticly work with JPEG.
The thing to try is to corrupt the JPEG's header info about size etc.

Im not able do test any of this myself cuz im not that good a programmer ;)
Hope the info helps!

OMG Look

[www.youtube.com]

^This one uses stage builder :)

Thanks for the link though.



Now we have an exploit in the wild, that we do not need right now, and Nintendo might try to close both (Bannerbomb and SSBB Stack) at once.



Edited 1 time(s). Last edit at 06/05/2009 07:01AM by daniel_c_w.

I'd like to know how they could patch StackSmash :P

yes this one's gonna be hard to patch...

I was pretty sure the groups that were hacking Smash Bros. Brawl used TGAs...

AFAIK, it's impossible for Nintendo to patch it unless they start releasing new discs of super smash brothers brawl that patches the bug.

SD cards are accessed via IOS.
add a simple special file sanity check to the IOS, voila.

Or is IOS' SD access only in the raw form and Smash Bros. has the filesystem code?

I'm assuming the latter in some sense, because only Brawl opens files made by the level editor. In other words, it at least has to have some unique coding for all of the different things it loads.

Quote
Arikado
In other words, it at least has to have some unique coding for all of the different things it loads.

Yes, but that is besides the point. Handling the files content can of course only be done by software, that knows how to handle it.

I don't see any reason, why an IOS should not be able to check Brawl related files for sanity.

Or Nintendo could of course patch Brawl on the fly, like GeckoOS does.



Edited 1 time(s). Last edit at 06/08/2009 07:56AM by daniel_c_w.

I just find it hard to believe (but not impossible) that they would put sanity checks in IOS just for brawls custom levels. But I guess only time will tell...