Has anyone ever thought of making a picture that had some sorta exploit encoded in it so that when it was opened in the Photo Channel it would launch boot.elf or boot.dol?

I'm sure the idea has crossed one or two minds, but the jpeg format (which i believe to be the only format it can open, correct me if i'm wrong) is a pretty stable format. if it supported tiff images, maybe, but not jpegs. And i'm not sure if it is known what library they use to handle the jpegs, whether it is an open source one or a custom written one. If its open source, it would be easier to find an exploit, as you can look at the code and find bugs.

there has been a jpeg vulnerability recently so i assume it would be possible if the research was done

I think something like this was discussed some time before Bannerbomb was released...

Quote
gameboy13
I think something like this was discussed some time before Bannerbomb was released...

Yes, I remember something about this, I think....

The jpeg library used in homebrew apps has bugs mainly around meta information parsing stuff like exif data & such... You don't even need to malform the data :)

Same way, similar bugs may exist in the photo channel especially when this meta data is malformed. Though afaik nintendo can push updates on system channels... maybe not dunno...

Such exploits should be the easiest for nintendo to fix since there is less components of the system involved... thus not much value in creating them...

Better exploits are savegame exploits & game exploits not requiring savedata like ssbb smashstack exploit...

Quote
I.R.on
Same way, similar bugs may exist in the photo channel especially when this meta data is malformed. Though afaik nintendo can push updates on system channels... maybe not dunno...

Such exploits should be the easiest for nintendo to fix since there is less components of the system involved... thus not much value in creating them...

I believe they can only update the System Channels via a System Menu update or by offering it in Shop Channel. The later is easy to avoid, the former slightly harder (If you want new features of System Menu you must update.) I'm pretty sure they cant push an update without you agreeing to it, or knowing about it.

And it would probably be very easy to fix as they could probably just update the channel, without actually needing to update the System Menu as a whole.

I think I remember something about being able to play your own music in the background of the photo channel. Why not use the music file and somehow add code to that? Or is that not possible to add code to a music file?