Results 1 to 7 of 7

Thread: Twilight Princess, Bannerbomb, Indiana Pwns, etc. How?

  1. #1
    Junior Member
    Join Date
    May 2009
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Twilight Princess, Bannerbomb, Indiana Pwns, etc. How?

    I'm still trying to understand how the guys responsible for finding these exploits discover them in the first place. There are some pretty specific processes with each, and it seems, at least to me, like it is a needle in a haystack to know where to look.

    Is there a method to the madness? Just a curiosity I've had for a while.

    Thanks!

  2. #2
    Senior Member
    WiiHacks Staff
    Senior Moderator
    Only site donators may send a PM to WiiHacks Staff
    oddgriffin's Avatar
    Join Date
    Nov 2009
    Location
    New Franklin, Ohio. USA
    Posts
    10,193
    Thanks
    2,206
    Thanked 2,579 Times in 2,012 Posts
    Blog Entries
    2
    It is more likely that some former wii employees or programers had a hand in making use of the major exploits. There are some very bright minds in the hacking world, but alot of things get leaked to the public all the time.

  3. #3
    Junior Member
    Join Date
    May 2009
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I suspect they're inside jobs, but I didn't know if there was a legitimate source of finding buffer overflows inside a closed binary like these. It seems these are almost too specific; as though someone knew from the start.

    But that's just the conspiracy theorist in me talking. And to those that know or found them: Thanks!

  4. #4
    New Member Sinyk's Avatar
    Join Date
    Oct 2009
    Posts
    505
    Thanks
    45
    Thanked 389 Times in 95 Posts
    i figure someone decided they wanted to see if they could rename their horse, managed to get the save file onto an sd card, took a stab at it, put it back in, it bombed to a command prompt, then told the online community about it, then someone saw a use for it, did that and found out how to load custom software on to it. It snowballs from there.


    I don't think they were inside jobs, just someone who found something out and someone else who saw a potential IN.
    4.2U || BootMii beta 4 (boot2) || DVDx v2 || HBC 1.0.8 || cIOS 38 r17 || WiiFlow R254-249 Carbonik || Triiforce MRC SS || MPlayer CE 0.76 || WiiRadio 0.4
    Patriot 16GB SDHC Class 6 || 500GB Seagate 7200.10 in NexStar CX eSATA

    Triiforce MRC User Guide - How to Load Wii Ware from a USB Drive or SD Card

    Stomp_442's guide: How to install Hermes cIOS 202, 222, 223 and 224

    If you want to say thanks, say it with the Thanks button below!

  5. #5
    Junior Member
    Join Date
    May 2009
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I can see that in that particular instance. Still curious about the level editor in SSB, and Indiana... that's the one that raises my eyebrows. And I have to wonder if the vendor would patch that bug and re-release the disc.

    I'm just curious to go hunting with the games I have. Wanted to try to find a place to start. =)

  6. #6
    New Member Sinyk's Avatar
    Join Date
    Oct 2009
    Posts
    505
    Thanks
    45
    Thanked 389 Times in 95 Posts
    I think with SSBB, someone realized that, after seeing how you could bomb zelda, that there may be more ways to do it. They probably saw that since you could save and load custom maps from an sd card, that there may be a way to load something else at the same time, disguised as a map. So they created a file that would bomb the game, just like how zelda bombed. Seems pretty straightforward.

    I don't know how indiana pwns works, but I could speculate that there is logical reasoning behind how someone discovered the exploit.

    Also, developers do patch the games and re-release them. From what I know, if you go and buy a brand new twilight princess, you will not be able to do the twilight hack with it. Only older TP's were vulnerable.
    4.2U || BootMii beta 4 (boot2) || DVDx v2 || HBC 1.0.8 || cIOS 38 r17 || WiiFlow R254-249 Carbonik || Triiforce MRC SS || MPlayer CE 0.76 || WiiRadio 0.4
    Patriot 16GB SDHC Class 6 || 500GB Seagate 7200.10 in NexStar CX eSATA

    Triiforce MRC User Guide - How to Load Wii Ware from a USB Drive or SD Card

    Stomp_442's guide: How to install Hermes cIOS 202, 222, 223 and 224

    If you want to say thanks, say it with the Thanks button below!

  7. #7
    New Member
    Join Date
    Dec 2009
    Location
    Norway
    Posts
    21
    Thanks
    0
    Thanked 4 Times in 4 Posts
    Are there any other console that's been exploitable by buffer overflows then?
    Even though an exploit like that seems unlikely to happen by chance, it's still possible. As griffin said, there are some really bright minds around. Probably more likely than some inside-job, unless it was some angry ex-employee at nintendo with the information about the whole buffer overflow and what that can lead to. And even if it was some ex-nintendo programmer, i highly doubt that they explored it and what it could lead to. Much rather just trying to fix it and fail. Or maybe it isn't fixable at all?

    IF they were aware of it, why didnt they patch that loophole up? Like.. "Hey guys, look at this.. There is a buffer overflow that potentially can open up the whole wii security measures, but lets not patch it up. Lets see if they can find it for themselves and exploit it as they wish."

    .. This is why can't see the logic in conspiracy theories. :P

    If there is something to do with nintendo, it's most likely a unfixable loophole (or fixable but will require alot of changes in the rest of the wii) so that nintendo were just praying that someone wouldn't figure out.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •