Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using the memory card on an incorrect BIOS destroys the payload #5

Closed
socram8888 opened this issue Apr 11, 2021 · 3 comments
Closed

Comments

@socram8888
Copy link
Contributor

socram8888 commented Apr 11, 2021

I was trying to load tonyhax using the exploit on an emulator, but had the wrong BIOS accidentally loaded. This resulted in the exploit failing to load (which is totally benign), but also I ended up with the frame 0x3F overwritten as part of the write check, which destroyed the payload.

I see two ways of working around this issue:

  • Modify the script to load from 0x40 onwards only, which means the payload would be limited to 122880 bytes. Easiest solution to implement, and the one that implies simpler logic.
  • Modify the builder script to skip sector 0x3F, and loading script to do the same. We'd have 128768 bytes in total, but would complicate the loading and building procedure.

EDIT: This seems to also happen if using the correct BIOS:
imagen

tonyhax-scph9002.mcd.zip

@nicolasnoble
Copy link
Collaborator

Right, we might want to skip 0x3f and go at 0x40. In fact, on some memory cards, 0x3f doesn't actually exist, like on the mcpro.

@nicolasnoble
Copy link
Collaborator

So #6 moved the binary around frame 0x40, which I believe solves this one here?

@socram8888
Copy link
Contributor Author

I'm getting an even worse crash now. I don't even get to the start address of tonyhax (at 0x801FA100). I'm gonna investigate what the problem could be.

tonyhax-exe.zip

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants