Help with KartHax? #2
Comments
|
I'll fork this if you can help. :) |
|
"Can you help? :)" Not interested in doing it myself... Just dump heap memory to determine this -> ("update the payload heap addr/etc") |
|
If you're not interested in doing it yourself, can you at least give me more instructions? What do I exactly need to change? Which file? Which part? How do I dump the heap memory? And how do I get the addresses if I dump the heap memory? Sorry for asking too much... 😊 I still think your help is needed. :P I don't need help with the rest as I can do the rest myself. ;) |
|
I'd really appreciate your help. I really think KartHax is worth working on, because it could be useful for people who don't have a DS game. (therefore can't use Haxchi) Also, do you think this will really work if ported correctly? (Since MK8 uses mvplayer.rpl) I tried running the exploit without edditing the heap addresses, it gave me a black screen with a nice beep sound. 😆 Is there a reason for it to not work the same as browserhax? (After porting...) Is there a place I could chat with you about this privately? |
|
Please remember why DS/N64 VC was targeted for contenthax: codegen(JIT). Obviously zero games should have it(haven't checked MK8 myself though). |
|
Welp. No other way? So, only Web Browser and DS/N64 VC have codegen, right? |
|
Some of the browser-based titles & those two VC platforms. "Welp. No other way?" <- Unless you really want to implement your own ROP, no. |
|
But I can still use the same entrypoint, right? Well, never mind then. I think I'll be getting a DS game soon. |
|
Of course. |
|
Re-write the exploit, or implement my own ROP? |
|
Latter. |
|
So basically, re-write this file? |
|
Oh, that's it? Hmm.... |
|
So, is that the function I need to re-write? Do I still need to change the heap addresses? |
|
Both. EDIT: Obviously it should be done under a different function though. |
|
This is going to be harder than what we (The people working on KartHax) are capable of doing. We'll be waiting for you or someone to help... |
|
I am not implementing kernelhax/{iosu-exploit} in PowerPC ROP. |
|
Kernel? I thought we were talking about userland... :P |
|
It's the only known way to get any code execution at all without codegen. |
|
Would this help in any way? It's ROP using IOSU. |
|
............ "PowerPC ROP" |
|
Oh, well then... |
KartHax is a hack to get code execution in MK8 using this exploit, since this game uses mvplayer.rpl, it can be exploited when entering the menu (A video gets loaded).
We can replace this video with the exploit mp4.
We can test using cafiine.
Permanent replacements will be made by using smea's iosuhax.
But, I have read your README and it says it may need porting.
("update the payload heap addr/etc")
Can you help? :)
The text was updated successfully, but these errors were encountered: