ww-hack-gc icon indicating copy to clipboard operation
ww-hack-gc copied to clipboard

Published 20 hours ago verified publisher icon FIX94

Research about workings of the exploit

Open Hyrikan opened this issue 2 years ago • 0 comments

Hi FIX94, currently i am enrolled in a university course about security assessments and i plan to make a talk about different Gamecube exploits and the history behind Gamecube Homebrew. As i already used your exploit for my own Gamecube, i would love to speak about the inner workings of your Windwaker exploit. Right now i lack a lot of knowledge and i hoped you could help me a bit.

My current understanding of the exploit is, that in ww.c the custom boot.dol gets loaded into the aram memory and through the function return register, it gets started. But the real meat happens in start.S. start.S sets some bits in the machine state register but i don't know what the memory under label "0:" is for and how the start.S actually comes to being executed. I am also curious about the use of the crashpoint addresses.

Could you elaborate? I would very appreciate it! Best regards!

Hyrikan avatar Jun 27 '23 16:06 Hyrikan