mailboxbomb icon indicating copy to clipboard operation
mailboxbomb copied to clipboard

Published 20 hours ago verified publisher icon giantpune

Porting to other System Menu Versions

Open Wi-i opened this issue 5 years ago • 1 comments

Hello,

Could you provide some insight on how to port jumpAddr, overwriteAddr, jumpTableAddr, and fileStructVersion to other System Menu versions? (I doubt it matters, but I am trying to do it for 2.2U).

Thanks

Wi-i avatar Jun 15 '19 15:06 Wi-i

Those first few addresses I got by debugging the system menu. I set breakpoint at the function that read the exploit into memory and saw where it was. If you don't have a USB gecko, you can probably use dolphin emulator for this. The file struct version you can figure out by any number of ways likeeither disassembling the system menu or setting a breakpoint on one of the functions that deals with their file struct. fileStructVersion is used in the loader which uses the system menu functions to know what offset to get the file size as it reads the dol/elf from the sd card. By the time you actually need to know fileStructVersion, your exploit is already running and you can draw text on the screen for debugging. You could just hexdump the file struct onto the screen and find the offset off your TV screen.

giantpune avatar Jun 15 '19 16:06 giantpune