RACE Header RCE Protection [Seeky]
#1
RACE Header RCE Protection [Seeky]

This code will increase the space allocated for each of the split RACE packet buffers to the maximum size that could be memcpyed into them (0xff, since the length values in the packet header are 1 byte each), preventing the buffer overflow that was used in Star's RCE code. This code was actually made a few weeks before the release of taht code, as an attempt for an antifreeze originally, and turned out to be fixing the same exploit that was being used for his RCE.

WARNING: this code only fixes one specific overflow, it does not protect against the USER overflow and wouldn't protect against any other exploits if they were to be found. For protection against the current known exploits, you should pair this code with USER Overflow Fix or use RACE Packet Validation instead, which protects against both and can also act as an antifreeze (although it's a longer gecko code than the other two combined)

NTSC-U
08895AC4 000000FF
20070004 00000000

PAL
0889A194 000000FF
20070004 00000000

NTSC-J
088992F4 000000FF
20070004 00000000

NTSC-K
088885CC 000000FF
20070004 00000000

Code created by: Seeky
Code credits: Star (showing the exploit could be used for RCE), CLF78 (shortening the code to an 08)
Reply
#2
I've now had a chance to test this code myself and it does work, the ports are still untested though currently
Reply
#3
Just tested NTSC-U with Seeky and it seems to work.
Tongue
Reply
#4
Tested and working on NTSC-J and NTSC-K.
Reply
#5
Epic, thanks
Reply
#6
Leseratte said that people could still brick your Wii even if you have this code on. Is this 100% true?
Reply
#7
This code only protects against one exploit; if other exploits are found, then people could absolutely brick you yes
Reply
#8
Of course, but as of now there aren't any other RCE exploits. That's good to know. Let's just hope that MKWii doesn't have any more bugs as dangerous as this one lol.
Reply
#9
not if you have priiloader
Reply
#10
Priiloader is useful against some accidental bricks, if someone is explicitly trying to brick you then they can definitely bypass it (even boot2 bootmii). There's also other potential malicious uses of RCE past bricking
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)