Closed socram8888 closed 3 years ago
Right, we might want to skip 0x3f and go at 0x40. In fact, on some memory cards, 0x3f doesn't actually exist, like on the mcpro.
So #6 moved the binary around frame 0x40, which I believe solves this one here?
I'm getting an even worse crash now. I don't even get to the start address of tonyhax (at 0x801FA100). I'm gonna investigate what the problem could be.
I was trying to load tonyhax using the exploit on an emulator, but had the wrong BIOS accidentally loaded. This resulted in the exploit failing to load (which is totally benign), but also I ended up with the frame 0x3F overwritten as part of the write check, which destroyed the payload.
I see two ways of working around this issue:
EDIT: This seems to also happen if using the correct BIOS:![imagen](https://user-images.githubusercontent.com/515068/114324580-64f27b80-9b1a-11eb-9356-9e71840bef7a.png)
tonyhax-scph9002.mcd.zip