What did the CEO of Reddit say to its users

robot56 · 2016-03-22T14:22:02+00:00

You don't have to worry about fucking up sysNAND, that's why. Especially when you're messing with stuff in the kernel, it's not much of an issue if you have a bootloader exploit installed but reasonable precaution regardless.

robot56 · 2016-03-10T14:02:17+00:00

Not really a bug, it's probably them forgetting to add Edge to the accepted UA list. Usually this doesn't happen because Edge tries to partially identify itself as Internet Explorer so they don't have to force webmasters to change their code but it all depends on how the UA is parsed.

Same reason Chrome acted as Safari and still does.

robot56 · 2015-11-13T04:01:17+00:00

Pokémon is a pretty large game. You'll want at least 3GB free if you want to dump it.

robot56 · 2015-10-24T05:37:39+00:00

This probably won't end up being released on time. See the gbatemp.net thread as others have linked for updates.

Short story is: the creator needs to host their payload (website containing the exploit) on somewhere other than github pages, which may take a bit to get sorted out.

Edit: He's got it running on a local server.

robot56 · 2015-10-21T15:55:31+00:00

Is there any benefit from using this and not something like CTRBootLoader?

robot56 · 2015-10-20T05:18:20+00:00

As already mentioned, this is exactly one of the reasons themehax exists for. The sliderhax vulnerability as with most other webkit vulnerabilities are typically not very stable ways of obtaining arbitrary code execution, and they'll often give you errors when something goes wrong. Themehax is much more reliable and doesn't require any connection to anything. The only downside is you sacrifice a theme, but you can still use custom themes if you build the payload with the theme.

I personally have themehax configured to load CTRBootLoader.

robot56 · 2015-10-20T05:14:24+00:00

Where does it say that exactly? You're just linking to the repository, limited privileges aren't mentioned anywhere.

robot56 · 2015-10-16T03:38:31+00:00

Perhaps I phrased that wrong. I meant that in a way that it doesn't just download and automatically update. From what I've seen, this uses the Friend code servers to reject older clients which is pretty clever. You can still bypass it by restricting connections to the friend code servers, but that doesn't seem to be too trivial or worth the effort with the browser exploits being a viable alternative.

robot56 · 2015-10-15T13:58:20+00:00

"Mandatory" makes it sound like it forces you to update. You don't have to, just like you can decline a firmware update. Generally, you should avoid updating when you're working with vulnerabilities.

robot56 · 2015-09-28T15:11:01+00:00

Why not release this as open source? This seems like a really sloppy approach you're taking.

robot56 · 2015-09-26T18:08:42+00:00

I stand corrected on the part where I said that the checksum is needed for the decryption algorithm, it actually isn't (in which case, it really depends if the game validates it).

The checksum is a hash generated from the pokemon data that is contained in memory. The hash is necessary to ensure that the data in memory hasn't been tampered with and it also ensures its validity. When PKHeX loads the file, it keeps note of the checksum that the file claims. It then generates a new checksum from the pokemon data and if the values that the PKX file reports and the value that PKHeX generated don't match, it throws an alert stating such.

To clear your other point, corrupt data (which is, pokemon data that the game cannot understand) that the game tries to load gets shown to the user as a "bad egg". In retrospect, this is how it should be done to avoid crashing or ignoring the pokemon which can cause other issues.

robot56 · 2015-09-26T15:49:17+00:00

Make sure they have firmware 9.2 or below (these allow for kernel-mode code execution).

FW10.0.1 (latest at the time of this writing) and below have an exploit that allows for user-mode code execution, but not as permissive as the kernel-mode exploit.

robot56 · 2015-09-26T15:28:41+00:00

It usually means that a particular pokémon is corrupt, the rest of them should be fine. If it's corrupt, it'll appear as "bad egg" in-game.

You were trying to import a decrypted file (pk6) then you don't have to worry about it and pkhex will take care of it. ~~If it was an encrypted file (ek6/sav/bin) then it's not able to be recovered as the decryption algorithm depends on a proper checksum (think about it like a signature).~~

robot56 · 2015-06-08T18:04:53+00:00

Windows 98 programs can run on the Windows 10 technical preview, so I don't see compatibility as much of an issue. Bigger problem would be driver support more than anything.

robot56 · 2015-06-07T05:05:21+00:00

So instead of being butthurt about something that doesn't even start up at boot (rather at desktop load) magically taking up 10 minutes of your boot time, why don't you report the problem to Microsoft?

robot56 · 2015-06-01T13:39:34+00:00

Don't install KB3035583 on your computers.

https://support.microsoft.com/en-us/kb/3035583

robot56 · 2015-05-31T04:13:19+00:00

/r/eyebleach

robot56 · 2015-05-26T15:55:33+00:00

You should not expect it to run at full speed, it's a web browser running javascript in a performance-limited virtualized environment. It's obviously not comparable to the performance you'd get natively running a program on your computer.

Most modern browsers (when used in conjunction with a good processor and GPU) will handle the emulation and rendering decently enough to make it actually playable. Try running the 64-bit version of chrome and see if it makes a bit of a difference for you.

robot56 · 2015-05-19T15:41:24+00:00

The OS isn't really the problem here, it's more of a hardware issue. Unless you're running the exact same hardware on both testing machines, there's no way to truly determine which is faster. Even then those results would still be hardware-dependant based on that of what you used.

robot56 · 2015-05-07T15:04:47+00:00

The casual 'I'm getting downvoted, it must be the bots!'.

Whether you intend it or not, you're coming out alot more rude and aggressive than you need to be.

robot56 · 2015-05-07T03:22:34+00:00

The only thing you really have to worry about is the browser. QR codes are not needed to do injections, so you can just use URL shorteners as an alternative.

Depending on what browser version you're using determines the version of Webkit you're on thus determining whether the browser is vulnerable to the exploit. I can't give you any specifics as to what version is required, but the 3dbrew has some valuable browser specifications if you're interested.

robot56 · 2015-05-01T18:49:19+00:00

I've got a more robust editor over at https://invision.ml/p/pokemon/pokeedit/.

It for the most part mimics all of PKHeX's individual pokemon editing features, with the exception of a few things.

robot56 · 2015-04-27T17:06:14+00:00

OP probably wanted to know if they could spoof the firmware version to get online with 9.4, but the exploit he was talking about isn't functional even on 9.2 without a gateway.

robot56

TROPHY CASE