2024-10-04 by Yannik Marchand
Suspicious feelings When Nintendo released the DLC packs for Mario Kart 8 on the Wii U, the new tracks also became playable online. In case you are not familiar, every player can either vote for one of three options, or vote for an unknown track: After every player has made …
Read more...
Nintendo
2024-06-30 by Yannik Marchand
This post describes a minor vulnerability in Firefox, that Aidan Stephenson and I discovered while playing DiceCTF. In short, an attacker that had access to an HTML injection vulnerability could leak secrets from this page if the victim had the DevTools open, even with a strict content security in place …
Read more...
Vulnerability
2024-05-26 by Yannik Marchand
There used to be a flaw that could be used to gain code execution on hundreds of consoles at once. Almost all 3DS, Wii U and Switch games with online features depend on a single library for online play: NEX. This library happened to be vulnerable to a stack overflow …
Read more...
Nintendo
Vulnerability
2024-05-21 by Yannik Marchand
Localo, one of the coaches of the German ECSC team, created a reversing challenge for the ICC Team Europe qualifiers this year. This writeup explains how I solved it. If you would like to try this challenge yourself, you can download the challenge here. Initial Analysis Understanding the Pattern Writing …
Read more...
CTF
2024-05-01 by Yannik Marchand
This writeup explains how I solved the Argonauts challenge during the CSCG qualifiers of 2024. Name: Argonauts Category: Pwn Difficulty: Hard Description: What a lovely emulator. It'd be a shame if anything were to happen to it. (I'm joking. Go break it. Here's the source code.) In the Argonauts challenge …
Read more...
CTF
2024-03-20 by Yannik Marchand
Reverse engineering Nintendo's game server protocols has been one of my favorite and long-lasting projects so far. Since I started the project around 7 years ago, it has led to a popular open source repository, several bug bounties and more than 150 pages of documentation. This article provides an overview …
Read more...
Nintendo
2024-03-14 by Yannik Marchand
Last weekend I played the Cyber Apocalypse CTF with VUBar. More than 12,000 players signed up for this CTF and it featured 67 challenges across 8 categories. The difficulty level ranged from very easy to insane. During this CTF, I was the first person that solved the insane reversing …
Read more...
CTF
2024-03-01 by Yannik Marchand
Welcome! This will be my personal blog where I share writeups and technical stuff. I love reverse engineering, playing CTF and Nintendo games, so my articles will most likely cover one of these topics. For this first article, let me share one of my favorite YouTube channels. LiveOverflow has videos …
Read more...