ICC 2024 - Lolcat

2024-11-08 by Yannik Marchand

Lolcat was a reverse engineering challenge during the International Cybersecurity Challenge of 2024. It remained unsolved during the competition, but I was able to solve it afterwards. This writeup explains how I solved it. If you would like the try the challenge yourself, you can download it here. Initial Analysis … Read more...

CTF

Hacking the Mario Kart 8 Online Track Selection

2024-10-04 by Yannik Marchand

Suspicious feelings When Nintendo released the DLC packs for Mario Kart 8 on the Wii U, the new tracks also became playable online. In case you are not familiar, every player can either vote for one of three options, or vote for an unknown track: After every player has made … Read more...

Nintendo

DevTools leak information about CSP violations

2024-06-30 by Yannik Marchand

This post describes a minor vulnerability in Firefox, that Aidan Stephenson and I discovered while playing DiceCTF. In short, an attacker that had access to an HTML injection vulnerability could leak secrets from this page if the victim had the DevTools open, even with a strict content security in place … Read more...

Vulnerability

Hacking Hundreds of Wii Us at Once

2024-05-26 by Yannik Marchand

There used to be a flaw that could be used to gain code execution on hundreds of consoles at once. Almost all 3DS, Wii U and Switch games with online features depend on a single library for online play: NEX. This library happened to be vulnerable to a stack overflow … Read more...

Nintendo Vulnerability

Localo's Team Europe CTF Crackme

2024-05-21 by Yannik Marchand

Localo, one of the coaches of the German ECSC team, created a reversing challenge for the ICC Team Europe qualifiers this year. This writeup explains how I solved it. If you would like to try this challenge yourself, you can download the challenge here. Initial Analysis Understanding the Pattern Writing … Read more...

CTF

How to pwn a QEMU 0-day

2024-05-01 by Yannik Marchand

This writeup explains how I solved the Argonauts challenge during the CSCG qualifiers of 2024. Name: Argonauts Category: Pwn Difficulty: Hard Description: What a lovely emulator. It'd be a shame if anything were to happen to it. (I'm joking. Go break it. Here's the source code.) In the Argonauts challenge … Read more...

CTF

Nintendo's Game Server Protocols

2024-03-20 by Yannik Marchand

Reverse engineering Nintendo's game server protocols has been one of my favorite and long-lasting projects so far. Since I started the project around 7 years ago, it has led to a popular open source repository, several bug bounties and more than 150 pages of documentation. This article provides an overview … Read more...

Nintendo

Maze of Power

2024-03-14 by Yannik Marchand

Last weekend I played the Cyber Apocalypse CTF with VUBar. More than 12,000 players signed up for this CTF and it featured 67 challenges across 8 categories. The difficulty level ranged from very easy to insane. During this CTF, I was the first person that solved the insane reversing … Read more...

CTF

Introduction

2024-03-01 by Yannik Marchand

Welcome! This will be my personal blog where I share writeups and technical stuff. I love reverse engineering, playing CTF and Nintendo games, so my articles will most likely cover one of these topics. For this first article, let me share one of my favorite YouTube channels. LiveOverflow has videos … Read more...