Hacking [Suspended] ARM11 kernel access project

[ironmaster49]

Well just let him finish the work then he will make a video, i am sure he is getting close, he will make one so please stop asking just for now

 

[Psi-hate]

I still think that this project probably should have at least had some sort of a PoC (released or in video form) before making a WIP thread.

I agree, but somebody here needs to make mistakes now and then (that aren't brainless). I really am hopeful for this to see the light of day when it gets to the point of a p.o.c. if it advances. Hell, if he doesn't succeed, I hope that he at least tells us what Yellows8 and Co. told him to help anyone else who is capable. Honestly stuff like SALT, RXTOOLS, Ninjhax and all this 3DS development has pretty much inspired me to learn code at HS so I don't really see any negatives when it comes to learning experiences for everyone.

 

[ironmaster49]

I agree, but somebody here needs to make mistakes now and then (that aren't brainless). I really am hopeful for this to see the light of day when it gets to the point of a p.o.c. if it advances. He'll, if he doesn't succeed, I hope that he at least tells us what Yellows8 and Co. told him to help anyone else who is capable. Honestly stuff like SALT, RXTOOLS, Ninjhax and all this 3DS development has pretty much inspired me to learn code at HS so I don't really see any negatives when it comes to learning experiences for everyone.

Yeah, i want to see a p.o.c too but he is not done and he has nothing to put on yet, only when he is done then we can get one, or when he writes the first betas

 

[Phanton]

BUUURRRRNN

How in the hell is that a burn?
Anyways, I was trying to edit my MK7 save on HxD and holy shit I found a kernel exploit!!!111
Fo real guiiys!!

 

[ironmaster49]

How in the hell is that a burn?
Anyways, I was trying to edit my MK7 save on HxD and holy shit I found a kernel exploit!!!

So you just opened a hex editor and highlighted some things and that is somehow a kexploit? NICE!*sarcasm added, and we want a freehax, and i do not have mk7 - if this is even possible

 

[zoogie]

It will be a matter of years before mass has the skills to find and implement a kernel exploit. The scene will have moved on by then.

So you just opened a hex editor and highlighted some things and that is somehow a kexploit? NICE!*sarcasm added

That's exactly what your hero did.

 

[ironmaster49]

It will be a matter of years before mass has the skills to find and implement a kernel exploit. The scene will have moved on by then.

That's exactly what your hero did.

I guess, but he is taking his time and trying and talking to devs like Yellows8, which i am happy for, he is putting in effort


If only i had a 3ds 9.9 nand backup with fat16 xorpads, i could of started looking for one too. I dont get why mass did not just make a 9.9 emunand and decrypt it and look there, instead of opening downloaded encrypted files on NUS packages on hex editor

 

[ArmoredGuns1]

I have a 9.5 memory dump, in case it's useful somehow...

 

[ironmaster49]

That memory dump may be useful in the future, but all i want now is a decrypted 9.9 nand dump, and i cannot make one myself as my exploitable 3ds is busted, i just wanted to look in the nand as well

 

[LoganK93]

Clicked on this thread after a day or so to find ten new pages, got excited thinking something had happened, but nope

I did the same thing earlier. I don't usually check threads unless I see a bunch of new replies, but in this case it's countless questions about an update (literally minutes apart) and people who think Mass is full of shit. While I would love to see a P.O.C. I also understand that this stuff takes a while, and if it is real, I don't think it wise to piss off the dev working on something potentially amazing.

 

[MassExplosion213]

It will be a matter of years before mass has the skills to find and implement a kernel exploit. The scene will have moved on by then.

That's exactly what your hero did.

Very well could happen. Idk. But the whole code thing, yea, I forgot to decrypt the file. It's not like I don't know how, I just got ahead of myself.

 

[ironmaster49]

Mass, he said that you are my hero! Well any new things now? Make an emunand and decrypt it?

 

[MassExplosion213]

Mass, he said that you are my hero! Well any new things now? Make an emunand and decrypt it?

Emunand does not help.

 

[ironmaster49]

Emunand does not help.

Never mind, did you manage to decrypt that file?

 

[MassExplosion213]

Never mind, did you manage to decrypt that file?

Still gotta find my 9.2 3ds.

 

[ironmaster49]

Still gotta find my 9.2 3ds.

You keep losing it, keep it in a single place or something. And the encryption is ncch? Well good luck on decryption of the file and finding the exploit

 

[MassExplosion213]

You keep losing it, keep it in a single place or something. And the encryption is ncch? Well good luck on decryption of the file and finding the exploit

Encryption is NCCH with a CBC layer over it.

 

[Suiginou]

Encryption is NCCH with a CBC layer over it.

NCCH is a container format, not any form of encryption.

 

[MassExplosion213]

NCCH is a container format, not any form of encryption.

My bad. But I forget what the encryption's called.

 

[Suiginou]

My bad. But I forget what the encryption's called.

What are you encrypting again?

A file from the CDN? CDN encryption is just AES-128-CBC with the IV being the content ID in the TMD and the key being the decrypted titlekey padded with 0.

An NCCH itself? AES-128-CTR, IVs and keys vary between individual sections (RomFS, ExeFS in its entirety, ExeFS:/.code, exheader).