Hacking And Super Secret arm11/9 3ds 11+ exploit has been patched.

Priyam

Well-Known Member
OP
Member
Joined
Jul 27, 2012
Messages
228
Trophies
0
XP
687
Country
India
So, the super secret 3ds exploit that was being teased for months and was super guarded has been patched in the latest fw 11.2.
https://twitter.com/TuxSH/status/791058471298994176

It was supposed to be an exploit which would have allowed us to install A9HL on our 11.0 and 11.1 3ds.
But, sadly it never released and now it has been patched. This is the biggest downside of withholding exploits and this is one fine example.

SO, folks who have upgraded to 11.2 and still waiting for the secret arm9/arm11 exploit should just pack back home.
And those who haven't updated yet, wait for the exploit, it should be released soon as there is no point in withholding any longer.
https://www.reddit.com/r/3dshacks/comments/59eiby/dont_update_to_112_if_you_dont_have_cfw_patches/
 

Akira

I'm not a SHRIMP!!!!
Member
Joined
Apr 28, 2013
Messages
1,246
Trophies
0
XP
1,666
Country
United States
Still this can be used by a lot of users(if they release it) since pretty much Nintendo haven't dispatched(hope so) 3ds consoles on 11.2.
 

hellionz

Well-Known Member
Member
Joined
Feb 24, 2007
Messages
630
Trophies
1
XP
791
Country
hummm interesting...i pray they release this soon, for 11.0 users...for soft is so hard and risk 2 consoles in the process

Greetings
 

astronautlevel

Well-Known Member
Member
Joined
Jan 26, 2016
Messages
4,128
Trophies
2
Location
Maryland
Website
ataber.pw
XP
4,998
Country
United States
Allow me to explain a bit (since I posted the reddit thread) -

The exploit doesn't straight up let us install arm9loaderhax on 11.0/11.1.

If you remember back in 11.0, Nintendo added an anti downgrade patch. When installing a title, the 3ds would check against a hardcoded version list stored in process9, and if the version was too low, it would fail. However, this method was imperfect, and is vulnerable to a type of race condition known as a TOCTTOU, or Time Of Check To Time Of Use. A TOCTTOU is an exploit where the data is changed after the validity of the data is checked, but before the data is used. In short, the way the process should work is:

Application manager is asked to install newer version -> Version is checked against the process9 minimum version list -> Version is higher than minimum version -> Install

or

Application manager is asked to install older version -> Version is checked against the process9 minimum version list -> Version is lower than minimum version -> Abort

The way it can end up working though is:

Application manager is asked to install newer version -> Version is checked against the process9 minimum version list -> Version is higher than the minimum version -> Data is swapped out with older title -> Install older title

This would basically allow us to downgrade NATIVE_FIRM to 10.4 (kind of like a hardmod downgrade) using software only and no secondary 3ds and no DSiWare.

The reason I'm saying we only downgrade NATIVE_FIRM is because of the nature of the exploit. Although it would be perfectly possible to downgrade the entire system, the race condition would need to work for every single title you install, and due to the inherently unreliable nature of race conditions, it would be easier to downgrade NFIRM only and then downgrade normally.

As far as I know, no code has been written for this yet.

What happened in 11.2 was Nintendo prevented this race by doing a second version check. This effectively prevents the race.

Note that even if this comes through for 11.0/11.1, we still won't be able to downgrade without an arm11 kernel exploit. An arm11 kernel exploit, however, was patched on 11.2. This kernel exploit, known as slowhax, has been implemented and gets arm11 kernel access (albeit after 20 minutes of waiting). It's possible now that it's been patched the author of the exploit will release it.
 

astronautlevel

Well-Known Member
Member
Joined
Jan 26, 2016
Messages
4,128
Trophies
2
Location
Maryland
Website
ataber.pw
XP
4,998
Country
United States
Lol 20 min "slowhax".
Basically the way slowhax works is it spawns a ton of new processes.

The way Nintendo does "permissions" for services is that anything with a PID lower than the number of system modules gets full service access. Slowhax keeps creating new processes until the PID overflows to 0 (pid is stored unsigned), and then that process has full service access. Nintendo patched this by making the kernel panic if a userland process tries to make a new process with a PID of 0.
 

gamesquest1

Nabnut
Former Staff
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,237
i like the name :/ seems bizzare they would patch exploits and still leave that stupid DSi downgrade method open....like wtf nintendo, up the FIRM version or pull the games, they have now patched an exploit that was unnecessary because they are stupid and allow the dsidowngrade method to continue to work for like 6 updates
 
  • Like
Reactions: peteruk

gamesquest1

Nabnut
Former Staff
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,237
I don't think I follow. They patched it because of the flaws, not because of being a private exploit...
dont try point out that if this was released months ago then it would have been patched way before now anyway, and there was no point releasing something to be patched while there was perfectly usable alternatives, and that nobody has been stopped from downgrading by keeping this exploit back.....i mean.....come on what would people have to moan about then :creep:
 

gamesquest1

Nabnut
Former Staff
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,237
what game would need a update to 11.2, it was only released a couple of days ago, its probably just a title update afaik httpwn allows you to access the eshop to grab the update without updating your FW
 

astronautlevel

Well-Known Member
Member
Joined
Jan 26, 2016
Messages
4,128
Trophies
2
Location
Maryland
Website
ataber.pw
XP
4,998
Country
United States
There is no private exploit; no code has been written for the exploit. The only thing that exists is a bug and it hasn't been exploited yet.

Also, @gamesquest1 is exactly right. Even if there was a working exploit written it would make more sense to hold it back until DSiWare downgrading was patched.
 

el_gonz87

Well-Known Member
Member
Joined
Aug 24, 2016
Messages
1,559
Trophies
0
Age
37
XP
868
Country
United States
There is no private exploit; no code has been written for the exploit. The only thing that exists is a bug and it hasn't been exploited yet.

Also, @gamesquest1 is exactly right. Even if there was a working exploit written it would make more sense to hold it back until DSiWare downgrading was patched.

I don't have a dog in the fight since both my N3DS have A9LH, but if this new bug has been patched in 11.2, what's the point of holding it back until DSiWare downgrading gets patched (if ever by Nintendo, their 2DS margin is prob skyrocketing off of it LOL)?

It would seem to me that if/when the dswiwarehax get's patched this new exploit will be useless on that FW, I could be wrong but it seems that was my understanding.

Any who, thx for the info, hopefully more bugs keep popping up!
 
  • Like
Reactions: astronautlevel

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Communism lol
  • SylverReZ @ SylverReZ:
    OUR products
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    +2
  • BakerMan @ BakerMan:
    @LeoTCK is your partner the sascrotch or smth?
  • Xdqwerty @ Xdqwerty:
    Good morning
    Xdqwerty @ Xdqwerty: Good morning