About the arm11 kernel exploit or "slowhax", wouldn't it be enough to downgrade to 9.2?Allow me to explain a bit (since I posted the reddit thread) -
The exploit doesn't straight up let us install arm9loaderhax on 11.0/11.1.
If you remember back in 11.0, Nintendo added an anti downgrade patch. When installing a title, the 3ds would check against a hardcoded version list stored in process9, and if the version was too low, it would fail. However, this method was imperfect, and is vulnerable to a type of race condition known as a TOCTTOU, or Time Of Check To Time Of Use. A TOCTTOU is an exploit where the data is changed after the validity of the data is checked, but before the data is used. In short, the way the process should work is:
Application manager is asked to install newer version -> Version is checked against the process9 minimum version list -> Version is higher than minimum version -> Install
or
Application manager is asked to install older version -> Version is checked against the process9 minimum version list -> Version is lower than minimum version -> Abort
The way it can end up working though is:
Application manager is asked to install newer version -> Version is checked against the process9 minimum version list -> Version is higher than the minimum version -> Data is swapped out with older title -> Install older title
This would basically allow us to downgrade NATIVE_FIRM to 10.4 (kind of like a hardmod downgrade) using software only and no secondary 3ds and no DSiWare.
The reason I'm saying we only downgrade NATIVE_FIRM is because of the nature of the exploit. Although it would be perfectly possible to downgrade the entire system, the race condition would need to work for every single title you install, and due to the inherently unreliable nature of race conditions, it would be easier to downgrade NFIRM only and then downgrade normally.
As far as I know, no code has been written for this yet.
What happened in 11.2 was Nintendo prevented this race by doing a second version check. This effectively prevents the race.
Note that even if this comes through for 11.0/11.1, we still won't be able to downgrade without an arm11 kernel exploit. An arm11 kernel exploit, however, was patched on 11.2. This kernel exploit, known as slowhax, has been implemented and gets arm11 kernel access (albeit after 20 minutes of waiting). It's possible now that it's been patched the author of the exploit will release it.
No - the way downgrades used to work wasAbout the arm11 kernel exploit or "slowhax", wouldn't it be enough to downgrade to 9.2?
Thanks for the reply and for the info, it's always nice to read/learn how this kind of stuff worksNo - the way downgrades used to work was
Uninstall current title -> install older version of title
But since 11.0 what happens is:
Uninstall current title -> Attempt to install older version -> get stopped by process9 because the version you're installing is too old.
The point of the TOCTTOU is to avoid process9 stopping you from downgrading. For a more in depth explanation of why arm11 kernel alone isn't enough, see: http://gbatemp.net/threads/why-the-...simple-explanation-for-the-rest-of-us.441373/
No - the way downgrades used to work was
Uninstall current title -> install older version of title
But since 11.0 what happens is:
Uninstall current title -> Attempt to install older version -> get stopped by process9 because the version you're installing is too old.
The point of the TOCTTOU is to avoid process9 stopping you from downgrading. For a more in depth explanation of why arm11 kernel alone isn't enough, see: http://gbatemp.net/threads/why-the-...simple-explanation-for-the-rest-of-us.441373/
No - by upgrading you lose access to this bug which is likely to lead to a free downgrading exploit, whereas by staying you keep the ability to use this exploit.Do you consider a waste of time for someone in 11.0.0-33U to wait if anything like that exploit is relased to get a hacked console?
No - by upgrading you lose access to this bug which is likely to lead to a free downgrading exploit, whereas by staying you keep the ability to use this exploit.
So, the super secret 3ds exploit that was being teased for months and was super guarded has been patched in the latest fw 11.2.
https://twitter.com/TuxSH/status/791058471298994176
It was supposed to be an exploit which would have allowed us to install A9HL on our 11.0 and 11.1 3ds.
But, sadly it never released and now it has been patched. This is the biggest downside of withholding exploits and this is one fine example.
SO, folks who have upgraded to 11.2 and still waiting for the secret arm9/arm11 exploit should just pack back home.
And those who haven't updated yet, wait for the exploit, it should be released soon as there is no point in withholding any longer.
https://www.reddit.com/r/3dshacks/comments/59eiby/dont_update_to_112_if_you_dont_have_cfw_patches/
Well, put simply, to downgrade on 11.0 without hardmod or DSiwarehax, we need an arm9 exploit. Without being able to tell arm9 to not use the list, there's no way to downgrade via normal software. And if we have an arm9 exploit, there would be no reason to downgrade to 9.2 from 11.0.
If/When that bug is made into an actual exploit and released, would downgrading still be necessary for installing A9HL?
If an ARM9 Kernal exploit was found, then downgrading would no longer be necessary; however, this is only an ARM11 Kernal exploit. It's still useful, but ARM9 Kernal exploits are where the real fun is.If/When that bug is made into an actual exploit and released, would downgrading still be necessary for installing A9HL?
When Swiftloke wrote this, he believed that the minimum version check was implemented correctly - this was later shown to not be the case. The exploit wouldn't be arm9, just exploit the bug in the minimum version check.If/When that bug is made into an actual exploit and released, would downgrading still be necessary for installing A9HL?
So, the super secret 3ds exploit that was being teased for months and was super guarded has been patched in the latest fw 11.2.
https://twitter.com/TuxSH/status/791058471298994176
It was supposed to be an exploit which would have allowed us to install A9HL on our 11.0 and 11.1 3ds.
But, sadly it never released and now it has been patched. This is the biggest downside of withholding exploits and this is one fine example.
SO, folks who have upgraded to 11.2 and still waiting for the secret arm9/arm11 exploit should just pack back home.
And those who haven't updated yet, wait for the exploit, it should be released soon as there is no point in withholding any longer.
https://www.reddit.com/r/3dshacks/comments/59eiby/dont_update_to_112_if_you_dont_have_cfw_patches/
I'm missing on that twitter post where it says the exploit was patched.
Use a DNS that blocks the update servers, then enter recovery mode to delete the patch data. ;-)HOLY SHIT I DIDN'T UPDATE I'M STILL IN 11.1 NICEEE
I'm getting the update pop up though, gotta be careful with that when I'm gonna play from now on.
Use CTR-HttpwnI'm in 11.1.0-34 Is there a way to launch a game that needs a firm update(DNS changing?)
So... refuse to update and wait for the exploit (I'm 11.0.0-33U in both my consoles) is not pointless yet right? RIGHT?