Hacking And Super Secret arm11/9 3ds 11+ exploit has been patched.

JCCG1989

JCCG1989

Well-Known Member
Member
Level 3
Joined
Jul 16, 2016
Messages
444
Trophies
0
Age
34
XP
368
Country
Mexico
So... refuse to update and wait for the exploit (I'm 11.0.0-33U in both my consoles) is not pointless yet right? RIGHT?
 
DeslotlCL

DeslotlCL

GBAtemp's scalie trash
Member
Level 11
Joined
Oct 28, 2015
Messages
2,847
Trophies
0
XP
2,755
Country
United States
astronautlevel said:
Allow me to explain a bit (since I posted the reddit thread) -

The exploit doesn't straight up let us install arm9loaderhax on 11.0/11.1.

If you remember back in 11.0, Nintendo added an anti downgrade patch. When installing a title, the 3ds would check against a hardcoded version list stored in process9, and if the version was too low, it would fail. However, this method was imperfect, and is vulnerable to a type of race condition known as a TOCTTOU, or Time Of Check To Time Of Use. A TOCTTOU is an exploit where the data is changed after the validity of the data is checked, but before the data is used. In short, the way the process should work is:

Application manager is asked to install newer version -> Version is checked against the process9 minimum version list -> Version is higher than minimum version -> Install

or

Application manager is asked to install older version -> Version is checked against the process9 minimum version list -> Version is lower than minimum version -> Abort

The way it can end up working though is:

Application manager is asked to install newer version -> Version is checked against the process9 minimum version list -> Version is higher than the minimum version -> Data is swapped out with older title -> Install older title

This would basically allow us to downgrade NATIVE_FIRM to 10.4 (kind of like a hardmod downgrade) using software only and no secondary 3ds and no DSiWare.

The reason I'm saying we only downgrade NATIVE_FIRM is because of the nature of the exploit. Although it would be perfectly possible to downgrade the entire system, the race condition would need to work for every single title you install, and due to the inherently unreliable nature of race conditions, it would be easier to downgrade NFIRM only and then downgrade normally.

As far as I know, no code has been written for this yet.

What happened in 11.2 was Nintendo prevented this race by doing a second version check. This effectively prevents the race.

Note that even if this comes through for 11.0/11.1, we still won't be able to downgrade without an arm11 kernel exploit. An arm11 kernel exploit, however, was patched on 11.2. This kernel exploit, known as slowhax, has been implemented and gets arm11 kernel access (albeit after 20 minutes of waiting). It's possible now that it's been patched the author of the exploit will release it.
Click to expand...
About the arm11 kernel exploit or "slowhax", wouldn't it be enough to downgrade to 9.2?
 
astronautlevel

astronautlevel

Well-Known Member
Member
Level 15
Joined
Jan 26, 2016
Messages
4,128
Trophies
2
Location
Maryland
Website
ataber.pw
XP
5,008
Country
United States
DespyCL said:
About the arm11 kernel exploit or "slowhax", wouldn't it be enough to downgrade to 9.2?
Click to expand...
No - the way downgrades used to work was

Uninstall current title -> install older version of title

But since 11.0 what happens is:

Uninstall current title -> Attempt to install older version -> get stopped by process9 because the version you're installing is too old.

The point of the TOCTTOU is to avoid process9 stopping you from downgrading. For a more in depth explanation of why arm11 kernel alone isn't enough, see: http://gbatemp.net/threads/why-the-...simple-explanation-for-the-rest-of-us.441373/
 
  • Like
Reactions: zfreeman and DeslotlCL
DeslotlCL

DeslotlCL

GBAtemp's scalie trash
Member
Level 11
Joined
Oct 28, 2015
Messages
2,847
Trophies
0
XP
2,755
Country
United States
astronautlevel said:
No - the way downgrades used to work was

Uninstall current title -> install older version of title

But since 11.0 what happens is:

Uninstall current title -> Attempt to install older version -> get stopped by process9 because the version you're installing is too old.

The point of the TOCTTOU is to avoid process9 stopping you from downgrading. For a more in depth explanation of why arm11 kernel alone isn't enough, see: http://gbatemp.net/threads/why-the-...simple-explanation-for-the-rest-of-us.441373/
Click to expand...
Thanks for the reply and for the info, it's always nice to read/learn how this kind of stuff works :)
 
JCCG1989

JCCG1989

Well-Known Member
Member
Level 3
Joined
Jul 16, 2016
Messages
444
Trophies
0
Age
34
XP
368
Country
Mexico
astronautlevel said:
No - the way downgrades used to work was

Uninstall current title -> install older version of title

But since 11.0 what happens is:

Uninstall current title -> Attempt to install older version -> get stopped by process9 because the version you're installing is too old.

The point of the TOCTTOU is to avoid process9 stopping you from downgrading. For a more in depth explanation of why arm11 kernel alone isn't enough, see: http://gbatemp.net/threads/why-the-...simple-explanation-for-the-rest-of-us.441373/
Click to expand...

Do you consider a waste of time for someone in 11.0.0-33U to wait if anything like that exploit is relased to get a hacked console?
 
astronautlevel

astronautlevel

Well-Known Member
Member
Level 15
Joined
Jan 26, 2016
Messages
4,128
Trophies
2
Location
Maryland
Website
ataber.pw
XP
5,008
Country
United States
JCCG1989 said:
Do you consider a waste of time for someone in 11.0.0-33U to wait if anything like that exploit is relased to get a hacked console?
Click to expand...
No - by upgrading you lose access to this bug which is likely to lead to a free downgrading exploit, whereas by staying you keep the ability to use this exploit.
 
  • Like
Reactions: Gray_Jack
TEINDTPA

TEINDTPA

Banned!
Banned
Level 1
Joined
Oct 6, 2016
Messages
128
Trophies
0
Age
27
Location
Hell
Website
ICWHATYOUDIDTHERE.com
XP
79
Country
Mauritius
Priyam said:
So, the super secret 3ds exploit that was being teased for months and was super guarded has been patched in the latest fw 11.2.
https://twitter.com/TuxSH/status/791058471298994176

It was supposed to be an exploit which would have allowed us to install A9HL on our 11.0 and 11.1 3ds.
But, sadly it never released and now it has been patched. This is the biggest downside of withholding exploits and this is one fine example.

SO, folks who have upgraded to 11.2 and still waiting for the secret arm9/arm11 exploit should just pack back home.
And those who haven't updated yet, wait for the exploit, it should be released soon as there is no point in withholding any longer.
https://www.reddit.com/r/3dshacks/comments/59eiby/dont_update_to_112_if_you_dont_have_cfw_patches/
Click to expand...

Good news! i hope it use Fieldrunners or anything else i got on my N3ds 11.0!
 
eworm

eworm

Well-Known Member
Member
Level 5
Joined
Jul 7, 2016
Messages
216
Trophies
0
XP
633
Country
Poland
If/When that bug is made into an actual exploit and released, would downgrading still be necessary for installing A9HL?
Well, put simply, to downgrade on 11.0 without hardmod or DSiwarehax, we need an arm9 exploit. Without being able to tell arm9 to not use the list, there's no way to downgrade via normal software. And if we have an arm9 exploit, there would be no reason to downgrade to 9.2 from 11.0.
Click to expand...
 
el_gonz87

el_gonz87

Well-Known Member
Member
Level 6
Joined
Aug 24, 2016
Messages
1,559
Trophies
0
Age
37
XP
868
Country
United States
eworm said:
If/When that bug is made into an actual exploit and released, would downgrading still be necessary for installing A9HL?
Click to expand...

Yes, this exploit simply exploits a bug that allows title downgrading based on the list on Process9 since there is a gap between the verification process and the downgrading process. This does not give full rights to the ARM9 kernel hence why the downgrading is still necessary.
 
  • Like
Reactions: zfreeman and astronautlevel
evandixon

evandixon

PMD Researcher
Developer
Level 10
Joined
May 29, 2009
Messages
1,725
Trophies
0
Website
projectpokemon.org
XP
2,313
Country
United States
eworm said:
If/When that bug is made into an actual exploit and released, would downgrading still be necessary for installing A9HL?
Click to expand...
If an ARM9 Kernal exploit was found, then downgrading would no longer be necessary; however, this is only an ARM11 Kernal exploit. It's still useful, but ARM9 Kernal exploits are where the real fun is.
 
astronautlevel

astronautlevel

Well-Known Member
Member
Level 15
Joined
Jan 26, 2016
Messages
4,128
Trophies
2
Location
Maryland
Website
ataber.pw
XP
5,008
Country
United States
eworm said:
If/When that bug is made into an actual exploit and released, would downgrading still be necessary for installing A9HL?
Click to expand...
When Swiftloke wrote this, he believed that the minimum version check was implemented correctly - this was later shown to not be the case. The exploit wouldn't be arm9, just exploit the bug in the minimum version check.
 
  • Like
Reactions: ih8ih8sn0w
D

Deleted-19228

Guest
Priyam said:
So, the super secret 3ds exploit that was being teased for months and was super guarded has been patched in the latest fw 11.2.
https://twitter.com/TuxSH/status/791058471298994176

It was supposed to be an exploit which would have allowed us to install A9HL on our 11.0 and 11.1 3ds.
But, sadly it never released and now it has been patched. This is the biggest downside of withholding exploits and this is one fine example.

SO, folks who have upgraded to 11.2 and still waiting for the secret arm9/arm11 exploit should just pack back home.
And those who haven't updated yet, wait for the exploit, it should be released soon as there is no point in withholding any longer.
https://www.reddit.com/r/3dshacks/comments/59eiby/dont_update_to_112_if_you_dont_have_cfw_patches/
Click to expand...

I'm missing on that twitter post where it says the exploit was patched.
 
A

ArmoredGuns1

Well-Known Member
Member
Level 4
Joined
Sep 27, 2007
Messages
219
Trophies
1
XP
396
Country
United States
So does this mean that there will be soon a .3dsx that will allow us to downgrade NATIVE_FIRM to 10.4 and then afterwards we can downgrade normally to 9.2, while being on 11.0-11.1?
 
Alex658

Alex658

Well-Known Member
Member
Level 7
Joined
Jun 4, 2010
Messages
1,206
Trophies
1
Age
29
Location
Colombia
XP
1,194
Country
Colombia
This is all really interesting. What kind of elevated permissions would slowhax get? (Loving the name btw, patience is a virtue?) Shouldn't it technically allow you to install legit .cias? Memchunkhax2 only allowed this becausd it was built into stuff like a .cia installer in the first place, yes? (NASA).

Of course, waiting 20min for it to even execute is not really.... Fun.

I know the primary goal would be to enable a "fr3e way of d0wngrading", but still...

I'm curious as to wtf is nintendo up to when they get to patching duties, they somehow fix stuff that wasn't even exploited/public, yet they seem to be incredibly ignorant at fixing such an easy thing like Dsiwarehax, or making the min ver. list to execute the homemenu 11.0nfirm.
At this point either they're stupid or they want this to keep happening.
 
Last edited by Alex658,

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

After the 8th of April, will it still be possible to create a new NNID (Nintendo Network ID) and/or transfer a NNID from one console to another?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Translation Project  DQM2SP translation

Hardware  Why does my 3DS take so long to turn off?

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: https://youtube.com/shorts/WOppJ92RgGU?si=KE79L6A_3jESsGQM