Homebrew Is it possible to install the ROP Loader with the browser exploit ?

[AtlanticBit]

well, let's try not to use fs calls but to load this important data into some offset in the bin file.

 

[Hikari06]

well, let's try not to use fs calls but to load this important data into some offset in the bin file.

That is indeed what we should do, we could easily embed the patch file into the executable, but what about the read/write firmware functions ? I mean, we need to replace them

 

[AtlanticBit]

check what they do in libnds or something. it's just a ref to ds mode nvram remember

 

[AtlanticBit]

so have you tried at least compiling it into a bin and running?

 

[Hikari06]

so have you tried at least compiling it into a bin and running?

Yep and it kicked me back to the home menu saying 'an error occured'

Btw, here are the two functions :

//---------------------------------------------------------------------------------
void readFirmware(u32 address, void *buffer, u32 length) {
//---------------------------------------------------------------------------------
 
    FifoMessage msg;
 
    msg.type = FW_READ;
    msg.fwParams.address = address;
    msg.fwParams.buffer = buffer;
    msg.fwParams.length = length;
 
    fifoSendDatamsg(FIFO_FIRMWARE, sizeof(msg), (u8*)&msg);
 
    while(!fifoCheckValue32(FIFO_FIRMWARE));
    fifoGetValue32(FIFO_FIRMWARE);
    DC_InvalidateRange(buffer,length);
 
}   
 
//---------------------------------------------------------------------------------
int writeFirmware(u32 address, void *buffer, u32 length) {
//---------------------------------------------------------------------------------
 
    if ( ((address & 0xff) != 0) || ((length  & 0xff) != 0)) return -1;
    DC_FlushRange(buffer,length);
 
    FifoMessage msg;
 
    msg.type = FW_WRITE;
    msg.fwParams.address = address;
    msg.fwParams.buffer = buffer;
    msg.fwParams.length = length;
   
    fifoSendDatamsg(FIFO_FIRMWARE, sizeof(msg), (u8*)&msg);
 
    while(!fifoCheckValue32(FIFO_FIRMWARE));
 
    return (int)fifoGetValue32(FIFO_FIRMWARE);
 
}

 

[AtlanticBit]

crap

 

[Hikari06]

I managed to embed the patch file into the executable and thus get rid of any fs function, but that was the easiest part. I still can't figure out how to write to the sysnand...

Edit : maybe this could help but I don't see any function to modify DS profile

 

[AtlanticBit]

WHERE ARE SMART PEOPLE WHEN NEEDED?

 

[V3NUS_M1NER]

I wish I could help get this working.........but I can't


I know nothing about the 3DS compared to the homebrew developers

 

[V3NUS_M1NER]

Can't wait to see what you come up with )))

 

[Hikari06]

Hello everyone.
I'm still clueless about how to access NVRAM from the arm9 exploit...
Anyway, here is the source code of the ROP Loader slightly modified to embed the patch file into the executable (thus getting rid of fs calls), and to apply the first patch automacilly so we don't need to press any button.
However this is still NDS code, since I'm not skilled enough to port this.
Maybe someone will be able to make something out of this...

https://drive.google.com/uc?export=download&id=0B7Xer3uTWI_KcmtvLWVlOGJINTg