- Status
![[Truth]](/data/avatars/l/37/37733.jpg?1351072321){kind=avatar}
lol at all the kids here who don´t know who yellows8 is...
That's right.
Releasing just a picture with no real information about it makes it so believable. OMG! It's from yellows8! I honestly hadn't known who he was until his name was mentioned in this thread.
It depends on who the person is!
And yes when someone like bushing, marcan, crediar or yellows8 posts only a picture, i know that it is no fake.
Man! I go to sleep and dream an exploit was found for the 3DS, and ITS TRUE!
- Joined
- Jan 28, 2009
- Messages
- 8,516
- Trophies
- 2
- Age
- 33
- Location
- London
- Website
- gbatemp.net
- XP
- 13,827
- Country
I so hope this will eventually allow for homebrew which will let me watch pron in 3D.
Part of me wants to get super excited...
The other part remembers that even if this isn't fake (and all the signs point to it being real atm), we're still prolly far off from something that can be shipped retail.
The other part remembers that even if this isn't fake (and all the signs point to it being real atm), we're still prolly far off from something that can be shipped retail.
I'm pretty sure it's real, but now I'm itching for technical details
Code:
<delroth> [06:10:31] yellows8: finally found a kernel exploit or is that still done through ram haxx / ROP?
<yellows8> [06:10:54] not the kernel :)
<delroth> [06:11:23] trust chain broken? :P
...
<yellows8> [06:11:37] no
...
<yellows8> [06:47:04] there's only *two* vulns currently known which allow code exec and is usable from arm11 userland ROP. since the two vulns are basically identical, both would surely be fixed in a single sysupdate.Basically, the 3DS uses a security mechanism where only certain parts of memory can be executed. This means you can't load your own code and execute it. However, you can use a technique called "ROP", which as I understand it basically means executing parts of code already loaded in executable memory. So for example, say you want to run a particular instruction; you find somewhere that instruction is loaded, then do smash the stack and make execution jump to that location. Obviously, this isn't an ideal situation as you are limited to using what is loaded in memory, and it's not very straight forward. So the best option would be to use ROP to execute a kernel exploit, disable the security system and thus allow executing code from anywhere in memory (or at least from somewhere you can influence from code). Then you can load code into memory and run it freely.
However, yellows8 said it's not a kernel exploit, but then says there are two vulnerabilities that allow code execution from ROP; I guess there must be some other way of doing it other than a kernel exploit. I don't know the technical details of the vulnerability being exploited here.
It's worth noting that this is *two* exploits; one userland exploit (which allows ROP; this is probably a savegame exploit or something similar), and the other vulnerability to allow code execution (this vulnerability is exploited via ROP).
EDIT: Oh yeah, and I should have mentioned that as seen above, there are only two known vulnerabilities for code execution, and both would most likely be patched at once, so I'd guess it's unlikely there'll be a release unless another, more unique, vulnerability found for yellows8 (and those he chooses to share with) to use for further exploration once the released exploit is patched.
- Status
Similar threads
