Hacking [Release]Pre9otherapp :- otherapp payload for pre 9.2 firmwares

Kartik

Kartik

Well-Known Member
OP
Member
Level 11
Joined
Jun 6, 2015
Messages
653
Trophies
0
Location
github
XP
2,747
Country
India
pof2x said:
Tried 3 times, same result... I see the black screen with some text for a split second, then double red screen.
Click to expand...
Alright it seems that it is having trouble reading arm9.bin from the sd card.

--------------------- MERGED ---------------------------

Kartik said:
Alright it seems that it is having trouble reading arm9.bin from the sd card.
Click to expand...
Delete the arm9.bin and safeB9sInstaller.bin on your sd card. Make sure the read-only switch is off and put this in the root of your sd card.
 

Attachments

  • arm9.zip
    54.9 KB · Views: 166
pof2x

pof2x

Member
Newcomer
Level 1
Joined
Aug 2, 2018
Messages
7
Trophies
0
XP
85
Country
Poland
Kartik said:
Alright it seems that it is having trouble reading arm9.bin from the sd card.
Delete the arm9.bin and safeB9sInstaller.bin on your sd card. Make sure the read-only switch is off and put this in the root of your sd card.
Click to expand...

The read-only switch is off. The arm9.bin file you sent me is exactly the same one I already have (same md5). Deleting SafeB9SInstaller.* caused no different effect. Still double red screen.

I can compile the pre9otherapp project myself, if you have any hints on what to do to debug it. I also tried building it from master branch, but same result with my compiled file.
 
Kartik

Kartik

Well-Known Member
OP
Member
Level 11
Joined
Jun 6, 2015
Messages
653
Trophies
0
Location
github
XP
2,747
Country
India
pof2x said:
The read-only switch is off. The arm9.bin file you sent me is exactly the same one I already have (same md5). Deleting SafeB9SInstaller.* caused no different effect. Still double red screen.

I can compile the pre9otherapp project myself, if you have any hints on what to do to debug it. I also tried building it from master branch, but same result with my compiled file.
Click to expand...
Well I know that reading from sd card is failing because https://github.com/TuxSH/usr2arm9ldr/blob/master/arm9/source/main.c#L96
 
pof2x

pof2x

Member
Newcomer
Level 1
Joined
Aug 2, 2018
Messages
7
Trophies
0
XP
85
Country
Poland
Excuse my ignorance, but I don't get where this code is called. From my limited understanding soundhax works and successfully executes otherapp.bin, from there (in main.c) the firmware version is checked and with my version (0x2200f00) two things are called:

1) escalateServicePrivileges (which I assume it works, because it returns 0)
2) PS_VerifyRsaSha256_Exploit (which I guess doesn't work, because I get the double red screen)

I don't see any code called to read /arm9.bin on PS_VerifyRsaSha256_Exploit, so I must be missing something.
 
pof2x

pof2x

Member
Newcomer
Level 1
Joined
Aug 2, 2018
Messages
7
Trophies
0
XP
85
Country
Poland
After doing some prints here and there to debug, I noticed that after adding
PHP: 
drawHex(cmdbuf[0], 16, 100);
in source/exploit/rsa_exploit.c (after line 81), the 3DS no longer does the double red screen. I get the hex values printed on screen but nothing happens after. Any hints will be appreciated, not sure what else to do from here.
 
Last edited by pof2x,

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

Translation Project  DQM2SP translation

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

General chit-chat
Help Users
    BakerMan @ BakerMan: BO1 is good, all 3 modes are good in that game