Hacking [SPECULATION] SSSpwn allows kernel access?

Status
Not open for further replies.
WaryLouka

WaryLouka

Official Representative of the SuperCard Team
Banned
Level 2
Joined
Jun 22, 2013
Messages
216
Trophies
1
Age
40
Location
NO RECORDS
XP
176
Country
United States
The exploit and Homebrew Channel are not installed on the system. It is installed in the writable portion of the game card. No kernel access is ever used. End of story.
 
Foxi4

Foxi4

Endless Trash
Global Moderator
Level 34
Joined
Sep 13, 2009
Messages
30,825
Trophies
3
Location
Gaming Grotto
XP
29,851
Country
Poland
ken28 said:
overwriting an systemodul souns pretty kernel for me.
Click to expand...
It doesn't overwrite any system modules, if it did, the whole firmware would become corrupt because it's signed and you can't just randomly resign it. As it stands today, the firmware is wholly protected. If HBMenu uses services and syscalls, it can only use them because Cubic Ninja can - it inherits privileges. It's the exact same case with VHBL and userland exploits - they can run code, but only to the extent of what the original binary was allowed to do.
 
  • Like
Reactions: Refriger8tor and Danjal
Ryanrocks462

Ryanrocks462

Wii U/3DS Hacker.. Will test anything, A Pirate
Banned
Level 2
Joined
Jun 18, 2014
Messages
566
Trophies
0
Location
California
XP
162
Country
United States
endoverend said:
Ooohhhh okay. So Relys, the guy who *ahem* analyzed the exploit probably knows more about how it works that the guy who made the exploit. Noooww I get it. I herd Smealum iz illuminaty, too.
Click to expand...

well we are talking about the guy who created the decryptors Nand and decryptor I'm pretty sure relys is able to understand a basic exploit ;3
 
The Real Jdbye

The Real Jdbye

*is birb*
Member
Level 23
Joined
Mar 17, 2010
Messages
23,327
Trophies
4
Location
Space
XP
13,904
Country
Norway
All this guy does is talk shit, I wouldn't take his word for it.
However, that doesn't mean SSSpwn doesn't obtain kernel access. A while back it was claimed that you could not execute unsigned code without a kernel exploit. So if there's no kernel exploit there is at least something beyond simply userland that allows running homebrew.
I'll take smea's word for it that it doesn't obtain kernel access for now though :)
 
Ryanrocks462

Ryanrocks462

Wii U/3DS Hacker.. Will test anything, A Pirate
Banned
Level 2
Joined
Jun 18, 2014
Messages
566
Trophies
0
Location
California
XP
162
Country
United States
endoverend said:
Decryptors for 3DS games. Not userland exploits.
Even if he is right, that still doesn't mean kernel access.
Click to expand...

well he also released his nand decryptor ;3
and if he is able to get and decryption I'm pretty sure he will understand user land

WaryLouka said:
Not really basic
Click to expand...

userland ;3
 
Foxi4

Foxi4

Endless Trash
Global Moderator
Level 34
Joined
Sep 13, 2009
Messages
30,825
Trophies
3
Location
Gaming Grotto
XP
29,851
Country
Poland
The Real Jdbye said:
All this guy does is talk shit, I wouldn't take his word for it.
However, that doesn't mean SSSpwn doesn't obtain kernel access. A while back it was claimed that you could not execute unsigned code without a kernel exploit. So if there's no kernel exploit there is at least something beyond simply userland that allows running homebrew.
I'll take smea's word for it that it doesn't obtain kernel access for now though :)
Click to expand...
That's the magic of it - Cubic Ninja is signed, it's a legit retail game. For all the ARM knows, the code is signed and verified - eXecute Never doesn't kick in because it thinks it's running something else entirely.
 
  • Like
Reactions: Margen67, Danjal and gamefan5
WaryLouka

WaryLouka

Official Representative of the SuperCard Team
Banned
Level 2
Joined
Jun 22, 2013
Messages
216
Trophies
1
Age
40
Location
NO RECORDS
XP
176
Country
United States
1. QR Code Overflow
2. Jump to ROP chain in QR code payload
3. Download AES encrypted payload smealum.net/ninjhax/p/POST5_WEST_4096_4096.bin from internet.
4. Escalate privilege level by overwriting a sysmodule.
5. Transfer execution over to boot.3dsx
Click to expand...

Ok, according to professionals, it is clearly written that the escalated privilege we got is Kernel mode. Of course, all other levels are impossible to be escalated because idiots are claiming it can only be the kernel.

I will also quote Foxi4;

It doesn't overwrite any system modules, if it did, the whole firmware would become corrupt because it's signed and you can't just randomly resign it. As it stands today, the firmware is wholly protected. If HBMenu uses services and syscalls, it can only use them because Cubic Ninja can - it inherits privileges. It's the exact same case with VHBL and userland exploits - they can run code, but only to the extent of what the original binary was allowed to do.
Click to expand...
 
  • Like
Reactions: tyons
Ryanrocks462

Ryanrocks462

Wii U/3DS Hacker.. Will test anything, A Pirate
Banned
Level 2
Joined
Jun 18, 2014
Messages
566
Trophies
0
Location
California
XP
162
Country
United States
The Real Jdbye said:
All this guy does is talk shit, I wouldn't take his word for it.
However, that doesn't mean SSSpwn doesn't obtain kernel access. A while back it was claimed that you could not execute unsigned code without a kernel exploit. So if there's no kernel exploit there is at least something beyond simply userland that allows running homebrew.
I'll take smea's word for it that it doesn't obtain kernel access for now though :)
Click to expand...

lolz ya I'm done arguing with everyone :P ill just keep my eye on gateway :3
 
Foxi4

Foxi4

Endless Trash
Global Moderator
Level 34
Joined
Sep 13, 2009
Messages
30,825
Trophies
3
Location
Gaming Grotto
XP
29,851
Country
Poland
AndrewPH said:
The burden of proof lies on the accuser, in this case GovanifY.
Click to expand...
So far GovanifY's only achievement was leaking something he hasn't even made himself, so his word isn't exactly worth much. He's more than welcome to demonstrate kernel-level access if he feels like it. In fact, anyone can investigate this - Homebrew Launcher is open source. Go nuts. ;)
 
  • Like
Reactions: endoverend and the_randomizer
Esppiral

Esppiral

Well-Known Member
Member
Level 7
Joined
Aug 24, 2014
Messages
352
Trophies
0
Age
41
XP
1,198
Country
smea said he is willing to add region free support, and I don't think how such thing could be possible without kernel access...
 
the_randomizer

the_randomizer

The Temp's official fox whisperer
Member
Level 27
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
38
Location
Dr. Wahwee's castle
XP
18,969
Country
United States
Two questions that I present to the members who read this thread, *ahem*

One - Who the hell is this guy?
Two - Why the hell should we care what he says again?

/useful informative thread

Edit: Ah, so he's the little braggart that leaked the CFW, meaning, whatever little credibility he "had" is lost. Just another fine day in the 3DS scene :rolleyes:
 
  • Like
Reactions: endoverend
Foxi4

Foxi4

Endless Trash
Global Moderator
Level 34
Joined
Sep 13, 2009
Messages
30,825
Trophies
3
Location
Gaming Grotto
XP
29,851
Country
Poland
Esppiral said:
smea said he is willing to add region free support, and I don't think how such thing could be possible without kernel access...
Click to expand...
I don't remember him ever saying that, but such a modification would normally require kernel level access, unless there's some clever trick up smea's sleeve.
 
K

ken28

Well-Known Member
Member
Level 9
Joined
Oct 21, 2010
Messages
1,181
Trophies
1
XP
1,693
Country
Germany
Foxi4 said:
So far GovanifY's only achievement was leaking something he hasn't even made himself, so his word isn't exactly worth much. He's more than welcome to demonstrate kernel-level access if he feels like it. In fact, anyone can investigate this - Homebrew Launcher is open source. Go nuts. ;)
Click to expand...
the launcher is, not the exploit.
The question will still remain even if weaker until sources of the exploit are released.
 
K

ken28

Well-Known Member
Member
Level 9
Joined
Oct 21, 2010
Messages
1,181
Trophies
1
XP
1,693
Country
Germany
Foxi4 said:
I don't remember him ever saying that, but such a modification would normally require kernel level access, unless there's some clever trick up smea's sleeve.
Click to expand...
he did, but somewhere he also said its quite compilcated if i remember right.
c7a053490172fd8a3e66f539f69d790d.jpg
 
  • Like
Reactions: Margen67 and the_randomizer
The Real Jdbye

The Real Jdbye

*is birb*
Member
Level 23
Joined
Mar 17, 2010
Messages
23,327
Trophies
4
Location
Space
XP
13,904
Country
Norway
Foxi4 said:
That's the magic of it - Cubic Ninja is signed, it's a legit retail game. For all the ARM knows, the code is signed and verified - eXecute Never doesn't kick in because it thinks it's running something else entirely.
Click to expand...
You still can't execute your own code though.
I'm talking about a different level of protection, memory protection.
It doesn't get write access to executable regions of memory, and there's no access to setting memory to be executable either. So there should be no way to actually execute your own code even if you can load it without a kernel exploit.
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
  • No one is chatting at the moment.
    Sonic Angel Knight @ Sonic Angel Knight: :ninja: