[Unconfirmed] ARM11 Kernel Vulnerability under 10.0.0-X

Ekaitz · Oct 6, 2015

DutchyDutch said:
Same, but I was on 9.2 and I didn't know there was cfw.

I had a 9.2 O3DS XL that was running rxTools... And it was stolen. Bought a n3DS that was 9.5, that's the game.

Imparasite · Oct 6, 2015

finally its time for N3DS/XL 9.3+ firmware exploits, if its real its a BIG SLAP on the face for Gateshit lol cant wait for it

VaiCorinthians · Oct 6, 2015

So there's no exploit or vulnerability?
9.9 arm11 kernel vulnerability is dead for now?

intensje · Oct 6, 2015

yes, probably better to close this thread

because no-one will read all pages and then just ask

Bubsy Bobcat · Oct 6, 2015

So... n-no, downgrading?

bakurage · Oct 6, 2015

My hope...

Intronaut · Oct 6, 2015

Imparasite said:
finally its time for N3DS/XL 9.3+ firmware exploits, if its real its a BIG SLAP on the face for Gateshit lol cant wait for it

LOL, it's not happening yet. Also, your avatar skull looks like to the skull of the Blue/MT-card team

Deleted member 370671 · Oct 6, 2015

VaiCorunthians said:
So there's no exploit or vulnerability?
9.9 arm11 kernel vulnerability is dead for now?

No, there is no (public) kernel exploit for 9.3+ right now.
Yes, there is a vulnerability ; it is useless (or it seems like it for now at least), but it's still a vulnerability.
Finally, there is no ARM11 (public) kernel exploit at the moment, but it isn't "dead". I'm fairly sure there is one (even an ARM9), we just don't know what it is yet.

173210 · Oct 6, 2015

teampleb said:
You really shouldn't make a thread until you at least have something. Anything...

> If you know how to find the actual code of SVC, please tell me.
See?

GoodCookie88 · Oct 6, 2015

173210 said:
> If you know how to find the actual code of SVC, please tell me.
See?

What does this mean?

173210 · Oct 6, 2015

GoodCookie88 said:
What does this mean?

So I need other developers help. I don't know 3DS well and I don't have so much time.

Normmatt · Oct 6, 2015

173210 said:
So I need other developers help. I don't know 3DS well and I don't have so much time.

the SVC code is in native firm... It's already been pointed out that this is useless... it can't be exploited...

173210 · Oct 6, 2015

Normmatt said:
the SVC code is in native firm... It's already been pointed out that this is useless... it can't be exploited...

I want to confirm that. The results of my experiments conflict with the description on 3dbrew.org.

Normmatt · Oct 6, 2015

173210 said:
I want to confirm that. The results of my experiments conflict with the description on 3dbrew.org.

If you mean your first post's experiments then no they don't...

GoodCookie88 · Oct 6, 2015

173210 said:
I want to confirm that. The results of my experiments conflict with the description on 3dbrew.org.

A question are you sure you can go anywhere with this?

173210 · Oct 6, 2015

Normmatt said:
If you mean your first post's experiments then no they don't...

Update on 3dbrew.org
The previous version also allowed large negative s32_processorid values(negative processorid values are special values not actual procids), but it appears using values like that won't actually do anything(meaning no crash) besides the thread not running / thread not running for a while(besides triggering a kernelpanic with certain s32_processorid value(s)).

According to 3dbrew.org, s32_processorid should be larger than -4, which is the code-reversed value of the number of n3ds core.
So I carried out another experiment. It crashed when it took -4 as processorid on n3ds. So it may write the data in the same place as it does when it took 4 as processorid. It's still not clear whether it's exploitable or not.

ric. · Oct 6, 2015

GoodCookie88 said:
A question are you sure you can go anywhere with this?

He isn't, that's the whole point of doing research. He needs to know for sure if it can be exploited or not.

173210 · Oct 6, 2015

GoodCookie88 said:
A question are you sure you can go anywhere with this?

I'm not sure "go anywhere" means, but if it means whether I can write the data anywhere, I'm not sure.

GoodCookie88 · Oct 6, 2015

173210 said:
I'm not sure "go anywhere" means, but if it means whether I can write the data anywhere, I'm not sure.

Oh I see but if your "experiments" work out do you know what to do next ?

lemanuel · Oct 6, 2015

GoodCookie88 said:
Oh I see but if your "experiments" work out do you know what to do next ?

Probably congratulate himself?

Just let the guy work in peace. If he can find anything, it's up to him what to do with the info anyway.

[Unconfirmed] ARM11 Kernel Vulnerability under 10.0.0-X

Redhead Believer

Well-Known Member

Well-Known Member

Well-Known Member

funny rabbit

Well-Known Member

A star maker

Ball of Kawaiiness

Well-Known Member

rekt em skrubs

Well-Known Member

Former AKAIO Programmer

Well-Known Member

Former AKAIO Programmer

rekt em skrubs

Well-Known Member

Drivin' to meme country

Well-Known Member

rekt em skrubs

Maxconsole's All-Knowing Lurker

Similar threads

Popular threads in this forum