Hacking [WIP] KARL3DS - Kernel access on N3DS via Ninjhax + Loadcode

[WulfyStylez]

Read my post again. It doesn't break any signatures. Each individual file inside of the .CIA (there are usually SEVERAL) is signed by NUS. With a valid signature. Spoofing the version just spoofs the version on the header of the .CIA itself. The .CIA NEVER has a valid signature when 3DNUS creates it, spoofing or not, because nobody has the signing keys.

As I said, I've done the whitelist by myself with 3DNUS and spoofing and none of my consoles are bricked. And of course I did it to SYSNAND. There is zero point of doing it on EMUNAND because at that point, you've already been able to launch an exploit and playing DS games with the blue card simply will not work on emunand.

A CIA is a container for a bunch of signed data. Version numbers lie in the TMD and ticket, so modifying them will break signatures. The reason that DS whitelist breaking thing works is because the 3DS uses a fallback whitelist when it can't load the newer one from ctrnand.

Also there's only one TWL_FIRM for N3DS, and MSET doesn't break the ability to play DS and DSi stuff from emunand.

 

[Hashtastrophe]

...Also there's only one TWL_FIRM for N3DS, and MSET doesn't break the ability to play DS and DSi stuff from emunand.

So DSi games are going to be a working, usable thing in KARL? Does it still force a reset into sysnand or did you guys get that fixed? Now I can finally play that one DSi game that I have installed and maybe some actual physical carts provided I can even find them.

 

[WulfyStylez]

So DSi games are going to be a working, usable thing in KARL? Does it still force a reset into sysnand or did you guys get that fixed? Now I can finally play that one DSi game that I have installed and maybe some actual physical carts provided I can even find them.

We don't have anything to announce for that first part juuust yet (I've been distracted as heck). I will say that the forced reset is unavoidable, though.

 

[gamesquest1]

Read my post again. It doesn't break any signatures. Each individual file inside of the .CIA (there are usually SEVERAL) is signed by NUS. With a valid signature. Spoofing the version just spoofs the version on the header of the .CIA itself. The .CIA NEVER has a valid signature when 3DNUS creates it, spoofing or not, because nobody has the signing keys.

As I said, I've done the whitelist by myself with 3DNUS and spoofing and none of my consoles are bricked. And of course I did it to SYSNAND. There is zero point of doing it on EMUNAND because at that point, you've already been able to launch an exploit and playing DS games with the blue card simply will not work on emunand.

........go try with something other than the whitelist.......the whitelist can be left broken and the 3ds will not be bricked, give it a try with TWL_FIRM........see how far it gets you

 

[Fatalanus]

Thank you Hashtastrophe for your words. I hope this project will turn into something great!

 

[Hashtastrophe]

We don't have anything to announce for that first part juuust yet (I've been distracted as heck). I will say that the forced reset is unavoidable, though.

Yeah, I figured the reset wasn't going to change. No big deal though, just boot back into emunand. I'd put that in a readme though if it makes it into release. That way you can say you warned them when they inevitably update their sysnand.

 

[I_AM_L_FORCE]

I've been following this for a while now. There's a rumor of 9.5 support coming in the future? True or no?

 

[Apache Thunder]

urherenow's post is false and misleading and should be deleted. Someone will attempt to spoof a version of TWL or some other critical CIA and install it to sysnand and get a brick. It should be well known by now that changing the version string does break the signature and it only works with the DS Cart Whitelist because the 3DS doesn't need it to boot properly it has a fall back code for that one. Something else like TWL will either brick the console or brick TWL which will cause DS/DSi games to no longer boot. Even legit ones.

 

[tony_2018]

Read my post again. It doesn't break any signatures. Each individual file inside of the .CIA (there are usually SEVERAL) is signed by NUS. With a valid signature. Spoofing the version just spoofs the version on the header of the .CIA itself. The .CIA NEVER has a valid signature when 3DNUS creates it, spoofing or not, because nobody has the signing keys.

As I said, I've done the whitelist by myself with 3DNUS and spoofing and none of my consoles are bricked. And of course I did it to SYSNAND. There is zero point of doing it on EMUNAND because at that point, you've already been able to launch an exploit and playing DS games with the blue card simply will not work on emunand.

If you're saying it works than show us the PoC.

 

[gamesquest1]

urherenow's post is false and misleading and should be deleted. Someone will attempt to spoof a version of TWL or some other critical CIA and install it to sysnand and get a brick. It should be well known by now that changing the version string does break the signature and it only works with the DS Cart Whitelist because the 3DS doesn't need it to boot properly it has a fall back code for that one. Something else like TWL will either brick the console or brick TWL which will cause DS/DSi games to no longer boot. Even legit ones.

its a struggle sometimes to get people to stop posting BS as if its FACT!
if people havent tried something, dont just say its safe....then again who am i to argue if people feeling like bricking their own system

 

[WulfyStylez]

I've been following this for a while now. There's a rumor of 9.5 support coming in the future? True or no?

9.5 is already supported. 9.6 is supported on old3DS, and we have 9.6's New 3DS NATIVE_FIRM decrypted for research reasons. We won't be able to support 9.6+ until new system hax arrive one way or another, though.

Also I proved that person is really super wrong, let's just leave it at that.

 

[Oishikatta]

9.5 is already supported. 9.6 is supported on old3DS, and we have 9.6's New 3DS NATIVE_FIRM decrypted for research reasons. We won't be able to support 9.6+ until new system hax arrive one way or another, though.

Also I proved that person is really super wrong, let's just leave it at that.

I think they were asking about 9.5 sysnand, but you mean emunand right?

 

[WulfyStylez]

I think they were asking about 9.5 sysnand, but you mean emunand right?

I meant emunand there. Nothing to say about sysnand yet, we need to check some things out before we can say a single word about that.

 

[shinyquagsire23]

I think they were asking about 9.5 sysnand, but you mean emunand right?

Wulfy was talking about emuNAND yes. As for 9.5 sysNAND that one is most likely a no.

 

[WulfyStylez]

Wulfy was talking about emuNAND yes. As for 9.5 sysNAND that one is most likely a no.

You can tell how uncertain we are. B)

 

[WulfyStylez]

A little status update: We now have ARM11 kernel exec working 100% of the time from mset! We had to pretty much remake bootstrap from scratch to get it to work, and I made sure to make it super portable so we can port to spider very quickly in the future. The next thing to do is port firmlaunch-hax stuff to this, and we'll be done!

 

[Xenon Hacks]

A little status update: We now have ARM11 kernel exec working 100% of the time from mset! We had to pretty much remake bootstrap from scratch to get it to work, and I made sure to make it super portable so we can port to spider very quickly in the future. The next thing to do is port firmlaunch-hax stuff to this, and we'll be done!

Can we run use our Gateway cards while using this?
*please dont hurt me*

 

[mvmiranda]

Can we run use our Gateway cards while using this?
*please dont hurt me*

Maaaaan! You made me laugh.... for real!

BTW, I'd like to know that too... **please, don't hurt us **

 

[urherenow]

urherenow's post is false and misleading and should be deleted. Someone will attempt to spoof a version of TWL or some other critical CIA and install it to sysnand and get a brick. It should be well known by now that changing the version string does break the signature and it only works with the DS Cart Whitelist because the 3DS doesn't need it to boot properly it has a fall back code for that one. Something else like TWL will either brick the console or brick TWL which will cause DS/DSi games to no longer boot. Even legit ones.

I've done more than the white list. I also did the Nintendo zone list. I can say with 100% certainty that neither of those cause a brick (I did it to both O3DS and N3DS so I can play DS games with the blue card, and I can use Nintendo Zone with an SSID of attwifi). I'll edit the other post until I experiment with TWL. But I have no clue why anybody would want to spoof TWL (it's probably just a bad example) or how changing the .CIA version would break more than is already broken. The files are not downloaded as a .CIA. 3DNUS packs them into a .CIA and doesn't use a valid signing key to do so.

 

[Death78793]

A little status update: We now have ARM11 kernel exec working 100% of the time from mset! We had to pretty much remake bootstrap from scratch to get it to work, and I made sure to make it super portable so we can port to spider very quickly in the future. The next thing to do is port firmlaunch-hax stuff to this, and we'll be done!

Holy crap you guys are fast! This would take anyone else months of work to get done! I'm genuinely impressed!
printf_s("Have a cookie");
getchar();