Hacking [WIP] KARL3DS - Kernel access on N3DS via Ninjhax + Loadcode

[marksteele]

mmmm I'm starting to think they should move this to the homebrew development and emulators section. I mean it's not a flashcart and it's not really going to ever be a full custom firmware (according to the developers wishes). It might get a lot less traffic but also a lot less crap if it ended up in that section.

 

[marksteele]

Incredible things can happen when you can work full time.

Edit: sorry, I really don't see what your point is. If Gateway fix their implementation and they decap or whatever solution you're suggesting, then great, they have 9.6, we don't. I guess I'll go cry in the corner or something?

I think his point is that if it wasn't for reverse engineering gateway this project wouldn't have got as far as it did? Not sure but that's what it sounds like hes getting at.

 

[Deleted User]

I think his point is that if it wasn't for reverse engineering gateway this project wouldn't have got as far as it did? Not sure but that's what it sounds like hes getting at.

Yes, that is exactly my point. And the consequence of this project, what it will lead to.

 

[Dazzozo]

Yes, that is exactly my point.

Isn't this a little stating the obvious then? I still don't get it, sorry.

 

[Deleted User]

Seriously? I don't think I could make it any more clearer than that.

 

[marksteele]

Isn't this a little stating the obvious then? I still don't get it, sorry.

I think his point is that gateway will move on to other projects if people can get stuff for free using KARL.

I disagree tbh, the object if KARL is to allow homebrew, now obviously homebrew doesn't need a specific level of firmware. So once you guys get an emunand up and running there would be no point in updating it for higher firmwares. Gateway, on the other hand, makes it money by keeping compatibility with the latest firmwares, so they can still profit buy making sure people can play the latest games

 

[Dazzozo]

I think his point is that gateway will move on to other projects if people can get stuff for free using KARL.

I disagree tbh, the object if KARL is to allow homebrew, now obviously homebrew doesn't need a specific level of firmware. So once you guys get an emunand up and running there would be no point in updating it for higher firmwares. Gateway, on the other hand, makes it money by keeping compatibility with the latest firmwares, so they can still profit buy making sure people can play the latest games

There's value in running the latest emunand in itself, but if Nintendo fix their encryption, I don't really know what you guys expect us to say to that? I hope we would be able to find a solution but if not, that's life I guess?

Does ninjhax work on 9.5? No, it was fixed. We aren't going to be swallowed by the sun as a result.

I frankly have no interest in preserving Gateway's business. That's their job.

 

[puss2puss]

The goal right now is to get process9 decrypted and from there get emuNAND on N3DS, and then region free. Also again, we have no plans on making KARL 3DS a vector for the piracy of 3DS games, that's settled. No point in arguing about it here. If you want piracy just get a sky3ds or something and be happy.

question: is it something techniquely possible to allow modding games without allowing piracy? like, for exemple, being able to load mods (textures, models, sounds, etc..) using the ram? so, having for exemple, new textures in the SD folder and make them load when starting a game? (like i said..it could maybe be temporary injected in the ram without actually modding a rom..si it would work on retail cartdrige..)

 

[gamesquest1]

you could probably do some on the fly romfs re-direction right?....granted it means no exefs mods, but those are pretty rare anyway, and then people would be able to use mods with retail carts

 

[NyaakoXD]

GW's fanboys are funny !

I fixed it for you!

But I find Sky3DS fanboys funnier.

 

[Technicmaster0]

What if in 9.6 Nintendo properly fixes the key generation on New 3DS for FIRM a9 decryption? Are you guys gonna decap the New 3DS for us and extract the keys?
I don't think you guys realise that without Gateway, Nintendo can crush you pretty quickly.

Say bye bye to emunand on new 3ds. Hell, even Gateway announced they have problems with emunand on new 3ds but not a definitive barrier, ie, meaning they are going to throw money at it until they break it. You guys don't have that kind of cash lying around

But you know that the way to read the 9.5 key got found by Yellows8 who very likely is no member of Gateway? And that the entrypoint GW used for 4.5 was on 3DBrew for months? And that Gateway probably used some expoits by smea to get 9.2 support?
You should do better reseach regarding who found what. Gateway are no warriors who find everything. Yes, they are talented and they changed the 3DS scene but there are also other Homebrew developers who work on this stuff and the scene can survive without Gateway. In addition to that, your guess that GW would disappear is not even proved yet.

 

[shinyquagsire23]

I just hope you guys are realising that by doing this project you will be driving Gateway away ever so slowly, because let's face it, someone WILL make a piracy loader from this. And this will get to the point where the Gateway team will simply move on to a more profitable project. At that point you can forget about getting leaked keys or exploit vulnerabilities from their future Launcher.dat.

You mean just like people easily ported all the patch offsets in the leaked CFW to 9.2?

 

[puss2puss]

you could probably do some on the fly romfs re-direction right?....granted it means no exefs mods, but those are pretty rare anyway, and then people would be able to use mods with retail carts

..but it would only allow modding (temporary..) our save file..no? i mean, it wouldnt be able to load custom textures and models, right? ..

..wouldnt be possible instead to have the same file structures then the original game, as folders in the SD card?,..a bit like when people uses modded roms with gateway..but instead of recompiling them in the game, you could just drop the modded files & folders in the SD card.. would a homebrew having full access to kernel, allow that?

 

[Gadorach]

Gateway know their game. They'll figure out any number of incentives. They killed the majority of the initial interest in the leaked CFW by allowing DevMenu to be run, and allowing CIA installation as a result. They'll figure out another way to draw attention back to them when this is released. They're not idiots, they're just also not going to compromise their work without being threatened by external problems first. Competition is always great, and Gateway sorely needed it.

 

[Mr. Waffle]

question: is it something techniquely possible to allow modding games without allowing piracy? like, for exemple, being able to load mods (textures, models, sounds, etc..) using the ram? so, having for exemple, new textures in the SD folder and make them load when starting a game? (like i said..it could maybe be temporary injected in the ram without actually modding a rom..si it would work on retail cartdrige..)

Real time memory editing ala NitePR would certainly be interesting

 

[gamesquest1]

..but it would only allow modding (temporary..) our save file..no? i mean, it wouldnt be able to load custom textures and models, right? ..

..wouldnt be possible instead to have the same file structures then the original game, as folders in the SD card?,..a bit like when people uses modded roms with gateway..but instead of recompiling them in the game, you could just drop the modded files & folders in the SD card.. would a homebrew having full access to kernel, allow that?

yeah thats what redirecting the romfs would give, pretty much a free pass to do whatever with the assets of the game, custom level, maps, textures etc
its not very often that games need the exefs to be patched and some of that could be done with ram patches probably, so really if romfs redirection is possible, it would be nearly as good as disabling signature checks, but would only work with legit cards (and presumably sky3ds unless these guys know the fabled 1 line of code that blocks sky3ds )

 

[williamcesar2]

But you know that the way to read the 9.5 key got found by Yellows8 who very likely is no member of Gateway? And that the entrypoint GW used for 4.5 was on 3DBrew for months? And that Gateway probably used some expoits by smea to get 9.2 support?
You should do better reseach regarding who found what. Gateway are no warriors who find everything. Yes, they are talented and they changed the 3DS scene but there are also other Homebrew developers who work on this stuff and the scene can survive without Gateway. In addition to that, your guess that GW would disappear is not even proved yet.

I don't trust him completely, some elitist developers are behind gateway team

.

 

[Gadorach]

I don't trust him completely, some elitist developers are behind gateway team.

Most of the developers in the 3DS scene just straight up don't want the publicity, so they don't participate in active public discussion on what they've worked on. They do, however, actively participate in the building of 3DBrew, with the exception of revealing exploit vectors that would be easy to patch, and close them off from analyzing newer firmwares. They contribute more than you know, and every 3DS scene developer gains from the information they've shared. The team behind Gateway are a separate entity from our scene developers, from all evidence I've scene anyway. And besides, what's there to trust? You don't need to trust anyone here, just benefit from their work as we all do.

 

[puss2puss]

so really if romfs redirection is possible, it would be nearly as good as disabling signature checks, but would only work with legit cards

it would be awesome!! annnd it would not allow piracy! would be great
.. hum..does it mean it would even work, like, right now with the ninjhax exploit? i mean, would it be enough with arm11 access to...oh wait..i think we cant use ALL the ram with arm11 access, right?

 

[gamesquest1]

it would be awesome!! annnd it would not allow piracy! would be great
.. hum..does it mean it would even work, like, right now with the ninjhax exploit? i mean, would it be enough with arm11 access to...oh wait..i think we cant use ALL the ram with arm11 access, right?

well you cant switch games right now with ninjhax, and any sort of romfs redirection would need more than userland access, would likely need FW patches or something (im not an expert on these things, im not even sure its possible while keeping signature checks etc in place, but just an idea