# [Unconfirmed] ARM11 Kernel Vulnerability under 10.0.0-X



## 173210 (Oct 6, 2015)

Hello, I found something. I just found something and it may not be useful. Anyway, I'll post this because I don't know SVC handler well and have no idea where the function is. *If you know how to find the actual code of SVC, please tell me.* I'm a noob for 3DS. 

3DS System Flaws - 3dbrew
http://www.3dbrew.org/wiki/3DS_System_Flaws

Usually 3dbrew writers don't provide actual unknown vulnerabilities, so I'm still wondering the following description is correct.


			
				Yellows8 said:
			
		

> The svcCreateThread changes with 10.0.0-Xdefinitely did fix a security issue.
> 
> 
> Original code: "if(s32_processorid > <total_cores>)return 0xd8e007fd;"
> ...


Yellows8 doesn't mention about the possibility of the case that s32_processorid is negative. It can result in kernel memory corruption, and eventually kernel code execution.

So, I wrote this simple PoC by modifying an example included in ctrulib.

```
diff --git a/examples/threads/event/source/main.c b/examples/threads/event/source/main.c
index 1fcec86..dbe1d9e 100644
--- a/examples/threads/event/source/main.c
+++ b/examples/threads/event/source/main.c
@@ -36,7 +36,7 @@ int main(int argc, char** argv) {

        svcCreateEvent(&threadRequest,0);
        u32 *threadStack = memalign(32, STACKSIZE);
-       Result ret = svcCreateThread(&threadHandle, threadMain, 0, &threadStack[STACKSIZE/4], 0x3f, 0);
+       Result ret = svcCreateThread(&threadHandle, threadMain, 0, &threadStack[STACKSIZE/4], 0x3f, -2147483647);

        printf("thread create returned %x\n", ret);
```
svcCreateThread actually returned 0 and the created thread didn't seem to work. So, my experiment is successful, probably. 

Anyway, notice the following things.

It has so many limitations and is not so easy to exploit.
It's just an ARM11 kernel vulnerability, not ARM9.
Status:
KTR 9.2: Confirmed it accepts a negative value.
CTR 9.9: Confirmed it has the vulnerable code at 0xfff079b4.
CTR 4.5: Confirmed it has the vulnerable code at 0xfff07b2c.

Update on 3dbrew.org


> The previous version also allowed large negative s32_processorid values(negative processorid values are special values not actual procids), but it appears using values like that won't actually do anything(meaning no crash) besides the thread not running / thread not running for a while(besides triggering a kernelpanic with certain s32_processorid value(s)).


According to 3dbrew.org, s32_processorid should be larger than -4, which is the code-reversed value of the number of n3ds core.
So I carried out another experiment.  It crashed when it took -4 as processorid on n3ds. So it may write the data in the same place as it does when it took 4 as processorid. It's still not clear whether it's exploitable or not.

I may have to develop ARM11 debugger...


----------



## zoogie (Oct 6, 2015)

"It's just ARM11 kernel vulnerability, not ARM9."
but with arm11 kernel you could downgrade and gain arm9.


----------



## Deleted User (Oct 6, 2015)

literally 1 hour after i updated.
well that's nice


----------



## OctopusRift (Oct 6, 2015)

zoogie said:


> "It's just ARM11 kernel vulnerability, not ARM9."
> but with arm11 kernel you could downgrade and gain arm9.


Really? That's fucking amazing. Today is a good day. But. One question... when we had 9.5.0 why did no-one write a downgrader.


----------



## zoogie (Oct 6, 2015)

OctopusRift said:


> Really? That's fucking amazing. Today is a good day. But. One question... when we had 9.5.0 why did no-one write a downgrader.


Because the only known (at the time) arm11 kernel exploit was patched in 9.3.


----------



## Deleted User (Oct 6, 2015)

FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUCKKKKKKKKKKKKKKKKKK THHHIIIIIIIIIIISSSSSSSSSSSSS
I LITERALLY POSTED A THREAD YESTERDAY WHETHER OR NOT I SHOULD UPDATE AND EVERYONE SAID I SHOULD
LOOK GUYS NEW KERNAL VULNERABILITY
FUCK


----------



## The_Meistro (Oct 6, 2015)

O COME ON! I just updated from 9.9 to 10.0x last night!!!!!
They said: if "theres gonna be an exploit for 9.3+ Then its gonna be for 10.0x also! No need to stay at 9.9!"
GOSH DANG IT


----------



## OctopusRift (Oct 6, 2015)

Robfozz said:


> FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUCKKKKKKKKKKKKKKKKKK THHHIIIIIIIIIIISSSSSSSSSSSSS
> I LITERALLY POSTED A THREAD YESTERDAY WHETHER OR NOT I SHOULD UPDATE AND EVERYONE SAID I SHOULD
> LOOK GUYS NEW KERNAL VULNERABILITY
> FUCK


butthurt


----------



## The_Meistro (Oct 6, 2015)

Robfozz said:


> FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUCKKKKKKKKKKKKKKKKKK THHHIIIIIIIIIIISSSSSSSSSSSSS
> I LITERALLY POSTED A THREAD YESTERDAY WHETHER OR NOT I SHOULD UPDATE AND EVERYONE SAID I SHOULD
> LOOK GUYS NEW KERNAL VULNERABILITY
> FUCK


OMG THIS GUY GETS ME!


----------



## lemanuel (Oct 6, 2015)

So far no one has even proved that this actually works or if it actually gets Kernel Arm11 access. So you all don't start throwing fireworks yet until someone actually says something relevant about it


----------



## OctopusRift (Oct 6, 2015)

zoogie said:


> Because the only known (at the time) arm11 kernel exploit was patched in 9.3.


ok cool!


----------



## The_Meistro (Oct 6, 2015)

You know what this means...
"KERNEL EXPLOIT ON 9.3+
OMG OMG OMG!"
Just wait.....


----------



## GeneticMars (Oct 6, 2015)

Then what if im in 9.9 version?? will this benefit me??


----------



## Deleted User (Oct 6, 2015)

Could someone explain why this wouldnt work on 10.0+? It might be in the OP but looking at that stuff makes my normie head hurt


----------



## zoogie (Oct 6, 2015)

The_Meistro said:


> You know what this means...
> "KERNEL EXPLOIT ON 9.3+
> OMG OMG OMG!"
> Just wait.....


173210 actually has a track record (mostly PSP side but still). So maybe we should open our ears just a little.


----------



## Randomdude0 (Oct 6, 2015)

The_Meistro said:


> You know what this means...
> "KERNEL EXPLOIT ON 9.3+
> OMG OMG OMG!"
> Just wait.....



And, in the random case it does lead to a kernel exploit the countless posts and comments...

"WILL THIS WORK ON MY RECENT FW 10.1+?????? OMG I SO NOOB PLZ HALP"


----------



## ArmoredGuns1 (Oct 6, 2015)

I hope someone figures it out. Having a 9.5 and a 9.9 O3DS in the waiting list.


----------



## ultramario1998 (Oct 6, 2015)

Oh wow, hopefully somebody gets this into a workable state sometime soon. So happy I didn't update my o3ds!


----------



## AutumnWolf (Oct 6, 2015)

Humm??
Are you planning to work on this?


----------



## mungry (Oct 6, 2015)

Yes! Wow.... I'm so happy I told myself to stay on 9.9!


----------



## lemanuel (Oct 6, 2015)

Still hoping to see some relevant post about the topic other than the common and useless "Can't wait for this to work for me even tho I have no idea what it does"...

Well... the title of the thread doesn't help. It's too definitive/final.


----------



## chyyran (Oct 6, 2015)

Glad I stuck with 9.9.x on my N3DS. Best of luck to getting this working.


----------



## Jwiz33 (Oct 6, 2015)

Good thing I didn't update my 9.9 o3DS.


----------



## The_Meistro (Oct 6, 2015)

mungry said:


> Yes! Wow.... I'm so happy I told myself to stay on 9.9!


GOSH DANG IT!!!
 I SWEAR  I UPDATED LASTNIGHT I HATE MYSELF!!!


----------



## ric. (Oct 6, 2015)

>tfw still on 9.9
Feels good. Hopefully something good comes out of this. Godspeed, 173210. Godspeed.


----------



## Neru (Oct 6, 2015)

Still on 9.4 N3DS, YEEEESSSSSSSSSS!!!!!


----------



## DogParty (Oct 6, 2015)

Robfozz said:


> Could someone explain why this wouldnt work on 10.0+? It might be in the OP but looking at that stuff makes my normie head hurt



This won't work on 10.0+ because, simply, Nintendo already patched the vuln.


----------



## TheCruel (Oct 6, 2015)

I'm not seeing anything exploitable here. But keep at it.


----------



## OctopusRift (Oct 6, 2015)

TheCruel said:


> I'm not seeing anything exploitable here. But keep at it.


What. In the POC?! svcCreateThread bro... check the vulns on 3dbrew.

--------------------- MERGED ---------------------------



Robfozz said:


> Could someone explain why this wouldnt work on 10.0+? It might be in the OP but looking at that stuff makes my normie head hurt


REEEEEEEEEEEEEEEEEE


----------



## The_Meistro (Oct 6, 2015)

OctopusRift said:


> What. In the POC?! svcCreateThread bro... check the vulns on 3dbrew.
> 
> --------------------- MERGED ---------------------------
> 
> ...


Thats it! Anyone want  to trade me a 9.9 or below 3DS for one on 10.0x?


----------



## teampleb (Oct 6, 2015)

OctopusRift said:


> What. In the POC?! svcCreateThread bro... check the vulns on 3dbrew.
> 
> --------------------- MERGED ---------------------------
> 
> ...


What? We can create a new thread without kernel access.


----------



## The_Meistro (Oct 6, 2015)

teampleb said:


> What? Can can create a new thread without kernel access.


can can?


----------



## robot56 (Oct 6, 2015)

> It can result in kernel memory corruption, and eventually kernel code execution.



How exactly do you plan on obtaining code execution? That would require another vulnerability allowing you to write to executable memory if I'm not mistaken.


----------



## Jwiz33 (Oct 6, 2015)

The_Meistro said:


> Thats it! Anyone want  to trade me a 9.9 or below 3DS for one on 10.0x?


What color is it?
jklolno


----------



## teampleb (Oct 6, 2015)

The_Meistro said:


> can can?


Refresh.


----------



## Jwiz33 (Oct 6, 2015)

robot56 said:


> How exactly do you plan on obtaining code execution? That would require another vulnerability allowing you to write to executable memory if I'm not mistaken.


I believe @MassExplosion213 had an exploit for arm11 kernel code execution, he just needed a flaw.


----------



## Intronaut (Oct 6, 2015)

@MassExplosion213


----------



## The_Meistro (Oct 6, 2015)

@MassExplosion213   I SUMMON YOU!!!!

It would also be cool  if you would buy my 10.0x 3ds...

--------------------- MERGED ---------------------------

Hey everyone Check out my thread!!!



http://gbatemp.net/threads/gbatemp-idea.398956/

I need everyone to respond!


----------



## OctopusRift (Oct 6, 2015)

The_Meistro said:


> @MassExplosion213   I SUMMON YOU!!!!
> 
> It would also be cool  if you would buy my 10.0x 3ds...
> 
> ...





Intronaut said:


> @MassExplosion213





Jwiz33 said:


> I believe @MassExplosion213 had an exploit for arm11 kernel code execution, he just needed a flaw.


hes out right now. dont expect much.


----------



## Jwiz33 (Oct 6, 2015)

Not trying to turn this thread into a meme caps lock EoF-type discussion, but..
@MassExplosion213 @MassExplosion213 @MassExplosion213 @MassExplosion213 !!!!


----------



## OctopusRift (Oct 6, 2015)

Jwiz33 said:


> Not trying to turn this thread into a meme caps lock EoF-type discussion, but..
> @MassExplosion213 @MassExplosion213 @MassExplosion213 @MassExplosion213 !!!!


Bruh.


----------



## Baccabechoppin (Oct 6, 2015)

Gonna watch this and see if anything comes out of it, so happy I still have my N3DS XL on 9.9!


----------



## ultramario1998 (Oct 6, 2015)

I think there's a biiiiiit too much hype here right now. We don't even know whether this will work (although all evidence points to it working). I'm as excited as the rest of y'all, believe me, but let's not blow this out of proportion. Yet.


----------



## GoodCookie88 (Oct 6, 2015)

Kind of a miss leading  title :/


----------



## OctopusRift (Oct 6, 2015)

GoodCookie88 said:


> Kind of a miss leading  title :/


how? its a vuln. not a sploit.


----------



## Jwiz33 (Oct 6, 2015)

OctopusRift said:


> Bruh.


The larger you make your letters, the more people will consider you a noob. But perhaps the more I enlarge the text, the better chance MassExplosion213 has of seeing this thread.


----------



## ultramario1998 (Oct 6, 2015)

Jwiz33 said:


> But perhaps the more I enlarge the text, the better chance MassExplosion213 has of seeing this thread.


Let's make this thread visible from space, I'm sure that'll work


----------



## Deleted User (Oct 6, 2015)

I am a human salt mine right now


----------



## GoodCookie88 (Oct 6, 2015)

OctopusRift said:


> how? its a vuln. not a sploit.


I diddnt say it was it was a exploit, we are jumping to conclusions to quick....


----------



## Deleted User (Oct 6, 2015)

Edit: somehow posted twice please delete this


----------



## OctopusRift (Oct 6, 2015)

Jwiz33 said:


> The larger you make your letters, the more people will consider you a noob. But perhaps the more I enlarge the text, the better chance MassExplosion213 has of seeing this thread.


Ohhh youuuu.  I love you. I remember when you were a stupid noob. now you a buddy.


----------



## shutterbug2000 (Oct 6, 2015)

Well. It's official. My o3DS is staying RIGHT where it is, right on 9.9.


----------



## 730 (Oct 6, 2015)

If this actually becomes a kernel exploit it better fucking be for 10.1 too or I'll cut my fucking dick off FUUUUUUUUUUUUUCK I UPDATED LIKE 2 DAYS AGO!!!!


----------



## lemanuel (Oct 6, 2015)

A thread such as this, with an interesting idea and maybe potential to be looked further into, has simply turned into a huge clusterfuck cuz ppl can't hold their willies and simply wait for something relevant to be said. 

I'm sure that "Yay, I can't wait to use it" or "Please halp, I already updated" will greatly contribute to this thread...


----------



## The Real Jdbye (Oct 6, 2015)

Honestly... I'll believe this when I see proof. It wouldn't be the first time yellows8 has intentionally left out details to avoid contributing to piracy, but there's like nothing that indicates this as being useful to exploit ARM11 kernel.


----------



## teampleb (Oct 6, 2015)

*To everybody: This does nothing. This is nothing. This isn't an exploit. We still need to find one. This just shows it "might" be possible. Even though we've known about this before 10.0 even released.*


----------



## GoodCookie88 (Oct 6, 2015)

Just pmed massexplosion he said it might be usefull


----------



## Intronaut (Oct 6, 2015)

lemanuel said:


> A thread such as this, with an interesting idea and maybe potential to be looked further into, has simply turned into a huge clusterfuck cuz ppl can't hold their willies and simply wait for something relevant to be said.
> 
> I'm sure that "Yay, I can't wait to use it" or "Please halp, I already updated" will greatly contribute to this thread...



You're right. An useful post would be the answer of the OP's question about SVC


----------



## ihaveahax (Oct 6, 2015)

GoodCookie88 said:


> Just pmed massexplosion he said it might be usefull


Could he post in this thread too to say that?


----------



## GoodCookie88 (Oct 6, 2015)

GoodCookie88 said:


> Just pmed massexplosion he said it might be usefull


edit= ´MIGHT`


----------



## RedBlueGreen (Oct 6, 2015)

730 said:


> If this actually becomes a kernel exploit it better fucking be for 10.1 too or I'll cut my fucking dick off FUUUUUUUUUUUUUCK I UPDATED LIKE 2 DAYS AGO!!!!


Sadly it will not. Nintendo patched the vulnerability. One will have to be found in 10.1 for it to happen.


----------



## Intronaut (Oct 6, 2015)

@173210 did you check the BootNTR's source code? It has functions related to service handling


----------



## GoodCookie88 (Oct 6, 2015)

I asked him to post here


----------



## 730 (Oct 6, 2015)

RedBlueGreen said:


> Sadly it will not. Nintendo patched the vulnerability. One will have to be found in 10.1 for it to happen.


And here I thought Nintendo wouldn't patch vulns unless they were publicly revealed... *sigh*
At least I still have my o3DS on 9.5, but not the same as n3DS.


----------



## Arseface_TM (Oct 6, 2015)

lemanuel said:


> has simply turned into a huge clusterfuck cuz ppl can't hold their willies


I dunno, from the looks of it lots of the posters have grabbed their willies. I'd say the problem is the reverse, premature ejacu...willy holding.


----------



## BMO (Oct 6, 2015)

People getting jumpy and excited before anything actually happens as usual on here...


----------



## TLOZmaster (Oct 6, 2015)

Well, Smea is definitely a blessing and curse. That doof said to update because it didn't change anything. Now I am at 10.1 because I updated 3 days ago like a dummy. I am super upset right now.


----------



## Deleted User (Oct 6, 2015)

Never again will I update, even if the big guys say its okay


----------



## Intronaut (Oct 6, 2015)

Maybe the users with 10.1 should compile the PoC and test if they receive the same output...

I think that is more useful than posts like "IT WILL WORK ON 10.X?" or "WHY THE F**K I UPDATED?"


----------



## OctopusRift (Oct 6, 2015)

Jwiz33 said:


> The larger you make your letters, the more people will consider you a noob. But perhaps the more I enlarge the text, the better chance MassExplosion213 has of seeing this thread.


found you on a Super Kool Youthful Portable Entertainment website..


----------



## Jwiz33 (Oct 6, 2015)

OctopusRift said:


> found you on a Super Kool Youthful Portable Entertainment website..


I don't have Skype. Maybe it's someone else.


----------



## MassExplosion213 (Oct 6, 2015)

Ok. I'm back. And now there's this. I'm going to look into it, however, this may or may not help with the sploit I was working on.


----------



## TLOZmaster (Oct 6, 2015)

Robfozz said:


> Never again will I update, even if the big guys say its okay



Same...


----------



## OctopusRift (Oct 6, 2015)

Jwiz33 said:


> I don't have Skype. Maybe it's someone else.


damn. i will find you.


----------



## Jwiz33 (Oct 6, 2015)

OctopusRift said:


> damn. i will find you.


I live by @Retr0Capez


----------



## OctopusRift (Oct 6, 2015)

Jwiz33 said:


> I live by @Retr0Capez


FOUND YA ON SKYPE. or nah.


----------



## machinamentum (Oct 6, 2015)

173210 said:


> [snip]
> Usually 3dbrew writers don't provide actual unknown vulnerabilities, so I'm still wondering the following description is correct.
> 
> Yellows8 doesn't mention about the possibility of the case that s32_processorid is negative. It can result in kernel memory corruption, and eventually kernel code execution.
> ...


I assume the reason negative values aren't specified by yellows8 is because negative values don't need to be ranged checked since they're not used to index the MMU-table and a few negative values have semantic meaning to the kernel. From svc.h:


> Value -1 means all CPUs and -2 read from the Exheader.


I am highly doubtful that any other negative values will overwrite kernel memory. Of course, you could always dump the vulnerable kernel and disassemble the thread scheduler to verify if yellows8 left details out.


----------



## GoodCookie88 (Oct 6, 2015)

ihaveamac said:


> Could he post in this thread too to say that?


There ya go


----------



## Jwiz33 (Oct 6, 2015)

OctopusRift said:


> FOUND YA ON SKYPE. or nah.


What's the username? I swear me no Skype
*S*ponsored by *K*razy *Y*outube *P*oop and *E*ndorsed by yo mama


----------



## OctopusRift (Oct 6, 2015)

Jwiz33 said:


> What's the username? I swear me no Skype
> *S*ponsored by *K*razy *Y*outube *P*oop and *E*ndorsed by yo mama


ouch babe.


----------



## Intronaut (Oct 6, 2015)

I don't think a zero as a outpot says a lot. I think a good PoC would be reaching a restricted service like AM:NET.

@machinamentum explanation seems reasonable anyway


----------



## Normmatt (Oct 6, 2015)

This is completely useless


----------



## retrofan_k (Oct 6, 2015)

730 said:


> If this actually becomes a kernel exploit it better fucking be for 10.1 too or I'll cut my fucking dick off FUUUUUUUUUUUUUCK I UPDATED LIKE 2 DAYS AGO!!!!



Looks like you'll be dickless, as this only for 9xx firmware.  Should have stayed on 9 kiddo lol.


----------



## OctopusRift (Oct 6, 2015)

Normmatt said:


> This is completely useless


You're useless. <3 But for real love you.


----------



## BMO (Oct 6, 2015)

retrofan_k said:


> Looks like you'll be dickless, as this only for 9xx firmware.  Should have stayed on 9 kiddo lol.


Or better yet stayed under 9.2


----------



## Intronaut (Oct 6, 2015)

Normmatt said:


> This is completely useless


Yeah, it seems, but can you give us a further explanation?


----------



## OctopusRift (Oct 6, 2015)

Intronaut said:


> Yeah, it seems, but can you give us a further explanation?


Wha? @MassExplosion213 Is working on it.


----------



## Jwiz33 (Oct 6, 2015)

OctopusRift said:


> Got you on twitter anyway.


I always see you commenting on Smea's tweets


----------



## Rioluwott (Oct 6, 2015)

Sorry if this is a stupid question but will this work on 10.0-20? they said that 9.9 was the same as 10.0 and the unhackeable update was 10.1


----------



## OctopusRift (Oct 6, 2015)

Rioluwott said:


> Sorry if this is a stupid question but will this work on 10.0-20? they said that 9.9 was the same as 10.0 and the unhackeable update was 10.1


nu. 9.9 or lower only. no peasants allowed.


----------



## Piluvr (Oct 6, 2015)

OctopusRift said:


> WHEEEEEE SHITPOST


If I put the file from another 3ds firmware onto sd card will it magically hack itself?


----------



## teampleb (Oct 6, 2015)

Piluvr said:


> If I put the file from another 3ds firmware onto sd card will it magically hack itself?


I can't see why not.


----------



## ric. (Oct 6, 2015)

Piluvr said:


> If I put the file from another 3ds firmware onto sd card will it magically hack itself?


It won't work because of the rotational velocidensity.


----------



## MassExplosion213 (Oct 6, 2015)

Ok, I looked into this, and as far as I can see, it is useless for *everything*. I even tried keeping the thread open. No dice.


----------



## Piluvr (Oct 6, 2015)

teampleb said:


> I can't see why not.


okay! (this was a quote from my friend who is not that familiar with tech.)


----------



## teampleb (Oct 6, 2015)

173210 said:


> Hello, I found something. I just found something and it may not be useful. Anyway, I'll post this because I don't know SVC handler well and have no idea where the function is. *If you know how to find the actual code of SVC, please tell me.* I'm a noob for 3DS.
> 
> 3DS System Flaws - 3dbrew
> http://www.3dbrew.org/wiki/3DS_System_Flaws
> ...


Upload a compiled version so we can test it too?


----------



## CreAtor135 (Oct 6, 2015)

OctopusRift said:


> you showed up.


Ohhh nooo defeated is me I am trigur take tht beck i so noob help


----------



## Jwiz33 (Oct 6, 2015)

MassExplosion213 said:


> Ok, I looked into this, and as far as I can see, it is useless for *everything*. I even tried keeping the thread open. No dice.


/thread


----------



## teampleb (Oct 6, 2015)

MassExplosion213 said:


> Ok, I looked into this, and as far as I can see, it is useless for *everything*. I even tried keeping the thread open. No dice.


So the 3DBrew page is correct?


----------



## TLOZmaster (Oct 6, 2015)

_So no 9.9 kernal hack?_


----------



## ric. (Oct 6, 2015)

MassExplosion213 said:


> Ok, I looked into this, and as far as I can see, it is useless for *everything*. I even tried keeping the thread open. No dice.


Well it was worth a shot, I suppose.
How's the other exploit coming along by the way?


----------



## teampleb (Oct 6, 2015)

TLOZmaster said:


> _So no 9.9 kernal hack?_


Doesn't look like it.


----------



## legofan623 (Oct 6, 2015)

MassExplosion213 said:


> Ok, I looked into this, and as far as I can see, it is useless for *everything*. I even tried keeping the thread open. No dice.


gg 9.3+


----------



## MassExplosion213 (Oct 6, 2015)

ric. said:


> Well it was worth a shot, I suppose.
> How's the other exploit coming along by the way?


Still need NS ROP to even get anything.

--------------------- MERGED ---------------------------



legofan623 said:


> gg 9.3+


And I have a 9.2 3DS and a 9.9 one.


----------



## Randomdude0 (Oct 6, 2015)

Ok guys, nothing to see here, lets go home and update to 10.1


----------



## Jwiz33 (Oct 6, 2015)

TLOZmaster said:


> _So no 9.9 kernal hack?_


Not likely now, but maybe a colonel hack. *bu bum tiss*


----------



## teampleb (Oct 6, 2015)

Well this got hyped to no end and died quickly. Lol.


----------



## TLOZmaster (Oct 6, 2015)

RIP 9.9 kernel, for now.


----------



## william341 (Oct 6, 2015)

yay us 10.1 users wont be fooked thanks to this not working!


----------



## OctopusRift (Oct 6, 2015)

TLOZmaster said:


> RIP 9.9 kernel, for now.


rip.


----------



## shutterbug2000 (Oct 6, 2015)

Well, this thread was worth a good laugh, but that's about it .


----------



## teampleb (Oct 6, 2015)

shutterbug2000 said:


> Well, this thread was worth a good laugh, but that's about it .


I really loved it when the 9.9 users called the 10.1 users losers. xD


----------



## shutterbug2000 (Oct 6, 2015)

teampleb said:


> I really loved it when the 9.9 users called the 10.1 users losers. xD



My favorite post? right here XD https://gbatemp.net/threads/arm11-kernel-vulnerability-under-10-0-0-x.398953/page-6#post-5712487


----------



## Randomdude0 (Oct 6, 2015)

teampleb said:


> I really loved it when the 9.9 users called the 10.1 users losers. xD



ikr? GBATemp community is so great!


----------



## shutterbug2000 (Oct 6, 2015)

teampleb said:


> I really loved it when the 9.9 users called the 10.1 users losers. xD



And now it turns out that there's still no true difference XD


----------



## teampleb (Oct 6, 2015)

shutterbug2000 said:


> And now it turns out that there's still no true difference XD


We already knew this doesn't work. It corrupts the memory to an unusable state.


----------



## GoodCookie88 (Oct 6, 2015)

Hype killed...I know nothing was guaranteed but I had a little but of hope.
Oh well.....still not updating..... O.O


----------



## teampleb (Oct 6, 2015)

GoodCookie88 said:


> Hype killed...I know nothing was guaranteed but I had a little but of hope.
> Oh well.....still not updating..... O.O


This was only thing remotely important fixed.


----------



## GoodCookie88 (Oct 6, 2015)

teampleb said:


> This was only thing remotely important fixed.


----------



## teampleb (Oct 6, 2015)

GoodCookie88 said:


>


And it doesn't do anything but corrupt the ram.


----------



## Phanton (Oct 6, 2015)

730 said:


> If this actually becomes a kernel exploit it better fucking be for 10.1 too or I'll cut my fucking dick off FUUUUUUUUUUUUUCK I UPDATED LIKE 2 DAYS AGO!!!!


Calm down bro, keep your cool and don't be like all these faggots complaining for a lost case. Even if you have a 10.1; getting a 9.9 is a lot easier than 9.2, even here.


----------



## Deleted User (Oct 6, 2015)

http://3dbrew.org/w/index.php?curid=95&diff=13487&oldid=13474

/thread


----------



## teampleb (Oct 6, 2015)

Steveice10 said:


> http://3dbrew.org/w/index.php?curid=95&diff=13487&oldid=13474
> 
> /thread


That's what I've been saying.


----------



## GoodCookie88 (Oct 6, 2015)

teampleb said:


> And it doesn't do anything but corrupt the ram.


Lol srsly that sucks

--------------------- MERGED ---------------------------



Phanton said:


> Calm down bro, keep your cool and don't be like all these faggots complaining for a lost case. Even if you have a 10.1; getting a 9.9 is a lot easier than 9.2, even here.


XD don't do that hahaha I was banging my head on the table when I found out about 9.2 exploit haha....never thought about cutting off my dick though '-'


----------



## teampleb (Oct 6, 2015)

GoodCookie88 said:


> Lol srsly that sucks


Yeah, that's what I've been saying. I gave this a chance but I knew it wouldn't lead anywhere.


----------



## GoodCookie88 (Oct 6, 2015)

teampleb said:


> Yeah, that's what I've been saying. I gave this a chance but I knew it wouldn't lead anywhere.


I thought it would but when mass confirmed it was useless my heart died


----------



## teampleb (Oct 6, 2015)

GoodCookie88 said:


> I thought it would but when mass confirmed it was useless my heart died


Don't forget @Steveice10 too.


----------



## Domino101 (Oct 6, 2015)

hyped for nothing :/


----------



## AtlasFontaine (Oct 6, 2015)

I cri so jard.


----------



## Baccabechoppin (Oct 6, 2015)

So happy I invested in a 9.0 2DS, if this was actually useful I would've just wasted $90 on the thing


----------



## teampleb (Oct 6, 2015)

Baccabechoppin said:


> So happy I invested in a 9.0 2DS, if this was actually useful I would've just wasted $90 on the thing


Not really. You'd still have a kernel hack.


----------



## legofan623 (Oct 6, 2015)

teampleb said:


> Not really. You'd still have a kernel hack.


But a >= 9.3 is only $60


----------



## Baccabechoppin (Oct 6, 2015)

So is there any reason to actually keep my N3DS on 9.9? Or should I just update it?


----------



## ric. (Oct 6, 2015)

Baccabechoppin said:


> So is there any reason to actually keep my N3DS on 9.9? Or should I just update it?


Don't update unless you absolutely need to. Every time a new update comes out, wait a couple days and check 3Dbrew to make sure it's safe.


----------



## teampleb (Oct 6, 2015)

Baccabechoppin said:


> So is there any reason to actually keep my N3DS on 9.9? Or should I just update it?


It's your choice but every dev including Steveice10 and Mass say it's useless.


----------



## GoodCookie88 (Oct 6, 2015)

teampleb said:


> Don't forget @Steveice10 too.


Who's him??


----------



## dark_samus3 (Oct 6, 2015)

GoodCookie88 said:


> Who's him??


The developer of FBI


----------



## teampleb (Oct 6, 2015)

GoodCookie88 said:


> Who's him??


He's pretty well known on here. He's worked on a bunch of projects like GameYob.


----------



## GoodCookie88 (Oct 6, 2015)

Oh..


teampleb said:


> He's pretty well known on here. He's worked on a bunch of projects like GameYob.


oh... But has he hinted something about kernel access?


----------



## dark_samus3 (Oct 6, 2015)

GoodCookie88 said:


> Oh..
> 
> oh... But has he hinted something about kernel access?


*facepalm*


----------



## teampleb (Oct 6, 2015)

GoodCookie88 said:


> Oh..
> 
> oh... But has he hinted something about kernel access?


He said this is useless...


----------



## dark_samus3 (Oct 6, 2015)

Steveice10 said:


> http://3dbrew.org/w/index.php?curid=95&diff=13487&oldid=13474
> 
> /thread



He confirmed that arm11 hax weren't possible with this


----------



## GoodCookie88 (Oct 6, 2015)

dark_samus3 said:


> He confirmed that arm11 hax weren't possible with this


I'm not saying using the resources from THIS source...I'm saying if he is developing a kernel exploit.....

--------------------- MERGED ---------------------------



dark_samus3 said:


> *facepalm*


Not necessary


----------



## Intronaut (Oct 6, 2015)

dark_samus3 said:


> He confirmed that arm11 hax weren't possible with this


And I'm starting to believe we aren't going to get an kernel exploit above 9.2. Anyway, I'm happy because my both 3ds are on 9.0


----------



## dark_samus3 (Oct 6, 2015)

GoodCookie88 said:


> I'm not saying using the resources from THIS source...I'm saying if he is developing a kernel exploit.....
> 
> --------------------- MERGED ---------------------------
> 
> ...


Idk... Why don't you ask him


----------



## teampleb (Oct 6, 2015)

Intronaut said:


> And I'm starting to believe we aren't going to get an kernel exploit above 9.2. Anyway, I'm happy because my both 3ds are on 9.0


We will. It's just gonna take time.


----------



## GoodCookie88 (Oct 6, 2015)

dark_samus3 said:


> Idk... Why don't you ask him


Saving time here....to lazy

--------------------- MERGED ---------------------------



Intronaut said:


> And I'm starting to believe we aren't going to get an kernel exploit above 9.2. Anyway, I'm happy because my both 3ds are on 9.0


We will obviously see a kernel exploit on 9.2+ no system is perfect and unhackable  like teampleb said it will take time,


----------



## dark_samus3 (Oct 6, 2015)

GoodCookie88 said:


> Saving time here....to lazy


Well I seriously don't know and I'm pretty sure nobody else here does... So if you really want to know then ask him yourself


----------



## GoodCookie88 (Oct 6, 2015)

dark_samus3 said:


> Well I seriously don't know and I'm pretty sure nobody else here does... So if you really want to know then ask him yourself


Ok bro I'm not desperate alright and I didn't say that you knew about it '-'


----------



## teampleb (Oct 6, 2015)

GoodCookie88 said:


> Ok bro I'm not desperate alright and I didn't say that you knew about it '-'


I think NH 2.5 will be enough to satisfy me. Sleep mode, more ram, screen shots, and more access.


----------



## 730 (Oct 6, 2015)

Phanton said:


> Calm down bro, keep your cool and don't be like all these faggots complaining for a lost case. Even if you have a 10.1; getting a 9.9 is a lot easier than 9.2, even here.


eh anyways it's confirmed nothing is happening.
now send me 9.2 n3DSXL plox


----------



## Megalegacy98 (Oct 6, 2015)

When there's an update, there's a vulnerability 

...hopefully


----------



## teampleb (Oct 6, 2015)

Megalegacy98 said:


> When there's an update, there's a vulnerability
> 
> ...hopefully


Lol, it doesn't work like that at all. In 10.1 all they changed were icons.
-snip-


----------



## Megalegacy98 (Oct 6, 2015)

teampleb said:


> Lol, it doesn't work like that at all. In 10.1 all they changed were icons.
> 
> --------------------- MERGED ---------------------------
> 
> ...


They could update something and leave a vulnerability in it.

I should've said *could*, my bad.


----------



## ric. (Oct 6, 2015)

What *could* be possible is that Nintendo patches a huge vulnerability in one of their updates and we figure out where that vuln. was by comparing the update to the previous firmwares and see what changed.
But I'm just talking out of my ass here.


----------



## Noise964 (Oct 6, 2015)

teampleb said:


> Lol, it doesn't work like that at all. In 10.1 all they changed were icons.
> 
> Why? This is a dead end confirmed.


You mean there's hope? Should I just not download any more updates in the meantime?


----------



## teampleb (Oct 6, 2015)

Noise964 said:


> You mean there's hope? Should I just not download any more updates in the meantime?


This was debunked by Mass and Steveice10.


----------



## Noise964 (Oct 6, 2015)

teampleb said:


> This was debunked by Mass and Steveice10.


Bastards.


----------



## teampleb (Oct 6, 2015)

Noise964 said:


> Bastards.


What? They told us it won't work.


----------



## Noise964 (Oct 6, 2015)

teampleb said:


> What? They told us it won't work.


Not them, OP.


----------



## teampleb (Oct 6, 2015)

Noise964 said:


> Not them, OP.


Oh, sorry. You used a plural. Lol.


----------



## Noise964 (Oct 6, 2015)

teampleb said:


> Oh, sorry. You used a plural. Lol.


calling him bastard singular isn't bastardy enough


----------



## nopy4869 (Oct 6, 2015)

Lesson to take away from this: ask questions on #3dsdev BEFORE posting your Kernel exploit on GbaTemp.

--------------------- MERGED ---------------------------


----------



## zoogie (Oct 6, 2015)

nopy4869 said:


> Lesson to take away from this: ask questions on #3dsdev BEFORE posting your Kernel exploit on GbaTemp.
> 
> --------------------- MERGED ---------------------------


Given that he's worked on rxtools they would probably ban him first


----------



## Death78793 (Oct 6, 2015)

nopy4869 said:


> Lesson to take away from this: ask questions on #3dsdev BEFORE posting your Kernel exploit on GbaTemp.
> 
> --------------------- MERGED ---------------------------


I'll agree that the title is a bit misleading, but he didn't claim to have a "kernel exploit", he was just trying to get informed and inform us in the same manner about this.


----------



## teampleb (Oct 6, 2015)

Death78793 said:


> I'll agree that the title is a bit misleading, but he didn't claim to have a "kernel exploit", he was just trying to get informed and inform us in the same manner about this.


It was still already known and useless.


----------



## Death78793 (Oct 6, 2015)

teampleb said:


> It was still already known and useless.


Yeah, even he wrote it.



173210 said:


> Hello, I found something. *I just found something and it may not be useful*. Anyway, I'll post this because I don't know SVC handler well and have no idea where the function is. *If you know how to find the actual code of SVC, please tell me.* I'm a noob for 3DS.


----------



## teampleb (Oct 6, 2015)

Death78793 said:


> Yeah, even he wrote it.


I guess, but he didn't really find anything.


----------



## OctopusRift (Oct 6, 2015)

teampleb said:


> I guess, but he didn't really find anything.


Team, you're right... he didn't know, you had every right to hope.


----------



## teampleb (Oct 6, 2015)

OctopusRift said:


> Team, you're right... he didn't know, you had every right to hope.


What? I always knew this wasn't going to work. I just wasn't an ass about it.


----------



## OctopusRift (Oct 6, 2015)

teampleb said:


> What? I always knew this wasn't going to work. I just wasn't an ass about it.


I was agreeing with you!


----------



## teampleb (Oct 6, 2015)

OctopusRift said:


> I was agreeing with you!


Oh, I don't get the "hope" part then. Lol.


----------



## Irumi` (Oct 6, 2015)

After this, I buy a console with a exploitable firmware. </3


----------



## Angelcraft (Oct 6, 2015)

I need my arm exploit now!


----------



## teampleb (Oct 6, 2015)

Angelcraft said:


> I need my arm exploit now!


Why'd you bump this dead thread?


----------



## Angelcraft (Oct 6, 2015)

teampleb said:


> Why'd you bump this dead thread?


I have see this thread now

--------------------- MERGED ---------------------------



teampleb said:


> Why'd you bump this dead thread?


Sorry


----------



## lemanuel (Oct 6, 2015)

Angelcraft said:


> I *only saw* this thread now



Fixed that for you ^

In any case, no need to comment on it since it's already been stated that it doesn't do anything.
Not your fault though. The thread just should have been closed already


----------



## Xenon Hacks (Oct 6, 2015)

So without anyone trolling the hell out of me can anyone explain what's going on, I tried reading through pages but it's mostly spam is there any actual significance to this? @AlbertoSONIC ?


----------



## teampleb (Oct 6, 2015)

Xenon Hacks said:


> So without anyone trolling the hell out of me can anyone explain what's going on, I tried reading through pages but it's mostly spam is there any actual significance to this? @AlbertoSONIC ?


No. We already knew everything in this thread.

Could a mod lock this already?


----------



## lemanuel (Oct 6, 2015)

Xenon Hacks said:


> So without anyone trolling the hell out of me can anyone explain what's going on, I tried reading through pages but it's mostly spam is there any actual significance to this? @AlbertoSONIC ?



Several trustworthy persons already stated that it isn't useful. I believe 3DBrew was already updated to mention this fact as well.


----------



## 173210 (Oct 6, 2015)

lemanuel said:


> Several trustworthy persons already stated that it isn't useful. I believe 3DBrew was already updated to mention this fact as well.


Yes, they won't lie. But they have not mentioned some possibilities (at first negative values, now negative values which is not too small ). I'm investigating them.


----------



## teampleb (Oct 6, 2015)

173210 said:


> Yes, they won't lie. But they have not mentioned some possibilities (at first negative values, now negative values which is not too small ). I'm investigating them.


You really shouldn't make a thread until you at least have something. Anything...


----------



## lemanuel (Oct 6, 2015)

173210 said:


> Yes, they won't lie. But they have not mentioned some possibilities (at first negative values, now negative values which is not too small ). I'm investigating them.



Quoting from 3DBrew:



> The previous version also allowed *large negative* s32_processorid * values*(negative processorid values are special values not actual procids), but it appears using values like that won't actually do anything(meaning no crash) besides the thread not running / thread not running for a while(besides triggering a kernelpanic with certain s32_processorid value(s)).



I believe it's already stated about large negative values too (as you said "not too small"). So am I wrong to assume that it's already been said it's not useful?


----------



## The Catboy (Oct 6, 2015)

I don't want to say "I told you so," but I did mention way back in the first 10.0.0-x thread that when Nintendo starts shooting out random updates, one after another, they are up to something. Nintendo only starts shooting out small updates like that without fixing the current exploits, when they know there's something bigger to patch.


----------



## teampleb (Oct 6, 2015)

Crystal the Glaceon said:


> I don't want to say "I told you so," but I did mention way back in the first 10.0.0-x thread that when Nintendo starts shooting out random updates, one after another, they are up to something. Nintendo only starts shooting out small updates like that without fixing the current exploits, when they know there's something bigger to patch.


But we know what they patched...


----------



## JuanmaHL (Oct 6, 2015)

2fake4me


----------



## Nollog (Oct 6, 2015)

JuanmaHL said:


> 2fake4me


It's not about being fake, it's about numbers being excited and making threads on things before she has done anything with it.


----------



## The Catboy (Oct 6, 2015)

teampleb said:


> But we know what they patched...


I never trust small updates that leave homebrews alone, there's always a catch.


----------



## ric. (Oct 6, 2015)

173210 said:


> Yes, they won't lie. But they have not mentioned some possibilities (at first negative values, now negative values which is not too small ). I'm investigating them.


Well hopefully you can find something! It wouldn't hurt to take a deeper look at it.



teampleb said:


> You really shouldn't make a thread until you at least have something. Anything...


To be fair the title of the thread was perfectly correct. I'd normally agree with you if it was something like "3DS ARM11 KEXPLOIT ON 10.0 AND UNDER BIG RELEASE GET IT WHILE ITS HOT", but it's really not 173210's fault. He shared his discovery with us, I think it's more our fault for getting all hyped up over what seems to be just a regular system flaw.


----------



## DutchyDutch (Oct 6, 2015)

So... should I be hyped? Or isn't there anything to be hyped about? (9.9 user)


----------



## legofan623 (Oct 6, 2015)

DutchyDutch said:


> So... should I be hyped? Or isn't there anything to be hyped about? (9.9 user)


Literally nothing to be hyped about


----------



## bakurage (Oct 6, 2015)

Soooooo ... NEEEEEEEEEEEEED


----------



## Deleted User (Oct 6, 2015)

This is not related to this specific exploit, but about a research i'm doing that can lead to the same results.
So, i need help and have a fcram dump from a old3ds firmware 10.1.
This can be easily achieved with an emunand and a cfw i guess, maybe rxtools.


----------



## bakurage (Oct 6, 2015)

This vulnerabilty is exploitable for downgrade to 9.9 at 9.2 ?


----------



## DutchyDutch (Oct 6, 2015)

legofan623 said:


> Literally nothing to be hyped about


Great. Now if you excuse me, I'm gonna go cry in a corner.


----------



## Bubsy Bobcat (Oct 6, 2015)

Whoop. Can't wait to join the glorious 9.2 master race.


----------



## bakurage (Oct 6, 2015)

Bubsy Bobcat said:


> Whoop. Can't wait to join the glorious 9.2 master race.


o/


----------



## Ekaitz (Oct 6, 2015)

I hope that something will come out of this. I updated my system while it was on 9.5 to 9.9 because I wanted Ironfall (for Ironhax in fact). I'm glad that I didn't update past that...


----------



## Bubsy Bobcat (Oct 6, 2015)

bakurage said:


> o/


\o


----------



## DutchyDutch (Oct 6, 2015)

Ekaitz said:


> I hope that something will come out of this. I updated my system while it was on 9.5 to 9.9 because I wanted Ironfall (for Ironhax in fact). I'm glad that I didn't update past that...


Same, but I was on 9.2 and I didn't know there was cfw.


----------



## Ekaitz (Oct 6, 2015)

DutchyDutch said:


> Same, but I was on 9.2 and I didn't know there was cfw.



I had a 9.2 O3DS XL that was running rxTools... And it was stolen. Bought a n3DS that was 9.5, that's the game.


----------



## Imparasite (Oct 6, 2015)

finally its time for N3DS/XL 9.3+ firmware exploits, if its real its a BIG SLAP on the face for Gateshit lol cant wait for it


----------



## VaiCorinthians (Oct 6, 2015)

So there's no exploit or vulnerability?
9.9 arm11 kernel vulnerability is dead for now?


----------



## intensje (Oct 6, 2015)

yes, probably better to close this thread  because no-one will read all pages and then just ask


----------



## Bubsy Bobcat (Oct 6, 2015)

So... n-no, downgrading?


----------



## bakurage (Oct 6, 2015)

My hope...


----------



## Intronaut (Oct 6, 2015)

Imparasite said:


> finally its time for N3DS/XL 9.3+ firmware exploits, if its real its a BIG SLAP on the face for Gateshit lol cant wait for it



LOL, it's not happening yet. Also, your avatar skull looks like to the skull of the Blue/MT-card team


----------



## Deleted member 370671 (Oct 6, 2015)

VaiCorunthians said:


> So there's no exploit or vulnerability?
> 9.9 arm11 kernel vulnerability is dead for now?


No, there is no (public) kernel exploit for 9.3+ right now.
Yes, there is a vulnerability ; it is useless (or it seems like it for now at least), but it's still a vulnerability.
Finally, there is no ARM11 (public) kernel exploit at the moment, but it isn't "dead". I'm fairly sure there is one (even an ARM9), we just don't know what it is yet.


----------



## 173210 (Oct 6, 2015)

teampleb said:


> You really shouldn't make a thread until you at least have something. Anything...


> *If you know how to find the actual code of SVC, please tell me.*
See?


----------



## GoodCookie88 (Oct 6, 2015)

173210 said:


> > *If you know how to find the actual code of SVC, please tell me.*
> See?


What does this mean?


----------



## 173210 (Oct 6, 2015)

GoodCookie88 said:


> What does this mean?


So I need other developers help. I don't know 3DS well and I don't have so much time.


----------



## Normmatt (Oct 6, 2015)

173210 said:


> So I need other developers help. I don't know 3DS well and I don't have so much time.


the SVC code is in native firm... It's already been pointed out that this is useless... it can't be exploited...


----------



## 173210 (Oct 6, 2015)

Normmatt said:


> the SVC code is in native firm... It's already been pointed out that this is useless... it can't be exploited...


I want to confirm that. The results of my experiments conflict with the description on 3dbrew.org.


----------



## Normmatt (Oct 6, 2015)

173210 said:


> I want to confirm that. The results of my experiments conflict with the description on 3dbrew.org.


If you mean your first post's experiments then no they don't...


----------



## GoodCookie88 (Oct 6, 2015)

173210 said:


> I want to confirm that. The results of my experiments conflict with the description on 3dbrew.org.


A question are you sure you can go anywhere with this?


----------



## 173210 (Oct 6, 2015)

Normmatt said:


> If you mean your first post's experiments then no they don't...





> Update on 3dbrew.org
> The previous version also allowed large negative s32_processorid values(negative processorid values are special values not actual procids), but it appears using values like that won't actually do anything(meaning no crash) besides the thread not running / thread not running for a while(besides triggering a kernelpanic with certain s32_processorid value(s)).


According to 3dbrew.org, s32_processorid should be larger than -4, which is the code-reversed value of the number of n3ds core.
So I carried out another experiment. It crashed when it took -4 as processorid on n3ds. So it may write the data in the same place as it does when it took 4 as processorid. It's still not clear whether it's exploitable or not.


----------



## ric. (Oct 6, 2015)

GoodCookie88 said:


> A question are you sure you can go anywhere with this?


He isn't, that's the whole point of doing research. He needs to know for sure if it can be exploited or not.


----------



## 173210 (Oct 6, 2015)

GoodCookie88 said:


> A question are you sure you can go anywhere with this?


I'm not sure "go anywhere" means, but if it means whether I can write the data anywhere, I'm not sure.


----------



## GoodCookie88 (Oct 6, 2015)

173210 said:


> I'm not sure "go anywhere" means, but if it means whether I can write the data anywhere, I'm not sure.


Oh I see but if your "experiments" work out do you know what to do next ?


----------



## lemanuel (Oct 6, 2015)

GoodCookie88 said:


> Oh I see but if your "experiments" work out do you know what to do next ?



Probably congratulate himself? 

Just let the guy work in peace. If he can find anything, it's up to him what to do with the info anyway.


----------



## Skullgrill (Oct 7, 2015)

AAAYYYYY I decided to only update my old launch 3ds not the newer old xl


----------



## Piluvr (Oct 7, 2015)

delebile said:


> This is not related to this specific exploit, but about a research i'm doing that can lead to the same results.
> So, i need help and have a fcram dump from a old3ds firmware 10.1.
> This can be easily achieved with an emunand and a cfw i guess, maybe rxtools.


send it to mass.


----------



## Deleted User (Oct 7, 2015)

"besides triggering a kernelpanic with certain s32_processorid value(s)" <--- That's probably the crash you're getting.


----------



## 173210 (Oct 7, 2015)

Steveice10 said:


> "besides triggering a kernelpanic with certain s32_processorid value(s)" <--- That's probably the crash you're getting.


No, I confirmed it's actually "Data Abort" with CakesFW.


----------



## OctopusRift (Oct 7, 2015)

173210 said:


> No, I confirmed it's actually "Data Abort" with CakesFW.


So this has some water still?


----------



## piratesephiroth (Oct 7, 2015)

this is getting weird


----------



## pastaconsumer (Oct 7, 2015)

Glad I stuck with 9.2


----------



## SmellyPirateMonkey (Oct 7, 2015)

I'll admit this got me excited until I read through the comments. Good thing only one of my 3ds' is above 9.2


----------



## neobrain (Oct 7, 2015)

tl;dr:



lemanuel said:


> A thread such as this, with an interesting idea and maybe potential to be looked further into, has simply turned into a huge clusterfuck cuz ppl can't hold their willies and simply wait for something relevant to be said.
> 
> I'm sure that "Yay, I can't wait to use it" or "Please halp, I already updated" will greatly contribute to this thread...






teampleb said:


> *To everybody: This does nothing. This is nothing. This isn't an exploit. We still need to find one. This just shows it "might" be possible. Even though we've known about this before 10.0 even released.*




And finally (can't be bothered to read through all 12 pages of crap in this thread, so instead I'm quoting IRC):


> 12:44 <@profi200> And the ARM11 kernel thread is still not dead but it was confirmed multiple times that the vuln is useless.
> 12:47 <@profi200> That vuln does nothing which could be useful.


----------



## teampleb (Oct 7, 2015)

And isn't it impossible to downgrade from 9.9 to 9.2 due to the new encryption anyway? At least on n3DS.


----------



## OctopusRift (Oct 7, 2015)

teampleb said:


> And isn't it impossible to downgrade from 9.9 to 9.2 due to the new encryption anyway? At least on n3DS.


huh? a little more explanation please.


----------



## teampleb (Oct 7, 2015)

OctopusRift said:


> huh? a little more explanation please.


I was told the lowest you could downgrade to was 9.6 or so on n3DS. As that's when the new encryption was introduced. I don't know if that's correct or not though. I think it is.


----------



## Deleted member 370671 (Oct 7, 2015)

OctopusRift said:


> huh? a little more explanation please.


Since the 9.6 update, the N3DS NATIVE_FIRM uses a new encryption. That's the reason emuNAND can't be updated higher than 9.5 on New 3DS.


----------



## OctopusRift (Oct 7, 2015)

TheKawaiiDesu said:


> Since the 9.6 update, the N3DS NATIVE_FIRM uses a new encryption. That's the reason why emuNAND can't be updated higher than 9.5 on New 3DS.





teampleb said:


> I was told the lowest you could downgrade to was 9.6 or so on n3DS. As that's when the new encryption was introduced. I don't know if that's correct or not though. I think it is.


Ah, I read that wrong, thanks guys!


----------



## Xenon Hacks (Oct 7, 2015)

173210 said:


> No, I confirmed it's actually "Data Abort" with CakesFW.


English please


----------



## OctopusRift (Oct 7, 2015)

Xenon Hacks said:


> English please


He's not a native english speaker. But a really nice guy.


----------



## Xenon Hacks (Oct 7, 2015)

OctopusRift said:


> He's not a native english speaker. But a really nice guy.


I quoted the wrong post I wanted to quote @Steveice10, what does that even mean "besides triggering a kernelpanic with certain s32_processorid value(s)"?


----------



## OctopusRift (Oct 7, 2015)

Xenon Hacks said:


> I quoted the wrong post I wanted to quote @Steveice10, what does that even mean "besides triggering a kernelpanic with certain s32_processorid value(s)"?


ah, ok bud  l8r!


----------



## Viris (Oct 7, 2015)

Can you explain the situation better ?


----------



## piratesephiroth (Oct 7, 2015)

Viris said:


> Can you explain the situation better ?


----------



## fmkid (Oct 7, 2015)

Viris said:


> Can you explain the situation better ?


Only real thing I can just see here is OP trying to prove about his supposition is true or not by himself, in despite of some reputed developers/researchers (including Yellows8) have just said "nothing useful".


----------



## neobrain (Oct 7, 2015)

12th page didn't bring any news, hence another tl;dr because people only read the last page anyway:



neobrain said:


> tl;dr:
> 
> 
> 
> ...


----------



## Justin20020 (Oct 8, 2015)

Let him do his work. I think anyone could help him


----------



## teampleb (Oct 8, 2015)

Justin20020 said:


> Let him do his work. I think anyone could help him


This has been proven useless by multiple credible people on GBAtemp.


----------



## Justin20020 (Oct 8, 2015)

okay.. this is bad..


----------



## fmkid (Oct 8, 2015)

Justin20020 said:


> Let him do his work. I think anyone could help him


Well... After all, maybe absolutelly interesting if he finds by himself the answer about his supposition and let us know! It's totally free to do that!


----------



## ironmaster49 (Oct 9, 2015)

So is this a continuation of massexplosion213's project and his ideas and he inspired you? So if then we have a 10x exploit it will work on 9.9 right? And with ARM11 kernel access is it possible to do things like installing legit cia and downgrading or just making it easier to get ARM9 later on? Maybe we can get Custom Firmware on the latest Firmware later on


----------



## MassExplosion213 (Oct 9, 2015)

ironmaster49 said:


> So is this a continuation of massexplosion213's project and his ideas and he inspired you? So if then we have a 10x exploit it will work on 9.9 right? And with ARM11 kernel access is it possible to do things like installing legit cia and downgrading or just making it easier to get ARM9 later on? Maybe we can get Custom Firmware on the latest Firmware later on


Not a continuation of mine.


----------



## Woody8275 (Oct 9, 2015)

MassExplosion213 said:


> Not a continuation of mine.


So the system flaw you are using is not yet known to most of us and will work on all old 3ds versions


----------



## pinguino1234 (Oct 13, 2015)

A noob question: Somethings news?


----------



## ric. (Oct 13, 2015)

If the creator of the thread hasn't posted anything new, then there is nothing new. Stop bumping dead threads please.


----------



## teampleb (Oct 13, 2015)

pinguino1234 said:


> A noob question: Somethings news?


1) Why did you revive this dead thread?
2) No.
3) Read the last few pages before asking. **facepalm**


----------



## Iceman1800 (Oct 13, 2015)

teampleb said:


> 1) Why did you revive this dead thread?
> 2) No.
> 3) Read the last few pages before asking. **facepalm**



His hoping the situation has changed


----------



## Phanton (Oct 13, 2015)

Iceman1800 said:


> His hoping the situation has changed


And because someone can't keep their hopes to themselves we have to keep coming here to read unnecessary posts?
This have been said a lot, but stop bumping this for once please.


----------



## AmandaRose (Oct 13, 2015)

Why have the admin not shut this thread down yet.


----------



## Deleted member 373322 (Oct 13, 2015)




----------



## teampleb (Oct 13, 2015)

Can a mod lock this damn thread already? It keeps getting bumped.


----------



## Woody8275 (Oct 13, 2015)

If this vulnerability really has no use then the thread should be closed


----------



## neobrain (Oct 13, 2015)

Maybe this thread should be closed, but maybe there will be a tiny bit of new information 50 pages from now.


----------



## teampleb (Oct 13, 2015)

neobrain said:


> Maybe this thread should be closed, but maybe there will be a tiny bit of new information 50 pages from now.


Nope, this thread is dead. People like you keep bumping it.


----------



## MassExplosion213 (Oct 13, 2015)

teampleb said:


> Nope, this thread is dead. People like you keep bumping it.


Lol. People like him. He's one of the devs of Citra. And he also contributes to 3dbrew.


----------



## teampleb (Oct 13, 2015)

MassExplosion213 said:


> Lol. People like him. He's one of the devs of Citra. And he also contributes to 3dbrew.


He still bumped it... You did too. Just let this thread die already.


----------



## ric. (Oct 13, 2015)

neobrain said:


> Maybe this thread should be closed, but maybe there will be a tiny bit of new information 50 pages from now.


Well, if OP finds something new he can just message a mod to have the thread unlocked, can't he?
Right now the thread serves no purpose other than give false hopes to noobs who can't be bothered to read through it.


----------



## Phanton (Oct 13, 2015)

teampleb said:


> He still bumped it... You did too.


Dude you just bumped the thread again too! What are you doing... oh shit.


----------



## OctopusRift (Oct 13, 2015)

Phanton said:


> Dude you just bumped the thread again too! What are you doing... oh shit.


God Dammit, you hypocrite... I would never do such a... FAHK.


----------



## ody81 (Oct 13, 2015)

So you're saying DON'T bump the thread?


----------



## OctopusRift (Oct 13, 2015)

ody81 said:


> So you're saying DON'T bump the thread?


I think that's the message...


----------



## ody81 (Oct 13, 2015)

OctopusRift said:


> I think that's the message...



Gotcha, thanks for the clarification.

Will not bump thread.


----------



## Cylent1 (Oct 13, 2015)

I accidently BUMPED my hand and hit the button!  Sorry Guys. lol


----------



## teampleb (Oct 13, 2015)

Mods PLS. Lock this thread.


----------



## OctopusRift (Oct 13, 2015)

teampleb said:


> Mods PLS. Lock this thread.


@Bortz, would you do the honors?


----------



## WeedZ (Oct 13, 2015)

Hey what's up guys?


----------



## SLiV3R (Oct 13, 2015)

WeedZ1985 said:


> Hey what's up guys?



Everything cool in here. Someone just found a kexploit on latest fw. JK


----------



## OctopusRift (Oct 13, 2015)

SLiV3R said:


> Everything cool in here. Someone just found a kexploit on latest fw. JK


Was it ARM12?


----------

