Deleted

Can't hack a 3DS if you don't have one!

feelsbadman.jpg

Haha! Seriously?
I thought it was stabler than a brick wall!

Brick walls always have a structurally weak point @Spectral Blizzard

Not that i believe the OP without a POC or source code or anything at all but the webkit has always been a weak point in userland. Mostly because the webkit is based on an open source work and this in its self makes finding a flaw much easier.

Cool. How does it work? What does it exploit? Do you have any experimental versions or sources? What browser/system version?

Simply go to a webpage. Userland access. Not yet. 11.6. @SirNapkin1334

whats UAF

@dAVID_ it means Use After Free

But is there even a PoC?

Well if true i egerly await more info/a working HBL entry point.

Sadly, I have no ROP. Just a browser freezer ATM.

Get hyp- oh wait, my 3DS is on 11.3 still. I'm more surprised the 3DS hasn't been hacked in a while.

@viri it wouldn't even matter, this only gets you userland which can't be used to install CFW (discounting single-system DSiWare injections).

I haven't been following the 3DS scene, as my 3DS is fully hacked, and hasn't been used since Metroid 2. Has there really been no exploit for the newest firmware? Are people just fucked on the latest firmware? Or is there another way?

@Viri there's ntrboot and hardmods for all versions, and DSiWare Injection (be it single-system or multi-system) for 11.6. They're not fucked, but it costs money, whereas those on <=11.3 can get it for free.

The current state of the 3ds on all newer firmwares requires write permisions to nand. Currently there are only 4 known ways to gain R/W permissions on NAND. The first is an explout chain including userland ARM11 and ARM9 takeover. Currently this is only possible on 11.2 and bellow as no new ARM kernel exploits have been shared. The socond method is with a hard mod. The third method is dsiwarehax (DSiWare has R/W to the entire NAND chip do to the way they work. Inject a takover and you have write to nand. The final method is with NTRboot. It exploits a function of the bootrom desigbed for recovery purposes to launch code directly from the game card slot at boot. This has the needed permisions to write to nand as well.

@mikey420 actually, 11.3 and below.

Huh srtrange i thought safehax was patched in 11.3. Guess you are right though according to the guide.

@mikey420 they tried to patch it but they did it terribly, all it needed was an update to safehax to get it working with 11.3. They patched it properly with 11.4 though.