Hi, I know it's explicitly stated that GW3DS will only work on 4.5 or lower but I heard the rom on the red card that's required before using will work on 3DS up to 5.5. Does that mean that there's still hope for the card being patched to work on up to 5.5 or is that out of the question? I know that talking about possible scenarios might seem like a waste of time but I'm just trying to understand how likely it is, because obviously it would be more likely for it to eventually be patched to work on that than on the newest firmware. Also how do updates work on the gateway blue card? Is it like old school NDS flash carts where you load it on then use a DS it still works on to patch the firmware of the card? Or is it even possible to update the blue card? Thanks in advance
the gateway installer works up to 6.x but the exploit needed to run roms got fixed after 4.5
it's only possible to run 5.1 games on 4.5 with gateway, because they simply bypass the fw check.
in order to make gateway usable on systems higher then 4.5 they need to find a new exploit
if or when this will be accomplished is impossible to predict
it's only possible to run 5.1 games on 4.5 with gateway, because they simply bypass the fw check.
in order to make gateway usable on systems higher then 4.5 they need to find a new exploit
if or when this will be accomplished is impossible to predict
http://imgur.com/NGLrSCd
That's what they said to me a few days ago:
We do not know when our software for firwmare 5.x anf 6.x will be ready.
It requires some work that can't be counted in hours of engineering, because
programming is not like that. It can by anywhere from 1 week to 3 months.
mailto:[email protected]
That's what they said to me a few days ago:
We do not know when our software for firwmare 5.x anf 6.x will be ready.
It requires some work that can't be counted in hours of engineering, because
programming is not like that. It can by anywhere from 1 week to 3 months.
mailto:[email protected]
They seem pretty sure they can accomplish it but they have to find a new exploit and for all we know there may not be one that still works on newer firmwares. That's unlikely as there are always bugs in coding, but finding it may just not be feasible, and could take years.
That said, like I said they seem so sure of themselves, so they must have a great team of hackers up their sleeve. Let's see what they can accomplish.
I'm hopeful myself, but I know there's no way to really know how long it will take and I know these things are very difficult, so difficult it may never be accomplished.
- Joined
- Jun 8, 2011
- Messages
- 939
- Trophies
- 0
- Age
- 24
- Location
- Ireland
- Website
- darkraino1.zymichost.com
- XP
- 476
- Country
Please correct me if I have any of this information wrong.
It's not really finding a new exploit as such.
As I understand it, the exact same exploit has been there all the way up to 6.2 (As in patched in 6.2) and therefore it is possible theoretically.
Here is the problem :
The ROP chains appear to be firmware specific, meaning that they have to figure out a way to go from the mset hack to kernel level access in later firmware versions.
I personally have faith in them on this one.
It's not really finding a new exploit as such.
As I understand it, the exact same exploit has been there all the way up to 6.2 (As in patched in 6.2) and therefore it is possible theoretically.
Here is the problem :
The ROP chains appear to be firmware specific, meaning that they have to figure out a way to go from the mset hack to kernel level access in later firmware versions.
I personally have faith in them on this one.
As far as I know, the same approach will not work again, even if they figure that out.
The way the previous exploit worked was that the Installer wrote over DS profile data which is divided into two sections - the original and the backup profiles. If corruption was detected in the first profile, the system automatically overwrote it with data stored in the second profile.
By writing code and misc. junk (as to push the code out-of-bounds and into the section of memory where binaries are stored later on) into the second profile and then filling the first profile with corrupt data, one could fool the 3DS into writing the code stored in the second profile into the first profile, treating it as valid by proxy and effectively pushing the code into memory where it could be executed.
Oddly enough, the same thing cannot be done on the DSi although the same DS profile system exists there, which leads me to believe that this security hole has been patched over and will no longer be accessible, but here's for hoping.
- Joined
- Oct 1, 2011
- Messages
- 398
- Trophies
- 0
- Age
- 31
- Location
- Vire, France
- Website
- arnold0.com
- XP
- 351
- Country
What have been fixed in 6.2 ? I tried running the gatway mode installer on my 3DS even if I don't have gateway (my 3DS is on 6.2). And it froze at DS profile screen before trowing an error, and it do that all the time until I enter a DS game. So I think the way to crash the 3DS is still in 6.2 but they need to change the way to get kernel acces or I'm totally wrong ?
Depends on how the crash is handled, aka, if you can push the ROP chain out-of-bounds and into executable memory or not and whether you can execute it from there. If there is an exception in place that prevents you from doing that or if the second profile is now verified in the same way as the first profile is then the error simply means that gibberish was detected in the DS settings of the system.
Like I said, the loophole was that the second profile was assumed to be always valid. This is because of the way data was normally written to it - if you change your nick or favourite colour, it saves to the first profile and if it's valid, it backs up to the second. The Gateway installed their exploit directly into the second profile, aka the backup - the 3DS just assumed it was correct although it was in fact hidden code and padding.
The moment corruption was detected in the first profile, second profile was used to "correct it" and "bang!" - the padding filled up profile data while the code at the end of it was pushed beyond the bounds and into executable memory within 3DS Mode.
I believe they can do and hopefully we can hear about a update to play gw3ds on 6.2+. I sent for gw3ds thank goodness I have a dslite to play it while I wait.
The issue is NOT that the vulnerability was patched, but the fact the memory addresses in use on 5.1+ are different, and they need to determine how much padding they need to align their injected code into the proper memory address that will be blindly executed by the 3DS. Gateway pretty much confirmed that the vulnerability hadn't been patched by Nintendo in all firmwares that were currently released (up until 6.2). Unfortunately, it is a needle in a haystack trying to find the proper memory address that needs to be rewritten to
That's fantastic news, thank you for clarifying that, I was convinced the vulnerability was patched.
Well fuck me, I just bought a new White 3DS XL off amazon and got the 2013 model.
Tried to persuade customer support to give me a 2012 one, they wouldn't do it because it's the same product in their system.
Wasted my money, unless GW3DS finds a solution :/
Tried to persuade customer support to give me a 2012 one, they wouldn't do it because it's the same product in their system.
Wasted my money, unless GW3DS finds a solution :/
well if they did it for 4.5 i guess they can do it for the rest right? (eventually)
ooh i thought i read the black xl was above 4.5, at least the non japanese ones., and a 2013 one at that! you must be lucky!Look first into the package and start the 3ds then you can see the version.
I have bought a 2013 black 3DS XL and it was on 4.5!
Similar threads
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
Sicklyboy:
@Xdqwerty, to answer your question, they're a fusion Brit-pop/J-pop/electronic band with a woman vocalist. Flamingo is hands down their best known song but they've got a ton of other really good songs+1 -
@
Sicklyboy:
For example, one of my other favorite songs from them, with some massive house music influence -+1
-
-
-
-
-
-
-
-
