Homebrew Homebrew Development

[spinal_cord]

So..... anyone done a video player yet?



....joke

 

[nop90]

Teoretically, to lauch ARM11 code using the DS profile hack, you have to start with ARM9 code, copy ARM11 code in a proper memory location, then start a new process running on ARM11 at the entry point of new code.

ARM9 can do this, what I don't know is how to do it (some ideas, but a lot more to study), and if the process whe are using has rights to do it. If not you need a second exploit.

Look simple, but it's not. If you have time to spend, why don't you help us to understand how to access GPU? A little step for coders, but a big step for 3DS Homebrew!!!

 

[YoshiInAVoid]

Teoretically, to lauch ARM11 code using the DS profile hack, you have to start with ARM9 code, copy ARM11 code in a proper memory location, then start a new process running on ARM11 at the entry point of new code.

ARM9 can do this, what I don't know is how to do it (some ideas, but a lot more to study), and if the process whe are using has rights to do it. If not you need a second exploit.

Look simple, but it's not. If you have time to spend, why don't you help us to understand how to access GPU? A little step for coders, but a big step for 3DS Homebrew!!!

I'm guessing we'd have to memcpy over a return address to get ARM 11 to jump to the code we copied via ARM 9 but I'd have to dissemble RAM dumps first to see where to do it.

 

[st4rk]

Teoretically, to lauch ARM11 code using the DS profile hack, you have to start with ARM9 code, copy ARM11 code in a proper memory location, then start a new process running on ARM11 at the entry point of new code.

ARM9 can do this, what I don't know is how to do it (some ideas, but a lot more to study), and if the process whe are using has rights to do it. If not you need a second exploit.

Look simple, but it's not. If you have time to spend, why don't you help us to understand how to access GPU? A little step for coders, but a big step for 3DS Homebrew!!!

Well.. we have the C Inline ASM, if you use the Jump instruction to a region of memory and write a code assembly(to copy the ARM11 code), maybe that's work.

Anyone know where the Gateway inject the ARM11 code ?

 

[TheCruel]

Anyone know where the Gateway inject the ARM11 code ?

Some people here have taken the time to look through the obfuscated ROP chains of the Gateway launcher. But they're generally more concerned about elitism than progress in the homebrew community.

If you want, you probably have to go get a decrypted Gateway 1.0 launcher (the least obfuscated) and examine it, along with a RAM dump for reference, to see what's going on. A pain in the ass.

 

[st4rk]

A pain in the ass.

this define haha.

Maybe the best way to progress in homebrew community is study the gateway launcher(to find the way to inject ARM11 code).


Or, wait for one day Smealum release this(IF HIM RELEASE).

~~
ctrllib is very interesting, many system calls from 3DS are written :]
https://github.com/smealum/ctrulib/blob/master/libctru/include/ctr/svc.hhttps://github.com/smealum/ctrulib/blob/master/libctru/source/svc.s

@nop90

Hey dude, with ARM9 is impossible use OpenGL from GPU ?

 

[Abcdfv]

So I know you guys learn most of the things you know on-the-fly, but do you know of any resources for someone who has only basic C knowledge to learn more? At this point I just know basic console stuff not far past hello world, but I'd like to write homebrew games once the 3ds has a better library. (And hopefully ARM11)

 

[CalebW]

So I know you guys learn most of the things you know on-the-fly, but do you know of any resources for someone who has only basic C knowledge to learn more? At this point I just know basic console stuff not far past hello world, but I'd like to write homebrew games once the 3ds has a better library. (And hopefully ARM11)

I wrote Breakout after just about a week of studying C... I'm just learning a lot by just looking at the source and trying to decipher what it means (especially the inline ASM commands).

 

[Slashmolder]

Well.. we have the C Inline ASM, if you use the Jump instruction to a region of memory and write a code assembly(to copy the ARM11 code), maybe that's work.

Anyone know where the Gateway inject the ARM11 code ?

Gateway uses 0x1FFF4000 which is part of the exception vectors.

 

[PedroDJavier]

0.3 is the last version ? or the github versino is newer ? anyone can compile it ?

 

[st4rk]

Gateway uses 0x1FFF4000 which is part of the exception vectors.

That's great, but have a problem.. i don't know how work the ARM architecture(i need study more of it), but to acess the ARM11, we need write the code in exception vectors and if the ARM11 read this code, this will change the "Instruction Register"(i don't know if in ARM architecture the next adress of memory for execute is save in register), then, put the address in Instruction Register and the next instruction to execute is our code.

Maybe that text have a lot of erro in english, sorry my bad english :/

 

[st4rk]

Hello guys, sorry double post, anyone know the address where launcher.dat is injected ?(ARM9)


Regards, St4rk.

 

[Kane49]

Hello guys, sorry double post, anyone know the address where launcher.dat is injected ?(ARM9)

Regards, St4rk.

Our code gets run at 0x080C3EE0, launcher.dat gets loaded at 0x002B0000 (virtual)

 

[st4rk]

Okay, i'm thinking on a way to acess the ARM11, here is my theory:


Write and compile the launcher.dat with an C Inline ASM, example:

        asm("b 0x1FFF4000;"
        "mov r0, #0x080C3EE0;");

but it is a shot in the wild, i don't know if the ARM11 will read this code or no :s

 

[Kane49]

Okay, i'm thinking on a way to acess the ARM11, here is my theory:


Write and compile the launcher.dat with an C Inline ASM, example:

        asm("b 0x1FFF4000;"
        "mov r0, #0x080C3EE0;");

but it is a shot in the wild, i don't know if the ARM11 will read this code or no :s

The arm11 won't just magically execute our code ^^

 

[st4rk]

But if the ARM11 read this region of memory is probably will read that code, no ?

 

[PewnyPL]

But if the ARM11 read this region of memory is probably will read that code, no ?

I don't really know ARM architecture, but from what I understood from what everyone said so far, the ROPLoader exploit leaves 3DS in ARM9 only mode, kinda like if ARM11 was pretty much 'off' and ignoring everything.

 

[st4rk]

I don't really know ARM architecture, but from what I understood from what everyone said so far, the ROPLoader exploit leaves 3DS in ARM9 only mode, kinda like if ARM11 was pretty much 'off' and ignoring everything.

this change everything of i'm thinking, now i don't have any idea to work on the ARM11 :/

 

[Kane49]

I don't really know ARM architecture, but from what I understood from what everyone said so far, the ROPLoader exploit leaves 3DS in ARM9 only mode, kinda like if ARM11 was pretty much 'off' and ignoring everything.

Arm11 is still pretty much on, anyway arm11 code exec is not the magic promised land ^^

 

[PewnyPL]

Arm11 is still pretty much on, anyway arm11 code exec is not the magic promised land ^^

That's why I put 'off' in quotes, since I know it's not physically off (and is probably handling some minor OS stuff like StreetPass). The word I was looking for was idle.