Hacking 3DS 6.3 Exploit Found

[Foxi4]

You have got to be kidding me.

Nobody is pestering smealum. Nobody is criticising his work. Nobody is complaining about not having a free rom loading solution. In fact the rom backup playback topic is brought up by people who are completely missing my point!!!

All I ever said was to objectively mention the limitations of SSSPwn. Odin's beard! It's it that hard to not misconstrue my statements?

See post on previous page. We don't know what kind of patches, if any, SSSPwn might introduce so no, I don't see a reason why it should be dissed at this point in time. Smealum already demonstrated a couple of things on his channel and those things included wallpapers/edited icons. Other developers who are also anti-piracy presented region free hacks. I think it's fair to assume that both features are on the radar for the homebrew community, so raising the alarm now is premature to say the least. Literally the only things userland-only access causes are the lack of capacity to load ROM's from illegitimate sources and the lack of capacity to modify the actual OS, that's it.

 

[shinyquagsire23]

[quote="Foxi4, post: 4958691, member: 203855"
C'mon, people. Don'd diss and don't dismiss before you actually get to try the final product. I'm sure that the homebrew community despises region locks just as much as you guys do and as long as the software will be legitimate... well... where there's a will, there's a way. Just be patient, give the man some time and some space.[/quote]


Exactly, if the community really wants piracy and region unlocking, they'll do it as soon as an exploit of some sort is released, even if smealum (or Nintendo) tries as hard as he can to prevent it. In the mean time we can at least use the Gateway for piracy and smealum's exploit for homebrew until we get a loader for pirated games out there.

 

[gamesquest1]

basically even if your being "objective" it come across as insulting, like if i invented a time mashine that could only go forward or backward one week....thats pretty impressive, but before i even get to manufacturing it i have people complaining that its "limited"....I'm sorry but unless there is a better option, my option is not really limited, its just the best that is available and people should accept it, complaining about it is pointless and insulting to the person that spent their time creating it having people who don't even understand how it works claiming the work is not good enough for them

I'm all for objective criticism but nobody really know what capabilities SSSPawn really has atm, it seems to achieve everything smea wanted so in that sense its not limited in the slightest

 

[the_randomizer]

There's a clear difference between constructive and destructive criticism

 

[elunesgrace]

You know, I agree with Foxi4, I mean some of the posts to be honest would be so demotivating to read that I'd just want to quit my work.

If you don't like someone's direction on something they are doing of their own free time, then give them a polite suggestion, and move on.

Let's not demotivate the people doing the work.


We don't want to be like the old-people we sometimes meet, complaining about everything but not doing anything ourselves!

 

[lambstone]

See post on previous page. We don't know what kind of patches, if any, SSSPwn might introduce so no, I don't see a reason why it should be dissed at this point in time. Smealum already demonstrated a couple of things on his channel and those things included wallpapers/edited icons. Other developers who are also anti-piracy presented region free hacks. I think it's fair to assume that both features are on the radar for the homebrew community, so raising the alarm now is premature to say the least. Literally the only things userland-only access causes are the lack of capacity to load ROM's from illegitimate sources and the lack of capacity to modify the actual OS, that's it.

This is from smealum's blog clarifying SSSPwn http://smealum.net/?p=506

"sweet spot that gives us just enough to get awesome homebrew code running in arm11 user mode, but not enough to break the system bad enough to let anyone do whatever the hell they want"

"ssspwn comes in; it essentially replaces the FIRM exploit we had on 4.5 and lets us execute arbitrary code"

By direct inference, that means that SSSPwn while powerful is limited to homebrew code! Arm11 user mode code is only good for homebrew. SSSpwn replaces the FIRM exploit. The FIRM exploit is where all the other magic happens (redNand, region free and other editing of the firmware).


Once again. Because everyone conveniently misses out this important part. Nobody is dissing smea's work nor forcing him to release everything.

All that is being done right now is to discuss the 6.x exploit. Discussing it's limitations is a legitimate discussion isn't it? Or would some of you rather have a bias discussion and just focus solely on the good things. Because if a discussion does not legitimize the pros and cons of a topic, it ceases as a discussion and turns into fascism.

 

[Foxi4]

Inference is the act or process of deriving logical conclusions from premises known or assumed to be true. (...) For example, consider the form of the following symbological track:

1. All meat comes from animals.
2. Beef is a type of meat.
3. Therefore, beef comes from an animal.

(...)

A valid argument with false premises may lead to a false conclusion:

1. All tall people are Greek.
2. John Lennon was tall.
3. Therefore, John Lennon was Greek.

Logical inference only allows you to infer that the exploit replaces the FIRM exploit we had on 4.5, ergo the 4.5 exploit becomes obsoleted and that it allows to run arbitrary code on ARM11 while simultaneously limiting what you can do with the system. Anything beyond this point is complete speculation as you have no further data regarding what that limitation is, you only know that "it won't allow whatever the hell (you) want", which is not a terribly descriptive term. You're not infering, you're implying.

Implicature is a technical term in the pragmatics subfield of linguistics, coined by H. P. Grice, which refers to what is suggested in an utterance, even though neither expressed nor strictly implied (that is, entailed) by the utterance. For example, the sentence "Mary had a baby and got married" strongly suggests that Mary had the baby before the wedding, but the sentence would still be strictly true if Mary had her baby after she got married.

The joy of linguistics...

 

[gamesquest1]

This is from smealum's blog clarifying SSSPwn http://smealum.net/?p=506

"sweet spot that gives us just enough to get awesome homebrew code running in arm11 user mode, but not enough to break the system bad enough to let anyone do whatever the hell they want"

"ssspwn comes in; it essentially replaces the FIRM exploit we had on 4.5 and lets us execute arbitrary code"

By direct inference, that means that SSSPwn while powerful is limited to homebrew code! Arm11 user mode code is only good for homebrew. SSSpwn replaces the FIRM exploit. The FIRM exploit is where all the other magic happens (redNand, region free and other editing of the firmware).


Once again. Because everyone conveniently misses out this important part. Nobody is dissing smea's work nor forcing him to release everything.

All that is being done right now is to discuss the 6.x exploit. Discussing it's limitations is a legitimate discussion isn't it? Or would some of you rather have a bias discussion and just focus solely on the good things. Because if a discussion does not legitimize the pros and cons of a topic, it ceases as a discussion and turns into fascism.

you have a habit of focusing on the bad though, this exploit does not remove the 4.x exploit,its a new exploit with new limitations, the way you talk about it makes it seem like this is an exploit that can't do anything, in theory it can do pretty much anything homebrew related that the 4.x exploit could do, you seem to be focused on comparing it to an exploit that has already been patched, that's not smealums fault, he cant magically make it any better that what it is, and there is no point in dragging it through the mud because its not as "good" as the current exploits.

look at it objectively, its a new exploit that should be judged on its own merits not held up against a completely different exploit

 

[elunesgrace]

Logical inference only allows you to infer that the exploit replaces the FIRM exploit we had on 4.5, ergo the 4.5 exploit becomes obsoleted and that it allows to run arbitrary code on ARM11 while simultaneously limiting what you can do with the system. Anything beyond this point is complete speculation as you have no further data regarding what that limitation is, you only know that "it won't allow whatever the hell (you) want", which is not a terribly descriptive term. You're not infering, you're implying.
The joy of linguistics...

Why are you turning this into a philosophy class

 

[Ryukouki]

Why are you turning this into a philosophy class

Nothing wrong with a bit of philosophy.

 

[Foxi4]

Why are you turning this into a philosophy class

Because lambstone is mixing up things that are entailed with things that are merely implied and infers conclusions which may or may not be true on the basis of rather poor evidence. It's essentially like concluding that "the t-shirt Foxi4 is wearing right now is definitely blue" if I say that it's "a dark colour". It can be blue, sure. It can also be black or dark green. I didn't actually say what colour it is, anything beyond the point of "dark" is speculation.

 

[TheCruel]

the only reason ssspwn isn't yet available is that it can't yet be used on 7.1, and that we're still working on that.

I don't understand this. It's a stage 2 exploit that still exists in latest firmware and you're looking for a stage 1 entry-point in 7.1, correct? How is releasing it now going to be different than when you release it after discovering a new entry-point? It's like holding off on a software release because you only have Windows support and not OSX as well, as if OSX support can't be released later.

 

[lambstone]

you have a habit of focusing on the bad though, this exploit does not remove the 4.x exploit,its a new exploit with new limitations, the way you talk about it makes it seem like this is an exploit that can't do anything, in theory it can do pretty much anything homebrew related that the 4.x exploit could do, you seem to be focused on comparing it to an exploit that has already been patched, that's not smealums fault, he cant magically make it any better that what it is, and there is no point in dragging it through the mud because its not as "good" as the current exploits.

look at it objectively, its a new exploit that should be judged on its own merits not held up against a completely different exploit

Yes. You're absolutely correct. I focus on the bad points here because all I've seen so far is people praising how great everything is. I'm just trying to bring back objectivity into this discussion by describing the very real limitations of the 6.x exploit and consequently SSSpwn.

Logical inference only allows you to infer that the exploit replaces the FIRM exploit we had on 4.5, ergo the 4.5 exploit becomes obsoleted and that it allows to run arbitrary code on ARM11 while simultaneously limiting what you can do with the system. Anything beyond this point is complete speculation as you have no further data regarding what that limitation is, you only know that "it won't allow whatever the hell (you) want", which is not a terribly descriptive term. You're not infering, you're implying.
The joy of linguistics...

http://smealum.net/?p=506
"ssspwn comes in; it essentially replaces the FIRM exploit we had on 4.5"
"sweet spot that gives us just enough to get awesome homebrew code running in arm11 user mode, but not enough to break the system bad enough to let anyone do whatever the hell they want"
"FIRM vuln is exploited to obtain arm9 code exec"

http://smealum.net/?page_id=299
This post explains what the FIRM exploit is capable of.

 

[lambstone]

I don't understand this. It's a stage 2 exploit that still exists in latest firmware and you're looking for a stage 1 entry-point in 7.1, correct? How is releasing it now going to be different than when you release it after discovering a new entry-point? It's like holding off on a software release because you only have Windows support and not OSX as well, as if OSX support can't be released later.

I've read Smealum's blog posts enough to understand how it works, the basics anyway.

3DS exploits works in 2 stages.

With 4.x, the MSET exploit is used to launch the stage 2 exploit (NATIVE_FIRM).

With 6.x, Nintendo closed of the stage 2 (NATIVE_FIRM) exploit. HOWEVER, the MSET exploit still exists. So for 6.x we have the 1st stage but not the 2nd stage. NOW... smealum has come up with something called SSSPwn which for all purposes can now be considered as the stage 2 exploit as it REPLACES the NATIVE_FIRM exploit.

With 7.x this SSSPwn appears to still be viable as a STAGE 2 exploit as it is completely new and likely that Nintendo is unaware of it. So the issue here is that for 7.x MSET and NATIVE_FIRM exploits have been closed off and SSSpwn MIGHT work but we still need the STAGE 1 exploit to launch SSSPwn

 

[Foxi4]

This post explains what the FIRM exploit is capable of.

From the same post:

Fortunately for you all though, I’m sure GW or some other team will beat me to the chase anyway…

I shall now infer that smealum works in cahoots with Gateway, there's no other logical reason for him to be so sure that "someone else" would beat him to the punch.

Of course that's completely wild speculation on my part which is more than likely incorrect, but hey.

Either way, you guys have fun. As long as no one's putting pressure on good 'ol smealum and everyone lets him work in peace, I'm okay with your speculation. It's okay to guess as long as it doesn't get heated and burns others in the process. We've already seen people "begging him for pokemon" before, let's not do the same thing about kernel access and judge the final product instead.

 

[lambstone]

From the same post:I shall now infer that smealum works in cahoots with Gateway, there's no other logical reason for him to be so sure that "someone else" would beat him to the punch.

Of course that's completely wild speculation on my part which is more than likely incorrect, but hey.

Either way, you guys have fun. As long as no one's putting pressure on good 'ol smealum and everyone lets him work in peace, I'm okay with your speculation. It's okay to guess as long as it doesn't get heated and burns others in the process. We've already seen people "begging him for pokemon" before, let's not do the same thing about kernel access and judge the final product instead.

Haha good one though you probably shouldn't mention that, even as a joke. Some people are awfully touchy and sensitive to such things.

Ok. Now I get why you said what you said in the previous post.

I just need a clarification about low level hacking of the 3DS. For things that redirecting NAND and region free, does it require ARM9 code execution? Because it does, it would clear the air quite a bit.

 

[Foxi4]

Haha good one though you probably shouldn't mention that, even as a joke. Some people are awfully touchy and sensitive to such things.

Ok. Now I get why you said what you said in the previous post.

I just need a clarification about low level hacking of the 3DS. For things that redirecting NAND and region free, does it require ARM9 code execution? Because it does, it would clear the air quite a bit.

Really glad that we have an understanding here. I think that the best source of information in this regard is probably smealum himself. If you're polite enough and ask him directly, I'm sure he'll give you the confirmation you require without spilling the most important beans that are best kept in secrecy.

PS: Stay optimistic. Where there's a will, there's a way.

 

[TheCruel]

I've read Smealum's blog posts enough to understand how it works, the basics anyway.

I know, but still doesn't answer why it's not being released now. He's saying it will "burn the vuln" as if it won't be able to be used on 7.1 if it's released today.

I'm assuming he's scared Nintendo will patch it soon after release and so he's trying to support the latest firmware so everyone can use it immediately. But it's a false solution. No matter when it's released, subsequent firmwares will have it patched. So I don't understand what's gained by waiting.

 

[lambstone]

Really glad that we have an understanding here. I think that the best source of information in this regard is probably smealum himself. If you're polite enough and ask him directly, I'm sure he'll give you the confirmation you require without spilling the most important beans that are best kept in secrecy.

PS: Stay optimistic. Where there's a will, there's a way.

I'm afraid not. I think me and smealum have gotten off on the wrong foot.

So far, all I have gotten about ARM9 is that the ARM9 processor is responsible for low level stuff including the 3DS various bits of hardware.

I know, but still doesn't answer why it's not being released now. He's saying it will "burn the vuln" as if it won't be able to be used on 7.1 if it's released today.

I'm assuming he's scared Nintendo will patch it soon after release and so he's trying to support the latest firmware so everyone can use it immediately. But it's a false solution. No matter when it's released, subsequent firmwares will have it patched. So I don't understand what's gained by waiting.

He's waiting to determine whether it works on 7.x. If it does, then he can release it. Release it before he's sure it would work would mean nintendo can easily update to say.... 7.2 and block it out. This can limit people's access. If on the other hand he confirms it works on 7.1, people can safely update to 7.1 to prep for the release.

 

[Snailface]

I know, but still doesn't answer why it's not being released now. He's saying it will "burn the vuln" as if it won't be able to be used on 7.1 if it's released today.

I'm assuming he's scared Nintendo will patch it soon after release and so he's trying to support the latest firmware so everyone can use it immediately. But it's a false solution. No matter when it's released, subsequent firmwares will have it patched. So I don't understand what's gained by waiting.

The more consoles that are eligible to be hacked at the time of release, the bigger the hb community. Most people that will go for homebrew are continuously active 3ds users (hardcores) and are likely to be fully updated. Yes, people who updated may chose to buy and older firm system just for homebew, but few are that hardcore and/or rich.

If you have one shot at it, make it for the largest possible audience.