Homebrew NDS profile ROP payload as .3ds?

Searinox

"Dances" with Dragons
OP
Member
Joined
Dec 16, 2007
Messages
2,073
Trophies
1
Age
36
Location
Bucharest
XP
2,184
Country
Romania
DISCLAIMER: I normally would post this in the flashcart board, but since it deals more with flashcart issues than software development, and since homebrew users rely on it too to some extent, I will ask here.

I also normally wouldn't ask for this because I normally don't make requests since well, nobody has to honor them anyway.

I also normally don't have a use myself for this, but I know someone who could use it, and I imagine both people here and back on the flashcart board could have some use for it.

Now then...

I'd like to ask if anyone kindly could make a 3DS file that writes the DS mode exploit used to trigger everything from CFWs to flashcarts and whatnot.

The reason I'm asking this is for a few scenarios, where the new 4.5-9.2 exploit is launched and the person in question has either the CFW package or a Gateway/MT card but does not own an NDS flashcart. Rebooting into enhanced sysNAND mode after downgrade and then running that file would entirely remove the need for a DS card.

I realize that yes, people can either go to an exploit site or host one on a smartphone and use it everytime, but a 3DS file that writes the data to profile removes the need for both website hassle and a secondary card and I think could benefit a lot of people. The exploit source already exists so I'd imagine it's not too a hassle. Thank you.
 

loco365

Well-Known Member
Member
Joined
Sep 1, 2010
Messages
5,457
Trophies
0
XP
2,927
But how do you run a .3ds file if you don't have a flashcard? All 3DS flashcards come with a DS-mode card anyways, so if you run the 3DS to install the file, you'll probably have a DS card to use with it.
 

Searinox

"Dances" with Dragons
OP
Member
Joined
Dec 16, 2007
Messages
2,073
Trophies
1
Age
36
Location
Bucharest
XP
2,184
Country
Romania
You launch the web exploit and use GW's launcher.dat to downgrade, and then to boot enhanced sysnand mode. Red Card isn't needed for that. Then you simply replace the launcher with say, the CFW one, and you've set up CFW with zero flashcards.
 

Rinnegatamante

Well-Known Member
Member
Joined
Nov 24, 2014
Messages
3,162
Trophies
2
Age
29
Location
Bologna
Website
rinnegatamante.it
XP
4,857
Country
Italy
DISCLAIMER: I normally would post this in the flashcart board, but since it deals more with flashcart issues than software development, and since homebrew users rely on it too to some extent, I will ask here.

I also normally wouldn't ask for this because I normally don't make requests since well, nobody has to honor them anyway.

I also normally don't have a use myself for this, but I know someone who could use it, and I imagine both people here and back on the flashcart board could have some use for it.

Now then...

I'd like to ask if anyone kindly could make a 3DS file that writes the DS mode exploit used to trigger everything from CFWs to flashcarts and whatnot.

The reason I'm asking this is for a few scenarios, where the new 4.5-9.2 exploit is launched and the person in question has either the CFW package or a Gateway/MT card but does not own an NDS flashcart. Rebooting into enhanced sysNAND mode after downgrade and then running that file would entirely remove the need for a DS card.

I realize that yes, people can either go to an exploit site or host one on a smartphone and use it everytime, but a 3DS file that writes the data to profile removes the need for both website hassle and a secondary card and I think could benefit a lot of people. The exploit source already exists so I'd imagine it's not too a hassle. Thank you.

Post sourcecodes.
 

CalebW

Fellow Temper
Member
Joined
Jun 29, 2012
Messages
638
Trophies
0
Location
Texas
XP
545
Country
United States
You launch the web exploit and use GW's launcher.dat to downgrade, and then to boot enhanced sysnand mode. Red Card isn't needed for that. Then you simply replace the launcher with say, the CFW one, and you've set up CFW with zero flashcards.
I don't think that the browser exploit write to the nds profile, so, the CFW launcher would not work.
 

Searinox

"Dances" with Dragons
OP
Member
Joined
Dec 16, 2007
Messages
2,073
Trophies
1
Age
36
Location
Bucharest
XP
2,184
Country
Romania
The browser exploit doesn't write to the DS profile. It launches the GW launcher, which can then launch ehnanced sysnand mode. From there, the Red GW could launch a 3ds file that writes the DS profile exploit. Basically a .3ds version of GW_INSTALLER.NDS.
 

JustPingo

Well-Known Member
Member
Joined
Jan 11, 2015
Messages
497
Trophies
0
Age
24
XP
1,081
Country
France
I would love to see that happenning though since my Blue Card is not working on my 4.5 3DS to install DS Profile exploit, but Browser Exploit does.
 

Korin

Well-Known Member
Member
Joined
Jan 10, 2015
Messages
127
Trophies
0
Age
34
XP
235
Country
I would love to see that happenning though since my Blue Card is not working on my 4.5 3DS to install DS Profile exploit, but Browser Exploit does.
If you have another DS mode flash cart (I use my DsTwo) you can usually install it through that, though I would try and find information on specific flashcards first.
 

JustPingo

Well-Known Member
Member
Joined
Jan 11, 2015
Messages
497
Trophies
0
Age
24
XP
1,081
Country
France
If you have another DS mode flash cart (I use my DsTwo) you can usually install it through that, though I would try and find information on specific flashcards first.


The fact is that the only other one I own doesn't work, even with flashcardtimewarp xD
 

Korin

Well-Known Member
Member
Joined
Jan 10, 2015
Messages
127
Trophies
0
Age
34
XP
235
Country
The fact is that the only other one I own doesn't work, even with flashcardtimewarp xD
Just to make sure you're doing this all right, you've got the launcher.dat on your SD card (Internal), the gateway installer on your blue card's micro sd right?
Then you're starting the blue card, running the installer (It completes?)
Then going to the settings on your 3ds and selecting "DS Profile"?

I haven't heard of that not working before.
 

JustPingo

Well-Known Member
Member
Joined
Jan 11, 2015
Messages
497
Trophies
0
Age
24
XP
1,081
Country
France
Just to make sure you're doing this all right, you've got the launcher.dat on your SD card (Internal), the gateway installer on your blue card's micro sd right?
Then you're starting the blue card, running the installer (It completes?)
Then going to the settings on your 3ds and selecting "DS Profile"?

I haven't heard of that not working before.


No, the blue card just doesn't work.

On booting Deep Labyrinth:


Same with crappy R4i clone.

Oh, and I haven't mentioned that I use a downgraded console.
 

iwasaperson

Well-Known Member
Newcomer
Joined
Aug 1, 2013
Messages
82
Trophies
1
Age
39
XP
199
Country
United States
No, the blue card just doesn't work.

On booting Deep Labyrinth:


Same with crappy R4i clone.

Oh, and I haven't mentioned that I use a downgraded console.

You could try installing the cia to run all DS carts to SysNAND (BACKUP YOUR NAND)
 

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,721
Trophies
2
XP
8,468
Country
Tuvalu
Launcher.dat programs can have 100% nand access, so sure, it is possible to install the ds exploit via one of those (unless i am overlooking something) - but at the moment people have not figured how to get their own code working with GW's new web exploit. and even so, i don't think there is enough need for it for someone to go to the effort of creating it.
but sure it's a nice idea
 

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
23,207
Trophies
4
Location
Space
XP
13,732
Country
Norway
You launch the web exploit and use GW's launcher.dat to downgrade, and then to boot enhanced sysnand mode. Red Card isn't needed for that. Then you simply replace the launcher with say, the CFW one, and you've set up CFW with zero flashcards.
The red card is needed to run the .3ds though. :unsure:
 

Aurora Wright

Well-Known Member
Member
Joined
Aug 13, 2006
Messages
1,550
Trophies
3
XP
4,468
Country
Italy
Launcher.dat programs can have 100% nand access, so sure, it is possible to install the ds exploit via one of those (unless i am overlooking something) - but at the moment people have not figured how to get their own code working with GW's new web exploit. and even so, i don't think there is enough need for it for someone to go to the effort of creating it.
but sure it's a nice idea
The Rop chain isn't on nand, but on the ds-mode nvram.
I think it's technically doable since the 4.5 exploits achieve full control over arm9 and arm11, but no code for writing to nvram has been released (I think).
 
  • Like
Reactions: cearp

Vappy

Well-Known Member
Member
Joined
May 23, 2012
Messages
1,508
Trophies
2
XP
2,613
Country
at the moment people have not figured how to get their own code working with GW's new web exploit.
Yifanlu has reversed it least as far as getting usermode exec with gspwn, and has done a writeup of most of it on his blog. If ssspwn as a whole doesn't give access to cfg:nor then gspwn by itself won't, but if he continues to make progress, it might be possible.
 
  • Like
Reactions: cearp

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Communism lol
  • SylverReZ @ SylverReZ:
    OUR products
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    +2
  • BakerMan @ BakerMan:
    @LeoTCK is your partner the sascrotch or smth?
  • Xdqwerty @ Xdqwerty:
    Good morning
  • Xdqwerty @ Xdqwerty:
    Out of nowhere I got several scars on my forearm and part of my arm and it really itches.
  • AdRoz78 @ AdRoz78:
    Hey, I bought a modchip today and it says "New 2040plus" in the top left corner. Is this a legit chip or was I scammed?
  • Veho @ Veho:
    @AdRoz78 start a thread and post a photo of the chip.
    +2
  • Xdqwerty @ Xdqwerty:
    Yawn
  • S @ salazarcosplay:
    and good morning everyone
    +1
  • K3Nv2 @ K3Nv2:
    @BakerMan, his partner is Luke
  • Sicklyboy @ Sicklyboy:
    Sup nerds
    +1
  • Flame @ Flame:
    oh hi, Sickly
  • K3Nv2 @ K3Nv2:
    Oh hi flame
  • S @ salazarcosplay:
    @K3Nv2 what was your ps4 situation
  • S @ salazarcosplay:
    did you always have a ps4 you never updated
  • S @ salazarcosplay:
    or were you able to get new ps4 tracking it \
    as soon as the hack was announced
  • S @ salazarcosplay:
    or did you have to find a used one with the lower firm ware that was not updated
  • K3Nv2 @ K3Nv2:
    I got this ps4 at launch and never updated since 9.0
  • K3Nv2 @ K3Nv2:
    You got a good chance of buying a used one and asking the seller how often they used or even ask for a Pic of fw and telling them not to update
    K3Nv2 @ K3Nv2: You got a good chance of buying a used one and asking the seller how often they used or even ask...