Toggle sidebar

Hacking Using custom launcher.dat with Gateway Go

  • Thread starter Thread starter AtlanticBit
  • Start date Start date
  • Views Views 35,904
  • Replies Replies 219
  • Likes Likes 1
shutterbug2000 said:
But how would I use that to run homebrew? As in, blargSnes, gameboy emulator(forget what its called), etc. How could I do this?
Click to expand...

That would be pretty hard, you would have to find a way to enable the correct services to do this. It might be possible to take over a running application (in the same way regionthree takes over Download Play to get the ns:s service).
 
Well, if you look up in this thread, someone who RE'd the gw launcher explained how he injected homebrew into the gw launcher, and it worked. (At least, that's what I got from it.) However, I don't understand exactly how to do it. That's where I need help.
 
MRJPGames said:
To include what code exactly?
Click to expand...
The code from gateway which does all the exploiting and then instead of loading their launcher load your own homebrew, from what I understood the new code gives you rights to do everything so no need to take over other services.
 
yifan_lu said:
It's pretty easy actually. Compile your ARM11 userland code (make sure it starts with a NOP), encrypt it with the shitty stream cipher described in my first post (along with the original part 2). Find the offset to the encrypted payload for your FW version (diff my annotated ROP payload with the go hax for your FW version, the gadgets are the same) and replace it with part 2 + your custom ARM code. and it will run.

Or what I did was replace two words in the first stage to skip the decryption. Then you don't have to bother encrypting/decrypting each time you make a change.
Click to expand...
The hero we need, not the one we deserve
 
  • Like
Reactions: SLiV3R
Sizednochi said:
The hero we need, not the one we deserve
Click to expand...

its-dangerous-to-go-alone-take-this.jpg

Take this our needed yet undeserved hero.
 
  • Like
Reactions: Margen67 and Sizednochi
"It's pretty easy actually. Compile your ARM11 userland code (make sure it starts with a NOP), encrypt it with the shitty stream cipher described in my first post (along with the original part 2). Find the offset to the encrypted payload for your FW version (diff my annotated ROP payload with the go hax for your FW version, the gadgets are the same) and replace it with part 2 + your custom ARM code. and it will run.

Or what I did was replace two words in the first stage to skip the decryption. Then you don't have to bother encrypting/decrypting each time you make a change."

^^ How EXACTLY would I do this process?
 
shutterbug2000 said:
"It's pretty easy actually. Compile your ARM11 userland code (make sure it starts with a NOP), encrypt it with the shitty stream cipher described in my first post (along with the original part 2). Find the offset to the encrypted payload for your FW version (diff my annotated ROP payload with the go hax for your FW version, the gadgets are the same) and replace it with part 2 + your custom ARM code. and it will run.

Or what I did was replace two words in the first stage to skip the decryption. Then you don't have to bother encrypting/decrypting each time you make a change."

^^ How EXACTLY would I do this process?
Click to expand...

IDK, you could look at the source of regionthree. Region three has the rop source code and the compiled .dat file so it should be possible (and has been done).
https://github.com/smealum/regionthree
 
  • Like
Reactions: Margen67
Well, I don't know what to do. According to smealum's github "not code execution, either userland or kernel", seems to mean you don't actually execute code with regionthree. I don't know how this can even be done. If anyone knows how I could run homebrew through the Web exploit, please let me know. I think there's just something I'm missing here.
 
  • Like
Reactions: Margen67
shutterbug2000 said:
Well, I don't know what to do. According to smealum's github "not code execution, either userland or kernel", seems to mean you don't actually execute code with regionthree. I don't know how this can even be done. If anyone knows how I could run homebrew through the Web exploit, please let me know. I think there's just something I'm missing here.
Click to expand...

It runs ROP code.
 
  • Like
Reactions: Margen67

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Website for finding alternative games for 3DS

Hacking  Modding Reassurance

GodMode9 wont launch, holding START just goes to home screen