- Joined
- Aug 17, 2013
- Messages
- 1,199
- Trophies
- 1
- Location
- The Netherlands
- Website
- fizazy.com
- XP
- 1,674
- Country
It seems that this already is possible as smealums regionthree uses gw go.
But how would I use that to run homebrew? As in, blargSnes, gameboy emulator(forget what its called), etc. How could I do this?
So, it's pretty much impossible?
Well, what I was thinking was modifying the .dat file to include the code, but it might still require that.
The code from gateway which does all the exploiting and then instead of loading their launcher load your own homebrew, from what I understood the new code gives you rights to do everything so no need to take over other services.To include what code exactly?
The hero we need, not the one we deserveIt's pretty easy actually. Compile your ARM11 userland code (make sure it starts with a NOP), encrypt it with the shitty stream cipher described in my first post (along with the original part 2). Find the offset to the encrypted payload for your FW version (diff my annotated ROP payload with the go hax for your FW version, the gadgets are the same) and replace it with part 2 + your custom ARM code. and it will run.
Or what I did was replace two words in the first stage to skip the decryption. Then you don't have to bother encrypting/decrypting each time you make a change.
The hero we need, not the one we deserve
This is the post I was looking at. Would there be any way to automatically do that process?
"It's pretty easy actually. Compile your ARM11 userland code (make sure it starts with a NOP), encrypt it with the shitty stream cipher described in my first post (along with the original part 2). Find the offset to the encrypted payload for your FW version (diff my annotated ROP payload with the go hax for your FW version, the gadgets are the same) and replace it with part 2 + your custom ARM code. and it will run.
Or what I did was replace two words in the first stage to skip the decryption. Then you don't have to bother encrypting/decrypting each time you make a change."
^^ How EXACTLY would I do this process?
Well, I don't know what to do. According to smealum's github "not code execution, either userland or kernel", seems to mean you don't actually execute code with regionthree. I don't know how this can even be done. If anyone knows how I could run homebrew through the Web exploit, please let me know. I think there's just something I'm missing here.
It runs ROP code.
Isn't that the same code the ds profile exploit uses? Could this be used to run the cfw installer??