Toggle sidebar

Hacking [WIP] KARL3DS - Kernel access on N3DS via Ninjhax + Loadcode

  • Thread starter Thread starter Rokkubro
  • Start date Start date
  • Views Views 930,458
  • Replies Replies 4,457
  • Likes Likes 43
Status
Not open for further replies.
Apparently it's not supported on smea's web page, however it might be possible to run it from ninjhax's second stage exploit (cn_secondary_payload , where it has full usermode code within Cubic Ninja's process but no spider hax or rohax yet). It probably won't be the highest priority since the amount of people who happen to have JAP Cubic Ninja, a JAP N3DS, and are on 8.1 is quite low (unless I guess they get a sky3DS). Not impossible though, just a bit tricky.
 
  • Like
Reactions: Margen67 and daxtsu
shinyquagsire23 said:
Apparently it's not supported on smea's web page, however it might be possible to run it from ninjhax's second stage exploit (cn_secondary_payload , where it has full usermode code within Cubic Ninja's process but no spider hax or rohax yet). It probably won't be the highest priority since the amount of people who happen to have JAP Cubic Ninja, a JAP N3DS, and are on 8.1 is quite low (unless I guess they get a sky3DS). Not impossible though, just a bit tricky.
Click to expand...


If it means possible homebrew on my New 3DS before Gateway supports it, that's good enough for me. Even if it doesn't (I know that wasn't a promise or anything :P), thanks for answering my questions.

Edit: I wonder..and this is just me "thinking out loud", but couldn't the Cubic Ninja exploit perhaps look for a code payload on the SD card instead of downloading it from a website? Or would you not have enough user permissions at that stage yet? Maybe I should read Smealum's writeup again; I can't remember how most of it works.
 
  • Like
Reactions: Margen67 and Click This
If this works for region free I think plenty of people would buy a sky/qq to then use cubic ninja. There are quite a few people who own 8.1J consoles that would really appreciate what you are doing.
 
Deathracelord said:
6. Modify Sysnand to boot into our kernel code
Click to expand...
I've been thinking about this for a while..
What has to be done/changed/modified/pwned to have cold boot hacks?
ie: region free, homebrew, cia, etc, etc directly from power on?

At what point in the chain do we need to get control to make this possible?
And as speculation at this point; how could it be done?
 
  • Like
Reactions: Margen67
overlord00 said:
I've been thinking about this for a while..
What has to be done/changed/modified/pwned to have cold boot hacks?
ie: region free, homebrew, cia, etc, etc directly from power on?

At what point in the chain do we need to get control to make this possible?
And as speculation at this point; how could it be done?
Click to expand...

What I've been told and what I understood was that the boot loader is encrypted and checks the NAND at every boot to see if it matches what he's been told, so it'd require to decrypt the boot loader and then hack it to load anything and not only official stuffs.

I guess such a task would require some heavy electronic reverse engineering that nobody has been into yet or maybe we don't know it, but I guess if this is hacked we could theoretically boot linux or any OS made compatible with ARM on the 3DS much like it was possible to boot PPC compiled linux distros with specific drivers on the xbox360.

Anyway guys, this KARL project seems rather interesting and I really hope you can make it, the homebrew community needs such a thing, ninjhax is already limited by now because it doesn't allow sound on n3DS...
 
  • Like
Reactions: Margen67
Idaho said:
What I've been told and what I understood was that the boot loader is encrypted and checks the NAND at every boot to see if it matches what he's been told, so it'd require to decrypt the boot loader and then hack it to load anything and not only official stuffs.

I guess such a task would require some heavy electronic reverse engineering that nobody has been into yet or maybe we don't know it, but I guess if this is hacked we could theoretically boot linux or any OS made compatible with ARM on the 3DS much like it was possible to boot PPC compiled linux distros with specific drivers on the xbox360.

Anyway guys, this KARL project seems rather interesting and I really hope you can make it, the homebrew community needs such a thing, ninjhax is already limited by now because it doesn't allow sound on n3DS...
Click to expand...
I vote for android lol

Anyways, that's sounding correct. So much to do with the 3DS is gonna deal with encryption, by design it was meant to keep us out. Let's just jump some walls.
 
I wish you all luck for this project, because you gonna need it. The task is not easy. I would easy bet 100 euros that you won't be successful. I think this is the fifth thread that announce this kind of stuff since yifan_lu spider tools Was released. But No one has released anything..
 
SLiV3R said:
I wish you all luck for this project, because you gonna need it. The is easy is great but I would easy bet 100 euros that you won't be successful. I think this is the fifth thread that announce this kind of stuff since yifan_lu spider tools Was released. But No one has released anything..
Click to expand...
He has released the source, progress is progress :)
 
  • Like
Reactions: Margen67 and SLiV3R
1424688433-karlmarx3ds.png

KARLMARX3DS!

Sorry.


Anyway, that is the kind of thing that make me hesitate between buying that €20 european Cubic Ninja or waiting to use the Gateway I already own...
Good luck!
 
  • Like
Reactions: pastaconsumer, overlord00, Margen67 and 3 others
shinyquagsire23 said:
Apparently it's not supported on smea's web page, however it might be possible to run it from ninjhax's second stage exploit (cn_secondary_payload , where it has full usermode code within Cubic Ninja's process but no spider hax or rohax yet). It probably won't be the highest priority since the amount of people who happen to have JAP Cubic Ninja, a JAP N3DS, and are on 8.1 is quite low (unless I guess they get a sky3DS). Not impossible though, just a bit tricky.
Click to expand...
Well, I for one happen to own a 8.1.0-0J N3DS and a copy of JPN Cubic Ninja, so there's at least one of us...
 
  • Like
Reactions: Click This
Henning B said:
Depends on if somebody wants to, or if the source is released. :) lets just hope there will be some anti-piracy backup manager :)
Click to expand...
How about no. If they're giving us a crippled backup manager with unnecessary limitations, then they shouldn't bother at all.
 
  • Like
Reactions: Margen67
Idaho said:
How about it can be modified if you want to? Why are people always whining so much around here...
Click to expand...
Someone asked about the possibility of a backup loader via cia installs and Henning B replied and added the AP part, so I was addressing that part.
 
Ericss said:
Someone asked about the possibility of a backup loader via cia installs and Henning B replied and added the AP part, so I was addressing that part.
Click to expand...
(I just added that so I make myself sound better than every pirate, I do in fact pirate a lot)
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Help on 3DS prices...

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Hardware  2 Broken 3DSes, need help

Website for finding alternative games for 3DS

Homebrew  My Secret World DS: is there a way to bypass the password lock?

Homebrew Homebrew app  [Release] GridLauncher Rosalina

please help, wont boot

Hardware  I Have 2 THQ Dev Kit 3DSes (Panda), Need Help On Preserving What’s Inside