Hacking [WIP] KARL3DS - Kernel access on N3DS via Ninjhax + Loadcode

[s-arash]

Why couldn't the web browser be used as entry point?
Not enough permissions/knowledge about it?

Sorry if it's already been answered.

n3ds browser is different from 3ds browser
there's no known vulnerability is n3ds browser yet

 

[WulfyStylez]

Why couldn't the web browser be used as entry point?
Not enough permissions/knowledge about it?

Sorry if it's already been answered.

There are no public exploits for SKATER (or any other n3ds system apps) as of right now, otherwise we would be doing it through the browser.

 

[mid-kid]

There are no public exploits for SKATER (or any other n3ds system apps) as of right now, otherwise we would be doing it through the browser.

Ah, now I read it correctly. I thought this was for both the regular and new 3ds.

 

[WulfyStylez]

Ah, now I read it correctly. I thought this was for both the regular and new 3ds.

This is/will be, but it'll have to be launched through cubic ninja on N3DS (and old 3DS for now). Support for spider and mset can be worked out in the future, too.

 

[mid-kid]

This is/will be, but it'll have to be launched through cubic ninja on N3DS (and old 3DS for now). Support for spider and mset can be worked out in the future, too.

Ah, great!
I can't wait to see the results.

 

[pirate4life]

I don't get this. I need a game to use this and it allow me to play other games when you are done? Can I use my sky to download and exploit this game?

So I can play SNES and GBA through this when you guys finish?

 

[WulfyStylez]

I don't get this. I need a game to use this and it allow me to play other games when you are done? Can I use my sky to download and exploit this game?

So I can play SNES and GBA through this when you guys finish?

We're basically allowing full access to ARM9 and ARM11, and then building basically a CFW off of that. Piracy isn't a goal, though.

 

[pirate4life]

Very cool. Thank you for explanation. Best of good many luck to you!

Games are very expensive for me. I would rather eat, so I like piracy. It let's me relax and play games I can't afford. Sorry if I offend. Did not mean too.

 

[SLiV3R]

I think it's worthwhile to mention that given the current exploits this will easily work on any N3DS or 3DS (or 2DS) system, provided you have ninjhax. Our main goal first is to get a stable ARM11 kernel entry point which works on almost all devices, and from there work our way into ARM9 and get that stable on all devices. Supporting 8.1.0-0J devices is not an issue, it just complicates things a bit. I also want to make sure that our usermode end of things is stable as well, so we can see emulators taking advantage of the MUCH faster icache and dcache flushing and invalidation which ARM11 kernel provides. I've gotten this far, and I'm confident that as a team we can go much further.

I saw that you were the author at github. I actually believe in this project

 

[vingt-2]

Apparently it's not supported on smea's web page, however it might be possible to run it from ninjhax's second stage exploit (cn_secondary_payload , where it has full usermode code within Cubic Ninja's process but no spider hax or rohax yet). It probably won't be the highest priority since the amount of people who happen to have JAP Cubic Ninja, a JAP N3DS, and are on 8.1 is quite low (unless I guess they get a sky3DS). Not impossible though, just a bit tricky.

Firmwares -0 without Spider are not supported because Ninjhax uses Spider's heap to get around getting privileged syscalls and so on. If you can use another system applet, like any other than the browser, then -0 firmware will be supported.

 

[codychaosx]

We're basically allowing full access to ARM9 and ARM11, and then building basically a CFW off of that. Piracy isn't a goal, though.

Hopefully just an unfortunate side effect I mean if it would allow for cia installation of bigbluemenu sky users would have access to eshop games as well as game updates without updating to the latest fw. Lots of cool shit could come from this.

 

[spinal_cord]

I'd be more happy with just a .3dsx loader app in sysnand.

 

[shinyquagsire23]

Firmwares -0 without Spider are not supported because Ninjhax uses Spider's heap to get around getting privileged syscalls and so on. If you can use another system applet, like any other than the browser, then -0 firmware will be supported.

Priveliged syscalls are irrelevant after the SVC handler is patched, so I think we are good for now. We just have to get ARM11 kernel from the secondary exploit and from there get ARM9.

 

[Kikirini]

Good luck, guys. Running full speed GBA on this is gonna be awesome!

 

[xerosagas]

At this point Cubic Ninja may as well be a flash cart.

 

[aos10]

i hope someone make hack for puzzle swap with all pieces

 

[mordorer]

this thread will change 3ds dev history! free cfw!! i think we can install the exploit, install cfw, and then sell cubic ninja to other people, right?

 

[misterb98]

At this point Cubic Ninja may as well be a flash cart.

It's already priced like one

It might get to the point where people will buy sky just to pirate Cubic Ninja XD

I hope some more 1st stage exploits are found in the next year.

 

[Deleted member 361703]

Hopefully just an unfortunate side effect I mean if it would allow for cia installation of bigbluemenu sky users would have access to eshop games as well as game updates without updating to the latest fw. Lots of cool shit could come from this.

This is my hope not necessarily for sky but I would like to install updates as cias and backup my games to my SD so I don't have to use my big carrying case or put every game in my pocket depending on the situation. But the cfw is more important first a backup loader should be second

 

[shinyquagsire23]

It's already priced like one

It might get to the point where people will buy sky just to pirate Cubic Ninja XD

I hope some more 1st stage exploits are found in the next year.

Optimally Gateway will have an N3DS entry point we can use instead of Cubic Ninja in the future, but Cubic Ninja is the only one which works on all platforms as of now. And for now it works extremely well for research, and as a bonus we can use these exploits in homebrew if we want (so we could package ARM9 utilities as separate .3dsx files).