Homebrew [WIP] libkhax - Stable ARM11 kernel access

[Myria]

I have an alpha-level open-source library called libkhax that I've written to get ARM11 kernel access in firmwares 4.1.0 - 9.2.0, on both Old 3DS and New 3DS. It uses memchunkhax to do this.

It was originally designed to be a rewrite of shinyquagmire's "bootstrap", but now has its own purpose for existing, staying only in ARM11-space. It's designed to be stable and reliable, with high code quality. Other than during development and things that turned out to be bugs and were later fixed, I have yet to have libkhax crash on me.

Pretty much all libkhax does is give the thread that calls it access to every SVC call. That's it; nothing special beyond that. However, the debug SVCs and svcBackdoor are included, so you can definitely have some fun using libkhax. Note that unlike bootstrap, libkhax grants the thread SVC access, not the process nor the whole system. libkhax does not disable SVC permission checking like "bootstrap" does.

libkhax isn't packaged well; it's not even a library as-is. Its current form is a .3dsx test program that just calls a simple svcBackdoor function after initializing libkhax to set a global variable and return.

If you want to take a look, it's here:

https://github.com/Myriachan/libkhax

Thanks to a fix by plutoo and with testing help from Steveice, it now works on firmware 4.x. I still need to submit a pull request to ctrulib to remove MEMOP_FREE_LINEAR, though.

I use Visual Studio as my editor because I like the IDE and Visual Assist X. The #ifndef _MSC_VERs are there to avoid IntelliSense and Visual Assist barfing on GCCisms. Obviously, Visual Studio is never going to actually compile anything for 3DS, so just ignore those and the project files.

 

[pikatsu]

Is there a compiled version?

 

[zoogie]

Is there a compiled version?

It's not useful to the end user. It's a dev-tool you need to combine with other code to get useful results. (like FBI + ninjhax)

 

[WeedZ]

What do you mean it only gives threads access to arm11 only? Does bootstrap give more access?

 

[WhoAmI?]

You use visual studio? Ever considered using Notepad++? I think it's a lot better, in my opinion.

Edit: Just looked at your code. IT'S SO TIDY!

 

[williamcesar2]

Only ARM11 kernel access ? lol This is totally obsolete

 

[sanni]

Just downloaded the newest source and compiled under Linux, working great. Thank you very much.

 

[prototech]

Only ARM11 kernel access ? lol This is totally obsolete

For ROM loading? Maybe not, but ARM 11 is all that Ninjhax and the homebrew launcher have access to and they far from obsolete.

 

[Death78793]

I've been using this for a while before you posted this thread, and I'll say this: WOW.
It's very smooth and stable, and it works great for its intended purpose
Thanks for your hard work!

 

[Myria]

What do you mean it only gives threads access to arm11 only? Does bootstrap give more access?

Yes, bootstrap gives FIRM-launch access. But bootstrap destroys the current state of the system, whereas libkhax runs within the existing kernel without destroying it.

 

[Myria]

You use visual studio? Ever considered using Notepad++? I think it's a lot better, in my opinion.

Edit: Just looked at your code. IT'S SO TIDY!

Visual Studio with Visual Assist X gives me things like autocomplete and lists of members when I type . or ->, for example.

That's just how I write code for some reason. It just ends up being all organized that way. >.< It was kind of a goal to have better code quality than some of the other solutions, though, since those seemed to crash a lot.

 

[Deleted User]

I have an alpha-level open-source library called libkhax that I've written to get ARM11 kernel access in firmwares 4.1.0 - 9.2.0, on both Old 3DS and New 3DS. It uses memchunkhax to do this.

It was originally designed to be a rewrite of shinyquagmire's "bootstrap", but now has its own purpose for existing, staying only in ARM11-space. It's designed to be stable and reliable, with high code quality. Other than during development and things that turned out to be bugs and were later fixed, I have yet to have libkhax crash on me.

Pretty much all libkhax does is give the thread that calls it access to every SVC call. That's it; nothing special beyond that. However, the debug SVCs and svcBackdoor are included, so you can definitely have some fun using libkhax. Note that unlike bootstrap, libkhax grants the thread SVC access, not the process nor the whole system. libkhax does not disable SVC permission checking like "bootstrap" does.

libkhax isn't packaged well; it's not even a library as-is. Its current form is a .3dsx test program that just calls a simple svcBackdoor function after initializing libkhax to set a global variable and return.

If you want to take a look, it's here:

https://github.com/Myriachan/libkhax

Thanks to a fix by plutoo and with testing help from Steveice, it now works on firmware 4.x. I still need to submit a pull request to ctrulib to remove MEMOP_FREE_LINEAR, though.

I use Visual Studio as my editor because I like the IDE and Visual Assist X. The #ifndef _MSC_VERs are there to avoid IntelliSense and Visual Assist barfing on GCCisms. Obviously, Visual Studio is never going to actually compile anything for 3DS, so just ignore those and the project files.

Nice to see you've gotten around to making an official "release" post! libkhax is super convenient to use and I haven't had a single issue yet, other than the initial 4.x issues that were fixed.

Would you mind a pull request that kind of restructures things into a library? Sort of like how ctrulib is setup.

Also, I setup a PR for the MEMOP_FREE_LINEAR issue: https://github.com/smealum/ctrulib/pull/114

 

[sanni]

This is a great idea because everyone can contribute to the common library and still do their own thing like programming a cfw or a cia installer or something entirely different.
Imagine a future where we will have all the entry points, service elevation, arm11 and arm9 kernal hax neatly organized into a lib.

 

[filfat]

I have an alpha-level open-source library called libkhax that I've written to get ARM11 kernel access in firmwares 4.1.0 - 9.2.0, on both Old 3DS and New 3DS. It uses memchunkhax to do this.

It was originally designed to be a rewrite of shinyquagmire's "bootstrap", but now has its own purpose for existing, staying only in ARM11-space. It's designed to be stable and reliable, with high code quality. Other than during development and things that turned out to be bugs and were later fixed, I have yet to have libkhax crash on me.

Pretty much all libkhax does is give the thread that calls it access to every SVC call. That's it; nothing special beyond that. However, the debug SVCs and svcBackdoor are included, so you can definitely have some fun using libkhax. Note that unlike bootstrap, libkhax grants the thread SVC access, not the process nor the whole system. libkhax does not disable SVC permission checking like "bootstrap" does.

libkhax isn't packaged well; it's not even a library as-is. Its current form is a .3dsx test program that just calls a simple svcBackdoor function after initializing libkhax to set a global variable and return.

If you want to take a look, it's here:

https://github.com/Myriachan/libkhax

Thanks to a fix by plutoo and with testing help from Steveice, it now works on firmware 4.x. I still need to submit a pull request to ctrulib to remove MEMOP_FREE_LINEAR, though.

I use Visual Studio as my editor because I like the IDE and Visual Assist X. The #ifndef _MSC_VERs are there to avoid IntelliSense and Visual Assist barfing on GCCisms. Obviously, Visual Studio is never going to actually compile anything for 3DS, so just ignore those and the project files.

Awesome work!

 

[AquaX101]

I have an alpha-level open-source library called libkhax that I've written to get ARM11 kernel access in firmwares 4.1.0 - 9.2.0, on both Old 3DS and New 3DS. It uses memchunkhax to do this. -snip

A little bit noobish but I have been wondering what does having arm11 access do?

 

[Deleted User]

A little bit noobish but I have been wondering what does having arm11 access do?

It allows you to patch the process ID to gain access to all services, flush the instruction cache more efficiently, and more. It can also be used to escalate to ARM9 with an exploit like firmlaunchhax.

 

[Myria]

I've pushed Steveice10's change to get access to all services to libkhax. Now, after calling libkhax, you'll have access to all kernel system calls (SVCs) and access to all RPC services (srv: ).

The built-in main.c test application verifies the srv: access by asking for mset's product code; this requires access to a service ("am:u") that Cubic Ninja doesn't have access to, showing that the hack works. main.c tries twice, once before khaxInit() and once after; the one before fails with "access denied" and the one after succeeds and prints out "CTR-N-HASx" with x as your region may be. "CTR-N-HASE" is the product code for the American mset application, for example.

Also, I pushed a fix for libkhax not working on Old 3DS 8.x.x firmwares. Thanks to Steveice10 again for reporting that problem from someone else (I don't know who =/ ) and thanks to the KARL3DS team for finding the correct address and publishing it in bootstrap. (libkhax may in a sense be reinventing the wheel, given that bootstrap does essentially the same hack at start, but libkhax's goals and ultimate outcome are quite different.)

 

[Fatalanus]

Myria, since everything seems to be pretty well organized in your mind about what you're doing, I don't understand a fucking word when you go technical words lol

 

[Myria]

Myria, since everything seems to be pretty well organized in your mind about what you're doing, I don't understand a fucking word when you go technical words lol

(\___/)
=^-^=

Well, this library by itself just writes some gobbledygook to the screen then says "Press X to exit". Not very useful on its own, hmm? =P

It's only really useful to other 3DS hacker-homebrewer folk who are also crazy/mind-warped like me. If you handed me a charcoal pencil, I wouldn't have the slightest clue what to do with it. But if you give it to an artist, they can make something really pretty. <3 I've made a charcoal pencil for 3DS homebrew makers.

 

[Joshtech]

Thank you for fixing the 8.x. The work you and Steveice10 are doing is amazing.