Hacking [WIP] open source Kernel access on 3DS

[Hashtastrophe]

Depends on what you want. I'd not update if you ever hope to get the fun stuff working (KARL and whatnot). But if you really, really, really want eshop then go ahead but you've been warned that it'll be a long time before anyone releases anything for >9.3.

Why not, if an ARM9 flaw is discovered released...

Safety first.
This flaw is known only by hardcore scene members (like yellows8, mathieulh...) and they won't release it.

I like how you crossed out "discovered" there. Then a few posts down you just go out and say it.

 

[motezazer]

Depends on what you want. I'd not update if you ever hope to get the fun stuff working (KARL and whatnot). But if you really, really, really want eshop then go ahead but you've been warned that it'll be a long time before anyone releases anything for >9.3.

Yes, this ARM9 flaw is "hard to spot" (according to mathieulh)
So not like firmlaunchhax... (it's difficult to make an ARM9 exploit easier to spot than firmlaunchhax)

 

[Hashtastrophe]

Yes, this ARM9 flaw is "hard to spot" (according to mathieulh)
So not like firmlaunchhax... (it's difficult to make an ARM9 exploit easier to spot than firmlaunchhax)

firmlaunchhax was visible from space

 

[Alkéryn]

firmlaunchhax was visible from space

Even when You was watching the wrong side of the wrong planet ^^

 

[purpasmart96]

CIA support or bust, currently using palentine's cfw 1.1 for now until a better alternative arrives. Oh yeah because of a failed .cia file install, constant freezes, hanging is occurring, life is suffering with this, I just want to convert all my retail games to .cia's so I won't have to worry about carrying my cartridges around. It couldn't be too much to ask for? Right? I guess not.

 

[powersaver]

I think Hashtastrophe is completely mistaken, however can anyone chime in if is Hashtastrophe correct?

"ninjhax is an exploit by smea for the game Cubic Ninja. It was released on November 20th, 2014. It can be used on all 3DS firmware versions from 4.0 up to and including 9.2.0-20. It was partially patched in 9.3.0-X (only system flaws used by ninjhax were fixed, the game haxx itself was not affected). From http://3dbrew.org/wiki/Ninjhax

You said entry point, not a chain of exploits resulting in full system access. CN and OoT both can be used to execute your own code in ARM11 userland, even on 9.6 so I'd say they work.

Also that link you requested: http://3dbrew.org/wiki/3DS_Userland_Flaws

 

[shinyquagsire23]

I just want to convert all my retail games to .cia's so I won't have to worry about carrying my cartridges around. It couldn't be too much to ask for? Right? I guess not.

eShop? I've bought plenty of games from eShop, it's really not a bad option. Especially if you're too lazy to go get some game on launch date. Granted, not every game is on eShop, but a really really good portion of games are.

 

[purpasmart96]

eShop? I've bought plenty of games from eShop, it's really not a bad option. Especially if you're too lazy to go get some game on launch date. Granted, not every game is on eShop, but a really really good portion of games are.

I don't want buy my games twice since I have the actual cartridges. That would a be a waste of money.

 

[Monado_III]

I don't want buy my games twice since I have the actual cartridges. That would a be a waste of money.

Here's an idea- buy the eshop games, transfer your save data, then sell the cartridges! (I was going to put something here, but decided not to as it may have been questionable)

 

[purpasmart96]

I think my best bet is to attempt to salvage palentines cfw, the keyword is "attempt" I keep hearing "Oh don't use plaentines cfw, there is better cfw out there!" Well until I see a good replacement that does all of the features palentine's does (which is none) I see no alternative.

 

[Furrymatt]

I think my best bet is to attempt to salvage palentines cfw, the keyword is "attempt" I keep hearing "Oh don't use plaentines cfw, there is better cfw out there!" Well until I see a good replacement that does all of the features palentine's does (which is none) I see no alternative.

Why would you sell games that you pay 30-40$ for 10-20 to buy the same games for 30-40? lol that logic that guy had was insane. Dont worry Im sure someone will make a way to make your cartridges come up as legit/legal

 

[Monado_III]

Why would you sell games that you pay 30-40$ for 10-20 to buy the same games for 30-40? lol that logic that guy had was insane. Dont worry Im sure someone will make a way to make your cartridges come up as legit/legal

It's called finding the right people to sell your games to, I have a local games store that almost always pays around 75% of the original cost for retail games.

 

[dubbz82]

eShop? I've bought plenty of games from eShop, it's really not a bad option. Especially if you're too lazy to go get some game on launch date. Granted, not every game is on eShop, but a really really good portion of games are.

Sure, if you're okay with treating the 3ds as a disposable system, and throwing it out the window the second that nintendo decides it wants to pull the plug and cut you off from your collection. It's the same reason I won't touch other so called "shops" outside of steam (and honestly, I'm a little leery on that one too, but they seem to have more staying power than any other platform).

 

[Hashtastrophe]

I think Hashtastrophe is completely mistaken, however can anyone chime in if is Hashtastrophe correct?

"ninjhax is an exploit by smea for the game Cubic Ninja. It was released on November 20th, 2014. It can be used on all 3DS firmware versions from 4.0 up to and including 9.2.0-20. It was partially patched in 9.3.0-X (only system flaws used by ninjhax were fixed, the game haxx itself was not affected). From http://3dbrew.org/wiki/Ninjhax

Uh, you just quoted the part that proves me right. Look under the "Fixed in Version" column on the userland flaws page, see where it says "none"?
You can use CN (and OoT) as a way to get userland ARM11 access. gspwn is still not fixed so you can use that instead of being stuck with ROP.

 

[powersaver]

Can anyone chime in? Because I still think Hashtastrophe is mistaken and the full context of the conversation (via quotes) is below.

"Multiple NATIVE_FIRM vulnerabilities were fixed, this includes all known Process9 PXI-service code execution vulns at the time when the update was released. These were vulns in Process9 PXI services, the ARM11-kernel flaws which were fixed do not allow ARM11 kernel-mode code-execution. The system does not delete/block 3DS savegame haxx at all with this update, however the code execution haxx used by this was fixed." http://3dbrew.org/wiki/5.0.0-11

You said entry point, not a chain of exploits resulting in full system access. CN and OoT both can be used to execute your own code in ARM11 userland, even on 9.6 so I'd say they work.

Also that link you requested: http://3dbrew.org/wiki/3DS_Userland_Flaws

I think Hashtastrophe is completely mistaken, however can anyone chime in if is Hashtastrophe correct?

"ninjhax is an exploit by smea for the game Cubic Ninja. It was released on November 20th, 2014. It can be used on all 3DS firmware versions from 4.0 up to and including 9.2.0-20. It was partially patched in 9.3.0-X (only system flaws used by ninjhax were fixed, the game haxx itself was not affected). From http://3dbrew.org/wiki/Ninjhax

Uh, you just quoted the part that proves me right. Look under the "Fixed in Version" column on the userland flaws page, see where it says "none"?
You can use CN (and OoT) as a way to get userland ARM11 access. gspwn is still not fixed so you can use that instead of being stuck with ROP.

 

[Oishikatta]

Can anyone chime in? Because I still think Hashtastrophe is mistaken and the full context of the conversation (via quotes) is below.

"Multiple NATIVE_FIRM vulnerabilities were fixed, this includes all known Process9 PXI-service code execution vulns at the time when the update was released. These were vulns in Process9 PXI services, the ARM11-kernel flaws which were fixed do not allow ARM11 kernel-mode code-execution. The system does not delete/block 3DS savegame haxx at all with this update, however the code execution haxx used by this was fixed." http://3dbrew.org/wiki/5.0.0-11

Hashtastrophe is not mistaken at all. There is no longer public kernel-mode code execution in the current 3DS firmware, there is ROP and user-mode.

 

[motezazer]

Can anyone chime in? Because I still think Hashtastrophe is mistaken and the full context of the conversation (via quotes) is below.

"Multiple NATIVE_FIRM vulnerabilities were fixed, this includes all known Process9 PXI-service code execution vulns at the time when the update was released. These were vulns in Process9 PXI services, the ARM11-kernel flaws which were fixed do not allow ARM11 kernel-mode code-execution. The system does not delete/block 3DS savegame haxx at all with this update, however the code execution haxx used by this was fixed." http://3dbrew.org/wiki/5.0.0-11

You quote 5.0 update, which fixed an ARM9 code execution flaw.

 

[powersaver]

Can anyone besides Oishikatta and Hashtastrophe respond to the claims that are in Hashtastrophe 1st quoted post below? I still think Hashtastrophe is mistaken.
---

"Multiple NATIVE_FIRM vulnerabilities were fixed, this includes all known Process9 PXI-service code execution vulns at the time when the update was released. These were vulns in Process9 PXI services, the ARM11-kernel flaws which were fixed do not allow ARM11 kernel-mode code-execution. The system does not delete/block 3DS savegame haxx at all with this update, however the code execution haxx used by this was fixed." http://3dbrew.org/wiki/5.0.0-11

You said entry point, not a chain of exploits resulting in full system access. CN and OoT both can be used to execute your own code in ARM11 userland, even on 9.6 so I'd say they work.

Also that link you requested: http://3dbrew.org/wiki/3DS_Userland_Flaws

I think Hashtastrophe is completely mistaken, however can anyone chime in if is Hashtastrophe correct?

"ninjhax is an exploit by smea for the game Cubic Ninja. It was released on November 20th, 2014. It can be used on all 3DS firmware versions from 4.0 up to and including 9.2.0-20. It was partially patched in 9.3.0-X (only system flaws used by ninjhax were fixed, the game haxx itself was not affected). From http://3dbrew.org/wiki/Ninjhax

Uh, you just quoted the part that proves me right. Look under the "Fixed in Version" column on the userland flaws page, see where it says "none"?
You can use CN (and OoT) as a way to get userland ARM11 access. gspwn is still not fixed so you can use that instead of being stuck with ROP.

 

[Oishikatta]

Can anyone besides Oishikatta and Hashtastrophe respond to the claims that are in Hashtastrophe 1st quoted post below? I still think Hashtastrophe is mistaken.
---

"Multiple NATIVE_FIRM vulnerabilities were fixed, this includes all known Process9 PXI-service code execution vulns at the time when the update was released. These were vulns in Process9 PXI services, the ARM11-kernel flaws which were fixed do not allow ARM11 kernel-mode code-execution. The system does not delete/block 3DS savegame haxx at all with this update, however the code execution haxx used by this was fixed." http://3dbrew.org/wiki/5.0.0-11

Can you accept that you're wrong and not respond like I'm an idiot? Read the links. Why do you act like this in every thread.

 

[powersaver]

An informative, concise, 100% correct answer that is 100% directly related to my question(s) is the goal and unfortunately, many in replies (not naming names) this is not what occurs.

I think people are saying in 9.6.x ARM11 user is ok, but is that true? I didn't think so and I thought the quotes I provided prove that, if they don't please explain so, how, and why?

Can you accept that you're wrong and not respond like I'm an idiot? Read the links. Why do you act like this in every thread.