Hacking DS Profile Exploit on 6.x+?

[drfsupercenter]

Just curious...

I came across this video which shows somebody using the DS profile exploit on 6.1 OFW to launch rxTools.

But yet, I thought 4.5 was the newest firmware that the MSET exploit worked on. How come 6.1 is able to launch rxTools then, does it need less access than Gateway? I'm curious. I seem to recall hearing that the first half of the MSET exploit wasn't patched until way later, like 8.0 or something.

 

[Apache Thunder]

MSETT entry point still existed in 6.x. The Arm9/Arm11 exploit it originally used was patched in 5.0 thus why Gateway doesn't have a MSETT exploit for it. Of coarse now that memchunkhax and firmlaunchhax is a thing, it's possible to use 6.x MSETT again. But currently Gateway hasn't decided to make use of it and rxTools hasn't released it's new MSETT rop code for it yet.

Also, it's possible to "downgrade" System Settings to a version from 6.x to get MSETT back on 9.2 sysnand. You'll need to use a homebrew CIA installer/uninstaller called "FBI" to do it. And yes you can even do this on the n3DS.

 

[Deleted User]

The latter part of your statement. MSET still could get ARM11 through 7.0 I believe. ARM9 was only for 4.5 and below.

You can still use the chunk-hax exploits for ARM9 though...

GD ninja'd by the post above with more info

 

[Apache Thunder]

I thought the DS Profile exploit was patched in 7.0. You won't get any access from MSETT at that point. So 7.0 MSETT still worked, but was finally patched in 7.1? I had thought 7.0 was when it was patched.

 

[drfsupercenter]

Yeah, I seem to recall ARM11 still being available through 7.2, and reading that it was patched in 8.0

I have a 2DS that came from the store with 7.2 and it would be super useful to be able to use the DS profile exploit so I don't have to set up an Internet connection on it

Most of what I use is rxTools on that thing anyway since I have a 9.6 emuNAND setup which Gateway doesn't support yet.

So can I actually use Roxas' MSET exploit installer for this function or is that just a POC and not released yet?
Would be nice if Gateway could support it too...

What are memchunkhax and firmlaunchhax? Is it one of those multi-stage exploits like what NinjHax did?

Edit: oh, was it 7.0 and not 8.0? Darn.

 

[Deleted User]

To my knowledge it was closed in 7.0

 

[drfsupercenter]

I can't even seem to find on 3DBrew when exactly it was patched. In fact, googling "3ds mset exploit" doesn't take me to any info on it at all. Can someone find out for sure when it was completely patched?

 

[Deleted User]

I can't even seem to find on 3DBrew when exactly it was patched. In fact, googling "3ds mset exploit" doesn't take me to any info on it at all. Can someone find out for sure when it was completely patched?

http://3dbrew.org/wiki/7.0.0-13

 

[drfsupercenter]

http://3dbrew.org/wiki/7.0.0-13

Oh, OK. Darn it all then, my 2DS is too new. What's the minimum firmware that's ever come on a 2DS, were there any with 6.x or only 7.x's?

 

[zoogie]

Oh, OK. Darn it all then, my 2DS is too new. What's the minimum firmware that's ever come on a 2DS, were there any with 6.x or only 7.x's?

The launch day ones were 6.0. But that was Oct. 2013.

 

[MrJason005]

MSETT entry point still existed in 6.x. The Arm9/Arm11 exploit it originally used was patched in 5.0 thus why Gateway doesn't have a MSETT exploit for it. Of coarse now that memchunkhax and firmlaunchhax is a thing, it's possible to use 6.x MSETT again. But currently Gateway hasn't decided to make use of it and rxTools hasn't released it's new MSETT rop code for it yet.

Also, it's possible to "downgrade" System Settings to a version from 6.x to get MSETT back on 9.2 sysnand. You'll need to use a homebrew CIA installer/uninstaller called "FBI" to do it. And yes you can even do this on the n3DS.

But I think you said on a "classified forum" that n3DS uses different MSET from the O3DS and that you can't downgrade it?

 

[Apache Thunder]

But I think you said on a "classified forum" that n3DS uses different MSET from the O3DS and that you can't downgrade it?

I don't recall exactly where you got that from. But I do recall that it's TWL_FIRM you can't downgrade on a n3DS since it uses it's own version of TWL and the oldest available for that is 8.1 for Japan and 9.0 for USA. So there wouldn't be any point downgrading it. (And I don't think TWL was updated at all since 8.1/9.0, so there would be nothing to downgrade to anyways)

 

[MrJason005]

I don't recall exactly where you got that from. But I do recall that it's TWL_FIRM you can't downgrade on a n3DS since it uses it's own version of TWL and the oldest available for that is 8.1 for Japan and 9.0 for USA. So there wouldn't be any point downgrading it. (And I don't think TWL was updated at all since 8.1/9.0, so there would be nothing to downgrade to anyways)

Ahh, I thought MSET was the same as TWL_FIRM, meaning that we could only use DS Profile exploit on O3DS.
I saw your message on the VIP/Staff live chat on that website, but it got buried...

 

[Asia81]

MSETT entry point still existed in 6.x. The Arm9/Arm11 exploit it originally used was patched in 5.0 thus why Gateway doesn't have a MSETT exploit for it. Of coarse now that memchunkhax and firmlaunchhax is a thing, it's possible to use 6.x MSETT again. But currently Gateway hasn't decided to make use of it and rxTools hasn't released it's new MSETT rop code for it yet.

Also, it's possible to "downgrade" System Settings to a version from 6.x to get MSETT back on 9.2 sysnand. You'll need to use a homebrew CIA installer/uninstaller called "FBI" to do it. And yes you can even do this on the n3DS.

What's the CIA Title (for Download with 3DNUS) of System Settings EUR ?
I want to use my DS Profile for load Gateway (or another Hacks) on 7.X-8.X-9.X Sysnand ?

 

[Apache Thunder]

Yeah I think I was talking about TWL_FIRM. System Settings appears to work much like the 2DS version where only certain features show up if you have a n3DS, but is otherwise the same title ID and content that the old 3DS uses.

As for the title ID for Europe version: 0004001000022000

The version string you want is 5127 by the way. That was the last version of System Settings before the 7.0 update.

 

[Asia81]

Yeah I think I was talking about TWL_FIRM. System Settings appears to work much like the 2DS version where only certain features show up if you have a n3DS, but is otherwise the same title ID and content that the old 3DS uses.

As for the title ID for Europe version: 0004001000022000

The version string you want is 5127 by the way. That was the last version of System Settings before the 7.0 update.

And I can install it on SysNand without risk of brick my 3DS ?
It's also possible to use it on a N3DSXL ?

 

[Apache Thunder]

3DS will boot fine without the System Settings app (you just can't change settings). So even if you accidentally rebooted after uninstalling the old one, it will be fine. Just install the old one and you got System Settings back + working MSETT entry point.

Just note you need to uninstall System Setting with FBI first before you can install the old one. But I'm sure you are already aware of that.

 

[liomajor]

Using it on sysNAND is at high risk, and no, this doesn't help getting mset for GW back!

 

[WulfyStylez]

[quote="Apache Thunder, post: 5456498, member: 105648"rxTools hasn't released it's new MSETT rop code for it yet.[/quote]

https://github.com/roxas75/mset_firmlaunchax_4x (it's okay though, i missed this getting released too)

The mset exploit is unique in that it's currently applicable to literally every exploitable system out there, even though it's been patched. Nintendo can actually still remove the ability to run old mset in future firmware versions, but that's not an issue at the moment since newer fw versions aren't even fully hackable yet.
The mset bootstrap stuff I wrote and showed off before is actually 6.0-based. I figured it'd be better to use the newest version possible, just in case older mset caused compatibility issues somehow. I think Roxas' plan is to support both 4.5 and 6.0 versions of mset. We'll follow suit eventually.

Honestly though, my recommendation if you're on a New 3DS and want to downgrade is -- don't. If you can't immediately do something with downgraded mset, you're just gimping your system for no reason. We intend on shipping a simple app to automatically handle downgrading mset in a safe way to go along with mset support. Downgrading through FBI is a bit more risky than you'd think.

 

[drfsupercenter]

Just wondering, if you replace System Settings with an older one, you lose the Nintendo Network settings, right?

Is there a way to keep the older TWL_FIRM while being able to setup NNIDs?