Hacking DS Profile Exploit on 6.x+?

drfsupercenter

Flash Cart Aficionado
OP
Member
Joined
Mar 26, 2008
Messages
1,909
Trophies
1
XP
1,163
Country
United States
Just curious...

I came across this video which shows somebody using the DS profile exploit on 6.1 OFW to launch rxTools.

But yet, I thought 4.5 was the newest firmware that the MSET exploit worked on. How come 6.1 is able to launch rxTools then, does it need less access than Gateway? I'm curious. I seem to recall hearing that the first half of the MSET exploit wasn't patched until way later, like 8.0 or something.
 

Apache Thunder

I have cameras in your head!
Member
Joined
Oct 7, 2007
Messages
4,402
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,744
Country
United States
MSETT entry point still existed in 6.x. The Arm9/Arm11 exploit it originally used was patched in 5.0 thus why Gateway doesn't have a MSETT exploit for it. Of coarse now that memchunkhax and firmlaunchhax is a thing, it's possible to use 6.x MSETT again. But currently Gateway hasn't decided to make use of it and rxTools hasn't released it's new MSETT rop code for it yet.

Also, it's possible to "downgrade" System Settings to a version from 6.x to get MSETT back on 9.2 sysnand. You'll need to use a homebrew CIA installer/uninstaller called "FBI" to do it. And yes you can even do this on the n3DS.
 
D

Deleted User

Guest
The latter part of your statement. MSET still could get ARM11 through 7.0 I believe. ARM9 was only for 4.5 and below.

You can still use the chunk-hax exploits for ARM9 though...

GD ninja'd by the post above with more info :(
 
  • Like
Reactions: Margen67

drfsupercenter

Flash Cart Aficionado
OP
Member
Joined
Mar 26, 2008
Messages
1,909
Trophies
1
XP
1,163
Country
United States
Yeah, I seem to recall ARM11 still being available through 7.2, and reading that it was patched in 8.0

I have a 2DS that came from the store with 7.2 and it would be super useful to be able to use the DS profile exploit so I don't have to set up an Internet connection on it :P

Most of what I use is rxTools on that thing anyway since I have a 9.6 emuNAND setup which Gateway doesn't support yet.

So can I actually use Roxas' MSET exploit installer for this function or is that just a POC and not released yet?
Would be nice if Gateway could support it too...

What are memchunkhax and firmlaunchhax? Is it one of those multi-stage exploits like what NinjHax did?

Edit: oh, was it 7.0 and not 8.0? Darn.
 
  • Like
Reactions: Margen67

drfsupercenter

Flash Cart Aficionado
OP
Member
Joined
Mar 26, 2008
Messages
1,909
Trophies
1
XP
1,163
Country
United States
I can't even seem to find on 3DBrew when exactly it was patched. In fact, googling "3ds mset exploit" doesn't take me to any info on it at all. Can someone find out for sure when it was completely patched?
 
  • Like
Reactions: Margen67

MrJason005

√2
Member
Joined
Nov 26, 2014
Messages
2,521
Trophies
0
Location
Κάπου
XP
1,607
Country
Greece
MSETT entry point still existed in 6.x. The Arm9/Arm11 exploit it originally used was patched in 5.0 thus why Gateway doesn't have a MSETT exploit for it. Of coarse now that memchunkhax and firmlaunchhax is a thing, it's possible to use 6.x MSETT again. But currently Gateway hasn't decided to make use of it and rxTools hasn't released it's new MSETT rop code for it yet.

Also, it's possible to "downgrade" System Settings to a version from 6.x to get MSETT back on 9.2 sysnand. You'll need to use a homebrew CIA installer/uninstaller called "FBI" to do it. And yes you can even do this on the n3DS.
But I think you said on a "classified forum" that n3DS uses different MSET from the O3DS and that you can't downgrade it?
 

Apache Thunder

I have cameras in your head!
Member
Joined
Oct 7, 2007
Messages
4,402
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,744
Country
United States
But I think you said on a "classified forum" that n3DS uses different MSET from the O3DS and that you can't downgrade it?

I don't recall exactly where you got that from. But I do recall that it's TWL_FIRM you can't downgrade on a n3DS since it uses it's own version of TWL and the oldest available for that is 8.1 for Japan and 9.0 for USA. So there wouldn't be any point downgrading it. (And I don't think TWL was updated at all since 8.1/9.0, so there would be nothing to downgrade to anyways)
 

MrJason005

√2
Member
Joined
Nov 26, 2014
Messages
2,521
Trophies
0
Location
Κάπου
XP
1,607
Country
Greece
I don't recall exactly where you got that from. But I do recall that it's TWL_FIRM you can't downgrade on a n3DS since it uses it's own version of TWL and the oldest available for that is 8.1 for Japan and 9.0 for USA. So there wouldn't be any point downgrading it. (And I don't think TWL was updated at all since 8.1/9.0, so there would be nothing to downgrade to anyways)
Ahh, I thought MSET was the same as TWL_FIRM, meaning that we could only use DS Profile exploit on O3DS.
I saw your message on the VIP/Staff live chat on that website, but it got buried...
 

Asia81

Yuri Lover ~
Member
Joined
Nov 15, 2014
Messages
6,646
Trophies
3
Age
29
XP
3,446
Country
France
MSETT entry point still existed in 6.x. The Arm9/Arm11 exploit it originally used was patched in 5.0 thus why Gateway doesn't have a MSETT exploit for it. Of coarse now that memchunkhax and firmlaunchhax is a thing, it's possible to use 6.x MSETT again. But currently Gateway hasn't decided to make use of it and rxTools hasn't released it's new MSETT rop code for it yet.

Also, it's possible to "downgrade" System Settings to a version from 6.x to get MSETT back on 9.2 sysnand. You'll need to use a homebrew CIA installer/uninstaller called "FBI" to do it. And yes you can even do this on the n3DS.

What's the CIA Title (for Download with 3DNUS) of System Settings EUR ?
I want to use my DS Profile for load Gateway (or another Hacks) on 7.X-8.X-9.X Sysnand ?
 

Apache Thunder

I have cameras in your head!
Member
Joined
Oct 7, 2007
Messages
4,402
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,744
Country
United States
Yeah I think I was talking about TWL_FIRM. System Settings appears to work much like the 2DS version where only certain features show up if you have a n3DS, but is otherwise the same title ID and content that the old 3DS uses.

As for the title ID for Europe version: 0004001000022000

The version string you want is 5127 by the way. That was the last version of System Settings before the 7.0 update.
 

Asia81

Yuri Lover ~
Member
Joined
Nov 15, 2014
Messages
6,646
Trophies
3
Age
29
XP
3,446
Country
France
Yeah I think I was talking about TWL_FIRM. System Settings appears to work much like the 2DS version where only certain features show up if you have a n3DS, but is otherwise the same title ID and content that the old 3DS uses.

As for the title ID for Europe version: 0004001000022000

The version string you want is 5127 by the way. That was the last version of System Settings before the 7.0 update.

And I can install it on SysNand without risk of brick my 3DS ?
It's also possible to use it on a N3DSXL ?
 

Apache Thunder

I have cameras in your head!
Member
Joined
Oct 7, 2007
Messages
4,402
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,744
Country
United States
3DS will boot fine without the System Settings app (you just can't change settings). So even if you accidentally rebooted after uninstalling the old one, it will be fine. Just install the old one and you got System Settings back + working MSETT entry point.

Just note you need to uninstall System Setting with FBI first before you can install the old one. But I'm sure you are already aware of that.
 

WulfyStylez

SALT/Bemani Princess
Member
Joined
Nov 3, 2013
Messages
1,149
Trophies
0
XP
2,867
Country
United States
[quote="Apache Thunder, post: 5456498, member: 105648"rxTools hasn't released it's new MSETT rop code for it yet.[/quote]

https://github.com/roxas75/mset_firmlaunchax_4x (it's okay though, i missed this getting released too)

The mset exploit is unique in that it's currently applicable to literally every exploitable system out there, even though it's been patched. Nintendo can actually still remove the ability to run old mset in future firmware versions, but that's not an issue at the moment since newer fw versions aren't even fully hackable yet.
The mset bootstrap stuff I wrote and showed off before is actually 6.0-based. I figured it'd be better to use the newest version possible, just in case older mset caused compatibility issues somehow. I think Roxas' plan is to support both 4.5 and 6.0 versions of mset. We'll follow suit eventually.

Honestly though, my recommendation if you're on a New 3DS and want to downgrade is -- don't. If you can't immediately do something with downgraded mset, you're just gimping your system for no reason. We intend on shipping a simple app to automatically handle downgrading mset in a safe way to go along with mset support. Downgrading through FBI is a bit more risky than you'd think.
 

drfsupercenter

Flash Cart Aficionado
OP
Member
Joined
Mar 26, 2008
Messages
1,909
Trophies
1
XP
1,163
Country
United States
Just wondering, if you replace System Settings with an older one, you lose the Nintendo Network settings, right?

Is there a way to keep the older TWL_FIRM while being able to setup NNIDs?
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Communism lol
  • SylverReZ @ SylverReZ:
    OUR products
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    +2
  • BakerMan @ BakerMan:
    @LeoTCK is your partner the sascrotch or smth?
  • Xdqwerty @ Xdqwerty:
    Good morning
  • Xdqwerty @ Xdqwerty:
    Out of nowhere I got several scars on my forearm and part of my arm and it really itches.
  • AdRoz78 @ AdRoz78:
    Hey, I bought a modchip today and it says "New 2040plus" in the top left corner. Is this a legit chip or was I scammed?
  • Veho @ Veho:
    @AdRoz78 start a thread and post a photo of the chip.
    +2
  • Xdqwerty @ Xdqwerty:
    Yawn
  • S @ salazarcosplay:
    and good morning everyone
    +1
  • K3Nv2 @ K3Nv2:
    @BakerMan, his partner is Luke
  • Sicklyboy @ Sicklyboy:
    Sup nerds
    +1
  • Flame @ Flame:
    oh hi, Sickly
    Flame @ Flame: oh hi, Sickly