Hacking [WIP] KARL3DS - Kernel access on N3DS via Ninjhax + Loadcode

[EmceeKerser]

but at the end of the day people will go back to a free CFW. Not trying to judge, just being objective.

Wait, are you saying you have to pay for this CFW?

What the fuck

 

[Suiginou]

Wait, are you saying you have to pay for this CFW?

What the fuck

What? Gateway are doing it, too, and even ships with a DRM dongle in the shape of a flashcart. I don't see the problem except maybe from a legal standpoint.

 

[shinyquagsire23]

Wait, are you saying you have to pay for this CFW?

What the fuck

Of course not.

 

[EmceeKerser]

What? Gateway are doing it, too, and even ships with a DRM dongle in the shape of a flashcart. I don't see the problem except maybe from a legal standpoint.

Yeah youre paying for a flashcart, not just CFW

Seems pretty silly to sell a softmod (with potential legal problems). No one will buy it because free CFWs exist

 

[WeedZ]

What? Gateway are doing it, too, and even ships with a DRM dongle in the shape of a flashcart. I don't see the problem except maybe from a legal standpoint.

Yeah, but they have this one key feature, piracy. I think that's a cornered marked in the cfw realm.

 

[EmceeKerser]

Yeah, but they have this one key feature, piracy. I think that's a cornered marked in the cfw realm.

Pasta and RXtools have piracy too. Its not exclusive to Gateway anymore

 

[WeedZ]

Pasta and RXtools have piracy too. Its not exclusive to Gateway anymore

I meant pasta/patched rxtools had the cfw market cornered.

Edit, nvm, I've rode this tangent far enough. Karl isn't out or have any plans of selling releases anyway.

 

[EmceeKerser]

I meant pasta/patched rxtools had the cfw market cornered.

Edit, nvm, I've rode this tangent far enough. Karl isn't out or have any plans of selling releases anyway.

Ahhh, well then we agree then.

What exactly is KARL3ds bringing to the table that will make it worth paying for?

And whats stopping people from purchasing it once and giving it away to everyone?

 

[shinyquagsire23]

What exactly is KARL3ds bringing to the table that will make it worth paying for?

Blackjack and hookers of course. Having sig checks patched out is obviously too mainstream for us.

 

[gamesquest1]

Ahhh, well then we agree then.

What exactly is KARL3ds bringing to the table that will make it worth paying for?

And whats stopping people from purchasing it once and giving it away to everyone?

well, if someone really wanted to sell a CFW, they could try some long winded DRM, i.e you pay, they send you a program that scrapes unique identifiers from your system , serial number, mac address, device specific identifiers that cant be changed and use them in the DRM to lock each bought copy to the specific console

but again the whole "buying this cfw" was just pulled out of nowhere, nowhere has any of the dev's said they plan to sell KARL, and with all the other alternatives around, i doubt many people would bit......maybe if Pasta and the hacked Rxtools weren't released....then maybe, but even then it would have to be a sort of very cheap gateway, and i guess with no cart to produce they could indeed to that $20 for feature packed CFW that doesn't rely on people haphazardly hacking up other peoples work and calling it a rom loader......if the karl team really really did plan to go down such a route, im sure there might be people who still consider it if it was cheap enough, especially with the MSET launching capabilities on n3DS meaning they only need CN once to downgrade MSET

but again, dev's have given no indication they have any such plans so no point really discussing it

 

[hairyfairy]

Blackjack and hookers of course. Having sig checks patched out is obviously too mainstream for us.

haha good one

 

[MrJason005]

huh, karl closing down its thread?

 

[NaviLoz101]

@Rokkubro @Dazzozo @shinyquagsire23 @WulfyStylez @Relys @StapleButter
time to Remove the A in KARL id Give it a week before the sigchecks are patch for karl, all it is is replacing script, not hard at all to do ^^

 

[motezazer]

@Rokkubro @Dazzozo @shinyquagsire23 @WulfyStylez @Relys @StapleButter
time to Remove the A in KARL id Give it a week before the sigchecks are patch for karl, all it is is replacing script, not hard at all to do ^^

Didn't they say it will be... er... I mean... obfuscated?

 

[gamesquest1]

@Rokkubro @Dazzozo @shinyquagsire23 @WulfyStylez @Relys @StapleButter
time to Remove the A in KARL id Give it a week before the sigchecks are patch for karl, all it is is replacing script, not hard at all to do ^^

soooooo? you theorize they will be releasing KARL within 1 week for it to be hacked by the end of the week.....how about if its never released, how long will it take people to hack it then?

 

[shinyquagsire23]

Didn't they say it will be... er... I mean... obfuscated?

It certainly won't be as easy as RxTools was to crack, I'll tell you that much.

@Rokkubro @Dazzozo @shinyquagsire23 @WulfyStylez @Relys @StapleButter
time to Remove the A in KARL id Give it a week before the sigchecks are patch for karl, all it is is replacing script, not hard at all to do ^^

We have no such replacing scripts. Also why would we not up our security after RxTools was patched like nothing happened?

 

[Suiginou]

It certainly won't be as easy as RxTools was to crack, I'll tell you that much.

Then again, you'll get infinitely much saltier, so the work may well be worth it.

 

[guitarheroknight]

Wait, are you saying you have to pay for this CFW?

What the fuck

You do realize that free doesnt just mean that you dont have to pay for something right? Free as in all the signatures get patched, free as in full control of the OS without all that anti-piracy stuff, free as in full open source.... Jesus Christ

 

[Syphurith]

No. Just look the 2.1 section.

I'm very sorry to read the paper almost throughout with my poor ARM hardware knowledge.
The main clock speed of LPC1768 (Cortex-M3) which mentioned in the paper is 100MHz. However the target CPU in the paper is Marvell Kirkwood 88F6281 (ARM926), which has a maximum main clock speed as 1.2GHz, while there is 88F6282 can archieve 2.0GHz in the family. That sounds good isn't it?
"Our approach neither requires hardware modifications nor expensive test equipment.", "The first step is to stop the SUT by sending a debug request via JTAG. At this point, the OCD takes control over the CPU." However 3DS's MPCore didn't expose a JTAG. I'm getting disappointed.

Also about its section 2.1:
pin-level probes and sockets [ACL89][KF95] - ...
without contact by exposing the circuit to a particle beam [KF95][VKC+92][ELDF92] - Beam?
using lasers [PLF03] or to electromagnetic inferences [KF95][VCG+05] - Orz.

Well.. i recalled something special. (With the f**king cheap STM32 ARM Chips). Chips have a lowest possible working voltage. Lower than that, it would function abnormally. Also, there is a main clock source, or other crystals that generate the clock chips need (even feeded to PLLs lately). When you give it a much slower clock source, that slower than its PLL could adjust, it would have a inproper clock speed, or just function abnormally. I don't know if there are similar faults with the hardware that exploitable. Hope it isn't one including a source as MSP430.

--Too long to be quoted here--

I'm sorry to disturb you. NTR's debugger has some issues that related to multi-core support. I thought of BKPT or a modified HardFault that could trigger. However he is busy playing with iWatch or anything (doesn't matter), so it is much likely to be a finished one currently. I wouldn't ask you for helping him directly, but if you know some techinics that may solve this.. Yes even 44670 isn't a friend of mine.
Even i don't like close-sourced ones, i respect what you chose. I would say thanks to your work. And hope you play well with your research.

You do realize that free doesnt just mean that you dont have to pay for something right? Free as in all the signatures get patched, free as in full control of the OS without all that anti-piracy stuff, free as in full open source.... Jesus Christ

Be Free the "No-Fee" or "Freedom". So i don't consider NTR a Free(dom) Solution now. And well the code is within their hands, so open or not is their choice - at least you can not hit one of them with your fist and threaten him to open the code (yep). I would say nothing if one chose close-source. Those are all Karma.

 

[motezazer]

-snip-

Well, clock glitching - voltage glitching - radiation glitching were all tried (not by me, of course). None of them worked.
And I read that the reset line of the SoC wasn't found, so no reset glitching.