ROM Hack Rom modding on 9.9 ??

[puss2puss]

Hell-o gba tempers and temperesses!
I have a small question that i think i already have the answer but just want to make sure before downgrading my nand...

...On N3DS 9.9, is there a way to mod game roms? Knowing that we cant install cias, and cannot use a cfw, i still hope there's a way to use a FsLayered plugin or something similar..
..if i dont have any choice, i'il flash me nand with my 9.2 backup..

Thanks.

 

[Rusb]

Smea in twitter said he had an idea to do that for ninjhax users (if I remember well), but nothing more than that.

 

[The Real Jdbye]

Smea in twitter said he had an idea to do that for ninjhax users (if I remember well), but nothing more than that.

I doubt that will be possible on 9.9 since it's just one step away from ROM loading
It'd likely need a kernel exploit. It's possible with ARM11 kernel alone (NTR-CFW can do it and only has ARM11 kernel) and some people are speculating that Ninjhax 2.0 does in fact have ARM11 kernel access, but I'm not so sure I believe that.

 

[Rusb]

I doubt that will be possible on 9.9 since it's just one step away from ROM loading
It'd likely need a kernel exploit. It's possible with ARM11 kernel alone (NTR-CFW can do it and only has ARM11 kernel) and some people are speculating that Ninjhax 2.0 does in fact have ARM11 kernel access, but I'm not so sure I believe that.

Ninjhax ARM11 kernel access... I think not, not by itself, can be used as entrypoint for other (unknown) exploits, but Smea, being anti-piracy as he is, I doubt he'll release that. And the game shouldn't have that level of privileges.

 

[The Real Jdbye]

Ninjhax ARM11 kernel access... I think not, not by itself, can be used as entrypoint for other (unknown) exploits, but Smea, being anti-piracy as he is, I doubt he'll release that. And the game shouldn't have that level of privileges.

It doesn't, but ninjhax uses a series of exploits to gain more permissions. Without that, even running basic homebrew wouldn't be possible. One of the exploits Ninjhax used was patched in 9.3 and it's uncertain what's being used in place of that in Ninjhax 2.0, but people more experienced with hacking than you or I seem relatively sure that Ninjhax 2.0 has ARM11 kernel access. Of course this isn't exposed to homebrew though

 

[Rusb]

It doesn't, but ninjhax uses a series of exploits to gain more permissions. Without that, even running basic homebrew wouldn't be possible. One of the exploits Ninjhax used was patched in 9.3 and it's uncertain what's being used in place of that in Ninjhax 2.0, but people more experienced with hacking than you or I seem relatively sure that Ninjhax 2.0 has ARM11 kernel access. Of course this isn't exposed to homebrew though

For now I'll try to made game crash and find how many bytes can I use to run code, if I find the thing what is smea using, it'll be easy to make a hello world. But only experimental, i don't know enough to do something more :\

(Of course, maybe i can't achieve it xD)

 

[WateredFire19]

Wait for the Ninjhax 2.0 source code release.

 

[puss2puss]

Arm11 on nh2, if it was the case, wouldnt we already have ability to make a cfw for it? Or people are waiting for GW to update?
..anyway, if i want to mod my games this week, i guess i definitly need to downgrade to 9.2 then, right?..

 

[The Real Jdbye]

For now I'll try to made game crash and find how many bytes can I use to run code, if I find the thing what is smea using, it'll be easy to make a hello world. But only experimental, i don't know enough to do something more :\

(Of course, maybe i can't achieve it xD)

Making the game crash is only the first step... from there you need to figure out how to make it do something useful (e.g. execute a carefully crafted ROP chain that exploits a specific part of the system to gain unsigned code execution), then you go from there and exploit other parts of the system to gain more permissions. Pretty much how Ninjhax 1.0 works, check http://smealum.net/?p=517 for the details, I'm pretty sure he's intentionally leaving out some parts of the explanation, but it's fairly detailed.

Arm11 on nh2, if it was the case, wouldnt we already have ability to make a cfw for it? Or people are waiting for GW to update?
..anyway, if i want to mod my games this week, i guess i definitly need to downgrade to 9.2 then, right?..

A proper CFW needs ARM9 kernel. And no one's RE'd Ninjhax 2.0 fully yet nor is it open source, so we're not exactly sure how it works, or what would be needed to make use of the ARM11 kernel access.

 

[Rusb]

Making the game crash is only the first step... from there you need to figure out how to make it do something useful (e.g. execute a carefully crafted ROP chain that exploits a specific part of the system to gain unsigned code execution), then you go from there and exploit other parts of the system to gain more permissions. Pretty much how Ninjhax 1.0 works, check http://smealum.net/?p=517 for the details, I'm pretty sure he's intentionally leaving out some parts of the explanation, but it's fairly detailed.


A proper CFW needs ARM9 kernel. And no one's RE'd Ninjhax 2.0 fully yet nor is it open source, so we're not exactly sure how it works, or what would be needed to make use of the ARM11 kernel access.

Can't use the framebuffer adress to write directly to it, only exploiting the game? :\ you know, override return adress and run the code in the stack, i made it with lower versions of adobe reader and PoC of known program bugs, in 3DS never tried it.

 

[The Real Jdbye]

Can't use the framebuffer adress to write directly to it, only exploiting the game? :\ you know, override return adress and run the code in the stack, i made it with lower versions of adobe reader and PoC of known program bugs, in 3DS never tried it.

Normal executable memory isn't writable by the game that's why Ninjhax 1.0 exploits part of the system so it can mark accessible regions of memory as executable. This was the exploit that was patched in 9.3, and I don't know how Ninjhax 2.0 does it. Maybe the other way around, marking already executable memory regions as writable?
The 3DS is a completely different beast than computers or most smartphones, everything is locked down at the CPU level.

 

[Rusb]

Normal executable memory isn't writable by the game that's why Ninjhax 1.0 exploits part of the system so it can mark accessible regions of memory as executable. This was the exploit that was patched in 9.3, and I don't know how Ninjhax 2.0 does it. Maybe the other way around, marking already executable memory regions as writable?
The 3DS is a completely different beast than computers or most smartphones, everything is locked down at the CPU level.

Okay

 

[Megalegacy98]

What about TDVS? Is that way different?

 

[Rusb]

What about TDVS? Is that way different?

TDVS is an savedata dumper/injector

 

[Megalegacy98]

TDVS is an savedata dumper/injector

...Yeah know that I think of it they are wayyyyy different xD

 

[sat]

Not possible. Ever.

 

[puss2puss]

Not possible. Ever.

You dont know what your talking about lol

 

[probablygay]

nvm

 

[gamesquest1]

If I'm tubehaxed, could I use regionfree on an EUN3DS to load a US copy of Cubicninja to perform Ninjahax? I don't like being limited to having an internet connection to use Tubehax.

.......errrr, if you need to use tubehax to load the out of region CN then you would still be needing internet access

 

[probablygay]

.......errrr, if you need to use tubehax to load the out of region CN then you would still be needing internet access

Oh, shit. I'm retarded. Pardon me.