Hacking [Suspended] ARM11 kernel access project

[MassExplosion213]

Announcement: Project (publicly) suspended!

Work will still be going on behind the scenes, but with the extensive work needed to RE things and this thread becoming crap, I need to clarify this. You will get something when we get somewhere. PM me if you need me. Could a mod lock this thread?

 

[AtlasFontaine]

Shit got real boiz.

 

[Intronaut]

Great!

As I said before, this would allow fw spoofing, legit CIA installation and full system downgrade( according to shinyquagsire, and N3DS users will be only able to do it as far as they are bellow 9.5)

best luck for you!

 

[Carnelian]

Good luck

 

[The_Meistro]

If you need any help im here bro. I can test anything u need me too!

 

[Carnelian]

Great!

As I said before, this would allow fw spoofing, legit CIA installation and full system downgrade( according to shinyquagsire, and N3DS users will be only able to do it as far as they are bellow 9.5)

best luck for you!

For Old3DS it will able for 9.9.0-26U users ?

 

[The_Meistro]

For Old3DS it will able for 9.9.0-26U users ?

I have the same question being that im on 9.9

 

[MassExplosion213]

For Old3DS it will able for 9.9.0-26U users ?

Theoretically yes.

 

[NyaakoXD]

Great!

As I said before, this would allow fw spoofing, legit CIA installation and full system downgrade( according to shinyquagsire, and N3DS users will be only able to do it as far as they are bellow 9.5)

best luck for you!

Wait what's going on? What did I miss?

 

[Carnelian]

Theoretically yes.

Okay thank you

 

[Returnofganon]

Dang I wish you luck.
(Rip me and all other n3ds owners )

 

[Intronaut]

Wait what's going on? What did I miss?

Basically, all you need to install .cias is ARM11 kernel access. But these can only be signed .cias, ARM9 kernel is needed for unsigned .cias. There is downgrading protection with system apps and normal apps, however it's flawed: You can delete an app and then install it directly afterwards, effectively making these protections void. Thus the MSET downgrade hack was formed. So in theory, if you had ARM11 kernel access you could do this remove->install trick on all system apps and modules, including the NATIVE_FIRM title. To remedy the two stored straight on the NAND used by the bootloader, you actually already have the xorpads needed for those. If you know what version you're already on, you can use that NATIVE_FIRM image to retrieve an xorpad for it, and use that xorpad to write an older NATIVE_FIRM (note, these are still signed FIRM images here). This probably isn't possible though for the N3DS, due the fact that the 9.6 and up NATIVE_FIRM binaries are stuck behind new encryption. You could at least though return some usermode exploits I suppose.

You might say though, why not just write the NATIVE_FIRM only? This could maybe work for a few firmware versions with minimal updates relying on new stuff in the FIRM, but if the firmware introduced any significant changes it will most likely fail to work.

 

[NyaakoXD]

Ah, thanks!

 

[MassExplosion213]

Dang I wish you luck.
(Rip me and all other n3ds owners )

The only thing you guys don't get is downgrade.

 

[Megalegacy98]

So question, have you started it or will start it?

 

[MassExplosion213]

So question, have you started it or will start it?

Only thing I need is an ARM11 flaw.

 

[Returnofganon]

The only thing you guys don't get is downgrade.

Oh alright I didn't know that

 

[Megalegacy98]

Only thing I need is an ARM11 flaw.

Oh, well gl finding one!

 

[MassExplosion213]

Oh, well gl finding one!

Yep. NTR and emunand to the rescue!

 

[Piluvr]

Yep. NTR and emunand to the rescue!

hope so!