Awesome! I'm hyped now.
Also I think this means smea wasn't lying - there's no kernel code running and there's no >9.2 kernel but with SVC there is downgrading possible/legit CIAs. Is SVC "privileged code"?
- Status
Also I think this means smea wasn't lying - there's no kernel code running and there's no >9.2 kernel but with SVC there is downgrading possible/legit CIAs. Is SVC "privileged code"?
- Joined
- May 1, 2006
- Messages
- 635
- Reaction score
- 2,074
- Trophies
- 3
- Age
- 33
- Location
- SF
- Website
- www.smealum.net
- XP
- 2,547
- Country
ok so as entertaining as this is, it doesn't seem nice to let people speculate and possibly get excited over nothing. so, i'll address the big thing i guess :
if you open up any of the payloads in a hex editor, you will indeed find that code. this is apparently significant because this syscall lets processes that have access to it execute arbitrary code in kernel mode. sounds amazing right ? of course the thing is that no process actually has access to it, so you'd need some kind of exploit to use it. therefore, there has to be some kind of exploit hidden away that gives the current process access to it, right ? smea's a liar and thought noone would find his secret kernel exploit, right ?
as you've probably guessed by now, no, that's not what's going on. the truth of the matter is that unlike what Mrrraou claims, this code is not used by anything. sure, the svcBackdoor function exists, and it *is* called by another function... but the function in question is not called by anything, ever. this is just a remnant of some old debugging code in app_bootloader which only ran on 9.2.
here's a screenshot of the actual code, and how it's not called anymore :
and if you still don't believe me just ask anyone who knows how to read arm disassembly to take a look, and they'll be able to confirm that invalidate_icache isn't called anywhere in app_bootloader. another thing you could do for proof is modify the payload : just replace the svc 0x7b instruction with an undefined instruction (like 0xffffffff); this way, if the funciton *is* called, it'll crash. if it's not, it'll just keep working the way it always does.
if you open up any of the payloads in a hex editor, you will indeed find that code. this is apparently significant because this syscall lets processes that have access to it execute arbitrary code in kernel mode. sounds amazing right ? of course the thing is that no process actually has access to it, so you'd need some kind of exploit to use it. therefore, there has to be some kind of exploit hidden away that gives the current process access to it, right ? smea's a liar and thought noone would find his secret kernel exploit, right ?
as you've probably guessed by now, no, that's not what's going on. the truth of the matter is that unlike what Mrrraou claims, this code is not used by anything. sure, the svcBackdoor function exists, and it *is* called by another function... but the function in question is not called by anything, ever. this is just a remnant of some old debugging code in app_bootloader which only ran on 9.2.
here's a screenshot of the actual code, and how it's not called anymore :
and if you still don't believe me just ask anyone who knows how to read arm disassembly to take a look, and they'll be able to confirm that invalidate_icache isn't called anywhere in app_bootloader. another thing you could do for proof is modify the payload : just replace the svc 0x7b instruction with an undefined instruction (like 0xffffffff); this way, if the funciton *is* called, it'll crash. if it's not, it'll just keep working the way it always does.
Hype train is over, I guess.
Wait, then what's the invalidate_icache in Hans while booting a game?
Thanks for the explanation. And I should have tried that.
Sorry for all this speculation. Now that it's clear, topic can be closed. And I'll learn more ARM disassembly.
At some point maybe. But certainly not right now.
- Status
Site & Scene News
New Hot Discussed
-
-
22K views
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
15K views
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
11K views
Nintendo Direct June 9, 2026 roundup - Ocarina of Time remake announced, Kingdom Hearts IV trailer
Nintendo's expected Summer showcase is here, offering up plenty of new announcements and exciting reveals. Let's see what they have in store in the latest Nintendo... -
11K views
Pokémon Crystal gets a PC port titled "suiCune" based on C/C++ language
Continuing with the great news of Pokémon Platinum getting a native unofficial PC port just a few days ago, today, yet another classic title from the franchise has... -
10K views
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
9K views
Low-level 3DS emulator 3Beans released alongside setup tutorial video
When you talk about 3DS emulation, most people would jump to Citra. As the defacto choice since its first release it's seen tremendous success, and even after its... -
9K views
The long awaited EarthBound Beginnings Remake romhack is now available after almost 2 decades in development
What once seemed like a far off dream, and after many, many community restarts throughout the years, the elusive Mother 1 / EarthBound Beginnings Remake, which is a... -
8K views
Steam Machine waiting list goes live, starting at £879 with a 512GB SSD
After much speculation, a lot of which being caused by dbrand's unceremonious reveal of their Companion Cube casing, the Steam Machine is finally available to order... -
7K views
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
7K views
Super Mario 64 gets a brand new port on the Nintendo DS, brings support for full local multiplayer
Since being decompiled Super Mario 64 has seen a considerable amount of interest. We've had multiple PC ports, but the efforts beyond that are really astounding. It's...
-
-
-
207 replies
Steam Machine waiting list goes live, starting at £879 with a 512GB SSD
After much speculation, a lot of which being caused by dbrand's unceremonious reveal of their Companion Cube casing, the Steam Machine is finally available to order... -
176 replies
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
141 replies
Nintendo Direct June 9, 2026 roundup - Ocarina of Time remake announced, Kingdom Hearts IV trailer
Nintendo's expected Summer showcase is here, offering up plenty of new announcements and exciting reveals. Let's see what they have in store in the latest Nintendo... -
117 replies
Grand Theft Auto VI pre orders go live tomorrow, physical release limited to code in box
The delays may be behind us, but the news isn't all good for Grand Theft Auto VI. Rockstar have today announced that pre-orders for the game will go live tomorrow, on... -
103 replies
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
91 replies
What do you want to see in the next Nintendo Direct?
With rumours circulating about a Nintendo Direct in the coming days and weeks, fans are left speculating and hoping as to what might be included. At the centre of all... -
80 replies
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
71 replies
Nintendo Direct to air on the 9th of June, set to feature 50 minutes of Switch and Switch 2 games launching this year
After much speculation and rumour, the fabled Nintendo Direct is upon us. Set to go live tomorrow, the 9th of June, at 3pm in the UK, it'll feature 50 minutes of... -
71 replies
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
65 replies
Nintendo fined 35 million euros by the French government due to Switch 1 Joycon malfunctions
Following an investigation over misleading commercial practices, today Nintendo has been imposed a fine of 35 million euros related to the controller malfunctions...
-
