Toggle sidebar

Homebrew [WIP] Memchunkhax 2

  • Thread starter Thread starter julian20
  • Start date Start date
  • Views Views 126,483
  • Replies Replies 661
  • Likes Likes 24
Status
Not open for further replies.
Apache Thunder said:
This is good news assuming whom ever discovered memchunkhax2 ever releases it. Users on 9.3 (and perhaps 9.4. I don't recall when the arm9 exploit was patched. But it was NOT patched in 9.3. Only the Arm11 exploit was!) can possibly have an exploitable system now (that won't involve downgrading).

As for the rest of us. SNSHax and memchunkhax2 pretty much means that a whole lot of retail n3DSes still on the shelves are suddenly exploitable now. Even though there isn't a new Arm9 exploit past 9.3/9.4 (though it's not usable past 9.2 until memchunkhax2 is public). So it may get a lot easier to find a n3DS you can exploit once this is public. Once you have Arm11 you can downgrade the system to 9.2. Of coarse n3DS users still will be stuck with a emunand on 9.5 since new key for encrypted arm9 hasn't been found/leaked yet.

I don't own a n3DS and my 3DS XL which is in the pawn shop right now is already exploitable. Still good news to hear though. :D
Click to expand...

It was actually Smea who released the info about SNShax and Derrek (I believe) who made the info that this thread is about available, he showed how memchunkhax wasn't fully fixed and how we might get the normal key (that's what he called it, I'm guessing this is akin to a common key?) And plutoo was showing how we might get the n3ds keys needed for emuNAND 9.5+
 
  • Like
Reactions: Deleted User
Cool. I wonder how much of this would have been public if it wasn't for that one guy who ripped rxTools a new ***hole by releasing a sigcheck patched version a while ago. (I know who the guy is, but I don't recall how to spell his name and my internet is too garbo right now for me to look it up. So I won't butcher the spelling. :P )

Seems like things started moving faster ever since then. :D
 
Last edited by Apache Thunder,
  • Like
Reactions: Vappy and Deleted User
Apache Thunder said:
Cool. I wonder how much of this would have been public if it wasn't for that one guy who ripped rxTools a new ***hole by releasing a sigcheck patched version a while ago. Seems like things started moving faster ever since then. :D
Click to expand...
GovanifY? Yeah once he and st4rk released that stuff everything moved pretty fast, I think they were actually going to release that CFW they were making eventually (though I'm not sure) and release most homebrew in CIA format at first, Smea did show his stuff running as CIAs (the Yeti game or whatever that he ported) the thing is it was just unfinished... Ofc this is speculation but usually I'm right when I speculate... I had money on yellows8 getting menuhax to work on newer firmwares along with a new browserhax entrypoint (ofc browserhax was pretty inevitable) lol... Anyways :P
 
Allow me to make an attempt at summarizing. I might be wrong in certain parts as I dont completely understand what they said. Lol.

First, to break through the layer of Arm11 userland, we would use browserhax, ironhax, oot3dhax, and menuhax.

Second, to get to Arm11 kernel, with the slab heap, it allows us to replace the memory chunk in the kernel with our own piece of memory through a race condition. You guys call this memchunkhax2.

Third, for Arm9 kernel, we wouldnt exactly need the keys as pluto did it without the keys. He appended his payload onto the first partition and changed the hash value of both partitions which are checked. And because the first hash doesnt match with the first partition, the second partition is used because it is the backup. Then because the second hash isnt verified, he is able to inject his own hash to verify the second partition with the payload at the end.

The two keys allow much more access to the 3ds and they have determined the formula that derives the main key using the two given keys, one of which is hard coded into the current 3ds firnware and can be extracted. The other which you can use algebraic expressions to solve but only if u have the second key.

I think this sums up the talk. If i said anything wrong, feel free to correct me. XD
 
Last edited by ChaosRipple,
  • Like
Reactions: Kafke
kernel exploit 9.3+..jpg


Soon
 
  • Like
Reactions: HeyItsJono, Hoppy, AliTheAce and 13 others
Apache Thunder said:
Cool. I wonder how much of this would have been public if it wasn't for that one guy who ripped rxTools a new ***hole by releasing a sigcheck patched version a while ago. (I know who the guy is, but I don't recall how to spell his name and my internet is too garbo right now for me to look it up. So I won't butcher the spelling. :P )

Seems like things started moving faster ever since then. :D
Click to expand...
There's also been less dev whoring since users have access to piracy for free too :grog:
 
  • Like
Reactions: Deleted User
Jwiz33 said:
I sure am :D
However, I do buy some games legitimately every so often.
Click to expand...
Same, I never make enough money to get the games I want so I only have like 4 3DS Games that I legitimately bought. If I could I would buy them all legitimately.
 
Piluvr said:
yar-har a diddly dee, being a pirate is alright to me!
Click to expand...
Do What You Want, Cause A Pirate Is Free... You Are A Pirate
man that brings back memorys from when I was a small child. Lazytown was the thing back then but looking back at it now the show is stupid.
 
Last edited by ElyosOfTheAbyss,
  • Like
Reactions: Piluvr
Just a quick question if someone could answer for me, if we already have the hax are we good?
For example i have FW 9.9 on my US and Japanese systems, US one has Ironhax and Menuhax
and the other one has Menuhax, so I dont need to do anything further? I dont need the new versions
of the hax for 10.2 or 10.3?
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Website for finding alternative games for 3DS

Hacking  Modding Reassurance

GodMode9 wont launch, holding START just goes to home screen