Homebrew I might have a theory on how to send the Homebrew Launcher via download play.

[epicmartin7]

So... I've been recently datamining Mario Kart 7 in order to get CTGP-7 working. Throughout the file structure, I found the "ExtractedDownloadPlay" folder and found another CIA inside it. All the CIA is really is the download play version of MK7 that's sent to another 3DS's limited RAM. That then gave kind of an idea.

Yellow8's Homebrew Launcher CIA is WAY smaller than that CIA. So it kinda begs the question if it would be theoretically possible to send someone HBL by modding a game with DownloadPlay.

Now, I can't really test it out considering I don't have another 3DS, but I'm just presenting it out there just in case someone else wants to.

Of course, there's no guarantee that it'll work in the first place, but this was just some observations I had.

If it does work though, we could use this method to install other exploits on other people's 3DS's.

Anyways, what do you guys think about this? Do you think it's possible at all?

Not saying I found an exploit at all or even if this will work. Just giving my opinion on it.

 

[Deleted member 373223]

2 words: Signature check

 

[solress]

You can't send games over DLP without then having the correct sigs

 

[epicmartin7]

2 words: Signature check

Does Download Play have signature checks at all? Just curious if it does.

 

[Deleted member 373223]

Does Download Play have signature checks at all? Just curious if it does.

yes

 

[ihaveahax]

inside the "download play child container" (which is a CFA) is a CIA. this CIA is installed to NAND and so it needs to pass signature checks like everything else. you can't send a modified CIA to a console with no signature patches.

 

[Ermelber]

I don't think it would... IDK if Download Play checks signatures or something, I can't say for sure

 

[epicmartin7]

yes

Gotcha... well... made a mistake then lol. Ah well. At least we got Freakyhax which just came out. Thanks for the info!

 

[DarkFlare69]

i said this in like 2015 and people said no.

 

[PabloMK7]

There is already a thread about this. CTGP-7 doesn't send a modified dlp cia, it works because MK7 sends the course files from the main game romfs, instead of the dlp cia, which doesn't have to pass any sig checks. An exploit may be possible by sending corrupted szs files, or corrupted tracks. (Karthax hype )

 

[Shadowxp13]

Can this work if we replace the original cia with any legit cia?

 

[Aether Lion]

Can this work if we replace the original cia with any legit cia?

AKA Everyone gets a free "backup" of SSB, any Pokemon game, and most Mario games. Don't forget TLoZ. ;p

 

[solress]

AKA Everyone gets a free "backup" of SSB, any Pokemon game, and most Mario games. Don't forget TLoZ. ;p

It'd be installed to the NAND,which wouldn't be able to hold that much information.

 

[Conn0r]

What about using download play to send a signed cubic ninja game?

 

[Aether Lion]

What about using download play to send a signed cubic ninja game?

It'd be installed to the NAND,which wouldn't be able to hold that much information.

 

[Conn0r]

The nand on some N3DSs are like ~2GB

 

[solress]

The nand on some N3DSs are like ~2GB

And how much do you think is free

 

[Conn0r]

And how much do you think is free

At least 0.63GB

 

[Aether Lion]

And how much do you think is free

~2kb lolol

 

[Ricken]

And how much do you think is free

All N3DS Nands are over 1GB iirc. lol

At least 0.63GB

Isnt Cubic smaller? Freaky as well for that matter