Homebrew RAM editing glitch on any 3DS, might lead to an exploit?
- Thread starter Trinitro21
- Start date
- Views 49,496
- Replies 445
- Likes 34
Digital only in JPN and USA regions only.
Better act now if you want to get in on it. It could be pulled before a release. The vuln has already been demonstrated in code.
To summarize:
Smile basic let's you run arbitrary interpreted code in a sandbox. A glitch allows breaking out of the sandbox and directly editing ram. Doing this can allow for rop. Rop is the foundation for all userland exploits.
The game has a (very) nice service access list
> $hioFIO
> $hostio0
> $hostio1
> cfg:u
> fs:USER
> gsp::Gpu
> hid:USER
> ndm:u
> pxi:dev
> APT:A
> ac:u
> act:u
> am:app
> boss:U
> cam:u
> cecd:u
> dlp:FKCL
> dlp:SRVR
> dsp:: DSP
> frd:u
> http:C
> ir:USER
> ldr:ro
> mic:u
> news:u
> nfc:u
> nim:aoc
> nwm::UDS
> ptm:u
> qtm:u
> soc:U
> ssl:C
> y2r:u
> $hostio0
> $hostio1
> cfg:u
> fs:USER
> gsp::Gpu
> hid:USER
> ndm:u
> pxi:dev
> APT:A
> ac:u
> act:u
> am:app
> boss:U
> cam:u
> cecd:u
> dlp:FKCL
> dlp:SRVR
> dsp:: DSP
> frd:u
> http:C
> ir:USER
> ldr:ro
> mic:u
> news:u
> nfc:u
> nim:aoc
> nwm::UDS
> ptm:u
> qtm:u
> soc:U
> ssl:C
> y2r:u
Last edited by zoogie,
Yep. Those are some of the function names. I also linked an editor on the first page; if you want to use it, inject the file into your extdata.
Well I would but I'm already running my N3DS on Luma3DS with A9HL with latest system firmware so I don't need to, was just testing it out for me and the people lol
Arm9HaxLoader?
Excuse my language, but shit hell what have you done
I'm the guy who originally discovered that BGSCREEN can open RAM contents (though I didn't originally discover that the command was bugged, it goes further back than me). The bug was really fickle to work with so I never thought it would go anywhere and we decided to keep it a secret.
Until now, apparently.
The SMILEBASIC community is really small and indie, as is the software. I care about it very much, so I absolutely CANNOT risk that the software get pulled. We need to do some damage control, and fast. I don't know exactly WHAT is going on here, I just got here, so if someone could TLDR me that would be nice.
I'm the guy who originally discovered that BGSCREEN can open RAM contents (though I didn't originally discover that the command was bugged, it goes further back than me). The bug was really fickle to work with so I never thought it would go anywhere and we decided to keep it a secret.
Until now, apparently.
The SMILEBASIC community is really small and indie, as is the software. I care about it very much, so I absolutely CANNOT risk that the software get pulled. We need to do some damage control, and fast. I don't know exactly WHAT is going on here, I just got here, so if someone could TLDR me that would be nice.
Basically, the RAM Contents are being used to modify the RAM in such a way in order to get out of the full sandbox and into userland. The exploit fully works apparently too...
EDIT: Here's a summary:
Last edited by epicmartin7,
M-muh damage control!!
Never change, Alex.
Edit: Quick warning guys
He's successfully contacted and talked to Smileboom before so I'm sure he'll get something done about this. If you're gonna exploit this do it quickly.
Last edited by ArcPh1r3,
Sorry, it's a forgone conclusion at this time that hbl for smilebasic is going to be released.
There's already plenty of issues to get it pulled. (editing system RAM in game? wtf)
You honestly should have thought of this before releasing a RAM editor, lol.
I'm well aware of the how and why, I just want to know how tobgwt the exploit now tbh
It's too late to stop it so let's ride the train out bois
EDIT: the RAM editing was a bug, we just entirely avoided reporting it for this exact reason
--------------------- MERGED ---------------------------
The actual bug and tools have been floating around for months. Trin just couldn't help himself not to release it.
There also isn't a decent explanation of why the bug seems to trigger here either, which I've determined. On phone though so I really don't want to type
--------------------- MERGED ---------------------------
What I first saud when i came in here didn't go off how I wanted because I was in a rush
I don't want you to drop everything I want you to get this exploit done but as QUICKLY and QUIETLY as possible. If we dilly-dally it's too late. Get this done fam
It's too late to stop it so let's ride the train out bois
EDIT: the RAM editing was a bug, we just entirely avoided reporting it for this exact reason
--------------------- MERGED ---------------------------
The actual bug and tools have been floating around for months. Trin just couldn't help himself not to release it.
There also isn't a decent explanation of why the bug seems to trigger here either, which I've determined. On phone though so I really don't want to type
--------------------- MERGED ---------------------------
What I first saud when i came in here didn't go off how I wanted because I was in a rush
I don't want you to drop everything I want you to get this exploit done but as QUICKLY and QUIETLY as possible. If we dilly-dally it's too late. Get this done fam
Similar threads
-
-
-
@
The Real Jdbye:
@SylverReZ if you could find a v5 DS ML you would have the best of both worlds since the v5 units had the same backlight brightness levels as the DS Lite unlockable with flashme -
-
-
@
BigOnYa:
A woman with no arms and no legs was sitting on a beach. A man comes along and the woman says, "I've never been hugged before." So the man feels bad and hugs her. She says "Well i've also never been kissed before." So he gives her a kiss on the cheek. She says "Well I've also never been fucked before." So the man picks her up, and throws her in the ocean and says "Now you're fucked."+2 -
-
-
@
BakerMan:
anyways, we need to re-normalize physical media+1
if i didn't want my games to be permanent, then i'd rent them -
@
BigOnYa:
Agreed, that why I try to buy all my games on disc, Xbox anyways. Switch games (which I pirate tbh) don't matter much, I stay offline 24/7 anyways.+1
-
-
@
cearp:
@BakerMan - you can still "own" digital media, arguably easier and better than physical since you can make copies and backups, as much as you like.+1
The issue is DRM -
@
cearp:
You can buy drm free games / music / ebooks, and if you keep backups of your data (like documents and family photos etc), then you shouldn't lose the game. but with a disk, your toddler could put it in the toaster and there goes your $60
-
-
@
rqkaiju2:
i like physical media because it actually feels like you own it. thats why i plan on burning music to cds -
-
-
@
SylverReZ:
@rqkaiju2, Physical media is a great source for archiving your data, none of that cloud storage shiz.+1 -
-
-
-
@
BakerMan:
guys, should i change my pfp to one of these or keep it the same?
(i guess i could change it to one of my other pfps too, but i just want to see what you guys think first) -
-
-
. Saves on time, soap, water and money having to wash them.