Homebrew WiFiPWN research

I_AM_L_FORCE · Dec 30, 2016

So.
It has been known for a while now that the DS WiFi settings .app file can be replaced with an exploitable DSiware game, and can then be launched through system settings.

In the wake of Slow/Fasthax being released we have gained Kernel access on arm11, which has led to people being able to install DSiware saves, legit CIAs ect.

What we do not know is if it is possible to access the TWLN partition of the NAND through just arm11 Kernel access, if it is in fact possible we can overwrite DS WiFi settings with say fieldrunners or sudoku, and then run the downgrade.

Thoughts, anyone?

iAqua · Dec 30, 2016

Luke Gainsford said:
So.
It has been known for a while now that the DS WiFi settings .app file can be replaced with an exploitable DSiware game, and can then be launched through system settings.

In the wake of Slow/Fasthax being released we have gained Kernel access on arm11, which has led to people being able to install DSiware saves, legit CIAs ect.

What we do not know is if it is possible to access the TWLN partition of the NAND through just arm11 Kernel access, if it is in fact possible we can overwrite DS WiFi settings with say fieldrunners or sudoku, and then run the downgrade.

Thoughts, anyone?

Might be possible, I'll look into it.
don't expect any implementations from me if anything exists.

I_AM_L_FORCE · Dec 30, 2016

iAqua said:
Seems possible, I'll look into it.

Into accessing TWLN from arm11?

CeeDee · Dec 30, 2016

If we could access NAND through ARM11, we wouldn't need DSiWare.

AxlSt00pid · Dec 30, 2016

Looks really interesting imo

I_AM_L_FORCE · Dec 30, 2016

CeeDee said:
If we could access NAND through ARM11, we wouldn't need DSiWare.

We're talking about the TWLN partition here, which is already accessible by bugging AMPXI.

CeeDee · Dec 30, 2016

Luke Gainsford said:
We're talking about the TWLN partition here, which is already accessible by bugging AMPXI.

If that's the case, couldn't we exploit any DSiWare, the same way the current transfer method does?

I_AM_L_FORCE · Dec 30, 2016

CeeDee said:
If that's the case, couldn't we exploit any DSiWare, the same way the current transfer method does?

Very true.

--------------------- MERGED ---------------------------

Then the only other way to use DS WiFi settings is to find an actual crash/bug in the app itself?

Yepi69 · Dec 30, 2016

I have a friend's 11.2 o3DSXL right here using the newly uploaded soundhax entrypoint, would love to see this work.
Nintendo from Europe has removed the exploitable DSiWare games needed to downgrade the damn thing.

I_AM_L_FORCE · Dec 30, 2016

Something about 0x004E00C0 on this page https://3dbrew.org/wiki/Application_Manager_Services_PXI bugs me though

proflayton123 · Dec 31, 2016

This is a nice concept

DarkSynopsis · Dec 31, 2016

Don't you need ARM9 to replace .app, I mean if we could do that already we wouldn't need to transfer the DSiWare titles from another system, could just inject .app.

RednaxelaNnamtra · Dec 31, 2016

If its possible open NAND TWL FS writable, while being able to acces the title folders through https://www.3dbrew.org/wiki/Filesystem_services#Archives,
it could be possible to do, what we did manualy in this tutorial from arm11:
https://gbatemp.net/threads/tutorial-new-installing-sudokuhax-on-3ds-4-x-9-2.388621/

Mrrraou · Dec 31, 2016

TWLN cannot be accessed from ARM11 without the signed exheader of an app that has access to it, afaik. And no retail apps have access to this (mostly for security reasons), to my knowledge.

You should document yourself more before making threads like this.

Arubaro · Dec 31, 2016

I would say... that works if you're on a version up to 9.2, hence, you can run decrypt9?

proflayton123 · Dec 31, 2016

Mrrraou said:
TWLN cannot be accessed from ARM11 without the signed exheader of an app that has access to it, afaik. And no retail apps have access to this (mostly for security reasons), to my knowledge.

You should document yourself more before making threads like this.

RednaxelaNnamtra said:
If its possible open NAND TWL FS writable, while being able to acces the title folders through https://www.3dbrew.org/wiki/Filesystem_services#Archives,
it could be possible to do, what we did manualy in this tutorial from arm11:
https://gbatemp.net/threads/tutorial-new-installing-sudokuhax-on-3ds-4-x-9-2.388621/

Refer to the above

Mrrraou · Dec 31, 2016

proflayton123 said:
Refer to the above

You should read it too. "Required exheader FS access info bitmask: 0x100"

KanterZ · Dec 31, 2016

This is really nice. I'll wait for it.

I_AM_L_FORCE · Dec 31, 2016

Mrrraou said:
TWLN cannot be accessed from ARM11 without the signed exheader of an app that has access to it, afaik. And no retail apps have access to this (mostly for security reasons), to my knowledge.

You should document yourself more before making threads like this.

What about system settings, or DS download play for that matter, don't they both access TWLN?

Mrrraou · Dec 31, 2016

Luke Gainsford said:
What about system settings, or DS download play for that matter, don't they both access TWLN?

MSET does not (and why would it?), and DS DLP is not a CTR app.

Homebrew WiFiPWN research

Unban me from Discord

ㅤ

Unban me from Discord

fuckin dork

Well-Known Member

Unban me from Discord

fuckin dork

Unban me from Discord

Jill-sandwiched

Unban me from Discord

The Temp Loaf'

Well-Known Member

Well-Known Member

Well-Known Member

Soulspace Guardian

The Temp Loaf'

Well-Known Member

Modder.

Unban me from Discord

Well-Known Member

Similar threads

Popular threads in this forum