Homebrew safefirmraunchhax - new Arm9 exploit discussion

[uyjulian]

The fix for firmlaunchhax was only applied to NATIVE_FIRM in 9.5.0-X, leaving SAFE_FIRM exploitable. With ARM11-kernel execution, one can trigger FIRM-launch in to SAFE_FIRM, do Kernel9 <=> Kernel11 sync and then repeat the original attack on SAFE_FIRM instead.

Other place to talk: http://gbatemp.net/threads/safehax-11-1-2-downgrade-without-dsiware.455456/

Apparently this exploit was ｢leaked｣ and that ｢many people know about it｣. Also, apparently, it was going to be released at ｢the _real_ EoL｣. These are some things I saw people talk about on an IRC channel. Please be careful about this information. My opinion on this, is that this is going to probably be the last arm9 exploit ever released before the 3DS' End-of-Life, since the ｢inside people｣ don't really want to share.

Please visit https://3ds.guide/ for updated softmod instructions that use this exploit.

 

[Blaine20]

sweet

 

[punderino]

Fix the link

 

[Blaine20]

a download link would be nice

 

[Eastonator12]

a download link would be nice

lmao

 

[punderino]

a download link would be nice

Uhm.. I think you didn't even look at what that is... But no, that's not how it works.

 

[Blaine20]

think he meant this https://3dbrew.org/wiki/3DS_System_Flaws

 

[punderino]

think he meant this https://3dbrew.org/wiki/3DS_System_Flaws

Yes, we all know that.

 

[Blaine20]

yeah just did i have a tendance to talk before i think lol my fault

 

[guisadop]

a download link would be nice

I agree, you should implement the exploit and provide a download link for us

 

[Eastonator12]

yeah just did i have a tendance to talk before i think lol my fault

lmao this is not even a real release yet xD

 

[Blaine20]

I agree, you should implement the exploit and provide a download link for us

glad to have an agreeing person

--------------------- MERGED ---------------------------

lmao this is not even a real release yet xD

kinda figured that

--------------------- MERGED ---------------------------

bored as hell
cant wait for fasthax to be released officially

 

[Tenshi_Okami]

wait nvm, im being dumb

 

[Deleted User]

Does SAFE_FIRM load anything on startup?

....If this only works on >9.5 then why its worth discussing about it? It won't change the fact that ALL the payloads are made for the 9.2 ARM9 exploit...

No, the point is it that it works on all firmware.

 

[Mrrraou]

....If this only works on >9.5 then why its worth discussing about it? It won't change the fact that ALL the payloads are made for the 9.2 ARM9 exploit...

not true lol, how do you think the public arm9loaderhax implementation works

 

[Tenshi_Okami]

not true lol, how do you think the public arm9loaderhax implementation works

Ye, i just woke up so, i already "removed" the dumb stuff i said lol sorry

 

[Wolfvak]

....If this only works on >9.5 then why its worth discussing about it? It won't change the fact that ALL the payloads are made for the 9.2 ARM9 exploit...

It's K9-less ARM9 code. Payloads like Decrypt9 don't care about your system firmware, all they care about is running with privileges on the ARM9 processor. It doesn't matter if its running on 1.0, 2.1, 4.x, 9.2, 10.4 (ntrcardhax) or 11.2.

As long as the entrypoint remains at 0x23F00000 and that screens are set up properly, in the end, the firmware version doesn't even matter.

 

[Tenshi_Okami]

It's K9-less ARM9 code. Payloads like Decrypt9 don't care about your system firmware, all they care about is running with privileges on the ARM9 processor. It doesn't matter if its running on 1.0, 2.1, 4.x, 9.2, 10.4 (ntrcardhax) or 11.2.

As long as the entrypoint remains at 0x23F00000 and that screens are set up properly, in the end, the firmware version doesn't even matter.

Ye, i just woke up so, i already "removed" the dumb stuff i said lol sorry

 

[Wolfvak]

btw to anyone reading this thread (holy crap 60 people!) there's no implementation of this yet. the end result will be 11.2 becoming "the new 9.2", but until an implementation is made you'll have to wait ¯\_(ツ)_/¯

 

[leerpsp]

so does this mean that arm9loaderhax can be installed safe with 9.5 and now we don't have to downgrade to 2.1 to do this when it comes out?