[Defcon] Smea to give 3DS security talk and release free arm9 exploit chain on August 11

dc-25-logo.jpg


(complete video of the talk - uploaded Oct. 22, 2018)

UPDATE (10-23-18): This hack was patched on 11.8 and was never publicly implemented
Please use Frogminer -> Free B9S cfw, works on 11.8, covers all major regions

(disclosure: Frogminer is my hack, but it serves the same purpose smeahax originally promised, so it's relevant here)


It looks like our old 3DS scene pal @smealum has returned to the limelight! Famous for his groundbreaking Ninjhax, Ironhax, and Tubehax userland exploits, and the udsploit kernel11 hax, Smea is back and better than ever with a total of four new exploits set to be revealed this Saturday at Defcon 26 in Las Vegas! So if you never got on the CFW bandwagon (full control of your 3DS with all the implied benefits), you'd better come and tune in with us this Saturday at 11:00 am PT sharp!​

Slides and Additional Videos


MHAX userland
ROHAX2 priv. escalation
ZHAX kernel11
TWLHAX arm9

(please wait for the guide to be updated for instructions)
^ skeletonwaiting.gif

DkV77xzUcAACLnW.jpg


 
Last edited by zoogie,

chrisrlink

Has a PhD in dueling
Member
Joined
Aug 27, 2009
Messages
5,543
Trophies
2
Location
duel acadamia
XP
5,704
Country
United States
Yeah but smea isn’t a pedophile
:wacko: wait that guy's a Pedo? but i though he was nailed for cracking security or something like that in fact the company that developed Denuvo ordered the raid/arrest iirc i think your confused with T.C. a former temper who WAS arrested for that
 

zoogie

playing around in the end of life
OP
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
14,998
Country
Micronesia, Federated States of
Do we know if/where this will be streamed?
Actually where can I watch talks?The streaming links aren't so obvious.
I've looked and looked and I don't see any evidence this conference livestreams. It's a rather pricey door charge and I really think the organizers believe people should pay that to see the event live.

However, there will be slides available when the talk starts (I'm certain of this), and of course, links to repos/releases when smea drops the exploits at the end of his presentation.
Hopefully, a video of his talk will surface afterwards but it's anyone's guess if that will happen.
 

Insane

Well-Known Member
Member
Joined
May 8, 2018
Messages
144
Trophies
0
XP
2,358
Country
Germany
I've looked and looked and I don't see any evidence this conference livestreams. It's a rather pricey door charge and I really think the organizers believe people should pay that to see the event live.

However, there will be slides available when the talk starts (I'm certain of this), and of course, links to repos/releases when smea drops the exploits at the end of his presentation.
Hopefully, a video of his talk will surface afterwards but it's anyone's guess if that will happen.

They (edit: the slides) are available now... I think he hacks the 3ds over the micro-sd card sharing feature..
I am impressed with his skills!
 
Last edited by Insane,

Myria

Well-Known Member
Member
Joined
Jul 24, 2014
Messages
464
Trophies
0
Age
42
XP
851
Country
United States
They (edit: the slides) are available now... I think he hacks the 3ds over the micro-sd card sharing feature..
I am impressed with his skills!
Where are the slides?

I already know about the ARM11 kernel to ARM9 escalation portion, because I independently discovered it. I found out that smea had beat me to it, and didn't interfere with him reporting it to Nintendo for the bug bounty (hence 11.8.0 update).

He has an primary exploit for getting ARM11 user mode, an exploit to break into ARM11 kernel, then the TWL_FIRM exploit to break into the ARM9.
 

Insane

Well-Known Member
Member
Joined
May 8, 2018
Messages
144
Trophies
0
XP
2,358
Country
Germany
Where are the slides?

I already know about the ARM11 kernel to ARM9 escalation portion, because I independently discovered it. I found out that smea had beat me to it, and didn't interfere with him reporting it to Nintendo for the bug bounty (hence 11.8.0 update).

He has an primary exploit for getting ARM11 user mode, an exploit to break into ARM11 kernel, then the TWL_FIRM exploit to break into the ARM9.

https://media.defcon.org/DEF CON 26/DEF CON 26 presentations/smea/
 
  • Like
Reactions: Myria

zoogie

playing around in the end of life
OP
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
14,998
Country
Micronesia, Federated States of
Where are the slides?

I already know about the ARM11 kernel to ARM9 escalation portion, because I independently discovered it. I found out that smea had beat me to it, and didn't interfere with him reporting it to Nintendo for the bug bounty (hence 11.8.0 update).

He has an primary exploit for getting ARM11 user mode, an exploit to break into ARM11 kernel, then the TWL_FIRM exploit to break into the ARM9.
I've known about this since Friday morning, lol. People were even talking about it on Discord. Its crazy that this was up even before 11.8 dropped (July 27). Oh well. So much for spoilers. Hopefully there will be some more surprises since smea has kept working on slides up until yesterday. (i'd like to know if there's a solution for old3ds user primary).
btw - congrats on the independent twl_firm a9 discovery!

Anyway, slides and videos (not the actual presentation) are up in the OP since the cat is out of the bag. Dig in, everybody.

edit: Talk is in progress! Will keep OP updated if any new info.
 
Last edited by zoogie,
  • Like
Reactions: lAkdaOpeKA

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • K3Nv2 @ K3Nv2:
    We just question @AncientBoi
  • ZeroT21 @ ZeroT21:
    it wasn't a question, it was fact
  • BigOnYa @ BigOnYa:
    He said he had 3 different doctors apt this week, so he prob there. Something about gerbal extraction, I don't know.
    +1
  • ZeroT21 @ ZeroT21:
    bored, guess i'll spread more democracy
  • LeoTCK @ LeoTCK:
    @K3Nv2 one more time you say such bs to @BakerMan and I'll smack you across the whole planet
  • K3Nv2 @ K3Nv2:
    Make sure you smack my booty daddy
    +1
  • LeoTCK @ LeoTCK:
    telling him that my partner is luke...does he look like someone with such big ne
    eds?
  • LeoTCK @ LeoTCK:
    do you really think I could stand living with someone like luke?
  • LeoTCK @ LeoTCK:
    I suppose luke has "special needs" but he's not my partner, did you just say that to piss me off again?
  • LeoTCK @ LeoTCK:
    besides I had bigger worries today
  • LeoTCK @ LeoTCK:
    but what do you know about that, you won't believe me anyways
  • K3Nv2 @ K3Nv2:
    @BigOnYa can answer that
  • BigOnYa @ BigOnYa:
    BigOnYa already left the chat
  • K3Nv2 @ K3Nv2:
    Biginya
  • BigOnYa @ BigOnYa:
    Auto correct got me, I'm on my tablet, i need to turn that shit off
  • K3Nv2 @ K3Nv2:
    With other tabs open you perv
  • BigOnYa @ BigOnYa:
    I'm actually in my shed, bout to cut 2-3 acres of grass, my back yard.
  • K3Nv2 @ K3Nv2:
    I use to have a guy for that thanks richard
  • BigOnYa @ BigOnYa:
    I use my tablet to stream to a bluetooth speaker when in shed. iHeartRadio, FlyNation
  • K3Nv2 @ K3Nv2:
    While the victims are being buried
  • K3Nv2 @ K3Nv2:
    Grave shovel
  • BigOnYa @ BigOnYa:
    Nuh those goto the edge of the property (maybe just on the other side of)
  • K3Nv2 @ K3Nv2:
    On the neighbors side
    +1
  • BigOnYa @ BigOnYa:
    Yup, by the weird smelly green bushy looking plants.
    BigOnYa @ BigOnYa: Yup, by the weird smelly green bushy looking plants.