If it would be that easy, we would most likely already have something for 7.X. Some peoples should really look into how the ARM architecture works and learn ARM ASM.
And again, such things should not be posted public.
But this is most likely useless anyway. It crashes because of a unsupported video/audio stream, i think.
And again, such things should not be posted public.
But this is most likely useless anyway. It crashes because of a unsupported video/audio stream, i think.
it's not like there's a lot of possibility for exploit...
So if a certain type of video isn't supported, it's logic to crash the console? ahah
That would be the only possible way load an exploit past 4.5 that we know of. I will look into the ROP chain and how the .mp4 or .3gp files are read and executed, when I have time. But without a ram setup this will most likely turn into a pointless guessing game.
Edit: I found out that the only way I can test the vulnerability, as I don't have the equipment. Is to create a .txt file with code in it and rename it to .mp4 or .3gp and test. not expecting much though.
D
Deleted User
Guest
It's probably been mentioned, but depending on your vulns, sandboxing still plays a part. at least in most applications. To make any real system changes you'll end up needing a kernel exploit to get most of anything done.
No idea if the 3DS operates in the same manner, but you would need some sort of privelege escalation. As far as I know, GW achieved this through a kernel exploit. To exploit from an app would require that a payload rewrite memory for an ROP chain, escape said sandbox, patch the kernel before anything could be done. All assuming that 3DS hasn't had any ASLR written for it (I don't believe it does, but who knows if future FW would)
No idea if the 3DS operates in the same manner, but you would need some sort of privelege escalation. As far as I know, GW achieved this through a kernel exploit. To exploit from an app would require that a payload rewrite memory for an ROP chain, escape said sandbox, patch the kernel before anything could be done. All assuming that 3DS hasn't had any ASLR written for it (I don't believe it does, but who knows if future FW would)
The situation is that the only hope for this glitch to work is if someone with a ram dump setup comes across this thread and can do a rop chain through a mp4 file. Right now it's a dead end until that happens.
Well from what i know there is some kind of protection to not load code/data from crashes like this one... And the ROP chains was fixed... (?)If an exploit was to be found it should try a different approach...(?)
Making a rop chain is probably the worst part of this and before making one, someone need to take a look at this crash to see if it's usuable or not.
Edit: rop chain can't be used anymore??? Srsly ? How can they patch this type of code...
Edit: rop chain can't be used anymore??? Srsly ? How can they patch this type of code...
You could be right. The story I heard was that ROP chain still existed, the exploit that allowed them to execute the chain was patched.
Edit: Rop chains is what allowed, Yellows8? to bypass the sandbox.
I don't think they can, pretty sure it's a problem with the ARM architecture.
The point of the rop chain attack is to reuse existing code or function to do what you want. Since we don't have the right to load our code.. we can always do pointer after pointer to create what we want. This implies you know everything about the 3ds system and the address of the function you want.
Well, it even needs someone to analyse the crash... Not the ram.. is there any tool allowing this avalaible?
my knowledge is not the best when it comes to assembly language, but the ram dump will give you enough information to see what happened during the crash and get an idea of what code is needed to manipulate the crash.
- Joined
- Aug 7, 2013
- Messages
- 861
- Trophies
- 0
- Location
- Flying a blue hedgehog around
- Website
- www.reddit.com
- XP
- 212
- Country
THIS IS FUCKING STUPID. WHY THE FUCK WOULD A YOUTUBE CRASH LEAD TO A FUCKING EXPLOIT? PEOPLE THOUGHT THAT BEFORE. IT'S NOT GOING TO FUCKING WORK.
- Joined
- Aug 7, 2013
- Messages
- 861
- Trophies
- 0
- Location
- Flying a blue hedgehog around
- Website
- www.reddit.com
- XP
- 212
- Country
- No one is chatting at the moment.
-
-
-
-
-
@
CameronCataclysm:
Why no blog posts about Nitendont going after Garry's Mod repos that have been up for a decade or 2? -
-
-
@
Xdqwerty:
Is it safe to update a modded ps3?
Can I play online in pirated games? (with ps3hen either enabled or not) -
-
-
-
-
-
@
Xdqwerty:
@salazarcosplay, I used apollo save tool to activate my ps3 offline so i could play a game that wasnt working
-
S @ salazarcosplay:from what I understood. you load up the piratged game. you the clear the syscalls, then you play
-
-
-
-
-
-
-
-
-
-
