Homebrew possible ARM11 kernel hack on 10.5

TheReturningVoid · Mar 9, 2016

I'm gonna do some of these pagedumps on an O3DS. Might be able to do them on a N3DS later. Will link to a MEGA folder with them all once I'm done

~Poke~ · Mar 9, 2016

Anyone know if this is more consistent than the older memchunkhax2? I'm planning to downgrade my sister's 9.9 O3DS, but I've been putting it off because I don't want to sit there rebooting for 2 hours like I did with my own 10.3 N3DS.

flagrama · Mar 9, 2016

Pacman` said:
I was bored so I flashed my N3DS A9LH-enabled 9.2 / 10.6 back to plain 9.2 (removed everything that was on my sysnand, including all the patches, AGB stuff and miniPasta enabled utilities).
Formatted my SD card and only had sysnand stuff (no emunand). Used an old Toshiba 4G for this test to simulate a clean 10.3.0 N3DS.

So, I updated my N3DS to 10.3.0-20U using a game (Fire Emblem Fates rom on Sky3DS). No. I didn't lose my sanity, I just wanted to see if sysupdater-10-4-382016250 could DG it back to 9.2.0-20U.
First shot, bam, it worked, no worries.

So sysupdater-10-4-382016250 works on 10.3, as well as 10.4 to 10.6.
Enjoy!

PS: I flashed my A9LH nand back, using Decrypt9 + HBL

Only on n3DS. Look at the first post in this thread and you can see that fairly clearly shows that.

gnmmarechal · Mar 9, 2016

tivu100 said:
False. I had to use browserhax to downgrade an O3DS with 10.2 since memchunkhax 2.0 freezed sysupdaters over 20 times with menuhax. I had humbled myself since. memchunkhax 2.0 is kinda wild so no certaint statement. Tried with all (logical thing) you can

most likely

TheReturningVoid · Mar 9, 2016

Anyone know of a way to get into emuNAND without patching firm with a9lh? I'm going to be downgrading my emuNAND to get to these firm versions, but it wouldn't make a difference if the firm is patched with another version.

zoogie · Mar 9, 2016

Do we have a legit cia installer for 10.4-10.6 yet?

If not, does anyone covet such a needless thing?

ihaveahax · Mar 9, 2016

zoogie said:
Do we have a legit cia installer for 10.4-10.6 yet?

If not, does anyone covet such a needless thing?

I tried a private version of NASA using ~~svc~~memchunkhax2.1 and was able to install a cia under *hax and 10.4 FIRM. granted I did it under cfw with arm9loaderhax but it should still work since it worked under *hax. so that will probably come out soon.

aliaspider · Mar 9, 2016

Syphurith said:
From FIRM page, you could get kernel version and system version.

Code:

MISSING 9.3.0 v18182 3F 2.48-3 MISSING 9.5.0 v19216 40 2.49-0 DONE 9.6.0 v20262 49 2.50-1 MISSING 10.0.0 v21288 4B 2.50-7 MISSING 10.2.0 v22313 4C 2.50-9 DONE 10.4.0 v23341 50 2.50-11

Since most CFWs uses certain NATIVE_FIRM package (9.2/9.6/10.4), I think you can not get these files except you port at least the sigpatch to other FIRM.
Eh.. Why this page dump doesn't come in HBL version, if this hax is runable from unmodified SysNAND?

the dumper isn't a hax, it needs to be run from cia to access protected memory.

on a side note, the modified sysupdater works on a n3DS but not the test app ? that's funny xD.
How is the boot rate ? does it exit correctly to the HBM ?

Bedel · Mar 9, 2016

aliaspider said:
the dumper isn't a hax, it needs to be run from cia to access protected memory.

on a side note, the modified sysupdater works on a n3DS but not the test app ? that's funny xD.
How is the boot rate ? does it exit correctly to the HBM ?

The boot rate is just awesome. I tried three times just to be sure about it's security, and every time in the first or the second try. You did a did great job with this exploit.

zoogie · Mar 9, 2016

aliaspider said:
the dumper isn't a hax, it needs to be run from cia to access protected memory.

on a side note, the modified sysupdater works on a n3DS but not the test app ? that's funny xD.
How is the boot rate ? does it exit correctly to the HBM ?

I use the demo from @Rinnegatamante's implementation of your exploit and it works fine. It can exit back to hbmenu and is very stable overall.
https://github.com/Rinnegatamante/libsvchax

aliaspider · Mar 9, 2016

well this is a tester using the very last commit, I didn't want to ask for another test until I tested it more here but it looks like it might have been the relevant one.

if this one doesn't work on n3DS 10.4 and up I would be really confused xD

ValouIka · Mar 9, 2016

Still don't works on my 10.6 Emunand :/

aliaspider · Mar 9, 2016

a9lh by any chance ? since that is where I had it tested too and it kept failing.

ValouIka · Mar 9, 2016

Yes i'm using a9lh

aliaspider · Mar 9, 2016

ah ok, I have a slight suspicion that the firmware hacks applied on boot might be interfering with the exploit.

Syphurith · Mar 9, 2016

aliaspider said:
the dumper isn't a hax, it needs to be run from cia to access protected memory.

OK. However most CFWs uses 9.2/9.6/10.4 FIRMs currently.
You may need to find one using CakeFW and let him apply sigpatch only, different NATIVE_FIRM.
Or simply say firmlaunch to other versions of FIRM.
Well. The ones that downgrades can all update the SysNAND to 10.6 since 10.4 FIRM is tested already isn't it.

TheReturningVoid · Mar 9, 2016

aliaspider said:
ah ok, I have a slight suspicion that the firmware hacks applied on boot might be interfering with the exploit.

That explains why the tester didn't work at all on 10.6 sysNAND

Trying to get some of those pagedumps btw, but I need to have those other firms going first. Got any ideas for an a9lh user?

aliaspider · Mar 9, 2016

Syphurith said:
OK. However most CFWs uses 9.2/9.6/10.4 FIRMs currently.
You may need to find one using CakeFW and let him apply sigpatch only, different NATIVE_FIRM.
Or simply say firmlaunch to other versions of FIRM.
Well. The ones that downgrades can all update the SysNAND to 10.6 since 10.4 FIRM is tested already isn't it.

it is still better if it worked correctly on all firm versions. and the update window to 10.6 will be closing soon

also it might already work on those firmwares where the dumps are still missing.

JjStAr992_Gaming said:
That explains why the tester didn't work at all on 10.6 sysNAND Trying to get some of those pagedumps btw, but I need to have those other firms going first. Got any ideas for an a9lh user?

no idea, I'll see if I can get more of those missing dumps on o3DS at least.

ThunderDemon3DS · Mar 9, 2016

Hey so just a quick questions, how can you put CIA files on a N3DSXL on 9.2. Gonna get my Hyrule or Red N3DSXL soon and also how do I downgrade a Hyrule n3DSXL or a Red N3DSXL. Need help as I am set to downgrade properly 10.6

TheReturningVoid · Mar 9, 2016

aliaspider said:
it is still better if it worked correctly on all firm versions. and the update window to 10.6 will be closing soon
also it might already work on those firmwares where the dumps are still missing.

no idea, I'll see if I can get more of those missing dumps on o3DS at least.

Looks like it can be done with Cakes, and I'm pretty sure that's a9lh-compat right now. Time to get dumping, I guess

Homebrew possible ARM11 kernel hack on 10.5

0xAAAAAAAA

Well-Known Member

Active Member

Well-Known Member

0xAAAAAAAA

playing around in the end of life

Well-Known Member

Well-Known Member

The key of the blade

playing around in the end of life

Well-Known Member

Attachments

~de geso!

Well-Known Member

~de geso!

Well-Known Member

Beginner

0xAAAAAAAA

Well-Known Member

Well-Known Member

0xAAAAAAAA

Popular threads in this forum