Homebrew RAM editing glitch on any 3DS, might lead to an exploit?
- Thread starter Trinitro21
- Start date
- Views 49,058
- Replies 445
- Likes 34
Digital only in JPN and USA regions only.
Better act now if you want to get in on it. It could be pulled before a release. The vuln has already been demonstrated in code.
To summarize:
Smile basic let's you run arbitrary interpreted code in a sandbox. A glitch allows breaking out of the sandbox and directly editing ram. Doing this can allow for rop. Rop is the foundation for all userland exploits.
The game has a (very) nice service access list
> $hioFIO
> $hostio0
> $hostio1
> cfg:u
> fs:USER
> gsp::Gpu
> hid:USER
> ndm:u
> pxi:dev
> APT:A
> ac:u
> act:u
> am:app
> boss:U
> cam:u
> cecd:u
> dlp:FKCL
> dlp:SRVR
> dsp:: DSP
> frd:u
> http:C
> ir:USER
> ldr:ro
> mic:u
> news:u
> nfc:u
> nim:aoc
> nwm::UDS
> ptm:u
> qtm:u
> soc:U
> ssl:C
> y2r:u
> $hostio0
> $hostio1
> cfg:u
> fs:USER
> gsp::Gpu
> hid:USER
> ndm:u
> pxi:dev
> APT:A
> ac:u
> act:u
> am:app
> boss:U
> cam:u
> cecd:u
> dlp:FKCL
> dlp:SRVR
> dsp:: DSP
> frd:u
> http:C
> ir:USER
> ldr:ro
> mic:u
> news:u
> nfc:u
> nim:aoc
> nwm::UDS
> ptm:u
> qtm:u
> soc:U
> ssl:C
> y2r:u
Last edited by zoogie,
Yep. Those are some of the function names. I also linked an editor on the first page; if you want to use it, inject the file into your extdata.
Well I would but I'm already running my N3DS on Luma3DS with A9HL with latest system firmware so I don't need to, was just testing it out for me and the people lol
Arm9HaxLoader?
Excuse my language, but shit hell what have you done
I'm the guy who originally discovered that BGSCREEN can open RAM contents (though I didn't originally discover that the command was bugged, it goes further back than me). The bug was really fickle to work with so I never thought it would go anywhere and we decided to keep it a secret.
Until now, apparently.
The SMILEBASIC community is really small and indie, as is the software. I care about it very much, so I absolutely CANNOT risk that the software get pulled. We need to do some damage control, and fast. I don't know exactly WHAT is going on here, I just got here, so if someone could TLDR me that would be nice.
I'm the guy who originally discovered that BGSCREEN can open RAM contents (though I didn't originally discover that the command was bugged, it goes further back than me). The bug was really fickle to work with so I never thought it would go anywhere and we decided to keep it a secret.
Until now, apparently.
The SMILEBASIC community is really small and indie, as is the software. I care about it very much, so I absolutely CANNOT risk that the software get pulled. We need to do some damage control, and fast. I don't know exactly WHAT is going on here, I just got here, so if someone could TLDR me that would be nice.
Basically, the RAM Contents are being used to modify the RAM in such a way in order to get out of the full sandbox and into userland. The exploit fully works apparently too...
EDIT: Here's a summary:
Last edited by epicmartin7,
M-muh damage control!!
Never change, Alex.
Edit: Quick warning guys
He's successfully contacted and talked to Smileboom before so I'm sure he'll get something done about this. If you're gonna exploit this do it quickly.
Last edited by ArcPh1r3,
Sorry, it's a forgone conclusion at this time that hbl for smilebasic is going to be released.
There's already plenty of issues to get it pulled. (editing system RAM in game? wtf)
You honestly should have thought of this before releasing a RAM editor, lol.
I'm well aware of the how and why, I just want to know how tobgwt the exploit now tbh
It's too late to stop it so let's ride the train out bois
EDIT: the RAM editing was a bug, we just entirely avoided reporting it for this exact reason
--------------------- MERGED ---------------------------
The actual bug and tools have been floating around for months. Trin just couldn't help himself not to release it.
There also isn't a decent explanation of why the bug seems to trigger here either, which I've determined. On phone though so I really don't want to type
--------------------- MERGED ---------------------------
What I first saud when i came in here didn't go off how I wanted because I was in a rush
I don't want you to drop everything I want you to get this exploit done but as QUICKLY and QUIETLY as possible. If we dilly-dally it's too late. Get this done fam
It's too late to stop it so let's ride the train out bois
EDIT: the RAM editing was a bug, we just entirely avoided reporting it for this exact reason
--------------------- MERGED ---------------------------
The actual bug and tools have been floating around for months. Trin just couldn't help himself not to release it.
There also isn't a decent explanation of why the bug seems to trigger here either, which I've determined. On phone though so I really don't want to type
--------------------- MERGED ---------------------------
What I first saud when i came in here didn't go off how I wanted because I was in a rush
I don't want you to drop everything I want you to get this exploit done but as QUICKLY and QUIETLY as possible. If we dilly-dally it's too late. Get this done fam
Similar threads
- No one is chatting at the moment.
-
-
-
-
-
-
-
-
-
-
-
-
-
@
Psionic Roshambo:
If your not getting your pills from Psi's discount drugs who knows what your swallowing!+1 -
@
Psionic Roshambo:
Shawnita used to get her pills from some other street pharmacist and after switching to The Psi Discount plan she now only has to swallow two things a day!+1
-
-
-
-
-
-
-
-
-
-
-
