A question about exploits.

Discussion in '3DS - Homebrew Development and Emulators' started by GalladeGuy, Dec 16, 2015.

  1. GalladeGuy

    GalladeGuy Freeze Kirby :3

    Oct 28, 2015
    United States
    I just have some quick questions about Ninjhax, Ironhax, and OOThax.
    1. How do each of these exploits work?
    2. Are they related in anyway?
    3. Why are Ironhax and OOThax secondary exploits but Ninjhax isn't?
    4. Why did Ninjhax have kernel 9.2 and below but not after?
    Sorry if these questions are hard to answer.
  2. CeeDee

    CeeDee Super Fox

    GBAtemp Patron
    CeeDee is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    May 4, 2014
    United States
    1. By exploiting both things in the save data and in the game's code to obtain userland code execution.
    2. Somewhat - they all can get userland, which, say, homebrew loader runs on.
    3. There's no way to alter the save data to put the hax on the other two, but Ninjhax's ha can be added through QR code level scanning.
    4. Any userland from 9.2 or lower could potentially get access to kernel.
  3. MasterFeizz

    MasterFeizz GBAtemp Advanced Fan

    Oct 15, 2015
    United States
    1. Stack smashing, or buffer overflows
    2. No
    3. The only way to inject arbitrary code is through the save file
    4. The kernel has been patched

    GalladeGuy likes this.
  4. Ammako

    Ammako GBAtemp Guru

    Dec 22, 2009
    Technically Ninjhax by itself doesn't have kernel access on <=9.2; there is a different privilege escalation exploit that is used to actually gain kernel access after we've run Ninjhax.
    Although I guess Ninjhax1 by itself might have, but on Ninjhax2 it doesn't.

    Also oot3dhax, ironhax and Ninjhax are all the same exploit, different entry points.
    Last edited by Ammako, Dec 16, 2015