A question about exploits.

Discussion in '3DS - Homebrew Development and Emulators' started by GalladeGuy, Dec 16, 2015.

  1. GalladeGuy
    OP

    GalladeGuy Freeze Kirby :3

    Member
    2,589
    2,656
    Oct 28, 2015
    United States
    I just have some quick questions about Ninjhax, Ironhax, and OOThax.
    1. How do each of these exploits work?
    2. Are they related in anyway?
    3. Why are Ironhax and OOThax secondary exploits but Ninjhax isn't?
    4. Why did Ninjhax have kernel 9.2 and below but not after?
    Sorry if these questions are hard to answer.
     
  2. CeeDee

    CeeDee hm?~

    Member
    3,838
    5,434
    May 4, 2014
    United States
    somewhere
    1. By exploiting both things in the save data and in the game's code to obtain userland code execution.
    2. Somewhat - they all can get userland, which, say, homebrew loader runs on.
    3. There's no way to alter the save data to put the hax on the other two, but Ninjhax's ha can be added through QR code level scanning.
    4. Any userland from 9.2 or lower could potentially get access to kernel.
     
  3. MasterFeizz

    MasterFeizz GBAtemp Advanced Fan

    Member
    888
    833
    Oct 15, 2015
    United States
    1. Stack smashing, or buffer overflows
    2. No
    3. The only way to inject arbitrary code is through the save file
    4. The kernel has been patched

    http://smealum.net/?p=517
     
    GalladeGuy likes this.
  4. Ammako

    Ammako GBAtemp Guru

    Member
    6,424
    3,547
    Dec 22, 2009
    Canada
    Technically Ninjhax by itself doesn't have kernel access on <=9.2; there is a different privilege escalation exploit that is used to actually gain kernel access after we've run Ninjhax.
    Although I guess Ninjhax1 by itself might have, but on Ninjhax2 it doesn't.

    Also oot3dhax, ironhax and Ninjhax are all the same exploit, different entry points.
     
    Last edited by Ammako, Dec 16, 2015