Alternate methods of installing exploits

Discussion in '3DS - Flashcards & Custom Firmwares' started by loco365, Apr 2, 2014.

  1. loco365
    OP

    loco365 GBAtemp Guru

    Member
    5,458
    2,674
    Sep 1, 2010
    I'm not posing this as a question thread, but more of a discussion thread. All the known 3DS exploits so far have to be installed using a DS-Mode flashcart of some form, although the limitation is that it has to be able to run on the given firmware, knocking a lot of flashcards (Like the Acekard 2i) out of contention.

    I thought of this purely as a conceptual idea, and I wouldn't know if it'd actually work or not. DS Download Play allows DS code to run, although it has to be signed in some form. It can even run arbitrary code (See: DSBricker) and effectively wipe the DS portion of a system. Do you think it'd be possible to modify a DS Download Play .SRL file for a game (Insert the installer for the profile exploit), and allow it to run on a 3DS in DS Download Play mode (Being sent by a DS that can run a flashcard), so it can install a profile exploit and allow people to explore the emerging world of 3DS homebrew without having to buy a new flashcard?

    Or do you think there could be yet another way to install said exploits?
     
    Celice likes this.
  2. lambstone

    lambstone No. Nyet. 不. Non. Nein.

    Banned
    615
    167
    Aug 14, 2011
    This is a rather novel idea.

    Have you tested download play from a DS to 3DS yet? Perhaps using a rom on a DS flash cart?

    AFAIK, NDS roms are easier to be hacked so this might offer a solution to rerun the rop chain loader without the need of a DS flash cart.
     
  3. loco365
    OP

    loco365 GBAtemp Guru

    Member
    5,458
    2,674
    Sep 1, 2010
    It does work, although if I try editing binaries, it won't run at all. It just freezes when the Nintendo logo fades out. I also don't have an exploitable 3DS (Mine is on the latest firmware, to which I regret this), although I plan to keep it here as exploits are starting to move up the firmware list with 6.3 recently becoming exploitable.
     
  4. redkeyboard

    redkeyboard GBAtemp Advanced Fan

    Member
    627
    154
    Jan 8, 2013
    United States
    If you want an easy solution, just buy a $5 flash cart. Eachmall has a ton that work with 7.1
     
  5. loco365
    OP

    loco365 GBAtemp Guru

    Member
    5,458
    2,674
    Sep 1, 2010
    I already have one, and 4 other DS systems it'll work on. I'm not asking for an easy out on this, I'm posing this as an idea for everyone else that doesn't want to have to get yet another flashcard if they don't have to.
     
  6. lambstone

    lambstone No. Nyet. 不. Non. Nein.

    Banned
    615
    167
    Aug 14, 2011
    So download play from an unadulterated rom works.

    However, if you modify a rom what happens? The download play function does not work? Or do you mean the modified rom itself does not load.
     
  7. mznova

    mznova GBAtemp Regular

    Member
    175
    35
    Apr 3, 2007
    United States
    The way I understand it, the issue is not running code in ds mode. The issue is to somehow get it to run in 3ds mode so you can play 3ds games. Right now, the only way to touch 3ds mode from ds mode has been to change the name of the ds profile from within ds mode which causes an error in 3ds mode. There are not many variables that are shared across ds and 3ds mode as far as I know.
     
  8. loco365
    OP

    loco365 GBAtemp Guru

    Member
    5,458
    2,674
    Sep 1, 2010
    It just doesn't load. I'm not exactly sure why, but I'd like to see how to get it functioning so that not only could a ROP chain installer work, but homebrew could also be sent over.

    Which is why one could utilise DS Download Play, since you could send a modified binary, and not have to use a flashcard on it. It'd just write the changes in DS Mode, then exit back to 3DS Mode.
     
  9. loco365
    OP

    loco365 GBAtemp Guru

    Member
    5,458
    2,674
    Sep 1, 2010
    -disregard-
     
  10. Falo

    Falo GBAtemp Regular

    Member
    253
    199
    Jul 22, 2012
    Gambia, The
    The problem here is, you need to understand what the exploit actually does.
    To enable Homebrew you always need 2 exploits, a usermode and a kernel mode.

    The DS MSET exploit is fixed in 7.x+, even if you could run DS mode code in some way, you can't re-enable this exploit.

    You need to use a new usermode exploit on 7.x+ and so far there are only savegame exploits
    (where you need to get a save dongle + retail version of the game) and this limits the userbase,
    that's why the 6.3 exploit is not public (it would limit it's userbase again to only flashcard users & FW 1.0 - 6.3).
     
  11. Snailface

    Snailface My frothing demand for 3ds homebrew is increasing

    Member
    4,324
    1,983
    Sep 20, 2010
    Engine Room with Cyan, watching him learn.
    There's bangai-o sploit. It's unreleased but theoretically out there for the taking.
     
  12. dubbz82

    dubbz82 GBAtemp Advanced Maniac

    Member
    1,500
    812
    Feb 2, 2014
    United States
    I'd be interested in this as well, because this would be of use for anyone that falls in between 4.xx and 6.3, even if not completely up to date. bangai-o sploit could be useful too, but still is a specific hardware requirement...if this could be done without hardware (the idea proposed originally seems rather interesting...) it would open it up to a broader audience...i.e. people that don't want to sink money into a flash cart only to get into homebrew -- this would be an interesting thing to look into for not just the exploit, but potentially other ds homebrew as well (or maybe even ds roms, if that's your thing...although there might be other potential barriers with commercial games -- not sure if there's any built in filesize limitations or anything of that nature).
     
  13. loco365
    OP

    loco365 GBAtemp Guru

    Member
    5,458
    2,674
    Sep 1, 2010
    It couldn't be utilised for piracy, as the entire romfs is stored in the NDS memory, and the NDS only has 4MB. Retail games start at 8MB, so they'd never fit.
     
    dubbz82 likes this.
  14. dubbz82

    dubbz82 GBAtemp Advanced Maniac

    Member
    1,500
    812
    Feb 2, 2014
    United States
    so still viable for homebrew anyways (provided it doesn't exceed the 4mb)
     
  15. loco365
    OP

    loco365 GBAtemp Guru

    Member
    5,458
    2,674
    Sep 1, 2010
    If the encryption can be cracked (Although it apparently has). Simply renaming a NDS homebrew game to an SRL file, inserting it into a rom with the proper name, and sending it over won't do anything. It will fail authenticity checks and crash upon code execution.