Any hope for GW3DS on 5.1.0-11U?

Discussion in '3DS - Flashcards & Custom Firmwares' started by can622, Aug 26, 2013.

  1. can622
    OP

    can622 Newbie

    Newcomer
    3
    0
    Aug 26, 2013
    United States
    Hi, I know it's explicitly stated that GW3DS will only work on 4.5 or lower but I heard the rom on the red card that's required before using will work on 3DS up to 5.5. Does that mean that there's still hope for the card being patched to work on up to 5.5 or is that out of the question? I know that talking about possible scenarios might seem like a waste of time but I'm just trying to understand how likely it is, because obviously it would be more likely for it to eventually be patched to work on that than on the newest firmware. Also how do updates work on the gateway blue card? Is it like old school NDS flash carts where you load it on then use a DS it still works on to patch the firmware of the card? Or is it even possible to update the blue card? Thanks in advance
     


  2. GorTesK

    GorTesK Mad Hatter

    Member
    1,101
    501
    Jan 29, 2013
    Gambia, The
    Down The Rabbit Hole
    the gateway installer works up to 6.x but the exploit needed to run roms got fixed after 4.5
    it's only possible to run 5.1 games on 4.5 with gateway, because they simply bypass the fw check.
    in order to make gateway usable on systems higher then 4.5 they need to find a new exploit
    if or when this will be accomplished is impossible to predict
     
  3. siloko

    siloko Newbie

    Newcomer
    1
    0
    Jun 15, 2011
    Brazil
    http://imgur.com/NGLrSCd

    That's what they said to me a few days ago:

    We do not know when our software for firwmare 5.x anf 6.x will be ready.
    It requires some work that can't be counted in hours of engineering, because
    programming is not like that. It can by anywhere from 1 week to 3 months.

    mailto:sales@gateway-3ds.com
     
  4. GorTesK

    GorTesK Mad Hatter

    Member
    1,101
    501
    Jan 29, 2013
    Gambia, The
    Down The Rabbit Hole
    well, at least they are giving us some numbers. better then nothing
     
  5. ßleck

    ßleck Console Peasant

    Member
    360
    388
    Jun 4, 2013
    Netherlands
    I don't know. Help.
    WTF!?! They send the EXACT same mail to me. Does this mean I'm not special?
     
  6. Yamagushi

    Yamagushi GBAtemp Regular

    Member
    276
    115
    May 2, 2013
    United States
    "can't be counted in hours of engineering" ... "It can by anywhere from 1 week to 3 months."
     
  7. Chaldron

    Chaldron GBATemp's Official Attorney

    Member
    434
    238
    Mar 29, 2013
    United States
    `Murica

    Or more.
     
  8. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,459
    4,773
    Mar 17, 2010
    Norway
    Alola
    They seem pretty sure they can accomplish it but they have to find a new exploit and for all we know there may not be one that still works on newer firmwares. That's unlikely as there are always bugs in coding, but finding it may just not be feasible, and could take years.
    That said, like I said they seem so sure of themselves, so they must have a great team of hackers up their sleeve. Let's see what they can accomplish.
    I'm hopeful myself, but I know there's no way to really know how long it will take and I know these things are very difficult, so difficult it may never be accomplished.
     
  9. TheDreamLord

    TheDreamLord GBAtemp Advanced Fan

    Member
    926
    103
    Jun 8, 2011
    Ireland
    Please correct me if I have any of this information wrong.

    It's not really finding a new exploit as such.

    As I understand it, the exact same exploit has been there all the way up to 6.2 (As in patched in 6.2) and therefore it is possible theoretically.

    Here is the problem :

    The ROP chains appear to be firmware specific, meaning that they have to figure out a way to go from the mset hack to kernel level access in later firmware versions.

    I personally have faith in them on this one.
     
  10. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,529
    21,457
    Sep 13, 2009
    Poland
    Gaming Grotto
    As far as I know, the same approach will not work again, even if they figure that out.

    The way the previous exploit worked was that the Installer wrote over DS profile data which is divided into two sections - the original and the backup profiles. If corruption was detected in the first profile, the system automatically overwrote it with data stored in the second profile.

    By writing code and misc. junk (as to push the code out-of-bounds and into the section of memory where binaries are stored later on) into the second profile and then filling the first profile with corrupt data, one could fool the 3DS into writing the code stored in the second profile into the first profile, treating it as valid by proxy and effectively pushing the code into memory where it could be executed.

    Oddly enough, the same thing cannot be done on the DSi although the same DS profile system exists there, which leads me to believe that this security hole has been patched over and will no longer be accessible, but here's for hoping.
     
  11. Arnold0

    Arnold0 GBAtemp Fan

    Member
    384
    114
    Oct 1, 2011
    France
    Vire, France
    What have been fixed in 6.2 ? I tried running the gatway mode installer on my 3DS even if I don't have gateway (my 3DS is on 6.2). And it froze at DS profile screen before trowing an error, and it do that all the time until I enter a DS game. So I think the way to crash the 3DS is still in 6.2 but they need to change the way to get kernel acces or I'm totally wrong ?
     
  12. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,529
    21,457
    Sep 13, 2009
    Poland
    Gaming Grotto
    Depends on how the crash is handled, aka, if you can push the ROP chain out-of-bounds and into executable memory or not and whether you can execute it from there. If there is an exception in place that prevents you from doing that or if the second profile is now verified in the same way as the first profile is then the error simply means that gibberish was detected in the DS settings of the system.

    Like I said, the loophole was that the second profile was assumed to be always valid. This is because of the way data was normally written to it - if you change your nick or favourite colour, it saves to the first profile and if it's valid, it backs up to the second. The Gateway installed their exploit directly into the second profile, aka the backup - the 3DS just assumed it was correct although it was in fact hidden code and padding.

    The moment corruption was detected in the first profile, second profile was used to "correct it" and "bang!" - the padding filled up profile data while the code at the end of it was pushed beyond the bounds and into executable memory within 3DS Mode.
     
  13. digipokemaster

    digipokemaster Innocent Uke

    Member
    1,610
    122
    Aug 20, 2009
    United States
    USA
    I believe they can do and hopefully we can hear about a update to play gw3ds on 6.2+. I sent for gw3ds thank goodness I have a dslite to play it while I wait.
     
  14. dmdsoftware

    dmdsoftware Member

    Newcomer
    21
    3
    Jan 7, 2006
    The issue is NOT that the vulnerability was patched, but the fact the memory addresses in use on 5.1+ are different, and they need to determine how much padding they need to align their injected code into the proper memory address that will be blindly executed by the 3DS. Gateway pretty much confirmed that the vulnerability hadn't been patched by Nintendo in all firmwares that were currently released (up until 6.2). Unfortunately, it is a needle in a haystack trying to find the proper memory address that needs to be rewritten to
     
    cearp likes this.
  15. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,529
    21,457
    Sep 13, 2009
    Poland
    Gaming Grotto
    That's fantastic news, thank you for clarifying that, I was convinced the vulnerability was patched.
     
  16. Jockel

    Jockel Tagging yourself? This shit ain't NeoGAF.

    Member
    355
    75
    Apr 14, 2008
    Gambia, The
    Germany
    Well fuck me, I just bought a new White 3DS XL off amazon and got the 2013 model.
    Tried to persuade customer support to give me a 2012 one, they wouldn't do it because it's the same product in their system.
    Wasted my money, unless GW3DS finds a solution :/
     
  17. DragonSky

    DragonSky GBAtemp Advanced Fan

    Member
    740
    71
    Oct 27, 2010
    Belgium
    I lost my hope day by day with the new spoof.
    I'm considiring to buy the Fire Emblem edition.
     
  18. winslow549

    winslow549 Newbie

    Newcomer
    7
    3
    Aug 27, 2013
    Gambia, The
    Look first into the package and start the 3ds then you can see the version.
    I have bought a 2013 black 3DS XL and it was on 4.5! :)
     
    cearp likes this.
  19. cearp

    cearp the ticket master

    Member
    7,406
    4,658
    May 26, 2008
    Tuvalu
    well if they did it for 4.5 i guess they can do it for the rest right? (eventually)

    ooh i thought i read the black xl was above 4.5, at least the non japanese ones., and a 2013 one at that! you must be lucky!
     
  20. winslow549

    winslow549 Newbie

    Newcomer
    7
    3
    Aug 27, 2013
    Gambia, The
    How long take registred HongKong post airmail to Germany?