Hacking Any ideas on installing CIAs using ARM9 + ARM11 exploits?

[AtlanticBit]

Title self explanatory(i guess Post your ideas here. I'd rather for emuNAND than sysNand but anything will do.

 

[ken28]

DS Profile exploit on 6.x and memchunkhax? (ds profile exploit was fixed in 7.0, but you only need 6.x for the new encryption)

but you can install cia on 6.x without gateway, or can yo?

 

[MemoryController]

Patch service access control with ARM11 access and use ns service, no?

 

[mathieulh]

You need a process9 exploit to remove the signature checks.

 

[cearp]

You need a process9 exploit to remove the signature checks.

so we could still install cias that are signed correctly? cool

 

[mathieulh]

so we could still install cias that are signed correctly? cool

Hum... I would guess so, assuming you do have a .cia file signed for retail systems that doesn't need any specific tmd to run (does that even exist ?)

 

[MemoryController]

The system CIAs come to mind. Surely they are meant to be installed on every 3ds without activation, right?

 

[mathieulh]

The system CIAs come to mind. Surely they are meant to be installed on every 3ds without activation, right?

Oh! I forgot about these. Keep in mind though that a version check is enforced upon installation (if the version is lower than the current installed version, the content will not install) and has to be patched.
(that's if you had any hope of downgrading that is)

 

[cearp]

Hum... I would guess so, assuming you do have a .cia file signed for retail systems that doesn't need any specific tmd to run (does that even exist ?)

bundled apps/games work on any 3ds without 'patches' system ones too, sure
specific tmd to run? well, you need a tmd to build the cia/the cia contains a tmd... right?

Keep in mind though that a version check is enforced upon installation

do you know what the version is checked again? i assume the tmd for the title, as the ticket doesn't always have the correct version.

 

[MemoryController]

No but for upgrading say from 4.x<VER<9.2.0 to 9.2.0 this would come in handy.

 

[sanni]

About that DS profile exploit on 6.x, it sounds like I maybe should not update my 6.2.0 2DS?
Because I would prefer launching homebrew via profile exploit instead of the browser exploit or ninjahax.

 

[mathieulh]

bundled apps/games work on any 3ds without 'patches' system ones too, sure
specific tmd to run? well, you need a tmd to build the cia/the cia contains a tmd... right?



do you know what the version is checked again? i assume the tmd for the title, as the ticket doesn't always have the correct version.

Yes, the version is checked against the one from the tmd (the .cia contains the tmd as you just mentioned)

 

[cearp]

Yes, the version is checked against the one from the tmd (the .cia contains the tmd as you just mentioned)

does an app still work if we delete the tmd? (easy to test) - or, what if we delete the tmd/delete and copy a low version tmd back, then we can update to whatever version of the app we want right?
i could do this easy with a launcher.dat, although i can't think of many reason it could be useful.

 

[mathieulh]

does an app still work if we delete the tmd? (easy to test) - or, what if we delete the tmd/delete and copy a low version tmd back, then we can update to whatever version of the app we want right?
i could do this easy with a launcher.dat, although i can't think of many reason it could be useful.

I don't think it would, but to be honest I've never tested this scenario so I can't tell for sure.