Homebrew [Beta] Spider DS Profile RopLoader (4.x only)

[Faydodo]

Hi, I'm using palentine because giovanify's gives me an error when i launch the ds exploit, and I've been trying for hours to install devmenu but all it does when I run the .bat is failed to connect to crc client
It seems the CFW freezes soon after too
I've seen many having the same problem but is really just keep trying the solution??

Thanks

 

[leerpsp]

Alrighty here's another question, I installed DevMenu, opened it up and all that jazz, but when I went to open it up (haven't installed emuNAND, after replacing the title and import and cfw files) and it's gone! Is there anyway to make it stay there permanently or be able to load it from when you start up the 3DS?

1st of all you need to install the REDNAND (there is no way you can boot in too the cfw with out that installed at lest thats what happend when i tested that). and after you are in CFW you install DevMenu then after you turn off your 3DS you will have to reload back intoo the CFW every time by holding L going to the DS profile there is no way at this time and its not safe to install it permanently on System nand. Ya it sucks having to reload back intoo it but its worth it tho.

 

[leerpsp]

Hi, I'm using palentine because giovanify's gives me an error when i launch the ds exploit, and I've been trying for hours to install devmenu but all it does when I run the .bat is failed to connect to crc client
It seems the CFW freezes soon after too
I've seen many having the same problem but is really just keep trying the solution??

Thanks

Then you have done something wrong redo it going by what i posted https://gbatemp.net/threads/beta-spider-ds-profile-roploader-4-x-only.380725/page-4#post-5324110 Like I have told others even tho you did it redo it to a T on what is listed.

 

[AtlanticBit]

Yep I hold L out of habit as well lol.

Well, that's bad. If you're on a hotspot someone may try to install some CIA using ur ip

 

[Cyan]

on the bottom of the internet settings the version is 1.7455
i tired clearing cookies and history without success

i need to find the offsets for 3ds 2.1-3.0

You said your version is 1.7455, it correspond to System menu 4.x so the exploit from the first page's link should work.

I don't know if you can use gateway ROP and edit the filename to load from SD, but you can find all the ROP for all browser version on the wiki :
http://wiki.gbatemp.net/wiki/Spider_exploit
You will have to edit the encrypted string to edit the filename to load.

Maybe it won't work if it require a specific ROP to launch code.bin

 

[madri1]

according to here :
http://3dbrew.org/wiki/Internet_Browser
1.7455 is from 2.1-3.0
I was on 3.0 when i upgraded with a game on 4.5 which means the browser is of version 3.0

when I download the payloads on your link, i see that the 1.7455 payload corrspond to 2.1

 

[Cyan]

ah, you are right.
I inverted the user agent version on wikitemp's spider exploit page. I'll fix it.
thanks

So I'm probably in the same case, I updated my console with a 4.5 game.
That's why Ninjhax doesn't work for me.

 

[madri1]

peekatyou can you adapt the index.html for 2.1-3.X browser ?

 

[DarkFlare69]

since MT_INSTALLER.nds is a form of DS rom, would it be possible to run DS Rom's from the run browser? Or install them at the DS Profile exploit?

 

[gamesquest1]

since MT_INSTALLER.nds is a form of DS rom, would it be possible to run DS Rom's from the run browser? Or install them at the DS Profile exploit?

This isn't running the NDS file, I'm assuming this just writes the DS profile exploit to NVRAM from 3ds mode, it's was just that back in the day (yeah we have one of those for the 3ds now) the only way to write to NVRAM was via DS mode, but now that there is an exploit that can run in 3ds mode that doesn't require the DS profile exploit to run it, you can use exploit B to install the ds profile hack which is used to run exploit A

 

[Apache Thunder]

This isn't running the NDS file, I'm assuming this just writes the DS profile exploit to NVRAM from 3ds mode, it's was just that back in the day (yeah we have one of those for the 3ds now) the only way to write to NVRAM was via DS mode, but now that there is an exploit that can run in 3ds mode that doesn't require the DS profile exploit to run it, you can use exploit B to install the ds profile hack which is used to run exploit A

Perhaps someone will figure out how to trigger the web browser exploit using MSETT. (sorta the other way around compared to using web browser to install MSETT ROP code) The spider hax triggers an Arm9 exploit via Arm11 kernel exploit. Perhaps one could take the web browser out of the equation and get the MSETT exploit to become the new entry point for that. If that is successful you could use the MSETT exploit on 6.x sysnand! The DS Profile entry point wasn't patched till 7.x and the 6.x firmware uses the new save encryption, so there could be a benefit of using that on 6.x.

 

[gamesquest1]

Perhaps someone will figure out how to trigger the web browser exploit using MSETT. (sorta the other way around compared to using web browser to install MSETT ROP code) The spider hax triggers an Arm9 exploit via Arm11 kernel exploit. Perhaps one could take the web browser out of the equation and get the MSETT exploit to become the new entry point for that. If that is successful you could use the MSETT exploit on 6.x sysnand! The DS Profile entry point wasn't patched till 7.x and the 6.x firmware uses the new save encryption, so there could be a benefit of using that on 6.x.

Yeah, I was wondering why gateway didn't go down that route, then only provide 6.x downgrade packs, thus cutting off Mt/cfw users from using their downgrader for anything other than gateway, plus then they would've had a viable offline option for all current users as the 2ds can also be downgraded to 6.x

 

[yifan_lu]

Perhaps someone will figure out how to trigger the web browser exploit using MSETT. (sorta the other way around compared to using web browser to install MSETT ROP code) The spider hax triggers an Arm9 exploit via Arm11 kernel exploit. Perhaps one could take the web browser out of the equation and get the MSETT exploit to become the new entry point for that. If that is successful you could use the MSETT exploit on 6.x sysnand! The DS Profile entry point wasn't patched till 7.x and the 6.x firmware uses the new save encryption, so there could be a benefit of using that on 6.x.

Really no point. The only way to do that is to overwrite spider memory through gspwn (aka same thing ninjhax is doing). At that point, you might as well just overwrite spider code like ninjhax.

 

[Apache Thunder]

Yeah, but doing through MSETT would mean not having to go to the web browser every time and have to connect to the internet/server hosting the html file.

 

[KazoWAR]

peekatyou

What is the location of GX_SetTextureCopy, GSPGPU_FlushDataCache, and svcSleepThread in 4.X

 

[DarkFlare69]

Updated my tutorial with FIXED CFW downloads. (i.e old ones froze)

 

[WeedZ]

Updated my tutorial with FIXED CFW downloads. (i.e old ones froze)

Good deal. My issue was also the same cfw problem. i also found that if you corrupt the emuNand all you have to do is go back and reformat with the gateway utilities and start from there. i also learned that some members here are dicks for no reason, whether they now how to help or not. not you, and i wont mention names, leerpsp, but you know who you are.

 

[belforrrr]

Updated my tutorial with FIXED CFW downloads. (i.e old ones froze)

Still freezes trying to launch MT Launcher at step 10a crashes to Home screen and a prompt appears saying that the system will be rebooted. Did everything exactly as told in your guide, no luck.

 

[WeedZ]

Still freezes trying to launch MT Launcher at step 10a crashes to Home screen and a prompt appears saying that the system will be rebooted. Did everything exactly as told in your guide, no luck.

may be a stupid question. but are you at 4.5 or less?

 

[leerpsp]

Good deal. My issue was also the same cfw problem. i also found that if you corrupt the emuNand all you have to do is go back and reformat with the gateway utilities and start from there. i also learned that some members here are dicks for no reason, whether they now how to help or not. not you, and i wont mention names, leerpsp, but you know who you are.

Sorry it was not my intention to come off as a dick I was thinking I was being funny at the time when I was trying to help you. >Sorry<.