Can someone help me with this?

Discussion in '3DS - Flashcards & Custom Firmwares' started by olec04, Jul 23, 2016.

  1. olec04
    OP

    olec04 Working on Project Heaven!

    Banned
    851
    142
    Apr 10, 2015
    United States
    Trying to downgrade on 11.0 via AM services
    I need to find a way to get into arm9 ram anyone know something?
     
  2. cearp

    cearp the ticket master

    Member
    7,552
    4,815
    May 26, 2008
    Tuvalu
    next time add more info in your title, so we don't have to enter your thread.
     
    Bubsy Bobcat likes this.
  3. olec04
    OP

    olec04 Working on Project Heaven!

    Banned
    851
    142
    Apr 10, 2015
    United States
    Trying to downgrade on 11.0 via AM services
    Ok lord cearp
     
  4. warmijwilfaain

    warmijwilfaain War Mage MILF

    Member
    1,297
    43
    Sep 30, 2007
    Kent. lolol
    Why do you need to?
     
    Bubsy Bobcat likes this.
  5. olec04
    OP

    olec04 Working on Project Heaven!

    Banned
    851
    142
    Apr 10, 2015
    United States
    Trying to downgrade on 11.0 via AM services
    Possible exploit for 11.0
     
  6. Boogieboo6

    Boogieboo6 @realDonaldTrump

    Member
    960
    1,315
    Jul 30, 2015
    United States
    My feels
    Feels
     
  7. olec04
    OP

    olec04 Working on Project Heaven!

    Banned
    851
    142
    Apr 10, 2015
    United States
    Trying to downgrade on 11.0 via AM services
    ?

    — Posts automatically merged - Please don't double post! —

    I just want to know?

    — Posts automatically merged - Please don't double post! —

    Ignored :(
     
  8. Swiftloke

    Swiftloke Hwaaaa!

    Member
    1,770
    1,525
    Jan 26, 2015
    United States
    Nowhere
    Oh? Do tell. What is the vulnerability you found? I would think getting into arm9 RAM would already make an exploit.
     
  9. olec04
    OP

    olec04 Working on Project Heaven!

    Banned
    851
    142
    Apr 10, 2015
    United States
    Trying to downgrade on 11.0 via AM services
    Its on 3dbrew system flaws wait I'll go find it (it says code execution
     
  10. Swiftloke

    Swiftloke Hwaaaa!

    Member
    1,770
    1,525
    Jan 26, 2015
    United States
    Nowhere
    Well, if it's publicly documented, don't you think someone would've taken advantage of it if possible already? -_-
     
    olec04 and Bubsy Bobcat like this.
  11. olec04
    OP

    olec04 Working on Project Heaven!

    Banned
    851
    142
    Apr 10, 2015
    United States
    Trying to downgrade on 11.0 via AM services
    "it's unknown if anyone actually exploited this successfully at the time of writing"
    ARM9's and ARM11's exception vectors are hardcoded to point at the CPU's internal memory (0x08000000 region for ARM9, AXIWRAM for ARM11). While the bootrom does set them up to point to an endless loop at some point during boot, it does not do so immediately. As such, a carefully-timed fault injection (via hardware) to trigger an exception (such as an invalid instruction) will cause execution to fall into ARM9 RAM.

    Since RAM isn't cleared on boot (see below), one can immediately start execution of their own code here to dump bootrom, OTP, etc. The ARM9 bootrom does the following at reset: reset vector branches to another instruction, then branches to bootrom+0x8000. Hence, there's no way to know for certain when exactly the ARM9 exception-vector data stored in memory gets initialized.
     
  12. Swiftloke

    Swiftloke Hwaaaa!

    Member
    1,770
    1,525
    Jan 26, 2015
    United States
    Nowhere
    Thing is that's not going to lead to an exploit most (if any) people would use because A. It needs existing access to arm9 RAM (which would probably turn into an exploit in itself) and B. It's a hardware exploit, which means practically nobody will use it, and an extremely timing-sensitive one at that. The only thing it would be useful for is dumping the bootrom.
     
    olec04 likes this.
  13. olec04
    OP

    olec04 Working on Project Heaven!

    Banned
    851
    142
    Apr 10, 2015
    United States
    Trying to downgrade on 11.0 via AM services
    And it states dumping otp
     
  14. Swiftloke

    Swiftloke Hwaaaa!

    Member
    1,770
    1,525
    Jan 26, 2015
    United States
    Nowhere
    True, but you can dump OTP via software making this exploit useless for that
     
  15. Boogieboo6

    Boogieboo6 @realDonaldTrump

    Member
    960
    1,315
    Jul 30, 2015
    United States
    What about the bootrom dumping part? Wouldn't that be useful?
     
    olec04 likes this.
  16. olec04
    OP

    olec04 Working on Project Heaven!

    Banned
    851
    142
    Apr 10, 2015
    United States
    Trying to downgrade on 11.0 via AM services
    But that exploit was not patched yet so people with a hardmod can dump otp on 11.0

    — Posts automatically merged - Please don't double post! —

    Possibly
     
  17. Roomsaver

    Roomsaver GBAtemp Advanced Fan

    Member
    951
    243
    Sep 7, 2015
    United States
    garfield kart grand prix
    Can you please stop making extra threads and post to the Noob's Paradise? I don't mean to be rude but it's getting out of hand now...
     
    Ricken likes this.