Getting ROP is stage 1, this first stage can be achieved by the browser exploit you mentioned, or cubic ninja. If a SKATER exploit is not public or not known, why would I be focusing on it? Cubic Ninja can be used for stage 1, it is known, so why not use it? Honestly who cares how you get stage 1, be it browser exploit or cubic ninja, we don't currently have a full control method for 9.2 while it has been deemed possible by Yifan. I own both an oldl 3ds and a n3ds both below 9.2 which is why I would work with cubic ninja. Not a exploit that has been hinted about, one I know can be used and how to use it.
While exploits are exploits, it's likely most engineers will attempt to attack new entry points, and not those that have already been patched. You can always hop on the #3dsdev chat and talk to them about it.
Edit: Another thing you have to look at is that people have found that Ninjhax does use the browser on both systems, meaning browser access is possible. If it is possible via one, it should be possible via the other.
Thank you for that advice. I agree new exploits are usually always being found. However I was under the impression that as for the Wii Nin had pretty much won the war, I don't own one so I am unsure exactly what if anything can still be done. And this is going back a little but 360s were locked down after JTAGs. I think full control exploits may be drying up for the 3ds. BUT new hardware new exploits too... so I don't know. All I know is i won't be updating until the next full control exploit is released. I'm curious what full control could do on 9.2. Save decryption because of 7.x keys?
ARM11 control is possible from 4.5-9.5, but Yifan only wrote spider3DStools for 9.X. It can be ported though. In his tools alone, there is tons of stuff, even a memory dumper. I uploaded some of my photos of it being compiled and stuff as proof of concept. The JS is hosted on a server, and the binary is placed on your SD.
Yeah, it's known since GW ultra was released that every exploit except spider works on <= 9.2 N3DS. The problem isn't getting the exploit to work. It's porting GW's highly obfuscated code and CFW over to N3DS where the FW is very different and requires basically a complete recode rather than some simple patches. It is much easier for GW to do as they have the source code. If someone here does it, it's the free CFW that all the pirates have wet dreams about.
Hello! Wow did not expect to see you here, thank you for those write-ups you did. Has anyone done the same porting of GW code for the older 3ds? I know there is a CFW of 4.x, does anyone, including GW have a 9.x CFW? Again, wow and thanks!
Not everyone waiting for a CFW wants it for piracy.
It's going to be difficult to have a sustainable 3DS homebrew scene without a red(irected)NAND based CFW. It's the only way we can have both homebrew and a fully updated system software.
Because right now I have to choose between homebrew and playing online/eShop access/game updates/DLC.
A CFW would bring free and easily accessible piracy to the 3DS, and I'd prefer that not occur until much closer to the end of the 3DS's lifespan.
But Nintendo have had tremendous success with the 3DS, I'd be comfortable with a CFW (and all it entails) being released in the next 12-18 months. But the longer it takes the better, the 3DS still has 2-3 good years left in it.
Conversely, the Wii U hasn't really managed to gain traction until recently. So I really don't want to see piracy coming to that platform anytime soon.
Gateway's CFW actually really dumb and just replaces FIRM instead of patching it in its final stages. You could binary diff GW's FIRM to stock FIRM and try and migrate those patches over to n3ds firm, but at that point you should just make your own "cfw". There's extra n3ds stuff to deal with anyways.
Spiderhax, otherwise known as WebKit exploiting, is possible without the game. It is used in Yifan Lu's spider3DStools to gain ARM11 kernel access, and I believe it was used in another exploit system to gain ARM9. It crashes the browser into a panic while injecting a binary. Yifan Lu is already working on a way to open the Homebrew Launcher's boot.3DSX via the browser in his exploit dubbed spiderninja, which you can see below, and was only shown for a bit before removed. In the Regionthree Readme, Smea states that the exploit will not work with SKATER, but the code is there, and he hinted that anyone can do it. I haven't looked much into SKATER, as I do not own an N3DS, but it's pretty safe to assume that it still uses WebKit, meaning it should still be possible, with a bit of rewriting. You seem to be very dependent on a game, which ultimately, is not something a long term exploit should depend on.
Why wouldn't it be? If SKATER is still relying on WebKit, which I am pretty sure it is, I don't see why it wouldn't work on it. Again, I'm just working off of what Smea hinted at in his Readme.
A few things. First, spider3dstools doesn't give you arm11 kernel access. It just gives userland, which is enough to use dlp's permissions to launch a game. 'the code is out there' is a reference to the code that regionfree uses, which is literally just:
Code:
NSS:RebootSystem(0x1,0x0,0x0,0x2,0x0,0x0)SKATER isn't vulnerable to the webkit bug used in GW3.0, so you'd have to find another properly exploitable one. There are no public exploit kits built for SKATER as of now.
- Joined
- Oct 7, 2007
- Messages
- 4,426
- Trophies
- 3
- Age
- 36
- Location
- Levelland, Texas
- Website
- www.mariopc.co.nr
- XP
- 6,792
- Country
Yeah it's basically CFW but with DRM attached in the form of a flashcart you technically don't need to boot CFW. It's just there as DRM at this point.
But it wouldn't be released because ofYeah it's basically CFW but with DRM attached in the form of a flashcart you technically don't need to boot CFW. It's just there as DRM at this point.
and yes I know I'm an entitled dirty pirate and therefore everything I say is invalid and wanting things is bad.
I said that at the end because the 3ds illuminati calls pirates that want cfw ~entitled~
- Joined
- Oct 7, 2007
- Messages
- 4,426
- Trophies
- 3
- Age
- 36
- Location
- Levelland, Texas
- Website
- www.mariopc.co.nr
- XP
- 6,792
- Country
That's par for the coarse for this forum now a days. Welcome to GBATemp!...Even though you've been registered here since 2007...
It seems the community around here has gotten a little....not so mature compared to the old DS days. Been a long time though so I don't exactly recall how things were like here back then.
That's par for the coarse for this forum now a days. Welcome to GBATemp!...Even though you've been registered here since 2007...
It seems the community around here has gotten a little....not so mature compared to the old DS days. Been a long time though so I don't exactly recall how things were like here back then.
I don't really think it's changed much to be honest. (I've been here several years longer than my account implies, but under a username I've long since forgotten)
Hello! Just on my lunch break now, it's cool to see so much interest in this, I thought I was the only one working on it!
Secondly, although S3DSTools only allows for Arm11 userland code we can use Yifan's *almost* definitive writeup of how gateway works (along with the incredible info on 3dbrew plus a sneaky look at gateway's decrypted 2nd and 3rd stage) to maybe port the gateway exploit over to N3DS.
If anyone else is interested in working on this, and has the knowledge(or is determined enough to learn) I'll make a project page tonight where I'll outline exactly what needs to be done so far and get people working on different things. This could be a lot of fun!
Oh and about the piracy thing, considering we're going to have to rewrite most of it from scratch, piracy isn't going to just magically appear, unless we code it in for some reason(unnecessary effort) - or we spring a leak...
Keep your eyes peeled, gentlemen.
Can't wait to get working on this!
All good stuff here, I'd just like to point out... Although Ninjhax uses Cubic Ninja + Gspwn as an initial exploit, most of the 'magic: happens after gaining Thread0 ROP on Spider(or in the case of N3DS, Skater) so if you look in the source code of Ninjhax, there is a wealth of information on the memory locations needed for a Skater ROP. Unsure of that's what you meant by "public Skater exploit kit"
Secondly, although S3DSTools only allows for Arm11 userland code we can use Yifan's *almost* definitive writeup of how gateway works (along with the incredible info on 3dbrew plus a sneaky look at gateway's decrypted 2nd and 3rd stage) to maybe port the gateway exploit over to N3DS.
If anyone else is interested in working on this, and has the knowledge(or is determined enough to learn) I'll make a project page tonight where I'll outline exactly what needs to be done so far and get people working on different things. This could be a lot of fun!
Oh and about the piracy thing, considering we're going to have to rewrite most of it from scratch, piracy isn't going to just magically appear, unless we code it in for some reason(unnecessary effort) - or we spring a leak...
Keep your eyes peeled, gentlemen.
Can't wait to get working on this!
Citation please?
I've seen plenty of people on GBAtemp calling out others who think they shouldn't have to pay to pirate games (where did this idea even come from? You've had to pay to pirate games as far back as the Famicom) and therefore feel entitled to a flashcart-free redNAND solution.
But I haven't seen any real evidence of the "illuminati" saying this type of thing. Mostly people just people such as yourself parroting the same lines over and over. Have you anything in the way of evidence to back up your claims?
I was just saying that you still need a SKATER exploit to get ROP on it, and nobody's put anything like that out yet. You're right about being able to pull info from ninjhax for the next steps, though.
Similar threads
