THIS IS NOT NINJHAX
Some (all?) n3ds are shipping at 9.0, because of the new browser we cannot use it for ROP, but we can still use cubic ninja! "Oh this is a homebrew post, wrong forum." Nope, this is about using CN for kernel (privileged) code execution, complete control. This is not MSET, it works beyond 4.5 to my knowledge it was patched in 9.2.
I'm not going to say what others have said better http://yifan.lu/ <this man has worked with yellows8 or at least been in contact with him, and is a known vita hacker. Yifan Lu contacts sema on sema's writeup of ninjhax commenting on the GPU vulnerability (stage 2 of sema's writeup,also mentioned in Yifan's writeup), sema's reply is in relation to ninjhax and irrelevant for our exploit (except that cubic ninja hasnt been patched!) http://smealum.net/?p=517. We also learn a little from an Anon comment in response to sema, we learn that gateway uses stage 2 of the exploit but not sema's stage 3 or stage 4. Something quick to note is gateway uses the browser for ROP, (stage 1) which is no longer an option on the n3ds. It's my guess the people at gateway are trying to find a new way to get ROP capability and thats why we haven't seen a n3ds model/update yet. BUT WE HAVE CUBIC NINJA!!
If this is possible why hasn't sema done it already? Because sema does not want to give us kernel access. He is worried it will cause the spread of piracy, a noble stance but your homebrew is mainly emulators. I guess old ROMs are okay huh?
With Yifan's work and NInjhax now being open source this should be done.
Some (all?) n3ds are shipping at 9.0, because of the new browser we cannot use it for ROP, but we can still use cubic ninja! "Oh this is a homebrew post, wrong forum." Nope, this is about using CN for kernel (privileged) code execution, complete control. This is not MSET, it works beyond 4.5 to my knowledge it was patched in 9.2.
I'm not going to say what others have said better http://yifan.lu/ <this man has worked with yellows8 or at least been in contact with him, and is a known vita hacker. Yifan Lu contacts sema on sema's writeup of ninjhax commenting on the GPU vulnerability (stage 2 of sema's writeup,also mentioned in Yifan's writeup), sema's reply is in relation to ninjhax and irrelevant for our exploit (except that cubic ninja hasnt been patched!) http://smealum.net/?p=517. We also learn a little from an Anon comment in response to sema, we learn that gateway uses stage 2 of the exploit but not sema's stage 3 or stage 4. Something quick to note is gateway uses the browser for ROP, (stage 1) which is no longer an option on the n3ds. It's my guess the people at gateway are trying to find a new way to get ROP capability and thats why we haven't seen a n3ds model/update yet. BUT WE HAVE CUBIC NINJA!!
If this is possible why hasn't sema done it already? Because sema does not want to give us kernel access. He is worried it will cause the spread of piracy, a noble stance but your homebrew is mainly emulators. I guess old ROMs are okay huh?
With Yifan's work and NInjhax now being open source this should be done.