Homebrew [Custom Launcher] Spider3DSTools released

[Duo8]

Neat.
When someone come up with an arm9 loader the decryptor can be ported.

 

[Helper]

I got it working! (at least mostly)

I browserify'd MemoryDump.dat and spliced it into a local copy of the Gateway Go index.html; loading the page on my 3DS yielded a crashed browser and a 3MB memory.bin file on the SD card--perfect! Exactly as expected!

However, doing the same with LoadCode.dat as the JS string and code.bin copied to the SD card resulted in a very short flash of static on the lower screen and (probably 30 seconds) later, a browser crash--code execution regardless, but perhaps not as expected?

Actually, looking at code.c, I would expect it to only draw static once. But the static is immediately overwritten by the browser's framebuffer. I can even "use" the browser after exploit has executed. I can open "Menu" and Bookmarks and so on; the browser still crashes after 30 seconds, though. The screen becomes static for a frame and the browser crashes after 30 seconds, so the code is definitely executing, right? This is all very interesting!

And thank you, Yifan Lu, et al. I wouldn't call myself a 3DS developer or researcher, but as a person-what-sometimes-plays-with-devkitpro, I appreciate the immense amount of work that has gone into the scene.

 

[Helper]

Mine is the same, but doesn't work at all for me (I launch it in the browser and it just displays the page, nothing else).
Do note, I am on 9.4, as this thread just says 9.x, nothing at all about not working on 9.4. Plus, launching GO site does crash the browser.

Old 3DS, not New, right?

I would expect any code execution to fail on firmware 9.3 or higher; but I could easily be wrong.

But I wonder if there's a problem in your local web-server setup. Have you successfully crashed the browser upon accessing a locally-hosted copy of the Go exploit?

 

[Rinnegatamante]

Interesting but i think this is not working on 9.3 and 9.4.

 

[Duo8]

Old 3DS, not New, right?

I would expect any code execution to fail on firmware 9.3 or higher; but I could easily be wrong.

But I wonder if there's a problem in your local web-server setup. Have you successfully crashed the browser upon accessing a locally-hosted copy of the Go exploit?

Interesting but i think this is not working on 9.3 and 9.4.

Well it still uses gspwn to execute arm11 code so I don't see why not.

 

[Helper]

Well it still uses gspwn to execute arm11 code so I don't see why not.

If so, this is even more interesting. If I had a >9.2 3DS, I'd test it myself.

Actually... dexterity is low at 5am, but tomorrow I should look into performing a hardmod. It shouldn't take too long for somebody who has soldering experience... right? (Famous last words?)

 

[PewnyPL]

Old 3DS, not New, right?

I would expect any code execution to fail on firmware 9.3 or higher; but I could easily be wrong.

But I wonder if there's a problem in your local web-server setup. Have you successfully crashed the browser upon accessing a locally-hosted copy of the Go exploit?

Yeah, Old 3DS.

And that was kinda the problem. I was missing frame.html. The whole GW thing hosted locally now also crashes the browser (it exits to home menu with "An unexpected error blahblahblah"). I changed the JS string to the LoadCode from this and well, it crashes the browser, but nothing else. I have the UVLoader put on SD card, in the root of it, as code.bin, but upon going to the page it just crashes the same way as with Gateway.

 

[Slushie3DS]

This is interesting. Is this only compatible with 9.0-9.2? I am 8.1, and it'd be nice to fiddle with this.

 

[duke_srg]

Successfully loaded memorydump using my tweaked html file.
BTW browserify output may be shrinked a lot as string in JS/HTML may be UTF-8 encoded. Only need to escape unicode surrogate characters (\ud800-\udfff), zero character and a digit (0-7) after it, single or double quotes (depending which one is used to define the string in JS) and the escaping slash symbol itself.

 

[PewnyPL]

Yeah, seems it doesn't work on 9.4
Tried MemoryDump now. Bowser crashes to homescreen but nothing is created on SD Card. And there I hoped that at least this may work (since I thought this one uses only gpuhax (or gspwn, I saw both names and not sure which is the currently used one), which isn't patched on 9.4)

 

[shutterbug2000]

Quick question here. I'm not exactly sure how to modify the html file. Do I completely replace the string, or add onto the end?

 

[Slushie3DS]

Quick question here. I'm not exactly sure how to modify the html file. Do I completely replace the string, or add onto the end?

At very least, I'm pretty sure you can just rename whichever .dat you'd like to use to unlaunch.dat, and open go.plxhack.us.

 

[shutterbug2000]

At very least, I'm pretty sure you can just rename whichever .dat you'd like to use to unlaunch.dat, and open go.plxhack.us.

Hmm. I guess I could try, but I don't think that's what the format of these files are. Let me try that.

 

[Slushie3DS]

Hmm. I guess I could try, but I don't think that's what the format of these files are. Let me try that.

I'm not at my computer, or I'd try for you. I'm still awaiting confirmation as to if this works with 8.1. If it's based on Gateway, I don't see why not, but Regionthree didn't seem to work for me.

 

[shutterbug2000]

I'm not at my computer, or I'd try for you. I'm still awaiting confirmation as to if this works with 8.1. If it's based on Gateway, I don't see why not, but Regionthree didn't seem to work for me.

Nope, doesn't seem to work.

 

[Slushie3DS]

Nope, doesn't seem to work.

Fuck, kek.

 

[krisztian1997]

Nope, doesn't seem to work.

You still have to put the code at the correct offsets in the launcher.dat for it to work (0x1A000 for 7.x-9.x)

 

[shutterbug2000]

You still have to put the code at the correct offsets in the launcher.dat for it to work (0x1A000 for 7.x-9.x)

Ahh, didn't think of that. Let me try that really quick.

 

[WateredFire19]

So, what can we do with this?

 

[Huntereb]

Neat, a public way of making use of SVC functions. Can't wait to give it a try!