Hacking Developing for 4.4

gudenau

gudenau

Largely ignored
OP
Member
Level 16
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,379
Country
United States
So at the moment this is mainly just some questions and me checking my information.

The current exploit relies on the user's ds profile being crafted in such a way that the user name reads past the name portion. It the smashes the stack and uses ROP to take control of the system. In order to get to the NATIVE_FIRM processor it replaces interrupts to take control.

So, how does this stack up against how it realy works?
 
Y

YoshiInAVoid

Banned!
Banned
Level 4
Joined
Jan 10, 2011
Messages
560
Trophies
1
Website
google.com
XP
465
Country
You are missing a few points, there is an open source ROP loader available here:

https://github.com/ctnieves/ROP-Loader

It's much more buggy than the alternate ROP loader and GW's but it should help you learn more about the exploit if you really want.

Namely, one detail you missed is that there are two sections to the DS profile data (to prevent corruption). The unicode username string in the second profile is the exact thing that is overflowed. The 1'st profile section is where most of the exploit is stored, the PC jumps to this.
 
gudenau

gudenau

Largely ignored
OP
Member
Level 16
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,379
Country
United States
YoshiInAVoid said:
You are missing a few points, there is an open source ROP loader available here:

https://github.com/ctnieves/ROP-Loader

It's much more buggy than the alternate ROP loader and GW's but it should help you learn more about the exploit if you really want.

Namely, one detail you missed is that there are two sections to the DS profile data (to prevent corruption). The unicode username string in the second profile is the exact thing that is overflowed. The 1'st profile section is where most of the exploit is stored, the PC jumps to this.
Click to expand...


Ok, thanks. I will start tinkering with this soon.
 
Snailface

Snailface

My frothing demand for 3ds homebrew is increasing
Member
Level 10
Joined
Sep 20, 2010
Messages
4,324
Trophies
2
Age
40
Location
Engine Room with Cyan, watching him learn.
XP
2,255
gudenau

gudenau

Largely ignored
OP
Member
Level 16
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,379
Country
United States

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Hardware  Why does my 3DS take so long to turn off?

Translation Project  DQM2SP translation

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: