Hacking [Discussion] Install DS Profile exploit with Download Play?

[dicamarques]

So now with all the hopes of CFW on my 3Ds without spending 60+€ on a flashcart I was looking for info and requirements where to only have the 3DS to downgrade and a DS flashcart to install the exploit. Well I'm a unlucky owner of a Ak2i, which the last working is 4.3... so even if I downgrade I cant use my flashcart to install the exploit.
But then I started thinking in a different way to load the exploit, what if I send it over download play, I have a DSi so I could use that?
I remember seeing this thread awhile back https://gbatemp.net/threads/ds-download-play-send-nds-file-with-planet-puzzle-league.306625/
and it is a great idea, but there's a catch, no homebrew is possible to be loaded on the client DS (in this case 3DS) unless it has flashme (there's no flashme for the 3DS).
If it was possible to fakesign or inject or code to a ninty signed .nds and then place it on that game, there was a way to load the exploit without a flashcart (yes without!, I think that there's also a way to send demos using a PC)

So any opinions, or this is completely impossible unless someone guesses the key.

 

[MaK11-12]

I would also like to know if there is a method of installing the ROP loader without a DS flash card.
I tried replacing the Launcher.dat file from the Gateway 3.0.1 update with the CFW Launcher_GW.dat (renamed to Launcher.dat) and then using the new browser exploit to load it. That didn't work.

 

[dicamarques]

I would also like to know if there is a method of installing the ROP loader without a DS flash card.
I tried replacing the Launcher.dat file from the Gateway 3.0.1 update with the CFW Launcher_GW.dat (renamed to Launcher.dat) and then using the new browser exploit to load it. That didn't work.

Yes, its because the new exploit does not only use the browser to work, it needs something else.

 

[ewin00]

well i dont know but have you try desmume download play? lol who knows

 

[Pawed]

Yes, its because the new exploit does not only use the browser to work, it needs something else.

The exploit downgrades you to 4.2, so your card should be able to work.

 

[dicamarques]

well i dont know but have you try desmume download play? lol who knows

The problem is not sending the file, is the 3DS accepting the file, because it's not signed by ninty

The exploit downgrades you to 4.2, so your card should be able to work.

from what I know, the EUR version downgrades to 4.5

 

[w0dash]

The exploit downgrades you to 4.2, so your card should be able to work.

False, if he does not have an US device.

 

[dicamarques]

Well, I went ahead and tried this method, and the console semi-freezes. You can still reboot it normally to the home menu.

 

[tozevleal]

Maybe if someone hack a signed a .nds file maybe can becreated a exploit

 

[jmleolgq]

An R4i card is cheaper than NDS/3DS to give you a download play spot

 

[dicamarques]

An R4i card is cheaper than NDS/3DS to give you a download play spot

I know that but I already have that that's why I'm trying it. Also it might be possible to do it with a PC

 

[mastermodr94]

Heres the thing basically you would need a nds demo that was exploitable. Similar to how smealum just exploited BangioSpirits with its level editor. You would need to find a demo that has something similar or a rom that is under 4mb and then send it over download play and exploit it to patch the 3ds profile. Not imposible but very dificult for little payoff when you can grab a cheap ds flashcard for ~ $15 or less

 

[dicamarques]

Heres the thing basically you would need a nds demo that was exploitable. Similar to how smealum just exploited BangioSpirits with its level editor. You would need to find a demo that has something similar or a rom that is under 4mb and then send it over download play and exploit it to patch the 3ds profile. Not imposible but very dificult for little payoff when you can grab a cheap ds flashcard for ~ $15 or less

Thats not the issue, already did that. The problem is that the Homebrew is not signed.

 

[mastermodr94]

Thats not the issue, already did that. The problem is that the Homebrew is not signed.

No what im saying is that yes the homebrew is unsigned however an exploitable ds demo IS signed. So you can send an unmodified demo to the 3ds and then exploit it without the use of a flashcard. But you would need to build the exploit yourself.

 

[anon3536]

so what about if you like ran the exploit on the dsi then loaded a game like super mario ds that has single cart play, could it possibly crash then cuz your name shows up on the other users ds? im willing to bet this prob wont work but just a thought after reading this

 

[dicamarques]

so what about if you like ran the exploit on the dsi then loaded a game like super mario ds that has single cart play, could it possibly crash then cuz your name shows up on the other users ds? im willing to bet this prob wont work but just a thought after reading this

It possibly will crash the ds but wont change the 3DS name, so not going to help
My attempts at getting a signed header from another demo and place it on the homebrew were unsuccessful so far I was thinking to make the Bangai-oSploit to work, but it's a commercial rom and even though I removed a lot from the rom it wouldn't boot because of the header.
Probably this isn't working because of my lack of skills on DS hacking.

 

[tozevleal]

That means you can only send demos from ds download play?

 

[anon3536]

It possibly will crash the ds but wont change the 3DS name, so not going to help
My attempts at getting a signed header from another demo and place it on the homebrew were unsuccessful so far I was thinking to make the Bangai-oSploit to work, but it's a commercial rom and even though I removed a lot from the rom it wouldn't boot because of the header.
Probably this isn't working because of my lack of skills on DS hacking.

well isnt it the actual name that crashes? sure it wont save to the 3ds but once the 3ds attempted to load that name i would think it would crash similar to how it does when you go to open the nds management atm

 

[dicamarques]

well isnt it the actual name that crashes? sure it wont save to the 3ds but once the 3ds attempted to load that name i would think it would crash similar to how it does when you go to open the nds management atm

You need to have it saved so it loads up on the system settings. I dont even know if we can change any of these values in DS Download....

 

[WaterBotttle]

Since the DS download play titles have to be signed to run on the 3DS, it seems as others have suggested the best method would be using an already signed title and then exploiting a vulnerability in that to execute the needed DS code. While possible I don't think many would be interested because the DS cards are so cheap and we already have the web browser as an entry point. However it does sound like a cool project.