Hacking Flash .cia of DS Profile?

red9350

Active Member
OP
Newcomer
Joined
Jan 10, 2015
Messages
26
Trophies
0
Age
26
XP
96
Country
Italy
Hi, is it possible to flash a system .cia of the DS Profile from fw 4.5 on a 9.2 console? So it would be possible to run the exploit from Settings instead of using the web browser/android app. I remember reading a thread some time ago about this topic, but I can't seem to find it...
 

plasma

GBAtemp's Artificial Lifeform
Member
Joined
May 15, 2009
Messages
1,622
Trophies
1
Age
25
Location
I have no fucking idea.
XP
2,112
Country
United Kingdom
Hi, is it possible to flash a system .cia of the DS Profile from fw 4.5 on a 9.2 console? So it would be possible to run the exploit from Settings instead of using the web browser/android app. I remember reading a thread some time ago about this topic, but I can't seem to find it...

No.

iirc (i may be wrong) but the DS Profile exploit is MSET, which was patched, it only works on 4.x
 

zoogie

playing around in the dsiware
Developer
Joined
Nov 30, 2014
Messages
8,470
Trophies
2
XP
14,194
Country
Micronesia, Federated States of
No.

iirc (i may be wrong) but the DS Profile exploit is MSET, which was patched, it only works on 4.x
What he's talking about is converting the 4.5 mset app to a cia and installing over the fixed version ala DS whitelist sysApp.
I've converted the mset app to cci (and it works!) but haven't tried a cia or certainly a risky sysnand install.
 

plasma

GBAtemp's Artificial Lifeform
Member
Joined
May 15, 2009
Messages
1,622
Trophies
1
Age
25
Location
I have no fucking idea.
XP
2,112
Country
United Kingdom
What he's talking about is converting the 4.5 mset app to a cia and installing over the fixed version ala DS whitelist sysApp.
I've converted the mset app to cci (and it works!) but haven't tried a cia or certainly a risky sysnand install.

I thought MSET only worked on 4.x, hes trying to ask if he can use the MSET exploit in 9.2 which I am pretty sure is not possible
 

red9350

Active Member
OP
Newcomer
Joined
Jan 10, 2015
Messages
26
Trophies
0
Age
26
XP
96
Country
Italy
There's a pc program which lets you download parts of the fw as .cias. It has been used to revert back the ds flashcard whitelist, I want to know if it's possible to use it to revert back the DS Profile app (Or the Settings app) to be able to use the old exploit on newer fw
 

Axido

Well-Known Member
Member
Joined
Feb 12, 2014
Messages
1,195
Trophies
1
Age
31
XP
3,588
Country
Germany
I thought MSET only worked on 4.x, hes trying to ask if he can use the MSET exploit in 9.2 which I am pretty sure is not possible

MSET gets fixed after 4.5, yes. But the question was if it is possible to install the unfixed version to sysnand. Something like that was already done with a DS whitelist to get DS flashcarts working again that got fixed in newer FWs as stated above. Got it?
 

zoogie

playing around in the dsiware
Developer
Joined
Nov 30, 2014
Messages
8,470
Trophies
2
XP
14,194
Country
Micronesia, Federated States of
I thought MSET only worked on 4.x, hes trying to ask if he can use the MSET exploit in 9.2 which I am pretty sure is not possible
The System Settings app (mset) itself was fixed, so it may be possible to unfix it by overwriting the patched version in later firmwares with a vulnerable one.

This doesn't solve the problem of having to port the exploit rop chains for higher firmwares though of course.
 

Axido

Well-Known Member
Member
Joined
Feb 12, 2014
Messages
1,195
Trophies
1
Age
31
XP
3,588
Country
Germany
The System Settings app (mset) itself was fixed, so it may be possible to unfix it by overwriting the patched version in later firmwares with a vulnerable one.

This doesn't solve the problem of having to port the exploit rop chains for higher firmwares though of course.

And I'd like to add to this: ...but it's more convenient than other methods, especially if you get it to work on N3DS consoles.
 

plasma

GBAtemp's Artificial Lifeform
Member
Joined
May 15, 2009
Messages
1,622
Trophies
1
Age
25
Location
I have no fucking idea.
XP
2,112
Country
United Kingdom
MSET gets fixed after 4.5, yes. But the question was if it is possible to install the unfixed version to sysnand. Something like that was already done with a DS whitelist to get DS flashcarts working again that got fixed in newer FWs as stated above. Got it?

I get you now, wouldnt the only method to do this is manually update to 9.2 after downgrading to 4.5, install the 9.2 cia (except settings and w/e else was needed - much like Apache Thunder did with the Whitelist)
 

pedrobarca

Banned!
Banned
Joined
Jun 17, 2013
Messages
445
Trophies
0
Age
28
XP
195
Country
The System Settings app (mset) itself was fixed, so it may be possible to unfix it by overwriting the patched version in later firmwares with a vulnerable one.

This doesn't solve the problem of having to port the exploit rop chains for higher firmwares though of course.
So even if this would theoretically work, gateways Launcher.dat would work at this point because it cannot handle the MSET hack for firmwares which are not in the range 4.1-4.5 atm? Gateway should investigate this.
 

Apache Thunder

I have cameras in your head!
Member
Joined
Oct 7, 2007
Messages
4,294
Trophies
3
Age
35
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,253
Country
United States
I have a hardmod and could do this since I have already succesfully downgraded TWL_FIRM by not updating it when I updated to 9.2 via CIAs. But the problem is that unless a DS profile rop chain comes out that makes use of spiderhax/memchunkhax, I would have no way of really testing if it still works. The original Arm9 exploit msett used in 4.x was patched by NATIVE_FIRM, so any exploits for that still won't work on a 9.x system.

If there is a MSETT exploit that uses memchunkhax/spider exploit, let me know and I might give this a shot. ;)
 

You may also like...

General chit-chat
Help Users
    M4x1mumReZ @ M4x1mumReZ: I don't feel like being my normal self ._.