Hacking Free rom loader means the death of the 3ds scene

[Ace Overclocked]

Troll.

The PSP piracy scene started with PARADOX releasing 3 UMD iso images Ridge Racer (JPN) being the first, which at the time no one was able to use. After that games were ripped and patched (to ms0, so they ran off a memory stick; Lumines being an early example. Then Devhook came around. But it really started to take off with the various custom firmwares. Which often lead to bricks.

Pandora (an early version) was leaked by an insider and ended up being used by the little Chinese stores to unbrick PSPs (remember the Youtube videos with the sleigh-of-the-hand battery swap). Pandora was FREE TO USE for everyone, all you needed to do was change the serial# of your battery with the Pandora tool to all F's (=JigKick) and prepare a memory card. Newer PSPs were unable to *make* Pandora batteries, but still could use them. Even newer PSPs used a new system; Datel was offering a BlueLite tool that worked (Sony managed to stop them from selling it) and there was no working IPL for those, so a Magic Memorystick could not be made. And still not.

But newer CFWs came out in lockstep with OFWs. Sony even was so nice to include their own iso loader (np9660 device).

At the time of the PS3 hack, the built-in PSP emulator revealed lots of keys; CFW installers could be made without need for anything (exploited game UMD or Pandora).

Even today PSP Piracy is still alive (last release was less than a week ago), it's just that there is not much development anymore since the VITA took over; and it's just the PSP sandbox that is "cracked" and many VITA owners still use eCFW to load PSP isos.

Sir, you need to look up what sarcasm means.

 

[Foxi4]

Not sure if you are trying to be sarcastic or not, but you realize Gateway developed every single example you mentioned? And my argumentation is about the 3ds piracy scene, not homebrew scene.

They most certainly did not. As far as I know, the region free unlock was originally made by Normmatt, EmuNAND AKA RedNAND (same thing, different name) was a joint effort and homebrew installation was strongly based on ctrulib by smealum - the Gateway team even gives him props for that in their release notes. I may be wrong on the EmuNAND thing, but I'm pretty sure of the other two - I don't follow the 3DS scene with bated breath.

 

[Deleted User]

Rofl! I didn't think you were serious. Hint: Gateway developed all those (except ctrulib, I'll give you that, but Gateway were the first to allow the public to enjoy REAL .3ds homebrew).

- Gateway developed emunand, smealum copied it, or re-did it on his own after he saw the video / release from GW
- Gateway developed region free - Normmatt did nothing in this matter
- Gateway first to publicly support .3ds roms homebrew (unsigned code), with joint collaboration from smea for ctrulib

 

[NCDyson]

I like how someone says' they're working on a rom loader, makes no specific mentions about releasing it, and everyone goes crazy.

I understand the point that Json is trying to make. As unfortunate as it is, gateway as a FOR PROFIT group will have a better chance of getting at the tools and resources needed to break the system open wider than any single hacker who does it for a hobby.

Assuming it does get released, whose to say that the public version will allow loading of commercial games? I wouldn't blame stArk one bit if he didn't release it. I would blame him even less if he obfuscated his loader more than gateways and made it only load homebrew. But even then, everyone would still get upset.

 

[Deleted User]

Thank you, I'm glad the point is getting across

 

[gamesquest1]

They most certainly did not. As far as I know, the region free unlock was originally made by Normmatt, EmuNAND AKA RedNAND (same thing, different name) was a joint effort and homebrew installation was strongly based on ctrulib by smealum - the Gateway team even gives him props for that in their release notes. I may be wrong on the EmuNAND thing, but I'm pretty sure of the other two - I don't follow the 3DS scene with bated breath.

region free mod was a patch for gateway loader.....not homebrew developed, and if you remember resulted in bricks, afaik smealum copied how gateway did nand redirection to develop rednand, and ctrulib is something else entirely akin to a sort of SDK fro 3ds coding, also the homebrew running on gateway and smealums rednand are made differently, gateway disables cart signature checks where as smealum installs them as apps within the system menu....as i say smealum is people best hopes of any sort of future progress....he is working out how to do stuff from theground up not just trying to patch the gateway launcher

 

[Foxi4]

region free mod was a patch for gateway loader.....not homebrew developed, and if you remember resulted in bricks, afaik smealum copied how gateway did nand redirection to develop rednand, and ctrulib is something else entirely akin to a sort of SDK fro 3ds coding, also the homebrew running on gateway and smealums rednand are made differently, gateway disables cart signature checks where as smealum installs them as apps within the system menu....as i say smealum is people best hopes of any sort of future progress....he is working out how to do stuff from theground up not just trying to patch the gateway launcher

Thanks for the correction. Nevertheless, the initial exploit was not Gateway's and everything they've ever done has been replicated without the use of their proprietary hardware. I remember neimod once saying that "launching backups on the 3DS is as simple as running redirected NAND" and I'm willing to believe that.

 

[Deleted User]

Nevertheless, the initial exploit was not Gateway's

Nobody knows whether or not Gateway did create the exploit themselves or not. I was not there when it was created, and neither were you. The only thing known at that time was a piece of text on 3dbrew saying "I crashed mset by accident with a corrupted ds profile". If that's an exploit to you then you need to read up on the matter. In fact, if it was not Gateway's why was there nobody else that exploited it before Gateway and made the source public? It's not like they could grab the source for the exploit anywhere (because there was none!) ... Beyond that I will refrain from discussing that matter further.

 

[Foxi4]

Nobody knows whether or not Gateway did create the exploit themselves or not. I was not there when it was created, and neither were you. The only thing known at that time was a piece of text on 3dbrew saying "I crashed mset by accident with a corrupted ds profile". If that's an exploit to you then you need to read up on the matter. Beyond that I will refrain from discussing that matter further.

You would be surprised. I suggested looking into the old DS Bricker code long before the 3DS exploit was around, it was then modified and tested by ichichfly and Sicklyboy to check how much can be overwritten in NVRAM through DS Mode. There were also some Hello World's before the Gateway was released, let's not pretend that there weren't and so far the DS Profile exploit is the only one available so it's fair to assume that everyone went this route. Why? Because the DS Profile can be modified via the already hacked-wide-open DS mode, so the assumption is logical.

 

[gamesquest1]

i think this is a whole thread over nothing situation, the people who don't want to buy a gateway card want free roms under the guise of "homebrew" smealum is developing true hombrew for 7.x and people aren't happy....why?.....because they really only want what gateway have, they have no interest in homebrew really unless it involves a rom loader

 

[Deleted User]

Ok, let's get some terminology straight...

What you are saying that there was a possible vulnerability that someone other than Gateway discovered. Yes. that's true. The possible vulnerability was documented on 3dbrew.

Things not documented was:
1. If this mset vulnerability was exploitable (hence the name exploit) (turns out it was, but only gives you userland access)
2. How to create an exploit from the vulnerability
3. The ARM9 kernel vulnerability to use
4. How to create an exploit from the ARM9 kernel vulnerability

Steps 1-4 is most likely what Gateway developed and is basically the whole exploit.

 

[Foxi4]

i think this is a whole thread over nothing situation, the people who don't want to buy a gateway card want free roms under the guise of "homebrew" smealum is developing true hombrew for 7.x and people aren't happy....why?.....because they really only want what gateway have, they have no interest in homebrew really unless it involves a rom loader

Honestly? I'd just prefer kernel level access, I don't like artificial inhibitions. I can understand the sentiment though so I don't mind, it's fair game.

Ok, let's get some terminology straight...

What you are saying that there was a possible vulnerability that someone other than Gateway discovered. Yes. that's true. The possible vulnerability was documented on 3dbrew.

Things not documented was:
1. If this mset vulnerability was exploitable (hence the name exploit) (turns out it was, but only gives you userland access)
2. How to create an exploit from the vulnerability
3. The ARM9 kernel vulnerability to use
4. How to create an exploit from the ARM9 kernel vulnerability


Steps 1-4 is what Gateway developed and is basically the whole exploit.

Considering the fact that people don't always document everything before thoroughly testing it plus some people just don't share their findings, it's fair game to say that the very same vulnerability was used for the numerous Hello World's the 3DS has seen, but okay.

 

[Coto]

it's not uncommon to have any exploit based on save or whatever RAM media with RW access, because there isn't a mechanism for protecting their area (or very basic!). In fact this makes me wonder if writing to NVRAM DSmode on a DSi, then triggering DS profile settings from a flashcard would execute ARM9 stuff. corrupting any stack from usermode should retrieve another one from kernelmode.

edit: ah, i take that back. I remember reading somewhere DSi rewrote DS profile settings if corrupted.

 

[Jean Karlo]

Yeah because the free "roms" loaders for other consoles totally destroyed their scenes... Yeah that's how it happened people, this man is A GENIUS, GIVE HIM A BEER !

 

[gamesquest1]

Honestly? I'd just prefer kernel level access, I don't like artificial inhibitions. I can understand the sentiment though so I don't mind, it's fair game.

its not a artificial inhibition, the 7.x exploit is userland only, in terms of homebrew you should technically get all the same features as any other app/game made for the 3ds, yeah there will be some things not possible like rednand and system tweaks but for actual people wanting to use/develop actual homebrew it would make no difference, and remeber its working on 7.1 and probably 7.2 which is the latest FW, it will have 7.x crypto working 6.x save encryption working......its a pretty sweet deal for people who want homebrew and has many benefits gateway doesnt

 

[Deleted User]

Except that the savegame encryption can not be harnessed by homebrew because the ssspwn exploit has no kernel access. I don't see any benefit over gateway's solution

 

[DaniPoo]

no this thread is created and ruled by people in fear that their expesive flashcarts will be rendered useless someday..
well if a better FREE solution reaches the surface then you can enjoy that instead right?

 

[Meteo]

no, a free loader wont be the death of the scene. It'll be a huge blow, but not the death. Someone will eventually pick it up. Don't underestimate the hackers that are out there.

 

[gamesquest1]

Except that the savegame encryption can not be harnessed by homebrew because the ssspwn exploit has no kernel access. I don't see any benefit over gateway's solution

well
A) you can play future 7.x cryto games for sure....(im sure gateway will get it sorted, but for ssspwn, there isnt a issue in the first place)
B) people who dont have a 4.x console can enjoy homebrew
C) games that use 6.x save crypro will be saved using the proper methods

lets just be clear rom loaders and homebrew are two separate entities, gateway is fantastic at doing what its doing on the side of rom loading, and smealum is great at fighting the side for homebrew, they have chosen their sides and both have their own merits it would be silly to try belittle either side they have both done some fantastic work

 

[Deleted User]

no this thread is created and ruled by people in fear that their expesive flashcarts will be rendered useless someday..
well if a better FREE solution reaches the surface then you can enjoy that instead right?

The point is that this FREE solution will be crippled from the get-go, it would only support roms up to 7.x and that will be the last firmware it will support.
Gateway has the most chance of cracking the 7.x crypto since it has actual resources to move into this problem. Hobbyist hackers don't.

well
A) you can play future 7.x cryto games for sure....(im sure gateway will get it sorted, but for ssspwn, there isnt a issue in the first place)
B) people who dont have a 4.x console can enjoy homebrew
C) games that use 6.x save crypro will be saved using the proper methods

How will you you be playing roms from a 7.x environment that has no kernel access?
All it will allow is homebrew and I'm not much interested in that