Hacking Gateway Questions

gudenau

Largely ignored
Member
GBAtemp Patron
Joined
Jul 7, 2010
Messages
3,738
Trophies
0
Location
/dev/random
Website
www.gudenau.net
XP
3,435
Country
United States
I have a few questions about how Gateway implemented there CFW.

I am not looking for "how do I use them", I am asking for how they work; at a code level.
  1. How does the version spoofing work?
  2. How does the cheat system work?
  3. How do they get ARM11, if they do at all?
 

gudenau

Largely ignored
Member
GBAtemp Patron
Joined
Jul 7, 2010
Messages
3,738
Trophies
0
Location
/dev/random
Website
www.gudenau.net
XP
3,435
Country
United States
It exploits 4.5-9.2firmware and basically you make a copy of that firmware that GW makes fully exploited by faking the FW with what is called emunand. Then when you update that emunand it has the latest version of whatever the 3ds firmware is but with exploited code. This leaves the real 3ds firmware at whatever it was before IE 9.2 while emunand is 10.3.

Cheats work like action replay except with some features more like cheat engine I guess.

I don't think they have ARM11 just yet. If they do it isn't finished.
Not to be mean, but that does not answer my questions at all.
 
  • Like
Reactions: Hayleia

gudenau

Largely ignored
Member
GBAtemp Patron
Joined
Jul 7, 2010
Messages
3,738
Trophies
0
Location
/dev/random
Website
www.gudenau.net
XP
3,435
Country
United States
Read 3dbrew.org.
From what I can tell that does not explain how to inject code into arm11 processes from boot, nor does it say how someone implemented cheats or version spoofing. Sure with the data on there you could patch a title before installing it, but it does not say how the system stores that information in memory.

From what I can tell, I am not going to get a good answer, am I?
 
Joined
Nov 23, 2014
Messages
15,149
Trophies
0
Location
Canberra, Australia
Website
boot9strap.com
XP
11,051
Country
Australia
From what I can tell that does not explain how to inject code into arm11 processes from boot, nor does it say how someone implemented cheats or version spoofing. Sure with the data on there you could patch a title before installing it, but it does not say how the system stores that information in memory.

From what I can tell, I am not going to get a good answer, am I?
1. Get an understanding of the architecture of the 3DS (reading 3dbrew & studying computer science)
2. Look at the source code for rxtools or cakes or anything else that's open source
3. If you don't understand the source code, refer to step 1.

Gateway is closed source so all you can do is guess. However things like the ROP loader for the DS profile exploit will be similar to rxTools.

Edit: What you're asking for is basically like asking how to solve partial differential equations. If you have enough background knowledge to be able to understand the explanation then it's also trivial for you to find the info and you wouldn't need to ask.
 
Last edited by Quantumcat,
  • Like
Reactions: soulskeeper

Aroth

Well-Known Member
Member
Joined
Apr 14, 2015
Messages
2,066
Trophies
0
Age
35
XP
871
Country
United States
Atm no one injects any code on boot. The closest is menuhax which injects code into a theme, which i then loaded when the home menu starts up and then (from what I understand) loads a 3dsx file. How this is handled or done, I have no idea and your best bet is to follow Quantumcat's advice.

To be honest an open forum like this is not the best place to get detailed information about the mechanics and code behind the exploits. Your best bet, barring Quantumcat's advice, is to locate one of community groups that devs like yls8, smea and the rest frequent to discuss things. Seem to remember something being mentioned about an irc group, maybe a skype one?
 

Site & Scene News

General chit-chat
Help Users
    kenenthk @ kenenthk: Assholes all like I can do that then like I might just give it away