Hacking Gateway Questions

[gudenau]

I have a few questions about how Gateway implemented there CFW.

I am not looking for "how do I use them", I am asking for how they work; at a code level.

1. How does the version spoofing work?
2. How does the cheat system work?
3. How do they get ARM11, if they do at all?

 

[YourHero]

Doesn't explain anything, the post.

 

[gudenau]

It exploits 4.5-9.2firmware and basically you make a copy of that firmware that GW makes fully exploited by faking the FW with what is called emunand. Then when you update that emunand it has the latest version of whatever the 3ds firmware is but with exploited code. This leaves the real 3ds firmware at whatever it was before IE 9.2 while emunand is 10.3.

Cheats work like action replay except with some features more like cheat engine I guess.

I don't think they have ARM11 just yet. If they do it isn't finished.

Not to be mean, but that does not answer my questions at all.

 

[Quantumcat]

Not to be mean, but that does not answer my questions at all.

Read 3dbrew.org.

 

[gudenau]

Read 3dbrew.org.

From what I can tell that does not explain how to inject code into arm11 processes from boot, nor does it say how someone implemented cheats or version spoofing. Sure with the data on there you could patch a title before installing it, but it does not say how the system stores that information in memory.

From what I can tell, I am not going to get a good answer, am I?

 

[Quantumcat]

From what I can tell that does not explain how to inject code into arm11 processes from boot, nor does it say how someone implemented cheats or version spoofing. Sure with the data on there you could patch a title before installing it, but it does not say how the system stores that information in memory.

From what I can tell, I am not going to get a good answer, am I?

1. Get an understanding of the architecture of the 3DS (reading 3dbrew & studying computer science)
2. Look at the source code for rxtools or cakes or anything else that's open source
3. If you don't understand the source code, refer to step 1.

Gateway is closed source so all you can do is guess. However things like the ROP loader for the DS profile exploit will be similar to rxTools.

Edit: What you're asking for is basically like asking how to solve partial differential equations. If you have enough background knowledge to be able to understand the explanation then it's also trivial for you to find the info and you wouldn't need to ask.

 

[Aroth]

Atm no one injects any code on boot. The closest is menuhax which injects code into a theme, which i then loaded when the home menu starts up and then (from what I understand) loads a 3dsx file. How this is handled or done, I have no idea and your best bet is to follow Quantumcat's advice.

To be honest an open forum like this is not the best place to get detailed information about the mechanics and code behind the exploits. Your best bet, barring Quantumcat's advice, is to locate one of community groups that devs like yls8, smea and the rest frequent to discuss things. Seem to remember something being mentioned about an irc group, maybe a skype one?