The other thread is getting fulled with stuff like "halp me plz, it don't works", so I thought on create another thread to talk about the GO exploit...
Going to the website with no 3DS webAgent you get what the memory block is fulled with "counter+4 08 0E" (http://gyazo.com/77fb2460da8543a36e8ebed1d4f30037), when you activate the 3DS UserAgent you get the exploit. Seems the *exploit* is copying a lot of times 0x200 bytes to memory, making overflow or something and then run the *second stage*.
At first look it seems to be a ROPLoader (like on MSetHax). Here we can see "dmc:/Launcher.dat" coded on UTF-16, so this ROPLoader isn't obfuscated, well. A good way to continue studying how it works is getting a RAM dump with browser applet open, it should be easy with the released CFW.
Hope we can get Kernel Execution on FW 4.0-9.2
PD: There's some paste with title "GW_GO_Exploit.bin" with download link of the exploit binary
Going to the website with no 3DS webAgent you get what the memory block is fulled with "counter+4 08 0E" (http://gyazo.com/77fb2460da8543a36e8ebed1d4f30037), when you activate the 3DS UserAgent you get the exploit. Seems the *exploit* is copying a lot of times 0x200 bytes to memory, making overflow or something and then run the *second stage*.
At first look it seems to be a ROPLoader (like on MSetHax). Here we can see "dmc:/Launcher.dat" coded on UTF-16, so this ROPLoader isn't obfuscated, well. A good way to continue studying how it works is getting a RAM dump with browser applet open, it should be easy with the released CFW.
Hope we can get Kernel Execution on FW 4.0-9.2
PD: There's some paste with title "GW_GO_Exploit.bin" with download link of the exploit binary