Toggle sidebar

Homebrew Homebrew Development

  • Thread starter Thread starter aliak11
  • Start date Start date
  • Views Views 1,475,028
  • Replies Replies 6,048
  • Likes Likes 54
nop90 said:
Me not yet. I scanned some parts of IO register memory, but at the moment I found only the 3D slider state register at 0x1014470C.

Still trying to figure out what are the other non zero values i found, in the hope to be able to swap framebuffers.

In the range I scanned (0x1012DFA0 - 0x10146BD6) nothing has values changing upon CPAD or touchscreen state.
Click to expand...
I know smea read the C-Pad state in his ctr HID.h, perhaps you could take a look at it...
 
The best thing right now would actually be to find out which sections of memory we are able to access :)
I mean we know we can access things around:

0x10000000-0x11500000 (or so)
0x20000000-0x28000000

But i suspect we have access to even more regions we just don't know about yet ^^
Too bad it immediately crashes once try to access non accessible memory :/
 
CalebW said:
I know smea read the C-Pad state in his ctr HID.h, perhaps you could take a look at it...
Click to expand...

Smea in his HID.c module get the HID registers addresses, maps it to 0x1000000 and then initialize the HID. With the mapped handle he does exactly the same we do with the HID phisical address to check keys pressed.

In his code the CPAD is at 0x10000034 (i.e. Mapped HID address + 0xD*4) and Touchpad is at 0x100000C8 (i.e. Mapped HID address + 0x32 *4). Interesting but not usefull as long as we can't replicate his system calls. I'm making some experiment to make it work (yes I know: smea said it won't work, and Kane said it too - I'm stubborn as a mule) but I have very few time and can't go any faster.
 
nop90 said:
Smea in his HID.c module get the HID registers addresses, maps it to 0x1000000 and then initialize the HID. With the mapped handle he does exactly the same we do with the HID phisical address to check keys pressed.

In his code the CPAD is at 0x10000034 (i.e. Mapped HID address + 0xD*4) and Touchpad is at 0x100000C8 (i.e. Mapped HID address + 0x32 *4). Interesting but not usefull as long as we can't replicate his system calls. I'm making some experiment to make it work (yes I know: smea said it won't work, and Kane said it too - I'm stubborn as a mule) but I have very few time and can't go any faster.
Click to expand...


Thats why we need to find more accessible memory regions, there have to be some hints in there somewhere :)
 
Hi. I was wondering if there's a launcher that is able to dump the whole 128MB of RAM or if it is even possible via software.
 
kyogre123 said:
Hi. I was wondering if there's a launcher that is able to dump the whole 128MB of RAM or if it is even possible via software.
Click to expand...


Nerp, not yet. It's more than possible, though.

WHY WOULD THEY RELEASE SOMETHING LIKE THAT?! IT WOULD BE THE BEGINNING OF CHEATS, AND THAT'S BAD!!
 
Huntereb said:
Nerp, not yet. It's more than possible, though.

WHY WOULD THEY RELEASE SOMETHING LIKE THAT?! IT WOULD BE THE BEGINNING OF CHEATS, AND THAT'S BAD!!
Click to expand...

Well, with emuNAND and redNAND it could be possible to find an exploit for newer firmwares. Maybe...
 
  • Like
Reactions: Huntereb
PewnyPL said:
Well, with emuNAND and redNAND it could be possible to find an exploit for newer firmwares. Maybe...
Click to expand...


True, this would be a great tool if anyone has the smarts to make one. Oh, and better yet, make a launcher that lets you replace specific lines of the RAM with your own modifications. ;)
 
bkifft said:
so you've already mapped out the good and bad memory regions? or have you found a way to catch the illegal memory access interrupt?
Click to expand...

Smealum found a way to modify other processes RAM (to modify list of channels and such), so if it's possible to write to RAM, using a similair method it should be possible to read it too. Unless the HOME screen's RAM region is not protected (which is doubtful)
 
The
bkifft said:
so you've already mapped out the good and bad memory regions? or have you found a way to catch the illegal memory access interrupt?
Click to expand...

The 128mb of fcram isn't protected at all ^^
But yeah I found out they are all bad except the few mentioned ones
 
Kane49 said:
The

The 128mb of fcram isn't protected at all ^^
Click to expand...
yeah, but i was under the impression that it wasn't addressed as a continuous block in physical address space but segmented.

if that's not the case after all: yay!


edit: i could/should have RTFM and checked the wiki *innocent whistle*
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

[WIP] SMW 3DS Port - Early Playable Demo by ZalgonEn

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Homebrew  [Progress update] LCE Minecraft 3ds

Gaming  any good rpgs on 3ds?