Homebrew Homebrew Development

Kane49

Well-Known Member
Member
Joined
Nov 4, 2013
Messages
446
Trophies
0
Age
34
XP
343
Country
Gambia, The
That's why I put 'off' in quotes, since I know it's not physically off (and is probably handling some minor OS stuff like StreetPass). The word I was looking for was idle.


There are still multiple arm11 processes at work doing stuff
 

st4rk

nah
Member
Joined
Feb 11, 2014
Messages
542
Trophies
0
Website
st4rk.net
XP
795
Country
Brazil
Thank you kalimero, i'm thinking an a theory to it, i will study more of documentation of 3DS and ARM9/11..

Maybe if i can create a new process on ARM11 and jump the register to exception vectors and write my code here, it's work(or no haha).

Thanks for all.

Regars, St4rk.
 

gamesquest1

Nabnut
Global Moderator
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,226
i think they are getting at, that you can hijack the existing exception process and build from there......ps i know nothing about coding so that could be complete crap but thats what im getting from it :rofl2:

feel free to poke fun but how I'm imagining it works is the Rop chain loads the ARM9 payload, then the ARM9 payload writes the ARM11 code to an address it knows the 3DS will jump to in ARM11 mode i.e 0x1FFF4000

which i am imagining is the code for when the 3ds crashes and asks you to reset....but it would load your ARM11 code instead
 

st4rk

nah
Member
Joined
Feb 11, 2014
Messages
542
Trophies
0
Website
st4rk.net
XP
795
Country
Brazil

Gericom

Well-Known Member
Member
Joined
Jun 30, 2011
Messages
1,359
Trophies
0
Age
23
XP
3,873
Country
Netherlands
Maybe there is an ARM11 interrupt that is frequently called (or maybe you can activate one) and change the address it jumps to. Then when in arm11 mode you'll have to disable the interrupt or change it to an empty function.
 

Kane49

Well-Known Member
Member
Joined
Nov 4, 2013
Messages
446
Trophies
0
Age
34
XP
343
Country
Gambia, The
Maybe there is an ARM11 interrupt that is frequently called (or maybe you can activate one) and change the address it jumps to. Then when in arm11 mode you'll have to disable the interrupt or change it to an empty function.

There is only one arm9 irq handler and yes you can redirect that one however you want, you can even do whatever you want and keep it running normally, it has been said multiple times in this thread already.

But what to do with arm11? does anyone have a plan just what the next step is?
Any next step whatever it may be depends on reverse engineering deep inside nintendos code, the material has been available for a long time and everyone that is capable of doing that has either already figured it out and isn't sharing (which is fine btw) or has no interest in 3ds hacking.

Or am i wrong and someone here with considerable arm reverse engineering skills is deterred by the lack of arm11 code exec :) ?
 

ernilos

Well-Known Member
Member
Joined
Aug 28, 2013
Messages
145
Trophies
0
Location
CAT
XP
260
Country
United States
Some new HB~
I just finished coding a little BMP Loader, it loads "image.bmp" from root SD and draw it to screens, that's more prof of concept than a real homebrew, but's nice i think.
In 3DS
dLOyd.jpg

How looks like in PC
gnrbd.png
But I'm using a own BMP format, so I created a simply program to convert files (It's called Convert3MP), just click 2 buttons and the new "image.bmp" gonna be created in program folder, the download links:
PD: Really thank's to Roxas75 for the way to load files to memory ^-^
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Skelletonike @ Skelletonike: i'll stick to jerry's durability test https://www.youtube.com/watch?v=66xbBtnxb5k