Homebrew Development

Discussion in '3DS - Homebrew Development and Emulators' started by aliak11, Jan 16, 2014.

  1. williamcesar2

    williamcesar2 GBAtemp Advanced Fan

    Member
    4
    Jun 21, 2013
    United States
    New York City
    Why the mystery ? show him the way
     
  2. seagal112

    seagal112 Advanced Member

    Newcomer
    3
    Apr 22, 2014
    sorry, I have no idea :wacko:
     
  3. Kane49

    Kane49 GBAtemp Fan

    Member
    3
    Nov 4, 2013
    Gambia, The

    Yeah thats a problem, the best way is to load a binary into memory during the rop chain and simply run that.
    I have an example in the archive i posted, that includes a whole mini filesystem but changing that should be easy :)
     
  4. st4rk

    st4rk nah

    Member
    6
    Feb 11, 2014
    Brazil
    Celice, dubbz82, nop90 and 1 other person like this.
  5. st4rk

    st4rk nah

    Member
    6
    Feb 11, 2014
    Brazil
    @seagal112 Good Work, i compile your emulator with Pokémon Red, and *TAN DAN*

    [​IMG]
    Yeap, working fine(an bit of delay, but work) :]
     
    Celice and emo kid 68 like this.
  6. Kane49

    Kane49 GBAtemp Fan

    Member
    3
    Nov 4, 2013
    Gambia, The

    Mystery ? i called the friggin function sudo, everyone and their mother should know what it does.
     
    mercluke likes this.
  7. st4rk

    st4rk nah

    Member
    6
    Feb 11, 2014
    Brazil
    Sudo like Linux ?
     
  8. Bug_Checker_

    Bug_Checker_ GBAtemp Advanced Fan

    Member
    5
    Jun 10, 2006
    United States
    Warning: Spoilers inside!
    I would like to say publicly that Kane49 was the source of the code but since I wasn't sure if he was the original author and didn't know if he would want the attribution(or perhaps unwanted attention) and I didn't credit him like I should have.

    btw Kane49 did you ever have a chance to examine the code tied to SVC 0x7A ?
    DisableExecuteNever(unsigned int Addr, unsigned int Size) (Stubbed for regular kernel beginning with 2.0.0-2)
    It looks like it might be interesting but I don't know - never seen it.
     
  9. TheCruel

    TheCruel Developer

    Banned
    12
    Dec 6, 2013
    United States
    No actually, everyone is left guessing. Does the 3DS has a superuser and and an environment with user privileges? Is there a subset of sys calls that require elevated privileges? The function name only vaguely alludes to something, doesn't actually explain anything.
     
  10. Bond697

    Bond697 Dies, died, will die.

    Member
    4
    Jun 7, 2009
    United States
    CT

    supervisor call 0x7A does nothing but return a fatal error, not implemented, not supported result code.
     
  11. Gadorach

    Gadorach Electronics Engineering Technologist

    Member
    6
    Jan 22, 2014
    Canada
    Canada
    Could one not extract the original code, pre-stub, and replace the stub in a new firmware loaded through NAND redirection to test this function's actual intended result?
     
  12. Bug_Checker_

    Bug_Checker_ GBAtemp Advanced Fan

    Member
    5
    Jun 10, 2006
    United States

    Yes, I understand it doesn't work now( since 2.0.0-2+ ) but similar to what Gadorach said.
    But not even re-implementing the SVC 0x7A but analyzing what the original code looked like in 1.0.0-0 and 1.1.0-1 that was called by 0x7A .

    And out of curiosity, has anyone tried NAND redirection to an older firmware? And does it work?
     
  13. jocopoco

    jocopoco Advanced Member

    Newcomer
    1
    Feb 13, 2014
    maybe it is like longjmp of C library.
     
  14. Kane49

    Kane49 GBAtemp Fan

    Member
    3
    Nov 4, 2013
    Gambia, The

    Did you really get that from my source ? because its not 0x7A but 0x7B




    If you dont know the question its unlikely the answer will help you
     
  15. Snailface

    Snailface My frothing demand for 3ds homebrew is increasing

    Member
    10
    Sep 20, 2010
    Engine Room with Cyan, watching him learn.
    If anybody is tired of having to switch between the gateway profile installer and the homebrew profile installer to run hombrew, then you can use this little tool I made to convert it to a gateway compatible Launcher.dat.

    http://filetrip.net/3ds-downloads/utilities/download-hbconverter-1-0-f32815.html

    Just put the Launcher.dat in the same directory and run the exe and enter e for encrypt - That's all, you will then have a GW compatible hb file. The only small issue is that the rare hb's less than 0x9000 (about 36Kb) need to have file sizes in multiples of 16 bytes in order for the AES library to convert them. But its a simple thing to fix with a hex editor and a little padding.
     
  16. Roxas75

    Roxas75 GBAtemp Advanced Fan

    Member
    8
    Oct 9, 2010
    Italy
    Really amazing! Will you share the source code?

    Btw, has anyone of you guys tryed to play with the CSND register, in order to have sounds in these homebrews?
     
  17. TheCruel

    TheCruel Developer

    Banned
    12
    Dec 6, 2013
    United States
    Wow, so deep and esoteric. Yeah, definitely no mystery here...
     
  18. Slashmolder

    Slashmolder Advanced Member

    Newcomer
    2
    Jul 5, 2008
    United States
    Though it works loading a binary into FCRAM and running it with the ARM9 processor is incredibly slow. I have a feeling the instruction cache wasn't designed to work when loading from FCRAM.
    For now just using the internal fopen/fread I'm loading a larger ARM9 payload. 8090000-080FF000 should be a pretty safe region to use for what I'm doing.


    SVC 0x7A was stubed starting with 2.0.0-2. Since this is a 4.X exploit we don't easily have dumps for older firmware data. It's possible to get them but there's not too much motivation to look at older code.

    Firmware redirection to older firmwares should be possible but the hard part would be getting the old firmware in the first place setup correctly. I'm not sure why you'd want that though.
     
    st4rk likes this.
  19. williamcesar2

    williamcesar2 GBAtemp Advanced Fan

    Member
    4
    Jun 21, 2013
    United States
    New York City

    experience !!!
     
  20. seagal112
    This message by seagal112 has been removed from public view by Cyan, Aug 26, 2014, Reason: Emulator sources contains ROMs data.
    May 2, 2014
  21. Roxas75
    This message by Roxas75 has been removed from public view by Cyan, Aug 26, 2014, Reason: quoting deleted post.
    May 2, 2014
  22. st4rk

    st4rk nah

    Member
    6
    Feb 11, 2014
    Brazil
    Here my version of port from GameBoy Emulator(thank a lot seagal112).

    This version have Pokémon Red in Launcher.dat, frameskip(L1 up/R1 down).

    I call my version of 3DGB(funny name no ?), and a video with pokémon red working fine:





    Thanks Seagal112 :]
     
Loading...