Toggle sidebar

Homebrew Homebrew Development

  • Thread starter Thread starter aliak11
  • Start date Start date
  • Views Views 1,475,379
  • Replies Replies 6,048
  • Likes Likes 54
Teoretically, to lauch ARM11 code using the DS profile hack, you have to start with ARM9 code, copy ARM11 code in a proper memory location, then start a new process running on ARM11 at the entry point of new code.

ARM9 can do this, what I don't know is how to do it (some ideas, but a lot more to study), and if the process whe are using has rights to do it. If not you need a second exploit.

Look simple, but it's not. If you have time to spend, why don't you help us to understand how to access GPU? A little step for coders, but a big step for 3DS Homebrew!!!
 
nop90 said:
Teoretically, to lauch ARM11 code using the DS profile hack, you have to start with ARM9 code, copy ARM11 code in a proper memory location, then start a new process running on ARM11 at the entry point of new code.

ARM9 can do this, what I don't know is how to do it (some ideas, but a lot more to study), and if the process whe are using has rights to do it. If not you need a second exploit.

Look simple, but it's not. If you have time to spend, why don't you help us to understand how to access GPU? A little step for coders, but a big step for 3DS Homebrew!!!
Click to expand...
I'm guessing we'd have to memcpy over a return address to get ARM 11 to jump to the code we copied via ARM 9 but I'd have to dissemble RAM dumps first to see where to do it.
 
nop90 said:
Teoretically, to lauch ARM11 code using the DS profile hack, you have to start with ARM9 code, copy ARM11 code in a proper memory location, then start a new process running on ARM11 at the entry point of new code.

ARM9 can do this, what I don't know is how to do it (some ideas, but a lot more to study), and if the process whe are using has rights to do it. If not you need a second exploit.

Look simple, but it's not. If you have time to spend, why don't you help us to understand how to access GPU? A little step for coders, but a big step for 3DS Homebrew!!!
Click to expand...

Well.. we have the C Inline ASM, if you use the Jump instruction to a region of memory and write a code assembly(to copy the ARM11 code), maybe that's work.

Anyone know where the Gateway inject the ARM11 code ?
 
st4rk said:
Anyone know where the Gateway inject the ARM11 code ?
Click to expand...
Some people here have taken the time to look through the obfuscated ROP chains of the Gateway launcher. But they're generally more concerned about elitism than progress in the homebrew community.

If you want, you probably have to go get a decrypted Gateway 1.0 launcher (the least obfuscated) and examine it, along with a RAM dump for reference, to see what's going on. A pain in the ass.
 
A pain in the ass.
Click to expand...
this define haha.

Maybe the best way to progress in homebrew community is study the gateway launcher(to find the way to inject ARM11 code).


Or, wait for one day Smealum release this(IF HIM RELEASE).

~~
ctrllib is very interesting, many system calls from 3DS are written :]
https://github.com/smealum/ctrulib/blob/master/libctru/include/ctr/svc.hhttps://github.com/smealum/ctrulib/blob/master/libctru/source/svc.s

@nop90

Hey dude, with ARM9 is impossible use OpenGL from GPU ?
 
So I know you guys learn most of the things you know on-the-fly, but do you know of any resources for someone who has only basic C knowledge to learn more? At this point I just know basic console stuff not far past hello world, but I'd like to write homebrew games once the 3ds has a better library. (And hopefully ARM11)
 
Abcdfv said:
So I know you guys learn most of the things you know on-the-fly, but do you know of any resources for someone who has only basic C knowledge to learn more? At this point I just know basic console stuff not far past hello world, but I'd like to write homebrew games once the 3ds has a better library. (And hopefully ARM11)
Click to expand...
I wrote Breakout after just about a week of studying C... I'm just learning a lot by just looking at the source and trying to decipher what it means (especially the inline ASM commands).
 
Gateway uses 0x1FFF4000 which is part of the exception vectors.
Click to expand...



That's great, but have a problem.. i don't know how work the ARM architecture(i need study more of it), but to acess the ARM11, we need write the code in exception vectors and if the ARM11 read this code, this will change the "Instruction Register"(i don't know if in ARM architecture the next adress of memory for execute is save in register), then, put the address in Instruction Register and the next instruction to execute is our code.

Maybe that text have a lot of erro in english, sorry my bad english :/
 
Okay, i'm thinking on a way to acess the ARM11, here is my theory:


Write and compile the launcher.dat with an C Inline ASM, example:

Code: 
        asm("b 0x1FFF4000;"
        "mov r0, #0x080C3EE0;");

but it is a shot in the wild, i don't know if the ARM11 will read this code or no :s
 
st4rk said:
Okay, i'm thinking on a way to acess the ARM11, here is my theory:


Write and compile the launcher.dat with an C Inline ASM, example:

Code: 
        asm("b 0x1FFF4000;"
        "mov r0, #0x080C3EE0;");

but it is a shot in the wild, i don't know if the ARM11 will read this code or no :s
Click to expand...


The arm11 won't just magically execute our code ^^
 
st4rk said:
But if the ARM11 read this region of memory is probably will read that code, no ?
Click to expand...

I don't really know ARM architecture, but from what I understood from what everyone said so far, the ROPLoader exploit leaves 3DS in ARM9 only mode, kinda like if ARM11 was pretty much 'off' and ignoring everything.
 
  • Like
Reactions: st4rk
PewnyPL said:
I don't really know ARM architecture, but from what I understood from what everyone said so far, the ROPLoader exploit leaves 3DS in ARM9 only mode, kinda like if ARM11 was pretty much 'off' and ignoring everything.
Click to expand...


this change everything of i'm thinking, now i don't have any idea to work on the ARM11 :/
 
PewnyPL said:
I don't really know ARM architecture, but from what I understood from what everyone said so far, the ROPLoader exploit leaves 3DS in ARM9 only mode, kinda like if ARM11 was pretty much 'off' and ignoring everything.
Click to expand...


Arm11 is still pretty much on, anyway arm11 code exec is not the magic promised land ^^
 
Kane49 said:
Arm11 is still pretty much on, anyway arm11 code exec is not the magic promised land ^^
Click to expand...

That's why I put 'off' in quotes, since I know it's not physically off (and is probably handling some minor OS stuff like StreetPass). The word I was looking for was idle.
 
  • Like
Reactions: st4rk

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

[WIP] SMW 3DS Port - Early Playable Demo by ZalgonEn

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Homebrew  [Progress update] LCE Minecraft 3ds

Gaming  any good rpgs on 3ds?