How Is A Payload Injected Into A Game Without Homebrew?

Discussion in '3DS - Homebrew Development and Emulators' started by Jack_Sparrow, Dec 12, 2015.

  1. Jack_Sparrow
    OP

    Jack_Sparrow Ruthless Pirate

    Banned
    855
    477
    Nov 17, 2015
    United States
    The Black Pearl
    I'd like to know, i know that @smealum didn't have homebrew before he injected the Ninjhax payload into Cubic Ninja, so how was the payload injected without the use of homebrew?
     
  2. mikey420

    mikey420 GBAtemp Fan

    Member
    388
    111
    Dec 11, 2015
    United States
    Save game dongle from the makers of the action replay

    Or the use of the mset exploit... Or perhaps the at the time undisclosed 9.2 exploit chain... I doubt he'd of been out of that loop.
     
    Last edited by mikey420, Dec 12, 2015
  3. Jack_Sparrow
    OP

    Jack_Sparrow Ruthless Pirate

    Banned
    855
    477
    Nov 17, 2015
    United States
    The Black Pearl
    Ahhh ok,
     
  4. mikey420

    mikey420 GBAtemp Fan

    Member
    388
    111
    Dec 11, 2015
    United States
    Actually come to think of it I'm guessing he used a flaw in the qr code scan to do just that. Which is why the 3ds needs an internet connection the first time you run the exploit.
     
    Ammako likes this.
  5. Jack_Sparrow
    OP

    Jack_Sparrow Ruthless Pirate

    Banned
    855
    477
    Nov 17, 2015
    United States
    The Black Pearl
    Well unless someone was directly involved in making Ninjhax i might just have to ask the big man himself
     
  6. mikey420

    mikey420 GBAtemp Fan

    Member
    388
    111
    Dec 11, 2015
    United States
    That'd be the best way to find out but I do know that he had a range of options to inject save data for testing purposes. Though As I said it's not unlikely he did so through the QR code scan which is where his entry point was based. That QR scan is what writes the payload to the cart for us.
     
    Ammako likes this.
  7. UraKn0x

    UraKn0x Official senpai

    Member
    360
    268
    Mar 20, 2014
    France
    So, several things.
    1. Cubic ninja was not actually the first way to get homebrew. Before that, we had the MSET exploit on 4.x, and I know that Smea used that to have a CFW before it was cool. I can remember him showing off Yeti3D "working as its own channel" as Smea himself said. His CFW also made possible RAM dumps and injection as his Pokéhax proved (he had Mew, Hoopa, Volcanion and Diancie as wild encounters).
    2. He then showed off a never released hax that used the same MSET entry point which he called sssPwn. It is believed that it was used, as a part or entirely, in what will later become Ninjhax.
    3. Several months later, he announced he had a hack which could allow people to access homebrew in an easy way. We didn't know it at that time but that was Ninjhax 1.0. What's actually possible is that he used the RAM dump/injection capabilities of his CFW to find the flaw. But in the end, the only thing we need is the QR code and an Internet connexion as the QR code is not large enough to fit the entire payload.
     
    Last edited by UraKn0x, Dec 12, 2015
    Stecker8 likes this.
  8. Uziskull

    Uziskull Picture may not be real

    Member
    265
    178
    Nov 15, 2015
    Somewhere, probably
    I'm pretty sure he documented that in his devblog, you should check it out.
     
  9. Pikasack

    Pikasack What is a title

    Member
    632
    203
    Apr 27, 2015
    Canada
    Sorry, this is sort of (severely?) offtopic...

    Hey, this got me thinking.
    BattleMiner has similar file names to that of Ironfall in svdt. (Time to do some plotting...)

    Update: Annnnnnd... Nothing.
    All it did was provide some weird save file that crashed whenever you held an item. (All of which were blank and had -600 something and one that said 0, all null items.) and it did nothing even with the payload.bin attached.

    If someone can get something out of this, be my guest.
    (If this is possible, it would mean two dummy games, one for 2.5 and one for 2.1 if you are weird like that...)
     

    Attached Files:

    Last edited by Pikasack, Dec 13, 2015
  10. UraKn0x

    UraKn0x Official senpai

    Member
    360
    268
    Mar 20, 2014
    France
    Please don't tell me you just tried to inject Ironjax save files into Battle Miner. That's definitely not the right way to find an exploitable flaw.
     
    GotKrypto67, Pikasack and VegaRoXas like this.
  11. Stecker8

    Stecker8 Plug

    Member
    460
    118
    Oct 9, 2015
    Here
    Is there a form to install homemenuhax if for example you press colour yellow theme and it install install homemenuhax?
    With this we will have always a entry point also i think if it needs a kernel exploit and you need before this another exploit to install it like you install homemenuhax or ironhax