How to identify an exploitable crash?

Discussion in '3DS - Homebrew Development and Emulators' started by Khangaroo, Apr 20, 2016.

  1. Khangaroo
    OP

    Khangaroo $ORIGINALTITLE

    Member
    432
    191
    Feb 27, 2016
    United States
    192.168.1.3 (don't ddos me!)
    I want to do some exploit testing, but I have no idea how to tell an exploitable crash or a non-exploitable crash. I do have the developer ErrDisp (thanks to aureinand)
     
  2. TheKawaiiDesu

    TheKawaiiDesu Ball of Kawaiiness

    Member
    1,432
    1,506
    Aug 23, 2015
    Korea, North
    Lowee
    1) Enable NTRDebugger
    2) Use the "list kernel exploits" command
    3) ?????
    4) Profit
     
    Quantumcat and Scarlet like this.
  3. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    12,508
    5,465
    Mar 17, 2010
    Norway
    Alola
    To know whether a crash is exploitable you would have to first look at what the crash is actually causing the system to do, for example jumping to a random section of memory and executing whatever is there. Then you would have to look at whether the crash is controllable, so in this example that would mean whether you can control where it jumps or control what's in memory at that location.
    There are many different causes for crashes and not all of them can be exploitable, even the ones that have potential to be exploitable can only be exploited if the crash is controllable. Most crashes won't be useful, so it takes a lot of searching and trial and error to find one that is.
    However, if you want to get into 3DS hacking you should probably start by learning ARM assembly. You really do need to know assembly to figure out what the crash is doing and how to exploit it.

    I'm no expert and there's a lot more to it than that, but those are the basics.
     
    Last edited by The Real Jdbye, Apr 20, 2016