Homebrew [INFO] SNShax, what it is and how it works

dark_samus3

Well-Known Member
OP
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,021
Country
United States
In the recent talk by Smea, Derrek and Plutoo we learned about a new hack called SNShax

News
User JustPingo is doing testing of this exploit, he needs N3DS users with a hardmod to help with testing, he may have already gotten his tester(s), so don't be disappointed if he already has them, that just means it should be out soon.

Tl;dr
SNS means Safe Nintendo Shell, and the hax possible with it can be used to downgrade from 9.3-10.1 down to 9.2, and it is currently only possible on a new3ds, though Smea has said it may be possible on old3ds with a workaround. It was patched in system version 10.2

Vuln
SNShax is a small oversight by Nintendo, usually the NS service (possibly meaning Nintendo Shell, though that is speculation) is in an area inaccessible to the GPU, meaning gspwn isn't useful for using it. However the new3ds safemode version of NS can be launched and, since the original NS service is still in use, it has to be allocated in an area accessible by gspwn (provided the memory is set up properly) and access can be gained, with ROP, to the services it uses (am:u and others) which, in turn, can be used to downgrade. It is not possible on the o3ds (yet) as the Safe Nintendo Shell version the o3ds uses is prevented from launching while the standard version is still running. This wouldn't be a problem if NS wasn't required to start any version of itself up.

Uses
As stated above it is possible to use this to downgrade any system title, in turn allowing full system version downgrades. This makes it possible to downgrade to any system version which we have legit CIAs for.

Q&A
Q: I have an O3DS on 10.1, should I wait for a workaround?
A: That is up to you, however memchunkhax 2 will probably be out before this and will be able to access am:u and downgrade your system

Q: I'm on a system version below 10.1, do I have to update?
A: No, this will work on system versions 9.3-10.1 (and maybe lower versions than that)

Q: I'm on system version 10.2/10.3, am I screwed?
A: No! Memchunkhax 2 works from 9.3-10.3! Just don't update beyond that or you're going to be back in the same boat
 
Last edited by dark_samus3,

dark_samus3

Well-Known Member
OP
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,021
Country
United States
But can I downgrade with memchunkhax2 ?
Better, you don't need to downgrade, CFW launching directly from 10.3 :)

--------------------- MERGED ---------------------------

But from what I know ARM11 kernel isn't enough to allow downgrading.

Where did you hear that it was patched in 10.2? I don't think that was mentioned in the stream, in fact they said "downgrading for all"
In the memchunkhax 2.0 thread it was shown that Smea said on IRC that it was patched in 10.2
 
  • Like
Reactions: The Minish LAN

dark_samus3

Well-Known Member
OP
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,021
Country
United States
Pretty sure CFW requires ARM9 kernel as well. ARM11 kernel isn't really enough to do most of the nice things.
Watch the talk, you'll see arm9 stuff was mentioned too :)

--------------------- MERGED ---------------------------

That was my post, and was actually that was in reference to snshax, I assumed I was in a different thread talking about that instead of memchunkhax. snshax has been patched, but I believe memchunkhax2 is still viable on latest firmware.
Yeah I meant the SNShax stuff was mentioned being patched in that thread :)
 

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
21,894
Trophies
3
Location
Space
XP
11,052
Country
Norway
Watch the talk, you'll see arm9 stuff was mentioned too :)

--------------------- MERGED ---------------------------


Yeah I meant the SNShax stuff was mentioned being patched in that thread :)
I know, but using a custom DS cartridge that they will never manufacture. We'd have to wait for some chinese company to figure it out and mass produce them and charge $70 a piece. It'll be the Gateway all over again.
ARM11 kernel is enough to downgrade. Uninstall the old title and install the new one.
Come to think of it, you might be right about that. I seem to recall someone saying ARM11 kernel would not be enough to gain access to am:u which we need, but since it's located within memory accessible by the ARM11 (and runs on the ARM11) it shouldn't really be an issue. I'm not knowledgeable enough to say for sure though.
 

dark_samus3

Well-Known Member
OP
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,021
Country
United States
I know, but using a custom DS cartridge that they will never manufacture. We'd have to wait for some chinese company to figure it out and mass produce them and charge $70 a piece. It'll be the Gateway all over again.

Come to think of it, you might be right about that. I seem to recall someone saying ARM11 kernel would not be enough to gain access to am:u which we need, but since it's located within memory accessible by the ARM11 (and runs on the ARM11) it shouldn't really be an issue. I'm not knowledgeable enough to say for sure though.
Actually there was more than just that, from what I gathered we can craft firm0 and 1 images that allow really really early arm9 access and possible cold booting :)

--------------------- MERGED ---------------------------

Also, arm11 has access to am:u... All arm9 does is check the signatures and the version you're installing. Which is easily bypassed by uninstalling the previous title
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    JuanBaNaNa @ JuanBaNaNa: @DinohScene asking about amongus...