Hacking IOSU exploit details released for pre-5.2 systems

  • Thread starter Thread starter QuarkTheAwesome
  • Start date Start date
  • Views Views 3,467
  • Replies Replies 14
  • Likes Likes 4
Joined
Apr 19, 2015
Messages
1,024
Solutions
1
Reaction score
2,550
Trophies
2
Location
Stuck in the PowerPC
Website
heyquark.com
XP
4,015
Country
Australia
https://nwert.wordpress.com/2016/05/03/ioctlvhax/

Well, this will be interesting.

It's worth noting that this bug may still be exploitable on newer systems through the use of SysCall 0x2E, which changes the limit on the amount of vectors we can pass in. However, we need IOSU userland access to run it. And if we've already got IOSU userland access, what use is an exploit that gives us userland access? ;D
 
Last edited by QuarkTheAwesome,
The fun thing is almost every homebrew user is on 5.3.2-5.5.1. We need a way to donwgrade to 5.1.0
 
In fact. It reveals a way that could lead to exploitation even after the vector fix in 5.2.

Syscall 0x2E, eh? It's funny that Nintendo added a call so we can re-enable a bug they think they fixed.

The fun thing is almost every homebrew user is on 5.3.2-5.5.1. We need a way to donwgrade to 5.1.0

Yeah, all those people saying that there's "no reason to no update to 5.3.2" are going to be embarrassed ;3
 
  • Like
Reactions: TotalInsanity4
perhaps they added a call so that they can re-enable when doing fw updates etc then repatch. It might be important so they noobishly 'fixed' a sploit to a function they need at times.
 
  • Like
Reactions: TotalInsanity4
it would be nice if we could get the exploit stick permanent and maybe (rednand? /usbloader) ;-;

loading up the kexploit loadiine alone is so hassly, it works once out of 10 tries ( deleting cookies doesnt help ,its a matter of luck XD ) .

that aside, can the tubehax dns affect the hax somehow?
 
  • Like
Reactions: TotalInsanity4
Yeah, all those people saying that there's "no reason to no update to 5.3.2" are going to be embarrassed ;3
Yeah, you can notice the exploit without too much effort if you compare the code diff between 5.1 and 5.2+ OSv10 (some 3DS sysmodule vulns were found this way)
 
Syscall 0x2E, eh? It's funny that Nintendo added a call so we can re-enable a bug they think they fixed.



Yeah, all those people saying that there's "no reason to no update to 5.3.2" are going to be embarrassed ;3
Well I updated from 5.0.0 to 5.3.2 a few months ago.
If I can't use iosu now it's ok for me.
Loadiine and the others tools were worth it.
 
and for permanent exploit you'll need a boot-time entrypoint

No you don't, my o3DS firmware 4.1.0U is working right fine with a 10.7.0U EmuNAND. That's all you need; an exploitable firmware to gain access which you can keep perpetually, but you need to be able to run a RedNAND/EmuNAND which means you need both Kernel and IOSU exploits.
 
Last edited by SirByte, , Reason: typo
No you don't, my o3DS firmware 4.1.0U is working right fine with a 10.7.0U EmuNAND. That's all you need; an exploitable firmware to gain access which you can keep perpetually, but you need to be able to run a RedNAND/EmuNAND which means you need both Kernel and IOSU exploits.
You didn't understand what he means by permanent.
 
Worth noting that the syscall mentioned in the article is an IOSU call (set_device_state to be specific) which we can only access from the IOSU.
To sum up, this is an exploit that allows us to access IOSU userland that was patched. We can unpatch it with Syscall 0x2E but that is only accessible from IOSU userland, which we don't have, but this exploit will give us, but needs Syscall 0x2E, which needs IOSU userland, which we don't have...

At least <5.2 users can be happy.
 

Site & Scene News

Popular threads in this forum