Is it possible to install the ROP Loader with the browser exploit ?

Discussion in '3DS - Homebrew Development and Emulators' started by Hikari06, Jan 24, 2015.

  1. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    861
    611
    Nov 20, 2012
    France
    Hello,
    I saw that, recently, tools that allow arm9 and arm11 code execution were released.
    My question might sound stupid but, since it seems pretty tough to make them work, I was wondering whether it would be possible to install the classic ROP Loader with them, and then boot any mset exploit the 'normal way'. I guess it would be easier to code this than an entirely new launcher, would'nt it ?
    Thank you :)
     


  2. minipablo

    minipablo Member

    Newcomer
    41
    15
    Aug 3, 2014
    This is what I have been looking for since gw 3.0 was released. It's a pity that I don't know any programming.
     
  3. mid-kid

    mid-kid GBAtemp spamBOT

    Member
    879
    962
    Aug 2, 2012
    Yfan_lu's ROP doesn't work on 4.5 as-is, because some addresses are wrong, I think.
    With that, reading the original ROP's source code, you could be able to figure out how it works, though I'm not sure what the "writeFirmware()" function does, nor do I know if it's even possible to port it.
     
  4. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    861
    611
    Nov 20, 2012
    France
    Thank you for the link. I'm going to take a look at this, although I'm probably not skilled enough to get anything out of it
     
  5. NCDyson

    NCDyson Hello Boys...

    Member
    271
    113
    Nov 9, 2009
    United States
    The original ROPloader was based on an exploit that's been patched out for a long time, I think the best you MIGHT(and I highly doubt that you could) be able to do is use the browser exploit to re-enable it, but you would have to re-launch the browser exploit every time the system boots or you come out of emuNAND or any other kind of launcher.dat. at that point, it's pretty much pointless. There are many people working cfw for this new exploit, so if you don't think your skills are up to the task, it's probably better to wait for them to get somewhere with it.
     
  6. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    861
    611
    Nov 20, 2012
    France
    Indeed.
    But actually I never intended to renable this exploit on >4.5 firmwares ( which would be as pointless as diffiult), but rather emulate the DS flash card, which basically just installs the first part of the ROP. I thought this could be achieved pretty easily by anyone with sufficient knowlegde. Indeed, if we could only have access to the DS profile data and edit it with the pre-existing data from Yfan_lu's ROP, via the web exploit, we could use all the exploits already released without any additionnal device than a sd card. That said, I'd not be able to do this
     
  7. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    861
    611
    Nov 20, 2012
    France
    I took a look at the ROP Loader sources and it seems very straight forward.
    That said, do you known any way to write and read the 3DS nand ?
    I mean, we'll probably be unable to use the read/write firmware functions as is, since they are supposed to be executed in DS mode. The system settings offset will have to be recalculated as well ( I think it points to the emulated DS flashsystem, doesn't it ?) but it doesn't seem unpossible.
    Any ideas ?
     
  8. mid-kid

    mid-kid GBAtemp spamBOT

    Member
    879
    962
    Aug 2, 2012
    If there's any way to edit the DS settings, it should be documented in 3dbrew.
    But a good start would be getting Spider3DSTools' default code.bin running on 4.5.
     
  9. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    861
    611
    Nov 20, 2012
    France
    Indeed.
    However, I'd like to know what's the biggest difference between arm 11 and 9 homebrews, especially because there are two launchers out there
     
  10. mid-kid

    mid-kid GBAtemp spamBOT

    Member
    879
    962
    Aug 2, 2012
    As far as I know (by lurking these forums), the difference lies mostly in privilege level. Here is for example a list of syscalls which can be performed in either mode. There's also other things which can be done in one mode, but not in the other. Most homebrews currently run in arm11, and so does ctrulib.
     
  11. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    861
    611
    Nov 20, 2012
    France
    Okay. Thanks for the clarification !
     
  12. Apache Thunder

    Apache Thunder I have cameras in your head!

    Member
    4,101
    4,024
    Oct 7, 2007
    United States
    Levelland, Texas
    The settings menu in the home menu is able to access and alter the DS Profile. I don't think you need to be in DS mode to write to it. ;)
     
  13. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    861
    611
    Nov 20, 2012
    France
    Exactly. But I've no idea how to access it from the exploit...
     
  14. AtlanticBit

    AtlanticBit Yeh, fuck this

    Member
    365
    189
    Jan 15, 2015
    Poland
    DEEP IN SPACE
    I have a question about this. Is the mset hax persistent through reboots?
     
  15. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    861
    611
    Nov 20, 2012
    France
    Theoretically it stays there as long as you do not launch any DS-mode game (including DS flashcards)
     
  16. AtlanticBit

    AtlanticBit Yeh, fuck this

    Member
    365
    189
    Jan 15, 2015
    Poland
    DEEP IN SPACE
    now that we have arm9 hax we just have to inject the code to the right place.
     
  17. AtlanticBit

    AtlanticBit Yeh, fuck this

    Member
    365
    189
    Jan 15, 2015
    Poland
    DEEP IN SPACE
    the right code ;)
     
  18. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    861
    611
    Nov 20, 2012
    France
    That's right ;) I wish I knew how to do this !
     
  19. AtlanticBit

    AtlanticBit Yeh, fuck this

    Member
    365
    189
    Jan 15, 2015
    Poland
    DEEP IN SPACE
    well, why not compile the rop installer as bin ans then use loadcode.dat but compile it for 4.5????
     
  20. Hikari06
    OP

    Hikari06 GBAtemp Advanced Fan

    Member
    861
    611
    Nov 20, 2012
    France
    Well I fear that since this ROP Loader is designed to be executed in DS mode, this is probably not going to work. What's more, it uses FS functions calls, which, from what I've understood are not available yet from the arm9 exploit. The offset are probably incorrect too.
    I could give it a try but I'm pretty sure it won't work without further adjustments.