1. Hikari06

    OP Hikari06 GBAtemp Advanced Fan
    Member

    Joined:
    Nov 20, 2012
    Messages:
    999
    Country:
    Ecuador
    Hello,
    I saw that, recently, tools that allow arm9 and arm11 code execution were released.
    My question might sound stupid but, since it seems pretty tough to make them work, I was wondering whether it would be possible to install the classic ROP Loader with them, and then boot any mset exploit the 'normal way'. I guess it would be easier to code this than an entirely new launcher, would'nt it ?
    Thank you :)
     
  2. minipablo

    minipablo Member
    Newcomer

    Joined:
    Aug 3, 2014
    Messages:
    41
    Country:
    This is what I have been looking for since gw 3.0 was released. It's a pity that I don't know any programming.
     
  3. mid-kid

    mid-kid GBAtemp spamBOT
    Member

    Joined:
    Aug 2, 2012
    Messages:
    879
    Country:
    Yfan_lu's ROP doesn't work on 4.5 as-is, because some addresses are wrong, I think.
    With that, reading the original ROP's source code, you could be able to figure out how it works, though I'm not sure what the "writeFirmware()" function does, nor do I know if it's even possible to port it.
     
  4. Hikari06

    OP Hikari06 GBAtemp Advanced Fan
    Member

    Joined:
    Nov 20, 2012
    Messages:
    999
    Country:
    Ecuador
    Thank you for the link. I'm going to take a look at this, although I'm probably not skilled enough to get anything out of it
     
  5. NCDyson

    NCDyson Hello Boys...
    Member

    Joined:
    Nov 9, 2009
    Messages:
    278
    Country:
    United States
    The original ROPloader was based on an exploit that's been patched out for a long time, I think the best you MIGHT(and I highly doubt that you could) be able to do is use the browser exploit to re-enable it, but you would have to re-launch the browser exploit every time the system boots or you come out of emuNAND or any other kind of launcher.dat. at that point, it's pretty much pointless. There are many people working cfw for this new exploit, so if you don't think your skills are up to the task, it's probably better to wait for them to get somewhere with it.
     
  6. Hikari06

    OP Hikari06 GBAtemp Advanced Fan
    Member

    Joined:
    Nov 20, 2012
    Messages:
    999
    Country:
    Ecuador
    Indeed.
    But actually I never intended to renable this exploit on >4.5 firmwares ( which would be as pointless as diffiult), but rather emulate the DS flash card, which basically just installs the first part of the ROP. I thought this could be achieved pretty easily by anyone with sufficient knowlegde. Indeed, if we could only have access to the DS profile data and edit it with the pre-existing data from Yfan_lu's ROP, via the web exploit, we could use all the exploits already released without any additionnal device than a sd card. That said, I'd not be able to do this
     
  7. Hikari06

    OP Hikari06 GBAtemp Advanced Fan
    Member

    Joined:
    Nov 20, 2012
    Messages:
    999
    Country:
    Ecuador
    I took a look at the ROP Loader sources and it seems very straight forward.
    That said, do you known any way to write and read the 3DS nand ?
    I mean, we'll probably be unable to use the read/write firmware functions as is, since they are supposed to be executed in DS mode. The system settings offset will have to be recalculated as well ( I think it points to the emulated DS flashsystem, doesn't it ?) but it doesn't seem unpossible.
    Any ideas ?
     
  8. mid-kid

    mid-kid GBAtemp spamBOT
    Member

    Joined:
    Aug 2, 2012
    Messages:
    879
    Country:
    If there's any way to edit the DS settings, it should be documented in 3dbrew.
    But a good start would be getting Spider3DSTools' default code.bin running on 4.5.
     
  9. Hikari06

    OP Hikari06 GBAtemp Advanced Fan
    Member

    Joined:
    Nov 20, 2012
    Messages:
    999
    Country:
    Ecuador
    Indeed.
    However, I'd like to know what's the biggest difference between arm 11 and 9 homebrews, especially because there are two launchers out there
     
  10. mid-kid

    mid-kid GBAtemp spamBOT
    Member

    Joined:
    Aug 2, 2012
    Messages:
    879
    Country:
    As far as I know (by lurking these forums), the difference lies mostly in privilege level. Here is for example a list of syscalls which can be performed in either mode. There's also other things which can be done in one mode, but not in the other. Most homebrews currently run in arm11, and so does ctrulib.
     
  11. Hikari06

    OP Hikari06 GBAtemp Advanced Fan
    Member

    Joined:
    Nov 20, 2012
    Messages:
    999
    Country:
    Ecuador
    Okay. Thanks for the clarification !
     
  12. Apache Thunder

    Apache Thunder I have cameras in your head!
    Member

    Joined:
    Oct 7, 2007
    Messages:
    4,273
    Country:
    United States
    The settings menu in the home menu is able to access and alter the DS Profile. I don't think you need to be in DS mode to write to it. ;)
     
  13. Hikari06

    OP Hikari06 GBAtemp Advanced Fan
    Member

    Joined:
    Nov 20, 2012
    Messages:
    999
    Country:
    Ecuador
    Exactly. But I've no idea how to access it from the exploit...
     
  14. AtlanticBit

    AtlanticBit Yeh, fuck this
    Member

    Joined:
    Jan 15, 2015
    Messages:
    365
    Country:
    Poland
    I have a question about this. Is the mset hax persistent through reboots?
     
  15. Hikari06

    OP Hikari06 GBAtemp Advanced Fan
    Member

    Joined:
    Nov 20, 2012
    Messages:
    999
    Country:
    Ecuador
    Theoretically it stays there as long as you do not launch any DS-mode game (including DS flashcards)
     
  16. AtlanticBit

    AtlanticBit Yeh, fuck this
    Member

    Joined:
    Jan 15, 2015
    Messages:
    365
    Country:
    Poland
    now that we have arm9 hax we just have to inject the code to the right place.
     
  17. AtlanticBit

    AtlanticBit Yeh, fuck this
    Member

    Joined:
    Jan 15, 2015
    Messages:
    365
    Country:
    Poland
    the right code ;)
     
  18. Hikari06

    OP Hikari06 GBAtemp Advanced Fan
    Member

    Joined:
    Nov 20, 2012
    Messages:
    999
    Country:
    Ecuador
    That's right ;) I wish I knew how to do this !
     
  19. AtlanticBit

    AtlanticBit Yeh, fuck this
    Member

    Joined:
    Jan 15, 2015
    Messages:
    365
    Country:
    Poland
    well, why not compile the rop installer as bin ans then use loadcode.dat but compile it for 4.5????
     
  20. Hikari06

    OP Hikari06 GBAtemp Advanced Fan
    Member

    Joined:
    Nov 20, 2012
    Messages:
    999
    Country:
    Ecuador
    Well I fear that since this ROP Loader is designed to be executed in DS mode, this is probably not going to work. What's more, it uses FS functions calls, which, from what I've understood are not available yet from the arm9 exploit. The offset are probably incorrect too.
    I could give it a try but I'm pretty sure it won't work without further adjustments.
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - possible, install, browser