Toggle sidebar

Homebrew Is it possible to install the ROP Loader with the browser exploit ?

  • Thread starter Thread starter Hikari06
  • Start date Start date
  • Views Views 5,534
  • Replies Replies 30
Hikari06

Hikari06

Well-Known Member
Member
Level 6
Joined
Nov 20, 2012
Messages
999
Reaction score
737
Trophies
0
XP
956
Country
Ecuador
Hello,
I saw that, recently, tools that allow arm9 and arm11 code execution were released.
My question might sound stupid but, since it seems pretty tough to make them work, I was wondering whether it would be possible to install the classic ROP Loader with them, and then boot any mset exploit the 'normal way'. I guess it would be easier to code this than an entirely new launcher, would'nt it ?
Thank you :)
 
This is what I have been looking for since gw 3.0 was released. It's a pity that I don't know any programming.
 
Yfan_lu's ROP doesn't work on 4.5 as-is, because some addresses are wrong, I think.
With that, reading the original ROP's source code, you could be able to figure out how it works, though I'm not sure what the "writeFirmware()" function does, nor do I know if it's even possible to port it.
 
Thank you for the link. I'm going to take a look at this, although I'm probably not skilled enough to get anything out of it
 
The original ROPloader was based on an exploit that's been patched out for a long time, I think the best you MIGHT(and I highly doubt that you could) be able to do is use the browser exploit to re-enable it, but you would have to re-launch the browser exploit every time the system boots or you come out of emuNAND or any other kind of launcher.dat. at that point, it's pretty much pointless. There are many people working cfw for this new exploit, so if you don't think your skills are up to the task, it's probably better to wait for them to get somewhere with it.
 
Indeed.
But actually I never intended to renable this exploit on >4.5 firmwares ( which would be as pointless as diffiult), but rather emulate the DS flash card, which basically just installs the first part of the ROP. I thought this could be achieved pretty easily by anyone with sufficient knowlegde. Indeed, if we could only have access to the DS profile data and edit it with the pre-existing data from Yfan_lu's ROP, via the web exploit, we could use all the exploits already released without any additionnal device than a sd card. That said, I'd not be able to do this
 
I took a look at the ROP Loader sources and it seems very straight forward.
That said, do you known any way to write and read the 3DS nand ?
I mean, we'll probably be unable to use the read/write firmware functions as is, since they are supposed to be executed in DS mode. The system settings offset will have to be recalculated as well ( I think it points to the emulated DS flashsystem, doesn't it ?) but it doesn't seem unpossible.
Any ideas ?
 
Hikari06 said:
I took a look at the ROP Loader sources and it seems very straight forward.
That said, do you known any way to write and read the 3DS nand ?
I mean, we'll probably be unable to use the read/write firmware functions as is, since they are supposed to be executed in DS mode. The system settings offset will have to be recalculated as well ( I think it points to the emulated DS flashsystem, doesn't it ?) but it doesn't seem unpossible.
Any ideas ?
Click to expand...

If there's any way to edit the DS settings, it should be documented in 3dbrew.
But a good start would be getting Spider3DSTools' default code.bin running on 4.5.
 
mid-kid said:
If there's any way to edit the DS settings, it should be documented in 3dbrew.
But a good start would be getting Spider3DSTools' default code.bin running on 4.5.
Click to expand...

Indeed.
However, I'd like to know what's the biggest difference between arm 11 and 9 homebrews, especially because there are two launchers out there
 
Hikari06 said:
Indeed.
However, I'd like to know what's the biggest difference between arm 11 and 9 homebrews, especially because there are two launchers out there
Click to expand...

As far as I know (by lurking these forums), the difference lies mostly in privilege level. Here is for example a list of syscalls which can be performed in either mode. There's also other things which can be done in one mode, but not in the other. Most homebrews currently run in arm11, and so does ctrulib.
 
mid-kid said:
As far as I know (by lurking these forums), the difference lies mostly in privilege level. Here is for example a list of syscalls which can be performed in either mode. There's also other things which can be done in one mode, but not in the other. Most homebrews currently run in arm11, and so does ctrulib.
Click to expand...

Okay. Thanks for the clarification !
 
Hikari06 said:
I took a look at the ROP Loader sources and it seems very straight forward.
That said, do you known any way to write and read the 3DS nand ?
I mean, we'll probably be unable to use the read/write firmware functions as is, since they are supposed to be executed in DS mode. The system settings offset will have to be recalculated as well ( I think it points to the emulated DS flashsystem, doesn't it ?) but it doesn't seem unpossible.
Any ideas ?
Click to expand...

The settings menu in the home menu is able to access and alter the DS Profile. I don't think you need to be in DS mode to write to it. ;)
 
AtlanticBit said:
well, why not compile the rop installer as bin ans then use loadcode.dat but compile it for 4.5????
Click to expand...

Well I fear that since this ROP Loader is designed to be executed in DS mode, this is probably not going to work. What's more, it uses FS functions calls, which, from what I've understood are not available yet from the arm9 exploit. The offset are probably incorrect too.
I could give it a try but I'm pretty sure it won't work without further adjustments.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Help on 3DS prices...

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Hardware  2 Broken 3DSes, need help

Homebrew Homebrew app  [Release] GridLauncher Rosalina

Homebrew  My Secret World DS: is there a way to bypass the password lock?

please help, wont boot

Hardware  I Have 2 THQ Dev Kit 3DSes (Panda), Need Help On Preserving What’s Inside

Homebrew  reBadge - an open source Nintendo Badge Arcade and Theme Shop revival, done with ❤️