My Understanding of Ninjhax (Thus Far)

Discussion in '3DS - Homebrew Development and Emulators' started by Relys, Nov 22, 2014.

  1. Relys
    OP

    Relys Master of Computer Science

    Member
    863
    789
    Jan 5, 2007
    United States


     
    Cyjizzle, Margen67, ernilos and 2 others like this.
  2. piratesephiroth

    piratesephiroth I wish I could read

    Member
    3,017
    1,622
    Sep 5, 2013
    Brazil
    So it gets kernel access through userland... could this be related to what Gateway is cooking?
     
    Margen67 likes this.
  3. Ryanrocks462

    Ryanrocks462 Wii U/3DS Hacker.. Will test anything, A Pirate

    Banned
    566
    221
    Jun 18, 2014
    United States
    California
    It obtains the kernel privilege in the course of installing hb:HB.
     
    Margen67 likes this.
  4. WaryLouka

    WaryLouka Official Representative of the SuperCard Team

    Banned
    216
    91
    Jun 22, 2013
    United States
    NO RECORDS
    The exploit and Homebrew Channel are not installed on the system. It is installed in the writable portion of the game card. No kernel access is ever used. End of story.
     
  5. piratesephiroth

    piratesephiroth I wish I could read

    Member
    3,017
    1,622
    Sep 5, 2013
    Brazil
    interesting
     
  6. ken28

    ken28 GBAtemp Advanced Fan

    Member
    737
    192
    Oct 21, 2010
    Germany
    this could be intentionally though to let it look like less then it is, just saying.
     
  7. WaryLouka

    WaryLouka Official Representative of the SuperCard Team

    Banned
    216
    91
    Jun 22, 2013
    United States
    NO RECORDS

    Sure, Smealum had to go to the long process of intentionally rewiring a game (and thus removing portions of it) to execute a file off the sd card while he could just install directly the channel on the system menu.
    Good job at creating a verifiable and believable theory!
     
    SuzieJoeBob and gamefan5 like this.
  8. endoverend

    endoverend AKA zooksman

    Member
    GBAtemp Patron
    endoverend is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    2,847
    3,560
    Jun 6, 2013
    United States
    It's all a government conspiracy. Smaelum confirmed Illuminati.
     
  9. Ryanrocks462

    Ryanrocks462 Wii U/3DS Hacker.. Will test anything, A Pirate

    Banned
    566
    221
    Jun 18, 2014
    United States
    California
    i new it xD
     
  10. Lordjontan

    Lordjontan GBAtemp Regular

    Member
    230
    58
    Jun 16, 2013
    Colombia
    clearly Smealum is being threatened by the Chinese mafia
     
  11. Relys
    OP

    Relys Master of Computer Science

    Member
    863
    789
    Jan 5, 2007
    United States
    Nothing is installed on the system NAND. I never stated that and it would obviously brick the system during boot due to signature verification. However, it does appear to overwrite kernelspace to add a new service. I believe it inherits the access permission level of whatever system title they exploit during their privileged escalation phase. This is how they bypass DEP:

    https://github.com/smealum/3ds_hb_menu/blob/master/source/hb.c
     
    Margen67, Ryanrocks462 and ken28 like this.
  12. WaryLouka

    WaryLouka Official Representative of the SuperCard Team

    Banned
    216
    91
    Jun 22, 2013
    United States
    NO RECORDS

    It's just that some people mistaken your post for saying the exploit clearly has kernel mode access.
     
  13. Plasmastar510

    Plasmastar510 GBAtemp Regular

    Member
    103
    28
    Dec 10, 2013
    United States
    The EXPLOIT is installed on the game card, which proceeds to load boot.3dsx (Which is the HomeBrew Menu)

    But I could be wrong.
     
  14. Huntereb

    Huntereb GBAtemp Addict

    Member
    2,748
    949
    Sep 1, 2013
    United States

    Spot-on description! [​IMG]
     
    Warft likes this.
  15. CalebW

    CalebW Fellow Temper

    Member
    637
    154
    Jun 29, 2012
    United States
    I believe it is installed to the save file on the gamecard.
     
  16. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy

    Member
    1,966
    3,249
    Nov 18, 2012
    United States
    Las Vegas
    I'm willing to bet the service they used was the Web Browser, considering that the WiFi had to be on and some people have reported it popping up instead of the launcher. And for some reason all the usage is reported to that service as well.

    EDIT: Or it downloads that .bin from the internet. Some stuff is definitely going on with that web browser though.
     
  17. dronesplitter

    dronesplitter GBAtemp Advanced Fan

    Member
    595
    193
    Sep 30, 2007
    United States
    shinyquagsire23, do you mean time spent in the homebrew loader accumulates for the internet browser in activity log and not for cubic ninja?
     
  18. Qtis

    Qtis Grey Knight Inquisitor

    Member
    3,797
    1,297
    Feb 28, 2010
    The Forge
    It accumulates as Cubic Ninja. Smea mentioned this a while ago (am on mobile so can't access the tweet/post on smea's site)
     
    dronesplitter likes this.
  19. Duo8

    Duo8 I don't like video games

    Member
    3,444
    1,144
    Jul 16, 2013
    Wait it downloads a file with a ROP chain?
     
  20. ChrisX930

    ChrisX930 Banned

    Banned
    788
    317
    Sep 3, 2013
    Gambia, The
    Germany
    Yes, it downloads a bin-file from smealums server