Separate names with a comma.
Discussion in '3DS - Homebrew Development and Emulators' started by Relys, Nov 22, 2014.
So it gets kernel access through userland... could this be related to what Gateway is cooking?
It obtains the kernel privilege in the course of installing hb:HB.
The exploit and Homebrew Channel are not installed on the system. It is installed in the writable portion of the game card. No kernel access is ever used. End of story.
this could be intentionally though to let it look like less then it is, just saying.
Sure, Smealum had to go to the long process of intentionally rewiring a game (and thus removing portions of it) to execute a file off the sd card while he could just install directly the channel on the system menu.
Good job at creating a verifiable and believable theory!
It's all a government conspiracy. Smaelum confirmed Illuminati.
i new it xD
clearly Smealum is being threatened by the Chinese mafia
Nothing is installed on the system NAND. I never stated that and it would obviously brick the system during boot due to signature verification. However, it does appear to overwrite kernelspace to add a new service. I believe it inherits the access permission level of whatever system title they exploit during their privileged escalation phase. This is how they bypass DEP:
It's just that some people mistaken your post for saying the exploit clearly has kernel mode access.
The EXPLOIT is installed on the game card, which proceeds to load boot.3dsx (Which is the HomeBrew Menu)
But I could be wrong.
I believe it is installed to the save file on the gamecard.
I'm willing to bet the service they used was the Web Browser, considering that the WiFi had to be on and some people have reported it popping up instead of the launcher. And for some reason all the usage is reported to that service as well.
EDIT: Or it downloads that .bin from the internet. Some stuff is definitely going on with that web browser though.
shinyquagsire23, do you mean time spent in the homebrew loader accumulates for the internet browser in activity log and not for cubic ninja?
It accumulates as Cubic Ninja. Smea mentioned this a while ago (am on mobile so can't access the tweet/post on smea's site)
Wait it downloads a file with a ROP chain?
Yes, it downloads a bin-file from smealums server