Homebrew NDS profile ROP payload as .3ds?

  • Thread starter Thread starter Searinox
  • Start date Start date
  • Views Views 4,618
  • Replies Replies 23

Searinox

"Dances" with Dragons
Member
Joined
Dec 16, 2007
Messages
2,081
Reaction score
454
Trophies
2
Age
38
Location
Bucharest
XP
2,452
Country
Romania
DISCLAIMER: I normally would post this in the flashcart board, but since it deals more with flashcart issues than software development, and since homebrew users rely on it too to some extent, I will ask here.

I also normally wouldn't ask for this because I normally don't make requests since well, nobody has to honor them anyway.

I also normally don't have a use myself for this, but I know someone who could use it, and I imagine both people here and back on the flashcart board could have some use for it.

Now then...

I'd like to ask if anyone kindly could make a 3DS file that writes the DS mode exploit used to trigger everything from CFWs to flashcarts and whatnot.

The reason I'm asking this is for a few scenarios, where the new 4.5-9.2 exploit is launched and the person in question has either the CFW package or a Gateway/MT card but does not own an NDS flashcart. Rebooting into enhanced sysNAND mode after downgrade and then running that file would entirely remove the need for a DS card.

I realize that yes, people can either go to an exploit site or host one on a smartphone and use it everytime, but a 3DS file that writes the data to profile removes the need for both website hassle and a secondary card and I think could benefit a lot of people. The exploit source already exists so I'd imagine it's not too a hassle. Thank you.
 
But how do you run a .3ds file if you don't have a flashcard? All 3DS flashcards come with a DS-mode card anyways, so if you run the 3DS to install the file, you'll probably have a DS card to use with it.
 
You launch the web exploit and use GW's launcher.dat to downgrade, and then to boot enhanced sysnand mode. Red Card isn't needed for that. Then you simply replace the launcher with say, the CFW one, and you've set up CFW with zero flashcards.
 
DISCLAIMER: I normally would post this in the flashcart board, but since it deals more with flashcart issues than software development, and since homebrew users rely on it too to some extent, I will ask here.

I also normally wouldn't ask for this because I normally don't make requests since well, nobody has to honor them anyway.

I also normally don't have a use myself for this, but I know someone who could use it, and I imagine both people here and back on the flashcart board could have some use for it.

Now then...

I'd like to ask if anyone kindly could make a 3DS file that writes the DS mode exploit used to trigger everything from CFWs to flashcarts and whatnot.

The reason I'm asking this is for a few scenarios, where the new 4.5-9.2 exploit is launched and the person in question has either the CFW package or a Gateway/MT card but does not own an NDS flashcart. Rebooting into enhanced sysNAND mode after downgrade and then running that file would entirely remove the need for a DS card.

I realize that yes, people can either go to an exploit site or host one on a smartphone and use it everytime, but a 3DS file that writes the data to profile removes the need for both website hassle and a secondary card and I think could benefit a lot of people. The exploit source already exists so I'd imagine it's not too a hassle. Thank you.

Post sourcecodes.
 
You launch the web exploit and use GW's launcher.dat to downgrade, and then to boot enhanced sysnand mode. Red Card isn't needed for that. Then you simply replace the launcher with say, the CFW one, and you've set up CFW with zero flashcards.
I don't think that the browser exploit write to the nds profile, so, the CFW launcher would not work.
 
The browser exploit doesn't write to the DS profile. It launches the GW launcher, which can then launch ehnanced sysnand mode. From there, the Red GW could launch a 3ds file that writes the DS profile exploit. Basically a .3ds version of GW_INSTALLER.NDS.
 
I would love to see that happenning though since my Blue Card is not working on my 4.5 3DS to install DS Profile exploit, but Browser Exploit does.
 
I would love to see that happenning though since my Blue Card is not working on my 4.5 3DS to install DS Profile exploit, but Browser Exploit does.
If you have another DS mode flash cart (I use my DsTwo) you can usually install it through that, though I would try and find information on specific flashcards first.
 
If you have another DS mode flash cart (I use my DsTwo) you can usually install it through that, though I would try and find information on specific flashcards first.


The fact is that the only other one I own doesn't work, even with flashcardtimewarp xD
 
The fact is that the only other one I own doesn't work, even with flashcardtimewarp xD
Just to make sure you're doing this all right, you've got the launcher.dat on your SD card (Internal), the gateway installer on your blue card's micro sd right?
Then you're starting the blue card, running the installer (It completes?)
Then going to the settings on your 3ds and selecting "DS Profile"?

I haven't heard of that not working before.
 
Just to make sure you're doing this all right, you've got the launcher.dat on your SD card (Internal), the gateway installer on your blue card's micro sd right?
Then you're starting the blue card, running the installer (It completes?)
Then going to the settings on your 3ds and selecting "DS Profile"?

I haven't heard of that not working before.


No, the blue card just doesn't work.

On booting Deep Labyrinth:


Same with crappy R4i clone.

Oh, and I haven't mentioned that I use a downgraded console.
 
No, the blue card just doesn't work.

On booting Deep Labyrinth:


Same with crappy R4i clone.

Oh, and I haven't mentioned that I use a downgraded console.

You could try installing the cia to run all DS carts to SysNAND (BACKUP YOUR NAND)
 
Launcher.dat programs can have 100% nand access, so sure, it is possible to install the ds exploit via one of those (unless i am overlooking something) - but at the moment people have not figured how to get their own code working with GW's new web exploit. and even so, i don't think there is enough need for it for someone to go to the effort of creating it.
but sure it's a nice idea
 
You launch the web exploit and use GW's launcher.dat to downgrade, and then to boot enhanced sysnand mode. Red Card isn't needed for that. Then you simply replace the launcher with say, the CFW one, and you've set up CFW with zero flashcards.
The red card is needed to run the .3ds though. :unsure:
 
Launcher.dat programs can have 100% nand access, so sure, it is possible to install the ds exploit via one of those (unless i am overlooking something) - but at the moment people have not figured how to get their own code working with GW's new web exploit. and even so, i don't think there is enough need for it for someone to go to the effort of creating it.
but sure it's a nice idea
The Rop chain isn't on nand, but on the ds-mode nvram.
I think it's technically doable since the 4.5 exploits achieve full control over arm9 and arm11, but no code for writing to nvram has been released (I think).
 
  • Like
Reactions: cearp
at the moment people have not figured how to get their own code working with GW's new web exploit.
Yifanlu has reversed it least as far as getting usermode exec with gspwn, and has done a writeup of most of it on his blog. If ssspwn as a whole doesn't give access to cfg:nor then gspwn by itself won't, but if he continues to make progress, it might be possible.
 
  • Like
Reactions: cearp

Site & Scene News

Popular threads in this forum