Hacking New userland exploit found with ORAS?

[Zan']

Everyone asking if this is a primary exploit or saying it's one....
Really guys? Please look at the Video again.
He is editing the name of HIS OWN secret base team.
Which apparently then loads a faulty string (from the manipulated name) and this leads to loading a payload for Homebrew.
In this case it acn't be a primary exploit because you have to get the name in there somehow. And since you have a cahracter limit and can't use all characters you can't simply type it their on your own.
If this could be done with a downloaded QR Code base you'd have a chance, but this will probably just crash you when trying to load the base or tell your the base is invalid.

 

[proflayton123]

Send five my way and I'll send you a POC I'm working on. ᴵ'ᵐ ᵐᵃᵏᶤᶰᵍ ᵃ ᶜᵃˢᵗˡᵉ ᵒᵘᵗ ᵒᶠ ᴼᴿᴬˢ ᶜᵃʳᵗˢˑ

I have.. 1 of each cart with lang of ENG/JPN/KOR.. including XY..

 

[Deleted member 370671]

I have.. 1 of each cart with lang of ENG/JPN/KOR.. including XY..

What's the point of having 5 of them? The Pokemon games are the only region free cartridges on the 3DS, and they are all the same, regardless of where you bought them :^)

 

[Deleted member 356526]

Everyone asking if this is a primary exploit or saying it's one....
Really guys? Please look at the Video again.
He is editing the name of HIS OWN secret base team.
Which apparently then loads a faulty string (from the manipulated name) and this leads to loading a payload for Homebrew.
In this case it acn't be a primary exploit because you have to get the name in there somehow. And since you have a cahracter limit and can't use all characters you can't simply type it their on your own.
If this could be done with a downloaded QR Code base you'd have a chance, but this will probably just crash you when trying to load the base or tell your the base is invalid.

This. You can edit the string in a hex editor from your decrypted save. This is just not possible. Handlers can see that the strlen is wrong. Good moves Zan, keep it up. Proud of you.

 

[proflayton123]

What's the point of having 5 of them? The Pokemon games are the only region free cartridges on the 3DS, and they are all the same, regardless of where you bought them :^)

That's beyond the point, just for personal collection reasons and stuff..

 

[RednaxelaNnamtra]

....and even they make mistakes from time to time!

I don't mind if you don't believe me, but how could I have made a mistake, if I got a test save to test it on my device own device?
I was able to start the homebrew launcher using the ORAS exploit, even if its not always working at the first try atm.

 

[astronautlevel]

I don't mind if you don't believe me, but how could I have made a mistake, if I got a test save to test it on my device own device?
I was able to start the homebrew launcher using the ORAS exploit, it not always works at first try atm, but it works.

Give documentation and I'll believe you.

 

[Temarile]

I don't mind if you don't believe me, but how could I have made a mistake, if I got a test save to test it on my device own device?
I was able to start the homebrew launcher using the ORAS exploit, even if its not always working at the first try atm.

Where did you get the save file?

 

[RednaxelaNnamtra]

Give documentation and I'll believe you.

Like I said, I don't mind if there are people don't believing me, only not believing me because I could make mistakes is a dumb reason, if I said I got a test save for myself to run it.

 

[a9lh-1user]

I don't mind if you don't believe me, but how could I have made a mistake, if I got a test save to test it on my device own device?
I was able to start the homebrew launcher using the ORAS exploit, it not always works at first try atm, but it works.

You missunderstood me!
I'am way of interested if it is true or not!
But i'am interested in how a thread like this always goes.........most of the time it is aBIG MESS after a couple of hours!
So even if people (users) think they know something about it ...... think twice before you write something!

So again it wasn't a shot against you

 

[proflayton123]

You missunderstood me!
I'am way of interested if it is true or not!
But i'am interested in how a thread like this always goes.........most of the time it is aBIG MESS after a couple of hours!
So even if people (users) think they know something about it ...... think twice before you write something!

So again it wasn't a shot against you

Just be patient and wait for Yoh to release something along the lines..

 

[Xenon Hacks]

Everyone asking if this is a primary exploit or saying it's one....
Really guys? Please look at the Video again.
He is editing the name of HIS OWN secret base team.
Which apparently then loads a faulty string (from the manipulated name) and this leads to loading a payload for Homebrew.
In this case it acn't be a primary exploit because you have to get the name in there somehow. And since you have a cahracter limit and can't use all characters you can't simply type it their on your own.
If this could be done with a downloaded QR Code base you'd have a chance, but this will probably just crash you when trying to load the base or tell your the base is invalid.

You can scan QR code bases :^)

 

[a9lh-1user]

Just be patient and wait for Yoh to release something along the lines..

?????????
I'am NOT intersted if that is TRUE or a LIE!

But this thread is UNREADABLE in a couple hours with 150 messages and mostly 145 are USELESS!!
Thats what happenes too often with threads like that!

So wait ...... be patient ..... and dont gouge soemone to release something!!!!!

If she/he want to release it ....... it will be released !

 

[RednaxelaNnamtra]

Where did you get the save file?

PM to test it.

You missunderstood me!
I'am way of interested if it is true or not!
But i'am interested in how a thread like this always goes.........most of the time it is aBIG MESS after a couple of hours!
So even if people (users) think they know something about it ...... think twice before you write something!

So again it wasn't a shot against you

Oh, sorry, I wasn't clear about that, but it sounded like a dumb reason to not believe something
And yes, it's always like this, that's why I tried to make clear it's true, since there is already a proof of concept video, which should in theory be enough prove for the beginning

 

[Zan']

You can scan QR code bases :^)

You can't edit the names though.
Also read my point again.

 

[The Catboy]

Ok, so I am awake now and got some NOS (energy drink) in my system. So I started watching the video on my AMAZINGly shit laptop. Still, 720p with a 15in display, so better viewing than my phone.
Still I noticed a lot of things wrong with the video now. First, at 16 to 17 seconds into the video his thumb moved from the A button, quickly over the Y button. Watch the shadow in the video really closely and you will notice it.
I also noticed that when he launched the homebrew launcher, it didn't show all of the colours that it's suppose to show, it just went straight to Homebrew launcher (noticed thanks to the help of @OctopusRift and @astronautlevel) Which is actually super important. Those colours are showing the many stages of that it takes to boot into homebrew launcher. Not to mention they are part of every single homebrew exploit.

So yeah, it doesn't look fake or edited, because it wasn't edited. But this isn't a real exploit, like what's already been suggested, it's just ORAS being launched through HANS and he set Y as the soft-reset back to homebrew launcher.

 

[Ev1l0rd]

I don't mind if you don't believe me, but how could I have made a mistake, if I got a test save to test it on my device own device?
I was able to start the homebrew launcher using the ORAS exploit, even if its not always working at the first try atm.

Mind showing us a recording of you entering the HB Launcher with the tested file? I am willing to believe you, but seeing two examples of it really working would really convince me that there are no shenanigans with HANS or the like involved.

 

[RednaxelaNnamtra]

Mind showing us a recording of you entering the HB Launcher with the tested file? I believe you, but seeing two examples of it really working would really convince me that there are no shenanigans with HANS or the like involved.

Maybe later I will make a video, but at the moment I don't have the time to do it.

 

[The Catboy]

Maybe later I will make a video, but at the moment I don't have the time to do it.

So you are lying. We've had many people like you in the past.
It would only take 5 seconds to post your save file to prove that you are telling the truth.

 

[astronautlevel]

So you are lying. We've had many people like you in the past.
It would only take 5 seconds to post your save file to prove that you are telling the truth.

He's not the creator of it and probably doesn't want to release it until the creator wants to.

That being said I think it's generally a dumb idea to announce exploits before you release them. Maybe like an hour advance at most.