Homebrew Ninjahax CIA Installer POSSIBILITY?

NCDyson

Hello Boys...
Member
Joined
Nov 9, 2009
Messages
278
Trophies
0
XP
308
Country
United States
MrCheeze, Smea and I were talking about using webkit hax to gain control of the Mii Plaza through spider, so I wonder if we could use the same method to gain control of the Download Play to inject a cia into it. As far as I know, Download Play has kernel access, so we would be able to make our apps more powerful. MAYBE even then, we could make a .cia that has another .cia in it that could attempt to install.

I don't see why download play would have kernel access.
As per 3dbrew, and my own foray into poking at dlp:
Dlp files are stored in cfa files, which dont contain code, just a romFS. Inside that romfs is a .cia, which is the Download Play version of the game. You can install that .cia with DevMenu, or Big Blue Menu, just fine, but it won't show up anywhere that you can launch it. the Download Play app won't show it, and DevMenu only appears to show Application type titles, not Child Types in the list. I don't have Big Blue Menu to test with, if it's even different that devMenu.

At the very least, Download Play has access to the am:u and/or am:net, which allows it to install the .cia files, which from my understanding of the process, isn't the same as kernel access at all. From what I saw of DevMenu's code, it looked like it basically just calls "StartCiaInstall", writes the .cia's data to to returned file handle, then calls "InstallTitlesFinish" which actually does the heavy lifting for installing it. There's a lot more to it, and I could be wrong, but from what I've read off 3dbrew, and what I managed to glean from devmenu's code, that's the gist of it.

Even if you could get a custom cia through, it wouldn't install on the target 3ds unless the sig checks were already patched, at which point you probably wouldn't need to be messing with DLP to begin with.
 
  • Like
Reactions: cearp

Slushie3DS

Cold Beverage Lover
Member
Joined
Jan 9, 2015
Messages
707
Trophies
0
Age
28
XP
410
Country
United States
I don't see why download play would have kernel access.
As per 3dbrew, and my own foray into poking at dlp:
Dlp files are stored in cfa files, which dont contain code, just a romFS. Inside that romfs is a .cia, which is the Download Play version of the game. You can install that .cia with DevMenu, or Big Blue Menu, just fine, but it won't show up anywhere that you can launch it. the Download Play app won't show it, and DevMenu only appears to show Application type titles, not Child Types in the list. I don't have Big Blue Menu to test with, if it's even different that devMenu.

At the very least, Download Play has access to the am:u and/or am:net, which allows it to install the .cia files, which from my understanding of the process, isn't the same as kernel access at all. From what I saw of DevMenu's code, it looked like it basically just calls "StartCiaInstall", writes the .cia's data to to returned file handle, then calls "InstallTitlesFinish" which actually does the heavy lifting for installing it. There's a lot more to it, and I could be wrong, but from what I've read off 3dbrew, and what I managed to glean from devmenu's code, that's the gist of it.

Even if you could get a custom cia through, it wouldn't install on the target 3ds unless the sig checks were already patched, at which point you probably wouldn't need to be messing with DLP to begin with.

Well, it was worth a shot.
 

Idaho

Well-Known Member
Member
Joined
Oct 3, 2013
Messages
874
Trophies
0
Age
28
XP
1,299
Country
France
By editing extdata. If a ROM loader were possible, it would've happened by now.

Not really, see the Gateway team managed to create a ROM loader with a similar exploit, which make the possibility of a rom loader or .cia installer possible for everyone without using a flashcard, did it happen? I don't think so...
 
  • Like
Reactions: Slushie3DS

Slushie3DS

Cold Beverage Lover
Member
Joined
Jan 9, 2015
Messages
707
Trophies
0
Age
28
XP
410
Country
United States
Not really, see the Gateway team managed to create a ROM loader with a similar exploit, which make the possibility of a rom loader or .cia installer possible for everyone without using a flashcard, did it happen? I don't think so...

I never did think of that. Smea said they are using the same exploit system, just not all the stages. If they are able to do it, we should be able to, as well.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Skelletonike @ Skelletonike: No idea what that is tbh, is that like the iso or something?