Possible Exploit? Possible Goof?

Discussion in '3DS - Homebrew Development and Emulators' started by CravingCritic, May 1, 2014.

  1. CravingCritic
    OP

    CravingCritic Advanced Member

    Newcomer
    79
    30
    May 1, 2014
    United States
    So I've been playing around with my 2DS and DS-mode cart with various things, and have come across something that's either helpful to the community, or just a derp on my behalf.

    There's an ROPLoader floating around, so I decided to load it up on my flash card and run it, twas unsuccessful the first time (when pressing A to reboot), so I tried it again, this time pressing the home button to get back to the main menu. Lo and behold, when I open the DS Profile settings, my 2DS bugs out, then properly prompts me to f*ck off and restarts.

    Now, this isn't it. I've not fiddled much since this discovery, but it seems to have broken DS-mode loading period on my device, spitting out an "Error has occurred, please hold down the power button to restart" message at me whenever I try to load up my flash card again.

    Screenies below;
    Warning: Spoilers inside!
    So, what do you guys think? I don't mind if I've permanently boned this thing as it's just a testing console. So, please, keep the "This idiot semi-bricked his 2DS hurr durr" comments to yourselves.

    *EDIT*After doing a system format, my flash card and DS Profile Menu are back to normal.
     
  2. mercluke

    mercluke ‮҉

    Member
    3,163
    172
    Dec 2, 2007
    Perth
    this was already "a thing"
    you can fix ds mode by formatting the 3ds, also: once smealum's 6.3 exploit is released you should be able to use it on your 2ds

    having said that though.. is your 3ds on 7.X or 6.X because if it's on 7.X then iirc it is notable as i'm pretty sure the profile exploit was fixed in 7.X
     
  3. CravingCritic
    OP

    CravingCritic Advanced Member

    Newcomer
    79
    30
    May 1, 2014
    United States
    The profile exploit itself may have been patched, but Smea has confirmed SSSpwn working with 7.x FW. He and a few devs are just trying to find a stable entrypoint from what I understand.

    Me, being a newbie, but still an enthusiast, am just messing around with various things. It may lead to something (though chances are very slim), but I figure I'm not hurting anything, and have nothing better to do, so my 2DS is a guinea pig at the moment.
     
  4. bartimeaus91

    bartimeaus91 Stanza Blot Burls Rocks. Meaningless? Maybe not.

    Banned
    288
    123
    Apr 4, 2014
    United States
    It's 7.x he has miiverse icon on the top.

    Also, don't bank on smea releasing anything. He recently stated he's waiting/looking for 7.x entry point and by that time maybe 8.x is released and he'll probably hold off looking for a 8.x entry point etc etc etc. Basically there's no end near in sight. But then again, we'll just have to wait and see.
     
  5. mercluke

    mercluke ‮҉

    Member
    3,163
    172
    Dec 2, 2007
    Perth
    yeah, sorry about the wording. I was just referring to the entrypoint being removed..
    SSSpwn is as you say apparently not patched in 7.X but until a new entrypoint is found it will sit unusable on 7.X
    oh shit, didn't notice that :x
     
  6. st4rk

    st4rk nah

    Member
    545
    672
    Feb 11, 2014
    Brazil
    Fir

    Firmware Version ?
     
  7. CravingCritic
    OP

    CravingCritic Advanced Member

    Newcomer
    79
    30
    May 1, 2014
    United States
    My 2DS is 7.10-16U
     
    st4rk likes this.
  8. gamesquest1

    gamesquest1 Nabnut

    Member
    GBAtemp Patron
    gamesquest1 is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    14,165
    9,523
    Sep 23, 2013
    Well that's sort of interesting, wonder why it's working on 7.x here? Normally it should just wipe the settings and make you set them back up, this is what happens on 6.x where it was still unpatched by Nintendo, could it be that it still works on the 2ds or something
     
  9. CravingCritic
    OP

    CravingCritic Advanced Member

    Newcomer
    79
    30
    May 1, 2014
    United States

    Maybe it's what Smea meant when he said he's looking for a "stable" entry point, considering it took me more than one attempt to get this scenario to happen. Perhaps he's still using this method on 6.x, but the success rate on the exploit taking hold in 7.x is too low.

    I say this, because it took me another four attempts to get this to happen again after the format. So, generally speaking, it has a 33.3% chance of working, at least with my setup.
     
  10. robo989

    robo989 GBAtemp Regular

    Member
    145
    56
    Jul 13, 2010
    United States
    What exactly are you saying OP, I see nothing except a corruption of DS mode?
     
  11. CravingCritic
    OP

    CravingCritic Advanced Member

    Newcomer
    79
    30
    May 1, 2014
    United States

    I'm saying that the stack overflow still works on a 7.10u 2DS, it's just that making it follow an ROP chain afterwards is the part of the process that's being a tit.
     
  12. Jayro

    Jayro MediCat USB and Mini Windows 10 Developer

    Member
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    5,228
    2,864
    Jul 23, 2012
    United States
    Octo Canyon
    My 2DS came with 6.0U, and I only "downgraded" to 6.1U to play Pokemon Y. I'm keeping it offline, sans for Spot/Street pass. Otherwise, I'm staying on 6.1U until either Gateway and/or Smea release something new past 4.5U.
     
  13. Cjuub

    Cjuub GBAtemp Regular

    Member
    196
    142
    May 25, 2006
    If you're using fierce waffles ROP loader I believe you are just corrupting the DS mode. That ROP loader is known to screw the DS mode up by not calculating the checksums correctly always. Basically it's failing to install the exploit correctly (because of buggy code), this is done in DS mode and can always be done no matter what 3DS firmware is because the checksums are a vital part of the DS firmware.

    In 7.x the ROP chain is blocked because of additional size checking, but the DS firmware checksums are still there. And thus you can still brick it with that ROP loader.

    If you were to use another correctly implemented DS exploit installer you would probably not be able to recreate this.