Toggle sidebar

Homebrew Question on executing CTR commands using web exploit

  • Thread starter Thread starter TheHomesk1llet
  • Start date Start date
  • Views Views 7,657
  • Replies Replies 49
  • Likes Likes 2
TheHomesk1llet said:
Point your nipples elsewhere, please. For your information, I have actually created a successful build of a launcher with custom homebrew. It doesn't do much, of course...but it's working.
Click to expand...
Id like to test it then send it my way and thanks!


Sorry about that my computer is lagging so bad that it posted this a few times
 
TheHomesk1llet said:
Point your nipples elsewhere, please. For your information, I have actually created a successful build of a launcher with custom homebrew. It doesn't do much, of course...but it's working.
Click to expand...
Id like to test it then send it my way and thanks!


Same as the other computer lagging out.
 
TheHomesk1llet said:
I'm taking a look at all of the ROP gadgets available right now, but I'd appreciate it if people could let me know if they've found any information on executing code (that can run ROMS and DATs) from the SD card.
Click to expand...
If by roms you mean 3DS packaged files (like the usual roms) then you need access to something like ns and redirect it to sd.
Dat files are usually just binary to load to ram.
 
  • Like
Reactions: johnbus
TL;DR
The GW spider exploit runs in the browser. so it has its permisions. The nect stage loaded from the webdite uses the gpu to corrupt ARM11 kernel to execute ASM in in privlaged ARM11. Then stage 3 breaks into ARM9 kernel land.

From there they do pirate stuff, killing sig checks adding the menu, etc.

You have access to the System calls until ARM9.

If you need more info ask.

(Crappy phone res, can not see what I typed)
 
gudenaurock said:
TL;DR
The GW spider exploit runs in the browser. so it has its permisions. The nect stage loaded from the webdite uses the gpu to corrupt ARM11 kernel to execute ASM in in privlaged ARM11. Then stage 3 breaks into ARM9 kernel land.

From there they do pirate stuff, killing sig checks adding the menu, etc.

You have access to the System calls until ARM9.

If you need more info ask.

(Crappy phone res, can not see what I typed)
Click to expand...

Ok this may seem like a dumb question but I am really curious: is the red card basically just a drm card I mean does the card it's self have anything to do with the hack?
 
gudenaurock said:
TL;DR
The GW spider exploit runs in the browser. so it has its permisions. The nect stage loaded from the webdite uses the gpu to corrupt ARM11 kernel to execute ASM in in privlaged ARM11. Then stage 3 breaks into ARM9 kernel land.

From there they do pirate stuff, killing sig checks adding the menu, etc.

You have access to the System calls until ARM9.

If you need more info ask.

(Crappy phone res, can not see what I typed)
Click to expand...
This helps so much, thank you.

Also, if I don't post on here for a little while, it doesn't mean I've abandoned everything. I'm not always on GBAtemp, and usually I'm working on this homebrew. Give me some space sometimes.
 
Crasez58 said:
Quoted! So perhapse their launcher.dat could be modified to "fool" it into thinking that the red card is inserted?
Click to expand...

I think the current intentions are to remake the launcher.dat so it never needed the cart to begin with. It might actually be easier that way since there won't be as much (if any) Gateway DRM in the new launcher.
 
  • Like
Reactions: Crasez58
johnbus said:
williamcesar2 said:
are you a troll ?
Click to expand...
I really don't get this. A troll is someone who tries to annoy/offend people. This is a topic asking about the limitations about known exploits used to make 3DS homebrew on a board called 3DS Homebrew Development and Emulators.

How is it annoying or offending you, or anyone else for that matter..?
Click to expand...
He's being ironic because williamcesar2 is one of the biggest piece of shit trolls on GBAtemp, and json is too
json said:
Not another one. OP guy is a troll, does not know anything about programming or 3ds, and is not going to do anything useful ever.

Just close the thread
Click to expand...
I hope you both got warnings for the part you each played in turning OP's previous thread into a shit storm.

Actually really disappointed that you both weren't banned, you're each repeat offenders.
 
  • Like
Reactions: Kafke
I'm pretty sure the OP being a troll thing was just speculation started by someone and just got snowballed and that ended up derailing the last thread. Can we PLEASE not derail this one too? It won't help anyone continuing to argue about this!

I've always been on the side of just sitting on the sidelines and seeing if something happens. Some of you are way to invested into the wait game. Ya'll need to calm the **k down. Go outside and play in your front yard or something. There's a world outside of the 3DS ya know. :P


TheHomesk1llet said:
Firstly, is it possible to use the normal CTR commands while the 3DS is running a launcher from the web exploit? I'm assuming not, so would it be possible to launch another launcher or code.bin that gives the system the bare minimum to execute commands and mount/write to the sd card? I don't want to make a CFW...yet.
Click to expand...

Wait, you asking if commands sent to the cartridge slot can be redirected? I assume you are talking about Arm11 related activities. I'm probably not the best person to try and answer this. I would think you just need to gain Arm11 kernel access and recreate the commands. Having Arm11 kernel access means being able to do anything Arm11 is normally allowed to do. (all other things would be Arm9 territory). So if the CTR commands are controlled by Arm11, then yes, I don't see why you can't do this.

As I understand it one of the early stages of the web browser exploit gains Arm11 kernel access. Whether or not the launcher.dat file/external file needed to do that is required, I don't know. I think so, but at that point you already have FS access to the SD card I would assume as how else does gateway load the launcher.dat for the rest of the exploit? ;)



TheHomesk1llet said:
Second, does gateway's exploit run on process9, ARM9, or privileged ARM11? Does it even matter if I'm going to use the exploit to run an application that loads .3DS and .DAT files that will not require special permissions, just read, write, and execute access to the SD card?
Click to expand...

I've heard the new exploit (or at least the reverse engineered version of it thanks to yifan_lu) runs on Arm9 kernel and not Process9 and that FS commands are broken. (basically you have to recreate the Arm9 kernel code yourself) So the kernel commands need further documentation? If you can already read/write files via Arm9 code at whatever stage of development this CFW of yours is at, you already are able to do this I assume. But again, I can't answer that.

It was mentioned in that first Arm9 thread soon after Yifan Lu's release of the Arm9 exploit info.

From how things work, Arm11 kernel access occurs first, then Arm9 is hijacked. I would think you set most things up in Arm11 before you go and boot up Arm9 code. (non encryption related stuff anyway. Arm9 access needed once you get the point where you need to alter encryption checks, but you should be aware of this already. :P )

I'm not a programmer so I can't really answer this beyond that.

Aside from that I hope someone who knows more on this kinda stuff can answer your question before the trolls flood this thread. :P
 
pikatsu said:
Have you seen this? https://github.com/WinterMute/ROPInstaller
Click to expand...
Uhm, That's for the old DS Profile exploit. OP is trying to use the web browser entry point.
I'm betting OP has already seen these but, these are more relevant to his research if anything:
https://github.com/yifanlu/Spider3DSTools
https://github.com/yifanlu/Spider3DSTools/tree/arm11-kernel-research
http://gbatemp.net/threads/release-arm9-kernel-homebrew-on-9-2.379477/

EDIT: Yet neither are they complete answers to his original question. I'd like to know some of this stuff too, as I might try to roll together some web-browser-launched homebrew just for kicks. (Don't expect anything amazing though...)

Regarding the questions AFAIK the GW runs on arm9. And the arm9-kernel-homebrew thing also runs on arm9 (not Process9) which means you have to rewrite some syscalls yourself apparently.
 
Zidapi said:
He's being ironic because williamcesar2 is one of the biggest piece of shit trolls on GBAtemp, and json is too

I hope you both got warnings for the part you each played in turning OP's previous thread into a shit storm.

Actually really disappointed that you both weren't banned, you're each repeat offenders.
Click to expand...


what ? I don't know what you're talking about
 
xantoz said:
Uhm, That's for the old DS Profile exploit. OP is trying to use the web browser entry point.
I'm betting OP has already seen these but, these are more relevant to his research if anything:
https://github.com/yifanlu/Spider3DSTools
https://github.com/yifanlu/Spider3DSTools/tree/arm11-kernel-research
http://gbatemp.net/threads/release-arm9-kernel-homebrew-on-9-2.379477/

EDIT: Yet neither are they complete answers to his original question. I'd like to know some of this stuff too, as I might try to roll together some web-browser-launched homebrew just for kicks. (Don't expect anything amazing though...)

Regarding the questions AFAIK the GW runs on arm9. And the arm9-kernel-homebrew thing also runs on arm9 (not Process9) which means you have to rewrite some syscalls yourself apparently.
Click to expand...


which would probably explain why gateway's launcher.dat usually contains copies of the arm9/11 kernel code for each firmware version, from what I've heard.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

[WIP] SMW 3DS Port - Early Playable Demo by ZalgonEn

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Homebrew  [Progress update] LCE Minecraft 3ds

Gaming  any good rpgs on 3ds?