Toggle sidebar

Hacking Question regarding DS profile exploit

  • Thread starter Thread starter Chaldron
  • Start date Start date
  • Views Views 16,630
  • Replies Replies 75
profi200 said:
Ok, got the confirmation. mset haxx is finally fixed. So, no way to use Gateway and clones above 4.5 anymore. All firmwares above 4.5 have no kernelmode vuln and 7.0 finally fixed the entrypoint.
Click to expand...


So what exactly does that mean? it's a problem for the gateway team?
 
drfsupercenter said:
Weren't they already non-existent for 5.x+?
Click to expand...

In order for an unsigned code to work (usually) you need at least two exploits: one in userland (that's the DS profile hack, aka mset hack), and one in kernel (the afaik, undisclosed exploit patched in 4.5+). For 4.6-6.3, the kernel exploit is patched but the userland exploit is not patched. For 7.0 both the userland and the kernel exploit are patched.

In other words, to hack 4.6-6.3, you only need to find another kernel exploit. To hack 7.0 you need to find both a userland exploit and a kernel exploit (it may be the same kernel exploit as the 4.6-6.3 one). profi200 told me in irc that there is another userland exploit that exists (a savegame exploit) that may work on 7.0, but I don't know any more about it and I don't know if the people who have it would ever release it.
 
  • Like
Reactions: Schizoanalysis and RenegadeKid
yifan_lu said:
In order for an unsigned code to work (usually) you need at least two exploits: one in userland (that's the DS profile hack, aka mset hack), and one in kernel (the afaik, undisclosed exploit patched in 4.5+). For 4.6-6.3, the kernel exploit is patched but the userland exploit is not patched. For 7.0 both the userland and the kernel exploit are patched.

In other words, to hack 4.6-6.3, you only need to find another kernel exploit. To hack 7.0 you need to find both a userland exploit and a kernel exploit (it may be the same kernel exploit as the 4.6-6.3 one). profi200 told me in irc that there is another userland exploit that exists (a savegame exploit) that may work on 7.0, but I don't know any more about it and I don't know if the people who have it would ever release it.
Click to expand...
4.6? Isn't 4.5 the last 4.X firmware? I believe it jumps to 5.1 from 4.5...
 
Hmm, well I updated to 7.0 on my "non-Gateway" 3DS and the DS profile bit still runs like a 3DS game, unlike "DS connection settings" which opens in an emulated DS window, complete with crappy upscaling.

So even if they changed the way it runs internally, it looks the same to the end user. Interesting.

I understand what a kernel exploit is, but I'm confused about the whole userland thing, is that just how you go about installing a kernel exploit?
 
If after "installing" the DS profile exploit , i make a Hard dump Nand
And after I flash always with hardtools this backup to my sysnand , have the exploit stay ???
 
What i can say so far, all other apps are not exploitable. 3DS sound, camera ect. Even the webbrowser is to secured (all tested WebKit bugs failed). All tested and nothing. Nintendo did his homework very well this time. There was only the one big fail (mset haxx). SD card savegames are not exploitable, because they are console unique encrypted. Newer games are not exploitable too (encryption again). So this was it.

It's very unlikely, we ever get something working above 4.5 and even less on 7.0+. So, use your chance and get a 4.5 3DS. Dump your NAND and store the image on a secure place.
 
Just out of curiosity, is there any chance for a hardware attack? Like the RGH on the 360 (glitch processor to say everything is ok) or is the 3ds secure against that sort of thing as well?

Other than that *hugs 4.5 XL*
 
Armadillo said:
Just out of curiosity, is there any chance for a hardware attack? Like the RGH on the 360 (glitch processor to say everything is ok) or is the 3ds secure against that sort of thing as well?

Other than that *hugs 4.5 XL*
Click to expand...
That's probably the next viable solution. Only problem: You have three hardware revisions to work with, all working slightly differently. If you make a hack, you'd have to replicate it on two other systems. This is evident with NAND dumping using the SD trick. It was done on the 3DS, then was ported to the 3DS XL. I don't even know if anyone's tried it with the 2DS yet though. Seeing as parts are always rearranged, the proper pinout would have to be refound and possibly modified to work with different hardware.

As for finding a new exploit, what I'd be interested in trying, if I had the parts, money, patience, and skills, is to look for an entrypoint when a game is launched. If something could be found in a third-party title during the launch of a game, perhaps hardware could be made to inject custom code where a loophole is (In the ram, not the rom, unlike traditional flashcards), and instead of launching the game, custom code can be launched. That's just me going off a tangent. Since games can be patched, all that would have to be done is to add a patch for a game, but patches are optional.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Gaming  any good rpgs on 3ds?

Hardware  2 Broken 3DSes, need help

Website for finding alternative games for 3DS

Hacking  Modding Reassurance

GodMode9 wont launch, holding START just goes to home screen