[Question]: Soundhax -> Safehax -> FastHax?

Discussion in '3DS - Homebrew Development and Emulators' started by ScarletDreamz, Jan 4, 2017.

  1. ScarletDreamz
    OP

    ScarletDreamz [Debug Mode]

    Member
    2,458
    1,031
    Feb 16, 2015
    United States
    California
    Hello;

    I just wanted to ask, since Soundhax its a primary entrypoint, thats the easy part, so indeed its a ARM11 Userland Exploit.

    If so, where its fasthax located? i do understand how the overflow works also the malloc and the syscalls, the only thing is, where is fasthax loaded and located on the structure of the sdcard? is it the new boot.3dsx? or is it the arm11.bin?

    I just need some clarification on this.

    Regards~
     
    Last edited by ScarletDreamz, Jan 4, 2017
  2. GerbilSoft

    GerbilSoft GBAtemp Addict

    Member
    2,028
    2,225
    Mar 8, 2012
    United States
    Soundhax is an ARM11 userspace exploit. Fasthax is an ARM11 kernel exploit, which is then used to launch SAFE_MODE_FIRM for safehax.

    The current version of Safehax listed in Plailect's guide has fasthax built-in. There's no separate file for it.
     
    Texascfdad likes this.
  3. metroid maniac

    metroid maniac An idiot with an opinion

    Member
    1,800
    717
    May 16, 2009
    The 3DS has two processes, ARM11 and ARM9.
    Soundhax owns the ARM11 userland, Fasthax owns the ARM11 kernel space, and Safehax owns the ARM9.

    Safehax and fasthax are two different exploits, but they're bundled together into a single executable you can run from any homebrew entrypoint (i.e. anywhere you have userland privileges already).
    This executable is the safehax.3dsx file located in this download. The boot.3dsx at the 3DS root is the Homebrew Launcher's menu and the arm11.bin and arm9.bin located on the SD root are safea9lhinstaller and the exploits needed to run it.
     
    Texascfdad likes this.
  4. ScarletDreamz
    OP

    ScarletDreamz [Debug Mode]

    Member
    2,458
    1,031
    Feb 16, 2015
    United States
    California
    Thanks, indeed i do understand that, my question was where was the file nad @GerbilSoft answered telling me they are bundled together into one single executable file. aka "SafeHax.3dsx"
     
  5. NexoCube

    NexoCube stop using piracy :(

    Member
    1,184
    587
    Nov 3, 2015
    France
    Stack Pointer
    safehax will launch arm9.bin on the SDCard, usually you want it to be Decrypt9 to start using 3ds.guide (ctrtransfer 2.1.0)
     
  6. ScarletDreamz
    OP

    ScarletDreamz [Debug Mode]

    Member
    2,458
    1,031
    Feb 16, 2015
    United States
    California
    So what its the procedure after safehax its triggered? can someone clarify me that?

    Safehax -> Fasthax -> arm9?
    OR
    (Safehax+Fasthax) -> arm9?

    Difference betweens those its the fasthax running with safehax, or fasthax executed as a different process inside the safehax.
     
  7. metroid maniac

    metroid maniac An idiot with an opinion

    Member
    1,800
    717
    May 16, 2009
    It's back to front. You need to pwn the arm11 kernel before you can pwn the arm9, so it's fasthax and then safehax.
    I believe that executable does safehax as soon as it finishes fasthax,
     
  8. ScarletDreamz
    OP

    ScarletDreamz [Debug Mode]

    Member
    2,458
    1,031
    Feb 16, 2015
    United States
    California
    You are totally right, since fasthax its the kernel exploit for arm11. totally forgot about it..

    So it will be Soundhax (Arm11 Userland Exploit) -> Fasthax (Arm11 Kernel Exploit) -> Safehax (Arm9 Kernel Exploit).
     
    Last edited by ScarletDreamz, Jan 4, 2017