Homebrew RAM editing glitch on any 3DS, might lead to an exploit?

[12Me21]

Just remember...
It's hip to fuck bees

 

[wormdood]

Just remember...
It's hip to fuck bees

worst bump ever!

 

[Perska]

There's three ways to get PTC today, either have it purchased before, or have a Japanese DSi/3DS (PTC was only removed from the NA & EU eShop and DSi Shop). Or uo can just get it from the CDN. (ew.)

But yeah, there's no point in getting PTC (except nostalgia and some cool programs the community made), since BGSCREEN doesn't exist.

 

[seijinshu]

There's three ways to get PTC today, either have it purchased before, or have a Japanese DSi/3DS (PTC was only removed from the NA & EU eShop and DSi Shop). Or uo can just get it from the CDN. (ew.)

But yeah, there's no point in getting PTC (except nostalgia and some cool programs the community made), since BGSCREEN doesn't exist.

We cant use BGSCREEN, but it isn't all we can use to attack TWL FIRM (or any firm). People are already on it and will explain it if they pull what they aim for off.

 

[seijinshu]

...

I did put air quotes around it, and I was the one who started discussing it on this thread.
Mainly me who accidentally started a hype train that could've waited.
No I didn't start investigation.
I don't even claim credit for anything I don't release myself (I honor other people's work).

 

[seijinshu]

There's three ways to get PTC today, either have it purchased before, or have a Japanese DSi/3DS (PTC was only removed from the NA & EU eShop and DSi Shop). Or uo can just get it from the CDN. (ew.)

But yeah, there's no point in getting PTC (except nostalgia and some cool programs the community made), since BGSCREEN doesn't exist.

How do you get it from CDN without kernel or arm9 kernel? Is it a legit game (like other legit cia files)?

 

[Trinitro21]

BGSCREEN isn't all we can use to attack TWL FIRM. People are already on it and will explain it if they pull what they aim for off.

BGSCREEN isn't at all what can attack TWL_FIRM because it simply doesn't exist in Petit Computer.

 

[seijinshu]

BGSCREEN isn't at all what can attack TWL_FIRM because it simply doesn't exist in Petit Computer.

Typo. I meant it as in we can't use it, but that isn't the only thing there that could attack.
OK, original quote fixed.
And ik BGSCREEN isn't in PTC.

 

[Swiftloke]

How do you get it from CDN without kernel or arm9 kernel? Is it a legit game (like other legit cia files)?

You don't... dsiware is signed just like most other 3ds games, excluding legit CIA files.

 

[Seedbon]

We should continue back on topic.

 

[zoogie]

Here's a more complete RAM dumper for SB.
http://pastebin.com/383D1Bug

This one doesn't have an on-3ds viewer, but that doesn't make sense anyway since there's about 15MBs of RW-able data accessible from BGSCREEN. Not practical to browse on the 3ds's tiny screen.

This program works by dumping 4MB files - one at a time - to extdata. I can't dump it all in one file because of the 8MB limit of interpreter RAM. The files are named BDUMP(0-3) on your 3ds's extdata (0000016de) which you can dump with various tools and view on a PC.
Interesting fact: the new3ds can actually RW about 75MBs but it seems only the same 15MBs are actually used (all zeros past 15MB).

Anyway, the actual script is attached if you want to add it to extdata. It will show as "SRD" on your smilebasic menu.
and thanks pastebin for adding 'bug' to my link - nice touch ;p

 

[ihaveahax]

Here's a more complete RAM dumper for SB.
http://pastebin.com/383D1Bug

This one doesn't have an on-3ds viewer, but that doesn't make sense anyway since there's about 15MBs of RW-able data accessible from BGSCREEN. Not practical to browse on the 3ds's tiny screen.

This program works by dumping 4MB files - one at a time - to extdata. I can't dump it all in one file because of the 8MB limit of interpreter RAM. The files are named BDUMP(0-3) on your 3ds's extdata (0000016de) which you can dump with various tools and view on a PC.
Interesting fact: the new3ds can actually RW about 75MBs but it seems only the same 15MBs are actually used (all zeros past 15MB).

Anyway, the actual script is attached if you want to add it to extdata. It will show as "SRD" on your smilebasic menu.
and thanks pastebin for adding 'bug' to my link - nice touch ;p

@MarcusD made a few changes to "b2bin.c" to make them compatible with your dumps. I'm just posting it here for him.

https://gist.github.com/ihaveamac/69eb6ed190621511e589df1a5f7f2010

 

[zoogie]

Whelp, here we go

I think it is working too, buy it. pic.twitter.com/Zicz7ugujM

— nba::yoh (@MrNbaYoh) July 4, 2016

 

[Swiftloke]

Whelp, here we go

https://twitter.com/MrNbaYoh/status/749769393819815936

WOOT WOOT!

 

[zoogie]

Better hurry and buy it, it could be pulled very fast now.

 

[Pandaxclone2]

TMW you can't buy it. ;-;

 

[CeeDee]

Seriously? The thread devolved from a secondary SmileBASIC exploit discussion to noobs saying "petitcomputer runs in arm9 we can exploit it to get 11.0 kernhax" without realizing it's in DSi mode, off the eShop, and doesn't have BGSCREEN?

 

[Deleted User]

Who said secondary ?

 

[Swiftloke]

Seriously? The thread devolved from a secondary SmileBASIC exploit discussion to noobs saying "petitcomputer runs in arm9 we can exploit it to get 11.0 kernhax" without realizing it's in DSi mode, off the eShop, and doesn't have BGSCREEN?

Yeah, that was dumb af. However, there is a good reason to believe that dsi mode could lead to an arm9 exploit... including NAND access. We don't even need an arm9 exploit because we can use the plaintext attack to downgrade through that method...

 

[VinsCool]

Seriously? The thread devolved from a secondary SmileBASIC exploit discussion to noobs saying "petitcomputer runs in arm9 we can exploit it to get 11.0 kernhax" without realizing it's in DSi mode, off the eShop, and doesn't have BGSCREEN?

They basically thought that SmileBasic == PetitComputer, yeah.