Homebrew RAM editing glitch on any 3DS, might lead to an exploit?

[chaoskagami]

It's fun and all to watch glitchy tiles, but this is far more useful:

xscreen 2
bgscreen 0,134217728,16
offset=0
dim dat[8]
@xxd
  loop=7
  @lreadl
    dat[loop]=bgget(0, offset+loop, 0, 0)
    loop=loop-1
    if loop<0 then goto @lreade
    goto @lreadl
  @lreade
  print hex$(offset, 6);
  print " ";
  print hex$(dat[0], 4);
  print hex$(dat[1], 4);
  print hex$(dat[2], 4);
  print hex$(dat[3], 4);
  print " ";
  print hex$(dat[4], 4);
  print hex$(dat[5], 4);
  print hex$(dat[6], 4);
  print hex$(dat[7], 4)
  offset = offset + 8
vsync 1
goto @xxd

This could probably be improved, but eh.

The best part of smilebasic is that I'm 100% sure you could manually punch out an exploit on the console.

 

[Xenon Hacks]

This is nice but until memchunkhax3 comes around there wont be downgrading unless this app givess access to more services than normal?

 

[Thunder Hawk]

How I think this will go:
People will buy the game before any release and hope for hax. ((If no release, rip.) <<< Really Unlikely)
SmileBASIC gets exploited and @Nba_Yoh releases it as SmileHaxx or BASICHaxx or something.
People buy the game for homebrew as a primary and everyone except Nintendo and SmileBoom will be happy.
Either SmileBoom decides to send a patch to Nintendo or it gets pulled and then they send the patch so it goes back online. (...or not and it's dead forever.)
After patching it, Nintendo will add the title to the same list that IronFall is on and push an update.

 

[chaoskagami]

This is nice but until memchunkhax3 comes around there wont be downgrading unless this app givess access to more services than normal?

The game has a (very) nice service access list

Spoiler

> $hioFIO
> $hostio0
> $hostio1
> cfg:u
> fs:USER
> gsp::Gpu
> hid:USER
> ndm:u
> pxi:dev
> APT:A
> ac:u
> act:u
> am:app
> boss:U
> cam:u
> cecd:u
> dlp:FKCL
> dlp:SRVR
> dsp:: DSP
> frd:u
> http:C
> ir:USER
> ldr:ro
> mic:u
> news:u
> nfc:u
> nim:aoc
> nwm::UDS
> ptm:u
> qtm:u
> soc:U
> ssl:C
> y2r:u

WAY more services than usual. In fact, we could probably rop inside of smilebasic instead of the HOME menu with a good set of gadgets. Hell, it even has ldr:ro. Downgrade though - no. Still not ARM11 kernel access, and backdoor is still KIA.

 

[hellionz]

when the hype train is commencing to run.....the definitive exploit? no 9.2 needed anymore?


who knows

Greetings!!!

 

[Shadowfied]

when the hype train is commencing to run.....the definitive exploit? no 9.2 needed anymore?


who knows

Greetings!!!

wat..of course it's not gonna "replace" 9.2. As stated literally one post above yours, a downgrade isn't even possible by itself. If anything it'll be another primary hax entrypoint.

But o wait..

and it's unlikely to be code, too; it could just be sprites, music or something
anyway, this won't lead to an exploit.

Shit, the master hacker has spoken, so I guess we should just stop here guys. This won't lead to an exploit.

/s

 

[seijinshu]

Does anyone know if Petit Computer has a similar RAM function?
What could happen if TWL FIRM got exploited?

 

[Aletron9000]

Does anyone know if Petit Computer has a similar RAM function?
What could happen if TWL FIRM got exploited?

i think TWL FIRM has arm9 access, so an exploit in TWL firm might give us arm9 kernel.

 

[seijinshu]

i think TWL FIRM has arm9 access, so an exploit in TWL firm might give us arm9 kernel.

TWL is arm9. I wonder if we get arm9 userland (if it exists) or arm9 something.

I also own Petit Computer. I should go and check out what happens if I run this code (prolly nothing)

 

[Deleted User]

So theoretically we can have both arm9 access and a primary exploit in 2 games that are basically the same.

Holy shit.

 

[seijinshu]

So theoretically we can have both arm9 access and a primary exploit in 2 games that are basically the same.

Holy shit.

Not necessarily.

 

[Aletron9000]

TWL is arm9. I wonder if we get arm9 userland (if it exists) or arm9 something.

I also own Petit Computer. I should go and check out what happens if I run this code (prolly nothing)

according to the 32c3 talk, arm9 userland does not exist.

 

[seijinshu]

according to the 32c3 talk, arm9 userland does not exist.

K. So a9 kernel.

 

[seijinshu]

Time to investigate.

 

[Deleted User]

aw
well uh
lets see how this goes

 

[Aletron9000]

K. So a9 kernel.

arm9 kernel would allow downgrading. and downgrading would no longer be necessary and 11.0 would become the new 9.2

 

[Deleted User]

11.0 would become the new 9.2

 

[seijinshu]

I'd get petit computer and smile basic now if I were you. Plus they are excellent games

 

[Sono]

Well, I'm not here to offend anyone, nor I know every bit of the 3DS, but let's get real, this is starting to turn cringey

First, you would need to ROP your way out of the sandbox (most possibly by overwriting the built-in BASIC functions), and this would ONLY give us ARM11 USERLAND code execution.

Second, even though for a VERY weird reason SmileBasic requires (and has) pxi:dev, that doesn't always mean ARM9 code execution and downgrading! iirc the last ARM9 code execution exploit was patched after 9.2

I know this was harsh, but get real, people!

 

[chaoskagami]

i think TWL FIRM has arm9 access, so an exploit in TWL firm might give us arm9 kernel.

K. So a9 kernel.

There's a very big difference between TWL arm9 kernel and NATIVE arm9 kernel. Namely, the memory mappings are that of a DS in TWL. I think you'll find this relatively futile.