Homebrew [Release] ARM9 Kernel homebrew on < 9.2

[filfat]

JOKE
Tell that to people who bought Assassins Creed Unity on the PC
JOKE

Ubisoft is an exception for that rule, pirate the hell out of Ubisoft games kids.

 

[madri1]

does this works on 2.5 ?

 

[Henning B]

One step closer to making our devices OURS.

 

[naxil]

Ubisoft is an exception for that rule, pirate the hell out of Ubisoft games kids.

Yes.. my watchdogs all in my usb (without internal x360 hd) rulez!!
I want buy a gw.. but please port cfw launcher.dat... we need it

 

[Rinnegatamante]

I keep hoping a homebrew will come out to delete the update file that my 3DS keps begging me to install.

MMhhh is there somthing about it on 3dbrew? MAybe something can be done.

 

[Slushie3DS]

MMhhh is there somthing about it on 3dbrew? MAybe something can be done.

I'm pretty sure it's something to do with Mii Plaza's cache. I'd start there.

 

[duke_srg]

Hi guys!
Since Gateway probably added checks on the Launcher.dat, i suggest to use other methods to run the web exploit, i like this solution that's offered by an user here on GBAtemp :
http://dukesrg.no-ip.org/3ds/go

I suppose you better link to the thread with my HTML loader thread so people realize that there is a way to have several launchers at once.

 

[Rinnegatamante]

http://3dbrew.org/wiki/NIMU:FinishTitlesInstall

Interesting, maybe it can be used to trigger a CIA installation.
It seems the update files are store in SD card (booting 3DS without a SD card insertes seems to prevent the system popup to be triggered).

 

[The Real Jdbye]

Nice work, that didn't take long at all. It shouldn't be long now until we can do all the same things on newer firmware as we could on 4.x

Relys you seen this? Would be awesome if we could have a port of Multi Decryptor for the spider exploit

 

[Slushie3DS]

http://3dbrew.org/wiki/NIMU:FinishTitlesInstall

Interesting, maybe it can be used to trigger a CIA installation.
It seems the update files are store in SD card (booting 3DS without a SD card insertes seems to prevent the system popup to be triggered).

Whoa, that'd be pretty sweet.

 

[Korin]

http://3dbrew.org/wiki/NIMU:FinishTitlesInstall

Interesting, maybe it can be used to trigger a CIA installation.
It seems the update files are store in SD card (booting 3DS without a SD card insertes seems to prevent the system popup to be triggered).

Triggering CIA installation that way could hopefully, even if difficult or tricky, finally shut people up about how BigRedMenu needs DevMenu/BigBlue

 

[Rinnegatamante]

Triggering CIA installation that way could hopefully, even if difficult or tricky, finally shut people up about how BigRedMenu needs DevMenu/BigBlue

In reality, Big Red Menu can be installed legally through installcia + CFW.

 

[Subtle Demise]

In reality, Big Red Menu can be installed legally through installcia + CFW.

Assuming you can get ctrclient to connect properly. I never could.

 

[Duo8]

http://3dbrew.org/wiki/NIMU:FinishTitlesInstall

Interesting, maybe it can be used to trigger a CIA installation.
It seems the update files are store in SD card (booting 3DS without a SD card insertes seems to prevent the system popup to be triggered).

IIRC that's used to finalize updates. The titles must already be ready at this point. It copies entries from import db to title db and replace old titles with new ones.

 

[ubergeek77]

So what does this mean for new developers? Can we simply write whatever we want, granted it compiles to ARM and isn't too processor-intensive? Or is it much more complicated than that?

 

[shinyquagsire23]

So what does this mean for new developers? Can we simply write whatever we want, granted it compiles to ARM and isn't too processor-intensive? Or is it much more complicated than that?

Much more complicated. Basically now that Gateway released their launcher.dat, we've reversed enough of it to be able to have ARM11 usermode, ARM11 kernel, and ARM9/process9 execution on the 3DS. Which basically means we can do whatever we want permissions-wise (ie get xorpads/dump saves/dump ROMs on 9.2 and below).

 

[MemoryController]

Does this overwrite used parts of arm9 memory or can we potentially recover?

 

[Duo8]

Does this overwrite used parts of arm9 memory or can we potentially recover?

Since it says code will be run on the kernel it's unlikely.

 

[naxil]

I continue to not understand why not cfw via web hack

 

[Apache Thunder]

Since it says code will be run on the kernel it's unlikely.

A hair brained idea I just came up with. Perhaps a tiny memory dumper for Arm9? One could try and overwrite the smallest possible areas of Arm9 kernel and dump the areas not overwritten. Then simply repeat the process with the code being run from different memory offsets. One could then "piece" the Arm9 kernel back together this way. Of coarse one needs a way of getting write access to the SD card at this stage. Just throwing out ideas.

The challenge would be doing this all in Arm9 as I'm pretty sure Arm11 does not have access to the memory Arm9 kernel runs at. (would be in the Arm9 exclusive area only Arm9 can see)

At this stage the only other solution is to use external hardware and soldering to certain points on the motherboard to intercept data from the Arm9 CPU and dump it's memory. I'm sure there's ways of dumping ram via physical mods the console but there's way fewer devs out there with the means of doing it this way.

That or one could just decrypt a 9.2 nand dump and examine the TWL FIRM section of the firmware as that's the part the Arm9 uses I believe. I assume you can gen xorpads for system NAND while on 4.5 and be able to decrypt it again once on you updated sysnand back to 9.2?

The unique per console encryption doesn't change, so I don't see why not. Perhaps xorpads need to regenerated with the slot0x25KeyX once you gain access to the firmware files as those are also encrypted to the new 7.x keys. The NAND encryption is just filesystem encryption I think and just one layer of the encryption you have to get through.

 

[clemull]

Could someone make a working Hello World template (ARM9) as everthing that I compile fails.