1. Archshift

    OP Archshift Member
    Newcomer

    Joined:
    Apr 3, 2015
    Messages:
    10
    Country:
    United States
    By privileged, I obviously mean those of us who use libkhax! I've made a few tools that can take advantage of bootstrap's kernel access.

    First is service-patch. This tool, as the name suggests, is able to patch services in two ways.
    First of all, it patches the currently-running homebrew to have full service access, without ninjhax limitations. It does this by patching the PID of Cubic Ninja to zero, and all PIDs below five have automatic full access to all services.
    The tool also provides infrastructure to patch the code of any currently-running process. If you tried to do this with the debug SVCs, the process would crash on execution of whatever code you patched, but service-patch queries the location of the code under the kernel addressing-mode, and patches the code by directly accessing the memory.

    The next tool is i2c. As its name suggests as well, the program is able to access the I2C registers. This can be neat especially for ARM9 homebrew developers (rxTools comes to mind), as you can do such things as querying the current battery level from I2C. Check 3DBrew for all currently-known I2C functions.
    NOTE: ALWAYS BE CAREFUL MESSING AROUND WITH I2C AND BE SURE OF WHAT YOU'RE DOING. DEVELOPERS HAVE BRICKED THEIR 3DS DOING THINGS AS SIMPLE AS MESSING WITH THE LED REGISTERS.

    There's also dump-kernelmem. This dumps the kernel memory.

    I'd also like to give a quick mention to the bootstrap branch of Decrypt9. This has existed for quite a while already, but it's apparently been undiscovered so far! To run Decrypt9 from bootstrap, compile Decrypt9, then replace the payload.bin in bootstrap with Decrypt9.bin (renamed, of course, to payload.bin). It even supports the N3DS!

    Have fun developing!
     
    m0rt, Margen67, cearp and 9 others like this.
  2. ChrisX930

    ChrisX930 Banned
    Banned

    Joined:
    Sep 3, 2013
    Messages:
    788
    Country:
    Gambia, The
    Thank you very much for this!
    I hope it works like I want :)
     
    Margen67 likes this.
  3. yifan_lu

    yifan_lu @yifanlu
    Member

    Joined:
    Apr 28, 2007
    Messages:
    663
    Country:
    United States
    Thank you! "The tool also provides infrastructure to patch the code of any currently-running process." Does this allow you to patch a process and return to home menu/launch another title? Because it would be nice to be able to, for example, patch NIM to bypass update checks and then open eshop.
     
    Margen67 likes this.
  4. Archshift

    OP Archshift Member
    Newcomer

    Joined:
    Apr 3, 2015
    Messages:
    10
    Country:
    United States
    Unfortunately all the tool can do is patch code, it doesn't do anything special to allow returning to home menu.

    From what I've been told on #3dsdev, it's not even feasible to return to home menu from Ninjhax because the RO exploit has so much fallout.
     
  5. Shadowtrance

    Shadowtrance GBAtemp Addict
    Member

    Joined:
    May 9, 2014
    Messages:
    2,493
    Country:
    When attempting to build service-patch. Nothing changed, just default source.
    I'm not much of a coder, just a tinkerer. Thought I'd point that out incase it's an error on your part or maybe me just being a noob. haha
     
  6. Archshift

    OP Archshift Member
    Newcomer

    Joined:
    Apr 3, 2015
    Messages:
    10
    Country:
    United States
    Oh, oops, I forgot that I had changed ctrulib to include svcBackdoor. I'll PR that change now.

    EDIT: Submitted a PR (https://github.com/smealum/ctrulib/pull/113), pull that version of ctrulib once it's merged or just merge my changes into your local ctrulib if you want.
     
  7. dubbz82

    dubbz82 GBAtemp Advanced Maniac
    Member

    Joined:
    Feb 2, 2014
    Messages:
    1,572
    Country:
    United States
    Spiffy, I'm going to stay the heck away though, until someone inevitably makes something with this. Very nice though
     
  8. yifan_lu

    yifan_lu @yifanlu
    Member

    Joined:
    Apr 28, 2007
    Messages:
    663
    Country:
    United States
    Yeah, I've been trying to get process patching to work with spider, but turns out that saving/restoring heap and restoring SVC 8 code is not enough because although it allows you to return from kernel, it crashes some service or something because closing spider gives you a black screen with the error message.
     
  9. josamilu

    josamilu GBAtemp Fan
    Member

    Joined:
    Feb 1, 2015
    Messages:
    383
    Country:
    Gambia, The
    Awsome release. I modified service-patch a bit and tried to compile it but got this error :
    Code:
    d:/devkitPro/ctrulib/service-patch-master/source/main.cpp: In function 'int main
    (int, char**)':
    d:/devkitPro/ctrulib/service-patch-master/source/main.cpp:105:38: error: 'svcBac
    kdoor' was not declared in this scope
        svcBackdoor(patch_process_wrapper);
                                          ^
    How can I fix this?
     
  10. dubbz82

    dubbz82 GBAtemp Advanced Maniac
    Member

    Joined:
    Feb 2, 2014
    Messages:
    1,572
    Country:
    United States


    Check 3 posts above yours.
     
    josamilu likes this.
  11. josamilu

    josamilu GBAtemp Fan
    Member

    Joined:
    Feb 1, 2015
    Messages:
    383
    Country:
    Gambia, The
    whoops xD I cross my heart that it wasn't there when I posted it :D thanks
     
  12. Suiginou

    Suiginou (null)
    Member

    Joined:
    Jun 26, 2012
    Messages:
    565
    Country:
    Gambia, The
    Excellent news. Thank you very much, archshift.
     
  13. dela

    dela Advanced Member
    Newcomer

    Joined:
    Dec 6, 2014
    Messages:
    78
    Country:
    Italy
    Release damn interesting, has already been a while that study through the suggestion of another dev, as decrypt9 works, and now this with your other release I've literally amazed.
     
  14. Archshift

    OP Archshift Member
    Newcomer

    Joined:
    Apr 3, 2015
    Messages:
    10
    Country:
    United States
    Oh, I also forgot to mention the existence of dump-kernelmem (which dumps kernelmem). This should work on recent versions of both O3DS and N3DS firmwares.

    Also, we now have a new method of gaining kernel access, libkhax, which is supposed to be very reliable!
     
    Margen67 and Suiginou like this.
  15. sanni

    sanni GBAtemp Regular
    Member

    Joined:
    Nov 7, 2003
    Messages:
    142
    Country:
    Germany
    Soooo can we combine this service patch with the 3dsx version of FBI and install a newer browser version? Or other correctly signed cia's like system updates?
     
    Margen67 likes this.
  16. Archshift

    OP Archshift Member
    Newcomer

    Joined:
    Apr 3, 2015
    Messages:
    10
    Country:
    United States
    Yes, you can, although I take no responsibility for what FBI does to your 3DS ;)
     
    Margen67 likes this.
  17. dela

    dela Advanced Member
    Newcomer

    Joined:
    Dec 6, 2014
    Messages:
    78
    Country:
    Italy
    Before I was giving you a look springs from your smartphone, I did not understand if it can enable svc "0x7c" in unsigned [KernelSetState (Type unsigned int, unsigned int Param0, Param1 unsigned int, unsigned int Param2)].
     
  18. MemoryController

    Newcomer

    Joined:
    Sep 7, 2014
    Messages:
    19
    Country:
    Greece
    It patches with nops the svc acl checks so you can call any syscall
     
    Margen67 likes this.
  19. urherenow

    urherenow GBAtemp Psycho!
    Member

    Joined:
    Mar 8, 2009
    Messages:
    3,681
    Country:
    United States
    Slightly off topic- but can somebody pretty please do this and release a .3ds version of decrypt9 that will run on N3DS? Or really any way of running Decrypt9 on N3DS. Also, can this be used somehow to make rxtools work on N3DS?
     
    Margen67 likes this.
  20. Oishikatta

    Oishikatta GBAtemp Advanced Fan
    Member

    Joined:
    Oct 30, 2014
    Messages:
    971
    Country:
    United States

    You quoted his link to his bootstrap branch of Decrypt9 that compiles to .3dsx and runs on the N3DS via ninjahax.
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - [Released], privileged, developer