Hacking Replicatable Crash in FW 7.1.0 - 14J

[BORODA]

I don't think this has any actual use. It probably crashes usermode which, still, requires a system exploit to be found to be able to successfully boot any code. If that was available, systems prior to 7.0 would also be vulnerable as the entry point in the DS profile still exist in 5.x and 6.x versions.

 

[greyneon]

If not a different kernel exploit which as many others think i also do.
IF there is. There is LOADS to go through If using trial and error...

 

[appleburger]

So, still looks like a "eh, prob. not but maybe?". I'll bump the thread up just in case somebody who really has a lot of experience with this knows for sure if it can be used for a possible exploit.

 

[Deleted User]

This is just a userland exploit. Not really helpful as kernel exploits are the most juicy

 

[tHciNc]

yup, you need 1 then the other, and afaik unreleased usermode savegame exploits that have worked since 4.x still work fine, so devs have always had the usermode, just nothing kernelmode above 4.5

 

[someonewhodied]

I realized something similar to twilight hack could probably be done here.
Savegame names are in the 0.sav sub-save.

If you could corrupt the name in that, then you could probably pull a twilight hack (if nintendo hasn't wised up) and get a different exploit.

 

[Mr_Pichu]

The idea is to break into the palace, only it is heavily guarded and we don't have a detailed map.

 

[daxzc]

You should twit this to Smealum and Neimod for extra input if you need any questions answered.

 

[juins]

I realized something similar to twilight hack could probably be done here.
Savegame names are in the 0.sav sub-save.

If you could corrupt the name in that, then you could probably pull a twilight hack (if nintendo hasn't wised up) and get a different exploit.

problem is, u would need a Japanese Kid icarus cart wouldnt you? 3DS is region-locked. If something comes out of this, i guess only us 4.5 users could benefit from it (and JPN consoles). unless You've tried it on Eur/USA versions?

 

[daxzc]

Even if this is worthless right now, it COULD give us an insight on what to do in the future to hack the console.

 

[N3XU5]

my 3ds crashes also with the youtube app.
will this save crash make it any different?

 

[someonewhodied]

my 3ds crashes also with the youtube app.
will this save crash make it any different?

What people are looking for are crashes that freeze the 3ds, without the "An error has occurred, please turn 3ds off" message.

 

[N3XU5]

What people are looking for are crashes that freeze the 3ds, without the "An error has occurred, please turn 3ds off" message.

Well my 3ds freezes on youtube app, when watching pewdiepie, i hate waiting so i press the back button multiple times (L).
forward multiple times(R), try touching another vid multiple times and than its freezes completely, very annoying -.-

 

[profi200]

Just a crash doesn't mean anything. And it is ofcourse useless. It's JAP only. We have not looked into this, but you already made a big mistake to post that shit. *If* it is useful it will be fixed soon.

 

[someonewhodied]

And it is ofcourse useless. It's JAP only.

Someone better work on a save decrypter tool for 2.1.0+ US/EU games then.

 

[profi200]

Do what you want, but you already burned a possible vuln, before it get's useful in any way.

 

[placebooooo]

Someone better work on a save decrypter tool for 2.1.0+ US/EU games then.

I personally believe this is a great find you have here. I would show this to smea or the gateway team maybe or anyone who is really good with code rather than just listening to people's "this doesnt help at all" comments. Great find!

 

[UltraMew]

@ "the name of the person you want to tag" (without the space between the @ and the name)

Let's try that... mr. fancypants

 

[Chaosruler]

Do what you want, but you already burned a possible vuln, before it get's useful in any way.

I have to agree, for future's safe if anyone finds a similar crash, don't lose hope like our misguided friends here in `Temp, go straight to Efnet IRC on channel #3dsdev, find either neimod, profi200, normmatt, ichfly or any other very known\trusted 3DS hacker you may know and query it directly to him, I can promise you that they are in closed group (yes even on GBAtemp IRC) and that they will share that exploit if some fruits will hang from it

 

[Tybus]

Maybe it could lead into something... idk... i have heard about yellow8 and neimoid discovering vulns by a savegame exploit... Could be worthless, or could be good...