Homebrew Smealum's Ninjhax Writeup

Psi-hate

GBATemp's Official Psi-Hater
OP
Member
Joined
Dec 14, 2014
Messages
1,750
Trophies
1
XP
3,455
Country
United States
Smealum on his twitter recently released his writeup for Ninjhax so I thought it would possibly help or intrigue some people of how it works. Here's his tweet/a link to his blogpost:

Smealum: "you asked for it : here's a full technical writeup of ninjhax's inner workings http://smealum.net/?p=517 ; handle with care"

 

Psi-hate

GBATemp's Official Psi-Hater
OP
Member
Joined
Dec 14, 2014
Messages
1,750
Trophies
1
XP
3,455
Country
United States
I can hardly think so, considering that it uses a lot of constricted data to even boot up usermode access. Who knows though. It'd probably have to use another exploit or way entirely to run that.
 

berichan

ACNHMobileSpawner dev
Member
Joined
Dec 9, 2014
Messages
224
Trophies
0
XP
625
Country
Antarctica
Apologies for my severe lack of 3DS knowledge & if this makes no sense at all, but smea mentions that

> The ro system module has access to a number of high-privilege system calls which, among other things, allow it to give regions of memory executable status within its own virtual memory space as well as other processes

and has access to 0x70. Using the same exploit, would it be possible to create a custom CRO to syscall 0x7B for creating ram dumps?

Again, sorry for my limited 3DS knowledge, baby steps :)
 
  • Like
Reactions: Psi-hate

Arisotura

rise of melonism
Member
Joined
Dec 5, 2009
Messages
839
Trophies
1
Age
30
Location
center of the Sun
Website
kuribo64.net
XP
2,498
Country
France
Syscall 0x7B isn't usable easily on the ARM11.

You need to pass it a kernel virtual address while you're typically in user mode. And you need to write your code in a memory region that will be writable in user mode and executable in kernel mode.
 

filfat

CTO @ Nordcom Group Inc.
Member
Joined
Nov 24, 2012
Messages
1,261
Trophies
1
Location
Gothenburg, Sweden
Website
www.sweetsideofsweden.com
XP
1,749
Country
Sweden
Now can someone make a new ninjhax with kernel access and all RAM?
You really think he wouldn't have done it already if the exploit used in ninjhax allowed you to?
Its a little bit like saying "now we have the ingredients to a pizza so lets make pie!"
 

Slushie3DS

Cold Beverage Lover
Member
Joined
Jan 9, 2015
Messages
707
Trophies
0
Age
29
XP
420
Country
United States
While I was reading, I was hopeful that there would be a way to use GPU DMA hack to load a minimal homebrew setup through a webkit exploit, but Smea stated that spider/SKATER's .text is out of range. Hopefully, other people are seeing further than I am.
 

smealum

growing up sucks.
Member
Joined
May 1, 2006
Messages
635
Trophies
2
Age
31
Location
SF
Website
www.smealum.net
XP
2,517
Country
United States
While I was reading, I was hopeful that there would be a way to use GPU DMA hack to load a minimal homebrew setup through a webkit exploit, but Smea stated that spider/SKATER's .text is out of range. Hopefully, other people are seeing further than I am.

you could just do spiderhax => rohax => full code exec under spider
 
  • Like
Reactions: pelago

smealum

growing up sucks.
Member
Joined
May 1, 2006
Messages
635
Trophies
2
Age
31
Location
SF
Website
www.smealum.net
XP
2,517
Country
United States
Whoa, I wasn't expecting a reply from you. Doing this would give us the same possibilities as Ninjhax, and would cut out the need for a cartridge, no?

spider has access to way less RAM, and it would require an internet connection every time you want to run homebrew, so it would be somewhat impractical.
 
  • Like
Reactions: SLiV3R

Slushie3DS

Cold Beverage Lover
Member
Joined
Jan 9, 2015
Messages
707
Trophies
0
Age
29
XP
420
Country
United States
spider has access to way less RAM, and it would require an internet connection every time you want to run homebrew, so it would be somewhat impractical.

Hmm, I may take a crack at it just for the novelty. It could be used for other things, possibly. Text editors and other trivial stuff.

So, if spider is out of the equation, can you think of any other way?

Edit: Also, you're getting thoroughly trashed by some casuals.
 

smealum

growing up sucks.
Member
Joined
May 1, 2006
Messages
635
Trophies
2
Age
31
Location
SF
Website
www.smealum.net
XP
2,517
Country
United States
Hmm, I may take a crack at it just for the novelty. It could be used for other things, possibly. Text editors and other trivial stuff.

So, if spider is out of the equation, can you think of any other way?

Edit: Also, you're getting thoroughly trashed by some casuals.

well, one nice thing about spider is that it's an applet, so it can run concurrently with an application.

what you could do is essentially the reverse from what ninjhax does, ie takeover an app from spider rather than takeover spider from an app. for instance, have the user run mii plaza or whatever, then return to menu and run spiderhax.

of course this makes the booting process more cumbersome but it would work.
 
  • Like
Reactions: SLiV3R

Slushie3DS

Cold Beverage Lover
Member
Joined
Jan 9, 2015
Messages
707
Trophies
0
Age
29
XP
420
Country
United States
well, one nice thing about spider is that it's an applet, so it can run concurrently with an application.

what you could do is essentially the reverse from what ninjhax does, ie takeover an app from spider rather than takeover spider from an app. for instance, have the user run mii plaza or whatever, then return to menu and run spiderhax.

of course this makes the booting process more cumbersome but it would work.

My only concern is the POWER. People bend over back for the ability to run 3rd party apps. They paid 40 USD+ for a terrible game just to do that, so I'm sure they wouldn't mind a bit of work to get their prize.
 

gudenau

Largely ignored
Member
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,588
Country
United States
well, one nice thing about spider is that it's an applet, so it can run concurrently with an application.

what you could do is essentially the reverse from what ninjhax does, ie takeover an app from spider rather than takeover spider from an app. for instance, have the user run mii plaza or whatever, then return to menu and run spiderhax.

of course this makes the booting process more cumbersome but it would work.

So, Pokéhax?
 

Slushie3DS

Cold Beverage Lover
Member
Joined
Jan 9, 2015
Messages
707
Trophies
0
Age
29
XP
420
Country
United States
Wait, smealum, on the OFF chance that we are somehow able to obtain kernel access, would that mean we could somehow use a webkit exploit to execute code to install a boot.cia from your SDHC? Example: Putting the .cia on your SDHC, going to a webpage, and clicking a button activator to start the process so we could install the homebrew launcher directly to our 3DS home menu.
 

gudenau

Largely ignored
Member
Joined
Jul 7, 2010
Messages
3,882
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
5,588
Country
United States
Wait, smealum, on the OFF chance that we are somehow able to obtain kernel access, would that mean we could somehow use a webkit exploit to execute code to install a boot.cia from your SDHC? Example: Putting the .cia on your SDHC, going to a webpage, and clicking a button activator to start the process so we could install the homebrew launcher directly to our 3DS home menu.

We need the keys before we could do that. (Not the ones we have)
 

Slushie3DS

Cold Beverage Lover
Member
Joined
Jan 9, 2015
Messages
707
Trophies
0
Age
29
XP
420
Country
United States
We need the keys before we could do that. (Not the ones we have)

5tRFgj1.gif
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • K3Nv2 @ K3Nv2:
    Bigonya is born and raised north Korea what he says goes
    +1
  • BigOnYa @ BigOnYa:
    I travel to the USA for work everyday, then go back to N Korea in evenings to be with my 17 kids and wife. Its a rough ride on a bicycle each way uphill and barefoot.
    +1
  • K3Nv2 @ K3Nv2:
    You mean 12 wives you're not sure if the 5 are yours
    +1
  • BigOnYa @ BigOnYa:
    True, they are government issued.
    +1
  • K3Nv2 @ K3Nv2:
    Bigonya real name is kim
  • BigOnYa @ BigOnYa:
    Nuh that's all the kids names tho, Kim 1, Kim 2, etc
  • K3Nv2 @ K3Nv2:
    @Xdqwerty could be yours
    +1
  • BigOnYa @ BigOnYa:
    Nuh he is Putin's
    +1
  • K3Nv2 @ K3Nv2:
    He isn't nuke hungry
  • BigOnYa @ BigOnYa:
    This game "The Quarry" is nuts, I thought the hillbillies were the killers, plot twist
  • K3Nv2 @ K3Nv2:
    Hillbillies are peaceful it's fox news that makes them look bad
    +1
  • K3Nv2 @ K3Nv2:
    Heard an old coworker passed away sad guy worked there like 30 years
  • BakerMan @ BakerMan:
    my condolences
    +1
  • BigOnYa @ BigOnYa:
    Yea sorry to hear. I just found out other day my buddy from high school OD on fentynal. Is sad, esp after years of on/off drugs, rehab, in/out of jail, he still couldn't fight his addiction. He was 49. Luckily never married or any kids.
  • SylverReZ @ SylverReZ:
    @BigOnYa, I'm sorry to hear that.
    +1
  • Xdqwerty @ Xdqwerty:
    Brb
  • BigOnYa @ BigOnYa:
    That's life unfortunately. He choose his own path.
    +2
  • K3Nv2 @ K3Nv2:
    Rehab only helps if you want it to help
    +3
  • BigOnYa @ BigOnYa:
    He even went to jail for 3 years for supplying heroin to someone who od and died, then he got out of jail and was clean for couple months, then right back to it, is sad. We all thought him seeing his friend die because of him, and going to jail was enough to scare him away from it ever again but no.
  • BigOnYa @ BigOnYa:
    Drugs are bad mkay. I don't do drugs, I just smoke weed.
    +1
  • Xdqwerty @ Xdqwerty:
    @BigOnYa, i do want drugs
  • BigOnYa @ BigOnYa:
    No you dont, they only lead to bigger, worst problems. You should focus on school and knowledge, that is the real high.
  • Xdqwerty @ Xdqwerty:
    @BigOnYa, knowledge doesnt work cuz i always forget stuff
  • Xdqwerty @ Xdqwerty:
    Most stuff
    Xdqwerty @ Xdqwerty: Most stuff