Toggle sidebar

Hacking [SPECULATION] SSSpwn allows kernel access?

  • Thread starter Thread starter memomo
  • Start date Start date
  • Views Views 73,531
  • Replies Replies 408
  • Likes Likes 6
Status
Not open for further replies.
The exploit and Homebrew Channel are not installed on the system. It is installed in the writable portion of the game card. No kernel access is ever used. End of story.
 
ken28 said:
overwriting an systemodul souns pretty kernel for me.
Click to expand...
It doesn't overwrite any system modules, if it did, the whole firmware would become corrupt because it's signed and you can't just randomly resign it. As it stands today, the firmware is wholly protected. If HBMenu uses services and syscalls, it can only use them because Cubic Ninja can - it inherits privileges. It's the exact same case with VHBL and userland exploits - they can run code, but only to the extent of what the original binary was allowed to do.
 
  • Like
Reactions: Refriger8tor and Danjal
endoverend said:
Ooohhhh okay. So Relys, the guy who *ahem* analyzed the exploit probably knows more about how it works that the guy who made the exploit. Noooww I get it. I herd Smealum iz illuminaty, too.
Click to expand...

well we are talking about the guy who created the decryptors Nand and decryptor I'm pretty sure relys is able to understand a basic exploit ;3
 
All this guy does is talk shit, I wouldn't take his word for it.
However, that doesn't mean SSSpwn doesn't obtain kernel access. A while back it was claimed that you could not execute unsigned code without a kernel exploit. So if there's no kernel exploit there is at least something beyond simply userland that allows running homebrew.
I'll take smea's word for it that it doesn't obtain kernel access for now though :)
 
endoverend said:
Decryptors for 3DS games. Not userland exploits.
Even if he is right, that still doesn't mean kernel access.
Click to expand...

well he also released his nand decryptor ;3
and if he is able to get and decryption I'm pretty sure he will understand user land

WaryLouka said:
Not really basic
Click to expand...

userland ;3
 
The Real Jdbye said:
All this guy does is talk shit, I wouldn't take his word for it.
However, that doesn't mean SSSpwn doesn't obtain kernel access. A while back it was claimed that you could not execute unsigned code without a kernel exploit. So if there's no kernel exploit there is at least something beyond simply userland that allows running homebrew.
I'll take smea's word for it that it doesn't obtain kernel access for now though :)
Click to expand...
That's the magic of it - Cubic Ninja is signed, it's a legit retail game. For all the ARM knows, the code is signed and verified - eXecute Never doesn't kick in because it thinks it's running something else entirely.
 
  • Like
Reactions: Margen67, Danjal and gamefan5
1. QR Code Overflow
2. Jump to ROP chain in QR code payload
3. Download AES encrypted payload smealum.net/ninjhax/p/POST5_WEST_4096_4096.bin from internet.
4. Escalate privilege level by overwriting a sysmodule.
5. Transfer execution over to boot.3dsx
Click to expand...

Ok, according to professionals, it is clearly written that the escalated privilege we got is Kernel mode. Of course, all other levels are impossible to be escalated because idiots are claiming it can only be the kernel.

I will also quote Foxi4;

It doesn't overwrite any system modules, if it did, the whole firmware would become corrupt because it's signed and you can't just randomly resign it. As it stands today, the firmware is wholly protected. If HBMenu uses services and syscalls, it can only use them because Cubic Ninja can - it inherits privileges. It's the exact same case with VHBL and userland exploits - they can run code, but only to the extent of what the original binary was allowed to do.
Click to expand...
 
  • Like
Reactions: tyons
The Real Jdbye said:
All this guy does is talk shit, I wouldn't take his word for it.
However, that doesn't mean SSSpwn doesn't obtain kernel access. A while back it was claimed that you could not execute unsigned code without a kernel exploit. So if there's no kernel exploit there is at least something beyond simply userland that allows running homebrew.
I'll take smea's word for it that it doesn't obtain kernel access for now though :)
Click to expand...

lolz ya I'm done arguing with everyone :P ill just keep my eye on gateway :3
 
AndrewPH said:
The burden of proof lies on the accuser, in this case GovanifY.
Click to expand...
So far GovanifY's only achievement was leaking something he hasn't even made himself, so his word isn't exactly worth much. He's more than welcome to demonstrate kernel-level access if he feels like it. In fact, anyone can investigate this - Homebrew Launcher is open source. Go nuts. ;)
 
  • Like
Reactions: endoverend and the_randomizer
smea said he is willing to add region free support, and I don't think how such thing could be possible without kernel access...
 
Two questions that I present to the members who read this thread, *ahem*

One - Who the hell is this guy?
Two - Why the hell should we care what he says again?

/useful informative thread

Edit: Ah, so he's the little braggart that leaked the CFW, meaning, whatever little credibility he "had" is lost. Just another fine day in the 3DS scene :rolleyes:
 
  • Like
Reactions: endoverend
Esppiral said:
smea said he is willing to add region free support, and I don't think how such thing could be possible without kernel access...
Click to expand...
I don't remember him ever saying that, but such a modification would normally require kernel level access, unless there's some clever trick up smea's sleeve.
 
Foxi4 said:
So far GovanifY's only achievement was leaking something he hasn't even made himself, so his word isn't exactly worth much. He's more than welcome to demonstrate kernel-level access if he feels like it. In fact, anyone can investigate this - Homebrew Launcher is open source. Go nuts. ;)
Click to expand...
the launcher is, not the exploit.
The question will still remain even if weaker until sources of the exploit are released.
 
Foxi4 said:
I don't remember him ever saying that, but such a modification would normally require kernel level access, unless there's some clever trick up smea's sleeve.
Click to expand...
he did, but somewhere he also said its quite compilcated if i remember right.
c7a053490172fd8a3e66f539f69d790d.jpg
 
  • Like
Reactions: Margen67 and the_randomizer
Foxi4 said:
That's the magic of it - Cubic Ninja is signed, it's a legit retail game. For all the ARM knows, the code is signed and verified - eXecute Never doesn't kick in because it thinks it's running something else entirely.
Click to expand...
You still can't execute your own code though.
I'm talking about a different level of protection, memory protection.
It doesn't get write access to executable regions of memory, and there's no access to setting memory to be executable either. So there should be no way to actually execute your own code even if you can load it without a kernel exploit.
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

[WIP] SMW 3DS Port - Early Playable Demo by ZalgonEn

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Homebrew  [Progress update] LCE Minecraft 3ds

Gaming  any good rpgs on 3ds?