Time to call some BS out

Status
Not open for further replies.

Joel16

Ils ne passeront pas
OP
Member
Joined
May 8, 2011
Messages
927
Trophies
2
Age
25
Location
Doesn't concern you.
XP
4,905
Country
United States
I've been lurking in GBATemp for a while now, and I've noticed this one user who goes around making claims about 'dumping bootroms' and mentioning 'twl menus' and what not. Basically all this guy has been saying is a bunch of bullshit. I mean take a look at his github. His commits are a bunch of crap. If you have a look at his forks any developer would notice that all he's basically doing is deleting a bunch of code and making string changes or very minimal code changes that basically doesn't change anything. What I'd think is, he's probably doing this to add more to his github activity? I don't know. I hate how he's making claims that every other well known developer has denied possibility of said exploit or whatever.

I'm probably going to get hate for calling him out but here goes. @olec04 why don't you explain just how you manage to 'dump bootroms' and how you're 'getting into this twl shit'. I don't have anything against you but I'm sick of seeing people like you get other user's hopes up when you can barely code and make baseless claims without proof. This is the reason I'm calling you out. Having reverse engineered certain prx modules for the PSP, I highly doubt you can reverse engineering anything yet alone code kernel level programs.
 
Last edited by Joel16,

olec04

Working on Project Heaven!
Banned
Joined
Apr 10, 2015
Messages
851
Trophies
0
Location
Trying to downgrade on 11.0 via AM services
XP
75
Country
United States
Ikr that guys sucks BTW TwlMenu exists in the dsi SDK and the bootrom dumping method im gonna use is documented on 3dbrew
My github truely does suck.
ARM9's and ARM11's exception vectors are hardcoded to point at the CPU's internal memory (0x08000000 region for ARM9, AXIWRAM for ARM11). While the bootrom does set them up to point to an endless loop at some point during boot, it does not do so immediately. As such, a carefully-timed fault injection (via hardware) to trigger an exception (such as an invalid instruction) will cause execution to fall into ARM9 RAM.

Since RAM isn't cleared on boot (see below), one can immediately start execution of their own code here to dump bootrom, OTP, etc. The ARM9 bootrom does the following at reset: reset vector branches to another instruction, then branches to bootrom+0x8000. Hence, there's no way to know for certain when exactly the ARM9 exception-vector data stored in memory gets initialized.
 
Status
Not open for further replies.

You may also like...

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: Lol