[Unconfirmed] ARM11 Kernel Vulnerability under 10.0.0-X

[Ekaitz]

Same, but I was on 9.2 and I didn't know there was cfw.

I had a 9.2 O3DS XL that was running rxTools... And it was stolen. Bought a n3DS that was 9.5, that's the game.

 

[Imparasite]

finally its time for N3DS/XL 9.3+ firmware exploits, if its real its a BIG SLAP on the face for Gateshit lol cant wait for it

 

[VaiCorinthians]

So there's no exploit or vulnerability?
9.9 arm11 kernel vulnerability is dead for now?

 

[intensje]

yes, probably better to close this thread because no-one will read all pages and then just ask

 

[Bubsy Bobcat]

So... n-no, downgrading?

 

[bakurage]

My hope...

 

[Intronaut]

finally its time for N3DS/XL 9.3+ firmware exploits, if its real its a BIG SLAP on the face for Gateshit lol cant wait for it

LOL, it's not happening yet. Also, your avatar skull looks like to the skull of the Blue/MT-card team

 

[Deleted member 370671]

So there's no exploit or vulnerability?
9.9 arm11 kernel vulnerability is dead for now?

No, there is no (public) kernel exploit for 9.3+ right now.
Yes, there is a vulnerability ; it is useless (or it seems like it for now at least), but it's still a vulnerability.
Finally, there is no ARM11 (public) kernel exploit at the moment, but it isn't "dead". I'm fairly sure there is one (even an ARM9), we just don't know what it is yet.

 

[173210]

You really shouldn't make a thread until you at least have something. Anything...

> If you know how to find the actual code of SVC, please tell me.
See?

 

[GoodCookie88]

> If you know how to find the actual code of SVC, please tell me.
See?

What does this mean?

 

[173210]

What does this mean?

So I need other developers help. I don't know 3DS well and I don't have so much time.

 

[Normmatt]

So I need other developers help. I don't know 3DS well and I don't have so much time.

the SVC code is in native firm... It's already been pointed out that this is useless... it can't be exploited...

 

[173210]

the SVC code is in native firm... It's already been pointed out that this is useless... it can't be exploited...

I want to confirm that. The results of my experiments conflict with the description on 3dbrew.org.

 

[Normmatt]

I want to confirm that. The results of my experiments conflict with the description on 3dbrew.org.

If you mean your first post's experiments then no they don't...

 

[GoodCookie88]

I want to confirm that. The results of my experiments conflict with the description on 3dbrew.org.

A question are you sure you can go anywhere with this?

 

[173210]

If you mean your first post's experiments then no they don't...

Update on 3dbrew.org
The previous version also allowed large negative s32_processorid values(negative processorid values are special values not actual procids), but it appears using values like that won't actually do anything(meaning no crash) besides the thread not running / thread not running for a while(besides triggering a kernelpanic with certain s32_processorid value(s)).

According to 3dbrew.org, s32_processorid should be larger than -4, which is the code-reversed value of the number of n3ds core.
So I carried out another experiment. It crashed when it took -4 as processorid on n3ds. So it may write the data in the same place as it does when it took 4 as processorid. It's still not clear whether it's exploitable or not.

 

[ric.]

A question are you sure you can go anywhere with this?

He isn't, that's the whole point of doing research. He needs to know for sure if it can be exploited or not.

 

[173210]

A question are you sure you can go anywhere with this?

I'm not sure "go anywhere" means, but if it means whether I can write the data anywhere, I'm not sure.

 

[GoodCookie88]

I'm not sure "go anywhere" means, but if it means whether I can write the data anywhere, I'm not sure.

Oh I see but if your "experiments" work out do you know what to do next ?

 

[lemanuel]

Oh I see but if your "experiments" work out do you know what to do next ?

Probably congratulate himself?

Just let the guy work in peace. If he can find anything, it's up to him what to do with the info anyway.