NULL

Using custom launcher.dat with Gateway Go

Discussion in '3DS - Flashcards & Custom Firmwares' started by AtlanticBit, Jan 16, 2015.

  1. MRJPGames

    MRJPGames Pretty great guy

    Member
    7
    Aug 17, 2013
    Netherlands
    The Netherlands
    It seems that this already is possible as smealums regionthree uses gw go.
     
  2. shutterbug2000

    shutterbug2000 Cubic NINJHAX!

    Member
    12
    Oct 11, 2014
    United States

    But how would I use that to run homebrew? As in, blargSnes, gameboy emulator(forget what its called), etc. How could I do this?
     
  3. MRJPGames

    MRJPGames Pretty great guy

    Member
    7
    Aug 17, 2013
    Netherlands
    The Netherlands
    That would be pretty hard, you would have to find a way to enable the correct services to do this. It might be possible to take over a running application (in the same way regionthree takes over Download Play to get the ns:s service).
     
  4. shutterbug2000

    shutterbug2000 Cubic NINJHAX!

    Member
    12
    Oct 11, 2014
    United States
    So, it's pretty much impossible?
     
  5. MRJPGames

    MRJPGames Pretty great guy

    Member
    7
    Aug 17, 2013
    Netherlands
    The Netherlands
    I wouldn't say impossible, but most likely extremely hard.
     
  6. shutterbug2000

    shutterbug2000 Cubic NINJHAX!

    Member
    12
    Oct 11, 2014
    United States
    Well, what I was thinking was modifying the .dat file to include the code, but it might still require that.
     
  7. MRJPGames

    MRJPGames Pretty great guy

    Member
    7
    Aug 17, 2013
    Netherlands
    The Netherlands
    To include what code exactly?
     
  8. shutterbug2000

    shutterbug2000 Cubic NINJHAX!

    Member
    12
    Oct 11, 2014
    United States
    Well, if you look up in this thread, someone who RE'd the gw launcher explained how he injected homebrew into the gw launcher, and it worked. (At least, that's what I got from it.) However, I don't understand exactly how to do it. That's where I need help.
     
  9. krisztian1997

    krisztian1997 GBAtemp Fan

    Member
    3
    Dec 14, 2013
    Romania
    The code from gateway which does all the exploiting and then instead of loading their launcher load your own homebrew, from what I understood the new code gives you rights to do everything so no need to take over other services.
     
  10. Sizednochi

    Sizednochi GBAtemp Advanced Fan

    Member
    5
    Dec 16, 2012
    Brazil
    The hero we need, not the one we deserve
     
    SLiV3R likes this.
  11. MRJPGames

    MRJPGames Pretty great guy

    Member
    7
    Aug 17, 2013
    Netherlands
    The Netherlands
    [​IMG]
    Take this our needed yet undeserved hero.
     
    Margen67 and Sizednochi like this.
  12. shutterbug2000

    shutterbug2000 Cubic NINJHAX!

    Member
    12
    Oct 11, 2014
    United States
    This is the post I was looking at. Would there be any way to automatically do that process?
     
  13. MRJPGames

    MRJPGames Pretty great guy

    Member
    7
    Aug 17, 2013
    Netherlands
    The Netherlands
    Waaaiit... WHAT?
     
  14. shutterbug2000

    shutterbug2000 Cubic NINJHAX!

    Member
    12
    Oct 11, 2014
    United States
    "It's pretty easy actually. Compile your ARM11 userland code (make sure it starts with a NOP), encrypt it with the shitty stream cipher described in my first post (along with the original part 2). Find the offset to the encrypted payload for your FW version (diff my annotated ROP payload with the go hax for your FW version, the gadgets are the same) and replace it with part 2 + your custom ARM code. and it will run.

    Or what I did was replace two words in the first stage to skip the decryption. Then you don't have to bother encrypting/decrypting each time you make a change."

    ^^ How EXACTLY would I do this process?
     
  15. MRJPGames

    MRJPGames Pretty great guy

    Member
    7
    Aug 17, 2013
    Netherlands
    The Netherlands
    IDK, you could look at the source of regionthree. Region three has the rop source code and the compiled .dat file so it should be possible (and has been done).
    https://github.com/smealum/regionthree
     
    Margen67 likes this.
  16. shutterbug2000

    shutterbug2000 Cubic NINJHAX!

    Member
    12
    Oct 11, 2014
    United States
    Well, I don't know what to do. According to smealum's github "not code execution, either userland or kernel", seems to mean you don't actually execute code with regionthree. I don't know how this can even be done. If anyone knows how I could run homebrew through the Web exploit, please let me know. I think there's just something I'm missing here.
     
    Margen67 likes this.
  17. MRJPGames

    MRJPGames Pretty great guy

    Member
    7
    Aug 17, 2013
    Netherlands
    The Netherlands
    It runs ROP code.
     
    Margen67 likes this.
  18. shutterbug2000

    shutterbug2000 Cubic NINJHAX!

    Member
    12
    Oct 11, 2014
    United States

    Isn't that the same code the ds profile exploit uses? Could this be used to run the cfw installer??
     
    Margen67 likes this.
  19. MRJPGames

    MRJPGames Pretty great guy

    Member
    7
    Aug 17, 2013
    Netherlands
    The Netherlands
    yes, but most likely only on 9.2 and below (unlike regionthree)
     
    Margen67 likes this.
  20. shutterbug2000

    shutterbug2000 Cubic NINJHAX!

    Member
    12
    Oct 11, 2014
    United States
    That's fine, do you have any idea how to do it?
     
    Margen67 likes this.
Loading...