Hacking What was patched in 9.3 that prohibits the OoT exploit?

pokemoner2500

Well-Known Member
OP
Member
Joined
Aug 14, 2013
Messages
881
Trophies
0
Age
23
XP
1,471
Country
United States
So I read that it only supports up to 9.2, it doesn't require internet (from what i can tell) so why does it not work on 9.3+?
 

motezazer

Well-Known Member
Member
Joined
Feb 6, 2015
Messages
1,214
Trophies
0
Age
23
XP
1,432
Country
France
Because OOT is only the entrypoint. To get full control of the console, Gateway uses 3 more flaws :
-gspwn (not corrected yet)
-memchunkhax, to gain kernel control (corrected in 9.3)
-firmlaunchhax, to take over the security processor (corrected in 9.5)

So as ONE system flaw is fixed in 9.3, it doesn't work
 

Gadorach

Electronics Engineering Technologist
Member
Joined
Jan 22, 2014
Messages
965
Trophies
0
Location
Canada
XP
923
Country
Canada
Think of it this way. This game exploit is a car key, and the kernel is an engine. As it turns out, there's more than one shape of key this car will accept. With each new key we find, we can start the car in different ways.

The problem is, the car only starts because there's a flaw in the key-slot, so all these odd keys are working. Nintendo got mad that the keys were working, but didn't want to make a new lock, so instead, they just made the engine only start when the owners voice was heard. As a result, though the keys themselves work, the engine won't start unless Nintendo asks it to nicely first.

As long as you don't let Nintendo update your engine, the keys will always work to turn on your current engine. If you let Nintendo update your engine, the keys will still open the doors, but the engine wont start.
 

pokemoner2500

Well-Known Member
OP
Member
Joined
Aug 14, 2013
Messages
881
Trophies
0
Age
23
XP
1,471
Country
United States
Think of it this way. This game exploit is a car key, and the kernel is an engine. As it turns out, there's more than one shape of key this car will accept. With each new key we find, we can start the car in different ways.

The problem is, the car only starts because there's a flaw in the key-slot, so all these odd keys are working. Nintendo got mad that the keys were working, but didn't want to make a new lock, so instead, they just made the engine only start when the owners voice was heard. As a result, though the keys themselves work, the engine won't start unless Nintendo asks it to nicely first.

As long as you don't let Nintendo update your engine, the keys will always work to turn on your current engine. If you let Nintendo update you engine, the keys will still open the doors, but the engine wont start.

That actually made sense lol, ok!
 

Maximilious

*whistles his distinct tune*
Member
Joined
Nov 21, 2014
Messages
2,570
Trophies
0
XP
1,834
Country
United States
Think of it this way. This game exploit is a car key, and the kernel is an engine. As it turns out, there's more than one shape of key this car will accept. With each new key we find, we can start the car in different ways.

The problem is, the car only starts because there's a flaw in the key-slot, so all these odd keys are working. Nintendo got mad that the keys were working, but didn't want to make a new lock, so instead, they just made the engine only start when the owners voice was heard. As a result, though the keys themselves work, the engine won't start unless Nintendo asks it to nicely first.

As long as you don't let Nintendo update your engine, the keys will always work to turn on your current engine. If you let Nintendo update your engine, the keys will still open the doors, but the engine wont start.


This kids going places... In more than one way!!
 

nl255

Well-Known Member
Member
Joined
Apr 9, 2004
Messages
2,984
Trophies
0
XP
2,521
Country
Or more to the point. The Zelda exploit merely opens the car door. You still need another one to bypass the ignition lock and a third to bypass the engine computer lockout.
 
  • Like
Reactions: Margen67

Gadorach

Electronics Engineering Technologist
Member
Joined
Jan 22, 2014
Messages
965
Trophies
0
Location
Canada
XP
923
Country
Canada
Or more to the point. The Zelda exploit merely opens the car door. You still need another one to bypass the ignition lock and a third to bypass the engine computer lockout.
As true as that is, the point is to follow the KISS rule. Not everyone on this forum understands the ways in which these exploits work, so making it simple, or more relatable, is the best way to get your point across. Just because something is complex in nature, doesn't mean you need to force that expanded information onto others for them to understand why it works. Plus, if you try, you'll either confuse them due to them not having the technical background, or they simply won't care enough to absorb it, rendering your effort wasted.

Those of us who get it either worked on this stuff for a long time, or we researched it as an enthusiast until our eyes bled. You can't expect the same from anyone who isn't an enthusiast.
 

tony_2018

Well-Known Member
Member
Joined
Jan 3, 2014
Messages
3,107
Trophies
0
XP
1,002
Country
United States
I believe it was cubic ninja itself that got blocked, Link made an attempt to bypass security checkpoints but the big N said "nah ah bitch".
 

Gadorach

Electronics Engineering Technologist
Member
Joined
Jan 22, 2014
Messages
965
Trophies
0
Location
Canada
XP
923
Country
Canada
I believe it was cubic ninja itself that got blocked, Link made an attempt to bypass security checkpoints but the big N said "nah ah bitch".
Actually, the core exploit in Cubic Ninja still works just fine, even on the latest firmware. However, without access to gspwn through memchunkhax, it cannot do anything with that exploit. The same applies to the OOT entry point. They are just basic code-loaders, they can't really do anything much on their own.
 

zoogie

playing around in the dsiware
Developer
Joined
Nov 30, 2014
Messages
8,468
Trophies
2
XP
14,183
Country
Micronesia, Federated States of
Firmlaunch hax is what is used to get warez to work (arm9 control) on 9.2. You need arm11 kernel (memhunk-patched in 9.3) to even reach it. The Zelda save hax is arm11 userland.

(3dbrew.org)
firmlaunch-hax: FIRM header ToCToU
This can't be exploited from ARM11 userland.
During FIRM launch, the only FIRM header the ARM9 uses at all is stored in FCRAM, this is 0x200-bytes(the actual used FIRM RSA signature is read to the Process9 stack however). The ARM9 doesn't expect "anything" besides the ARM9 to access this data. With 9.5.0-22 the address of this FIRM header was changed from a FCRAM address, to ARM9-only address 0x01fffc00.
 

Gadorach

Electronics Engineering Technologist
Member
Joined
Jan 22, 2014
Messages
965
Trophies
0
Location
Canada
XP
923
Country
Canada
Firmlaunch hax is what is used to get warez to work (arm9 control) on 9.2. You need arm11 kernel (memhunk-patched in 9.3) to even reach it. The Zelda save hax is arm11 userland.

(3dbrew.org)
firmlaunch-hax: FIRM header ToCToU
This can't be exploited from ARM11 userland.
During FIRM launch, the only FIRM header the ARM9 uses at all is stored in FCRAM, this is 0x200-bytes(the actual used FIRM RSA signature is read to the Process9 stack however). The ARM9 doesn't expect "anything" besides the ARM9 to access this data. With 9.5.0-22 the address of this FIRM header was changed from a FCRAM address, to ARM9-only address 0x01fffc00.
Which is totally accurate, but again, the OP won't understand it. Just dumping intensive information on a person that's not regularly part of the scene isn't going to get you anywhere with them. As far as information is concerned, and questions answered, this thread has been resolved already. No point in dumping programmer-specific information on a novice, it's the same as telling a cat how to cook a hamburger. The cat might like the result, but it certainly won't understand the process in which you took to get there.
 
  • Like
Reactions: gamesquest1

You may also like...

General chit-chat
Help Users
    sombrerosonic @ sombrerosonic: you'll have to dismaletle me to get to them +1