What was patched in 9.3 that prohibits the OoT exploit?

Discussion in '3DS - Flashcards & Custom Firmwares' started by pokemoner2500, Mar 13, 2015.

  1. pokemoner2500
    OP

    pokemoner2500 GBAtemp Advanced Fan

    Member
    846
    276
    Aug 14, 2013
    United States
    So I read that it only supports up to 9.2, it doesn't require internet (from what i can tell) so why does it not work on 9.3+?
     
  2. W4T4R1

    W4T4R1 GBAtemp Fan

    Member
    423
    223
    Aug 20, 2014
    Italy
    I think is the kernel exploit used to launch the Gateway mode that has been patched
     
  3. Ra1d

    Ra1d GBAtemp Maniac

    Member
    1,207
    679
    Jul 31, 2010
    Canada
    Well if Gateway says it doesn't, then it doesn't, they won't lie to you, because they're actually interested in new customers.
     
  4. Duo8

    Duo8 I don't like video games

    Member
    3,440
    1,140
    Jul 16, 2013
    memchunkhax IIRC.
     
    Margen67 and RainThunder like this.
  5. pokemoner2500
    OP

    pokemoner2500 GBAtemp Advanced Fan

    Member
    846
    276
    Aug 14, 2013
    United States
    I'm just curious, i'm not saying they're lying...
     
    Ra1d likes this.
  6. motezazer

    motezazer GBAtemp Maniac

    Member
    1,214
    1,306
    Feb 6, 2015
    France
    Because OOT is only the entrypoint. To get full control of the console, Gateway uses 3 more flaws :
    -gspwn (not corrected yet)
    -memchunkhax, to gain kernel control (corrected in 9.3)
    -firmlaunchhax, to take over the security processor (corrected in 9.5)

    So as ONE system flaw is fixed in 9.3, it doesn't work
     
    Ra1d, Margen67 and RainThunder like this.
  7. Gadorach

    Gadorach Electronics Engineering Technologist

    Member
    952
    686
    Jan 22, 2014
    Canada
    Canada
    Think of it this way. This game exploit is a car key, and the kernel is an engine. As it turns out, there's more than one shape of key this car will accept. With each new key we find, we can start the car in different ways.

    The problem is, the car only starts because there's a flaw in the key-slot, so all these odd keys are working. Nintendo got mad that the keys were working, but didn't want to make a new lock, so instead, they just made the engine only start when the owners voice was heard. As a result, though the keys themselves work, the engine won't start unless Nintendo asks it to nicely first.

    As long as you don't let Nintendo update your engine, the keys will always work to turn on your current engine. If you let Nintendo update your engine, the keys will still open the doors, but the engine wont start.
     
    bowser, Vickyle, emmanu888 and 4 others like this.
  8. pokemoner2500
    OP

    pokemoner2500 GBAtemp Advanced Fan

    Member
    846
    276
    Aug 14, 2013
    United States
    That actually made sense lol, ok!
     
  9. Maximilious

    Maximilious GBAtemp Addict

    Member
    2,096
    883
    Nov 21, 2014
    United States

    This kids going places... In more than one way!!
     
  10. nl255

    nl255 GBAtemp Addict

    Member
    2,582
    364
    Apr 9, 2004
    Or more to the point. The Zelda exploit merely opens the car door. You still need another one to bypass the ignition lock and a third to bypass the engine computer lockout.
     
    Margen67 likes this.
  11. Gadorach

    Gadorach Electronics Engineering Technologist

    Member
    952
    686
    Jan 22, 2014
    Canada
    Canada
    As true as that is, the point is to follow the KISS rule. Not everyone on this forum understands the ways in which these exploits work, so making it simple, or more relatable, is the best way to get your point across. Just because something is complex in nature, doesn't mean you need to force that expanded information onto others for them to understand why it works. Plus, if you try, you'll either confuse them due to them not having the technical background, or they simply won't care enough to absorb it, rendering your effort wasted.

    Those of us who get it either worked on this stuff for a long time, or we researched it as an enthusiast until our eyes bled. You can't expect the same from anyone who isn't an enthusiast.
     
    gamesquest1 and Vickyle like this.
  12. tony_2018

    tony_2018 GBAtemp Psycho!

    Member
    3,106
    1,050
    Jan 3, 2014
    United States
    I believe it was cubic ninja itself that got blocked, Link made an attempt to bypass security checkpoints but the big N said "nah ah bitch".
     
  13. Gadorach

    Gadorach Electronics Engineering Technologist

    Member
    952
    686
    Jan 22, 2014
    Canada
    Canada
    Actually, the core exploit in Cubic Ninja still works just fine, even on the latest firmware. However, without access to gspwn through memchunkhax, it cannot do anything with that exploit. The same applies to the OOT entry point. They are just basic code-loaders, they can't really do anything much on their own.
     
  14. zoogie

    zoogie simple pimp tool

    Member
    6,345
    8,044
    Nov 30, 2014
    United States
    Firmlaunch hax is what is used to get warez to work (arm9 control) on 9.2. You need arm11 kernel (memhunk-patched in 9.3) to even reach it. The Zelda save hax is arm11 userland.

    (3dbrew.org)
    firmlaunch-hax: FIRM header ToCToU
    This can't be exploited from ARM11 userland.
    During FIRM launch, the only FIRM header the ARM9 uses at all is stored in FCRAM, this is 0x200-bytes(the actual used FIRM RSA signature is read to the Process9 stack however). The ARM9 doesn't expect "anything" besides the ARM9 to access this data. With 9.5.0-22 the address of this FIRM header was changed from a FCRAM address, to ARM9-only address 0x01fffc00.
     
  15. Gadorach

    Gadorach Electronics Engineering Technologist

    Member
    952
    686
    Jan 22, 2014
    Canada
    Canada
    Which is totally accurate, but again, the OP won't understand it. Just dumping intensive information on a person that's not regularly part of the scene isn't going to get you anywhere with them. As far as information is concerned, and questions answered, this thread has been resolved already. No point in dumping programmer-specific information on a novice, it's the same as telling a cat how to cook a hamburger. The cat might like the result, but it certainly won't understand the process in which you took to get there.
     
    gamesquest1 likes this.