- Status
Why do you think so? AFAIK the dev team plans to release at some point, but when is yet unsure. There has been a lot of discussion recently because some people are unhappy with seeing teasers all the time and not having anything to install on their 3DS consoles. Maybe that's what you meant?So... The KARL3DS public release has been canceled? That's really sad
A few day ago (6 may but I'm not sure), WulfyStylez edited the first post of this thread to says the public part of KARL3DS is not the objective anymore (because project like RxTools or LegoHax have or will have in the future Karl3ds's planned features ...)
It is not anymore on the first post so maybe they changed theirs minds or maybe I just misunderstood what Wulfy said...
It is not anymore on the first post so maybe they changed theirs minds or maybe I just misunderstood what Wulfy said...
NTR & Roxas is not WIP only and released with upcomming updates we can work with.
Both have done GREAT work and Karl might do WHEN it's released.
I can understand that ppl get frustrated only seeing things, but can't test / use it.
guys, it's easy just follow these simple instructions:
To be honest, I don't really care about commercial ROM loading at all. I have a N3DS, and would simply like a way to have an EmuNAND setup, spoof firmware so that I can play the newer games without having to update (I know I can spoof firmware to get into the eShop, but I'd like to play games like Xenoblade without updating), and be able to still open the Homebrew Launcher. I don't mind if I can't install .cia homebrew, I don't mind if I can't load ROMs with it, I just would like those three features without having to buy a Gateway, since I'm a penniless college student.
- Joined
- Mar 15, 2015
- Messages
- 1,276
- Trophies
- 0
- Location
- Poké Ball
- Website
- lavanoid.github.io
- XP
- 1,279
- Country
Aawww.... I love using rxTools but I would like to see what other people have made, too... I don't really use emuNAND anymore since I can spoof my firmware but I'd still like to tinker around with what the KARL team have put together.
The only reason why I'm actually reading this thread is because I learn from WulfyStylez's comments.... It's nice to have a selection of offerings. So far, with o3ds you have rxTools and with N3DS you have NTR (with no emuNAND)....
Not bothered if there will ever be a release as once again - I rely on rxTools and the Spider exploit , but I would like to tinker around with KARL if the opportunity was there.
Eh, just keep feeding more interesting comments and video's, Karl Team - that's my main interest... This Fox is starving like crazy! Gimme moar!
I'll be in the woods at 12AM, UTC - be there! I'll cannibalise you if I dun feed on another useful comment/video that's KARL related. Thanks
. I'm a right Fox when I'm hungry, hehe...
The only reason why I'm actually reading this thread is because I learn from WulfyStylez's comments.... It's nice to have a selection of offerings. So far, with o3ds you have rxTools and with N3DS you have NTR (with no emuNAND)....
Not bothered if there will ever be a release as once again - I rely on rxTools and the Spider exploit , but I would like to tinker around with KARL if the opportunity was there.
Eh, just keep feeding more interesting comments and video's, Karl Team - that's my main interest... This Fox is starving like crazy! Gimme moar!
I'll be in the woods at 12AM, UTC - be there! I'll cannibalise you if I dun feed on another useful comment/video that's KARL related. Thanks
. I'm a right Fox when I'm hungry, hehe...
Wow, stepping over a thread graveyard here
But to some exciting news! Wulfy's been up to bootrom hacking!
http://www.3dbrew.org/wiki/3DS_System_Flaws#Hardware
Question for Wulfs, n3ds too? Can you dump the entire thing? What can be done with this? etc, etc.
But to some exciting news! Wulfy's been up to bootrom hacking!
http://www.3dbrew.org/wiki/3DS_System_Flaws#Hardware
Question for Wulfs, n3ds too? Can you dump the entire thing? What can be done with this? etc, etc.
Even though I don't know in the slightest of what this means, I feel oddly giddy and happy? I dunno. This is probably something really useful but I don't know what to expect from it, if anything at all. 
Correct me if I'm wrong but what I understood is:
It allows you to run your own code from RAM after a soft-reboot (not possible from cold reboot).
Basically, you need to write your execution code (ie. exploit code) into ARM9's RAM area, and trigger a reboot (that reboot has be done by means of creating an 'error' intentionally).
Triggering a reboot is possible in such a way that bootrom doesn't get a chance to change the location of hardcoded point of the place where your code will be.
If you are successful in executing your code from ARM9's RAM, that means you are the 'first' to run the code ie. the bootrom didn't get the chance (I think it's called preboot ARM9 execution).
From there on you have raw/full access to hardware; you can make a code to extract the bootrom itself (note: bootrom is hardcoded/read-only), study the bootrom code, and make your custom bootrom, etc. It might even be possible to extract the per-console hardcoded keys.
Note that bootrom is hardcoded into the cpu, meaning that you cannot rewrite it with your custom bootrom code (correct me if I'm wrong), so 'might' always have to run the exploit code after a cold boot (unless we have properly signed custom firmware on console somehow that does this).
It allows you to run your own code from RAM after a soft-reboot (not possible from cold reboot).
Basically, you need to write your execution code (ie. exploit code) into ARM9's RAM area, and trigger a reboot (that reboot has be done by means of creating an 'error' intentionally).
Triggering a reboot is possible in such a way that bootrom doesn't get a chance to change the location of hardcoded point of the place where your code will be.
If you are successful in executing your code from ARM9's RAM, that means you are the 'first' to run the code ie. the bootrom didn't get the chance (I think it's called preboot ARM9 execution).
From there on you have raw/full access to hardware; you can make a code to extract the bootrom itself (note: bootrom is hardcoded/read-only), study the bootrom code, and make your custom bootrom, etc. It might even be possible to extract the per-console hardcoded keys.
Note that bootrom is hardcoded into the cpu, meaning that you cannot rewrite it with your custom bootrom code (correct me if I'm wrong), so 'might' always have to run the exploit code after a cold boot (unless we have properly signed custom firmware on console somehow that does this).
That's probably right, but it also says "While the bootrom does set them up to point to itself at some point during boot, it does not do so immediately."
I think that it might not need to be a reboot to trigger the exploit, but instead it says that the bootrom doesn't immediately trigger code as soon as you power on. I may be COMPLETELY wrong, but seems to me that you can jump in code before the bootrom is able to write to it's ram or something without the need of setting up command pre-reboot.
Which is why we might have time to write exploit code into ARM9's RAM and trigger a reboot BEFORE bootrom sets the point to point to itself.
The problem is that the change is done DURING boot process. RAM is volatile, so a cold reboot would be like starting from empty RAM, hence a soft-reset is only possible way.
Well, bootrom operates only on hard-boots, so i suppose this has to be an hardware attack in the arm9 ram...
The question is now : have Wulfy successfully exploited it?
The question is now : have Wulfy successfully exploited it?
- Status
Similar threads
-
- Portal
-
- Portal
