Launcher.dat isn't an executable (the start of the file is a ROP chain), you have to locate and in Gateway's case, decrypt payloads that are in there to be able to do that.
- Status
Launcher.dat isn't an executable (the start of the file is a ROP chain), you have to locate and in Gateway's case, decrypt payloads that are in there to be able to do that.
That makes sense, so it's the ROP chain at the very beginning, that copies the payload into memory (which is the arm 11 code?) and ultimately jumps to it to start it's execution?
Anyways, I've bookmarked this thread, I'm looking forward to the progress that has been made, and yet to come. keep it up!
Anyways, I've bookmarked this thread, I'm looking forward to the progress that has been made, and yet to come. keep it up!
Launchers that require 4.x exploit a vuln in PS_VerifyRsaSha256 to directly run ARM9 code. They don't get ARM11 code execution first, they exploit VerifyRsaSha256 from ARM11 ROP.
For what? bootstrap is public, firmloader isn't.
You know, it's funny reading all the comments on "You should make it a piracy loader too, for the freedom of information etc!", but the irony here, is that most of the hacks being used here, were discovered and developed solely by that very same commercial interest in a non-free piracy loader. In short, bitch as you may about there not being a stable, widely developed, free piracy loader, guess what? Without that paid loader, due to the lack of interest in the 3DS scene initially, we probably wouldn't have even seen anything resembling piracy, let alone homebrew. Though I'm not one to kiss feet, I am willing to face facts. As far as the 3DS hacking scene is concerned, all hail Gateway. Oh, and the 3DBrew crowd/Smea, they're cool people too.
Even Smea appears to have learned from Gateway's original loading code though, so don't for a second think he's exempt from the sphere of Gateway's influence. He's done great things since, but Gateway started everything for the public scene, and continued bringing new exploits as well. The only ones who might have gotten kernel access earlier are yellows8 and his crew, but as nothing's been made public, we can't say for sure.
TL;DR: No Gateway = No 3DS Scene as we know it. Deal with it.
PS. In no way am I smacking this project, and I can't wait to see its progress. I'm just addressing the ignorant notions of those who aren't seeing the big picture.
Even Smea appears to have learned from Gateway's original loading code though, so don't for a second think he's exempt from the sphere of Gateway's influence. He's done great things since, but Gateway started everything for the public scene, and continued bringing new exploits as well. The only ones who might have gotten kernel access earlier are yellows8 and his crew, but as nothing's been made public, we can't say for sure.
TL;DR: No Gateway = No 3DS Scene as we know it. Deal with it.
PS. In no way am I smacking this project, and I can't wait to see its progress. I'm just addressing the ignorant notions of those who aren't seeing the big picture.
Gateway is definitely a primary driving force in the 3DS scene, although many of the other hackers such as yellows8 and neimod know a significant amount of information which almost parallels if not exceeds Gateway's knowledge on new exploit vectors. yellows8 has known about firmlaunch hax since he started his process9 reverse engineering, however it wasn't until gateway release their stuff that the general public had something to reverse and finally figure out and base their works off of. And in some ways, many of the things we have we owe to them, although in other aspects they also borrowed a lot from the non-commercial scene as well (ie the actual, original exploit used for FIRM launching).
DS profile rop (decrypts and) loads your payload to 0x2b0000 virtual and moves the stack pointer there, that decrypts some stuff at 0x2b0188, and on from there. GW does some cute stuff with generating keys at runtime early on, but those keys are already well known and everywhere.
Like really, that's all you should need to be able to get at GW's payloads if you're curious. And everything I just said has been public for a really really really long time...
So apparently I've caused this massive outcry from the community... my bad.
I do hope this project continues.
I've gone and read all the way through this topic. Trying to keep up to date with it all.
I'm going to try to read and understand the source. Any tips on where to start?
Also, any news on this:
Keep at it guys.
I do hope this project continues.
I've gone and read all the way through this topic. Trying to keep up to date with it all.
I'm going to try to read and understand the source. Any tips on where to start?
Also, any news on this:
Why don't you refer to it as a toolbox or a toolkit or something instead of referring to it as a CFW. That way, people will know it's a collection of tools (ie booting region free, etc) instead of thinking its a full blow "CFW" that people are misbelieving it to be (and wanting it to be something else).
Huzzah!
Keep at it guys.
I'll try to look into this sometime, but no promises. I know some asm and c++, but when it comes to this, i'm basically learning from ground 0. But none the less I like learning these things
Thats the thing, what you are going to craete doesn't have to be referred to as a CFW. That's what I'm getting at. I'm not suggesting what you have now is, or is not.
All I'm saying is change what you refer to it as.
People that way wont expect other things.
unfortunately most people seem to think, cfw = rom loader
- Status
Similar threads
-
-
-
-
-
-
-
-
@
BakerMan:
but i can't let a mediocre pizza bring me down, just around this time last month i made that cheesecake+1 -
-
@
BigOnYa:
What does pizza and sex have in common? When its good, its good. But when its bad, its still pretty good. -
-
-
-
-
@
Xdqwerty:
@BigOnYa, download a pkg file, put it in a usb or a sd card, put the usb or sd card to ps3, turn on ps3hen, go to install game, install the game+1 -
-
-
-
-
-
-
-
-
-