[WIP] libkhax - Stable ARM11 kernel access

Discussion in '3DS - Homebrew Development and Emulators' started by Myria, Apr 13, 2015.

  1. Myria
    OP

    Myria GBAtemp Fan

    Member
    432
    410
    Jul 24, 2014
    United States
    I have an alpha-level open-source library called libkhax that I've written to get ARM11 kernel access in firmwares 4.1.0 - 9.2.0, on both Old 3DS and New 3DS. It uses memchunkhax to do this.

    It was originally designed to be a rewrite of shinyquagmire's "bootstrap", but now has its own purpose for existing, staying only in ARM11-space. It's designed to be stable and reliable, with high code quality. Other than during development and things that turned out to be bugs and were later fixed, I have yet to have libkhax crash on me.

    Pretty much all libkhax does is give the thread that calls it access to every SVC call. That's it; nothing special beyond that. However, the debug SVCs and svcBackdoor are included, so you can definitely have some fun using libkhax. Note that unlike bootstrap, libkhax grants the thread SVC access, not the process nor the whole system. libkhax does not disable SVC permission checking like "bootstrap" does.

    libkhax isn't packaged well; it's not even a library as-is. Its current form is a .3dsx test program that just calls a simple svcBackdoor function after initializing libkhax to set a global variable and return.

    If you want to take a look, it's here:

    https://github.com/Myriachan/libkhax

    Thanks to a fix by plutoo and with testing help from Steveice, it now works on firmware 4.x. I still need to submit a pull request to ctrulib to remove MEMOP_FREE_LINEAR, though.

    I use Visual Studio as my editor because I like the IDE and Visual Assist X. The #ifndef _MSC_VERs are there to avoid IntelliSense and Visual Assist barfing on GCCisms. Obviously, Visual Studio is never going to actually compile anything for 3DS, so just ignore those and the project files.
     
    xerpi, Wizardy, SLiV3R and 16 others like this.


  2. pikatsu

    pikatsu GBAtemp Advanced Fan

    Member
    724
    125
    Apr 16, 2014
    Argentina
    Is there a compiled version?
     
  3. zoogie

    zoogie simple pimp tool

    Member
    6,326
    7,995
    Nov 30, 2014
    United States
    It's not useful to the end user. It's a dev-tool you need to combine with other code to get useful results. (like FBI + ninjhax)
     
    Coc4tm and Margen67 like this.
  4. WeedZ

    WeedZ Possibly an enlightened being

    Member
    GBAtemp Patron
    WeedZ is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    2,857
    5,634
    Jan 13, 2015
    United States
    What do you mean it only gives threads access to arm11 only? Does bootstrap give more access?
     
    Margen67 likes this.
  5. WhoAmI?

    WhoAmI? PASTA's dirty animal

    Member
    1,273
    1,009
    Mar 15, 2015
    Poké Ball
    You use visual studio? Ever considered using Notepad++? I think it's a lot better, in my opinion.

    Edit: Just looked at your code. IT'S SO TIDY!
     
  6. williamcesar2

    williamcesar2 GBAtemp Advanced Fan

    Member
    673
    328
    Jun 21, 2013
    United States
    New York City
    Only ARM11 kernel access ? lol This is totally obsolete
     
    Margen67 likes this.
  7. sanni

    sanni GBAtemp Regular

    Member
    133
    172
    Nov 7, 2003
    United States
    Just downloaded the newest source and compiled under Linux, working great. Thank you very much.
     
    Margen67 likes this.
  8. prototech

    prototech GBAtemp Fan

    Member
    448
    176
    Jan 3, 2015
    United States
    For ROM loading? Maybe not, but ARM 11 is all that Ninjhax and the homebrew launcher have access to and they far from obsolete.
     
    Margen67 likes this.
  9. Death78793

    Death78793 What is this, a first person shooter?

    Member
    251
    156
    Jan 16, 2015
    I've been using this for a while before you posted this thread, and I'll say this: WOW.
    It's very smooth and stable, and it works great for its intended purpose :)
    Thanks for your hard work!
     
    Margen67 likes this.
  10. Myria
    OP

    Myria GBAtemp Fan

    Member
    432
    410
    Jul 24, 2014
    United States
    Yes, bootstrap gives FIRM-launch access. But bootstrap destroys the current state of the system, whereas libkhax runs within the existing kernel without destroying it.
     
  11. Myria
    OP

    Myria GBAtemp Fan

    Member
    432
    410
    Jul 24, 2014
    United States
    Visual Studio with Visual Assist X gives me things like autocomplete and lists of members when I type . or ->, for example.

    That's just how I write code for some reason. It just ends up being all organized that way. >.< It was kind of a goal to have better code quality than some of the other solutions, though, since those seemed to crash a lot.
     
    Margen67, WhoAmI? and VinsCool like this.
  12. Steveice10

    Steveice10 GBAtemp Maniac

    Member
    1,102
    1,657
    Jul 19, 2009
    United States
    Nice to see you've gotten around to making an official "release" post! libkhax is super convenient to use and I haven't had a single issue yet, other than the initial 4.x issues that were fixed.

    Would you mind a pull request that kind of restructures things into a library? Sort of like how ctrulib is setup.

    Also, I setup a PR for the MEMOP_FREE_LINEAR issue: https://github.com/smealum/ctrulib/pull/114
     
    Margen67 likes this.
  13. sanni

    sanni GBAtemp Regular

    Member
    133
    172
    Nov 7, 2003
    United States
    This is a great idea because everyone can contribute to the common library and still do their own thing like programming a cfw or a cia installer or something entirely different.
    Imagine a future where we will have all the entry points, service elevation, arm11 and arm9 kernal hax neatly organized into a lib. :yay:
     
    Margen67 likes this.
  14. filfat

    filfat Musician, Developer & Entrepreneur

    Member
    1,229
    858
    Nov 24, 2012
    Awesome work! :D
     
    Margen67 likes this.
  15. AquaX101

    AquaX101 GBAtemp Advanced Fan

    Member
    714
    165
    Apr 15, 2014
    United States
    Somewhere
    A little bit noobish but I have been wondering what does having arm11 access do?
     
    Margen67 likes this.
  16. Steveice10

    Steveice10 GBAtemp Maniac

    Member
    1,102
    1,657
    Jul 19, 2009
    United States

    It allows you to patch the process ID to gain access to all services, flush the instruction cache more efficiently, and more. It can also be used to escalate to ARM9 with an exploit like firmlaunchhax.
     
    WhoAmI?, Margen67 and AquaX101 like this.
  17. Myria
    OP

    Myria GBAtemp Fan

    Member
    432
    410
    Jul 24, 2014
    United States
    I've pushed Steveice10's change to get access to all services to libkhax. Now, after calling libkhax, you'll have access to all kernel system calls (SVCs) and access to all RPC services (srv: ).

    The built-in main.c test application verifies the srv: access by asking for mset's product code; this requires access to a service ("am:u") that Cubic Ninja doesn't have access to, showing that the hack works. main.c tries twice, once before khaxInit() and once after; the one before fails with "access denied" and the one after succeeds and prints out "CTR-N-HASx" with x as your region may be. "CTR-N-HASE" is the product code for the American mset application, for example.

    Also, I pushed a fix for libkhax not working on Old 3DS 8.x.x firmwares. Thanks to Steveice10 again for reporting that problem from someone else (I don't know who =/ ) and thanks to the KARL3DS team for finding the correct address and publishing it in bootstrap. (libkhax may in a sense be reinventing the wheel, given that bootstrap does essentially the same hack at start, but libkhax's goals and ultimate outcome are quite different.)
     
    WhoAmI?, SLiV3R and Margen67 like this.
  18. Fatalanus

    Fatalanus GBAtemp Advanced Fan

    Member
    586
    210
    Jan 4, 2015
    Romania
    Myria, since everything seems to be pretty well organized in your mind about what you're doing, I don't understand a fucking word when you go technical words lol:P
     
    Margen67 likes this.
  19. Myria
    OP

    Myria GBAtemp Fan

    Member
    432
    410
    Jul 24, 2014
    United States
    (\___/)
    =^-^=

    Well, this library by itself just writes some gobbledygook to the screen then says "Press X to exit". Not very useful on its own, hmm? =P

    It's only really useful to other 3DS hacker-homebrewer folk who are also crazy/mind-warped like me. If you handed me a charcoal pencil, I wouldn't have the slightest clue what to do with it. But if you give it to an artist, they can make something really pretty. <3 I've made a charcoal pencil for 3DS homebrew makers.
     
  20. Joshtech

    Joshtech Advanced Member

    Newcomer
    70
    87
    Dec 1, 2014
    Queensland
    Thank you for fixing the 8.x. The work you and Steveice10 are doing is amazing.
     
    Margen67 likes this.