Homebrew [WIP] Memchunkhax 2

[Deleted User]

SNSHax is a good thing, but still not useful enough pairing it with a kernel exploit.
In therms of functionality SNSHax can only provide just downgrading and legit CIA installation possibilities (and N3ds-Only), while the kernel can also give us access to every syscall and service, which is great in therms of homebrew.
Also, i would prefer to hack my 3ds on the latest firmware possibile, instead to downgrade it.
Not to mention that this ARM9 exploit they presented is still the only possible to do.

 

[julian20]

Ok guys. I use libkhax as a template for my code(it´s written in cpp which is a condition(we need KObjects)). Also this is practical, because we can make the launcher 9.2> and 9.3< compatible.

I have a problem. I want to use multiple KSynchronizationObjects(http://www.3dbrew.org/wiki/KSynchronizationObject) to simulate memchunkhdrs, but i don´t know how to edit the atributes. I cannot edit it directly inside the ram(that´s our goal), so how can i change them?

 

[julian20]

Ok i am now going through the KObject list. I search now an Object with a vtable, 2 u32 variables which can be set to a value. One example is the reference count, which can be modified with pointers

 

[MionissNio]

SNSHax is a good thing, but still not useful enough pairing it with a kernel exploit.
In therms of functionality SNSHax can only provide just downgrading and legit CIA installation possibilities (and N3ds-Only), while the kernel can also give us access to every syscall and service, which is great in therms of homebrew.
Also, i would prefer to hack my 3ds on the latest firmware possibile, instead to downgrade it.
Not to mention that this ARM9 exploit they presented is still the only possible to do.

I'd rather prefer downgrade, many stable cfw exist for it and also there is unpatchable browser had entry point for it hence 9.2 for me.

Besides 9.2 mastah race

 

[Deleted User]

I'd rather prefer downgrade, many stable cfw exist for it and also there is unpatchable browser had entry point for it hence 9.2 for me.

Besides 9.2 mastah race

Kernel exploitation offers downgrade too btw, it just open the way to old3ds too.

 

[MionissNio]

Kernel exploitation offers downgrade too btw, it just open the way to old3ds too.

I am aware of that memchunk exploit also offers downgrade but I was just saying that I prefer downgrade over recent firmware kernel exploit and cfw cause they can be easily patched.

 

[MasterLel]

Yeah, once you're on 9.2, you're safe for ever, since update nags don't exist in that firmware, but they do on 10.x so nintendo can patch/block stuff whenever they want

 

[gamesquest1]

I am aware of that memchunk exploit also offers downgrade but I was just saying that I prefer downgrade over recent firmware kernel exploit and cfw cause they can be easily patched.

yeah especially with the youtube/browser remote disabling, would suck if it turned out that could be done for a big group of titles, i.e browser/cubicninja/safe mode NS/smash bros/ironhax leaving you screwed for any of the new exploits(with the exception of NTRcardhax, but i don't imagine anyone will be using that)......personally i think 9.2 or lower with emunand is the best option

 

[Piluvr]

Actually there are some members that will work on this, @JustPingo is one of them.

He is just doing snshax.

 

[_D1360_]

All those 3DS bricks, your sacrifice will never be forgotten.

 

[Damon_girl]

All those 3DS bricks, your sacrifice will never be forgotten.

Isn't there a way to unbrick it?

 

[ChaosRipple]

All those 3DS bricks, your sacrifice will never be forgotten.

This is dealing with memory, which is temporary anyways so bricking the 3DS wouldn't be possible unless he touches the Nand and attempts to downgrade right away.

Isn't there a way to unbrick it?

Not without a hardmod above 9.2.

 

[julian20]

Ok a documentation how the exploit works is now in the OP

 

[DiegitusXD]

Ok a documentation how the exploit works is now in the OP

Thanks!

 

[ChaosRipple]

Ok a documentation how the exploit works is now in the OP

Looking at your documentation I believe you use "svcCreateAddressArbiter" to get the timing down when the memory page is mapped.

 

[julian20]

Looking at your documentation I believe you use "svcCreateAddressArbiter" to get the timing down when the memory page is mapped.

Thank you (;

 

[ChaosRipple]

From the looks of it, I believe you need to create two threads with some sort of synchronization between them. The first thread will call "svcControlMemory" while the second thread will call "svcCreateAddressArbiter" in a while loop condition until the memory page is accessible. Then it'll inject the pages.

 

[julian20]

From the looks of it, I believe you need to create two threads with some sort of synchronization between them. The first thread will call "svcControlMemory" while the second thread will call "svcCreateAddressArbiter" in a while loop condition until the memory page is accessible. Then it'll inject the pages.

That´s what i thought too

 

[Pikasack]

That´s what i thought too

Me three!
Great minds think a like!

 

[Deleted member 373223]

Ok a documentation how the exploit works is now in the OP

now is even more easy to see it soon(tm)!