Homebrew [WIP] Memchunkhax 2

[julian20]

Sns exploit gives you access to the ns service. Normal userland doesnt have this access. Arm11K has, but Arm11K has more than Sns exploit

 

[4ur0r]

Still no news about a DIY passme for this exploit?

 

[Deleted User]

No. It's ARM11 userland, it just pushes a critical process over to GPU-writable RAM.

Ah, thanks!

Lolwut

I swear to god, don't start again!

 

[Psi-hate]

Sns exploit gives you access to the ns service. Normal userland doesnt have this access. Arm11K has, but Arm11K has more than Sns exploit

Exactly. Simply an escalation to privileged userland.

 

[julian20]

Oh dark samus already described that(i am on my phone (8 )

 

[dark_samus3]

Ah, thanks!


I swear to god, don't start again!

Ehh, what was I starting? Let me clarify, ARM11 userland privilege escalation can be used to can access under SNS to am:u and downgrade, no kernel, nothing but ARM11 userland

 

[Earth97]

NS: a process run in the part of the FSRAM which cannot be controlled by the GPU.
SNS: a process that is tantamount to NS (it's its Safe mode version) and can be initiated after allocating a garbage heap in the part of the RAM not controlled by the GPU in order to have it in the chunk of RAM the GPU can access.

NS is a system app (so is SNS) and has got access to the AM:U service. This service lets us install legit .cias (including firmware .cias).

All of this gathered by listening to the lecture smea gave some hours ago (please correct me if any flaw is present).

Now, my question: is an app that has access to the AM service part of the stuff running under ARM11 kernel? if not, what do we talk about when we mention "ARM11 kernel"?

 

[foreveryang]

kernel will let me go to heaven

 

[Ripper00420]

Isn't this a "WIP" thread??? Why so many questions and opinions? 30 pages with no progress is not a (work in progress), it's a blackhole of jokes...lol!

 

[ChaosRipple]

Just going to clear things up. This is all from what I understood during the presentation. Basically, NS gives us the ability to install legit CIAs as well as uninstall them. However, userland doesn't really have access to it normally. This is solved by killing the NS process, allocating memory to fill up all the space so that when NS is restarted, it is forced to use memory within userland access, giving us full control over CIA installation. Now NS can't be restarted because to start the NS, it is required to already be running and the system disallows multiple processes with the same ID from running. Therefore, the actual way to solve this is to allocate enough memory to force the N3DS' Safe NS (pretty much the same as NS), when we start it, to use memory within the userland access and hence, why it's only available on the N3DS.

 

[julian20]

Isn't this a "WIP" thread??? Why so many questions and opinions? 30 pages with no progress is not a (work in progress), it's a blackhole of jokes...lol!

No it isnt. We make progress, but dont release code snippets which are useless for end users

 

[Hiccup]

These threads could go on for years. Somehow everybody thinks they are an expert despite knowing fuck all. Why don't people shut up and wait?

 

[VeryCrushed]

Man whats up with 3DS's and Hype Trains at this time of the year.

 

[Hiccup]

Because empty githubs is helpingh teh comoonity /sarcasm

Don't people realise that if someone is good enough to exploit the 3DS, that making a repo is child's play? And that making a thread isn't going to help said someone - its going to clogg up the already shitty 3ds forums with noob posts?

 

[Psi-hate]

Because empty githubs is helpingh teh comoonity

Well it's not hurting it, not to mention that it's already there in case they are to put code up soon.

 

[Hiccup]

Re-read my above posts and think.

EDIT: that is obviously too difficult so I'll spell it out: it is clearly not useful and it is harmful. For the reasons I stated above (and in addition, this thread is misleading to people)

 

[dankzegriefer]

Re-read my above posts and think.

Also why the repo completely unrelated to the dev?

Oh, because that helps /s

 

[mungry]

Because empty githubs is helpingh teh comoonity /sarcasm

Don't people realise that if someone is good enough to exploit the 3DS, that making a repo is child's play? And that making a thread isn't going to help said someone - its going to clogg up the already shitty 3ds forums with noob posts?

 

[Psi-hate]

Re-read my above posts and think.

My mistake, I think my mind subconsciously fixed that blatant grammer making me not even notice that it was not in a literal sense. Damned I say.

 

[Hiccup]

My mistake, I think my mind subconsciously fixed that blatant grammer making me not even notice that it was not in a literal sense. Damned I say.

The irony is what you just said makes no sense.