Hacking [WIP] open source Kernel access on 3DS

[shinyquagsire23]

Fact : Nobody is perfect and we are all different.
Fact 2 : Better have one post than 1000 useless post ?
Fact 3 : Well I can have my point-of-view, I don't like sarcasm, even more when it come from people that don't know anything.
You can't judge a book by its cover.

Can I at least judge you by the fact that you keep saying "unicode program"? It's a ROP darn it, any sensible RE person would know the proper terminology for what you're referring to. Unicode isn't used for programming, or at least strictly to develop an exploit. In the case of the GO exploit it's just a small part of how they get the ROP payload in the right place.

 

[ody81]

And the 'lol 3ds scene' picks on yet another guy. For what? If someone's trolling about this kind of stuff they'd run out of steam soon enough anyway.

As for 1 post? Come on, you're telling me someone's experience and knowledge before their sign-up date don't count?

 

[pidoubt]

Just for you Overlord00
Gateway 3DS is nothing special.

Gateway 3DS work as a Handshake with your 3DS (valid each signals) without the correct entrypoint, it doesn't work at all.
Remember is just a FPGA (programmable chip) that include an interface controller (control different payload) + secure the access.
But other than that all their work is software related. a CFW could exactly do the same or even better.

 

[Oishikatta]

Just for you Overlord00
Gateway 3DS is nothing special.

Gateway 3DS work as a Handshake with your 3DS (valid each signals) without the correct entrypoint, it doesn't work at all.
Remember is just a FPGA (programmable chip) that include an interface controller (control different payload) + secure the access.
But other than that all their work is software related. a CFW could exactly do the same or even better.

Aren't all known non-4.5 only CFW based on reversing gateway though?

 

[pidoubt]

Can I at least judge you by the fact that you keep saying "unicode program"? It's a ROP darn it, any sensible RE person would know the proper terminology for what you're referring to. Unicode isn't used for programming, or at least strictly to develop an exploit. In the case of the GO exploit it's just a small part of how they get the ROP payload in the right place.

Are you sure about that ? or are you simply mad by the fact that you didn't understand why I was refering unicode program.
Unicode programming, go search and learn.
Go exploit ? so you think is them who invented that ?
This was possible since while, working with a friend a chromium on stuff like that many time.
Get the right rop payload in the right place, not really.

 

[williamcesar2]

open 1 specific thread !

 

[pidoubt]

Aren't all known non-4.5 only CFW based on reversing gateway though?

What is the big deal about Gateway ? just because they make the first linker, doesn't mean they are the first to make this possible.
Is just a team dev that wanna to make business of it, they know that a lot of Nintendo consumers will be interested, lot lot of profit from that.
People who reverse Gateway, probably was mad at gateway to make profit from piracy, I don't know and I don't care.
I don't support Gateway at all.
Anyway I stop posting, apparently it was a bad idea...
So bye

 

[Oishikatta]

What is the big deal about Gateway ? just because they make the first linker, doesn't mean they are the first to make this possible.
Is just a team dev that wanna to make business of it, they know that a lot of Nintendo consumers will be interested, lot lot of profit from that.
People who reverse Gateway, probably was mad at gateway to make profit from piracy, I don't know and I don't care.
I don't support Gateway at all.

I'm not arguing with you at all, it's well known that gateway doesn't create the exploits. But they tend to be the first to publicly release them (in their product that is then reversed). Only then are the exploits used by projects like this one. That is why people look at gateway's launcher.

 

[AtlanticBit]

Aren't all known non-4.5 only CFW based on reversing gateway though?

nope

 

[williamcesar2]

What is the big deal about Gateway ? just because they make the first linker, doesn't mean they are the first to make this possible.
Is just a team dev that wanna to make business of it, they know that a lot of Nintendo consumers will be interested, lot lot of profit from that.
People who reverse Gateway, probably was mad at gateway to make profit from piracy, I don't know and I don't care.
I don't support Gateway at all.
Anyway I stop posting, apparently it was a bad idea...
So bye

take care now !

 

[Deleted User]

I need to give some explanation to complet Yifan Lu research.
Here an example (Payload 4.0) and how to unicode one.
0x08B47400: 0x0010FFFD ; (nop) POP {PC} = \udb6c\u0010
0x08B47404: 0x0010FFFD ; (nop) POP {PC} = \udb6c\u0010
0x08B47408: 0x0010FFFD ; (nop) POP {PC} = \udb6c\u0010
0x08B4740C: 0x0010FFFD ; (nop) POP {PC} = \udb6c\u0010
0x08B47410: 0x002AD574 ; LDMFD SP!, {R0,PC}=\ud574\u002a

0x08B47430: 0x08B47630 ; R1 = L"dmc:/Launcher.dat" = \u7630\u08b4\

This is just an example but as you can see the unicode is inversed : 0x08B47630=763008B4
Now you know how to make your own unicode program.

I needed to add this information since Yifan Lu didn't show an example of how unicode work.

What a bunch of nonsense... I can spot a troll from a mile away

This is the same level of nonsense as those 3ds pseudo code pastebins that some people here like to post

 

[VinsCool]

What a bunch of nonsense... I can spot a troll from a mile away

This is the same level of nonsense as those 3ds pseudo code pastebins that some people here like to post

This guy sounds like Foetal_Error, doesn't he?

 

[SLiV3R]

Json IS the troll

 

[MrJason005]

Json IS the troll

Add an "a" and you got the lord

 

[fuyukaidesu]

I need to give some explanation to complet Yifan Lu research.
Here an example (Payload 4.0) and how to unicode one.
0x08B47400: 0x0010FFFD ; (nop) POP {PC} = \udb6c\u0010
0x08B47404: 0x0010FFFD ; (nop) POP {PC} = \udb6c\u0010
0x08B47408: 0x0010FFFD ; (nop) POP {PC} = \udb6c\u0010
0x08B4740C: 0x0010FFFD ; (nop) POP {PC} = \udb6c\u0010
0x08B47410: 0x002AD574 ; LDMFD SP!, {R0,PC}=\ud574\u002a

0x08B47430: 0x08B47630 ; R1 = L"dmc:/Launcher.dat" = \u7630\u08b4\

This is just an example but as you can see the unicode is inversed : 0x08B47630=763008B4
Now you know how to make your own unicode program.

I needed to add this information since Yifan Lu didn't show an example of how unicode work.

Nice bait. You almost got me with your first post, but now everyone knows you're damn clueless.

 

[dela]

Yes, of course.

Building on the work of decrypt9 and rxtools, you could not get it started by webexploit?

 

[173210]

By the way, OSKA doesn't have license agreements.
To prevent others from using our code with closed softwares, we should license our code under copyleft license.
I often use GPLv3. If you agree to use GPLv3, please like this post. If you disagree, please write your opinion.

The code owner, Aliak and many people liked this post.
So I made a commit.
License under GNU General Public License version 3 or later · f233d90 · Aliak/OSKA
https://github.com/Aliak/OSKA/commit/f233d90d524414b11be3b4a36f78a657ebee462a

 

[173210]

I updated hooks for ARM11 functions.
It's not enough to gain ARM9 access, but it should work.
https://github.com/Aliak/OSKA/commit/d503c0dc28fafcb88a31cbaf12914d59bbf324c4
Build and please report!

EDIT: It works only on 4.x.

 

[173210]

I opened a new issue. Developers helps are needed!
arm9Exploit supports only 4.x · Issue #3 · Aliak/OSKA
https://github.com/Aliak/OSKA/issues/3

 

[filfat]

I updated hooks for ARM11 functions.
It's not enough to gain ARM9 access, but it should work.
https://github.com/Aliak/OSKA/commit/d503c0dc28fafcb88a31cbaf12914d59bbf324c4
Build and please report!

Stuck @ Hooking Reboot Function
N3DS 9.0 PAL