Hacking [WIP] open source Kernel access on 3DS

[prototech]

We have FBI now. Just uninstall system settings and install the one from 6.x which still had MSETT entry point. Nothing is using this though, so for now, there's not much point in doing this until Karl comes out and that will probably provide it's own way of downgrading system settings anyways.

Right, it's been said that even after the system setting have been downgraded, you'll need a new ROP written so the blue card nds file that Gateway provides will not work.

 

[lPolarisl]

We have FBI now. Just uninstall system settings and install the one from 6.x which still had MSETT entry point. Nothing is using this though, so for now, there's not much point in doing this until Karl comes out and that will probably provide it's own way of downgrading system settings anyways.

Just thinking, could that be done with the eshop ? So that it would be possible to access it on not up-to-date firmware ?

 

[dkabot]

Just thinking, could that be done with the eshop ? So that it would be possible to access it on not up-to-date firmware ?

I recall reading on the spoof theory thread that the 9.6 eShop requires 9.6 NATIVE_FIRM... so probably "no", at least by that method.

 

[Hashtastrophe]

Only way to know for sure is to yolo it.

Edit: was ninja'd. But seriously, it's very likely not to work.

 

[Alkéryn]

Anyway oska is kind of dead so go for karl even if it dosen't allow piracy

 

[Apache Thunder]

Just thinking, could that be done with the eshop ? So that it would be possible to access it on not up-to-date firmware ?

No. eShop uses a system module called NIM to check to see if system is up to date. Downgrading NIM won't work either because that's now how things work. NIM checks what's installed with what the servers currently have available. You have to "patch" NIM into accessing alternate servers that have older firmware so that NIM thinks what you have installed is what is currently up to date. So it's not that simple.

 

[Alkéryn]

No. eShop uses a system module called NIM to check to see if system is up to date. Downgrading NIM won't work either because that's now how things work. NIM checks what's installed with what the servers currently have available. You have to "patch" NIM into accessing alternate servers that have older firmware so that NIM thinks what you have installed is what is currently up to date. So it's not that simple.

the best would be to find a new entry point in 9.6 to decrypt it but it's easy to say
still have hope for N3DS 9.6 emunand

 

[Hashtastrophe]

Hope to decrypt what exactly? And both OoT and CN are entry points that work on 9.6

 

[Alkéryn]

Hope to decrypt what exactly? And both OoT and CN are entry points that work on 9.6

CB ninja don't work after 9.2
--> to decrypt the new keyX

 

[Shadowtrance]

Just thinking, could that be done with the eshop ? So that it would be possible to access it on not up-to-date firmware ?

No. eShop uses a system module called NIM to check to see if system is up to date. Downgrading NIM won't work either because that's now how things work. NIM checks what's installed with what the servers currently have available. You have to "patch" NIM into accessing alternate servers that have older firmware so that NIM thinks what you have installed is what is currently up to date. So it's not that simple.

Yeah i tried multiple things to try get into eshop on firmware 9.0 yesterday as seen in the spoof theory thread https://gbatemp.net/threads/theory-...nd-more-on-new-3ds.386591/page-2#post-5446395
No luck sadly.

 

[Hashtastrophe]

CB ninja don't work after 9.2
--> to decrypt the new keyX

You'd need a much lower entry point into the system than anyone would be willing to share in order to get the new key.
And CN does work, Ninjhax doesn't.

 

[Alkéryn]

You'd need a much lower entry point into the system than anyone would be willing to share for getting the new key.
And CN does work, Ninjhax doesn't.

Don't sure about CN but if you say... anyway I still have faith in 9.6 emunand in the future
PS*:can you give me a link that confirm that CN still work on 9.6?

 

[motezazer]

Don't sure about CN but if you say... anyway I still have faith in 9.6 emunand in the future
PS*:can you give me a link that confirm that CN still work on 9.6?

CN works... But you only have userland.

 

[Alkéryn]

CN works... But you only have userland.

So no ARM11 and ARM9 access ...
so I will not consider it as "working" scince it dosen't give full kernel access unless we find a way to get more permission

 

[Hashtastrophe]

You said entry point, not a chain of exploits resulting in full system access. CN and OoT both can be used to execute your own code in ARM11 userland, even on 9.6 so I'd say they work.

Also that link you requested: http://3dbrew.org/wiki/3DS_Userland_Flaws

 

[Alkéryn]

You said entry point, not a chain of exploits resulting in full system access. CN and OoT both can be used to execute your own code in ARM11 userland, even on 9.6 so I'd say they work.

Also that link you requested: http://3dbrew.org/wiki/3DS_Userland_Flaws

thank you but would it be possible to hook ARM9 acess with it?

 

[motezazer]

And then you can even use gspwn to have full code execution and not only ROP!

 

[motezazer]

thank you but would it be possible to hook ARM9 acess with it?

Why not, if an ARM9 flaw is discovered released...

 

[Alkéryn]

Why not, if an ARM9 flaw is discovered released...

I'm on 9.0eu N3DS so should I update to 9.6 hoping that it will be hacked to or safety first

 

[motezazer]

I'm on 9.0eu N3DS so should I update to 9.6 hoping that it will be hacked to or safety first

Safety first.
This flaw is known only by hardcore scene members (like yellows8, mathieulh...) and they won't release it.