ARM11 Kernel Exploit of ninjhax
Posted: Sun Nov 23, 2014 11:19 pm
I don't know 3DS well, but I'm not interested in stupid debates on gbatemp.net.
So I'll write what I know to help people understand ninjhax.
ARM11 and ARM9
3DS has 2 CPU, ARM9 and ARM11.
ARM9 play the most important part of security.
So you should get kernel access of ARM9.
See the details below.
http://3dbrew.org/wiki/Hardware
Ninjhax and Kernel Exploit
Ninjhax uses a kernel exploit to install hb:HB in kernel memory of ARM11.
The kernel exploit can be on ARM9 or ARM11.
If it's on ARM9, you can get total access of 3DS.
You can see code referring to hb:HB below.
https://github.com/smealum/3ds_hb_menu/ ... ource/hb.c
Smealum
He denied that it uses a kernel exploit.
So I considered 2 posibilities.
1. The exploit is on ARM11
Even if you can get the kernel privilege on ARM11, you can't do such like installing CIA, emuNAND, debugging, and so on.
2. He is saying a lie.
I thought he had not been saying a lie, but he may have said a lie.
I may be too perverse, but I wonder why he said "please."
What you should do
Are you interested in a kernel exploit of ARM11?
Do you believe it has a kernel exploit of ARM9?
Then, reverse it!
So I'll write what I know to help people understand ninjhax.
ARM11 and ARM9
3DS has 2 CPU, ARM9 and ARM11.
ARM9 play the most important part of security.
So you should get kernel access of ARM9.
See the details below.
http://3dbrew.org/wiki/Hardware
Ninjhax and Kernel Exploit
Ninjhax uses a kernel exploit to install hb:HB in kernel memory of ARM11.
The kernel exploit can be on ARM9 or ARM11.
If it's on ARM9, you can get total access of 3DS.
You can see code referring to hb:HB below.
https://github.com/smealum/3ds_hb_menu/ ... ource/hb.c
Smealum
He denied that it uses a kernel exploit.
So I considered 2 posibilities.
1. The exploit is on ARM11
Even if you can get the kernel privilege on ARM11, you can't do such like installing CIA, emuNAND, debugging, and so on.
2. He is saying a lie.
I thought he had not been saying a lie, but he may have said a lie.
https://gbatemp.net/threads/speculation ... st-5173686ok ok ok ok, i don't really care enough to give details but i'll say the following and i promise i'm not lying :
1. govanify is full of **** and doesn't seem to know what he's talking about. if he'd actually "reversed it in 2h" he'd know better than to say what he's saying and to use tweets and quotes from an interview as proof (lol)
2. ninjhax does not at any point get unsigned code to run in kernel mode. there's really nothing more to say about that.
3. doing region free on the 3DS does not require kernel mode code exec. again, not much more to say about that.
4. if a part of hbmenu's code actually signified beyond the shadow of a doubt that i've been lying about the nature of the exploit do you seriously think i'd have been dumb enough to a) make it so obvious and b) make hbmenu open source at all ? if so i'm a little insulted.
to sum it up in one word :
please
I may be too perverse, but I wonder why he said "please."
What you should do
Are you interested in a kernel exploit of ARM11?
Do you believe it has a kernel exploit of ARM9?
Then, reverse it!