How do I make an exploit run my own code?

jaimin1k

jaimin1k

New Member
OP
Newbie
Level 1
Joined
Jan 3, 2015
Messages
3
Trophies
0
XP
73
Country
United States
I’m not new to the homebrew scene but I’m just starting to learn more about how this exploit stuff actually works. I just recently found my 3DS in storage and got homebrew set up on it. After watching a bunch of videos of different exploits (soundhax, browserhax, pichaxx, ninjhax, etc.) I’m very interested in learning how it actually works; using a software vulnerability to execute unsigned code. I used the devkit to write a simple “hello world” program in C++ which I can execute via the homebrew launcher but I want to execute it directly via one of the existing exploits on a stock firmware. How would I go about doing this? I want to learn as much as I can about software vulnerabilities and see how far I can go with it, perhaps on a different system in the future, using the 3DS as a way to learn more. I know this stuff isn’t simple so if you guys could send me as many resources as possible that would be awesome. I hope I can give you guys back something great in the future. Thanks!

Edit: The exploit that intrigued me the most is the buffer overflow in the Nintendo DS profile settings. It honestly amazes me how tiny little errors like that on the developers end can leave wide open doors for hackers to crack the system wide open.
 
Sort by date Sort by votes
FAST6191

FAST6191

Techromancer
Editorial Team
Level 33
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,373
Country
United Kingdom
I did cover some basics quite a few years ago now
https://gbatemp.net/threads/some-hacking-concepts-and-links.287721/

More generally then many of the devs of such exploits will hold talks (usually at the C3 conferences) as to how they did it. If you wanted to follow along, maybe adapt such things for later games/firmwares/whatever after replicating the same things, then that will probably be a start.

In addition to the above then

Not the best thing I have ever seen but might help in some ways.
 
Upvote 0 Downvote
G

ghjfdtg

Well-Known Member
Member
Level 12
Joined
Jul 13, 2014
Messages
1,366
Trophies
1
XP
3,304
Country
Things are... complicated. To write your own code ran by the exploit you jeed to understand how it works and how the whole system works. Usually it goes like this:
First a flaw of a game is getting exploited to take control of execution. Since we can't execute our code directly (execute never or XN) we have to resort to tricks. Namely ROP or return oriented programming. From there you can abuse gspwn (GPU overwrites existing code via DMA) to actually execute own code. It's a rough overview and there are many more details to it.
 
Upvote 0 Downvote

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Psionic Roshambo @ Psionic Roshambo:
    https://www.youtube.com/watch?v=nWMbcamVl7Y
  • Psionic Roshambo @ Psionic Roshambo:
    That Dell data breach is worse than people probably realize....
  • Psionic Roshambo @ Psionic Roshambo:
    When I worked for Dell we had access to data about military contracts and addresses for high ranking people.
  • Psionic Roshambo @ Psionic Roshambo:
    I personally handled a call from the second highest person at Raytheon. That call bothered me a lot... The guy was nice and smart what bothered me was the way management basically just blew him off instead of going the extra mile to help him.
  • Psionic Roshambo @ Psionic Roshambo:
    In the end that call ended up costing Dell millions in lost contracts with Raytheon, and really the issue could have been solved for like 450 bucks lol
  • NinStar @ NinStar:
    sometimes I wonder why anyone would ever buy mega man x legacy collection 2
  • NinStar @ NinStar:
    I always thought that capcom shuffled the games in these collection, but apparently they are all in chronological order, which makes legacy collection 2 worthless
  • BakerMan @ BakerMan:
    guys, i want to start singing pirate metal songs and sea shanties if i play sea of thieves
  • The Real Jdbye @ The Real Jdbye:
    do it
  • The Real Jdbye @ The Real Jdbye:
    find a pirate metal playlist
     +2
  • The Real Jdbye @ The Real Jdbye:
    and sing along
  • BakerMan @ BakerMan:
    nevermind i just learned swearing is against the rules in sea of thieves

    i was about to start singing the song i last put in "what song are you currently listening to" yesterday
  • BakerMan @ BakerMan:
    but yeah ig so
  • The Real Jdbye @ The Real Jdbye:
    swearing not allowed in a pirate game? what has the world come to
  • BakerMan @ BakerMan:
    (here's the song for context)
  • BigOnYa @ BigOnYa:
    Just add -izle to the end of every curse word, you will be fine.
     +2
  • The Real Jdbye @ The Real Jdbye:
    i like alestorm
     +1
  • The Real Jdbye @ The Real Jdbye:
    @BigOnYa too many syllables
     +1
  • BakerMan @ BakerMan:
    same lmao
  • memeguyonyt123 @ memeguyonyt123:
    hi
  • BigOnYa @ BigOnYa:
    hi, welcome to the Temp!
     +1
  • BakerMan @ BakerMan:
    Welcome to the Underground!
     +1
  • BakerMan @ BakerMan:
    the booty boogie from (once again) the donkey kong country cartoon could also be a good song to sing while playing sea of thieves
  • BigOnYa @ BigOnYa:
    Please insert 25 cents for an additional 30 minutes of talk time.
     +2
  • Psionic Roshambo @ Psionic Roshambo:
    https://www.youtube.com/watch?v=tG7fk_DUz5g
     +1
    Psionic Roshambo @ Psionic Roshambo: https://www.youtube.com/watch?v=tG7fk_DUz5g +1