Homebrew Merry Christmas - Have some RAM Dumping!

filfat

filfat

CTO @ Nordcom Group Inc.
Member
Level 9
Joined
Nov 24, 2012
Messages
1,261
Trophies
1
Location
Gothenburg, Sweden
Website
www.sweetsideofsweden.com
XP
1,749
Country
Sweden
(Ending reply for talk about piracy)
Have you thought about the creator of the car BMW for instance, they lose if you freely could copy the car for free, why the heck buy it if you can get it for free. And yes its true that some people have benefitted from piracy but that is often not the case. Also belive me on this one people crack even when they CAN afford a game.
Lets end that discussion there.

Edit: when will peoples learn that physical things and software is basically the same things, the only difference is that you can't touch the software(at the moment) it still costs money to produce.
 
  • Like
Reactions: cearp
Kakkoii

Kakkoii

Old fart
Member
Level 5
Joined
Sep 14, 2007
Messages
631
Trophies
0
XP
586
Country
Canada
filfat said:
Lets end that discussion there.

Edit: when will peoples learn that physical things and software is basically the same things, the only difference is that you can't touch the software(at the moment) it still costs money to produce.
Click to expand...


When will people learn to stop going off topic. When will people learn that they are not the same thing and that the issue is more complex than that. When will people learn that developers who have a dunning-kruger mindset often use piracy as a excuse for their game not doing well, instead of being able to accept their game just wasn't that good.

The discussion ended last page. Don't talk about this anymore, please. Contact people in PM if you want to discuss this.

imb4 Mod deletes all these posts. Sorry mod.
 
  • Like
Reactions: pelago and Duo8
D

Deleted User

Guest
The developers that gave fierce waffle the info he needed to build this ram dumper did not share it with him to so people can create a cfw rom loader. They shared it with him to enable (legal) homebrew.

If those developers did not share the info with fierce waffle then he would be nowhere. So thanks for the disrespect, no wonder good developers are a dying breed
 
filfat

filfat

CTO @ Nordcom Group Inc.
Member
Level 9
Joined
Nov 24, 2012
Messages
1,261
Trophies
1
Location
Gothenburg, Sweden
Website
www.sweetsideofsweden.com
XP
1,749
Country
Sweden
json said:
The developers that gave fierce waffle the info he needed to build this ram dumper did not share it with him to so people can create a cfw rom loader. They shared it with him to enable (legal) homebrew.

If those developers did not share the info with fierce waffle then he would be nowhere. So thanks for the disrespect, no wonder good developers are a dying breed
Click to expand...
I didn't ask him to stop develop, I asked him to implement some kind of security against piracy in the future. If that takes as disrespect in your country, I'm sorry but you might be crazy, if you misunderstood I didn't mean that I said. ;)
 
  • Like
Reactions: NEP
D

Deleted User

Guest
filfat, you're a pretty good guy :).

My comments were directed to the guy that just wants a 3ds rom loader from SD card.
 
  • Like
Reactions: filfat
filfat

filfat

CTO @ Nordcom Group Inc.
Member
Level 9
Joined
Nov 24, 2012
Messages
1,261
Trophies
1
Location
Gothenburg, Sweden
Website
www.sweetsideofsweden.com
XP
1,749
Country
Sweden
Back on topic, this ram dump will be very usable when there comes to Return Orientate Programing Chain, as we now may know some of the return addresses that was only accessible trough a hardware mod before, which means that we sooner or later can create a way of running "full"* unsigned code on the system. And what's even better is that I will sooner or later get a 3DS with fw 1.0 that I will dump, and then update to 4.5 so I can test a bit with a ram dump, and hopefully learn a bit more about assambly and maybe be able to create my own R.O.P. Chain someday(that will probably happen in about 20-25 years or so :P )

just a guess a return address to look like this in hex format: 0x83582, right? Or is it only as a normal integer like 83582?(and yes I mean for the 3DS in particular I have done a bit of software reversing on PC), Also, I would be thankful if someone could point me to the right direction for creating and compiling stuff like a R.O.P. Chain. Thanks :D

*by referring to "full" I mean in a Homebrew channel style.
 
E

elhobbs

Well-Known Member
Member
Level 12
Joined
Jul 28, 2008
Messages
1,044
Trophies
1
XP
3,033
Country
United States
There are no compilers for rop chains. There is no executable code to compile. You are manipulating data on the stack - registers and data are pushed on the stack when a function is called - the return address is also stored on the stack. With rop you manipulate these return addresses to point piece of existing code that you want executed. The code has to exist but say in the case of a function call you can manipulate the parameters to suit your needs. Manipulating the parameters requires you to move values into registers by finding bits of code that modify a register and return. This is a very tedious process that needs to be done by hand. On top of that you may also have a limit to the amount of stack space that you are able to manipulate.
 
zecoxao

zecoxao

Well-Known Member
Member
Level 9
Joined
Dec 25, 2013
Messages
379
Trophies
1
Age
33
XP
1,703
Country
Vappy said:
I got a bad decrypt error trying the first one on Launcher.dat. Is gateway.dat a different file? Because I couldn't find anything on it.
Click to expand...
succeeded on mine, but i used raw c code with polarssl library. the md5 of the output should be 646d685e2643b1e3234df3d0a15fd58b

edit: you should have a header same as this one:
Code: 
B9 F2 10 00 E0 FE 01 00 10 00 00 00 C4 4F 1C 00
00 94 27 00 FC 34 13 00 44 44 44 44 8C 3D 14 00
00 94 27 00 2F F7 1A 00 44 44 44 44 C4 4F 1C 00
01 00 7E 9A 58 B2 18 00 44 44 44 44 D4 14 10 00
84 7D 2B 00 8C 3D 14 00 88 01 27 00 18 CF 18 00
44 44 44 44 B9 F2 10 00 E0 FE 01 00 10 00 00 00
C4 4F 1C 00 00 94 27 00 FC 34 13 00 44 44 44 44
8C 3D 14 00 00 94 27 00 2F F7 1A 00 44 44 44 44
C4 4F 1C 00 02 00 7E 9A 58 B2 18 00 44 44 44 44
D4 14 10 00 48 01 2B 00 8C 3D 14 00 E4 EF 22 00
18 CF 18 00 44 44 44 44 08 30 10 00 E5 04 21 00
7C CF 2C 00 00 47 18 00 00 64 11 00 00 43 1B 00
00 32 11 00 00 B8 07 00 30 E6 21 00 F9 02 10 00
28 43 1E 00 44 44 44 44 55 55 55 55 66 66 66 66
 
filfat

filfat

CTO @ Nordcom Group Inc.
Member
Level 9
Joined
Nov 24, 2012
Messages
1,261
Trophies
1
Location
Gothenburg, Sweden
Website
www.sweetsideofsweden.com
XP
1,749
Country
Sweden
elhobbs said:
There are no compilers for rop chains. There is no executable code to compile. You are manipulating data on the stack - registers and data are pushed on the stack when a function is called - the return address is also stored on the stack. With rop you manipulate these return addresses to point piece of existing code that you want executed. The code has to exist but say in the case of a function call you can manipulate the parameters to suit your needs. Manipulating the parameters requires you to move values into registers by finding bits of code that modify a register and return. This is a very tedious process that needs to be done by hand. On top of that you may also have a limit to the amount of stack space that you are able to manipulate.
Click to expand...
yes, I know that there's no compiler for a r.o.p. Chain, what I meant was to "compile" it into a file, not compile the code, i should have been more clear on that one, also I know about the stack space already, anything more you can point me at? :D
 
V

Vappy

Well-Known Member
Member
Level 11
Joined
May 23, 2012
Messages
1,508
Trophies
2
XP
2,613
Country
zecoxao said:
succeeded on mine, but i used raw c code with polarssl library. the md5 of the output should be 646d685e2643b1e3234df3d0a15fd58b

edit: you should have a header same as this one:
Click to expand...


Got an identical header, but different checksum. Tried three different decryption methods, all gave me bad signature etc. Eh, I doubt this'd be much use to me anyway, I was just curious. :P At the least, interesting to see more people turning their eye to the 3DS! fierce waffle and megazig, naerhwert, saw 173210 say on twitter he might consider switching from Vita to 3DS.
 
  • Like
Reactions: zecoxao
zecoxao

zecoxao

Well-Known Member
Member
Level 9
Joined
Dec 25, 2013
Messages
379
Trophies
1
Age
33
XP
1,703
Country
Vappy said:
Got an identical header, but different checksum. Tried three different decryption methods, all gave me bad signature etc. Eh, I doubt this'd be much use to me anyway, I was just curious. :P At the least, interesting to see more people turning their eye to the 3DS! fierce waffle and megazig, naerhwert, saw 173210 say on twitter he might consider switching from Vita to 3DS.
Click to expand...
this is what i used:

https://mega.co.nz/#!Yg8gAa5a!bpC7axeB-l8Dty5cqPnyBkwwBL191wx6Jcf3NsNtB9I

Obviously you need polarssl for that
 
  • Like
Reactions: Vappy
S

smf

Well-Known Member
Member
Level 16
Joined
Feb 23, 2009
Messages
6,643
Trophies
2
XP
5,869
Country
United Kingdom
elhobbs said:
There are no compilers for rop chains. There is no executable code to compile. You are manipulating data on the stack - registers and data are pushed on the stack when a function is called - the return address is also stored on the stack. With rop you manipulate these return addresses to point piece of existing code that you want executed. The code has to exist but say in the case of a function call you can manipulate the parameters to suit your needs. Manipulating the parameters requires you to move values into registers by finding bits of code that modify a register and return. This is a very tedious process that needs to be done by hand. On top of that you may also have a limit to the amount of stack space that you are able to manipulate.
Click to expand...

It's probably not worth writing software to do it if you're just writing it once. But you could create some form of meta data that described what you wanted to achieve in your program and automate that. You could call that software a compiler.
 
  • Like
Reactions: filfat
E

elhobbs

Well-Known Member
Member
Level 12
Joined
Jul 28, 2008
Messages
1,044
Trophies
1
XP
3,033
Country
United States
smf said:
It's probably not worth writing software to do it if you're just writing it once. But you could create some form of meta data that described what you wanted to achieve in your program and automate that. You could call that software a compiler.
Click to expand...
One does not simply walk into mordor... Seriously though, I think you are not grasping the complexity of the task at hand. It is more of a puzzle where you need to track down several pieces that must be aligned just so, in order to accomplish a single step. Yes it is probably possible to write something along the lines that you described. But it would be much more useful to create a rop chain that can load and launch compiled code. This is most likely to be written in a hex editor - really any tool that can write raw untranslated data.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Hardware  New Nintendo 3DS XL Louvre

Hardware  Why does my 3DS take so long to turn off?

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

What's the best 3DS emulator (especially after Citra's shutdown)?

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Tutorial  How to fix 007-2001

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Keep current Gen consoles stock mod last gen imo