Reply to thread
GBAtemp.net - The Independent Video Game Community
Search
Search titles only
By:
Search titles only
By:
Reply to thread
GBAtemp.net - The Independent Video Game Community
Home
Log in
Terms & Rules
Donate
Forums
New posts
Search forums
Groups
Public Events
New
New posts
New resources
New blog entries
New profile posts
New blog entry comments
New threadmarks
Latest activity
Cheats
Cheat Codes Add and Request group
The Legend of Zelda: Tears of the Kingdom cheat codes
Pokémon Legends: Arceus cheat codes
Xenoblade Chronicles 3 cheat codes
Fire Emblem Engage cheat codes
Request a cheat...
Tutorials
Nintendo Switch tutorials
Nintendo 3DS tutorials
Nintendo Wii U tutorials
Reviews
Overview
Official reviews
Downloads
Latest reviews
Search resources
Blogs
New entries
New comments
Blog list
Search blogs
Chat
Top chatters
Search
Search titles only
By:
Search titles only
By:
Log in
Register
New posts
Search forums
Log in
Register
Home
Forums
PC, Console & Handheld Discussions
Nintendo 3DS
Merry Christmas - Have some RAM Dumping!
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="mathieulh" data-source="post: 4878576" data-attributes="member: 118854"><p>Not to kill the mood or anything but you just need to compile an ARM9 payload to use along the rsa_verify request exploit.</p><p>The exploit has now been public for several days here <a href="https://github.com/naehrwert/p3ds/blob/master/3dsploit.py" target="_blank">https://github.com/naehrwert/p3ds/blob/master/3dsploit.py</a></p><p>and addresses such as the ones for fopen, fwrite... can be bruteforced rather easily.</p><p>There should be about 20ish people that can run an ARM9 payload hanging around the #3dsdev channel right now.</p><p> </p><p>All in all, I'd say your initial ram dumper (using ROPs) was a lot more impressive than this, as running an ARM9 payload was just a matter of following each ROP in the chain from the gateway Launcher.dat file once you had a valid ram dump.</p><p> </p><p>What I find astonishing is the amount of people who do not know how the bug technically works, they know from the launcher.dat that they need to use specific ROP gadgets in a specific sequence to trigger the exploit, they know what some/most of the ROP gadgets do, they know where to paste their payload, but they don't know much beyond that, they don't know that the bug is actually tied to a huge rsa_verify request for which the lenght isn't checked, they don't know that the payload written by gateway's ROP chain at 0x080C3EE0 is copied somewhere in the 0x20000000 area by the kernel and what triggers it to jump to the code later on.</p><p> </p><p>I just find it sad that so many people just reuse what's written by the Gateway engineers, only caring about the end result and not knowing how it actually works in the first place, even though it's very interesting from an educational standpoint.</p><p> </p><p>Ok, that was just my 2 cents xD</p></blockquote><p></p>
[QUOTE="mathieulh, post: 4878576, member: 118854"] Not to kill the mood or anything but you just need to compile an ARM9 payload to use along the rsa_verify request exploit. The exploit has now been public for several days here [url]https://github.com/naehrwert/p3ds/blob/master/3dsploit.py[/url] and addresses such as the ones for fopen, fwrite... can be bruteforced rather easily. There should be about 20ish people that can run an ARM9 payload hanging around the #3dsdev channel right now. All in all, I'd say your initial ram dumper (using ROPs) was a lot more impressive than this, as running an ARM9 payload was just a matter of following each ROP in the chain from the gateway Launcher.dat file once you had a valid ram dump. What I find astonishing is the amount of people who do not know how the bug technically works, they know from the launcher.dat that they need to use specific ROP gadgets in a specific sequence to trigger the exploit, they know what some/most of the ROP gadgets do, they know where to paste their payload, but they don't know much beyond that, they don't know that the bug is actually tied to a huge rsa_verify request for which the lenght isn't checked, they don't know that the payload written by gateway's ROP chain at 0x080C3EE0 is copied somewhere in the 0x20000000 area by the kernel and what triggers it to jump to the code later on. I just find it sad that so many people just reuse what's written by the Gateway engineers, only caring about the end result and not knowing how it actually works in the first place, even though it's very interesting from an educational standpoint. Ok, that was just my 2 cents xD [/QUOTE]
Insert quotes…
Verification
Post reply
Home
Forums
PC, Console & Handheld Discussions
Nintendo 3DS
Merry Christmas - Have some RAM Dumping!
General chit-chat
Help
Users
Settings
Notifications
Miscellaneous
Inverse message direction
Display editor on top
Enable maximized mode
Display images as links
Hide bot messages
Hide statuses
Hide chatter list
Show messages from ignored users
Temporarily disable chat
Receive mention alerts
Sound notifications
Normal messages
Private messages
Whisper messages
Mention messages
Bot messages
Desktop notifications
Normal messages
Private messages
Whisper messages
Mention messages
Bot messages
Options
Options
View top chatters
Psionic Roshambo
Loading…
K3Nv2
Loading…
@
Xdqwerty
:
ok then no
Yesterday at 11:01 PM
@
Xdqwerty
:
sigh
Yesterday at 11:16 PM
@
Sicklyboy
:
sup nerds
Today at 12:22 AM
@
Xdqwerty
:
@Sicklyboy
, hi
Today at 12:23 AM
@
Sicklyboy
:
How you doin xdq?
Today at 12:30 AM
@
Xdqwerty
:
@Sicklyboy
, not that bad ig
+1
Today at 12:34 AM
@
Sicklyboy
:
Good to hear
Today at 12:38 AM
@
Sicklyboy
:
Lazy day for me. Was gonna go grocery shopping but it's raining so I don't feel like going out. Listened to music and messed with server stuff instead
Today at 12:38 AM
@
Xdqwerty
:
@Sicklyboy
, and i have school tommorrow cuz its sunday
Today at 12:39 AM
@
Sicklyboy
:
I feel that, I got work tomorrow
Today at 12:39 AM
@
Xdqwerty
:
@Sicklyboy
,
atleast you get paid
Today at 12:42 AM
@
Sicklyboy
:
I feel like school, back when I was actually in school, was more entertaining though, because of how much I get to interact with people, hang out with friends, and other stuff like that. All I get to talk to at work is my boring coworkers lol
Today at 12:46 AM
@
Sicklyboy
:
Getting paid is definitely a plus, though
+2
Today at 12:47 AM
@
Psionic Roshambo
:
20 dollars is 20 dollars lol
Today at 12:47 AM
@
Psionic Roshambo
:
https://m.youtube.com/watch?v=6aie4...1dCAyMCBkb2xsYXJzIGlzIDIwIGRvbGxhcnMgbWVtZQ==
+1
Today at 12:49 AM
@
Xdqwerty
:
yawn
Today at 1:16 AM
@
K3Nv2
:
https://youtu.be/sGvT5FKSiyk?si=TYqsdjjbF-4N8Xc8
Today at 1:31 AM
@
BakerMan
:
laye to the paryy?
59 minutes ago
@
BakerMan
:
wow that was my best attempt at typing "late to the party?" with my eyes closed
58 minutes ago
@
BakerMan
:
know what, here's another attempt
58 minutes ago
@
BakerMan
:
laye to the party?
58 minutes ago
@
BakerMan
:
damn
57 minutes ago
@
Psionic Roshambo
:
Laid at the party is fun unless you're in prison lol
25 minutes ago
@
K3Nv2
:
It's all fun and games until the soap gets dropped
+1
6 minutes ago
@
Psionic Roshambo
:
https://m.youtube.com/watch?v=3xQO7neBmy0&pp=ygUXU2hvd2VyIHNjZW5lIEhhbGYgYmFrZWQ=
2 minutes ago
Submit
@
Psionic Roshambo
:
https://m.youtube.com/watch?v=3xQO7neBmy0&pp=ygUXU2hvd2VyIHNjZW5lIEhhbGYgYmFrZWQ%3D
2 minutes ago
Chat
2