Homebrew Why can't the ARM9 be hacked when running an Original DS game?

dotqurter_ · Oct 21, 2016

My question is that if the ARM9 is used for backwards compatibility when loading original DS/DSI games (this is what I understand from the FIRM page on 3dbrew, and a few other websites), why can't a stack/buffer overflow from the original games trigger a stack/buffer overflow in the ARM9, allowing it to be exploited for some homebrew on N3DS/O3DS on >11.1.0?

I'm just throwing that out there as a question, see if anyone else has thought of that. If so, could someone explain why this couldn't work? I mean, if the ARM9 > ARM11, a stack/buffer on the ARM9 should show at least some type of way to abuse it (maybe even to install unsigned .cia or do a downgrade to it).

Mikemk · Oct 21, 2016

It was at one point in time, it was called MSET. It's been patched. Now, all you can crash is yourself, and DS mode doesn't have SD access..
If we can find a way to run DSi homebrew from a flashcart, we can get free DSi downgrading though.

metroid maniac · Oct 21, 2016

You can run code on the ARM9, but all the interesting hardware has been turned off and can't be turned on without a reboot.

You don't need to exploit anything if you're using a flashcard. You're just plain running ARM9 code.

We already use that kind of "exploit" for the DSiWare downgrade.
When DSiWare runs it has complete access to the system NAND. All the interesting keys are already gone from memory though so it's the same as if you got a hardmod - encrypted and impossible to read sensible data to it.
However if you know what FIRM version is installed to the FIRM partition, you can deduce the keystream (xorpad) that decrypts/encrypts it, and can put your own older FIRM in there.
Usually the system menu checks if the FIRM matches the version of the rest of the system but for 11.1/11.0 > 10.4 they forgot. So you can then go ahead and downgrade to 9.2 with an ARM11 exploit.
This only works from DSiWare, not a TWL or NTR cartridge. In those cases, all the cool hardware has been disabled.

metroid maniac · Oct 21, 2016

Mikemk said:
It was at one point in time, it was called MSET. It's been patched. Now, all you can crash is yourself, and DS mode doesn't have SD access..
If we can find a way to run DSi homebrew from a flashcart, we can get free DSi downgrading though.

The MSET exploit didn't run in DS mode.

Also, it's unlikely. I'm not aware of any TWL cartridge games that have permission to use the internal NAND, so that hardware would be disabled.

Mikemk · Oct 21, 2016

metroid maniac said:
The MSET exploit didn't run in DS mode.

It was installed in DS mode.

metroid maniac · Oct 21, 2016

Mikemk said:
It was installed in DS mode.

But it wasn't executed in DS mode, which is what OP wants to know about.

dotqurter_ · Oct 22, 2016

So, technically it IS possible to downgrade the firmware to at least 10.x.xx (and then from 10.x downwards) using a method from the current 11.1.0-34U (I am running a 11.1.0-33U, using menuhax and stock homebrew, on O3DS. If you must know, its a USA model) using DSIware?
I would just enjoy someway to downgrade my firmware far enough where bbm (bigbluemenu) or some other custom firmware (and A9LH) without spending 65+$ for a possibly bricked direct downgrade from 11.1.0-33U (or whatever) to 9.5.x-xx.

Shadow#1 · Oct 22, 2016

dotqurter_ said:
So, technically it IS possible to downgrade the firmware to at least 10.x.xx (and then from 10.x downwards) using a method from the current 11.1.0-34U (I am running a 11.1.0-33U, using menuhax and stock homebrew, on O3DS. If you must know, its a USA model) using DSIware?
I would just enjoy someway to downgrade my firmware far enough where bbm (bigbluemenu) or some other custom firmware (and A9LH) without spending 65+$ for a possibly bricked direct downgrade from 11.1.0-33U (or whatever) to 9.5.x-xx.

bbm (bigbluemenu) isnt a cfw it is a tool from the sdk to install cia's

Mikemk · Oct 22, 2016

dotqurter_ said:
using menuhax and stock homebrew

No, you need another 3DS with a9lh already, install the dsiware hax on it, then system transfer the hack to the new 3ds.

dotqurter_ · Oct 22, 2016

Ok. Im installing Luma cfw on it rn, brb.

(Using the .3dsx method, then using the modified boot.3dsx for menuhax)

Mikemk · Oct 22, 2016

dotqurter_ said:
(Using the .3dsx method, then using the modified boot.3dsx for menuhax)

Has to be the a9lh method.

dotqurter_ · Oct 22, 2016

Ok, I noticed it when it refused to launch.
I'm going to check out the A9LH 3ds's right now.

(Dang it Nintendo, why does the easy stuff have to be broken by you all the time?)

Roomsaver · Oct 22, 2016

dotqurter_ said:
Ok, I noticed it when it refused to launch.
I'm going to check out the A9LH 3ds's right now.

(Dang it Nintendo, why does the easy stuff have to be broken by you all the time?)

If you're planning to install A9LH follow this guide.

gkoelho · Oct 22, 2016

Mikemk said:
It was at one point in time, it was called MSET. It's been patched. Now, all you can crash is yourself, and DS mode doesn't have SD access..
If we can find a way to run DSi homebrew from a flashcart, we can get free DSi downgrading though.

This a misconception, SD-access in DSi mode was already achieved. It has no use quite yet but make it work is a doable task.

dotqurter_ · Oct 30, 2016

Quick question:
If someone were to try to (maybe) find a useful task for DSi mode, where would I look, what would I use (like programming language) to test it, and is there a link I can use to find how the DSi mode SD-access works?

Homebrew Why can't the ARM9 be hacked when running an Original DS game?

Well-Known Member

Well-Known Member

An idiot with an opinion

An idiot with an opinion

Well-Known Member

An idiot with an opinion

Well-Known Member

Wii, 3DS Softmod & Dumpster Diving Expert

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum