More actions
No edit summary |
m (Text replacement - "Category:3DS homebrew loaders" to "") |
||
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{Infobox | |||
| title = universal-otherapp | {{Infobox 3DS Homebrews | ||
| image = | |title=universal-otherapp | ||
| type = Exploits | |image=3ds.png | ||
| version=v1. | |description=Userland -> Kernel11 -> Arm9 otherapp for 3DS system versions 1.0 to <= 11.14. | ||
| | |author=TuxSH | ||
|lastupdated=2022/05/24 | |||
| | |type=Exploits | ||
|version=v1.4.0 | |||
| | |license=MIT | ||
| source = | |download=https://dlhb.gamebrew.org/3dshomebrews/universalotherapp3ds.7z | ||
|website=https://github.com/TuxSH/universal-otherapp | |||
|source=https://github.com/TuxSH/universal-otherapp | |||
|donation= | |||
}} | }} | ||
{{#seo: | |||
|title= (Exploits) - GameBrew | |||
== universal-otherapp | |title_mode=append | ||
|image=3ds.png | |||
|image_alt=universal-otherapp | |||
}} | |||
universal-otherapp is a payload that is capable of running on all system versions, ranging from 1.0 to 11.15, across all regions and models of devices. This payload utilizes complete exploit chains to execute a payload from the SD card. | |||
== Usage == | == Usage == | ||
This depends on the exploit. The recommended exploit for system versions 1.0 to 11.3 is [https://github.com/nedwill/soundhax soundhax], in which case you just have to put <code>otherapp.bin</code> onto the root of your SD card. | This depends on the exploit. The recommended exploit for system versions 1.0 to 11.3 is [https://github.com/nedwill/soundhax soundhax], in which case you just have to put <code>otherapp.bin</code> onto the root of your SD card. | ||
== Technical details == | == Technical details == | ||
We leverage a kernel exploit to alter L1 translation tables entries that were never previously accessed, then run <code>kernelhaxcode_3ds</code> which does the rest of the job. | We leverage a kernel exploit to alter L1 translation tables entries that were never previously accessed, then run <code>kernelhaxcode_3ds</code> which does the rest of the job. | ||
* '''Below system version 9.3''': we use memchunkhax1 | * '''Below system version 9.3''': we use memchunkhax1 | ||
* '''9.3 | * '''9.3 to 11.15''': we exploit <code>sm</code> then leverage this to exploit <code>spi</code>. SPI sysmodule has access to <code>GPUPROT</code>, subsequently allowing us to GPU DMA over the kernel memory | ||
* | ** <code>spi</code> vulnerability has been documented on 3dbrew for years, and hasn't yet been fixed | ||
* <code>spi</code> vulnerability has been documented on 3dbrew for years | ** <code>sm</code> vulnerability is an unreported 0day. Fixed in system version 11.16 | ||
* <code>sm</code> vulnerability is an unreported 0day | ** <code>safehax</code> or <code>agbhax</code> used depending on version. <code>agbhax</code> hasn't yet been fixed | ||
* <code>safehax</code> or <code>agbhax</code> used depending on version | |||
== Testing with Luma3DS == | == Testing with Luma3DS == | ||
Need to disable firmlaunch patches & build without custom <code>sm</code> sysmodule if using [[Luma3DS]]. | |||
==Media== | |||
'''PATCHED! Install CFW on a New Nintendo 3DS 11.14 with Browserhax & universal-otherapp [2021|HD] - ([https://www.youtube.com/watch?v=1DFUeFjYgUE NintendoBrew])'''<br> | |||
<youtube>1DFUeFjYgUE</youtube> | |||
==Changelog== | |||
'''v1.4.0''' | |||
* Add support for system version 9.3, 9.4, 9.5 (previously missing by accident) | |||
* Even more LCD fill colors for troubleshooting (orange/magenta/pink) | |||
'''v1.3.0''' | |||
* New LCD fill colors for troubleshooting: gray before memchunkhax, white before smpwn, gray-blue after smpwn | |||
* Add a new exploit path for people with corrupted 3DS systems (mismatching kernel and system title versions). This is disabled by default, however, and needs a rebuild; refer to [https://github.com/TuxSH/universal-otherapp/commit/e5252ab7dd738dac3d0192bbefb77012f8145c6d#diff-7aaf2a1060a633eda3e75a71e84bdf8379c109b66a897e5094c655c602b6f71fR89 this line]. | |||
* Stop writing to lgy.log | |||
* Other minor changes | |||
'''v1.2.0''' | |||
* current browserhax exploit is now supported without changes to the latter: | |||
** memory usage decreased | |||
** payload is now position-independent | |||
* You may have to rename this file to arm11code.bin to use it with 11.14 browserhax. | |||
'''v1.1.0''' | |||
*Add support for up to 11.14 (current system version at the time of writing) | |||
'''v1.0.1''' | |||
* Fix support for 9.3-11.3 | |||
* Add more troubleshooting via LCD fill: | |||
** top screen is filled with white when this otherapp starts running | |||
** bottom screen is filled with red in case an error happens | |||
'''v1.0.0''' | |||
*This launches SafeB9SInstaller.bin at the root of your SD card by default. | |||
== Credits == | == Credits == | ||
* @zoogie: testing and debugging on exotic firmware versions | * @zoogie: testing and debugging on exotic firmware versions | ||
* @fincs: exploitation ideas, etc. | * @fincs: exploitation ideas, etc. | ||
* @aliaspider: memchunkhax code | * @aliaspider: memchunkhax code | ||
[[Category:Exploits for 3DS]] |
Latest revision as of 06:03, 6 Mayıs 2024
universal-otherapp | |
---|---|
General | |
Author | TuxSH |
Type | Exploits |
Version | v1.4.0 |
License | MIT License |
Last Updated | 2022/05/24 |
Links | |
Download | |
Website | |
Source | |
universal-otherapp is a payload that is capable of running on all system versions, ranging from 1.0 to 11.15, across all regions and models of devices. This payload utilizes complete exploit chains to execute a payload from the SD card.
Usage
This depends on the exploit. The recommended exploit for system versions 1.0 to 11.3 is soundhax, in which case you just have to put otherapp.bin
onto the root of your SD card.
Technical details
We leverage a kernel exploit to alter L1 translation tables entries that were never previously accessed, then run kernelhaxcode_3ds
which does the rest of the job.
- Below system version 9.3: we use memchunkhax1
- 9.3 to 11.15: we exploit
sm
then leverage this to exploitspi
. SPI sysmodule has access toGPUPROT
, subsequently allowing us to GPU DMA over the kernel memoryspi
vulnerability has been documented on 3dbrew for years, and hasn't yet been fixedsm
vulnerability is an unreported 0day. Fixed in system version 11.16safehax
oragbhax
used depending on version.agbhax
hasn't yet been fixed
Testing with Luma3DS
Need to disable firmlaunch patches & build without custom sm
sysmodule if using Luma3DS.
Media
PATCHED! Install CFW on a New Nintendo 3DS 11.14 with Browserhax & universal-otherapp [2021|HD] - (NintendoBrew)
Changelog
v1.4.0
- Add support for system version 9.3, 9.4, 9.5 (previously missing by accident)
- Even more LCD fill colors for troubleshooting (orange/magenta/pink)
v1.3.0
- New LCD fill colors for troubleshooting: gray before memchunkhax, white before smpwn, gray-blue after smpwn
- Add a new exploit path for people with corrupted 3DS systems (mismatching kernel and system title versions). This is disabled by default, however, and needs a rebuild; refer to this line.
- Stop writing to lgy.log
- Other minor changes
v1.2.0
- current browserhax exploit is now supported without changes to the latter:
- memory usage decreased
- payload is now position-independent
- You may have to rename this file to arm11code.bin to use it with 11.14 browserhax.
v1.1.0
- Add support for up to 11.14 (current system version at the time of writing)
v1.0.1
- Fix support for 9.3-11.3
- Add more troubleshooting via LCD fill:
- top screen is filled with white when this otherapp starts running
- bottom screen is filled with red in case an error happens
v1.0.0
- This launches SafeB9SInstaller.bin at the root of your SD card by default.
Credits
- @zoogie: testing and debugging on exotic firmware versions
- @fincs: exploitation ideas, etc.
- @aliaspider: memchunkhax code