Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Universal-otherapp 3DS: Difference between revisions

From GameBrew
m (Text replacement - "image = https://dlhb.gamebrew.org/3dshomebrew/" to "image = ")
m (Text replacement - "Category:3DS homebrew loaders" to "")
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Infobox 3DS Homebrews
{{Infobox 3DS Homebrews
| title = universal-otherapp
|title=universal-otherapp
| image = universal-otherapp.jpg|250px
|image=3ds.png
| type = Exploits
|description=Userland -> Kernel11 -> Arm9 otherapp for 3DS system versions 1.0 to <= 11.14.
| version=v1.3.0
|author=TuxSH
| lastupdated = 2021/02/14
|lastupdated=2022/05/24
| licence = Mixed
|type=Exploits
| author = TuxSH
|version=v1.4.0
| website = https://github.com/TuxSH/universal-otherapp
|license=MIT
| download = https://dlhb.gamebrew.org/3dshomebrew/universal-otherapp.rar
|download=https://dlhb.gamebrew.org/3dshomebrews/universalotherapp3ds.7z
| source = https://github.com/TuxSH/universal-otherapp
|website=https://github.com/TuxSH/universal-otherapp
|source=https://github.com/TuxSH/universal-otherapp
|donation=
}}
}}
<youtube>1DFUeFjYgUE</youtube>
{{#seo:
 
|title= (Exploits) - GameBrew
== universal-otherapp ==
|title_mode=append
 
|image=3ds.png
Otherapp payload compatible with system versions 1.0 to 11.14 (all regions, all models) that leverages full exploit chains to ultimately execute a payload from the SD card.
|image_alt=universal-otherapp
}}
universal-otherapp is a payload that is capable of running on all system versions, ranging from 1.0 to 11.15, across all regions and models of devices. This payload utilizes complete exploit chains to execute a payload from the SD card.


== Usage ==
== Usage ==
This depends on the exploit. The recommended exploit for system versions 1.0 to 11.3 is [https://github.com/nedwill/soundhax soundhax], in which case you just have to put <code>otherapp.bin</code> onto the root of your SD card.
This depends on the exploit. The recommended exploit for system versions 1.0 to 11.3 is [https://github.com/nedwill/soundhax soundhax], in which case you just have to put <code>otherapp.bin</code> onto the root of your SD card.


== Technical details ==
== Technical details ==
We leverage a kernel exploit to alter L1 translation tables entries that were never previously accessed, then run <code>kernelhaxcode_3ds</code> which does the rest of the job.
We leverage a kernel exploit to alter L1 translation tables entries that were never previously accessed, then run <code>kernelhaxcode_3ds</code> which does the rest of the job.


* '''Below system version 9.3''': we use memchunkhax1
* '''Below system version 9.3''': we use memchunkhax1
* '''9.3 and above''': we exploit <code>sm</code> then leverage this to exploit <code>spi</code>. SPI sysmodule has access to <code>GPUPROT</code>, subsequently allowing us to GPU DMA over the kernel memory
* '''9.3 to 11.15''': we exploit <code>sm</code> then leverage this to exploit <code>spi</code>. SPI sysmodule has access to <code>GPUPROT</code>, subsequently allowing us to GPU DMA over the kernel memory
* '''Full writeup coming around Christmas'''
** <code>spi</code> vulnerability has been documented on 3dbrew for years, and hasn't yet been fixed
* <code>spi</code> vulnerability has been documented on 3dbrew for years
** <code>sm</code> vulnerability is an unreported 0day. Fixed in system version 11.16
* <code>sm</code> vulnerability is an unreported 0day, however I have fixed the bug in Luma3DS's reimpl back in 2017. I believe this is fine to release it now, as the 3DS is EoL and people can use seedminer on latest system version anyway
** <code>safehax</code> or <code>agbhax</code> used depending on version. <code>agbhax</code> hasn't yet been fixed
* <code>safehax</code> or <code>agbhax</code> used depending on version


== Testing with Luma3DS ==
== Testing with Luma3DS ==
Need to disable firmlaunch patches &amp; build without custom <code>sm</code> sysmodule if using [[Luma3DS]].
==Media==
'''PATCHED! Install CFW on a New Nintendo 3DS 11.14 with Browserhax & universal-otherapp [2021|HD] - ([https://www.youtube.com/watch?v=1DFUeFjYgUE NintendoBrew])'''<br>
<youtube>1DFUeFjYgUE</youtube>


Need to disable firmlaunch patches &amp; build without custom <code>sm</code> sysmodule if using Luma3DS.
==Changelog==
'''v1.4.0'''
* Add support for system version 9.3, 9.4, 9.5 (previously missing by accident)
* Even more LCD fill colors for troubleshooting (orange/magenta/pink)
'''v1.3.0'''
* New LCD fill colors for troubleshooting: gray before memchunkhax, white before smpwn, gray-blue after smpwn
* Add a new exploit path for people with corrupted 3DS systems (mismatching kernel and system title versions). This is disabled by default, however, and needs a rebuild; refer to [https://github.com/TuxSH/universal-otherapp/commit/e5252ab7dd738dac3d0192bbefb77012f8145c6d#diff-7aaf2a1060a633eda3e75a71e84bdf8379c109b66a897e5094c655c602b6f71fR89 this line].
* Stop writing to lgy.log
* Other minor changes
'''v1.2.0'''
* current browserhax exploit is now supported without changes to the latter:
** memory usage decreased
** payload is now position-independent
* You may have to rename this file to arm11code.bin to use it with 11.14 browserhax.
'''v1.1.0'''
*Add support for up to 11.14 (current system version at the time of writing)
'''v1.0.1'''
* Fix support for 9.3-11.3
* Add more troubleshooting via LCD fill:
** top screen is filled with white when this otherapp starts running
** bottom screen is filled with red in case an error happens
'''v1.0.0'''
*This launches SafeB9SInstaller.bin at the root of your SD card by default.


== Credits ==
== Credits ==
* @zoogie: testing and debugging on exotic firmware versions
* @zoogie: testing and debugging on exotic firmware versions
* @fincs: exploitation ideas, etc.
* @fincs: exploitation ideas, etc.
* @aliaspider: memchunkhax code
* @aliaspider: memchunkhax code
[[Category:Exploits for 3DS]]

Latest revision as of 06:03, 6 Mayıs 2024

universal-otherapp
3ds.png
General
AuthorTuxSH
TypeExploits
Versionv1.4.0
LicenseMIT License
Last Updated2022/05/24
Links
Download
Website
Source

universal-otherapp is a payload that is capable of running on all system versions, ranging from 1.0 to 11.15, across all regions and models of devices. This payload utilizes complete exploit chains to execute a payload from the SD card.

Usage

This depends on the exploit. The recommended exploit for system versions 1.0 to 11.3 is soundhax, in which case you just have to put otherapp.bin onto the root of your SD card.

Technical details

We leverage a kernel exploit to alter L1 translation tables entries that were never previously accessed, then run kernelhaxcode_3ds which does the rest of the job.

  • Below system version 9.3: we use memchunkhax1
  • 9.3 to 11.15: we exploit sm then leverage this to exploit spi. SPI sysmodule has access to GPUPROT, subsequently allowing us to GPU DMA over the kernel memory
    • spi vulnerability has been documented on 3dbrew for years, and hasn't yet been fixed
    • sm vulnerability is an unreported 0day. Fixed in system version 11.16
    • safehax or agbhax used depending on version. agbhax hasn't yet been fixed

Testing with Luma3DS

Need to disable firmlaunch patches & build without custom sm sysmodule if using Luma3DS.

Media

PATCHED! Install CFW on a New Nintendo 3DS 11.14 with Browserhax & universal-otherapp [2021|HD] - (NintendoBrew)

Changelog

v1.4.0

  • Add support for system version 9.3, 9.4, 9.5 (previously missing by accident)
  • Even more LCD fill colors for troubleshooting (orange/magenta/pink)

v1.3.0

  • New LCD fill colors for troubleshooting: gray before memchunkhax, white before smpwn, gray-blue after smpwn
  • Add a new exploit path for people with corrupted 3DS systems (mismatching kernel and system title versions). This is disabled by default, however, and needs a rebuild; refer to this line.
  • Stop writing to lgy.log
  • Other minor changes

v1.2.0

  • current browserhax exploit is now supported without changes to the latter:
    • memory usage decreased
    • payload is now position-independent
  • You may have to rename this file to arm11code.bin to use it with 11.14 browserhax.

v1.1.0

  • Add support for up to 11.14 (current system version at the time of writing)

v1.0.1

  • Fix support for 9.3-11.3
  • Add more troubleshooting via LCD fill:
    • top screen is filled with white when this otherapp starts running
    • bottom screen is filled with red in case an error happens

v1.0.0

  • This launches SafeB9SInstaller.bin at the root of your SD card by default.

Credits

  • @zoogie: testing and debugging on exotic firmware versions
  • @fincs: exploitation ideas, etc.
  • @aliaspider: memchunkhax code

Advertising: