More actions
No edit summary |
No edit summary |
||
(8 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
|title=3DS Toolkit by Fierce Waffle | |title=3DS Toolkit by Fierce Waffle | ||
|image=3dstoolkitfie2.png | |image=3dstoolkitfie2.png | ||
|description=3DS RAM dumper. | |description=3DS RAM dumper and ROP Loader. | ||
|author=Fierce Waffle | |author=Fierce Waffle | ||
|lastupdated=2013/12/26 | |lastupdated=2013/12/26 | ||
|type= | |type=System Tools | ||
|version=2014 | |version=2014 | ||
|license=Mixed | |license=Mixed | ||
|download=https://dlhb.gamebrew.org/3dshomebrews/ | |download=https://dlhb.gamebrew.org/3dshomebrews/3dstoolkitbinaries.zip | ||
|website=https://gbatemp.net/threads/homebrew-development.360646 | |website=https://gbatemp.net/threads/homebrew-development.360646 | ||
}} | }} | ||
Line 34: | Line 34: | ||
Copy the Launcher.dat that you wish to use to your 3DS' SD card and reinsert the SD into your 3DS. | Copy the Launcher.dat that you wish to use to your 3DS' SD card and reinsert the SD into your 3DS. | ||
To initiate the exploit navigate to System Settings> Other Settings> Profile> Nintendo DS Profile. | To initiate the exploit navigate to System Settings > Other Settings > Profile > Nintendo DS Profile. | ||
===References=== | ===References=== | ||
* [http://3dbrew.org/wiki/Filesystem_services Nintendo 3DS Filesystem Services] | * [http://3dbrew.org/wiki/Filesystem_services Nintendo 3DS Filesystem Services]. | ||
* [http://3dbrew.org/wiki/Memory_layout Nintendo 3DS Memory Layout] | * [http://3dbrew.org/wiki/Memory_layout Nintendo 3DS Memory Layout]. | ||
* [http://3dbrew.org/wiki/3DS_System_Flaws Nintendo 3DS Exploits] | * [http://3dbrew.org/wiki/3DS_System_Flaws Nintendo 3DS Exploits]. | ||
* [https://web.archive.org/web/20140203084258/http://nocash.emubase.de/gbatek.htm#dsserialperipheralinterfacebusspi DS Serial Peripheral Interface Bus] | * [https://web.archive.org/web/20140203084258/http://nocash.emubase.de/gbatek.htm#dsserialperipheralinterfacebusspi DS Serial Peripheral Interface Bus] (archived). | ||
* [https://web.archive.org/web/20140122214721/http://smealum.net/?page_id=299 3DS Homebrew and Custom Firmware] | * [https://web.archive.org/web/20140122214721/http://smealum.net/?page_id=299 3DS Homebrew and Custom Firmware] (archived). | ||
==Changelog== | ==Changelog== | ||
Line 56: | Line 56: | ||
* Official website - [https://web.archive.org/web/20140122214721/http://www.fiercewaffle.com/softwareArticle.php?id=10 http://www.fiercewaffle.com/softwareArticle.php?id=10] (archived) | * Official website - [https://web.archive.org/web/20140122214721/http://www.fiercewaffle.com/softwareArticle.php?id=10 http://www.fiercewaffle.com/softwareArticle.php?id=10] (archived) | ||
* GBAtemp - https://gbatemp.net/threads/homebrew-development.360646 | * GBAtemp - https://gbatemp.net/threads/homebrew-development.360646 | ||
Latest revision as of 10:33, 22 Haziran 2024
3DS Toolkit by Fierce Waffle | |
---|---|
General | |
Author | Fierce Waffle |
Type | System Tools |
Version | 2014 |
License | Mixed |
Last Updated | 2013/12/26 |
Links | |
Download | |
Website | |
This application has been obsoleted by one or more applications that serve the same purpose, but are more stable or maintained. |
The 3DS Toolkit is a utility that can extract memory dump, developed by Fierce Waffle. The project was initially titled ROP Loader, where ROP is an abbreviation for Return-Oriented Programming, and is one of the exploit technologies that utilize the code of programs that are already installed.
User guide
How does it work
Since the 3DS Toolkit uses the same DS Profile exploit as Gateway 3DS, the operating environment is 4.1-4.5. The DS Profile exploit is/was a well known, but not often performed exploit for the Nintendo 3DS. This exploit involved setting a value too high for the length of a string which caused too much to be read on the stack.
There is a file called SYS: /Launcher.dat that 3DS uses to configure the system, and the first character "S" is removed from the string "SYS: /Launcher.dat" in the memory of 3DS. Furthermore, by mounting the SD card as "YS: /", Launcher.dat functions as ROP.
However, that alone is only a userland exploit (DS Profile exploit), so in order to go beyond that it would require a kernel exploit. The method this 3DS Toolkit used is through changing the permissions of IOpen_File, which allows user to dump RAM and possbility to execute custom codes.
How to use
Copy the ROPLoader.nds file to any flashcart compatible 3DS flashcard.
Insert the flash card and open the 'game' with the title of ROPLoader.
When loaded, press the A button to initiate the initial ROP payload installation process
If the verification process fails, repeat steps 2-3. Otherwise, press A to return to your 3DS home menu.
Copy the Launcher.dat that you wish to use to your 3DS' SD card and reinsert the SD into your 3DS.
To initiate the exploit navigate to System Settings > Other Settings > Profile > Nintendo DS Profile.
References
Changelog
v0.0.0.2 2013/12/26
- Fixed Verify Bug.
- Fixed an error users would get when installing the ROP Loader.
v0.0.0.1 2013/12/25
- Initial Release.
- RAM dumping from 0x00100000 with a size of 0x00300000 bytes.
External links
- GitHub - https://github.com/naehrwert/p3ds
- Official website - http://www.fiercewaffle.com/softwareArticle.php?id=10 (archived)
- GBAtemp - https://gbatemp.net/threads/homebrew-development.360646