Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Universal-otherapp 3DS: Difference between revisions

From GameBrew
No edit summary
No edit summary
Line 2: Line 2:
{{Infobox 3DS Homebrews
{{Infobox 3DS Homebrews
|title=universal-otherapp
|title=universal-otherapp
|image=universalotherapp3ds.png
|image=3ds.png
|description=Userland -> Kernel11 -> Arm9 otherapp for 3DS system versions 1.0 to <= 11.14.
|description=Userland -> Kernel11 -> Arm9 otherapp for 3DS system versions 1.0 to <= 11.14.
|author=TuxSH
|author=TuxSH
Line 17: Line 17:
|title= (Exploits) - GameBrew
|title= (Exploits) - GameBrew
|title_mode=append
|title_mode=append
|image=universalotherapp3ds.png
|image=3ds.png
|image_alt=universal-otherapp
|image_alt=universal-otherapp
}}
}}

Revision as of 10:55, 25 April 2023

universal-otherapp
3ds.png
General
AuthorTuxSH
TypeExploits
Versionv1.4.0
LicenseMIT License
Last Updated2022/05/24
Links
Download
Website
Source

universal-otherapp is a payload that is capable of running on all system versions, ranging from 1.0 to 11.15, across all regions and models of devices. This payload utilizes complete exploit chains to execute a payload from the SD card.

Usage

This depends on the exploit. The recommended exploit for system versions 1.0 to 11.3 is soundhax, in which case you just have to put otherapp.bin onto the root of your SD card.

Technical details

We leverage a kernel exploit to alter L1 translation tables entries that were never previously accessed, then run kernelhaxcode_3ds which does the rest of the job.

  • Below system version 9.3: we use memchunkhax1
  • 9.3 to 11.15: we exploit sm then leverage this to exploit spi. SPI sysmodule has access to GPUPROT, subsequently allowing us to GPU DMA over the kernel memory
    • spi vulnerability has been documented on 3dbrew for years, and hasn't yet been fixed
    • sm vulnerability is an unreported 0day. Fixed in system version 11.16
    • safehax or agbhax used depending on version. agbhax hasn't yet been fixed

Testing with Luma3DS

Need to disable firmlaunch patches & build without custom sm sysmodule if using Luma3DS.

Media

PATCHED! Install CFW on a New Nintendo 3DS 11.14 with Browserhax & universal-otherapp [2021|HD] - (NintendoBrew)

Changelog

v1.4.0

  • Add support for system version 9.3, 9.4, 9.5 (previously missing by accident)
  • Even more LCD fill colors for troubleshooting (orange/magenta/pink)

v1.3.0

  • New LCD fill colors for troubleshooting: gray before memchunkhax, white before smpwn, gray-blue after smpwn
  • Add a new exploit path for people with corrupted 3DS systems (mismatching kernel and system title versions). This is disabled by default, however, and needs a rebuild; refer to this line.
  • Stop writing to lgy.log
  • Other minor changes

v1.2.0

  • current browserhax exploit is now supported without changes to the latter:
    • memory usage decreased
    • payload is now position-independent
  • You may have to rename this file to arm11code.bin to use it with 11.14 browserhax.

v1.1.0

  • Add support for up to 11.14 (current system version at the time of writing)

v1.0.1

  • Fix support for 9.3-11.3
  • Add more troubleshooting via LCD fill:
    • top screen is filled with white when this otherapp starts running
    • bottom screen is filled with red in case an error happens

v1.0.0

  • This launches SafeB9SInstaller.bin at the root of your SD card by default.

Credits

  • @zoogie: testing and debugging on exotic firmware versions
  • @fincs: exploitation ideas, etc.
  • @aliaspider: memchunkhax code

Advertising: