More actions
m (Text replacement - "|discussion=" to "|donation=") |
m (Text replacement - "Category:3DS homebrew loaders" to "") |
||
Line 70: | Line 70: | ||
* @aliaspider: memchunkhax code | * @aliaspider: memchunkhax code | ||
[[Category:Exploits for 3DS]] | [[Category:Exploits for 3DS]] |
Latest revision as of 06:03, 6 Mayıs 2024
universal-otherapp | |
---|---|
General | |
Author | TuxSH |
Type | Exploits |
Version | v1.4.0 |
License | MIT License |
Last Updated | 2022/05/24 |
Links | |
Download | |
Website | |
Source | |
universal-otherapp is a payload that is capable of running on all system versions, ranging from 1.0 to 11.15, across all regions and models of devices. This payload utilizes complete exploit chains to execute a payload from the SD card.
Usage
This depends on the exploit. The recommended exploit for system versions 1.0 to 11.3 is soundhax, in which case you just have to put otherapp.bin
onto the root of your SD card.
Technical details
We leverage a kernel exploit to alter L1 translation tables entries that were never previously accessed, then run kernelhaxcode_3ds
which does the rest of the job.
- Below system version 9.3: we use memchunkhax1
- 9.3 to 11.15: we exploit
sm
then leverage this to exploitspi
. SPI sysmodule has access toGPUPROT
, subsequently allowing us to GPU DMA over the kernel memoryspi
vulnerability has been documented on 3dbrew for years, and hasn't yet been fixedsm
vulnerability is an unreported 0day. Fixed in system version 11.16safehax
oragbhax
used depending on version.agbhax
hasn't yet been fixed
Testing with Luma3DS
Need to disable firmlaunch patches & build without custom sm
sysmodule if using Luma3DS.
Media
PATCHED! Install CFW on a New Nintendo 3DS 11.14 with Browserhax & universal-otherapp [2021|HD] - (NintendoBrew)
Changelog
v1.4.0
- Add support for system version 9.3, 9.4, 9.5 (previously missing by accident)
- Even more LCD fill colors for troubleshooting (orange/magenta/pink)
v1.3.0
- New LCD fill colors for troubleshooting: gray before memchunkhax, white before smpwn, gray-blue after smpwn
- Add a new exploit path for people with corrupted 3DS systems (mismatching kernel and system title versions). This is disabled by default, however, and needs a rebuild; refer to this line.
- Stop writing to lgy.log
- Other minor changes
v1.2.0
- current browserhax exploit is now supported without changes to the latter:
- memory usage decreased
- payload is now position-independent
- You may have to rename this file to arm11code.bin to use it with 11.14 browserhax.
v1.1.0
- Add support for up to 11.14 (current system version at the time of writing)
v1.0.1
- Fix support for 9.3-11.3
- Add more troubleshooting via LCD fill:
- top screen is filled with white when this otherapp starts running
- bottom screen is filled with red in case an error happens
v1.0.0
- This launches SafeB9SInstaller.bin at the root of your SD card by default.
Credits
- @zoogie: testing and debugging on exotic firmware versions
- @fincs: exploitation ideas, etc.
- @aliaspider: memchunkhax code