More actions
3DS Toolkit by Fierce Waffle | |
---|---|
General | |
Author | Fierce Waffle |
Type | System Tools |
Version | 2014 |
License | Mixed |
Last Updated | 2013/12/26 |
Links | |
Download | |
Website | |
This application has been obsoleted by one or more applications that serve the same purpose, but are more stable or maintained. |
The 3DS Toolkit is a utility that can extract memory dump, developed by Fierce Waffle. The project was initially titled ROP Loader, where ROP is an abbreviation for Return-Oriented Programming, and is one of the exploit technologies that utilize the code of programs that are already installed.
User guide
How does it work
Since the 3DS Toolkit uses the same DS Profile exploit as Gateway 3DS, the operating environment is 4.1-4.5. The DS Profile exploit is/was a well known, but not often performed exploit for the Nintendo 3DS. This exploit involved setting a value too high for the length of a string which caused too much to be read on the stack.
There is a file called SYS: /Launcher.dat that 3DS uses to configure the system, and the first character "S" is removed from the string "SYS: /Launcher.dat" in the memory of 3DS. Furthermore, by mounting the SD card as "YS: /", Launcher.dat functions as ROP.
However, that alone is only a userland exploit (DS Profile exploit), so in order to go beyond that it would require a kernel exploit. The method this 3DS Toolkit used is through changing the permissions of IOpen_File, which allows user to dump RAM and possbility to execute custom codes.
How to use
Copy the ROPLoader.nds file to any flashcart compatible 3DS flashcard.
Insert the flash card and open the 'game' with the title of ROPLoader.
When loaded, press the A button to initiate the initial ROP payload installation process
If the verification process fails, repeat steps 2-3. Otherwise, press A to return to your 3DS home menu.
Copy the Launcher.dat that you wish to use to your 3DS' SD card and reinsert the SD into your 3DS.
To initiate the exploit navigate to System Settings > Other Settings > Profile > Nintendo DS Profile.
References
Changelog
v0.0.0.2 2013/12/26
- Fixed Verify Bug.
- Fixed an error users would get when installing the ROP Loader.
v0.0.0.1 2013/12/25
- Initial Release.
- RAM dumping from 0x00100000 with a size of 0x00300000 bytes.
External links
- GitHub - https://github.com/naehrwert/p3ds
- Official website - http://www.fiercewaffle.com/softwareArticle.php?id=10 (archived)
- GBAtemp - https://gbatemp.net/threads/homebrew-development.360646