|
| ||
| Views: 1,394,901 | Main | Rules/FAQ | Memberlist | Active users | Last posts | Calendar | Stats | Online users | Search | 04-24-24 08:10 PM |
| Guest: | ||
| Main - Posts by pseudov |
| pseudov |
| ||
|
Member Normal user Level: 8 Posts: 1/10 EXP: 1804 Next: 383 Since: 05-27-15 From: Canada Last post: 3186 days ago Last view: 3107 days ago |
Bonjour! Hopefully, this project is continued. So far, this is the only homebrew solution for browserless systems on 5.0 - 9.2
It compiles successfully, but without the proper blowfish_processed.bin, the generated files are unusable. Have tried going through both a ramdump and code.bin from exefs, but all I've come up with are the default arrays for blowfish. Any hints for calculating/extracting the blowfish stuff are greatly appreciated. |
| pseudov |
| ||
|
Member Normal user Level: 8 Posts: 2/10 EXP: 1804 Next: 383 Since: 05-27-15 From: Canada Last post: 3186 days ago Last view: 3107 days ago |
Thanks for the quick reply, StapleButter 
Hope I can figure that out when I get home from work. |
| pseudov |
| ||
|
Member Normal user Level: 8 Posts: 3/10 EXP: 1804 Next: 383 Since: 05-27-15 From: Canada Last post: 3186 days ago Last view: 3107 days ago |
Aaaand I still haven't figured it out. XORed the blowfish init arrays with what I assume the raw key is. Tried a lot of different possible keys, but still failed.
Is that 0x48 bytes from a ramdump or from code.bin? |
| pseudov |
| ||
|
Member Normal user Level: 8 Posts: 4/10 EXP: 1804 Next: 383 Since: 05-27-15 From: Canada Last post: 3186 days ago Last view: 3107 days ago |
Oh man, still nothing after two long nights. ARM assembly is definitely not my thing. Is there supposed to be something useful at 0x1048 bytes? Or should I concentrate on the key at 0x48 bytes?
Even if it's hardcoded to your local network, I figured I might still be able to use it by manually transferring the payload files through Savedatafiler (I have access to another 3DS). That is, once I get this darn blowfish_processed.bin |
| pseudov |
| ||
|
Member Normal user Level: 8 Posts: 5/10 EXP: 1804 Next: 383 Since: 05-27-15 From: Canada Last post: 3186 days ago Last view: 3107 days ago |
I feel like an idiot now. I thought the 0x48 and 0x1028 bytes you mentioned were offsets, not sizes. Nonetheless, any other hints are very much appreciated. |
| pseudov |
| ||
|
Member Normal user Level: 8 Posts: 6/10 EXP: 1804 Next: 383 Since: 05-27-15 From: Canada Last post: 3186 days ago Last view: 3107 days ago |
Managed to compile Staplehax with the correct blowfish_processed.bin, but it freezes at the loading screen. It hangs at
hax = khaxInit();
and doesn't return an error code, which makes debugging hard (for me, at least)
This is on an old 9.2.0-20U |
| pseudov |
| ||
|
Member Normal user Level: 8 Posts: 7/10 EXP: 1804 Next: 383 Since: 05-27-15 From: Canada Last post: 3186 days ago Last view: 3107 days ago |
Sure thing, it'll be my pleasure to test.
I have two old 3DS units to work with: 8.1.0-0U 9.2.0-20U EDIT: With what firmware version did you get the current Staplehax build to work? |
| pseudov |
| ||
|
Member Normal user Level: 8 Posts: 8/10 EXP: 1804 Next: 383 Since: 05-27-15 From: Canada Last post: 3186 days ago Last view: 3107 days ago |
I'm not sure how important the SYSTEM_VERSION minor is, but I noticed that both the systems I tested were not specifically listed in the System version table of khaxinit.cpp |
| pseudov |
| ||
|
Member Normal user Level: 8 Posts: 9/10 EXP: 1804 Next: 383 Since: 05-27-15 From: Canada Last post: 3186 days ago Last view: 3107 days ago |
After my limited debugging abilities, I have determined that it hangs somewhere at:
Result KHAX::MemChunkHax::Step5_CorruptCreateThread()
Maybe this: u32 writeaddr = GetMagicalPointer() + 0xF3D;
is version specific? |
| pseudov |
| ||
|
Member Normal user Level: 8 Posts: 10/10 EXP: 1804 Next: 383 Since: 05-27-15 From: Canada Last post: 3186 days ago Last view: 3107 days ago |
Posted by MassExplosion213 Posted by StapleButter ^That, and with the release of Ninjhax 2.0 and the upcoming Ironhax, it seems this project has been put aside for now. Hopefully when Ninjhax 2.0 source comes out, StapleButter might take interest in this project once again. |
| Main - Posts by pseudov |
|
Page rendered in 0.011 seconds. (2048KB of memory used) MySQL - queries: 22, rows: 79/79, time: 0.006 seconds. ![[powered by Acmlm]](img/poweredbyacmlm.png "powering nostalgia")
Acmlmboard 2.064 (2018-07-20)© 2005-2008 Acmlm, Xkeeper, blackhole89 et al. |