EurAsiayour console hacking resource
Select topic
  Create an account Home  ·  Your Account  ·  Online Shop  ·  Forums  ·  Downloads new  ·  Wiki  
Main Menu
· Home
· About Us
· Downloads
· FAQ
· Forums
· Info Pages
· Members List
· Online Shop
· PDA - AvantGo
· Private Messages
· Search Stories
· Statistics
· Stories Archive
· Submit Story
· Top 10
· Topics
· Upload
· WAP
· Web Links
· Wiki
· Your Account

Online Shop
Credit Card

Bitcoin

Namecoin

EurAsia Online Shop
enter

new products
· Mars Pro GM-816HD
· EurAsia File Collection 2017
· Matrix Infinity 2.0
· Sky3DS Plus
· Modbo 5.0
· Screwdriver GC/SNES
· X360ACE V3
· E3 NOR Flasher
· TX J-R Programmer v2
· Corona Postfix Adapter V2
· SuperCIC SNES kit
· SuperCIC cart key
· Gateway 3DS
· X360ACE V1
· Wasp Fusion
· 3k3y 3KR (SATA)
· Mtx Glitcher v1
· Xk3y Reloaded (XKR)
· 3k3y Ripper v2
· Corona Postfix Adapter

complete price list

Tor Hidden Service
Tor Project
EurAsia Onion URL: wrqgfbrcgttkp6pi.onion

Who's Online
There are currently 258 guest(s) and 8 member(s) online.

baraka73 - deadbody - heydricas - k3nn - konkz - skel28 - sMtx - tripod731

Welcome honored guest. You can register for free by clicking here.

Site Protection
INFOSEC
BM

Hot Wikis
PS4 firmware updates
3k3y nokeys ISO tutorial
3DS game fw updates
3k3y microSD recovery
PS3 SKU Models
PS3 Metldrpwn
Xk3y microSD recovery
Xbox360 motherboards
Xbox360 Reset Glitch Hack
PS3 Blu-ray Drive
Homemade Sputnik360
PS3 BD drive swap
PSP Crypto Keys
PS3_Crypto_Keys
PS3 Hypervisor RE
PS3 Dongle User Guide
PSGroove tutorial
Xecuter LT Fakir
PS3 YLOD Fix
NSMB Modchip Tutorial
PS3 Glitch Hack
Xbox360NoDvdRom
Ps3FactoryRestore
Free60JtagHack
Ps3HddDecrypt
WiiKey2EjectFix
SaveMiiFree
WiiHwDiagram
Ps3OsRels
PandoraNoHomebrewPsp
GcOsMultiGameWiiHowTo
Xbox360LinuxBurn
Xbox360EraserFix
Xbox360Kernel
Xbox360DisasmXtreme
Ps2HdlPatchTutorial
Ps2VersionTable
XboxErrorCodes
XboxVersionTable
GameCubeLaserTweak
ModchipSolderingGuide
PspUmdIsoHaxorLinux

RSS Feed
News & Downloads & Wiki

IRC
#eur
EFnet

Hosted By

Ad

Respected Sites
Home of the Hitmen
radare
gc-forever
pouet.net
English Amiga Board
GXArena OFW Repo
WiiBrew
WiiUBrew
3DBrew
SwitchBrew
Games and Consoles
Maxconsole.com
Console Wizard
GameCube Linux
Xbox Linux
Xbox-Scene.com
XboxHacker.Net
xbins.org
Doom9.net
bunnie's blog
debugmo.de
GX-Mod.com
ElOtroLado.net
uCON64
GBADEV.ORG
GBAtemp.net
PocketHeaven.com
PDRoms
GameSX.com
ASSEMbler
phrack.org
Woz.org
Captain Crunch

Support...

Pirate Party

Bitcoin

Namecoin

radare

OpenCores
Electronic Frontier Foundation
Amnesty International

Nectarine Radio

Demovibes Radio

GNU
Linux
Mozilla

Total Page Views
We received
132106381
page views since June 2002

Waithax - 3DS kernel exploit released
Posted on Sunday, December 11, 2016 @ 02:19:19 GMT

3ds [source: endoverend @ gbatemp.net] User and resident hacker @Mrrraou has developed a public implementation of the 3DS kernel exploit known as slowhax. This is a huge step forward for the scene, however it only works up to firmware 11.1. While there are no user tools at the moment which take advantage of this development, expect tools very soon which can facilitate DSi downgrading among other hacks.

slowhax / waithax

Implementation of the slowhax / waithax ARM11 kernel exploit. Kind of intended as a reference implementation, sort of based on Steveice10's memchunkhax2 implementation. Definitely does not look the cleanest possible, feel free to contribute.

Can only work from 9.0 to 11.1, as the vulnerability was patched on 11.2. Use faster exploits if you can, though.

Only tested on my 10.3 New3DS, but I don't see why it would fail on other consoles. There are no hardcoded addresses in this implementation.

Exploit written in less than a day. Finding the strat took more time. No one really seemed to care about doing it apparently...

How to use

Please check the `main.c` file in the `source` folder for information on how to use this implementation in your own application. Take note that this implementation does not patch the SVC call access table, nor the process PID on its own. However, an helper method is given to run your own kernel mode code after running the exploit. This method *sort of* acts like svcBackdoor; but the given code will be run with the SVC-mode stack, instead of the userland caller thread stack.

Estimated time for running the exploit

Takes around 20 minutes for New3DS, and around 1 hour for Old3DS.

Known issues

* Crash in PM when rebooting the console / running another homebrew / exiting to Home Menu (probably due to some invalid handle or something). Minor issue.

Credits

* nedwill/derrek for discovering the vulnerability, they're the real guys here
* Steveice10 for the memchunkhax2 implementation
* AuroraWright/TuxSH for Luma3DS and its exception handlers, Subv/cell9 for the SVC access check patches which were extensively used for development
* TuxSH for finding the KSyncObject address leaking used in memchunkhax2, Kernel11 RE and lots of more stuff
* if I missed anyone in there please tell me

Source: Mrrraou @ https://github.com/Mrrraou/waithax

Note: The EurAsia forum topic is here.

 
Login
Nickname

Password

Member Registration

Related Links
· More about 3ds


Most read story about 3ds:
Nintendo 3DS Firmware 3.0.0-5 Released


Story Rating
Average Score: 4
Votes: 1



Options

Printer Friendly Page  Printer Friendly Page


"Login" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.
 

All trademarks and copyrights on this page are owned by their respective owners.
Comments and forum messages are owned by the Poster.