No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Infobox 3DS Homebrews | {{Infobox 3DS Homebrews | ||
|title= | |title=3DS Toolkit by Fierce Waffle | ||
|description= | |description=3DS RAM dumper. | ||
|author=Fierce Waffle | |author=Fierce Waffle | ||
|lastupdated= | |lastupdated=2013/12/26 | ||
|type= | |type=Developments | ||
|version=2014 | |version=2014 | ||
|license=Mixed | |license=Mixed | ||
|download=https://dlhb.gamebrew.org/ | |download=https://dlhb.gamebrew.org/3dshomebrews/3dstoolkitfie.7z | ||
|website=https://gbatemp.net/threads/homebrew-development.360646 | |website=https://gbatemp.net/threads/homebrew-development.360646 | ||
}} | }} | ||
{{Obsolete}} | |||
The 3DS Toolkit is a utility that can extract memory dump, developed by Fierce Waffle. The project was initially titled ROP Loader, where ROP is an abbreviation for Return-Oriented Programming, and is one of the exploit technologies that utilize the code of programs that are already installed. | |||
Since the 3DS Toolkit uses the same DS Profile exploit as Gateway 3DS, the operating environment is 4.1-4.5. | |||
The DS Profile exploit is/was a well known, but not often performed exploit for the Nintendo 3DS. This exploit involved setting a value too high for the length of a string which caused too much to be read on the stack. | |||
There is a file called SYS: /Launcher.dat that 3DS uses to configure the system, and the first character "S" is removed from the string "SYS: /Launcher.dat" in the memory of 3DS. Furthermore, by mounting the SD card as "YS: /", Launcher.dat functions as ROP. | |||
However, that alone is only a userland exploit (DS Profile exploit), so in order to go beyond that it would require a kernel exploit. The method this 3DS Toolkit used is through changing the permissions of IOpen_File, which allows user to dump RAM and possbility to execute custom codes. | |||
==User guide== | |||
===How to use=== | |||
Copy the ROPLoader.nds file to any flashcart compatible 3DS flashcard. | |||
Insert the flash card and open the 'game' with the title of ROPLoader. | |||
When loaded, press the A button to initiate the initial ROP payload installation process | |||
If the verification process fails, repeat steps 2-3. Otherwise, press A to return to your 3DS home menu. | |||
Copy the Launcher.dat that you wish to use to your 3DS' SD card and reinsert the SD into your 3DS. | |||
To initiate the exploit navigate to System Settings> Other Settings> Profile> Nintendo DS Profile. | |||
===References=== | |||
* [http://3dbrew.org/wiki/Filesystem_services Nintendo 3DS Filesystem Services] from 3DBrew. | |||
* [http://3dbrew.org/wiki/Memory_layout Nintendo 3DS Memory Layout] from 3DBrew. | |||
* [http://3dbrew.org/wiki/3DS_System_Flaws Nintendo 3DS Exploits] from 3DBrew. | |||
* [https://web.archive.org/web/20140203084258/http://nocash.emubase.de/gbatek.htm#dsserialperipheralinterfacebusspi DS Serial Peripheral Interface Bus] from GBATEK (archived). | |||
* [https://web.archive.org/web/20140122214721/http://smealum.net/?page_id=299 3DS Homebrew and Custom Firmware] by smealum (archived). | |||
==Changelog== | |||
'''v0.0.0.2 2013/12/26''' | |||
* Fixed Verify Bug. | |||
* Fixed an error users would get when installing the ROP Loader. | |||
'''v0.0.0.1 2013/12/25''' | |||
* Initial Release. | |||
* RAM dumping from 0x00100000 with a size of 0x00300000 bytes. | |||
==External links== | |||
* GitHub - https://github.com/naehrwert/p3ds | |||
* Official website - [https://web.archive.org/web/20140122214721/http://www.fiercewaffle.com/softwareArticle.php?id=10 http://www.fiercewaffle.com/softwareArticle.php?id=10] | |||
* GBAtemp - https://gbatemp.net/threads/homebrew-development.360646 | |||
[[Category:3DS homebrew loaders]] | |||
[[Category:Homebrew custom firmwares on 3DS]] | |||
Revision as of 04:31, 14 January 2022
| 3DS Toolkit by Fierce Waffle | |
|---|---|
| General | |
| Author | Fierce Waffle |
| Type | Developments |
| Version | 2014 |
| License | Mixed |
| Last Updated | 2013/12/26 |
| Links | |
| Download | |
| Website | |
 |
This application has been obsoleted by one or more applications that serve the same purpose, but are more stable or maintained. |
The 3DS Toolkit is a utility that can extract memory dump, developed by Fierce Waffle. The project was initially titled ROP Loader, where ROP is an abbreviation for Return-Oriented Programming, and is one of the exploit technologies that utilize the code of programs that are already installed.
Since the 3DS Toolkit uses the same DS Profile exploit as Gateway 3DS, the operating environment is 4.1-4.5.
The DS Profile exploit is/was a well known, but not often performed exploit for the Nintendo 3DS. This exploit involved setting a value too high for the length of a string which caused too much to be read on the stack.
There is a file called SYS: /Launcher.dat that 3DS uses to configure the system, and the first character "S" is removed from the string "SYS: /Launcher.dat" in the memory of 3DS. Furthermore, by mounting the SD card as "YS: /", Launcher.dat functions as ROP.
However, that alone is only a userland exploit (DS Profile exploit), so in order to go beyond that it would require a kernel exploit. The method this 3DS Toolkit used is through changing the permissions of IOpen_File, which allows user to dump RAM and possbility to execute custom codes.
User guide
How to use
Copy the ROPLoader.nds file to any flashcart compatible 3DS flashcard.
Insert the flash card and open the 'game' with the title of ROPLoader.
When loaded, press the A button to initiate the initial ROP payload installation process
If the verification process fails, repeat steps 2-3. Otherwise, press A to return to your 3DS home menu.
Copy the Launcher.dat that you wish to use to your 3DS' SD card and reinsert the SD into your 3DS.
To initiate the exploit navigate to System Settings> Other Settings> Profile> Nintendo DS Profile.
References
- Nintendo 3DS Filesystem Services from 3DBrew.
- Nintendo 3DS Memory Layout from 3DBrew.
- Nintendo 3DS Exploits from 3DBrew.
- DS Serial Peripheral Interface Bus from GBATEK (archived).
- 3DS Homebrew and Custom Firmware by smealum (archived).
Changelog
v0.0.0.2 2013/12/26
- Fixed Verify Bug.
- Fixed an error users would get when installing the ROP Loader.
v0.0.0.1 2013/12/25
- Initial Release.
- RAM dumping from 0x00100000 with a size of 0x00300000 bytes.
External links
- GitHub - https://github.com/naehrwert/p3ds
- Official website - http://www.fiercewaffle.com/softwareArticle.php?id=10
- GBAtemp - https://gbatemp.net/threads/homebrew-development.360646