3DS: Smealum bypasses ASLR in ninjhax
3DS Firmware 11.0 had introduced a bunch of new “stability” improvements, namely security fixes to prevent you from running your favorite hacks.
One of the new security improvements of firmware 11.0 is the introduction of more ASLR which was preventing ninjhax from running consistently. We’ve outlined this issues and other changes from firmware 11.0 in a former article.
3DS hacker extraordinaire Smealum had already stated when 3DS 11.0 was released that bypassing the ASLR would not be a strong difficulty, and he delivers, fixing ninjhax with a patch that he committed to his github yesterday.
The patch appears to be copying the critical data to a non randomized location, to basically get the expected behavior.
Smealum stated that the same concept should work for oot3dhax, it just needs to be ported.
Source: Smealum
I wonder if Nintendo’s “fixes” will ever reach a point where they do completely block all exploits, but at the cost of system stability by causing things to run slow and take forever to launch anything. Wouldn’t that be ironic.
Well done smealum! And for his next trick, fixing the hblauncher redirect so it can be used on 11.0? Not a big deal for those of us who have their SysNAND on 9.2 or similar and can use rxtools to run it that way, but it would be nice if it worked on EmuNAND as well, with the newest version, all in once place.
It works with a9lh updated sysnand. I just had to rename a file.
I think it’s hit and miss. The URL the payload file redirects to produces a 404 in my case, and for some others (few comments on the github page about it)
Could this method be useful for bypassing ASLR on the Vita?
hmmmmm…., if that hacker who is called smealum worked a little on the Vita we will have a CFW in no time, and the Vita would get more games, or so I dream.
The day the PS Vita gets CFW there will be /less/ games, not more. As soon as piracy is possible on that device, the niche publishers still supporting it in the West will jump ship.
They need any excuse possible to jump from a sinking ship though, right?
What are you talking about? Those who wanted to jump ship did so a long time ago. They didn’t need any additional reasons.
I doubt the Vita will ever get fully natively hacked in the way the 3DS is due to lack of interest. I mean, I love mine, but the homebrew scene isn’t even 1/10th the size of the 3DS one, the main wololo and gbatemp forums have almost no new posts/movements month on month.
Pretty much why i got a 3ds besides the zelda games xP
Same, except replace Zelda with Mario Kart. I can run Super Circuit, DS and 7 versions on the 3DS and emulate the SNES one on the Vita.
So Nintendo should thank 3DS hacking community as it helps sale of big N’s 3DS systems. 🙂