10.4.0-29: Difference between revisions

(4 intermediate revisions by 2 users not shown)

Line 1:

The Old3DS+New3DS 10.4.0-29 system update was released on January 18, 2016. This Old3DS update was released for the following regions: USA, EUR, JPN, CHN, KOR, and TWN. This New3DS update was released for the following regions: USA, EUR, JPN, CHN, and KOR.

Security flaws fixed: ~~<fill this in manually later~~, see ~~the updatedetails page from the ninupdates-report page(s) once available for now>~~.

Security flaws fixed: yes, see below.

Old3DS/New3DS browserhax and menuhax were not fixed(the Old3DS browser wasn't even updated).

Line 12:

===NATIVE_FIRM===

[[3DS_System_Flaws#Kernel11|memchunkhax2]] was fixed by reading the [[MemoryBlockHeader]] next pointer before it is mapped to userland. Only ''one'' function was changed in arm11kernel.

[[3DS_System_Flaws#Kernel11|memchunkhax2]] was partially fixed by reading the [[MemoryBlockHeader]] next pointer before it is mapped to userland, but it can still be exploited using GPU. Only ''one'' function was changed in arm11kernel.

The only updated FIRM sysmodules were fs and loader, for fs only a version-field in .code was updated used with a debug NOP-instruction.

Line 37:

This is an attempt at randomizing the layout of physmem .text, due to gspwn.

====ARM9====

There were no New3DS-only changes in Process9, the arm9loader wasn't changed either.

There were exactly 4 updated functions in Process9, all of these involve NTRCARD:

* The first two functions had code added which clears a certain state field to 0 around the beginning of the function.

* The third function now passes value 0x1000 as inr2 when calling the fourth function.

* The fourth and last function, this is the function used for reading the card header. A buffer-overflow check was added in the NTRCARD reading loop: "if(out_bufpos >= inr2)<skip over copying the word to output>".

===NS===

Line 61:

Line 69:

The code changes for Home Menu appear to be just title/AM related / GUI.

Code was implemented for using [[APT:IsTitleAllowed]] mentioned above, ~~when~~ that returns 0 ~~when you try launching an application~~ Home Menu will display a message using the following text from new message-strings:

Code was implemented for using [[APT:IsTitleAllowed]] mentioned above. This is only done after VersionList handling(for example when one tries to launch the app without updating), prior to doing the actual application launch. When that returns 0, Home Menu will display a message using the following text from new message-strings:

You need to update this

software before you can

Line 107:

Line 115:

* [http://yls8.mtheall.com/ninupdates/reports.php?date=01-18-16_07-00-49&sys=ctr]

* [http://yls8.mtheall.com/ninupdates/reports.php?date=01-18-16_07-00-58&sys=ktr]

[[Category:Firmware Versions]]

@@ Line 1: / Line 1: @@
 The Old3DS+New3DS 10.4.0-29 system update was released on January 18, 2016. This Old3DS update was released for the following regions: USA, EUR, JPN, CHN, KOR, and TWN. This New3DS update was released for the following regions: USA, EUR, JPN, CHN, and KOR.
-Security flaws fixed: <fill this in manually later, see the updatedetails page from the ninupdates-report page(s) once available for now>.
+Security flaws fixed: yes, see below.
 Old3DS/New3DS browserhax and menuhax were not fixed(the Old3DS browser wasn't even updated).
@@ Line 12: / Line 12: @@
 ===NATIVE_FIRM===
-[[3DS_System_Flaws#Kernel11|memchunkhax2]] was fixed by reading the [[MemoryBlockHeader]] next pointer before it is mapped to userland. Only ''one'' function was changed in arm11kernel.
+[[3DS_System_Flaws#Kernel11|memchunkhax2]] was partially fixed by reading the [[MemoryBlockHeader]] next pointer before it is mapped to userland, but it can still be exploited using GPU. Only ''one'' function was changed in arm11kernel.
 The only updated FIRM sysmodules were fs and loader, for fs only a version-field in .code was updated used with a debug NOP-instruction.
@@ Line 37: / Line 37: @@
 This is an attempt at randomizing the layout of physmem .text, due to gspwn.
+====ARM9====
+There were no New3DS-only changes in Process9, the arm9loader wasn't changed either.
+There were exactly 4 updated functions in Process9, all of these involve NTRCARD:
+* The first two functions had code added which clears a certain state field to 0 around the beginning of the function.
+* The third function now passes value 0x1000 as inr2 when calling the fourth function.
+* The fourth and last function, this is the function used for reading the card header. A buffer-overflow check was added in the NTRCARD reading loop: "if(out_bufpos >= inr2)<skip over copying the word to output>".
 ===NS===
@@ Line 61: / Line 69: @@
 The code changes for Home Menu appear to be just title/AM related / GUI.
-Code was implemented for using [[APT:IsTitleAllowed]] mentioned above, when that returns 0 when you try launching an application Home Menu will display a message using the following text from new message-strings:
+Code was implemented for using [[APT:IsTitleAllowed]] mentioned above. This is only done after VersionList handling(for example when one tries to launch the app without updating), prior to doing the actual application launch. When that returns 0, Home Menu will display a message using the following text from new message-strings:
   You need to update this
   software before you can
@@ Line 107: / Line 115: @@
 * [http://yls8.mtheall.com/ninupdates/reports.php?date=01-18-16_07-00-49&sys=ctr]
 * [http://yls8.mtheall.com/ninupdates/reports.php?date=01-18-16_07-00-58&sys=ktr]
+[[Category:Firmware Versions]]