10.4.0-29

From 3dbrew
Revision as of 05:54, 20 January 2016 by Yellows8 (talk | contribs) (NATIVE_FIRM)
Jump to: navigation, search

The Old3DS+New3DS 10.4.0-29 system update was released on January 18, 2016. This Old3DS update was released for the following regions: USA, EUR, JPN, CHN, KOR, and TWN. This New3DS update was released for the following regions: USA, EUR, JPN, CHN, and KOR.

Security flaws fixed: <fill this in manually later, see the updatedetails page from the ninupdates-report page(s) once available for now>.

Old3DS/New3DS browserhax and menuhax were not fixed(the Old3DS browser wasn't even updated).

Change-log

Official USA change-log:

  • Further improvements to overall system stability and other minor adjustments have been made to enhance the user experience

System Titles

NATIVE_FIRM

memchunkhax2 was fixed by reading the MemoryBlockHeader next pointer before it is mapped to userland.

The only updated FIRM sysmodules were fs and loader, for fs only a version-field in .code was updated used with a debug NOP-instruction.

loader

The loader process .text was previously 0x331C-bytes, it's now 0x36F0-bytes.

All code changes:

  • Some code using svcGetSystemTick was added, this appears to be debug code that wasn't disabled(the output from this is never used).
  • L_140022b8(L_14002234 in previous loader version): This is the function which calls L_140025f0. Code was added between the code which loads the memregion value from exheader, and the func call for mapping it(L_140025f0). This new code determines what to pass for the L_140025f0 insp4 flag. By default the value passed for that flag is 0.
    • When the process memregion is APPLICATION, the programID is for a CTR title, and the uniqueid matches the eShop system-application(all regions including CHN), the flag is set to 1.
    • When the process memregion is SYSTEM, the flag is set to 1 when the reslimit_category is not LIB_APPLET.
  • L_140025f0(L_140024e4 in previous loader version) now calls another function(L_14002670) instead of svcControlMemory directly, for mapping the codebin memory. The insp4 flag from the L_140025f0 input is passed to L_14002670 as sp0.
  • L_14002670: New function used for mapping the codebin. When the insp0 flag is zero, this does the normal memory-mapping, otherwise a special memory-mapping codepath is used. This codepath still uses the same memregion specified in the exheader.

NS

NS added a new APT command used by Home Menu which now checks whether IronFall is on the latest version before launching; if it is on an exploitable version and the function is called to launch IronFall the system will reboot. This check is done again before launching the title, throwing an error if it fails.

See Also

System update report(s):