516
edits
Changes
Jump to navigation
Jump to search
mLine 1:
Line 1: − + Line 9:
Line 9: − <fill this in (manually) later> − <fill this in (manually) later> − + − + − + + + + + + + + + + + + + + + + + + Line 30:
Line 45: − + Line 48:
Line 63: − fs adds a new command 0x088600C0 that takes a title-id and an unknown byte (probably media-type?), and returns a bool.+ − Line 60:
Line 74: − + − + − + + + + + + + + + + + + + +
→ARM11-kernel
The Old3DS+New3DS 11.1.0-34 system update was released on September 13, 2016. This Old3DS update was released for the following regions: USA, EUR, JPN, CHN, KOR, and TWN. This New3DS update was released for the following regions: USA, EUR, JPN, CHN, KOR, and TWN.
The Old3DS+New3DS 11.1.0-34 system update was released on September 13, 2016. This Old3DS update was released for the following regions: USA, EUR, JPN, CHN, KOR, and TWN. This New3DS update was released for the following regions: USA, EUR, JPN, CHN, KOR, and TWN.
Security flaws fixed: <fill this in manually later, see the updatedetails page from the ninupdates-report page(s) once available for now>.
Security flaws fixed: yes.
==Change-log==
==Change-log==
==System Titles==
==System Titles==
The updated titles were Home Menu, Internet Browser, NGWord bad word list CFA, Nintendo Zone hotspot list CFA, NVer, CVer, DSP, friends, NS and NATIVE_FIRM. In JPN and KOR, the error string list CFA was additionally updated.
The updated titles were Home Menu, Internet Browser, NGWord bad word list CFA, Nintendo Zone hotspot list CFA, NVer, CVer, DSP, friends, NS and NATIVE_FIRM. In JPN and KOR, the error string list CFA was additionally updated.
===NATIVE_FIRM===
===NATIVE_FIRM===
====Process9====
====ARM9====
No changes to code at all.
No changes to Old3DS/New3DS code at all(plaintext FIRM ARM9 binary / arm9loader).
Only differences are in the minversion list, which updated the minimum versions for Home Menu, Internet Browser, DSP, friends, NS, and NATIVE_FIRM to latest.
Only differences are in the minversion list, which updated the minimum versions for Home Menu, Internet Browser, DSP, friends, NS, and NATIVE_FIRM to latest.
====ARM11-kernel====
====ARM11-kernel====
Exactly 3 functions were updated, these are for [[Memory_Management]]. In the New3DS kernel:
Exactly 3 functions were updated, these are for [[Memory_Management]]. Validation code for [[Memory_Management|memchunk-headers]] was changed. In the New3DS kernel:
* L_fff1aab0, prev ver @ L_fff1aab0.
* L_fff1aab0, prev ver @ L_fff1aab0.
* L_fff1c730, prev ver @ L_fff1c6f0.
* L_fff1c730, prev ver @ L_fff1c6f0.
* L_fff26410, prev ver @ L_fff26394.
* L_fff26410, prev ver @ L_fff26394.
All three functions now prevent negative chunk sizes to be used, which could have been used with hypotetical kernel-memory-read vulnerabilities to exploit the memory-management code.
The first function ("validateChunk") now makes sure that:
chunk + currentChunkSize >= currentChunk
when checking that the current chunk doesn't overlap with either the previous or next one.
The second function ("Kern::ControlMemory"), aside from other small changes, now makes additional checks on the previously allocated memory chunk; the code for that is now:
if(chunkSizeInPages >= regionSize >> 12 || chunk < regionBase || chunk + chunkSize < chunk || chunk + chunkSize > regionBase + regionSize) panic;
The third function ("insertChunk") now makes the following checks:
if(chunkSizeInPages >= regionSize >> 12 || regionBase + regionSize < chunk + chunkSize) panic;
// ...
if(leftChunk && leftChunk + leftChunkSize <= leftChunk) panic; // this check was already done on 'right'
====FIRM-modules====
====FIRM-modules====
=====loader=====
=====loader=====
It appears only one function changed in loader: L_140022b8 previously @ L_140022b8. Codebin physical memory randomization was enabled for all of the following titles:
It appears only one function changed in loader: L_140022b8 previously @ L_140022b8. Codebin physical memory randomization was enabled for all of the following titles:
* USA/EUR VVVVVV
* USA/EUR "VVVVVV"
* USA/EUR/JPN "Freakyforms Deluxe: Your Creations, Alive!"
* USA/EUR/JPN "Freakyforms Deluxe: Your Creations, Alive!"
* USA/EUR/JPN "Pokémon Super Mystery Dungeon"
* USA/EUR/JPN "Pokémon Super Mystery Dungeon"
* "Pokémon Moon"
* "Pokémon Moon"
A new FSUSER [[FS:CheckUpdatedDat|command]] was added. If the command returns an error, the caller assumes false.
If the command returns an error, the caller assumes false.
All code changes:
All code changes:
The code for [[APT:IsTitleAllowed]] was updated.
The code for [[APT:IsTitleAllowed]] was updated.
It now adds a version check for SmileBASIC, and enforces minimum versions 7 for JAP and 2 for USA.
It now adds a version check for SmileBASIC, and enforces minimum [[Titles|major-versions]] 7 for JAP and 2 for USA.
This means that smilehax is impossible on latest firmware.
This means that smilehax is impossible on latest firmware.
Same function also now checks for the "Animal Crossing: New Leaf" title in EUR+JAP+USA, and checks if version is lower than 3.
Same function also now checks for the "Animal Crossing: New Leaf" title in EUR+JAP+USA, and checks if [[Titles|major-version]] is higher than 3.
If version is lower than 3, it calls the new fs command 0x088600C0 with the title-id of the Animal Crossing game.
If version is <=3, it calls the new fs [[FS:CheckUpdatedDat|command]] with the title-id of the Animal Crossing game.
If the new fs command returns true, it returns that the game is not allowed to be launched, otherwise it will launch it despite being too old.
If the new fs command returns true, it returns that the game is not allowed to be launched, otherwise it will launch it despite being too old.
This functionality appears to be for preventing the user from switching from an newer version of the application to an older version, where the newer version isn't released yet at the time the sysupdate was released. The newer version would (presumably) write to savedata [[FS:CheckUpdatedDat|"/updated.dat"]], which would trigger launch-not-allowed if the user tries to run an older version of the application.
The only other changes are for some initialization-related(?) code, which seem to be minor.
====DSP-sysmodule====
The only actual ''code'' change was that the handler function called by the [[DSP:RegisterInterruptEvents]] function was updated. Validation code was added for the input at the beginning of the function.
====friends-sysmodule====
Like past updates, the only codebin change was for updating the fpdver(6->7).
===Home Menu===
===Home Menu===
The icon vulns were [[3DS_Userland_Flaws|fixed]], hence latest menuhax as of sysupdate release was fixed for this system-version. The only code changes were for updating 2 functions, for fixing these 2 vulns(RomFS wasn't changed).
The icon vulns were [[3DS_Userland_Flaws|fixed]], hence latest menuhax as of sysupdate release was fixed for this system-version. The only code changes were for updating 2 functions, for fixing these 2 vulns(RomFS wasn't changed).
===Internet Browser===
See [[Internet_Browser|here]] for details. The [[Internet_Browser|browser-version-check]] pages for the old browser versions were updated just [https://yls8.mtheall.com/ninupdates/browserupdate/ minutes] after the sysupdate was released, unlike like past updates where it took weeks.
==See Also==
==See Also==