Difference between revisions of "Ninjhax"

From 3dbrew
Jump to navigation Jump to search
 
(15 intermediate revisions by 11 users not shown)
Line 1: Line 1:
ninjhax is the an exploit by smea for the game Cubic Ninja. It was released on November 20th, 2014. It can be used on all 3DS firmware versions from 4.0 up to and including 9.2.0-20. It was partially patched in [[9.3.0-21|9.3.0-X]] (only system flaws used by ninjhax were fixed, the game haxx itself was not affected).
+
ninjhax is an exploit by smea for the game Cubic Ninja. It was released on November 20th, 2014. It can be used on all 3DS firmware versions from 4.0 up to and including 9.2.0-20. It was partially patched in [[9.3.0-21|9.3.0-X]] (only system flaws used by ninjhax were fixed, the game haxx itself was not affected).
  
When triggered, it will boot a [[3DSX_Format | 3dsx-file]] from the sdcard root called "boot.3dsx". This file is usually the [[Homebrew Launcher]], which in turn can be used to launch other games/apps from the (micro)SD card.
+
ninjhax 2 was released on 18 July 2015, and works on any system version from 9.0.0-X up to 11.3.0-X.
 +
 
 +
When triggered, it will boot a [[3DSX_Format | 3dsx-file]] from the sdcard root called "boot.3dsx". This file is usually the [[Homebrew Launcher]], which in turn can be used to launch other games/apps from the (micro)SD card. The launched application will run with user privileges on the ARM11 CPU. On system versions up to 9.2.0-20, one of the publicly known [[3DS System Flaws]] can be chained to gain ARM11 kernel privileges or to take control over the ARM9 CPU. More recent system versions are limited to ARM11 userland homebrew until new exploits are disclosed.
  
 
==Installation==
 
==Installation==
  
Visit [http://smealum.net/ninjhax/ here] for instructions on how to install Ninjhax!
+
Visit (dead link!) for instructions on how to install Ninjhax, and [http://smealum.github.io/ninjhax2/ here] for instructions on how to install Ninjhax 2!
  
 
==Service access==
 
==Service access==
Line 52: Line 54:
  
 
The normal service used for accessing [[Circle Pad Pro]] is not accessible: [[IR_Services|ir:USER]].
 
The normal service used for accessing [[Circle Pad Pro]] is not accessible: [[IR_Services|ir:USER]].
 +
 +
==System Call Access==
 +
 +
The following [[SVC|system calls]] are usable by homebrew running using ninjhax:
 +
 +
Allowed systemcalls:    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
 +
                        0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10
 +
                        0x11, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19
 +
                        0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21
 +
                        0x22, 0x23, 0x24, 0x25, 0x27, 0x28, 0x29, 0x2A
 +
                        0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32
 +
                        0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C
 +
                        0x3D
  
 
==Limitations==
 
==Limitations==
Line 57: Line 72:
 
At the moment, ninjhax only allows users to access 64MB of RAM, including on the New 3DS. This may change in the future.
 
At the moment, ninjhax only allows users to access 64MB of RAM, including on the New 3DS. This may change in the future.
  
As there is currently no good way to use the DSP from homebrew, sound output is not yet possible on the New 3DS. At the moment, there is also no known way of running code on the New 3DS's extra CPU cores under ninjhax, though it is possible to use 80% of the system core's time using [[APT:SetApplicationCpuTimeLimit]] rather than 30% as was the case on the Old 3DS.
+
While sound works on the New 3DS for homebrew running via ninjhax 2.0, at the time of the exploit's original release, there was no good way to use the DSP from homebrew, so sound output is not possible on the New 3DS using the old version. At the moment, there is also no known way of running code on the New 3DS's extra CPU cores under ninjhax (without installing boot9strap), though it is possible to use 80% of the system core's time using [[APT:SetApplicationCpuTimeLimit]] rather than 30% as was the case on the Old 3DS.
  
 
==Capabilities==
 
==Capabilities==
* All SD and NAND [[extdata]] is accessible(R/W).
+
* All SD and NAND [[extdata]] is accessible via the main extdata [[FS:OpenArchive|archive]](R/W). Note that the [[FS:OpenArchive|ExtSaveData-for-BOSS]] archive is not accessible.

Latest revision as of 00:10, 11 December 2023

ninjhax is an exploit by smea for the game Cubic Ninja. It was released on November 20th, 2014. It can be used on all 3DS firmware versions from 4.0 up to and including 9.2.0-20. It was partially patched in 9.3.0-X (only system flaws used by ninjhax were fixed, the game haxx itself was not affected).

ninjhax 2 was released on 18 July 2015, and works on any system version from 9.0.0-X up to 11.3.0-X.

When triggered, it will boot a 3dsx-file from the sdcard root called "boot.3dsx". This file is usually the Homebrew Launcher, which in turn can be used to launch other games/apps from the (micro)SD card. The launched application will run with user privileges on the ARM11 CPU. On system versions up to 9.2.0-20, one of the publicly known 3DS System Flaws can be chained to gain ARM11 kernel privileges or to take control over the ARM9 CPU. More recent system versions are limited to ARM11 userland homebrew until new exploits are disclosed.

Installation[edit]

Visit (dead link!) for instructions on how to install Ninjhax, and here for instructions on how to install Ninjhax 2!

Service access[edit]

ninjhax gives developers access to a number of services. These include :

  • ac:u
  • APT:U
  • boss:U
  • cam:u
  • cecd:u
  • cfg:u
  • dlp:FKCL
  • dlp:SRVR
  • dsp::DSP
  • frd:u
  • fs:USER
  • gsp::Gpu
  • hid:USER
  • http:C
  • ir:u
  • mic:u
  • ndm:u
  • news:u
  • nwm::UDS
  • ptm:u
  • pxi:dev
  • soc:U
  • ssl:C
  • y2r:u

Additionally, Old 3DS models (3DS, 3DS XL and 2DS) are given access to the following :

  • csnd:SND

In contrast, New 3DS models (New 3DS, New 3DS XL) get access to :

  • am:app
  • ir:rst
  • l2b2:u
  • l2b:u
  • mvd:STD
  • nim:aoc
  • y2r2:u


The normal service used for accessing Circle Pad Pro is not accessible: ir:USER.

System Call Access[edit]

The following system calls are usable by homebrew running using ninjhax:

Allowed systemcalls:    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
                        0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10
                        0x11, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19
                        0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21
                        0x22, 0x23, 0x24, 0x25, 0x27, 0x28, 0x29, 0x2A
                        0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32
                        0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C
                        0x3D

Limitations[edit]

At the moment, ninjhax only allows users to access 64MB of RAM, including on the New 3DS. This may change in the future.

While sound works on the New 3DS for homebrew running via ninjhax 2.0, at the time of the exploit's original release, there was no good way to use the DSP from homebrew, so sound output is not possible on the New 3DS using the old version. At the moment, there is also no known way of running code on the New 3DS's extra CPU cores under ninjhax (without installing boot9strap), though it is possible to use 80% of the system core's time using APT:SetApplicationCpuTimeLimit rather than 30% as was the case on the Old 3DS.

Capabilities[edit]