Difference between revisions of "10.6.0-31"

From 3dbrew
Jump to navigation Jump to search
Line 20: Line 20:
 
Old and New 3DS Internet Browser were updated. Both browserhax_fright_tx3g (New 3DS) and spider28hax (old 3DS) were fixed.
 
Old and New 3DS Internet Browser were updated. Both browserhax_fright_tx3g (New 3DS) and spider28hax (old 3DS) were fixed.
  
===Socket module===
+
===Socket sysmodule===
 
Minus changes from an older CTRSDK version(CTRSDK version seems to be the latest now), only one actual SOC-specific function(L_11154c) was updated. The previous version did: <write u8 0x0 to ptr and increase ptr by 1>. The current version removed this so that L_11f9f0() is called with ptr, without writing data to ptr+0/changing ptr.
 
Minus changes from an older CTRSDK version(CTRSDK version seems to be the latest now), only one actual SOC-specific function(L_11154c) was updated. The previous version did: <write u8 0x0 to ptr and increase ptr by 1>. The current version removed this so that L_11f9f0() is called with ptr, without writing data to ptr+0/changing ptr.
 +
 +
===IR sysmodule===
 +
Exactly two functions were changed. Originally the two functions for reading I2C-IR registers TXLVL and RXLVL just used i2c_ReadRegister8 then returned the output u8. Now each function reads the register, then returns the output value if it's <=0x40. Otherwise, the register is read again. If the output value is <=0x40, the output value is returned, otherwise 0x0 is returned.
 +
 +
With the original IR hardware the value returned by these registers are always 0x0..0x40 according to the datasheet.
 +
 +
In theory with modified/custom IR hardware it might(?) be possible to trigger a stack-smash with this, enough to overwrite the saved-LR. In theory it might be possible to start full ROP from this(what to do after getting ROP in this context is another matter however).
  
 
===JPN-only titles===
 
===JPN-only titles===

Revision as of 01:14, 24 February 2016

The Old3DS+New3DS 10.6.0-31 system update was released on February 22, 2016. This Old3DS update was released for the following regions: USA, EUR, JPN, CHN, KOR, and TWN. This New3DS update was released for the following regions: USA, EUR, JPN, CHN, and KOR.

Security flaws fixed: yes, see below.

Titles which uses friend-services(online multiplayer included) are not affected by this, since the friend-sysmodule wasn't updated. As long as the installed friend-module is for 10.5.0-30 no sysupdate-required message will be displayed with using friend-service functionality.

Change-log

Official USA change-log:

  • Further improvements to overall system stability and other minor adjustments have been made to enhance the user experience

System Titles

<fill this in (manually) later>

Home Menu

Only one function was updated, the function which loads theme body-data with theme-shuffling enabled. This now does: if(loadedsize > input_max_size)fail. Hence, the latest exploit used by menuhax at the time of this sysupdate release is now fixed.

RomFS was not changed at all.

Internet Browser

Old and New 3DS Internet Browser were updated. Both browserhax_fright_tx3g (New 3DS) and spider28hax (old 3DS) were fixed.

Socket sysmodule

Minus changes from an older CTRSDK version(CTRSDK version seems to be the latest now), only one actual SOC-specific function(L_11154c) was updated. The previous version did: <write u8 0x0 to ptr and increase ptr by 1>. The current version removed this so that L_11f9f0() is called with ptr, without writing data to ptr+0/changing ptr.

IR sysmodule

Exactly two functions were changed. Originally the two functions for reading I2C-IR registers TXLVL and RXLVL just used i2c_ReadRegister8 then returned the output u8. Now each function reads the register, then returns the output value if it's <=0x40. Otherwise, the register is read again. If the output value is <=0x40, the output value is returned, otherwise 0x0 is returned.

With the original IR hardware the value returned by these registers are always 0x0..0x40 according to the datasheet.

In theory with modified/custom IR hardware it might(?) be possible to trigger a stack-smash with this, enough to overwrite the saved-LR. In theory it might be possible to start full ROP from this(what to do after getting ROP in this context is another matter however).

JPN-only titles

Multiple titles for JPN-only were updated. For System Settings and "Nintendo 3DS Camera", only the manual content was updated(the main contentid in the TMD wasn't changed at all). Other titles were updated for JPN-only too, presumably with the same manual-only change.

See Also

System update report(s):