Difference between revisions of "11.4.0-37"

From 3dbrew
Jump to navigation Jump to search
Line 43: Line 43:
  
 
A new string was added at 0x13E200: "used"(with 3 0xFF bytes afterwards), this is used by the new heap code. The wifi-fw was moved from .data to .rodata.
 
A new string was added at 0x13E200: "used"(with 3 0xFF bytes afterwards), this is used by the new heap code. The wifi-fw was moved from .data to .rodata.
 +
 +
===[[HTTP_Services|HTTP-sysmodule]]===
 +
There were exactly 3 changes in the HTTP-sysmodule codebin.
 +
 +
Two functions, the memalloc and memfree functions used with HTTP sharedmem, were updated to use the new function. The new function is for heap memchunkhdr validation. This additional code is the same new heap code as NWM-sysmodule. This fixed the vuln used by ctr-httpwn at the time of sysupdate release.
  
 
===[[Internet Browser]]===
 
===[[Internet Browser]]===

Revision as of 17:38, 11 April 2017

The Old3DS+New3DS 11.4.0-37 system update was released on April 10, 2017. This Old3DS update was released for the following regions: USA, EUR, JPN, CHN, KOR, and TWN. This New3DS update was released for the following regions: USA, EUR, JPN, CHN, KOR, and TWN.

Security flaws fixed: yes.

Change-log

Official USA change-log:

  • Further improvements to overall system stability and other minor adjustments have been made to enhance the user experience

System Titles

NATIVE_FIRM

Process9

The global boolean preventing SAFE_FIRM from being launched is now set in Process9's crt0 if CFG9_BOOTENV has bit0 set, that is to say, if it has been launched from a firmlaunch (this register is set to 1 just before a firmlaunch). The following code has also been added in the firmlaunch function itself: if(!(CFG9_BOOTENV & 1) /* not a firmlaunch */ || (CFG9_BOOTENV & 6) /* firmlaunched from LGY_FIRM (if even possible at all) */) goto panic.

This is to fix safehax.

New3DS kernel9loader

New3DS kernel9loader wasn't updated.

ARM11 kernel

There are at least, and likely, three changes:

  • CFG11_WIFIUNK is now set to 0x10 in Kernel11's crt0
  • A new SVC, svc 0x5A has been introduced, to enable or disable wifi
  • The code handling svcArbitrateAddress with type = SIGNAL, has been changed. It now counts the actual number of threads arbitrating on that address, and if it is non-zero, it executes the following hack: if(coreId == 0 && currentThread->dynamicPriority >= 50) waitCycles(0x64E). This supposedly works around the lag issue in some games, which has been introduced on 11.3.0-36

Modules

No FIRM ARM11 sysmodule was changed.

NWM-sysmodule

The CONFIG11_Registers are no longer directly mapped under userland for NWM-sysmodule. This prevents anything under NWM-module from modifying the GPUPROT register. This was used by both *hax payload(prior to v11.4 release) and udsploit.

The codebin was updated.

The crt0-poke in PDN that NWM previously did:

 0x1EC4010C |= 0x10

.. has been removed from NWM. This one has been moved into kernel bootup.

All accesses to 0x1EC40180 have been replaced by a new syscall, 0x5A.

This now includes code from old CTRSDK update(s). A new func was added for calling a func, previously that func was directly called via vtable funcptr. The only other changes was new heap code(and the code for using it basically), for fixing the NWMUDS sharedmem vuln. This includes code which actually validates heap memchunkhdrs, with svcBreak being executed on failure.

A new string was added at 0x13E200: "used"(with 3 0xFF bytes afterwards), this is used by the new heap code. The wifi-fw was moved from .data to .rodata.

HTTP-sysmodule

There were exactly 3 changes in the HTTP-sysmodule codebin.

Two functions, the memalloc and memfree functions used with HTTP sharedmem, were updated to use the new function. The new function is for heap memchunkhdr validation. This additional code is the same new heap code as NWM-sysmodule. This fixed the vuln used by ctr-httpwn at the time of sysupdate release.

Internet Browser

The web-browser was updated, only for New3DS. See here for details.

See Also

System update report(s):