diff --git a/README.md b/README.md index d7ff2fc..47bf7e5 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ # universal-otherapp -Otherapp payload compatible with system versions 1.0 to 11.3 (all regions, all models) that leverages full exploit chains to ultimately execute a payload from the SD card. +Otherapp payload compatible with system versions 1.0 to 11.14 (all regions, all models) that leverages full exploit chains to ultimately execute a payload from the SD card. ## Usage -This depends on the exploit. The recommended exploit for system versions 1.0 to 11.3 is [soundhax](https://github.com/nedwill/soundhax), in which case you just have to put `otherapp.bin` onto the root of your SD card. +This depends on the exploit. The recommended exploit for system versions 1.0 to 11.14 is [soundhax](https://github.com/nedwill/soundhax), in which case you just have to put `otherapp.bin` onto the root of your SD card. ## Technical details @@ -13,9 +13,9 @@ We leverage a kernel exploit to alter L1 translation tables entries that were ne * **Below system version 9.3**: we use memchunkhax1 * **9.3 and above**: we exploit `sm` then leverage this to exploit `spi`. SPI sysmodule has access to `GPUPROT`, subsequently allowing us to GPU DMA over the kernel memory * **Full writeup coming around Christmas** - * This kernel exploit is working even on lastest system version, but we're currently limited by the lack of a public Arm9 exploit for 11.14 * `spi` vulnerability has been documented on 3dbrew for years * `sm` vulnerability is an unreported 0day, however I have fixed the bug in Luma3DS's reimpl back in 2017. I believe this is fine to release it now, as the 3DS is EoL and people can use seedminer on latest system version anyway + * `safehax` or `agbhax` used depending on version ## Testing with Luma3DS diff --git a/kernelhaxcode_3ds b/kernelhaxcode_3ds index 3696472..2461cb1 160000 --- a/kernelhaxcode_3ds +++ b/kernelhaxcode_3ds @@ -1 +1 @@ -Subproject commit 3696472646200e11f5ce3abba0b38f084f2eb579 +Subproject commit 2461cb1b87cbc370e1a7557d5be5f238a4bb166a