Though it works loading a binary into FCRAM and running it with the ARM9 processor is incredibly slow. I have a feeling the instruction cache wasn't designed to work when loading from FCRAM.

For now just using the internal fopen/fread I'm loading a larger ARM9 payload. 8090000-080FF000 should be a pretty safe region to use for what I'm doing.









SVC 0x7A was stubed starting with 2.0.0-2. Since this is a 4.X exploit we don't easily have dumps for older firmware data. It's possible to get them but there's not too much motivation to look at older code.



Firmware redirection to older firmwares should be possible but the hard part would be getting the old firmware in the first place setup correctly. I'm not sure why you'd want that though .

Click to expand...