Deathracelord a member of GBATemp is working on getting kernel access on the new 3DS, here is a quote from his thread:
The project is called KARL3DS(a bad acronym originally meant to stand for Kernel Anti-piracy Region-free Loader….3DS) – and its goal is to have usable kernel access on N3DS for Nand dumping and decrypting, cartridge dumping and decrypting and hopefully(!) the ability to launch a CFW that allows for the bypassing of region lock. A project outline is below.
1. Gathering of team and resources (the intent of this thread)
2a. Gaining kernel access from within Ninjhax1. Memchunkhax to get Arm11 kernel access2. Firmlaunchhax to Arm9 code execution
2b. Gaining Arm11 userland code execution1. Porting Yifan Lu’s LoadCode to N3DS Skater(what I am currently working on) and mapping out the correct values in the global address space(can possibly be avoided by smart coding in the 2nd stage)2. Injecting the ported code to replace Ninjhax’s Thread 0 ROP3. Testing with UVLoader(or some other publicly available code)
3b. Gaining kernel access from within userland1. Converting Gateway’s Arm11 exploit to New3DS(as usual, using Yifan’s writeup and the info on 3dbrew) – fairly simple2. Converting Gateway’s Arm9 exploit to New3DS(it is possible we could use Roxas’ work here, it’d probably be more work though) – quite difficult
4. Utilising our new-found power! (I haven’t thought too much about this to be honest, so just ideas)1. Work out nand interface and dump nand2. Work out cartridge interface and dump cartridge3. Work out decryption and do that (maybe look at VOID?)4. Figure out how to create and boot a region free REDNand5. On the fly game patching6. Modify Sysnand to boot into our kernel code7. Use 3ds as a remote control for our pet flying pig(with gyroscope function!)
Visit The Forum To Discuss The Story: [W.I.P] KARL3DS – Kernel Access On N3DS