Hacking Nintendo 3DS Hack Compilation

  • Thread starter Deleted User
  • Start date
  • Views 661,702
  • Replies 1,247
  • Likes 38

What do you think about this "hack"?


  • Total voters
    556

Isle41

Well-Known Member
Member
Joined
Nov 24, 2011
Messages
207
Trophies
0
XP
305
Country
Gambia, The
Then how would signing save data let us run Homebrew and stuff?

Look up the Twilight Hack, an exploit for the wii.

Sometimes you can modify the save data and when the game loads it, it does stuff it's not supposed to. The Twilight Hack had Epona's name (iirc) so long that the game crashed and allowed homebrew to be ran.

In the 3DS case, you can't just replace a save file, you need to sign it before the 3DS will load it.
 

Shubshub

The Shubinator
Member
Joined
Oct 16, 2009
Messages
1,064
Trophies
1
Age
28
Location
The dark part of your house
XP
2,552
Country
New Zealand
Look up the Twilight Hack, an exploit for the wii.

Sometimes you can modify the save data and when the game loads it, it does stuff it's not supposed to. The Twilight Hack had Epona's name (iirc) so long that the game crashed and allowed homebrew to be ran.
So basically we edit a save file to Change say the Players name to go beyond the allowed character's thus causing the game to crash?
 

Isle41

Well-Known Member
Member
Joined
Nov 24, 2011
Messages
207
Trophies
0
XP
305
Country
Gambia, The
So basically we edit a save file to Change say the Players name to go beyond the allowed character's thus causing the game to crash?

Something along those lines. I don't know what they're doing to this save game, but I imagine it's something like that.
 

Shubshub

The Shubinator
Member
Joined
Oct 16, 2009
Messages
1,064
Trophies
1
Age
28
Location
The dark part of your house
XP
2,552
Country
New Zealand
Something along those lines. I don't know what they're doing to this save game, but I imagine it's something like that.
So its going to be pretty easy to exploit the 3ds

Im guessing what your saying is once you exploit the savegame
All your Unsigned homebrew and roms and stuff will appear on the home menu allowing you to run them?
 

Naridar

Excelsior!
Member
Joined
Oct 26, 2008
Messages
346
Trophies
1
Age
31
XP
1,022
Country
Hungary
That's the very basic concept of it. More specifically, any variable (but strings generally works the best) is longer than what the system expects and it has no specific command for this event, and thus the memory block that holds it "overflows", rolling over to the next block of RAM. In the Twilight hack's case, a RAM block contained the code to be ran. By making that the continous overflowing (since the TP game had no command for "if the string doesn't end with 8 characters, stop reading and report a corrupt save error) caused a memory block pointer to get into the running code, pointing to the internal SD slot. It's a programming oversight not to think of overly long strings, so I guess Nintendo pays big attention to this one from now on.

I hope it's understandable, I'm not too much of a tech junkie. I also hope it's at least rudimentarily correct :)
 

Isle41

Well-Known Member
Member
Joined
Nov 24, 2011
Messages
207
Trophies
0
XP
305
Country
Gambia, The
Naridar has it right.

So its going to be pretty easy to exploit the 3ds

Im guessing what your saying is once you exploit the savegame
All your Unsigned homebrew and roms and stuff will appear on the home menu allowing you to run them?

Well, no. Not at all.
Unless of course you sign all the stuff and make it into a channel format for the home menu, or modify the home menu a ton, you're probably going to have to boot into a loader (think homebrew channel).
 

wiiluver135

Well-Known Member
Member
Joined
Oct 7, 2008
Messages
328
Trophies
1
Age
33
XP
391
Country
United States
Look up the Twilight Hack, an exploit for the wii.

Sometimes you can modify the save data and when the game loads it, it does stuff it's not supposed to. The Twilight Hack had Epona's name (iirc) so long that the game crashed and allowed homebrew to be ran.

In the 3DS case, you can't just replace a save file, you need to sign it before the 3DS will load it.
wouldn't it be ironic if the game they are using to hack the 3DS is OoT 3D :P
I'd be all like "DAMN NINTY Y U NO FIX UR ZELDAS!?!?!?"
lol only time will tell
 

Thorhian

My CPU's prefer Water
Member
Joined
May 23, 2012
Messages
355
Trophies
0
Location
Shazezar
XP
142
Country
United States
How long do you expect for the 3DS to be officially hacked?
It has been officially hacked. When will people see any fruition? Well, maybe months, maybe not until towards the end of the year, nothing has been said, but seeing as the exploit was just found, it is a bit naive to ask for a release date right now.
 

Tokiopop

Caffeine fiend
Member
Joined
Apr 14, 2009
Messages
1,833
Trophies
0
Age
29
Location
UK
XP
446
Country
That's the very basic concept of it. More specifically, any variable (but strings generally works the best) is longer than what the system expects and it has no specific command for this event, and thus the memory block that holds it "overflows", rolling over to the next block of RAM. In the Twilight hack's case, a RAM block contained the code to be ran. By making that the continous overflowing (since the TP game had no command for "if the string doesn't end with 8 characters, stop reading and report a corrupt save error) caused a memory block pointer to get into the running code, pointing to the internal SD slot. It's a programming oversight not to think of overly long strings, so I guess Nintendo pays big attention to this one from now on.

I hope it's understandable, I'm not too much of a tech junkie. I also hope it's at least rudimentarily correct :)
Yeah, that's pretty much it.

The Twilight hack was a smash stack (otherwise known as a stack buffer overflow), and yellows8 has confirmed that the 3DS exploit is also a smash stack. You're correct about the string being too long; there's no contingency in the code for a long string. So when Epona's name is longer than the allocated buffer, it overflows and it fills adjacent buffers too. Epona's name wasn't just a long string though, it was executable code.

I've always been interested in this stuff, and I found this book quite good (it has some simple demonstrations of smash stacks in the programming section). If you're interested you should give it a read!

Edit: This means, of course, you're going to need a specific game for the hack and a way of moving a save file onto it.
 
  • Like
Reactions: spett

Isle41

Well-Known Member
Member
Joined
Nov 24, 2011
Messages
207
Trophies
0
XP
305
Country
Gambia, The
I highly doubt this game was made by Nintendo though. I can't imagine them making the same mistake twice.

Lego Star Wars 3? Sure, lego never learned XD
 

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
38
Location
Dr. Wahwee's castle
XP
18,967
Country
United States
wouldn't it be ironic if the game they are using to hack the 3DS is OoT 3D :P
I'd be all like "DAMN NINTY Y U NO FIX UR ZELDAS!?!?!?"
lol only time will tell
Like this?
32980927.jpg
 

Sohakes

Member
Newcomer
Joined
May 31, 2009
Messages
14
Trophies
0
XP
135
Country
Brazil
Yeah, that's pretty much it.

The Twilight hack was a smash stack (otherwise known as a stack buffer overflow), and yellows8 has confirmed that the 3DS exploit is also a smash stack. You're correct about the string being too long; there's no contingency in the code for a long string. So when Epona's name is longer than the allocated buffer, it overflows and it fills adjacent buffers too. Epona's name wasn't just a long string though, it was executable code.

I've always been interested in this stuff, and I found this book quite good (it has some simple demonstrations of smash stacks in the programming section). If you're interested you should give it a read!

Edit: This means, of course, you're going to need a specific game for the hack and a way of moving a save file onto it.

Yeah. Reading what yellows8 said on the IRC, the only different thing is that in the case of the 3DS exploit, it's not executable code. There is a protection on the arm processor that makes the save not executable, so it's impossible to use buffer overflow to put code there. The thing is that it's still possible to control the flow of the code if you can change the stack (where the data is stored), you just need to change the return address of the function to where you want. If you do it many times, you can program anything (probably turing complete depending of the 3ds system library) just changing the return values. That's why yellows8 said it's a ROP exploit, ROP stands for return oriented programming. Anyway, I guess it's not practical to use that to do complex thing, so I think there is still another exploit he explored using ROP, that kernel one someone talked about.

That's what I understood anyway, yellows8 is really friendly and tried to explain on IRC, but maybe I misunderstood. It's a really interesting concept anyway.
 

alirezay

Well-Known Member
Member
Joined
Oct 14, 2012
Messages
224
Trophies
1
XP
316
Country
United States
Hey guys nintendo will test all the games and soon they will erase the exploit so its better for neimomd to release the exploit
And ofcourse nintendo would not only wait for neimond to release the exploit...
 

Cazoup

New Member
Newbie
Joined
Jan 3, 2013
Messages
2
Trophies
0
Age
32
XP
43
Country
Canada
Hey guys nintendo will test all the games and soon they will erase the exploit so its better for neimomd to release the exploit
And ofcourse nintendo would not only wait for neimond to release the exploit...
I'm not sure if I understood you correctly but from my knowledge ( which isn't much trust me) I think if you don't update your 3ds you should be fine since its card based and only really way to stop it is to update firmware. Yes no did I get it right? Kinda just going out on a limb. Just in case I just leave wifi totally turned off
 

Technicmaster0

Well-Known Member
Member
Joined
Oct 22, 2011
Messages
4,404
Trophies
2
Website
www.flashkarten.tk
XP
3,477
Country
Gambia, The
Hey guys nintendo will test all the games and soon they will erase the exploit so its better for neimomd to release the exploit
And ofcourse nintendo would not only wait for neimond to release the exploit...
It's not as easy as "testing all games". They don't know which game they're using and they don't know which part of the savegame they edit.
 

alirezay

Well-Known Member
Member
Joined
Oct 14, 2012
Messages
224
Trophies
1
XP
316
Country
United States
It's not as easy as "testing all games". They don't know which game they're using and they don't know which part of the savegame they edit.
Its very easy for nintendo cause nintendo isnt a person ... Even 20 people from nintendo can find the exploit under 3 mouth.and i dont get the point of keeping it secret cause if we dont update even if nintendo releases a update for fixing this neimond can still do it in corrent version!!!!!and he still have time to search for that great exploit(!!!)...
 

alirezay

Well-Known Member
Member
Joined
Oct 14, 2012
Messages
224
Trophies
1
XP
316
Country
United States
I'm not sure if I understood you correctly but from my knowledge ( which isn't much trust me) I think if you don't update your 3ds you should be fine since its card based and only really way to stop it is to update firmware. Yes no did I get it right? Kinda just going out on a limb. Just in case I just leave wifi totally turned off
No....you can turn ur wifi on cause you have to accept update and 3ds has not an automatic update...
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    Veho @ Veho: