Hacking 3DS ****ing bricked, never even use clones.

[Darkseeker109]

LOL no honor among thieves.

 

[justinkb]

Not necessarily. From what I know the ROP chain (DS exploit) is used to load the payload (launcher.dat), which can then contain pretty much anything. Then again I could be mistaken.

due to some execution protections available on ARM platforms, Green Cat is essentially correct.

but using extremely long and complicated ROP chains one could (theoretically) still be able to execute anything you'd want, given enough effort.

 

[McHaggis]

Gateway can only use code already written by Nintendo (that's what ROP programming is), so if they are using a random number generator it has to be one was already there.

What I meant was, Nintendo probably didn't write the random number generator the 3DS is using, although I could have probably made that clearer. I suppose I could be wrong, I don't know much but code reuse makes writing low-level functions a thing of the past and HRNGs are becoming increasingly common too (though I have no idea if the 3DS has one).

 

[justinkb]

Given the huge amount of crypto used in the 3DS, in virtually every part of its execution, I think we can safely assume their RNG is properly implemented.

The quality of crypto is most often directly dependent upon generation of "sufficiently random" numbers for initialization vectors, nonces, etc.

 

[loco365]

Wow man and I was planning on getting a GW card too but after reading this thread fuck that.
Sorry for your loss and I hope you get it sorted out soon bud.

Restoring the NAND won't do any good. They brick the console, then rewrite a part of the system so it thinks that the NAND is 0 bytes, effectively rendering the NAND completely useless.

 

[Tomy Sakazaki]

The random number calculator uses the date as a part of the data to calculate the number, so on some dates the chance may be higher.

and ground:
All pseudo random number generator (all RNG algorythms in computer science are pseudo random so usually we drop the pseudo in the term) use a seed value to start calculating, it can be provided from any source and usually it's a numeric value. Most of PRNG uses date and time values (that actually is a number that counts how much seconds or minutes has passed from a given fixed date on the system) and since it's usually different in successive attempts they are considered the default choice as seeds values.
Actually all PRNG routines are kinda biased, because a proper - theoretical - RNG should have the chance to give the same output to various different seeds.
Some can redo calculations based on the first X answers that one or more algorithm provides.

Probably - I'm speculating on this one since I have near zero knowledge in reverse engineering of assembly code and it's seems that there aren't any easy tools to decompile the gateway code - gateway have choose to use only the date as a seed value, explaining why most of bricks using clones' "launcher.dat" and free region patched ones, and now those from legit users, started occurring at same days with different times.

Also someone speculated that the "launcher.dat" creation date attribute seemed to be used as one of the seeds to calculate if the checksum-and-brick routine should be activated or not, that may explain why most of clones users had bricked their 3DS on a day, and now there are reports from yesterday and today of legit users.

And answering the question "Is 2.0b2 safe for legit users?", actually it's not, given two things:
1 - Every program can have bugs, and the longer the code, higher are the chances that it will have bugs, and even if the code doesn't have any random factor - lets say that the launcher actually doesn't use a PRNG routine - if it's sufficient long, having various re directions, it may have bugs that gateway team - or any other programmer - can overlook because they didn't achieve the conditions to trigger it. It's a actual problem in computer sciences, IT development, and occurs a lot in IT companies.
2 - Any program launched through the exploit that gateway uses are running under unstable conditions, so even with similar or equal starting scenarios it can affect how every routine performs. That's may be one of the reasons that 2.0b1 gateway launcher had various problems while launching itself or the "gateway ambient" to recognize the flashcard.

So having thought of this, I've had downgraded the launchers of my and gf's 3DS back to 2.0b1.

EDIT: Actually gateway team could have programmed a very basic PRNG routine and/or they could have choosen a not-so random seed (like, only the date information on a given file or system response) to give to the PRNG routine embedded on 3DS OS environment.

 

[pwsincd]

Did anyone out right ask gateway if the malicious code exists ? with a response ?

 

[temp1312]

And answering the question "Is 2.0b2 safe for legit users?", actually it's not, given two things:
1 - Every program can have bugs, and the longer the code, higher are the chances that it will have bugs, and even if the code doesn't have any random factor - lets say that the launcher actually doesn't use a PRNG routine - if it's sufficient long, having various re directions, it may have bugs that gateway team - or any other programmer - can overlook because they didn't achieve the conditions to trigger it. It's a actual problem in computer sciences, IT development, and occurs a lot in IT companies.
2 - Any program launched through the exploit that gateway uses are running under unstable conditions, so even with similar or equal starting scenarios it can affect how every routine performs. That's may be one of the reasons that 2.0b1 gateway launcher had various problems while launching itself or the "gateway ambient" to recognize the flashcard.

Thanks, that's what I'm worrying about and have been looking for.
Currently I'm using 1.2, in the 2.0b1 maybe there are some random seeds based on a date in the near future?

 

[Tomy Sakazaki]

Thanks, that's what I'm worrying about and have been looking for.
Currently I'm using 1.2, in the 2.0b1 maybe there are some random seeds based on a date in the near future?

So far I didn't see any alert of the malicious routine existing in 2.0b1. I will try to read through infinite posts at some coders twitter accounts to see what their answers were about this matter.

 

[Axel Killer]

by anychance was your 3ds online?

 

[apollooo]

by anychance was your 3ds online?

nope siree.

last time i turned it on was when i bought phoenix wright to my emunand and set up network ID which was around christmas.

 

[Axel Killer]

nope siree.

last time i turned it on was when i bought phoenix wright to my emunand and set up network ID which was around christmas.

was the emd updated?

 

[MrOldboy]

So far I didn't see any alert of the malicious routine existing in 2.0b1. I will try to read through infinite posts at some coders twitter accounts to see what their answers were about this matter.

I really hope 2.01b1 is safe, I just got a GW card so my plan was to use that.

 

[Axel Killer]

I really hope 2.01b1 is safe, I just got a GW card so my plan was to use that.

thats what im not getting mines is updated and everything and i still didnt get this blue screen

 

[crazyace2011]

anyone know what was done in gateways 1.0? 1.1a? 1.2? like release notes of what was done in each version

 

[wulfei]

There really is some kind of update about this situation everyday.
Yesterday I thought GW user are safe because of the sanity check, apparently not.

Well for now my GW is fine. Pretty much only in sleep mode for streetpassing.
Hope nothing happens and the 2.0 Final wont cause this anymore.

Even if GW is saying they take back the 3ds, where do you send the 3ds to? And how do they check if it was their fault?
I could just use the changed launcher.dat. Brick my 3ds, and then send it to them with the correct launcher.dat afterwards.

This whole situation sucks.
I was so much excited for the 2.0.
Multirom, more stable, Pokemon. With this I would've gotten all I wanted out of my GW. Now it seems like its all gone....

 

[Runehasa]

I know its taboo to ask for this but anyone know where to find 2.0b1 nowadays. I've searched on google and all the links just take me to the gateway site which no longer has the links to it. Please dont post the link but rather if you could email it to me at [email protected] I would appreciate it. Link or rar attached

 

[Arras]

I know its taboo to ask for this but anyone know where to find 2.0b1 nowadays. I've searched on google and all the links just take me to the gateway site which no longer has the links to it. Please dont post the link but rather if you could email it to me at [email protected] I would appreciate it. Link or rar attached

Go to the gateway site and select the link to download 2.0b2. Change the url so that it says 2.0b1 instead. Done.

 

[Tomy Sakazaki]

anyone know what was done in gateways 1.0? 1.1a? 1.2? like release notes of what was done in each version

Trying to get from memory (user since version 1.0 here):
1.1 - Region free patch for use with ROM, firmware version spoofing so the ROM doesn't asks to update the 3DS system menu.
1.2 - Diagnostic test mode while pressing L (or it was R button) when launching gateway mode added.
2.0b1 - Support for games that uses firmware 5.0X or higher added, emunand compatible with 6.XX system menu version.
2.0b2 - emumand supporting system menu 7.XX, some bugfixes regarding save routines, bugfixes regarding the launching routines that prepares the gateway menu, gateway mode, classic mode (correcting the black screen, striped screen cases while launching gateway).
Also it seems that the "bricking code" was added on 2.0b2.

 

[Lustspell]

I know its taboo to ask for this but anyone know where to find 2.0b1 nowadays. I've searched on google and all the links just take me to the gateway site which no longer has the links to it. Please dont post the link but rather if you could email it to me at [email protected] I would appreciate it. Link or rar attached

I sent you PM with the link!!