Hacking [Release] 3DSafe: In-NAND PIN lock for 3DS

The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 40
Joined
Sep 13, 2009
Messages
27,946
Trophies
4
Location
Making a non-binary fuss
XP
39,324
Country
Antarctica
Quantumcat said:
Even if the PIN settings are stored on CTR-NAND, the boot.firm on SD card overrides the one in CTR-NAND so all they have to do is put a boot.firm on the SD card right? But it is better this way since there's no way to completely destroy the console like you can with 3DSafe.
Click to expand...
Actually one could just place ReiNAND's boot.firm into the root of the SD card and boot right on past the Luma3DS.
Wow, that security flaw went right over my head.
 
S

SoslanVanWieren

Banned!
Banned
Level 6
Joined
Feb 6, 2017
Messages
1,809
Trophies
0
XP
857
Country
Australia
Quantumcat said:
Even if the PIN settings are stored on CTR-NAND, the boot.firm on SD card overrides the one in CTR-NAND so all they have to do is put a boot.firm on the SD card right? But it is better this way since there's no way to completely destroy the console like you can with 3DSafe.
Click to expand...
you can make the pin file and config file on sd card read only and have a pin on the ctr nand one to
 
The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 40
Joined
Sep 13, 2009
Messages
27,946
Trophies
4
Location
Making a non-binary fuss
XP
39,324
Country
Antarctica
SoslanVanWieren said:
you can make the pin file and config file on sd card read only and have a pin on the ctr nand one to
Click to expand...
Except when if you place another CFW like ReiNAND on the root of the SD card. B9S considers that priority and boots that instead. So literally using another CFW that ignores the Luma3DS files will completely bypass the Luma3DS security.
 
Last edited by The Catboy,
  • Like
Reactions: Quantumcat
S

SoslanVanWieren

Banned!
Banned
Level 6
Joined
Feb 6, 2017
Messages
1,809
Trophies
0
XP
857
Country
Australia
gamesquest1 said:
Luma security is more like one of this little plastic locks on kids diaries, and tbh if/when ntrboothax is released all possible protections are made pretty much useless, even 3dsafe wouldn't stand up against ntrboothax
Click to expand...
yeah but if the person does not know what cfw is they will have no idea how to bypass it
 
The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 40
Joined
Sep 13, 2009
Messages
27,946
Trophies
4
Location
Making a non-binary fuss
XP
39,324
Country
Antarctica
SoslanVanWieren said:
yeah but if the person does not know what cfw is they will have no idea how to bypass it
Click to expand...
It's a decent enough measure to stall someone, but I just publicly revealed the security flaw. Which now means that it only requires a quick google search to reveal this flaw. Trust me, I just looked up, "3ds lock screen" and found a link on reddit, which lead me to this thread. Hell just bringing me to this site is enough for anyone to make a thread asking for help and finding out about this security flaw.
This is a very serious flaw that actually can't be fixed through Luma3DS. The only way to completely remove this flaw is to make B9S boot from CTRNAND as priority, which is not a good idea.
 
Last edited by The Catboy,
S

SoslanVanWieren

Banned!
Banned
Level 6
Joined
Feb 6, 2017
Messages
1,809
Trophies
0
XP
857
Country
Australia
yeah but im using it to stop a kid getting into my 3ds not an adult younger kids are more likey to mess with your 3ds and if its some one whos not going to bother to try to try to bypass it will work
 
Last edited by SoslanVanWieren,
The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 40
Joined
Sep 13, 2009
Messages
27,946
Trophies
4
Location
Making a non-binary fuss
XP
39,324
Country
Antarctica
SoslanVanWieren said:
yeah but im using it to stop a kid getting into my 3ds not an adult younger kids are more likey to mess with your 3ds and if its some one whos not going to bother to try to try to bypass it will work
Click to expand...
That's something different and honestly something like Luma3DS's lock screen will easily lock out kids. Although I would like to add to my previous post. This isn't completely directed at you, but directed at the concern of "Why is it a bad idea to set CTRNAND to priority?"
The reason it would be a bade idea is because it actually opens the user to outside attack. If the user has Luma3DS on their CTRNAND and doesn't have the lock screen setup, then it leaves their system open for someone else to setup that lock screen on them. Since B9S boots from SD over CTRNAND, it's easy enough to fix this by booting the system off a boot.firm stored on the SD card. If the system booted CTRNAND as priority, then the user is basically fucked until NTRBootHAX is released or the attacker releases the system.
So basically this security flaw is something that can be fixed, but then it opens the system to external security flaws.
 
S

SoslanVanWieren

Banned!
Banned
Level 6
Joined
Feb 6, 2017
Messages
1,809
Trophies
0
XP
857
Country
Australia
Lilith Valentine said:
That's something different and honestly something like Luma3DS's lock screen will easily lock out kids. Although I would like to add to my previous post. This isn't completely directed at you, but directed at the concern of "Why is it a bad idea to set CTRNAND to priority?"
The reason it would be a bade idea is because it actually opens the user to outside attack. If the user has Luma3DS on their CTRNAND and doesn't have the lock screen setup, then it leaves their system open for someone else to setup that lock screen on them. Since B9S boots from SD over CTRNAND, it's easy enough to fix this by booting the system off a boot.firm stored on the SD card. If the system booted CTRNAND as priority, then the user is basically fucked until NTRBootHAX is released or the attacker releases the system.
So basically this security flaw is something that can be fixed, but then it opens the system to external security flaws.
Click to expand...
I know passcodes arent meant for anti theft with phone passwords there's also a bypass by erasing all the stuff on the phone they are meant to stop kids from messing with your phone and people trying to get personal information.Heck, even the parental controls on the 3ds is bypassable with a website that generates a pin. If there was no bypass your device would be bricked if you forgot the passcode
 
Last edited by SoslanVanWieren,
The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 40
Joined
Sep 13, 2009
Messages
27,946
Trophies
4
Location
Making a non-binary fuss
XP
39,324
Country
Antarctica
SoslanVanWieren said:
I know passcodes arent meant for anti theft with phone passwords there's also a bypass by erasing all the stuff on the phone they are meant to stop kids from messing with your phone and people trying to get personal information.Heck, even the parental controls on the 3ds is bypassable with a website that generates a pin.
Click to expand...
Yeah~ but I feel like too many people think these measures are some form of "theft protection," so I was just doing my part to point out flaws and why they exist. I felt like I left my last comment rather vague as it should have gone into greater detail. Like I said, it wasn't directed at you, I just didn't want to multi-post.
But you are right, these kinds of security setups are more so a low level preventative than an actually security system.
 
Last edited by The Catboy,
gamesquest1

gamesquest1

Nabnut
Former Staff
Level 22
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,247
SoslanVanWieren said:
I know passcodes arent meant for anti theft with phone passwords there's also a bypass by erasing all the stuff on the phone they are meant to stop kids from messing with your phone and people trying to get personal information.Heck, even the parental controls on the 3ds is bypassable with a website that generates a pin. If there was no bypass your device would be bricked if you forgot the passcode
Click to expand...
tbh at this point most phones do use pin locks as anti theft devices with both android and iOS locking the phone when formatted unless you can login with the previously used account so the phone is effectively a brick and only any foot for spare parts

Maybe a similar solution could be dreamt up for the 3ds with a email recovery key for,although again with ntrboothax looming the effectiveness of such a solution is going to be pretty short
 
Last edited by gamesquest1,
L

lonewolf08

Well-Known Member
Member
Level 3
Joined
Feb 4, 2016
Messages
427
Trophies
0
Age
33
XP
315
Country
United States
gamesquest1 said:
tbh at this point most phones do use pin locks as anti theft devices with both android and iOS locking the phone when formatted unless you can login with the previously used account so the phone is effectively a brick and only any foot for spare parts

Maybe a similar solution could be dreamt up for the 3ds with a email recovery key for,although again with ntrboothax looming the effectiveness of such a solution is going to be pretty short
Click to expand...
Yeah, I mentioned this to Lilith in a PM but even if ntrboothax were released, 3dsafe still offers protection from most people. Not everyone is going to have a compatible flash kart to do so or want to pay for said flash kart to do so. 3dsafe is already bypassed with a hard mod so chances of someone having the necessary things to accomplish the ntrboothax vs just anybody that can change a file and 3dsafe still has the upper hand. Let's also not forgot that 3dsafe let's you have your info and it can give incentive for them to give it back for a reward.
 
  • Like
Reactions: MadMageKefka
The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 40
Joined
Sep 13, 2009
Messages
27,946
Trophies
4
Location
Making a non-binary fuss
XP
39,324
Country
Antarctica
BARNWEY said:
Exactly, though you can bypass them...
Click to expand...
Lilith Valentine said:
Actually one could just place ReiNAND's boot.firm into the root of the SD card and boot right on past the Luma3DS.
Wow, that security flaw went right over my head.
Click to expand...
Lilith Valentine said:
Except when if you place another CFW like ReiNAND on the root of the SD card. B9S considers that priority and boots that instead. So literally using another CFW that ignores the Luma3DS files will completely bypass the Luma3DS security.
Click to expand...
 
S

SoslanVanWieren

Banned!
Banned
Level 6
Joined
Feb 6, 2017
Messages
1,809
Trophies
0
XP
857
Country
Australia
just make the luma boot firm on the sd card read only and the config and pin files read only that way the only way to bypass it is to use a diffrent sd card and they would not have access to most of your games if they did that.
 
Last edited by SoslanVanWieren,
  • Like
Reactions: hurrz

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Hardware  Why does my 3DS take so long to turn off?

Translation Project  DQM2SP translation

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: I am the cancer!!! lol