Hacking [Release] 3DSafe: In-NAND PIN lock for 3DS

mashers · Sep 21, 2016

gamesquest1 said:
ok, i can now confirm this wasnt just my eyes playing tricks on me, same thing just happened on a 2DS, so it may be an amazing o3ds exclusive bug

(not my real pin, so please don't steal my 3ds )

and i can confirm its just a visual glitch, the password remains as the first 10 buttons

That's so weird. Does it do it only when entering the PIN on initial setup, or also when changing it subsequently?

ghostpotato said:
Testing with a USA O3DS now.

Thanks!

ghostpotato said:
EDIT: I have to use the OTP bypass for this update to work, it seems.

You shouldn't need to. Are you pressing X in the 3DSafe options to enter the built-in SafeA9LHInstaller? If so, what happens when you do this?

ghostpotato said:
I don't see an option to enter a PIN shorter than 10 characters and have it accept that.

Press START when you've finished entering your PIN if it's shorter than 10 characters.

gamesquest1 · Sep 21, 2016

mashers said:
That's so weird. Does it do it only when entering the PIN on initial setup, or also when changing it subsequently?

Thanks!

You shouldn't need to. Are you pressing X in the 3DSafe options to enter the built-in SafeA9LHInstaller? If so, what happens when you do this?

Press START when you've finished entering your PIN if it's shorter than 10 characters.

seems to be just on the initial setup

mashers · Sep 21, 2016

gamesquest1 said:
seems to be just on the initial setup

Actually I'm seeing a bug with this on n3DS too now. If I delete the 3dsafe folder on CTRNAND to simulate a new setup, I can only enter 10 characters for the PIN but it duplicates the last one when confirming the new PIN. Is this what's happening for you? Or does it actually allow you to enter 12 characters for the PIN and only then display what you entered?

--------------------- MERGED ---------------------------

Actually I think I might have found the problem. The buffer for entering a PIN is too short to include a null terminator so I think there's garbage being included at the end of the strong. I think I just need to make the buffer 1 byte larger. I'll try it when I'm home.

--------------------- MERGED ---------------------------

Wait no that's not it. The buffer isn't treated as a string. Ok I'll need to look more closely when I'm home.

mashers · Sep 21, 2016

mashers said:
Actually I think I might have found the problem. The buffer for entering a PIN is too short to include a null terminator so I think there's garbage being included at the end of the strong. I think I just need to make the buffer 1 byte larger. I'll try it when I'm home.

mashers said:
Wait no that's not it. The buffer isn't treated as a string. Ok I'll need to look more closely when I'm home.

Actually, I think that was the problem

The buffer for the entered PIN is treated as a string on this line; Due to the lack of null terminator, it was overflowing beyond the string and collecting characters from elsewhere in memory. I've increased the buffer size by one byte and it seems to be ok now. I'll just do a bit more testing then push the changes up to GitHub.

ghostpotato · Sep 21, 2016

Found my OTP! :yay3ds:

USA O3DS 11.0.0-33U
PIN setting works: yes
PIN changing works: yes
PIN checking works: yes
OTP bypass works: yes
Payload booting works: yes
Emergency payload works: yes
Integrated SafeA9LHInstaller works: yes
Disable PIN works: yes

I also tested these three:
Hold last char of PIN to access menu: yes
Autoboot payload: yes
Skip PIN on soft reboot: yes

Should I also test with the graphics as well? Also a bug: in text mode, when you set or change your PIN, the characters for your PIN overlap the other text on the screen. For instance:

mashers · Sep 21, 2016

Thanks @ghostpotato!
Great to have another o3DS test done. Don't worry about testing with gfx. It's more about ensuring the crucial features like OTP bypass and SA9LHI work properly as without these you can't recover from list PIN or other problems. I hadn't noticed that overwritten text problem but I've just amended the position of the text and it's ok now. Thanks for highlighting it!

--------------------- MERGED ---------------------------

Ok guys, pre-prelease 0.10 is now up on GitHub releases. This should solve the problems of extra characters being printed when displaying the PIN, and also the overlapping text when entering the PIN using text mode. @gamesquest1 and @ghostpotato, please could you both give this update a try and let me know if it has rectified the problem?

Apart I've now had confirmed reports that everything is working fine on all hardware types and from both EUR and USA regions. I have no reason to believe that there would be an issue in JAP or KOR regions, so once these minor cosmetic problems have been confirmed resolved I'm going to 1.0

ghostpotato · Sep 21, 2016

mashers said:
Ok guys, pre-prelease 0.10 is now up on GitHub releases. This should solve the problems of extra characters being printed when displaying the PIN, and also the overlapping text when entering the PIN using text mode. @gamesquest1 and @ghostpotato, please could you both give this update a try and let me know if it has rectified the problem?

Apart I've now had confirmed reports that everything is working fine on all hardware types and from both EUR and USA regions. I have no reason to believe that there would be an issue in JAP or KOR regions, so once these minor cosmetic problems have been confirmed resolved I'm going to 1.0

Sure! I'll test 0.10 as soon as I get home.

EDIT: Tested; PIN now displays properly. :yay3ds:

Ichigo1000 · Sep 24, 2016

The installation tutorial doesn't talk about the changing of a custom image on the top screen. Is it just not updated, or is it not a feature yet?

mashers · Sep 24, 2016

Ichigo1000 said:
The installation tutorial doesn't talk about the changing of a custom image on the top screen. Is it just not updated, or is it not a feature yet?

Well, the .bin files in the 3dsafe folder can be replaced to change the appearance of the top screen. You would create them in the same way as the bottom screen, though the sizes would of course need to be adjusted. I didn't include it in the installation instructions since this isn't a requirement for installation. It could perhaps be added in a separate section of the readme.

Purple_Heart · Sep 28, 2016

i have an issue with Gateway. the 11.1 patched GW dont work with 3dsafe (blackscreen). please fix it. i love 3dsafe but cant use it due to this problem.

ghostpotato · Sep 28, 2016

Cenk Akbaba said:
i have an issue with Gateway. the 11.1 patched GW dont work with 3dsafe (blackscreen). please fix it. i love 3dsafe but cant use it due to this problem.

Do you have screen-init (i.e. does your screen turn on, then off, then boot to the Home Menu when you turn your 3DS on)? My guess (correct me if I'm wrong) is that this needs screen-init.

Purple_Heart · Sep 28, 2016

yes i have screen-init (because of bootanims)

ghostpotato · Sep 28, 2016

Cenk Akbaba said:
yes i have screen-init (because of bootanims)

OK. Then I don't know what's up (I was just taking a wild guess).

Purple_Heart · Sep 28, 2016

i removed 3dsafe and installed a9lh v3 and it works now

mashers · Sep 28, 2016

Cenk Akbaba said:
i have an issue with Gateway. the 11.1 patched GW dont work with 3dsafe (blackscreen). please fix it. i love 3dsafe but cant use it due to this problem.

Sorry but I don't have a gateway so will not be able to address any gateway related issues.

MadMageKefka · Sep 29, 2016

@mashers I am by no means trying to be impatient, or rush a release. That being said, I'm curious as to what's going on with the project. You said in an earlier post you were just about ready to release v1.0 after the cosmetic fixes you implemented were confirmed to have been fixed, and it seems they were.

Again, not trying to be impatient in the least, I'm more just wondering if you are caught on another snag, or if things need more testing, or maybe if you're working on another feature, or just simply haven't had time? Haven't heard much in a few days and with this thread / project taking off so quickly at the start, my curiosity has gotten the better of me.

Quantumcat · Sep 29, 2016

MadMageKefka said:
@mashers I am by no means trying to be impatient, or rush a release. That being said, I'm curious as to what's going on with the project. You said in an earlier post you were just about ready to release v1.0 after the cosmetic fixes you implemented were confirmed to have been fixed, and it seems they were.

Again, not trying to be impatient in the least, I'm more just wondering if you are caught on another snag, or if things need more testing, or maybe if you're working on another feature, or just simply haven't had time? Haven't heard much in a few days and with this thread / project taking off so quickly at the start, my curiosity has gotten the better of me.

The last commit was 8 days ago so I'd say he's just been too busy to work on the project.

mashers · Sep 29, 2016

I think it is ready for 1.0, but I haven't given it much thought for a while. As long as there are no pressing bugs or issues, I'm happy to go to a stable release.

mashers · Oct 1, 2016

Due to the new OTP-less installation option for A9LH, I'm currently changing over from OTP bypass to using the SHA-256 hash as the bypass. This means adding a function to dump the hash to a file, and check for a match with the hash in memory if the file is present on the SD card. Once this is done I'll upload another beta for testing before going to 1.0.

capito27 · Oct 1, 2016

mashers said:
Due to the new OTP-less installation option for A9LH, I'm currently changing over from OTP bypass to using the SHA-256 hash as the bypass. This means adding a function to dump the hash to a file, and check for a match with the hash in memory if the file is present on the SD card. Once this is done I'll upload another beta for testing before going to 1.0.

protip, instead of changing it, simply check the file length of the OTP.bin, if the size is 256 bytes (i believe OTP is 256 bytes long, check yourself), it's an OTP, so hash it and compare to the system hash, otherwise just compare the file contents to the hash directly.

Hacking [Release] 3DSafe: In-NAND PIN lock for 3DS

Stubborn ape

Nabnut

Stubborn ape

Stubborn ape

Well-Known Member

Stubborn ape

Well-Known Member

Well-Known Member

Stubborn ape

GBATemp´s weirdest Individual

Well-Known Member

GBATemp´s weirdest Individual

Well-Known Member

GBATemp´s weirdest Individual

Stubborn ape

Well-Known Member

Dead and alive

Stubborn ape

Stubborn ape

Well-Known Member

Similar threads

Popular threads in this forum