3DS Hacking FAQs: Post Your Ideas Here!
Vulpes Abnocto said:
Common Suggestions
- "Let's send it a hack through wifi/custom-mii/bluetooth/NFC/SD/update!"
- That's about as useful as saying "Start your online personals ad with a fancy word like 'indubitably' and get laid!", you're missing about 75 steps in-between the start and finish. The 3DS will only naturally run code that's signed, just feeding it custom code through some interface will do nothing.
- "I found a crash, let's use that to make a hack for it."
- Unlike older systems, the 3DS has things like the NX bit and potentially ASLR. These features mean that you cannot simply inject a blob of custom code through a crash and have it run anymore.
- "Why don't we just hex-edit one of the games?"
"Hey guys, let's send it a faked update file with a hack in it!"
"Let's just hack a game on an SD card to hack the system."
"We can edit one of the ambassador games to swap ROMs with a hack, right?"- Games and programs on the 3DS are signed, so if you manually change the program code (without re-signing it) the signatures become invalid and the 3DS will refuse to run whatever you edited.
- "Why not look into the 3DS and find the key?"
- The key to sign things is not in the 3DS. The 3DS has a "common/public" key which is used to decrypt things and check signatures. Only Nintendo has the "secret/private" key/data needed to sign things. See here or here for the basic idea of how asymmetric encryption works.
- "Well we have the keyhole, so to speak, so let's use it to guess the shape of the key!"
- Asymmetric encryption uses a set of two keys, not a key and a keyhole. In addition, it's specifically designed so that you cannot use one key to find another.
- "If the encryption was designed by Nintendo then it MUST have a flaw somewhere!"
- It was not designed by Nintendo. RSA Encryption was created ages ago, and is used worldwide.
- "Let's just wait for some small-time game company to leak the keys!"
- They never get them. Only Nintendo has the data. Game companies, when they're done making a game, send it to Nintendo, then Nintendo signs it for them.
- "Let's just guess the key."
- That's just not plausible. Let's say, for example, that the system uses 128-bit RSA encryption for signing. This means there's a certain number of possible keys, with one of them being correct. How many keys are there? 2 (binary, a bit) to the 128th power (number of bits). That's so many that the calculator that comes with windows can't even display the number without reverting to scientific notation. 128-bits is 340,282,366,920,938,463,463,374,607,431,768,211,456 possible values in binary.
If you want it visualized in hex (like keys are often distributed), then we subtract one to get the maximum value (since 0 is a possibility but a representation of no number) and convert it to hexadecimal, and we end up with a 32-character key range of 0x00000000000000000000000000000000 to 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.
Either way you display it, that is 340 undecillion combinations. The actual number is a bit less since a key will be a certain number of digits and be designed to not have repeating segments, but this puts it in perspective.
Let's say that you have a super computer that can try 50,000 unique keys a second. Let's say that you also have 499 friends with super computers that can each try 50,000 unique keys a second.
25,000,000 keys a second.
1,500,000,000 keys a minute.
90,000,000,000 keys an hour.
2,160,000,000,000 keys a day.
788,400,000,000,000 keys in one year.
So in one year, you and your 499 friends would have managed to try 0.0000000000000000000002% of the keys (and thus have about a 0.0000000000000000000002% chance of success).
That's just 128-bit, and in reality the DSi uses 1024-bit, and the 3DS uses 2048-bit.
(I'm just not doing math on numbers that goddamned large.)
- That's just not plausible. Let's say, for example, that the system uses 128-bit RSA encryption for signing. This means there's a certain number of possible keys, with one of them being correct. How many keys are there? 2 (binary, a bit) to the 128th power (number of bits). That's so many that the calculator that comes with windows can't even display the number without reverting to scientific notation. 128-bits is 340,282,366,920,938,463,463,374,607,431,768,211,456 possible values in binary.
- Well then how the hell do we currently run homebrew on systems that check encryption/signing without knowing the key!?!
- You need an exploit that slips code past the signature check once, and the exploit also needs to gain the highest rights in a system in order to modify the system to remove the signature checks. Then once the checks have been removed, you can run whatever.
