Hacking 3DS Hacking Ideas: Post Your Ideas Here!

Pleng

Custom Title
Member
Joined
Sep 14, 2011
Messages
2,439
Trophies
2
XP
2,810
Country
Thailand
Only works if Nintendo uses an exploitable OpenSSL version.

Could someboy not configure their router to reroute all requests for Nintendo's server to an ipaddress on their local network which has a vulnerable version of OpenSSL installed??
 

bartimeaus91

Stanza Blot Burls Rocks. Meaningless? Maybe not.
Banned
Joined
Apr 4, 2014
Messages
288
Trophies
0
Age
44
XP
97
Country
United States
Could someboy not configure their router to reroute all requests for Nintendo's server to an ipaddress on their local network which has a vulnerable version of OpenSSL installed??

That still does nothing. The 3DS itself still does not have the heartbleed vulnerability, its your external network that has the vulnerability.
 

saphris

Member
Newcomer
Joined
Apr 14, 2014
Messages
14
Trophies
0
Age
37
XP
88
Country
United States
Hmm.. this idea came up while i was trying to figure out in my head what happened since the last time i used virtual router for homepass/streetpass, and why its worked up until yesterday.. i didn't find out THAT answer, but i came across another idea..
((edit2 which kinda looks like it was touched on a few posts before mine))
What if a big part of the eshop was done by a signing type of thing, through the MAC address of the console? and if someone actually bought something on there and shared their mac addy, and put a mask on the actual 3ds's mac address to make it appear to be that person's mac, would that be something that could work? i mean, it's an opening where nintendo hasn't patched yet, where you can already trick their servers into thinking your at a streetpass area (which to me, is prolly the most unsecure type of protection that they might have. i have yet to figure out why it only takes a mask of the mac addy of the router, and changing the ssid name to attwifi for it to work.
Anyways, just a thought..
you would prolly still have to have the other persons sign in data to get it, but if that's all, it still would be progress.?

I know this is prolly such a silly question, but what programs have been tried to achieve anything with the 3ds?
(that's not the silly question yet.. lol)..
Can cheat engine, or one of the tables or scripts be used to gather data on the binary's and locations of things on it?

Has charles ever been used? and achieved anything? maybe more into the "what happens and where" part when connecting and downloading something from the eshop, and how the whole request, and recieve things happen?

I'm trying to find the name of the other program i was using while working on some things with facebook games, and ipad apps, and iphone, and such... also, sorry for using the word "thing", "things", and "stuff".. I lack better words, and it generally is in reference to something that's big and vague, or ... things.. .. i guess its my way of using "etc." , or similar.-
Found it! lol..
what about JPEXS Free Flash Decompiler? I know it's mainly towards flash items, and programs, but it can gather data on more than just flash items.. which might lead to finding out more if we can extract any files off of the n3ds to read into.. it reads more than one type of file base.. but it can only change the values and such of flash items.
Another one might be Flex or Flex2.. or some sort of similar program that does this, and maybe have it's value's modified?

and does anyone know if someone's found any coding from the action replay that's for the 3ds? maybe it can shed some light into the subject? or just show what is within a game, such as animal crossing new leaf (which it states that it has a bunch of codes for that game, along with others). maybe that could find an exploit through whatever game or app thats used and has coding through action replay? even if it's using the thing as a "hacking" device? it would be temporary like the psp when i had it.

has anyone tried hacking it through other devices? (not sure how that would work unless the device was already hacked or jailbroken).. but through windows and mac computers have tried to hack it so far.. but has anyone tried an andriod, or black berry, or iphone, or ipad? or any other type of devices that use a different type of stability and structure?
 

Prestigue Genesis

New Member
Newbie
Joined
Apr 22, 2014
Messages
2
Trophies
0
Age
33
XP
41
Country
United States
Considering the 3DS requires signature check, maybe you could change your router to a Fake 3DS streetpass user, then when the real 3DS gets message, and when you say Launch Application, its actually an exploit that bypasses the signature check. I heard profile can be used as well.
Edit: Sort of like a 3DS letterbomb
 

loco365

Well-Known Member
Member
Joined
Sep 1, 2010
Messages
5,457
Trophies
0
XP
2,927
Considering the 3DS requires signature check, maybe you could change your router to a Fake 3DS streetpass user, then when the real 3DS gets message, and when you say Launch Application, its actually an exploit that bypasses the signature check. I heard profile can be used as well.
Edit: Sort of like a 3DS letterbomb

Because it's the Mii Plaza that generates the notification, not the Mii itself. Plus, it always checks the signature whenever it runs an application from any place in the System Menu. That'd be a huge oversight if they didn't do that.
 

Prestigue Genesis

New Member
Newbie
Joined
Apr 22, 2014
Messages
2
Trophies
0
Age
33
XP
41
Country
United States
But
Because it's the Mii Plaza that generates the notification, not the Mii itself. Plus, it always checks the signature whenever it runs an application from any place in the System Menu. That'd be a huge oversight if they didn't do that.
But what if the application wasn't running through the system menu?
 

Horizon

New Member
Newbie
Joined
May 1, 2014
Messages
1
Trophies
0
Age
36
XP
51
Country
Not sure if its been mentioned yet, just wanted to pitch in with some homemade bullshit.
None of this is based in much fact, and is just there in hopes theres an answer with a cookie.

First: Can we read the 3DS's ram? Will that get us anywhere?
Second: Is there a protection on changing the key itself?
Third: Can we just emulate/write a software like the 3DS and run with that?
Fourth: Can we use an audio file to: Insert idea here.
Fifth: Can we use a pic file to: Insert idea here.
Sixth: Can we find any clues by inserting audio file/pic file.
Seventh: Can we find any clues with a debugger of sorts?
Eight: Can we make any debugger, runtime, etc based off previous versions of the ds.
Ninth: Can we access any of the 3DS internal code at all?
Tenth: Did I miss something/a big find since the 9th page of this thread?

EDIT: What about how the game accepts old roms, could that have any clues?
 

bobmcjr

Well-Known Member
Member
Joined
Apr 26, 2013
Messages
1,156
Trophies
1
XP
3,185
Country
United States
No idea if this is of any use. So Animal Crossing New Leaf appears to have eaten my SD card and corrupted the filesystem all over the place. Animal Crossing New Leaf's 00000000.app is only partially accessible (the first 150MB are fine, after that it's unreadable), so it crashes when loading. I think it's handled properly though as it crashes to the favorite screen of flash cart users: "An error has occurred".
 
  • Like
Reactions: st4rk

Sliter

Well-Known Member
Member
Joined
Dec 7, 2013
Messages
3,264
Trophies
0
Location
ᕕ( ᐛ )ᕗ
XP
1,770
Country
Brazil
There are no whay to make an defectve mii that can exploit the systen and let us downgrade by aoriginal cart that would update to <4.5? lol (actually I dream with that XD, but it come via street pass lol)
 

Duo8

Well-Known Member
Member
Joined
Jul 16, 2013
Messages
3,613
Trophies
2
XP
3,008
Country
Vietnam
There are no whay to make an defectve mii that can exploit the systen and let us downgrade by aoriginal cart that would update to <4.5? lol (actually I dream with that XD, but it come via street pass lol)
Pretty sure that won't work. Everyone learned from Sony by now :P.
Also, back-update will most likely screw things up.
 
  • Like
Reactions: Sliter

Reisyukaku

Onii-sama~
Developer
Joined
Feb 11, 2014
Messages
1,534
Trophies
2
Website
reisyukaku.org
XP
5,422
Country
United States
...What if a big part of the eshop was done by a signing type of thing, through the MAC address of the console?...
I'll stop reading right here and point out that eshop transactions are done via OAuth2.0 sessions, which is used to access information stored on your NNID and such. So all purchases etc are stored on NNID.
Found that Flipnote Studio 3D online server has the data unencrypted and on plain text.(http amazonaws server)
I've this: http://github.com/hbxploits/flipnotehax/wiki
Thinking about Homebrew exploit.
Anyone wants to help/give advice/...?
Is there even any basis on this? doesnt seem like something that is viable, but you seem confident in it. .-.
 
D

Deleted User

Guest
I'll stop reading right here and point out that eshop transactions are done via OAuth2.0 sessions, which is used to access information stored on your NNID and such. So all purchases etc are stored on NNID.

Is there even any basis on this? doesnt seem like something that is viable, but you seem confident in it. .-.
The thing is that servers are easely patchable, and if I do something wrong, Nintendo could patch it before I extract code from server...
 

UraKn0x

Official senpai
Member
Joined
Mar 20, 2014
Messages
370
Trophies
0
XP
735
Country
France
The thing is that servers are easely patchable, and if I do something wrong, Nintendo could patch it before I extract code from server...
What Rei said is that even if the data is stored uncrypted, are you sure that you can at least trigger a crash -not even talking about running unsigned code- by sending corrupted data to your flipnote app? Or is it just a random assumption? I think they do check if the received data is correct before doing anything with it...
 
D

Deleted User

Guest
What Rei said is that even if the data is stored uncrypted, are you sure that you can at least trigger a crash -not even talking about running unsigned code- by sending corrupted data to your flipnote app? Or is it just a random assumption? I think they do check if the received data is correct before doing anything with it...
If checksums of kwz are good, Flipnote Studio executes the actiong of reading. There are 414 bytes blank in every flipnote that program executes at the end. We can edit those bytes!
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Did you pee in the water