Homebrew ALL 3 Methods to get unbanned from recent ban wave

Did this unban you and if so which method did?


  • Total voters
    453

gamemasteru03

Nintendo nerd
OP
Member
Joined
Sep 18, 2016
Messages
1,219
Trophies
0
XP
2,378
Country
United States
The guide has been updated! Here's the changelog!

1) Unban Mii 2.0 support added! (Method 3 has been disabled intill the 2.0 updates hits tonight or tommrow)

2)Spelling fixes!
 

CybaltM

Well-Known Member
Newcomer
Joined
Nov 4, 2016
Messages
56
Trophies
0
XP
118
Country
United States
OP, why are you saying that Method 3 is dead? It works completely fine. You are giving people the wrong information bro.
 

gamemasteru03

Nintendo nerd
OP
Member
Joined
Sep 18, 2016
Messages
1,219
Trophies
0
XP
2,378
Country
United States
OP, why are you saying that Method 3 is dead? It works completely fine. You are giving people the wrong information bro.
The poll was made when method 3 was killed by the 1st public seed doner. But was then brought back to life by a reuploader and has been alive ever since. If a mod could fix that it would be wonderful!
 
  • Like
Reactions: CybaltM

astronautlevel

Well-Known Member
Member
Joined
Jan 26, 2016
Messages
4,128
Trophies
2
Location
Maryland
Website
ataber.pw
XP
4,998
Country
United States
So, I got a bit bored at work and decided to try to figure out why UnbanMii 2.0 was closed source.

It used some rather interesting xorpad encryption (for anyone interested, this was the xorpad key:
upload_2017-7-27_15-56-6.png
)

Seems like it did a bit more than a xorpad that I didn't bother figuring out, but I didn't need to.

After putting a breakpoint on the first HTTP request (one sent to the server in order to get the LFSC_B), a stackdump at that point revealed some... rather interesting things, namely:

upload_2017-7-27_15-59-41.png


There's an option in UnbanMii to upload your LFSC_B, however, the interesting thing is that even if you don't select this option it uploads your LFSC_B, as well as some other information (namely moveable.sed).

I would highly recommend not using this software. Even if this is a bug or the creators change this behavior, effectively stealing every uses LFSC_B is such a breach and violation of trust that I would never recommend this software to anyone ever again.

Not only is this unethical, it is illegal in many places around the world, including potentially the United States, where the server seems to be hosted.

Also, additional proof: captured the packet sent when requesting to download a LFSC_B with wireshark:
upload_2017-7-27_16-14-6.png


Once again, the seed is being transferred (just in case you didnt trust my stackdump).

EDIT: Also it uploads your serial and secureinfo_A, which shouldn't even be necessary for unbanning. This is seriously shady as fuck.

DOUBLE EDIT: See my updated assessment here: http://gbatemp.net/threads/all-3-me...m-recent-ban-wave.450679/page-85#post-7474721
 
Last edited by astronautlevel,

Majickhat55

The Red Woman
Member
Joined
Mar 28, 2016
Messages
4,936
Trophies
1
Age
36
Location
Asshai
XP
2,958
Country
United States

This is both extremely telling, and worrying to boot. Although I don't see what he can do with console info that's already been banned. Your LFCS_B is banned if you're using unbanmii so what's the point in having it upload in tandem?

Regardless, that's some bullshit thank you so much for figuring this out and letting everyone know. I'll disseminate this information through all of my hacking corners. I was wondering why there wasn't a direct mirror link to the seed, and he forced the program. What an asshole.
 
  • Like
Reactions: Laroon

ihaveahax

Well-Known Member
Member
Joined
Apr 20, 2015
Messages
6,068
Trophies
2
XP
7,794
Country
United States
This is both extremely telling, and worrying to boot. Although I don't see what he can do with console info that's already been banned. Your LFCS_B is banned if you're using unbanmii so what's the point in having it upload in tandem?

Regardless, that's some bullshit thank you so much for figuring this out and letting everyone know. I'll disseminate this information through all of my hacking corners. I was wondering why there wasn't a direct mirror link to the seed, and he forced the program. What an asshole.
it's not just uploading LocalFriendCodeSeed_B, it does movable.sed and SecureInfo_A (which astronautlevel forgot to show). uploading console-unique data like this, banned or not, is a huge breach of trust. SecureInfo_A isn't even needed for unbanning.
 

Majickhat55

The Red Woman
Member
Joined
Mar 28, 2016
Messages
4,936
Trophies
1
Age
36
Location
Asshai
XP
2,958
Country
United States
it's not just uploading LocalFriendCodeSeed_B, it does movable.sed and SecureInfo_A (which astronautlevel forgot to show). uploading console-unique data like this, banned or not, is a huge breach of trust. SecureInfo_A isn't even needed for unbanning.
Agreed, I was just curious as to what he can do with it (in a malicious context). Anyhow @astronautlevel I quoted your post in the official UnbanMii thread on THAT site. The more people that know, the better. Plus, I'm a dick like that so I wanted the dev to know, that we know.
 
Last edited by Majickhat55,
  • Like
Reactions: hurrz and Laroon

zoogie

playing around in the end of life
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
14,998
Country
Micronesia, Federated States of
Agreed, I was just curious as to what he can do with it (in a malicious context). Anyhow @astronautlevel I quoted your post in the official UnbanMii thread on THAT site. The more people that know, the better. Plus, I'm a dick like that so I wanted the dev to know, that we know.
Steal your console's unique online identity to unban themselves, then get you banned and move on to someone else's console identity. Rinse, repeat.
 

ihaveahax

Well-Known Member
Member
Joined
Apr 20, 2015
Messages
6,068
Trophies
2
XP
7,794
Country
United States
Wow, is this the first 3DS malware? Never thought I'd see the day.
it's surprising to me that it took this long for 3DS malware to appear. Vita got malware early on when HENkaku was released (memory card formatters and deleting files in os0: ). that's why they have have "safe homebrew" now, which disables access to things most homebrew don't need.
 
Last edited by ihaveahax,

linuxares

The inadequate, autocratic beast!
Global Moderator
Joined
Aug 5, 2007
Messages
13,099
Trophies
2
XP
17,742
Country
Sweden
Version 1.0 is open source.
Ah okey, it was like version 1.3 or something I just used. So I guess I'm in the clear.

This tool shouldn't need any uploading function at all, just download. So it's really shady.


Btw, can you delete the movable.sed? Since I have no use for it.
 

Apache Thunder

I have cameras in your head!
Member
Joined
Oct 7, 2007
Messages
4,398
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,731
Country
United States
Btw, can you delete the movable.sed? Since I have no use for it.

lol, no not really. The console uses that to seed authentication stuff for SD encryption/System save data among other things. So no not a good idea to just go and delete that. :P

With CFW you could switch to a movable.sed that uses zero'd keys and what not so that it's not uniquely identifiable, but if you want to preserve your game saves, etc, it would take some level of pre-preperation/backup of that data before you would do it.
 
Last edited by Apache Thunder,
  • Like
Reactions: Zidapi

linuxares

The inadequate, autocratic beast!
Global Moderator
Joined
Aug 5, 2007
Messages
13,099
Trophies
2
XP
17,742
Country
Sweden
lol, no not really. The console uses that to seed autentication stuff for SD encryption/System save data among other things. So no not a good idea to just go and delete that. :P
Son of a....! Well I'm not going to download 2.0 of that app then. I wish not to get my O3DS banned... if someone is going to get it banned, it's me!
 

WeedZ

Possibly an Enlightened Being
Global Moderator
Joined
Jan 13, 2015
Messages
3,825
Trophies
1
Location
The State of Denial
Website
gbatemp.net
XP
5,656
Country
United States
So, I got a bit bored at work and decided to try to figure out why UnbanMii 2.0 was closed source.

It used some rather interesting xorpad encryption (for anyone interested, this was the xorpad key:
View attachment 93856)

Seems like it did a bit more than a xorpad that I didn't bother figuring out, but I didn't need to.

After putting a breakpoint on the first HTTP request (one sent to the server in order to get the LFSC_B), a stackdump at that point revealed some... rather interesting things, namely:

View attachment 93857

There's an option in UnbanMii to upload your LFSC_B, however, the interesting thing is that even if you don't select this option it uploads your LFSC_B, as well as some other information (namely moveable.sed).

I would highly recommend not using this software. Even if this is a bug or the creators change this behavior, effectively stealing every uses LFSC_B is such a breach and violation of trust that I would never recommend this software to anyone ever again.

Not only is this unethical, it is illegal in many places around the world, including potentially the United States, where the server seems to be hosted.

Also, additional proof: captured the packet sent when requesting to download a LFSC_B with wireshark:
View attachment 93863

Once again, the seed is being transferred (just in case you didnt trust my stackdump).

EDIT: Also it uploads your serial and secureinfo_A, which shouldn't even be necessary for unbanning. This is seriously shady as fuck.
What do you think this is for. Selling to ninty?
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • BakerMan
    The snack that smiles back, Ballsack!
    BakerMan @ BakerMan: well, after a day of pain, i'm gonna catch some zs