Homebrew ALL 3 Methods to get unbanned from recent ban wave

Did this unban you and if so which method did?

  • Total voters
    453
hurrz

hurrz

Well-Known Member
Member
Level 5
Joined
Apr 17, 2017
Messages
217
Trophies
0
XP
609
Country
Gambia, The
astronautlevel said:
So, I got a bit bored at work and decided to try to figure out why UnbanMii 2.0 was closed source.

It used some rather interesting xorpad encryption (for anyone interested, this was the xorpad key:
View attachment 93856)

Seems like it did a bit more than a xorpad that I didn't bother figuring out, but I didn't need to.

After putting a breakpoint on the first HTTP request (one sent to the server in order to get the LFSC_B), a stackdump at that point revealed some... rather interesting things, namely:

View attachment 93857

There's an option in UnbanMii to upload your LFSC_B, however, the interesting thing is that even if you don't select this option it uploads your LFSC_B, as well as some other information (namely moveable.sed).

I would highly recommend not using this software. Even if this is a bug or the creators change this behavior, effectively stealing every uses LFSC_B is such a breach and violation of trust that I would never recommend this software to anyone ever again.

Not only is this unethical, it is illegal in many places around the world, including potentially the United States, where the server seems to be hosted.

Also, additional proof: captured the packet sent when requesting to download a LFSC_B with wireshark:
View attachment 93863

Once again, the seed is being transferred (just in case you didnt trust my stackdump).

EDIT: Also it uploads your serial and secureinfo_A, which shouldn't even be necessary for unbanning. This is seriously shady as fuck.
Click to expand...



ihaveamac said:
it's not just uploading LocalFriendCodeSeed_B, it does movable.sed and SecureInfo_A (which astronautlevel forgot to show). uploading console-unique data like this, banned or not, is a huge breach of trust. SecureInfo_A isn't even needed for unbanning.
Click to expand...



Majickhat55 said:
Agreed, I was just curious as to what he can do with it (in a malicious context). Anyhow @astronautlevel I quoted your post in the official UnbanMii thread on THAT site. The more people that know, the better. Plus, I'm a dick like that so I wanted the dev to know, that we know.
Click to expand...



zoogie said:
Steal your console's unique online identity to unban themselves, then get you banned and move on to someone else's console identity. Rinse, repeat.
Click to expand...

Thanks a lot for your information guys! I edited my replies on two threads where I linked to method 3 of this thread. If you might see another post of mine recommending method 3 of this thread, I'd appreciate it a lot if you informed me about that! I will immediately edit these posts to avoid recommending the use of Unbanmii!

Knowing about this information, maybe @gamemasteru03 wants to edit the OP?
 
Last edited by hurrz,
illest

illest

Active Member
Newcomer
Level 2
Joined
Dec 25, 2016
Messages
28
Trophies
0
XP
214
Country
United States
astronautlevel said:
So, I got a bit bored at work and decided to try to figure out why UnbanMii 2.0 was closed source.

It used some rather interesting xorpad encryption (for anyone interested, this was the xorpad key:
View attachment 93856)

Seems like it did a bit more than a xorpad that I didn't bother figuring out, but I didn't need to.

After putting a breakpoint on the first HTTP request (one sent to the server in order to get the LFSC_B), a stackdump at that point revealed some... rather interesting things, namely:

View attachment 93857

There's an option in UnbanMii to upload your LFSC_B, however, the interesting thing is that even if you don't select this option it uploads your LFSC_B, as well as some other information (namely moveable.sed).

I would highly recommend not using this software. Even if this is a bug or the creators change this behavior, effectively stealing every uses LFSC_B is such a breach and violation of trust that I would never recommend this software to anyone ever again.

Not only is this unethical, it is illegal in many places around the world, including potentially the United States, where the server seems to be hosted.

Also, additional proof: captured the packet sent when requesting to download a LFSC_B with wireshark:
View attachment 93863

Once again, the seed is being transferred (just in case you didnt trust my stackdump).

EDIT: Also it uploads your serial and secureinfo_A, which shouldn't even be necessary for unbanning. This is seriously shady as fuck.
Click to expand...
Rip me i just downloaded.. I didn't even see this till now.
 
Svv4T

Svv4T

Member
Newcomer
Level 1
Joined
Jul 27, 2017
Messages
6
Trophies
0
Age
38
XP
66
Country
United States
That sucks, I've used Unbanme v1.1 a few days ago, hopefully that version wasn't already infected with malware.
I see they removed the thread to download the app.
 
gamemasteru03

gamemasteru03

Nintendo nerd
OP
Member
Level 11
Joined
Sep 18, 2016
Messages
1,219
Trophies
0
XP
2,378
Country
United States
astronautlevel said:
So, I got a bit bored at work and decided to try to figure out why UnbanMii 2.0 was closed source.

It used some rather interesting xorpad encryption (for anyone interested, this was the xorpad key:
View attachment 93856)

Seems like it did a bit more than a xorpad that I didn't bother figuring out, but I didn't need to.

After putting a breakpoint on the first HTTP request (one sent to the server in order to get the LFSC_B), a stackdump at that point revealed some... rather interesting things, namely:

View attachment 93857

There's an option in UnbanMii to upload your LFSC_B, however, the interesting thing is that even if you don't select this option it uploads your LFSC_B, as well as some other information (namely moveable.sed).

I would highly recommend not using this software. Even if this is a bug or the creators change this behavior, effectively stealing every uses LFSC_B is such a breach and violation of trust that I would never recommend this software to anyone ever again.

Not only is this unethical, it is illegal in many places around the world, including potentially the United States, where the server seems to be hosted.

Also, additional proof: captured the packet sent when requesting to download a LFSC_B with wireshark:
View attachment 93863

Once again, the seed is being transferred (just in case you didnt trust my stackdump).

EDIT: Also it uploads your serial and secureinfo_A, which shouldn't even be necessary for unbanning. This is seriously shady as fuck.
Click to expand...
Thank you very much for the information. Sorry everyone that it took so long to reply I have been very busy today. As for those infected I am greatly sorry for this. I never knew that the devs implemented this crud into their app. I will remove this app from the guide as soon as I can. I hope that you all can forgive for this if you don't I understand. Now will u be willing to explain why UnbanMii does this @Alex S , @xXPaulMCXx , @MarcusD , @arc13 .
 
  • Like
Reactions: hurrz and Powerful
Zidapi

Zidapi

Well-Known Member
Member
Level 11
Joined
Dec 1, 2002
Messages
3,112
Trophies
3
Age
42
Website
Visit site
XP
2,681
Country
Alright, grab your pitchforks and torches!

Which members here were involved in the development of unbanmii?

These two seem to know the malware intimately
xXPaulMCXx said:
Nice to see that UnbanMii is used now :D

== Update ==
ok, 2.0 *might* be released by today, the Team doesn't know yet. We are still working on the Networking. If that's done, we'll polish 2.0 up and Release it :3
Click to expand...
Alex S said:
Soon UnBanMii 2.0 will be released for all 3DS CFW users, and unbanning will be as easy as a click! No More Paranoia!!
Click to expand...
----------

proflayton123 said:
If you used it just to download a said seed from the app but not upload your own, will it still upload yours?
Click to expand...
Yes, unfortunately.
astronautlevel said:
There's an option in UnbanMii to upload your LFSC_B, however, the interesting thing is that even if you don't select this option it uploads your LFSC_B, as well as some other information (namely moveable.sed).
Click to expand...
 
Last edited by Zidapi,
  • Like
Reactions: 20mark
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,349
Trophies
2
XP
18,243
Country
Sweden
I used version 1.1 but I got no idea if that was malware infected or not. It downloaded to the SD Card and then it was a manual process to inject it.
 
xXPaulMCXx

xXPaulMCXx

Well-Known Member
Newcomer
Level 3
Joined
May 16, 2016
Messages
88
Trophies
0
Location
Somewhere on Earth
XP
245
Country
Germany
gamemasteru03 said:
I will get more info on why UnbanMii did this and post it here.
Click to expand...
First, I wanna clear up that Alex S has NOTHING to do with UnbanMii, he only was kind enough to make the video.
Now to the Explaination;
The Data was getting uploaded to our Servers for verification / banning people from using UnbanMii , and were deleted immediatley. we never intended the App to steal Data without Permission. we are sorry for not putting a Disclaimer in it. You can be sure that none of your data got saved.
we gave out the Source of 2.0 to various people, so they can proof themselves. the team apoligizes for scaring people without reason.
 
  • Like
Reactions: proflayton123
proflayton123

proflayton123

The Temp Loaf'
Member
Level 12
Joined
Jan 11, 2016
Messages
6,032
Trophies
1
Age
24
Location
日本
Website
www.facebook.com
XP
3,216
Country
Japan
xXPaulMCXx said:
First, I wanna clear up that Alex S has NOTHING to do with UnbanMii, he only was kind enough to make the video.
Now to the Explaination;
The Data was getting uploaded to our Servers for verification / banning people from using UnbanMii , and were deleted immediatley. we never intended the App to steal Data without Permission. we are sorry for not putting a Disclaimer in it. You can be sure that none of your data got saved.
we gave out the Source of 2.0 to various people, so they can proof themselves. the team apoligizes for scaring people without reason.
Click to expand...

First, "Banning people from UmBanMii" what is the purpose of this then..
 
  • Like
Reactions: Majickhat55
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,349
Trophies
2
XP
18,243
Country
Sweden
xXPaulMCXx said:
First, I wanna clear up that Alex S has NOTHING to do with UnbanMii, he only was kind enough to make the video.
Now to the Explaination;
The Data was getting uploaded to our Servers for verification / banning people from using UnbanMii , and were deleted immediatley. we never intended the App to steal Data without Permission. we are sorry for not putting a Disclaimer in it. You can be sure that none of your data got saved.
we gave out the Source of 2.0 to various people, so they can proof themselves. the team apoligizes for scaring people without reason.
Click to expand...
Have you given it to people like Astro, Scrism, ihaveamac etc.? Because I don't trust a lot of developers in this community so I personally get paranoid :P
 
  • Like
Reactions: hiten

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Hardware  Why does my 3DS take so long to turn off?

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

gacube emeleter

can't download system files on citra because im "not connected to the internet"

General chit-chat
Help Users
  • No one is chatting at the moment.
    ZeroT21 @ ZeroT21: horny jail is full la