Hacking Crediar just Released 3DSaveTool!

[pachura]

Hold on... how did they figure out how to extract the XOR cipher? If implemented properly, a XOR key (especially 512(!) byte) should be computationally uncrackable. Sloppy security implementation yet again from Nintendo.

If you know both the unencrypted and the encrypted content, it is trivial to extract the XOR key.
Maybe they were able to do it because every save file has identical header ? There was a screenshot from some hex editor showing a file starting with characters "SAV" ...

 

[Slowking]

If you know both the unencrypted and the encrypted content, it is trivial to extract the XOR key.
Maybe they were able to do it because every save file has identical header ? There was a screenshot from some hex editor showing a file starting with characters "SAV" ...

Crediar said it was because the saves contain a lot of zeros. I guess that's to be expected if you have a fixed save file size but games that don't have much save data. Nintendo should really have filled that up with garbage data, or you know, used something secure like AES. XD

 

[Keva]

I'm not sure I understand the full implications of this but how close are we to seeing "hello world"?

 

[Slowking]

I'm not sure I understand the full implications of this but how close are we to seeing "hello world"?

Weeeell. You still need to understand how shit works first and then you need a buffer overflow in the savegame parsing of a game.
Since the 3DS is pretty close in structure to Wii and DSi the hackers might know enough to get some code executed with only an exploit in a game, without knowing too much else about the console. But I can't say for sure.
Ofcourse it is hard to find an exploit if you are not in the system yet, since you can't watch what is happening when the game reads saves.

Anyway it will still take some time. The 3DS saves are now at the stage where Wii and DSi saves were from the beginning.

That is ofcourse assuming that the 3DS doesn't run things in a hypervisor that checks if all executed code is properly signed, like the 360. But seeing how shoddy the save file security is, it probably doesn't.

 

[notmeanymore]

I hope if a Buffer overflow is discovered, it's only announced and made public in May. Which would allow for 2 great possibilities:
1. Nintendo doesn't fix it in the May update because they simply didn't know in time.
2. Nintendo preempts us and fixes it before it's even announced(which would let people who are still pre-May update stay hackable, if willing to sacrifice eShop and the other features).

 

[jan777]

I hope if a Buffer overflow is discovered, it's only announced and made public in May. Which would allow for 2 great possibilities:
1. Nintendo doesn't fix it in the May update because they simply didn't know in time.
2. Nintendo preempts us and fixes it before it's even announced(which would let people who are still pre-May update stay hackable, if willing to sacrifice eShop and the other features).

Well, they could fix it with a June update.

 

[Relys]

Ugh, it's getting kind of annoying to read these completely clueless messages about hacking over and over again. There's only like three people over the course of the last week that have posted on this forum that know what they're talking about. The rest are a bunch of pirates (you), who keep using big hacker words like buffer overflow without having the vaguest clue what it actually means.

 

[Fear Zoa]

Ugh, it's getting kind of annoying to read these completely clueless messages about hacking over and over again. There's only like three people over the course of the last week that have posted on this forum that know what they're talking about. The rest are a bunch of pirates (you), who keep using big hacker words like buffer overflow without having the vaguest clue what it actually means.

That and everyone keeps asking if they should buy ridge racer....

 

[Deleted_171835]

Ugh, it's getting kind of annoying to read these completely clueless messages about hacking over and over again. There's only like three people over the course of the last week that have posted on this forum that know what they're talking about. The rest are a bunch of pirates (you), who keep using big hacker words like buffer overflow without having the vaguest clue what it actually means.

After a while, you come to expect this kind of stuff from GBAtemp.

 

[Rydian]

Ugh, it's getting kind of annoying to read these completely clueless messages about hacking over and over again. There's only like three people over the course of the last week that have posted on this forum that know what they're talking about. The rest are a bunch of pirates (you), who keep using big hacker words like buffer overflow without having the vaguest clue what it actually means.
BolweevilWhy are we so consistently surprised when people are wrong about things? Being wrong is part of the learning process.

Nobody is expected to know everything, especially things that don't concern them, or directly affect their lives. They have no need to.

Misconceptions about trivial things are extremely common, and they persist when people who know better would rather make fun of them behind their backs instead of correct them so that next time the subject comes up they can avoid making the same mistake.

People only know what they're told. They fill in the gaps by guessing. It's normal. We've all done it at some point in our lives.

Buffer/stack overflow attacks are what's commonly discussed, most save exploits use them (or hunts start by looking for them), and the PS3's initial public hacking was due to one, so that's what's in most people's minds. If you're tired of people not knowing things, attempt to fix it instead of shut them up. Having a curiosity about these things is a good thing, and it's not like the big names in the hacking scene came out of the womb knowing the stuff they do. People need to start somewhere.

If you're willing to write a guide on this type of thing (such as Wololo's guides for the PSP scene attempt to do) I for one would welcome it, and would be willing to help you format it properly (or re-word things if needed) to make the guide as newbie-friendly as possible (and of course get it stickied in the appropiate forum). After all, the proper approach to the lack of education is education.

Otherwise quit'yer'bitchin'kthx.

 

[Xuphor]

Ugh, it's getting kind of annoying to read these completely clueless messages about hacking over and over again. There's only like three people over the course of the last week that have posted on this forum that know what they're talking about. The rest are a bunch of pirates (you), who keep using big hacker words like buffer overflow without having the vaguest clue what it actually means.

That is why I just read these type of threads. Check my post history, I post a lot, but never in true hacking threads, unless something like this comes up.
There are some people like me (just pirates, not hackers), that post in almost every thread EXCEPT these, unless a stereotype is thrown in our faces.

So please, there are some people like me here, who admit they know next to nothing about hacking and just read these threads without posting, so don't lump all us into the one category of useless spammers, thank you.

 

[RNorthex]

Ugh, it's getting kind of annoying to read these completely clueless messages about hacking over and over again. There's only like three people over the course of the last week that have posted on this forum that know what they're talking about. The rest are a bunch of pirates (you), who keep using big hacker words like buffer overflow without having the vaguest clue what it actually means.

That is why I just read these type of threads. Check my post history, I post a lot, but never in true hacking threads, unless something like this comes up.
There are some people like me (just pirates, not hackers), that post in almost every thread EXCEPT these unless a stereotype is thrown in our faces.

So please, there are some people like me here, who admit they know next to nothing about hacking and just read these threads without posting, so don't lump all us into the one category of useless spammers, thank you.

almost the same
i mean, i don't really post anything, just because i got basic knowledge[can somewhat understand what's going on]
and dun wanna write stupid things

and i welcome any explanation as well, it would be a shame not to be a pro hacker after i finish studying programming in university xD
atm i'm still stuck watching failoverflow's ps3 hack explanation

so, not all of us will ask if we should buy ridge racer

 

[KazoWAR]

This could be good news for getting some kind of 3DS Mode homebrew running. If a save exploit is ever discovered in a 3DS game. It wont end like to Sudoku since there are already millions of copies of the game in circulation.

 

[akfgpuppet]

It's a small step to ROM dumping.

 

[akfgpuppet]

Double post? WTF?

 

[Nollog]

Why are people talking about ridge racer?

 

[The Catboy]

I really hope this can't be used for cheating

 

[junn]

Won't run on my computer, complains about not being able to find msvcp100.dll

Download it from this website and copy it to the same directory as the tool.

It's not enough :/
I put the .dll in the same folder as the .exe, and now I have another error:

Entry point not found.
??1_NonReentrantPPLLockHolder@details@Concurrency@@QAE@XZ can't be found in the dynamic library MSVCR100.dll

(the MSVCR100.dll is the one provided in Crediar's archive).
I'm on Windows XP SP2, .net 3.5

got the same problem.
manually registering the dll doesn't work for me.
the fix is,install the Microsoft Visual C++ 2010 Redistributable Package.
http://www.microsoft.com/downloads/en/deta...23-37bf0912db84

Spoiler

 

[Zeroneo]

Wow, now people can cheat on the 3DS

I don't think that's possible to do using this.

Oh you edited.

 

[Slowking]

I really hope this can't be used for cheating

Ofcourse it can. Unless they change the encryption, there will be a new pokesave once Pokemon3D is out, for example.