Nintendo 3DS Hack Compilation

Discussion in '3DS - Flashcards & Custom Firmwares' started by Roguezz, Jan 1, 2013.

?

What do you think about this "hack"?

  1. It's all a hoax!

    9.5%
  2. It's true! It took almost two years, but WE WIIIIIINNNNN!!!!

    44.5%
  3. Umm....it might all be a marketing stunt by the big N?

    2.9%
  4. It's probably real, but it might not be able to launch homebrew or roms...

    32.4%
  5. I don't care. -.-

    10.6%
  1. Isle41

    Isle41 GBAtemp Regular

    Member
    207
    84
    Nov 24, 2011
    Gambia, The
    Look up the Twilight Hack, an exploit for the wii.

    Sometimes you can modify the save data and when the game loads it, it does stuff it's not supposed to. The Twilight Hack had Epona's name (iirc) so long that the game crashed and allowed homebrew to be ran.

    In the 3DS case, you can't just replace a save file, you need to sign it before the 3DS will load it.
     
  2. Shubshub

    Shubshub The Shubinator

    Member
    902
    482
    Oct 16, 2009
    New Zealand
    The dark part of your house
    So basically we edit a save file to Change say the Players name to go beyond the allowed character's thus causing the game to crash?
     
  3. Isle41

    Isle41 GBAtemp Regular

    Member
    207
    84
    Nov 24, 2011
    Gambia, The
    Something along those lines. I don't know what they're doing to this save game, but I imagine it's something like that.
     
  4. Shubshub

    Shubshub The Shubinator

    Member
    902
    482
    Oct 16, 2009
    New Zealand
    The dark part of your house
    So its going to be pretty easy to exploit the 3ds

    Im guessing what your saying is once you exploit the savegame
    All your Unsigned homebrew and roms and stuff will appear on the home menu allowing you to run them?
     
  5. Naridar

    Naridar Excelsior!

    Member
    331
    85
    Oct 26, 2008
    Hungary
    That's the very basic concept of it. More specifically, any variable (but strings generally works the best) is longer than what the system expects and it has no specific command for this event, and thus the memory block that holds it "overflows", rolling over to the next block of RAM. In the Twilight hack's case, a RAM block contained the code to be ran. By making that the continous overflowing (since the TP game had no command for "if the string doesn't end with 8 characters, stop reading and report a corrupt save error) caused a memory block pointer to get into the running code, pointing to the internal SD slot. It's a programming oversight not to think of overly long strings, so I guess Nintendo pays big attention to this one from now on.

    I hope it's understandable, I'm not too much of a tech junkie. I also hope it's at least rudimentarily correct :)
     
  6. Isle41

    Isle41 GBAtemp Regular

    Member
    207
    84
    Nov 24, 2011
    Gambia, The
    Naridar has it right.

    Well, no. Not at all.
    Unless of course you sign all the stuff and make it into a channel format for the home menu, or modify the home menu a ton, you're probably going to have to boot into a loader (think homebrew channel).
     
  7. Makapaka12345

    Makapaka12345 Advanced Member

    Newcomer
    54
    3
    Oct 15, 2012
    How long do you expect for the 3DS to be officially hacked?
     
  8. wiiluver135

    wiiluver135 GBAtemp Fan

    Member
    322
    22
    Oct 7, 2008
    United States
    wouldn't it be ironic if the game they are using to hack the 3DS is OoT 3D :P
    I'd be all like "DAMN NINTY Y U NO FIX UR ZELDAS!?!?!?"
    lol only time will tell
     
  9. Thorhian

    Thorhian My CPU's prefer Water

    Member
    355
    83
    May 23, 2012
    United States
    Shazezar
    It has been officially hacked. When will people see any fruition? Well, maybe months, maybe not until towards the end of the year, nothing has been said, but seeing as the exploit was just found, it is a bit naive to ask for a release date right now.
     
  10. Tokiopop

    Tokiopop Caffeine fiend

    Member
    1,833
    169
    Apr 14, 2009
    UK
    Yeah, that's pretty much it.

    The Twilight hack was a smash stack (otherwise known as a stack buffer overflow), and yellows8 has confirmed that the 3DS exploit is also a smash stack. You're correct about the string being too long; there's no contingency in the code for a long string. So when Epona's name is longer than the allocated buffer, it overflows and it fills adjacent buffers too. Epona's name wasn't just a long string though, it was executable code.

    I've always been interested in this stuff, and I found this book quite good (it has some simple demonstrations of smash stacks in the programming section). If you're interested you should give it a read!

    Edit: This means, of course, you're going to need a specific game for the hack and a way of moving a save file onto it.
     
    spett likes this.
  11. Isle41

    Isle41 GBAtemp Regular

    Member
    207
    84
    Nov 24, 2011
    Gambia, The
    I highly doubt this game was made by Nintendo though. I can't imagine them making the same mistake twice.

    Lego Star Wars 3? Sure, lego never learned XD
     
  12. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    22,470
    10,802
    Apr 29, 2011
    United States
    Dr. Wahwee's castle
    Like this?
    [​IMG]
     
  13. kehkou

    kehkou does what Nintendon't

    Member
    681
    237
    Dec 19, 2009
    United States
    The Duke City
    I wonder if this will allow flipnote studio to be installed on a 3ds...
     
  14. wiiluver135

    wiiluver135 GBAtemp Fan

    Member
    322
    22
    Oct 7, 2008
    United States
    pretty much lol
     
  15. Sohakes

    Sohakes Member

    Newcomer
    14
    1
    May 31, 2009
    Brazil
    Yeah. Reading what yellows8 said on the IRC, the only different thing is that in the case of the 3DS exploit, it's not executable code. There is a protection on the arm processor that makes the save not executable, so it's impossible to use buffer overflow to put code there. The thing is that it's still possible to control the flow of the code if you can change the stack (where the data is stored), you just need to change the return address of the function to where you want. If you do it many times, you can program anything (probably turing complete depending of the 3ds system library) just changing the return values. That's why yellows8 said it's a ROP exploit, ROP stands for return oriented programming. Anyway, I guess it's not practical to use that to do complex thing, so I think there is still another exploit he explored using ROP, that kernel one someone talked about.

    That's what I understood anyway, yellows8 is really friendly and tried to explain on IRC, but maybe I misunderstood. It's a really interesting concept anyway.
     
  16. alirezay

    alirezay GBAtemp Regular

    Member
    217
    70
    Oct 14, 2012
    United States
    Hey guys nintendo will test all the games and soon they will erase the exploit so its better for neimomd to release the exploit
    And ofcourse nintendo would not only wait for neimond to release the exploit...
     
  17. Cazoup

    Cazoup Newbie

    Newcomer
    2
    0
    Jan 3, 2013
    Canada
    I'm not sure if I understood you correctly but from my knowledge ( which isn't much trust me) I think if you don't update your 3ds you should be fine since its card based and only really way to stop it is to update firmware. Yes no did I get it right? Kinda just going out on a limb. Just in case I just leave wifi totally turned off
     
  18. Technicmaster0

    Technicmaster0 GBAtemp Psycho!

    Member
    3,238
    667
    Oct 22, 2011
    Gambia, The
    It's not as easy as "testing all games". They don't know which game they're using and they don't know which part of the savegame they edit.
     
  19. alirezay

    alirezay GBAtemp Regular

    Member
    217
    70
    Oct 14, 2012
    United States
    Its very easy for nintendo cause nintendo isnt a person ... Even 20 people from nintendo can find the exploit under 3 mouth.and i dont get the point of keeping it secret cause if we dont update even if nintendo releases a update for fixing this neimond can still do it in corrent version!!!!!and he still have time to search for that great exploit(!!!)...
     
  20. alirezay

    alirezay GBAtemp Regular

    Member
    217
    70
    Oct 14, 2012
    United States
    No....you can turn ur wifi on cause you have to accept update and 3ds has not an automatic update...