D
Deleted User
Guest
OP
There are now known exploits/hacks that "apparently" work, and one that DOES work. Scroll down to see them. Each exploit is separated by a title in a bold red color.
Gateway Thread Now Updated
DEC 10, 2013
Nintendo 3DS Exploit
This is a rewritten thread. The original can still be found below in a spoiler. Don’t forget to follow me on Twitter: https://twitter.com/VosInterficiamUPDATED September 14, 2013OriginOn December 16, 2012 (or earlier) yellow8 posted an image of the 3DS with the bottom screen stating “WE HACKED IT!”. And thus, the 3DS exploit was revealed! Furthermore, Neimod announces the following in a conversation at 3DBrew.org “[07:51:56] <@neimod> full control of the 3ds in kernel mode (arm9 & arm11) from an unmodified 3ds :]”.What This MeansThe 3DS exploit is a save game exploit based on data extracted from the save file of a retail game (meaning a game that can be purchased from your local games store). It may not work on the EShop equivalent of the game and Nintendo will certainly withhold the EShop version once the the exploit is made public. The retail version however will most likely be available very easily so it shouldn’t be a problem to get ahold of it. The exploitable game hasn’t been announced yet so please don’t ask.Once Kernel control is achieved after exploiting the system, it is possible to launch custom code (homebrew, rom loaders, etc), remove region lock, etc. However; the 3DBrew devs have stated that they will not release any warez related code and that this exploit will only be used to launch homebrew. In one case, one of the leading member of the dev team has even gone as far as to say that they will not be sharing the exploit at all, “[07:57:34] <@neimod> unfortunately, we are elitist bastards who never share anything, so kiss that warez loader goodbye”. How We Think The Homebrew Will Work Based On Released InformationUnlike the last decade, this time around, there will be NO flashcards. The exploit is based entirely off of an SD card so all homebrew or other code will be executed from the SD card. Of course, it’s still possible to create a Flashcard, but who’s willing to spend money when you can just launch it from an SD card that came with the 3DS for free?Although the 3DBrew devs have stated that they only plan on releasing homebrew, it is highly likely that another team or someone else will pick up from where they leave off once the hack has been released and make warez loaders. Response/Media ReceptionWhile you’d think that all developers would be against the release of an exploit, other developers go as far as to criticize these devs by stating that they simply did not make games worth buying. For more on this, go to the 4th post on this page; http://gbatemp.net/threads/nintendo-3ds-hack-compilation.340296For Further Information
- See the original thread below for a LOT more in depth information including pictures
- Ask someone in the discussion thread
- Bug the 3DBrew devs who probably won’t answer you
- Contact me on Twitter via a private message
- Have something to add to this thread? Contact me via Twitter or PM
- Did I miss something that was in the old thread but not in the new one? PM me on GBATEMP
Further DevelopmentsSo apparently the haxx or whatever they are calling it was patched in my absence so if you are under firmware 5.0.0-11 (<that's the firmware that patches it), do not update it. They aren't planning to release it even though it was patched which is pretty fishy, but whatever, summer's here, so, get off of your butt and go out for a run. I'm going to go for a run. Just not in the day light, too sweaty. I hate sweat. So, since the 3DS was "apparently" hacked, there's been a lot of stuff going on and I'm going to try to keep it all-including stuff released in the future-in this one thread. I'll try to add everything into one place. If it says "Unknown Date" anywhere and someone knows the date of those releases, please PM me so that I can list them.Once exams are done, I'm going to re-write everything on my blogso that I can easily post everything and make everything clearer.thtg.blogspot.comWhat's happening over the weekend:Alright, so, now that exams are over and I have a 4 day long weekend, expect some updates on the thread this weekend (Idk when). I'm not sure if there will be anything new, but you can definitely look forward to a cleaner, neater, re-written version of the current information. If you'd like, you can also follow me on twitter and I'll announce any major updates there-or if you have any new information that can be shared, feel free to private message me on Twitter-that way I can update everything faster. Just please don't tweet me for any requests for the hack or I'll block ya! Private messages only if it's regarding the 3DS hack. My Twitter link: https://twitter.com/VosInterficiam You can also expect the thread to get cluttered again since I won't always be able to keep it clean (if a lot of new info comes in), but I'll try to fix it as I go so it shouldn't be that big of a problem.Also, each time I update (on twitter), I'll simply say "Update @ insert time+timezone". It's a neat, simple, and fast way to get info out to everyone.Update Log Evertime I update something in the thread, I'll post a time and date in this update log so that you don't have to go through trying to find new content every time you visit the thread.February 14, 2013, 7:46PM EST-just updated with some news of what's coming at the begining of the first post!January 12, 11:41 AM EST-UPDATED THE NEWS POSTJanuary 2, 5:20 PM EST-ONLY THE NEWS POST HAS BEEN UPDATED. PLEASE READ IT. IT IS THE 4TH POST ON THE FIRST PAGE OF THIS THREAD!January 1, 10:25 PM ESTKudos to Michael18's thread for starting us off.(i) The Nintendo 3DS Hack is officially announced. December 16, 2012-This hack was performed by yellow8 (who confirms it was a save game exploit)According to yellow8, the following Xcution images are of the CTRSDK app and were done on a dev unit, so they have nothing to do with homebrew, so although everyone is posting them-they don't have anything to do with the Neimod hack. (ii) Xcution manages to make his application detectable in the Friends Applet. December 30/2012(iii) Xcution manages to send images (JPEG/MPO) and text via Notifications. December 31/2012Kudos to heartgold's thread for the next one:(iv) Neimod acquires full kernel control on an unmodified Nintendo 3DS. UNKNOWN DATE[07:51:56] <@neimod> full control of the 3ds in kernel mode (arm9 & arm11) from an unmodified 3ds :][07:53:03] <EdTheNerd> HHNNNNGGGGG[07:53:05] <@neimod> the sky is the limit![07:53:17] <EdTheNerd> Gib romz plox[07:53:50] <@neimod> in theory it's possible[07:53:52] <EdTheNerd> Now then, make it do somethig cool, while displaying GBA TEMP BLOWS somewhere on the screen[07:54:04] <EdTheNerd> Then enjoy the show[07:54:36] <EdTheNerd> "neimod: in theory it's possible"[07:55:02] <EdTheNerd> T-10 seconds before gbatemp quotes that and pisses itself like an excited dog[07:55:59] <jse> nice work neimod[07:56:02] <jse> congrats[07:57:34] <@neimod> unfortunately, we are elitist bastards who never share anything, so kiss that warez loader goodbye[07:58:01] <EdTheNerd> So not to try to pry to much info here, but is this something you need a specific game/app for?[07:58:31] <EdTheNerd> Should i by buying all of the eshop now?[07:58:35] <@neimod> it's based on a specific card-based game[07:58:39] <EdTheNerd> Nice[07:58:58] <EdTheNerd> How patchable would you say this is?[07:59:06] <@neimod> very easily[07:59:12] <EdTheNerd>[07:59:41] <EdTheNerd> Still, amazeing work as always[07:59:46] <EdTheNerd> Congrats![08:00:10] <@yellows8> SD version can be used too but ofc one has to run code first for that.[08:00:19] <EdTheNerd> Now take careof that pesky region lock![08:00:33] <EdTheNerd> Could such a thing be posible with this now?[08:01:55] <@neimod> yes, with full kernel control anything is possibleThe kernel entry was removed from 3dbrew.org by Neimod thus making everyone believe that it's not true that he hacked the kernel, however a member member on this form (shub13) contacted yellows8 and here's their chat:[18:18] <shubshub> hi[18:26] <yellows8> sup?[18:26] <shubshub> So how come the news about the kernel access was removed from the main page?[18:27] <yellows8> uh, fwiw neimod reverted that edit not me.[18:27] <shubshub> fwiw?[18:28] <yellows8> for what it's worth.[18:28] <shubshub> ah[18:28] <shubshub> But do you know why it was removed?[18:31] <yellows8> tbh I wouldn't really want anyone to edit the news page with info I mentioned on IRC either - which is why neimod reverted it I assume.[18:31] <shubshub> ok[18:31] <shubshub> -snip-[18:32] <yellows8> -snip-Well, there's that and neimod himself saying that he's hacked the kernel, so I'm pretty sure that he's done it.NEIMOD HAS CONFIRMED THE FOLLOWING:[02:01] <Roguezz> hey, one question[02:01] <Roguezz> you said it was based one a retail game[02:02] <Roguezz> so that means a game cartridge rather than an eshop game right?[02:02] <neimod> yes[02:04] <Roguezz> Sweet, thanks man. Keep up the good work!What this means is that unlike the DSi exploit which gave people only about an hour to download the dsi shop game, people will be able to buy the game before Nintendo can take it off of the eshop since it'll be in retail stores. An update patch can be used to disable the hack, but you can always withholding from updating.I contacted yellow8 and it is now confirmed that the exploit is done by using a retail game card. So it can be any game card (e.g. The Legend of Zelda, Starfox, etc). When Neimod said that it was a specific card-based game, he meant that it could be any retail game and not a game based on cards such as "solitaire".Confirmation that it's a save game exploit<yellows8>the code which patched errdisp was loaded from SD card btw.<shlee>Save game? random binary? FS glitch?<yellows8>savegame for the arm11 userland ROP.... <yellows8>it's a gamecard savegame yes.Why the 3D LED is disabled in the very first image<yellows8> and the 3D LED is disabled, because that text was displayed by patching text in errdisp, then triggering an error. could try to figure out where in errdisp the LED is disabled however.<yellows8> it's still unknown how to use the gfx service to display anything.Region and Exploit Compatibility[10:43] <shubshub> Is the game of a Specific region? or would the exploit work on all copies of the game worldwide?[10:44] <yellows8> worldwide, atm it only supports USA/EUR.[10:45] <shubshub> Damnit I'm in New ZealandExploit Release Date Info (people need to settle down)[15:34] <Roguezz> Hey, is there even a remote chance of this being released anytime soon? Like, let's say, by the end this month?[15:34] <yellows8> no way[15:34] <Roguezz> Oh wow[15:34] <Roguezz> How long do you think it'll take?[15:35] <Roguezz> And are you guys still going to try to fund raise for the SEM images?[15:35] <yellows8> would have to attack other -sniped info-[15:36] <yellows8> "And are you guys still..." ofcourse[15:36] <Roguezz> Oh, so it could still take months huh...well, at least it's somethingIt'll most likely be released this year-just not in january.[11:03] <shubshub> Will the exploit be released any time this year perhaps?[11:04] <yellows8> no idea.[11:05] <yellows8> we would basically run out of -sniped- vulns for code exec very quickly. :-/[11:05] <shubshub> What does that mean?[11:05] <yellows8> one has to attack -snipe- to get any code running at all.[11:06] <shubshub> And why would you run out of vulnerabillities?[11:06] <yellows8> ...[11:06] <yellows8> because there is barely any vulns ofc.[11:07] <shubshub> Yeah and once the exploit is released Nintendo will release patches to fix it right?[11:07] <yellows8> ofcourse?[11:07] <shubshub> But Nobody would download the Update Patches though unless they Actually released a Patched Physical Cartridge[11:08] <yellows8> they could have an updated home menu refuse to launch the game without the patch installed.[11:09] <shubshub> Through a Forced System Update... Can Nintendo Force a System Update?[11:09] <yellows8> nope[11:09] <shubshub> Thats Good ThenWhat this means is that they are not releasing it yet because Nintendo will simple patch it and that'll be the end of 3DS homebrew. SO, they're trying to tinker with the services so that you have have both the latest update AND the exploit. However, they can launch custom code right now, but they won't release it until there's a way to preserve the vulnerabilities with upcoming system updates and patches. I'd suggest donating to their SEM imaging project so that it can be done quicker and possibly open new kinds of vulnerabilities.The hack/exploit will work on a total 67 games. Of course devs will start out with one/a couple of games and then maybe make more available-but only expect the more popular (only applies to exploitable) games to be exploited. This way, you don't have to get any one specific game in order to exploit your Nintendo 3DS. All of these games are available on retail game cartridges in stores. I had to count out each and every game but in the end there were a total of 67 games that are exploitable. Of course, some one these might not be-or there might be even more. They didn't even want me to mention that there are 67 games after I found out so don't bother asking me what they are. Check out the spoiler for more info.(January 1, 2013-6:36 PM EST)[15:04] <Roguezz> So there are 67 games that -snipped-, that means that you can exploit the 3DS with ANY of those games right?[15:04] <yellows8> exactly[15:04] <Roguezz> NICE[15:05] <Roguezz> So there's pretty much no way that Nintendo can completely stop it now. They can't recall them and they've already sold millions.[15:06] <Roguezz> You're a genius,[15:06] <yellows8> if you refuse to install sysupdates, sure.[15:07] <Roguezz> I'm on the latest update, will it still be exploitable, or is that for future updates only after the exploit is released?[15:07] <yellows8> I mean a future sysupdate where the -snipped- is fixed, etc.I know that I said that 67 games can be exploited-but yellow8 has corrected me. Currently, only 1 game can be exploited, but this one game makes 66 other more vulnerable and may possibly enable the other 66 games to be exploited as well. From there, depending on where the exploit leads us (or even from this one exploited game), depending on how it works out, any and all retail 3DS games could become vulnerable. If I posted the convo here, I'd have to edit out almost everything so there's no point. Either way, this game should open a portal to 3DS home brew that's been missing for the last 2 years! I do bring some good news though, the hacked game shouldn't be too hard to find. [20:20] <Roguezz> one question, is the exploited game easily available let's say at eb games or is it one of those rare stupid games?[20:21] <yellows8> that would be another hint for what the game is.[20:22] <Roguezz> true[20:22] <Roguezz> But it's possible to purchase it in stores right?[20:22] <yellows8> afair yeah.[20:23] <Roguezz> Okay lol(v) FAQWhy there's no CFW, what is the ARM9 core, and can it be overclocked? From past experiences with Android, it is my understanding that you cannot overclock a cpu/gpu without a custom kernel. And since we've only just gained access to it-no.The rest of the answers can be found below.[22:10] <Roguezz> i knwo you can't overclock it without modding the kernel[22:10] <Roguezz> but what's with the arm9?[22:11] <yellows8> the arm9 is the security core, handles AES/RSA engine, etc.[22:11] <Roguezz> And you need to access that to make a CFW as well...?[22:12] <yellows8> uhh you need the FIRM RSA private key for that...[22:13] <Roguezz> And the arm9 controls the RSA right?[22:13] <yellows8> yes
Gateway 3DS Flashcard
Current Gateway Info-The only working and released exploit
UPDATED DEC 10, 2013Gateway has been released for a while now. It is the first and only Flashcard that has been released to the public so far and is able to play retail game roms as well as the actual cartridges. Gateway only works on firmwares 4.1-4.5 at first, but you can update through emuNand and still retain the hack.Here is some quick info taken from THIS thread. You should go to the full info thread for everything.Brief Info About Gateway 3DSQ: What is Gateway 3DS?A: Gateway 3DS is the first working 3DS flash cart.Q: What do I need to use Gateway 3DS?A: A Nintendo 3DS on firmware 4.1 - 4.5 and the Gateway 3DS red and blue flashcarts of course.Q: My firmware is below 4.1, what can I do?A: You may buy or rent a game that forces an update to 4.x. A full list of games and required firmware is found here or here. Note: So not try to update via internet or your 3DS will be updated to 6.x!Q: My firmware is above 4.5, what can I do?A: If you have a backup of your NAND that has firmware 4.5 and below, you can flash it back to your console. There is a thread about this here.Q: Actually, I haven't baught a Nintendo 3DS yet. Where do I get a 3DS with firmware 4.1 - 4.5?A: Those Nintendo 3DSs with copyright 2012 have firmware 4.5 and below. There is a thread about this here and here is a picture of the copyright sign on the package.Q: What about the compatibility?A: There is a nice thread about the game compatibility here. Hopefully it gets updated frequently.Q: What about eShop games? Can I run them somehow with Gateway?A: No, currently not. But after the release of 2.0 it should be possible to enter eShop and buy those games and likely also DLCs legally.Q: I heard very much about this update 2.0? What exactly is emuNAND?A: EmuNAND is a feature of the upcoming update 2.0. With this feature it is possible to backup the NAND of your console on your SD-Card and then emulate it from the SD-Card. Then it should be possible to update this emulated NAND to the latest firmware, while the physical NAND on your console remains on 4.1 - 4.5. While running the emulated NAND it will be possible enter eShop and use all benefits of the new firmware.Q: Where can I buy a Gateway 3DS?A: This depends on the country you're living in. A full list of official resellers is found here.Q: Does Gateway 3DS work on my Nintendo 2DS?A: Since the Nintendo 2DS is shipped with firmware 6.x, Gateway does not workFINDING A 3DS THAT WORKS WITH GATEWAYIn terms of 3DS XL (and probably the normal 3DS as well) it must be "copyright 2012" and a serial number that starts with the following:Canada/USA-SW1244 or belowEurope-Australia-Japan-I'll update it as I discover more. So for example, I just bought my 3DS with the firmware 4.4 and the serial number started with SW12309.Gateway Compatibility ListThis is just the current info I took off of THIS thread. You should go to the actual thread to make sure you have the latest information-but this is just an example of what it can do for now.With the launch of Gateway's 2.0b1 firmware, emuNAND, and Nintendo's new 7.0 firmware update, there's been a lot of confusion about what works and what doesn't. I wanted to make a compatibility list, and keep it up to date as new developments come out, so that it's easy for everyone to figure out what works, and how to get it working.
4.5 sysNAND + Gateway 2.0b14.5 sysNAND + 6.3 emuNAND + Gateway 2.0b1
- ROMs: Plays all ROMs, including Zelda ALBW and Batman, except for NANDsave ones like Pokemon X/Y
- Retail: Does not play retail games
- Online: Does not work for ROMs and retail games don't work
- eShop: Does not work and requires an update to 7.0
- Game Patches: Everything works, both for ROMs and retail games
4.5 sysNAND + 7.0 emuNAND + Gateway 2.0b1
- ROMs: Plays all ROMs, including Zelda ALBW and Batman, except for NANDsave ones like Pokemon X/Y
- Retail: emuNAND Classic Mode plays all retail games, including NANDsave ones like Pokemon X/Y
- Online: Works for retail games, does not work for ROMs
- eShop: Does not work and requires an update to 7.0
- Game Patches: Everything works, both for ROMs and retail games
- ROMs: Plays all ROMs from the same region only, including SDK 5.x ROMs like Zelda ALBW, except for NANDsave ones like Pokemon X/Y
- Retail: emuNAND Classic Mode plays all retail games, including NANDsave ones like Pokemon X/Y
- Online: Works for retail games, does not work for ROMs
- eShop: Does not work since Gateway 2.0b1 doesn't patch 7.0 emuNAND
- Game Patches: Everything works, both for ROMs and retail games
OLD GATEWAY INFOUPDATED MAY 31, 2013All the info you may need is in the following quote posted by KorreaMan but I cannot assure you that it is 100% correct since no one really knows a lot about this flashcard (it makes sense though):Heya! Lurker/Newbie here. Can't believe how many regular posters are asking questions that are obvious. I've been in contact with someone who's known about this for a while now, and can assure you it's real. I can also assure you that it blows ass and won't be worth purchasing unless you're extremely desparate.Here's a little FAQ for you.*Is this real?Short answer: Yes. This is a real product and will really allow you to play 3DS ROMS on your 3DS unit.*How does this work?It's a tiny bit more complicated than this, but I'm dumbing it down so that everyone can understand. Basically, this is a shell for an SD card slot which tricks the 3DS into thinking that the SD card is the game cart. By putting the ROM into the SD card, and the SD card into the shell, you've essentially created a 1:1 copy of a retail game; a bootleg.*What does that mean for the user?A couple things. The SD card has to be the correct size for the ROM. If you have a 2gb ROM you need a 2gb SD card, and so on. You cannot use a larger card than the ROM you're using, which also means that there's no way to store more than one ROM on the card at a time. Additionally, the save files are stored on the cart shell itself, as the spot for that is standardized. This means that if you change the ROM, the new game will see that information as a corrupted save and delete it. You'll need to back up your save files before switching ROMs, and you may need additional hardware to do so.*Can it run homebrew?Nope. This won't allow you to run unsigned code. The cart is set up in such a fashion that you've created a 1:1 copy of a retail cart. That is, it's signed by Nintendo already, and that's why you can run it.*Can it get around region blocking?Nope. For the same reason listed above, you'll still need to use the correct region's ROM for your hardware, and won't be able to play any ROMS of games that haven't been released in your hardware's region. You also can't modify the ROMs without stripping the Nintendo signature and thus making this method no longer work.*But since the 3DS can't tell the difference between this and a real cart, it means Nintendo can't block it with an update, right?No. Nintendo can and will block this device. Currently, the 3DS can't tell the difference. However, it's just not being instructed to check the right things. There's plenty Nintendo can do to identify this device. For only one example, they can check the read speed of the cart and see that it isn't the same as an official card.Worse, since ROMs can't be modified, Nintendo also can and will simply include the update on future game carts, making it impossible to play those games with the device since doing so would force an update that made it no longer function.*So what will I need in order to use this to full effect?You'll need:1) The device itself2) One MicroSD card to standard SD card adaptor for your computer, or a USB card reader device with a MicroSD card slot.3)One MicroSD card of every standard 3DS ROM size - 512mb, 1GB, 2GB, and 4GBIncorrect, as long as your sd card is bigger than (or the same size) the rom you are loading into the system, you can format it down to the desired size. 4) A method of getting save data off the cart, storing it for later, and putting it back on the cart (an R4i save dongle, for instance).*Will this open any doors for better versions in the future?Nope. Again, because it's running 1:1 copies, and can't run any modified or unsigned code, it won't be leading to better technology on its own. It will, however, serve to motivate those that are currently working to crack that nut in two ways: First, because someone is out there getting a piece of the pie already and potentially eating their sales, and second because people will be unhappy with the complicated way this one works and demand for a proper system will increase.MAKES SENSE SO YEAH HAVE FUNNew UPDATE coming soon:UPDATE:No longer works on the new firmwares (anything above 4.5 I believe, but make sure you check the community for assurance before you spend $80 on it).As promised here is the proof ! Our latest alpha build showing off BOTH "Firmware spoofing" and "Multi-Region" !! In the next few days we will be moving into private beta and then release. For now, the video showing: 1) Firmware Spoofing 2) Eu console booting Jap exclusive 3) Kor console booting Eu backup. ENJOY ! Gateway 3DS is committed to 100% game compatibility.
A NEW EXPLOIT
(Only scarce information is available about this one)I don't have the time to write about this one right now, nor am I familiar with it but here are the info threads for the new exploit:
Discussion Thread:http://gbatemp.net/threads/smealum-creator-of-portal-ds-aperture-science-has-hacked-the-3ds.354464/
There are a few more exploits that are out there, but I haven't looked into them and/or they are irrelevant because they won't be released or aren't realistic.