Hacking Permanent Custom Firmware?

[Huntereb]

Hey guys, none of this external thinking. We shouldn't be biting the hand that feeds us!

In order for anything to happen, we need a way of signing software that the system will think is legitimate firmware. 0-Key encryption is far from usable here, and it's the only thing we've got for recompiling software.

 

[Roxas75]

Signing software is not the same to encrypting it.

 

[SSG Vegeta]

thanks, is this as deep as the answer goes, however?

You could install Emunand to the system itself using the usb mod but it'll limit your system because certain games don't work of course that might all change in the future that's as close as CFW gets on the 3DS

 

[yusuo]

This was discussed literally 2 days ago, do we need to make a new thread for every idiot who cant be bothered to read the damn forums. Mods I beg you please lock this

 

[Vappy]

You could install Emunand to the system itself using the usb mod but it'll limit your system because certain games don't work of course that might all change in the future that's as close as CFW gets on the 3DS

Then it'd just be a standard 8.x console, or whatever version firmware your emuNAND was on. No Gateway patches are applied to it on boot, so not sure what the point would be.

 

[Ryukouki]

Even though the question gets asked a lot, please forgo the hostilities and move on if you have nothing nice to say.

 

[Huntereb]

Signing software is not the same to encrypting it.

0-Key encryption is as far as we've gotten, though. Won't be able to run anything on any system by itself like that unless we can get it to recognize files with that encryption method as legitimate, like what Gateway's launcher does. The issue is that any software we install to the system that is illegitimately encrypted and signed won't run on a normal system. Installing what we're able to do now to a 3DS would be a good way of bricking it.

 

[gamesquest1]

as has already been said the only way its happening is with a bootloader exploit,a way to sign content and encrypt it properly or through some sort of black magic, tbh the current setup is pretty good, could be worse like needing to trigger a save exploit every time you want to use it, at least the current method remains on the console so you dont need to carry a specific cart around at all time

 

[MYFW]

No, Gateway Team no wants, they want make money obviously XD

 

[SSG Vegeta]

Then it'd just be a standard 8.x console, or whatever version firmware your emuNAND was on. No Gateway patches are applied to it on boot, so not sure what the point would be.

But that doesn't mean that you can't install an upgraded Emunand

 

[gamesquest1]

But that doesn't mean that you can't install an upgraded Emunand

what he is saying is emunand is just a updated nand.....so why bother installing when its pretty much the same as just updating your console, there is no real difference between emunand and sysnand except where they are stored......all the patches that gateway apply are applied based on the 4.x exploit, if you where to install it to your sysnand, that means there is no 4.x base to run the patches....so its a stock 8.x nand

 

[drfsupercenter]

I'm thinking - theoretically you could do it, but we'd need more hacking knowledge.

If you have a NAND flasher... theoretically you could flash some other NAND to it. If somebody figures out how to break the "chain of trust" as someone referred to it earlier in this thread... you could theoretically load a CFW that way. Think something like how CyanogenMod works on cellphones - you use the stock bootloader but then edit the code so it boots your custom thing instead of stock.

Granted, that's super generic terminology, but it's about all I'm able to use. I don't know anything about the 3DS inner workings, but given that you can already flash between 4.x and emuNAND on the same unit, I'm sure someday you'll be able to flash a modded one too.

Even if, let's say - you have to boot it using the 4.x kernel exploit to install your .cia files, then take the emuNAND and flash it back to stock?

 

[Vappy]

Yeah it's easy enough to flash the modified NAND image to the console, it's getting it to load that's the problem.
Some months ago, gaasedelen was in the initial stages of attempting a decap of the 3DS SoC. The project got put on hold, was said to resume in August but no mention of it since. Someone could maybe ask if he wants to carry on with it, seems like currently the strongest possibility of getting something useful in this area.

 

[DinohScene]

Yeah it's easy enough to flash the modified NAND image to the console, it's getting it to load that's the problem.
Some months ago, gaasedelen was in the initial stages of attempting a decap of the 3DS SoC. The project got put on hold, was said to resume in August but no mention of it since. Someone could maybe ask if he wants to carry on with it, seems like currently the strongest possibility of getting something useful in this area.

bunnie I think also was attempting to decap it.

 

[Duo8]

Did GW decap it?

 

[Vappy]

No reason for them to. The exploit was already documented enough on 3dbrew that they could make something of it. Or maybe they paid off someone who'd already done the base work. Who knows.

bunnie I think also was attempting to decap it.

bunnie or bunnei? Cause one's the guy working on Citra, the other is ex-Xbox hacker turned laptop designer, I'd be surprised if he was taking a sudden renewed interest in console hacking.

 

[DinohScene]

bunnie or bunnei? Cause one's the guy working on Citra, the other is ex-Xbox hacker turned laptop designer, I'd be surprised if he was taking a sudden renewed interest in console hacking.

Nay I misread it on gaasedelen his blog.
It's a different Andrew then bunnie.

 

[Deleted member 333767]

I think OP is getting a bit ahead of themselves here.

Currently we have kernel access (MSET exploit, Gateway etc.) which is one privilege level above 'userland' (i.e. SSSpwn)

Until we can have CFW we still need to breakthough (and this purely speculation here) the hypervisor which is a step up in privilege from the Kernel.

After that currently impossible task, we need another privilege escalation to, what famous hacker Yifanlu states as "the holy grail, the final boss" or the bootloader.

Once one has tinkered with the device to this stage the 3DS with be "hacked" in every definition of the term. Were talking like maybe 5-10 years from now.

Come on budding hackers, get to work!

 

[SonyUSA]

CFW can be written to the 3ds, that's not the issue. The issue is the boot rom will fail the sig check and the system will not boot. No way to modify the boot rom because it's not writable, and cfw will never match the correct signature of a nintendo fw.

 

[andre104623]

CFW on 3ds will happen because it has most likely been done. Smea has stated that ssspwn can not run any backups just because he only supports homebrew. But that does not mean it can't with some work. If you run ssspwn on 4.1-4.5 3ds you surely could get backups to run if you can get them running off the SD card of the 3ds. This is one of the big reasons smea won't release ssspwn because he knows someone will mod his work for backups. Look at the ps3 psjailbreak, they came out with there dongle to play backups and homebrew and even it was a dongle it was software that hacked the ps3 then geohot came out with his "Homebrew only" CFW that lasted about a week till backups were running. The 3ds is going down a very similar road we have hardware flashcard's that all relay on software hacks to work. If someone figures out how to run games from the 3ds's SD card the flashcards are dead

If you think about it we already have a "lite" CFW of sort. The emu-nand can run backups 'super smash" and I just got a gateway and back 9 months ago I had emu-nand on my r4i deluxe and to only thing it was for is e-shop. Now gateway can run homebrew and backups in 8.1 fw on emunand but still 8.1 so if you think about its kind-of like CFW