Hacking Permanent Custom Firmware?

[gamesquest1]

CFW on 3ds will happen because it has most likely been done. Smea has stated that ssspwn can not run any backups just because he only supports homebrew. But that does not mean it can't with some work. If you run ssspwn on 4.1-4.5 3ds you surely could get backups to run if you can get them running off the SD card of the 3ds. This is one of the big reasons smea won't release ssspwn because he knows someone will mod his work for backups. Look at the ps3 psjailbreak, they came out with there dongle to play backups and homebrew and even it was a dongle it was software that hacked the ps3 then geohot came out with his "Homebrew only" CFW that lasted about a week till backups were running. The 3ds is going down a very similar road we have hardware flashcard's that all relay on software hacks to work. If someone figures out how to run games from the 3ds's SD card the flashcards are dead

ssspwn is going to be released, but ssspwn on itself will not enable piracy....unless someone has a kernel exploit for 5.x-9.x it will be homebrew only, also ssspwn is not a "cfw", its an exploit that runs a menu that loads homebrew.....its independent of the FW, no fw hacks, no patches.....just a homebrew loader...in regards to it allowing piracy on 4.x consoles, the kernel exploit has been public how long now? and nobody wants to make a rom loader....not that its not possible, quite a few people have it running, but those that do have no intention of releasing....so why would ssspwn make any difference to that?

 

[andre104623]

ssspwn is going to be released, but ssspwn on itself will not enable piracy....unless someone has a kernel exploit for 5.x-9.x it will be homebrew only, also ssspwn is not a "cfw", its an exploit that runs a menu that loads homebrew.....its independent of the FW, no fw hacks, no patches.....just a homebrew loader...in regards to it allowing piracy on 4.x consoles, the kernel exploit has been public how long now? and nobody wants to make a rom loader....not that its not possible, quite a few people have it running, but those that do have no intention of releasing....so why would ssspwn make any difference to that?

I never said it was a CFW I know its a exploit. I was just saying its very likely a cfw will come to the 3ds and the exploit could run backups on fw 4.1 to 4.5 with a backup loader it would not work on anything higher because the kernel exploit is patched

 

[andre104623]

I know ssspwn is only a homebrew loader but it "could maybe" be used for backups thats all I'm saying. Many people wished for homebrew only loaders on many consoles and always piracy comes from it

 

[andre104623]

I'm going to enjoy my gateway for now but something will get released or most likely leaked that will make the 3ds mode flashcards paperweights soon

 

[gamesquest1]

I'm going to enjoy my gateway for now but something will get released or most likely leaked that will make the 3ds mode flashcards paperweights soon

i wouldnt call them paperweights(not only as they are much too light to offer any protection against slight breezes) but *if* anything does get released, considering all the main devs are turning their backs on the prospect of rom loaders and such, it would likely just come in the form of a rough around the edges botch job, and if there is no proper skilled dev behind it the best you could probably expect is rom loading of 4.x-6.x content (no 7.x decryption) and probably plenty of bugs....potentially dangerous to use loader.........but who knows i certainly dont have a crystal ball, but i wouldn't expect any release to be of a standard that it would replace flashcards immediately

 

[Huntereb]

i wouldnt call them paperweights(not only as they are much too light to offer any protection against slight breezes) but *if* anything does get released, considering all the main devs are turning their backs on the prospect of rom loaders and such, it would likely just come in the form of a rough around the edges botch job, and if there is no proper skilled dev behind it the best you could probably expect is rom loading of 4.x-6.x content (no 7.x decryption) and probably plenty of bugs....potentially dangerous to use loader.........but who knows i certainly dont have a crystal ball, but i wouldn't expect any release to be of a standard that it would replace flashcards immediately

It's sad, but you're absolutely, 100% right.

 

[Jayro]

Can't someone just dump the bootloader and work on bruteforcing it?

 

[SonyUSA]

Can't someone just dump the bootloader and work on bruteforcing it?

There is nothing to "brute force". It can not be changed.

 

[SonyUSA]

CFW on 3ds will happen because it has most likely been done. Smea has stated that ssspwn can not run any backups just because he only supports homebrew. But that does not mean it can't with some work. If you run ssspwn on 4.1-4.5 3ds you surely could get backups to run if you can get them running off the SD card of the 3ds. This is one of the big reasons smea won't release ssspwn because he knows someone will mod his work for backups. Look at the ps3 psjailbreak, they came out with there dongle to play backups and homebrew and even it was a dongle it was software that hacked the ps3 then geohot came out with his "Homebrew only" CFW that lasted about a week till backups were running. The 3ds is going down a very similar road we have hardware flashcard's that all relay on software hacks to work. If someone figures out how to run games from the 3ds's SD card the flashcards are dead

If you think about it we already have a "lite" CFW of sort. The emu-nand can run backups 'super smash" and I just got a gateway and back 9 months ago I had emu-nand on my r4i deluxe and to only thing it was for is e-shop. Now gateway can run homebrew and backups in 8.1 fw on emunand but still 8.1 so if you think about its kind-of like CFW

You have no idea what you are talking about. CFW already exists, but it cannot be permanently written to a 3ds. The most you can hope for is an easy to launch exploit that will load into the CFW and then you can play your precious ROMs with the ROM loader from that point. The tricky part is maintaining an exploit for newer firmwares or fixes for emunand updates when they come out. Also, Smea will be releasing his exploit very soon.

 

[SirByte]

There is nothing to "brute force". It can not be changed.

He means, bruteforcing the checksum of a second stage custom loader that gets loaded and considered signed by the bootloader. For instance, and very simplified; if I have a chunk of code, calculate the SHA1 hash, then RSA sign the SHA1 hash, I can bruteforce a custom chunk of code so that there is a SHA1 collision with the original chunk of code. The more chunks of code with SHA1 and signatures I have, the more 'valid' collision candidates there are.

Quoted from https://pthree.org/2014/03/06/the-reality-of-sha1/: "The Bitcoin network is currently working over 2^61 SHA256 hashes every minute and 16 seconds. If this were SHA1, we could brute force 1,150 SHA1 collisions every day."

So it's not like generating a SHA1 collision is "impossible".

 

[SonyUSA]

He means, bruteforcing the checksum of a second stage custom loader that gets loaded and considered signed by the bootloader. For instance, and very simplified; if I have a chunk of code, calculate the SHA1 hash, then RSA sign the SHA1 hash, I can bruteforce a custom chunk of code so that there is a SHA1 collision with the original chunk of code. The more chunks of code with SHA1 and signatures I have, the more 'valid' collision candidates there are.

Quoted from https://pthree.org/2014/03/06/the-reality-of-sha1/: "The Bitcoin network is currently working over 2^61 SHA256 hashes every minute and 16 seconds. If this were SHA1, we could brute force 1,150 SHA1 collisions every day."

So it's not like generating a SHA1 collision is "impossible".

That won't work, also, you give him too much credit, he was just grasping at straws

 

[VashTS]

Nintendo would have to fail again like with the Wii. I think they learned from that mistake ever since the DSi.

The DSi has only 1 well known exploit and nothing became of it. I think they had other games for haxx but I can't remember it was so long ago.

I really hope ssspwn opens up a gateway to something more, but I'm thinking 3DS is staying legit after the 4.5 exploit. I'm hoping more becomes of it.

 

[Jayro]

For as largely popular as the system is, I'm surprised hackers haven't exploited the system wide open by now like the Wii and PSP. Granted, there's more security in place, and a very select few like Smea and Gateway team have made significant progress, but it just seems like there should be more teams on board without all the dick-wagging that goes along with it.

 

[Ripper00420]

Has this topic died or is there any new development?

 

[gamesquest1]

arm9loaderhax says hi......cept nobody really uses it, i guess homemenuhax + emunand comes pretty close to a faux permanent "cfw" albeit stored on SD

 

[Deleted User]

Why have permanent CFW when we have the glorious safety net of which we call EmuNAND???

 

[Ripper00420]

Why have permanent CFW when we have the glorious safety net of which we call EmuNAND???

True, just curious.

 

[gamesquest1]

Why have permanent CFW when we have the glorious safety net of which we call EmuNAND???

cause you could have sysnand cfw+ emunand cfw so even if you remove your SD you still have CFW features, maybe integrated update blocking making sysnand 100% immune to updates


but yeah there isnt too much to be gained by sysnand cfw (which is why nobody is really too fussed about arm9loaderhax)

 

[Deleted User]

cause you could have sysnand cfw+ emunand cfw so even if you remove your SD you still have CFW features, maybe integrated update blocking making sysnand 100% immune to updates

Aaah, I never thought of that... as usual.

 

[Apache Thunder]

This is pretty much perma CFW:

https://github.com/delebile/arm9loaderhax/

You need to dump OTP on your console before you can use it though. Not for the faint of heart. Nand mod required!

But it does allow for sig patched 10.5 sysnand! You can modify system titles and do what ever you want pretty much. Because Arm9LoaderHax occurs very early in the boot process, you have a lot of freedom with what you can do with it.