Some hacking concepts and links

Discussion in '3DS - Hacking & Homebrew' started by FAST6191, Apr 8, 2011.

Apr 8, 2011
    • Member

    pachura New Member

    Member Since:
    Dec 9, 2006
    Message Count:
    564
    Country:
    It's like saying: yeah, I could rob a bank, if there were no guards, no cameras, I knew the codes for the safe and I had a helicopter parked nearby and I could pilot it. None of these things are true, buy hey, that's just a concept.


    • Member

    soulx New Member

    Member Since:
    Apr 4, 2009
    Message Count:
    9,908
    Country:
    Ashmore and Cartier Islands
    Nope.
    You haven't accomplished anything. I was able to reproduce this rather easily.
    To do this, all you have to do is rename 00000000.app or the cmd dir/cmd file from the folder of an app and the 3D banner isn't displayed.

    He probably just seen this on the 3DBrew wiki and decided to claim it as his own.

    Look below for a video of me doing the exact same thing
    [youtube]http://www.youtube.com/watch?v=K_InO6JospM[/youtube]
    • Member

    machomuu Drops by occasionally

    Member Since:
    Sep 4, 2009
    Message Count:
    8,355
    Location:
    The Courtroom
    Country:
    United States
    Soul, says the video is private and I can't access it.
    • Member

    soulx New Member

    Member Since:
    Apr 4, 2009
    Message Count:
    9,908
    Country:
    Ashmore and Cartier Islands
    I changed it to unlisted. It should work now.
    • Member

    Pippin666 SSF43DE Master

    Member Since:
    Mar 30, 2009
    Message Count:
    1,160
    Location:
    Montreal, Qc
    Country:
    Canada
    Nice, that should prevent CP from posting shit anymore.

    Pip'
    • Member

    shakirmoledina Legend

    Member Since:
    Oct 23, 2004
    Message Count:
    6,558
    Location:
    Dar es Salaam
    Country:
    Tanzania
    There's a nice book that my school uses for the Internet Security module called Web Security for Network and System Administrators by David Mackey.
    On chapter 4 they talk about encryption which is quite basic and easy to understand. I learned a little about the ECDSA used in the PS3. It explains a lot of problems and applications of cryptology and cryptanalysis.

    If one wants, i can give the book to him.

    It especially explains the private and public key encryption system quite understandably. Its where i learnt about it and was quite amazed that something like this can be done... mathematically.
    • Newcomer

    alonsog1997 New Member

    Member Since:
    Aug 4, 2011
    Message Count:
    4
    Country:
    United States
    Now that you modified the 3DSWare's header, would it be possible to do a bannerbomb exploit for the 3DS? I'm buying one next week when they drop the price, so I may be able to help test it.
    • Member

    StapleButter New Member

    Member Since:
    Dec 5, 2009
    Message Count:
    357
    Country:
    France
    Nope. Forget about that. 3DSWares are all encrypted. There's no way you can do anything other than break them by renaming/deleting/randomly editing their files.

    Also, finding exploits right now is a loss of time. Once you find one, what are you gonna do with it? We know nothing about how the 3DS works internally, so it isn't even possible to write some text onscreen (hint: persons on youtube claiming to have done it, are lying. they're just seeking for attention with their shitty fakes). And if you talk about the exploit on the forums, it's even worse. Nintendo will fix it before it gets a chance to be useful.
    • Member

    CollosalPokemon ばん。。。かい

    Member Since:
    Oct 18, 2009
    Message Count:
    657
    Country:
    United States
    Hi Pip' and SoulSnatcher,

    That was a human mistake =P I don't visit 3DBrew often and I don't pay much attention to what's there because I know when something serious about the 3DS comes it'll be posted here. If I really wanted to post shit I'd be acting like that guy from the thread. (http://gbatemp.net/t299211-first-hack-3ds-mode) Not the creator of the thread but that guy from dsdatabase and youtube.

    I didn't mean to make it seem like I stole anything; I got a little excited and didn't check 3DBrew beforehand, that was all. I snipped it out of the original post and I recognize the mistake that happened.

    Thanks,

    CP
    • Newcomer

    iceberg303 New Member

    Member Since:
    May 7, 2011
    Message Count:
    3
    Country:
    United States
    I know this is a bit older post but I wanted to add a valuable source of information.

    "Hacking The Xbox" by Andrew 'bunnie' Huang

    This is a very in-depth book on hardware hacking.

    Many of the things have been stopped by including the eeprom inside the CPU now but there is still a lot of relevant information.

    You never know what you may find on a bus. It would be silly for there to be unencrypted data but you never know. The PS3 keys were pushed to ram at some point and you all know what that led too.


    Also great article! Wish I had the $$$ to invest in a few spare 3DS to experiment on.
    • Newcomer

    loismustdie555 New Member

    Member Since:
    Apr 11, 2011
    Message Count:
    70
    Country:
    United States
    ahhh. alas, the endless search for a working exploit on a device whose hardware we know nothing about. [IMG]
    • Newcomer

    DEElekgolo New Member

    Member Since:
    Apr 7, 2009
    Message Count:
    57
    Country:
    United States
    Here is some C++ source code for extracting the key stream from an encrypted save file and such. Just some scrap code from when I was into the 3ds scene a while ago. I made this based entirely on the wiki info. I have yet to get a 3ds to REALLY get into things.
    Code:
    #include 
    #include 
    #include 
    #include 
    
    unsigned int fletcher32(char * data,unsigned int len);
    bool compare(std::map::value_type &i1, std::map::value_type &i2)
    {
    return i1.second < i2.second;
    }
    
    int main(int argc, char** argv)
    {
    if (argc < 2)
    {
    printf("No file given.\n");
    return 1;
    }
    std::ifstream fIn;
    fIn.open(argv[1],std::ios_base::binary);
    if (!fIn)
    {
    printf("Error opening file.\n");
    fIn.close();
    return 1;
    }
    //get size of file
    unsigned int ifSize;
    fIn.seekg(0x0,std::ios_base::end);
    ifSize = fIn.tellg();
    fIn.seekg(0x0,std::ios_base::beg);
    //Verify valid filesize.
    if (!((ifSize%512) == 0))
    {
    printf("Filesize invalid, uneven chunk size.\n");
    fIn.close();
    return 1;
    }
    
    //Calculate Chunk count
    unsigned int iChunkCount;
    iChunkCount = ifSize/512;
    printf("%i Chunks Detected\n",iChunkCount);
    //Hash table:chunk array
    std::map vChunks;
    //temp map to detect most common element.
    std::map vTemp;
    unsigned int iHash = 0;
    char * cChunk;
    //Hash chunks and filter out 0xFF chunks.
    for (int i = 0; i < iChunkCount; i++)
    {
    cChunk = new char[512];
    fIn.read(cChunk,512);
    iHash = fletcher32(cChunk,512);
    //if the hash matches that of a 0xFF chunk
    if (iHash == 4278058495)
    {
    delete [] cChunk;
    continue; // Move on.
    }
    
    printf("Block %i:hash %u\n",i,iHash);
    vChunks.insert(std::pair(iHash,cChunk));
    //increase count.
    //this is used to detect the highest and most common hash value in the file.
    vTemp[iHash] += 1;
    }
    
    //now to find the most common chunk in by finding the highest value in vTemp
    std::map::iterator iCommon = std::max_element(vTemp.begin(),vTemp.end(),compare);
    
    char * key = vChunks[iCommon->first];
    printf("XOR key found. Block hash %u.\nSaving to key.bin\n",iCommon->first);
    std::ofstream fOut;
    fOut.open("key.bin",std::ios::binary);
    fOut.write(key,512);
    fOut.close();
    
    //Cleanup
    for (std::map::const_iterator it = vChunks.begin();
    it != vChunks.end();
    it++)
    {
    delete [] it->second;
    }
    
    fIn.close();
    return 0;
    }
    unsigned int fletcher32(char *data, unsigned int len )
    {
    unsigned int sum1 = 0xffff, sum2 = 0xffff;
    while (len) {
    unsigned int tlen = len > 360 ? 360 : len;
    len -= tlen;
    do {
    sum1 += *data++;
    sum2 += sum1;
    tlen -= sizeof( unsigned char );
    } while (tlen);
    sum1 = (sum1 & 0xffff) + (sum1 >> 16);
    sum2 = (sum2 & 0xffff) + (sum2 >> 16);
    }
    /* Second reduction step to reduce sums to 16 bits */
    sum1 = (sum1 & 0xffff) + (sum1 >> 16);
    sum2 = (sum2 & 0xffff) + (sum2 >> 16);
    return sum2 
    1 people like this.
    • Member

    rondoh70 New Member

    Member Since:
    Sep 1, 2011
    Message Count:
    221
    Location:
    new york
    Country:
    United States
    Dee i have your source code working and when i input my file it hashes and it says xor found for less then a second. I would like to know what part of the code i can change to make the key stay up longer.
    • Member

    SifJar Not a pirate

    Member Since:
    Apr 4, 2009
    Message Count:
    6,017
    Country:
    United Kingdom
    How are you running it? I believe you should be in a terminal/command prompt, and running it from there and the output should be there as well.
    • Member

    rondoh70 New Member

    Member Since:
    Sep 1, 2011
    Message Count:
    221
    Location:
    new york
    Country:
    United States
    yes i created a exe with the source code in command prompt its just that the window dosent stay open long enough to show the result.
    • Member

    SifJar Not a pirate

    Member Since:
    Apr 4, 2009
    Message Count:
    6,017
    Country:
    United Kingdom
    The command prompt should not close...

    Just to make sure: You open a command prompt, and type something like this:

    "example.exe savename.bin"

    (obviously replacing "example" and "savename.bin" appropriately).

    EDIT: I compiled it quickly and this is my output:


    WARNING! Spoilers inside!


    Also saves XOR key to key.bin.

    EDIT: Make sure you're running it like this:

    [IMG]
    • Member

    rondoh70 New Member

    Member Since:
    Sep 1, 2011
    Message Count:
    221
    Location:
    new york
    Country:
    United States
    ok i was running the program as an actual exe file but i guess running in command prompt works better
    • Newcomer

    DEElekgolo New Member

    Member Since:
    Apr 7, 2009
    Message Count:
    57
    Country:
    United States
    you can drag and drop your encrypted save file over the .exe you have and it will do it.
    • Member

    rondoh70 New Member

    Member Since:
    Sep 1, 2011
    Message Count:
    221
    Location:
    new york
    Country:
    United States
    yes i knew that dee im guessing its the programer i used
    • Newcomer

    Hyrule2008 New Member

    Member Since:
    Nov 22, 2009
    Message Count:
    46
    Country:
    Germany
    Does someone know who "UpSilon" is? It seems that he works on the Nintendo 3DS...

    I know this post is more related to the PS3:

    http://upsilon-proje...bs.com/news.htm

    But this interesting:

    translated:

Share This Page