Homebrew Some hacking concepts and links

pachura

Well-Known Member
Member
Joined
Dec 9, 2006
Messages
566
Trophies
0
XP
240
Country
CollosalPokemon said:
But this shows the concept of modding 3DSWare, even if it is unusable due to a modified checksum it is a concept.
It's like saying: yeah, I could rob a bank, if there were no guards, no cameras, I knew the codes for the safe and I had a helicopter parked nearby and I could pilot it. None of these things are true, buy hey, that's just a concept.
 
D

Deleted_171835

Guest
CollosalPokemon said:
I think this concept relates to 3DS hacking. I've developed a way to modify the header of 3DSWare. I don't have it complete but I can demonstrate a modified header for 3DSWare. I can only make top screen headers invisible at the moment so it is still a concept, and they don't run (of course ninty has an AP check for modified 3DSWare =P) but I do have a proof-of-concept picture:
http://img11.imageshack.us/img11/995/3dswarehackconcept.jpg

It's still just a concept and I can only remove headers on the top screen, and of course AP checks prevent me from actually playing a modified game. It's rudimentary but I figured someone would like this concept.

You can see I modified the Exitebike 3DSWare, there is no visible header on the top screen.
yaynds.gif


P.S. sorry for the crappy quality, I took the screenshot on my DSi since I don't have software to access my computer's camera atm
Nope.
You haven't accomplished anything. I was able to reproduce this rather easily.
To do this, all you have to do is rename 00000000.app or the cmd dir/cmd file from the folder of an app and the 3D banner isn't displayed.

He probably just seen this on the 3DBrew wiki and decided to claim it as his own.

Look below for a video of me doing the exact same thing
[youtube]http://www.youtube.com/watch?v=K_InO6JospM[/youtube]
 

Pippin666

SSF43DE Master
Member
Joined
Mar 30, 2009
Messages
2,098
Trophies
1
Age
42
Location
Montreal, Qc
Website
www.tetesrasees.com
XP
1,849
Country
Canada
SoulSnatcher said:
CollosalPokemon said:
I think this concept relates to 3DS hacking. I've developed a way to modify the header of 3DSWare. I don't have it complete but I can demonstrate a modified header for 3DSWare. I can only make top screen headers invisible at the moment so it is still a concept, and they don't run (of course ninty has an AP check for modified 3DSWare =P) but I do have a proof-of-concept picture:
http://img11.imageshack.us/img11/995/3dswarehackconcept.jpg

It's still just a concept and I can only remove headers on the top screen, and of course AP checks prevent me from actually playing a modified game. It's rudimentary but I figured someone would like this concept.

You can see I modified the Exitebike 3DSWare, there is no visible header on the top screen.
yaynds.gif


P.S. sorry for the crappy quality, I took the screenshot on my DSi since I don't have software to access my computer's camera atm
lol, no.
You haven't accomplished anything. I was able to reproduce this rather easily.
To do this, all you have to do is rename 00000000.app or the cmd dir/cmd file from the folder of an app and the 3D banner isn't displayed.

He probably just seen this on the 3DBrew wiki and decided to claim it as his own.

Look below for a video of me doing the exact same thing
[youtube]http://www.youtube.com/watch?v=K_InO6JospM[/youtube]
Nice, that should prevent CP from posting shit anymore.

Pip'
 

shakirmoledina

Legend
Member
Joined
Oct 23, 2004
Messages
6,613
Trophies
0
Age
34
Location
Dar es Salaam
Website
vfootball.co.nf
XP
830
Country
Tanzania
There's a nice book that my school uses for the Internet Security module called Web Security for Network and System Administrators by David Mackey.
On chapter 4 they talk about encryption which is quite basic and easy to understand. I learned a little about the ECDSA used in the PS3. It explains a lot of problems and applications of cryptology and cryptanalysis.

If one wants, i can give the book to him.

It especially explains the private and public key encryption system quite understandably. Its where i learnt about it and was quite amazed that something like this can be done... mathematically.
 

alonsog1997

New Member
Newbie
Joined
Aug 4, 2011
Messages
4
Trophies
0
XP
1
Country
United States
CollosalPokemon said:
I think this concept relates to 3DS hacking. I've developed a way to modify the header of 3DSWare. I don't have it complete but I can demonstrate a modified header for 3DSWare. I can only make top screen headers invisible at the moment so it is still a concept, and they don't run (of course ninty has an AP check for modified 3DSWare =P) but I do have a proof-of-concept picture:

3dswarehackconcept.jpg


It's still just a concept and I can only remove headers on the top screen, and of course AP checks prevent me from actually playing a modified game. It's rudimentary but I figured someone would like this concept.

You can see I modified the Exitebike 3DSWare, there is no visible header on the top screen.
yaynds.gif


P.S. sorry for the crappy quality, I took the screenshot on my DSi since I don't have software to access my computer's camera atm
Now that you modified the 3DSWare's header, would it be possible to do a bannerbomb exploit for the 3DS? I'm buying one next week when they drop the price, so I may be able to help test it.
 

Arisotura

rise of melonism
Member
Joined
Dec 5, 2009
Messages
839
Trophies
1
Age
29
Location
center of the Sun
Website
kuribo64.net
XP
2,488
Country
France
Nope. Forget about that. 3DSWares are all encrypted. There's no way you can do anything other than break them by renaming/deleting/randomly editing their files.

Also, finding exploits right now is a loss of time. Once you find one, what are you gonna do with it? We know nothing about how the 3DS works internally, so it isn't even possible to write some text onscreen (hint: persons on youtube claiming to have done it, are lying. they're just seeking for attention with their shitty fakes). And if you talk about the exploit on the forums, it's even worse. Nintendo will fix it before it gets a chance to be useful.
 

CollosalPokemon

ばん。。。かい
Member
Joined
Oct 18, 2009
Messages
682
Trophies
0
XP
1,724
Country
United States
Pippin666 said:
SoulSnatcher said:
CollosalPokemon said:
I think this concept relates to 3DS hacking. I've developed a way to modify the header of 3DSWare. I don't have it complete but I can demonstrate a modified header for 3DSWare. I can only make top screen headers invisible at the moment so it is still a concept, and they don't run (of course ninty has an AP check for modified 3DSWare =P) but I do have a proof-of-concept picture:
http://img11.imageshack.us/img11/995/3dswarehackconcept.jpg

It's still just a concept and I can only remove headers on the top screen, and of course AP checks prevent me from actually playing a modified game. It's rudimentary but I figured someone would like this concept.

You can see I modified the Exitebike 3DSWare, there is no visible header on the top screen.
yaynds.gif


P.S. sorry for the crappy quality, I took the screenshot on my DSi since I don't have software to access my computer's camera atm
lol, no.
You haven't accomplished anything. I was able to reproduce this rather easily.
To do this, all you have to do is rename 00000000.app or the cmd dir/cmd file from the folder of an app and the 3D banner isn't displayed.

He probably just seen this on the 3DBrew wiki and decided to claim it as his own.

Look below for a video of me doing the exact same thing
[youtube]http://www.youtube.com/watch?v=K_InO6JospM[/youtube]
Nice, that should prevent CP from posting shit anymore.

Pip'

Hi Pip' and SoulSnatcher,

That was a human mistake =P I don't visit 3DBrew often and I don't pay much attention to what's there because I know when something serious about the 3DS comes it'll be posted here. If I really wanted to post shit I'd be acting like that guy from the thread. (http://gbatemp.net/t299211-first-hack-3ds-mode) Not the creator of the thread but that guy from dsdatabase and youtube.

I didn't mean to make it seem like I stole anything; I got a little excited and didn't check 3DBrew beforehand, that was all. I snipped it out of the original post and I recognize the mistake that happened.

Thanks,

CP
 

iceberg303

Member
Newcomer
Joined
May 7, 2011
Messages
15
Trophies
0
XP
147
Country
United States
I know this is a bit older post but I wanted to add a valuable source of information.

"Hacking The Xbox" by Andrew 'bunnie' Huang

This is a very in-depth book on hardware hacking.

Many of the things have been stopped by including the eeprom inside the CPU now but there is still a lot of relevant information.

You never know what you may find on a bus. It would be silly for there to be unencrypted data but you never know. The PS3 keys were pushed to ram at some point and you all know what that led too.


Also great article! Wish I had the $$$ to invest in a few spare 3DS to experiment on.
 

DEElekgolo

Well-Known Member
Newcomer
Joined
Apr 7, 2009
Messages
75
Trophies
0
Age
29
Website
Visit site
XP
262
Country
United States
Here is some C++ source code for extracting the key stream from an encrypted save file and such. Just some scrap code from when I was into the 3ds scene a while ago. I made this based entirely on the wiki info. I have yet to get a 3ds to REALLY get into things.
Code:
#include 
#include 
#include 
#include 

unsigned int fletcher32(char * data,unsigned int len);
bool compare(std::map::value_type &i1, std::map::value_type &i2)
{
return i1.second < i2.second;
}

int main(int argc, char** argv)
{
if (argc < 2)
{
printf("No file given.\n");
return 1;
}
std::ifstream fIn;
fIn.open(argv[1],std::ios_base::binary);
if (!fIn)
{
printf("Error opening file.\n");
fIn.close();
return 1;
}
//get size of file
unsigned int ifSize;
fIn.seekg(0x0,std::ios_base::end);
ifSize = fIn.tellg();
fIn.seekg(0x0,std::ios_base::beg);
//Verify valid filesize.
if (!((ifSize%512) == 0))
{
printf("Filesize invalid, uneven chunk size.\n");
fIn.close();
return 1;
}

//Calculate Chunk count
unsigned int iChunkCount;
iChunkCount = ifSize/512;
printf("%i Chunks Detected\n",iChunkCount);
//Hash table:chunk array
std::map vChunks;
//temp map to detect most common element.
std::map vTemp;
unsigned int iHash = 0;
char * cChunk;
//Hash chunks and filter out 0xFF chunks.
for (int i = 0; i < iChunkCount; i++)
{
cChunk = new char[512];
fIn.read(cChunk,512);
iHash = fletcher32(cChunk,512);
//if the hash matches that of a 0xFF chunk
if (iHash == 4278058495)
{
delete [] cChunk;
continue; // Move on.
}

printf("Block %i:hash %u\n",i,iHash);
vChunks.insert(std::pair(iHash,cChunk));
//increase count.
//this is used to detect the highest and most common hash value in the file.
vTemp[iHash] += 1;
}

//now to find the most common chunk in by finding the highest value in vTemp
std::map::iterator iCommon = std::max_element(vTemp.begin(),vTemp.end(),compare);

char * key = vChunks[iCommon->first];
printf("XOR key found. Block hash %u.\nSaving to key.bin\n",iCommon->first);
std::ofstream fOut;
fOut.open("key.bin",std::ios::binary);
fOut.write(key,512);
fOut.close();

//Cleanup
for (std::map::const_iterator it = vChunks.begin();
it != vChunks.end();
it++)
{
delete [] it->second;
}

fIn.close();
return 0;
}
unsigned int fletcher32(char *data, unsigned int len )
{
unsigned int sum1 = 0xffff, sum2 = 0xffff;
while (len) {
unsigned int tlen = len > 360 ? 360 : len;
len -= tlen;
do {
sum1 += *data++;
sum2 += sum1;
tlen -= sizeof( unsigned char );
} while (tlen);
sum1 = (sum1 & 0xffff) + (sum1 >> 16);
sum2 = (sum2 & 0xffff) + (sum2 >> 16);
}
/* Second reduction step to reduce sums to 16 bits */
sum1 = (sum1 & 0xffff) + (sum1 >> 16);
sum2 = (sum2 & 0xffff) + (sum2 >> 16);
return sum2
 
  • Like
Reactions: 1 person

rondoh70

Well-Known Member
Member
Joined
Sep 1, 2011
Messages
334
Trophies
0
Age
26
Location
new york
XP
287
Country
United States
Dee i have your source code working and when i input my file it hashes and it says xor found for less then a second. I would like to know what part of the code i can change to make the key stay up longer.
 

SifJar

Not a pirate
Member
Joined
Apr 4, 2009
Messages
6,022
Trophies
0
Website
Visit site
XP
1,175
Country
Dee i have your source code working and when i input my file it hashes and it says xor found for less then a second. I would like to know what part of the code i can change to make the key stay up longer.
How are you running it? I believe you should be in a terminal/command prompt, and running it from there and the output should be there as well.
 

rondoh70

Well-Known Member
Member
Joined
Sep 1, 2011
Messages
334
Trophies
0
Age
26
Location
new york
XP
287
Country
United States
yes i created a exe with the source code in command prompt its just that the window dosent stay open long enough to show the result.
 

SifJar

Not a pirate
Member
Joined
Apr 4, 2009
Messages
6,022
Trophies
0
Website
Visit site
XP
1,175
Country
The command prompt should not close...

Just to make sure: You open a command prompt, and type something like this:

"example.exe savename.bin"

(obviously replacing "example" and "savename.bin" appropriately).

EDIT: I compiled it quickly and this is my output:


Code:
C:\Downloads>3ds-save.exe encrypted.bin
256 Chunks Detected
Block 0:hash 3604743963
Block 1:hash 1323569638
Block 2:hash 107616236
Block 3:hash 1077744956
Block 4:hash 3672313858
Block 5:hash 3924038154
Block 6:hash 587468346
Block 8:hash 925366734
Block 9:hash 2408447900
Block 10:hash 3713597138
Block 16:hash 2946168985
Block 17:hash 3125344830
Block 18:hash 3713597138
Block 24:hash 2771384398
Block 25:hash 2328230859
Block 26:hash 3029466291
Block 27:hash 90701642
Block 28:hash 166722339
Block 29:hash 1649148022
Block 30:hash 1733361934
Block 31:hash 328272282
Block 32:hash 443612142
Block 40:hash 4164221879
Block 41:hash 1119550496
Block 42:hash 538968112
Block 43:hash 2177302615
Block 44:hash 46729873
Block 45:hash 1919548556
Block 46:hash 3004038322
Block 47:hash 3004038322
Block 48:hash 2455829919
Block 56:hash 2946168985
Block 57:hash 3125344830
Block 58:hash 1326514087
Block 64:hash 2865101015
Block 65:hash 3125344830
Block 66:hash 1326514087
Block 72:hash 4006083664
Block 80:hash 2310733065
Block 88:hash 3041130146
Block 96:hash 1330248580
Block 104:hash 1409678459
Block 105:hash 1119550496
Block 106:hash 538968112
Block 107:hash 2177302615
Block 108:hash 46729873
Block 109:hash 1919548556
Block 110:hash 3004038322
Block 111:hash 3004038322
Block 112:hash 2865101015
Block 113:hash 1724840124
Block 114:hash 1326514087
Block 120:hash 2635331715
Block 128:hash 2319253690
Block 136:hash 2310733065
Block 144:hash 3477403477
Block 152:hash 3026779313
Block 153:hash 1119550496
Block 154:hash 538968112
Block 155:hash 2177302615
Block 156:hash 46729873
Block 157:hash 1919548556
Block 158:hash 3004038322
Block 159:hash 3004038322
Block 160:hash 2321611407
Block 168:hash 4166646817
Block 176:hash 2058222881
Block 177:hash 1119550496
Block 178:hash 538968112
Block 179:hash 2177302615
Block 180:hash 46729873
Block 181:hash 1919548556
Block 182:hash 3004038322
Block 183:hash 3004038322
Block 184:hash 1332213571
Block 185:hash 2408447900
Block 186:hash 3713597138
Block 192:hash 3096442970
Block 200:hash 3026779313
Block 201:hash 1119550496
Block 202:hash 538968112
Block 203:hash 2177302615
Block 204:hash 46729873
Block 205:hash 1919548556
Block 206:hash 3004038322
Block 207:hash 3004038322
Block 208:hash 1738014075
Block 216:hash 3248289796
Block 224:hash 925366734
Block 225:hash 3125344830
Block 226:hash 3713597138
Block 232:hash 811401659
Block 240:hash 2771384398
Block 241:hash 2328230859
Block 242:hash 3029466291
Block 243:hash 90701642
Block 244:hash 3565878019
Block 245:hash 1649148022
Block 246:hash 1733361934
Block 247:hash 328272282
Block 248:hash 421068780
XOR key found. Block hash 3004038322.
Saving to key.bin

Also saves XOR key to key.bin.

EDIT: Make sure you're running it like this:

 

Hyrule2008

Well-Known Member
Newcomer
Joined
Nov 22, 2009
Messages
46
Trophies
0
XP
108
Country
Gambia, The
Does someone know who "UpSilon" is? It seems that he works on the Nintendo 3DS...

I know this post is more related to the PS3:

http://upsilon-proje...bs.com/news.htm

But this interesting:

Moi de mon côté je travaille sur le Factory/Service Mode des firmwares supérieur à la 3.56 et sur la Nintendo 3DS.

translated:

I for my part I work on the Factory / Service Mode firmware higher than 3.56 and the Nintendo 3DS.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    Sicklyboy @ Sicklyboy: *teleports behind you* "Nothing personnel, kiddo" +1