Some hacking concepts and links

Discussion in '3DS - Hacking & Homebrew' started by FAST6191, Apr 8, 2011.

Apr 8, 2011
    • Newcomer

    JaronMatthewHigg New Member

    Member Since:
    Mar 26, 2012
    Message Count:
    81
    Country:
    United States
    Just a thought>>> I know this is not 3DSWare Targeted, but what if someone were to unpack a Nintendo DS homebrew ROM and find a folder to put it in, and the 3DS will be a flashcart itself?


    • Member

    Rydian Resident Furvert™

    Member Since:
    Feb 4, 2010
    Message Count:
    27,886
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    No, there's multiple things standing in the way of that, too many for me to even start listing.
    1 people like this.
    • Newcomer

    Misterke New Member

    Member Since:
    Aug 23, 2012
    Message Count:
    2
    Country:
    Belgium
    Can anyone point me to some technical info on the actual ROM cartridges used by the 3ds? I'm wondering how Nintendo checks the validity of those cartridges instead of the validity of the content of them. I mean: if only the image stored on the cartridge would be signed, then copying that image completely to another cartridge would still ensure a valid indistinguishable signature. So somehow there must be an additional check by the console to guarantee that the cartridge is a legitimate one. Understanding that check can help exploit it: ex. if the check is only at startup, then you rig some hardware that at startup just passes everything through to a legit cartridge and only after startup reroutes to its own image. Depending on how the 3ds (or even the legit game) loads code (at startup or dynamically) this could then allow your own code-injection.

    So, does anyone know of some docs on how the 3ds verifies its cartridges?
  1. Ulices Nieto
    This message by Ulices Nieto has been removed from public view by raulpica, Jan 31, 2013.
    Jan 31, 2013
    • Newcomer

    airwow New Member

    Member Since:
    Mar 23, 2013
    Message Count:
    1
    Country:
    China
    oh.. I am waitting
    Last edited by airwow, Mar 24, 2013
    • Member

    Metoroid0 * The King of Drangleic *

    Member Since:
    Nov 2, 2012
    Message Count:
    963
    Location:
    K-2L
    Country:
    Japan
    Hm..since 3DS can run home-brew in DS mod (via flashcards like DSTWO for example)
    why not use that as an opened door to inject 3DS hacks to crack 3DS security somehow? ...somehow

    (just an idea...)
    Last edited by Metoroid0, Apr 12, 2013
    • Member

    SifJar Not a pirate

    Member Since:
    Apr 4, 2009
    Message Count:
    6,022
    Country:
    United Kingdom
    Because it is "sandboxed" i.e. cut off from accessing all hardware and resources not available on a DS. In DS mode, the 3DS acts exactly like a DS i.e. no 3D, decreased CPU and RAM, decreased resolution etc. There are careful protections in place to prevent being able to re-enable the disabled hardware.
    • Member

    Metoroid0 * The King of Drangleic *

    Member Since:
    Nov 2, 2012
    Message Count:
    963
    Location:
    K-2L
    Country:
    Japan

    Sandboxed like GC mode in Wii?


    Yeah, but maybe there is some hole in the sandbox to inject hacks...
    I mean, is that possibility checked or is it a theory?
    (sorry for being a noob..again :P )


    [IMG]


    Last edited by Metoroid0, Apr 12, 2013
    • Member

    SifJar Not a pirate

    Member Since:
    Apr 4, 2009
    Message Count:
    6,022
    Country:
    United Kingdom
    Yeah, similar to GC mode on the Wii. And yeah, I'm pretty sure it's been investigated and found to be fairly air-tight.
    Metoroid0 likes this.
    • Newcomer

    Shade Tempest Flying First Stike Bob-omb Force

    Member Since:
    Mar 15, 2013
    Message Count:
    12
    Country:
    United States
    If it acts exactly like a DS, then how does the home button work?
    Metoroid0 likes this.
    • Newcomer

    msansom New Member

    Member Since:
    May 26, 2013
    Message Count:
    12
    Location:
    Langley Mill
    Country:
    United Kingdom
    This is going to sound like a ridiculous question, but if all gateway 3ds does is mimics a 3ds game, what is stopping us making our own at home? What is actually preventing us from opening up a really crappy 3ds cart (sims 3 for example ;)), desoldering the memory chip that is used to store the game image, and replacing it with a micro sd holder? the sd card would have the rom dumped to it in the same file system format that the previous memory used and be formatted to the correct size? apart from the sd card not being compatible the only issue I can see here is the save game.
    • Reporter

    FAST6191 Techromancer

    Member Since:
    Nov 21, 2005
    Message Count:
    17,166
    Country:
    United Kingdom
    We do have a hacking theories thread -- http://gbatemp.net/threads/post-your-ideas-regarding-how-to-hack-the-3ds-here.307018/

    Generally though, assuming you have a complete dump and there are no extra security measures, you also have to consider that microSD does not read in the same way as another type of memory-- the way you read memory can differ greatly between chips and SD for that matter is quite different to raw NAND (which is why you can get XD cards and sometimes add them to devices) or some other type of memory (memory speeds, some memory will only read 8,16 or 32 bit packets at once, some memory will require a reading confirmed command....).

    It has happened in the past (the XD memory thing being used on the 360 for dual nand for instance) and http://www.ziegler.desaign.de/readplus.htm#Home made carts for the GBC but it does not mean it will happen here. You might be able to chain a logic device to a memory card format but at that point you have pretty much made a flash cart and might as well have just got one made for you.

    On top of that you also have the save issue (various types of save with different sizes, different read/write methods ( http://nocash.emubase.de/gbatek.htm#gbacartbackupids ) and more. Some are speculating this is what is troubling the teams in question but I am not so sure.
    • Member

    Searinox Just a taste~ ;3

    Member Since:
    Dec 16, 2007
    Message Count:
    1,358
    Location:
    NastyBadPlace Pingas: Yes sir!
    Country:
    Romania
    Since it's so popular and discussed now, might also wanna update the first post with explanation of a stack smash.
    • Reporter

    FAST6191 Techromancer

    Member Since:
    Nov 21, 2005
    Message Count:
    17,166
    Country:
    United Kingdom
    So add a synonym in the buffer overflow part?
    • Member

    Searinox Just a taste~ ;3

    Member Since:
    Dec 16, 2007
    Message Count:
    1,358
    Location:
    NastyBadPlace Pingas: Yes sir!
    Country:
    Romania
    More like explain this particular variation of BO because I see nothing mentioning alteration of the return address.
    • Member

    Metoroid0 * The King of Drangleic *

    Member Since:
    Nov 2, 2012
    Message Count:
    963
    Location:
    K-2L
    Country:
    Japan
    Could Gateway 3DS be used an 3DS hacking tool, to make job of hacking the console easier?
    Or if not easier, maybe to hawe one more option for hacking?
    • Member

    isaac52 New Member

    Member Since:
    Sep 22, 2008
    Message Count:
    277
    Location:
    MD, USA
    Country:
    United States
    Would editing the code of a DS game pokemon then transferring it to X/Y possibly cause it to crash and open up possibilities?

    Just a thought, depends heavily on just how well the pokebank sorts out hacks.
    • Reporter

    FAST6191 Techromancer

    Member Since:
    Nov 21, 2005
    Message Count:
    17,166
    Country:
    United Kingdom
    We do have an ideas thread but OK.
    Any time there is input into a game (including by the controls themselves) there is the potential for an crash and thus/also the potential for some type of exploit. As you say though they appear to be doing some kind of sanitisation on the data (even if it is not for device security it will likely frustrate device hacking efforts) and on top of that the 3ds already has a not unreasonable amount of protection against hacks delivered in this manner. To that end and for my money the best you can hope for by attempting to exploit the transfer options is a shortcut to making good pokemon.
    That said I am curious to see what kinds of sanitisation and/or checks they try, improved general tools aside it would probably be one of the more interesting things to come out of pokemon hacking in some time.
    • Member

    Mr_Pichu かわいいね!

    Member Since:
    Dec 10, 2013
    Message Count:
    145
    Country:
    United States
    Of late there is a lot of work being done around side channel attacks to hack encryption keys.

    Here is a great video that describes an EM method:


    An acoustical method is described at this link:
    http://www.cs.tau.ac.il/~tromer/acoustic/
    Cyberdrive likes this.
    • Member

    WaryLouka GBAtemp's™ Official Cyanotype Guy

    Member Since:
    Jun 22, 2013
    Message Count:
    143
    Location:
    NO RECORDS
    Country:
    Arctic Ocean
    I don't know if the bug can run code or anything, as it's not depending on a file, but

    On the Youtube app, if you open a video with subtitles, and you put in the subtites, and then you start spamming the very right down corner, the Youtube app will "crash" by showing the homescreen for 3 seconds and displaying a black screen.
    I doubt if you guys can reproduce it but whatever, I just feel like posting it
    • Member

    Metoroid0 * The King of Drangleic *

    Member Since:
    Nov 2, 2012
    Message Count:
    963
    Location:
    K-2L
    Country:
    Japan
    Did smea basically said You have to buy Gateway if you want to play rom's....??!

    [IMG]

SPONSORED LINKS
 

Share This Page