Hacking Was ticket.db tainted in the following circumstances...?

urherenow

urherenow

Well-Known Member
Member
Level 13
Joined
Mar 8, 2009
Messages
4,815
Trophies
2
Age
48
Location
Japan
XP
3,737
Country
United States
:wtf:The "deletion" is the exact same thing that happens when you delete something on your computer. The pointer to the file is removed, so even though the data itself is still there, when you ask the computer to save something, it sees that part of the disk is unused and will happily save new data to that spot (with a pointer in the MFT) if that happens to be the first chunk of space it finds that's big enough to hold said data. How do you think file recovery software works? (Hint: It finds the data (if nothing has been written over it) and adds the pointer back)

Something such as GroovyCIA is able to see it, because it isn't properly using the database. It is scanning the entire contents of it, searching for anything that resembles a valid ticket.
 
Last edited by urherenow,
  • Like
Reactions: tranxuanthang and zezzo
cearp

cearp

瓜老外
Developer
Level 19
Joined
May 26, 2008
Messages
8,740
Trophies
2
XP
8,587
Country
Tuvalu
urherenow said:
:wtf:The "deletion" is the exact same thing that happens when you delete something on your computer. The pointer to the file is removed, so even though the data itself is still there, when you ask the computer to save something, it sees that part of the disk is unused and will happily save new data to that spot (with a pointer in the MFT) if that happens to be the first chunk of space it finds that's big enough to hold said data. How do you think file recovery software works? (Hint: It finds the data (if nothing has been written over it) and adds the pointer back)

Something such as GroovyCIA is able to see it, because it isn't properly using the database. It is scanning the entire contents of it, searching for anything that resembles a valid ticket.
Click to expand...
yeah but this isn't a real filesystem, it's a small database/extdata that we want to delete some data from. we don't have to worry about stuff like operating systems, pointers, tables... etc.
you know, i know and others may know about about this stuff, but that's different...
i know/you know/maybe others know why stuff like GroovyCIA can read the ticket... but that is not the point.

if we could really edit the database truly, we would be able to delete what we want. but i guess not enough work has been done to save/calculate/sign the changes.
:blink:
some people want the data GONE, because they worry about stuff (see the OP)

we are not so sure if installing something new really will overwrite that data space the deleted ticket was in.
and even so, that's annoying, deleting 10 things, then having to install 10 new things?

if nintendo really wanted to check the full ticket.db they could.
but also they could heck on the sd card for boot.3dsx :D
 
  • Like
Reactions: MelonGx
cearp

cearp

瓜老外
Developer
Level 19
Joined
May 26, 2008
Messages
8,740
Trophies
2
XP
8,587
Country
Tuvalu
urherenow said:
... I know it's not a file system. I was using an analogy because the database works the same way.
Click to expand...
you know or you assume? (i don't know!) :)
ok, so say i delete a ticket in the middle of all the other tickets.
when i install 1 new cia, this will overwrite that remaining data from the old ticket? it won't just append the new ticket's data to the end?
 
urherenow

urherenow

Well-Known Member
Member
Level 13
Joined
Mar 8, 2009
Messages
4,815
Trophies
2
Age
48
Location
Japan
XP
3,737
Country
United States
cearp said:
you know or you assume? (i don't know!) :)
ok, so say i delete a ticket in the middle of all the other tickets.
when i install 1 new cia, this will overwrite that remaining data from the old ticket? it won't just append the new ticket's data to the end?
Click to expand...
That, I can't answer. It depends entirely how the 3DS firmware was written. Ideally, yes, but for all I know, the firmware may have been programmed to find the last entry and tac on the new ticket. Whatever algorythm is used to find a big enough chunk of free space, it should happily place the new ticket in the first place it finds that is both big enough and unused.

So... to REALLY test this without knowing how Nintendo wrote it, you *might* have luck by identifying the very last ticket entry in the file, then delete that ticket with FBI and install something else. Then re-verify that same chunk of the file to see if it changed. Or... keep on dumping->installing->dumping again until you figure out exactly how it adds tickets.

I can say one thing though... the file isn't signed. It CAN'T be signed unless the 3DS signs it itself, which means that even if you broke the signature by manually zeroing out a ticket, using the AM service to install... anything at all... would cause the 3DS to resign it.

About knowing or assuming: Just look at how FBI "deletes" the ticket. I am under the impression that you can read code a lot better than I can.
 
Last edited by urherenow,
  • Like
Reactions: cearp

Site & Scene News

Go to forum More news

Popular threads in this forum

I will Make you a 3DS custom theme if you don't know how!

Hacking Homebrew  Animal Crossing New Leaf (ACNL) help: data corrupt??

Citra AES Keys

Pokemon Ultra Sun/Moon from piracy site doesn't work

Hacking Homebrew  3DS System Transfer Questions

Black icon Mii Plaza + Streetpass isn't working properly

Better n64 emulator?

Does anybody have the old Health and Safety Information CIA?

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: https://youtube.com/shorts/Y9WKPRUjNQ4?si=raUf8jEiET8rmH2P