Hacking 3DS Firmware has been decrypted

Status
Not open for further replies.
3

3DSGuy

No longer in scene
Member
Level 4
Joined
May 22, 2012
Messages
345
Trophies
0
XP
467
Country
United States
SifJar said:
3DSGuy said:
Source:Myself/Knowledge of PS3/looking at TB eboots. There are many speculated methods on obtaining decrypted eboots, which mostly surrounds dumping the RAM, in some form (and having the keys, but having the keys is unlikely). Nothing confirmed of course. But they are re-encrypted versions of the original disc eboots, I haven't checked Duplex's 'anti-drmed' TB eboots, but they should be the same size as the disc original eboot. When they say debug eboot, they mean an eboot flagged as debug in the SCE header. Again TB obtain decrypted eboots (to which they apply DRM to) from a source other than debug fselfs(that is unless they get debug copies of every game they've patched again unlikely). What you see when you look at a TB eboot, is simply the result of their DRM process. The fself flag among other things in the SCE Header, is simply a way for the DRM distinguish between regular eboots and TB eboots(after all, all a SCE header does(for selfs) is tell the PS3 what the eboot is). Especially since fselfs are treated differently by the PS3 simply for been an fself(it has to be modified to accept them). And of course the encryption of TB eboots is part of the DRM.

EDIT: If you don't believe me, here's a quote from the dev wiki regarding the 'fself nature' of TB eboots:
Click to expand...

I get what you're saying, true FSLEFs aren't encrypted. But that doesn't mean that the decrypted EBOOTs TB have access to aren't the debug EBOOTs (i.e. FSELFs). As I see it, it is perfectly possible they have access to the FSELFs (debug EBOOTs) of the games they release "patches" for, and they apply their DRM to those (including the encryption with their own keys) so they only work with the dongle. I see no other way for them to obtain decrypted EBOOTs for newer games unless they had all the newer keys, in which case they could release far more fixed games than they do. They could possibly also create some sort of software to allow users to fix games themselves (without giving the keys away; that part could be tricky, but they've managed to protect their EBOOTs this far, they could probably have a decent attempt at protecting the keys also). AFAIK, the only way to get unencrypted EBOOTs is debug EBOOTs (FSELFs), so that must be their "starting point" for each fix, right?

EDIT: The quote from the dev wiki you posted is found under this header:
old talk

(seems obsolete and incorrect in many ways)
Click to expand...
I wouldn't put too much faith in that quote...
Click to expand...
Yes it is possible that TB got access to original disc debug fselfs, but that is almost as likely as me having access to debug executables of mario kart 7, Super mario 3D land and New Super Bros 2 and playing backups of them right now, on a dev 3ds. Unless they have connections with an employee for each of the companies which developed each of the games they've managed to patch, they don't have access original debug fselfs.

It is true that debug consoles can retrieve debug game updates which contain fselfs, but these are not the same as the original disc fselfs. Also Game of thrones, one of their patched games, doesn't have any updates see: https://a0.ww.np.dl....S30939-ver.xml. If there aren't any updates for the game, then there won't be a debug update, to get a game fself from.

(I've just checked now the TB patch eboot and disc original eboot are not the same size, but my point still stands, to get original disc fselfs, you have to have access to where they are created. To get game update fselfs, there has to be a game update, and for game of thrones, there isn't one)

Now explain to me how they are getting fselfs/elfs? (The most likely explanation is they managed to dump retail eboots out of the RAM, as the PS3 decrypts them, most likely with a debug unit.)

That quote by the way, was explaining, why one of the 'old/wrong ideas' was wrong :). It so I put faith in that quote.

EDIT: Some food for thought, a 'payload-less' xmb launchable self decrypter, which could be re-compiled to work on the latest DEX FW.

EDIT2: Yeah, if you still want to continue this conversation SifJar, we should move it elsewhere.
 
S

sohaib

Member
Newcomer
Level 2
Joined
Jun 13, 2012
Messages
12
Trophies
0
XP
108
Country
Macau
it is true 3ds firmware has been decrypted and now you can make homebrew channel like the wii or not

and thanks :) :)
 
LuigiBlood

LuigiBlood

Mage Robot
Member
Level 6
Joined
Jun 23, 2009
Messages
196
Trophies
1
Website
luigiblood.neocities.org
XP
845
Country
France
LuigiBlood said:
[19:12] firmware isn't really decrypted
Click to expand...
So some of us talked to him and he said this. No luck guys.
Click to expand...

So no one did get it yet. Pretty much the last time I remind everyone.
And the fact that tool that neimod is updating absolutely doesn't mean anything.

And also: even if decrypting firmware was done, NOTHING can be done yet.
Same thing for the Common Key (which he doesn't have BTW).

Trying to open some eyes, but under the excuse that others finds to think that IRC logs can be faked, in that case, the 1st post CAN BE A FAKE.
EDIT: So seriously, if the firmware was decrypted, that would be said on 3dbrew, not just on IRC.
 
3

3DSGuy

No longer in scene
Member
Level 4
Joined
May 22, 2012
Messages
345
Trophies
0
XP
467
Country
United States
Anyway, here is a re-construction of a 'FIRM' file I made based on the specs from ctrtool. Download here: http://depositfiles.com/files/lzpo8yqyo

Interestingly, from reading the ctrtool code and seeing how it outputs the firmware sections, I get the impression that the ARM code sections aren't encrypted in the FIRM format. I could be wrong though.

@LuigiBlood "So seriously, if the firmware was decrypted, that would be said on 3dbrew, not just on IRC." Well neimod had reversed the ExeFS format, and implemented it in ctrtool. But it wasn't until I started documenting the ExeFS format myself on 3DBrew, that he decided to put his findings.
 
  • Like
Reactions: 1 person
DiscostewSM

DiscostewSM

Well-Known Member
Member
Level 16
Joined
Feb 10, 2009
Messages
5,484
Trophies
2
Location
Sacramento, California
Website
lazerlight.x10.mx
XP
5,493
Country
United States
Suprgamr232 said:
sohaib said:
it is true 3ds firmware has been decrypted and now you can make homebrew channel like the wii or not

and thanks :) :)
Click to expand...
My god. Read the thread. NO HOMEBREW CHANNEL. This is like the first tiny baby step of hacking the console. Read the stickies.
Click to expand...

I just look at the post count and say "......yep..."
 
Y

yuyuyup

Well-Known Member
Member
Level 12
Joined
Apr 30, 2006
Messages
3,810
Trophies
2
Location
USA MTN timezone
Website
Visit site
XP
3,291
Country
United States
https://github.com/3dshax/ctr was just updated an hour ago. Someone let me know if these updates from me are a waste of time. I don't know what they mean, I'm merely relaying them for anyone else who might care. The previous update was 5 days ago.
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Translation Project  DQM2SP translation

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: Don't make Barbie put a cigarette out on your nipples!