Hacking 3DS Hacking Ideas: Post Your Ideas Here!

[Gamemaster1379]

Found this post (from a recent Chaos Computer Congress 30C3) on hacking the microcontroller embedded in the actual SD cards. I'm not sure if it'll actually lead to anything or how to begin trying, but, having custom microcontroller code running inside the SD card in the 3DS sounds interesting.

http://www.bunniestudios.com/blog/?p=3554

That's one hell of a find. That's something that could be significant for just about any device that reads from an SD card.

 

[Duo8]

Found this post (from a recent Chaos Computer Congress 30C3) on hacking the microcontroller embedded in the actual SD cards. I'm not sure if it'll actually lead to anything or how to begin trying, but, having custom microcontroller code running inside the SD card in the 3DS sounds interesting.

http://www.bunniestudios.com/blog/?p=3554

This should also applies to the 3DS's and Wii U's NAND
The code is ran on the SD, so atleast we can monitor the SD in real-time.

 

[Gamemaster1379]

This should also applies to the 3DS's and Wii U's NAND
The code is ran on the SD, so atleast we can monitor the SD in real-time.

I'd be interested to see if the SD could be modified to cause on-the-fly redirects to allow for unsigned code to be run by functions that call from the SD card.

 

[WaryLouka]

Just a question to some masterminds around here:

Where are the Nintendo's Decryption keys contained?
I mean, in the 3DS? In encrypted stuff? I wonder.

Q #2: Also, where are the consoles keys?

Oh, and i also want to recall something i posted a while ago:

Strangely enough, seems that ds games are emulated, or runt in a sandbox, because 3DS mode is probably still ron
How do my theory makes sense? That Home button on the 3DS. Once you press it, you receive a notification about if you want to return to the menu.

That notification comes surely from the 3DS mode, but if you are in DS mode, how it's... possible?
Also, the notification take less than a nano second to show up, so its sure that the 3DS does NOT launch 3DS mode after pressing the home button.


Maybe we can exploit that? I dont know! Like, a .NDS homebrew file on a flashcart that intercept the notification and gain access to the 3DS or i dont know!

Rythian said that the 3DS receive the signal and suspend DS mode.

However, there's a contradiction that still makes what i said right: ( OBJECTION!

) In fact, the 3DS mode is still on. You can say whatever you want, pressing the Home button while playing a DS game proves that the 3DS firmware is still running ( if it was not, it would take forever: Booting up the firmware, decrypting files etc.. )

If there was a way to crash (partially) ds mode, we could exploit that? No promises.

 

[Duo8]

Just a question to some masterminds around here:

Where are the Nintendo's Decryption keys contained?
I mean, in the 3DS? In encrypted stuff? I wonder.
AFAIK in the hardware AES engine.


Q #2: Also, where are the consoles keys?
In the NAND.

Oh, and i also want to recall something i posted a while ago:



Rythian said that the 3DS receive the signal and suspend DS mode.

However, there's a contradiction that still makes what i said right: ( OBJECTION!

) In fact, the 3DS mode is still on. You can say whatever you want, pressing the Home button while playing a DS game proves that the 3DS firmware is still running ( if it was not, it would take forever: Booting up the firmware, decrypting files etc.. )

If there was a way to crash (partially) ds mode, we could exploit that? No promises.

It's probably running in a sandbox? However, that dialog is probably "DS mode" (notice the bad sound quality).
Also, 3DS start DS programs with TWL-FIRM, so no 3DS code is running.

 

[WaryLouka]

It's probably running in a sandbox? However, that dialog is probably "DS mode" (notice the bad sound quality).
Also, 3DS start DS programs with TWL-FIRM, so no 3DS code is running.

It would not be possible that the return to 3ds menu is on DS mode!
How the DS first could even launch the system? DS mode stays on the DS mode and cannot access additional hardware!

 

[Duo8]

It would not be possible that the return to 3ds menu is on DS mode!
How the DS first could even launch the system? DS mode stays on the DS mode and cannot access additional hardware!

Return? That's just rebooting. EDIT: Get it now. Anyway why not?
Maybe it uses some extra hardware to handle scaling and that dialog, but it's still DS mode.
Not sure what the later means.

--
On a side note, some weird things happened today. My 3DS froze when entering DS mode (still in 3DS mode), and soft-resetting a homebrew caused it to reboot into 3DS mode for some reason.

 

[pelago]

The screen that appears when pressing the Home button on a 3DS while playing a DS game is definitely running in DS mode, not 3DS mode.

 

[WaryLouka]

The screen that appears when pressing the Home bthutton on a 3DS while playing a DS game is definitely running in DS mode, not 3DS mode.

Do you have proof?
I want to clear something: First, DS Mode cannot detect the Home button, as the original DS do not have it.
Two, if the 3DS "takes" the signal and launch 3DS Mode, it would take too much time: Count the time needed to boot the 3DS. If you are expert enough, count the time needed to launch the 3DS Menu!
Three, how even DS mode could boot into 3DS mode? It's probably in a sandbox environment!

I'm getting to the point: If the DS mode is in a sandbox environment, it possibly means we could crash DS mode in a way or another and cause access to the 3DS mode?

( I'm getting a bit tired of my pw stuff but it's cool )

 

[Yacker]

Im just gonna throw this out here-7.1 seems more unstable than any other versions. It crashed on me while I was on the home menu, not doing anything.

 

[pelago]

I want to clear something: First, DS Mode cannot detect the Home button, as the original DS do not have it.

It wouldn't be hard for Nintendo to have modified the DS Mode to allow access to one extra button and to display the screen that you see when you press it.

 

[WaryLouka]

It wouldn't be hard for Nintendo to have modified the DS Mode to allow access to one extra button and to display the screen that you see when you press it.

Honestly, why Nintendo would modify DS Mode when ( theorically speaking ) 3DS Mode is still on to grab the Home Menu signal and interrupt DS Mode?
And if you were right, there is still one issue: DS Mode cannot access the 3DS's Files and System Menu. So, how even in DS Mode you can boot up to 3DS Mode?

 

[ElYubiYubi]

There's a New App in the eShop called the Save Data Transfer Tool. Basically all it do is transfer the save data from a cart to the Downloadable version of the game.

There are some 3DS Save Backup Dongle out there so could insert a hack to the save then upload it to the cart and then use the app to transfer the save to the 3DS and then run the digital game with the exploitable save?

Kinda like in the PS Vita.

Or maybe to get the saves of the Nand Save Games like Pokemon Y&X. I mean while the app is tranfering the save from the cart to the digital game it might lose the encryption or something.

Sorry If I said something ridiculously stupid.

 

[pelago]

Honestly, why Nintendo would modify DS Mode when ( theorically speaking ) 3DS Mode is still on to grab the Home Menu signal and interrupt DS Mode?

Because they know that DS mode is more vulnerable to hacking and they don't want people breaking out of DS mode and getting into 3DS mode.

And if you were right, there is still one issue: DS Mode cannot access the 3DS's Files and System Menu. So, how even in DS Mode you can boot up to 3DS Mode?

It doesn't access the 3DS system. It just tells the console to reset.

I'm surprised that they bothered with the DS mode Home button functionality though. They could have just said in the documentation that the only way to quit a DS game is to turn the console off and on again (which is effectively what pressing Home then A does).

Look at it this way: If pressing the Home button while in DS mode brought you into 3DS mode, why didn't they allow you to view the 3DS Home Menu, see the date/time, launch the web browser, read notifications, access Miiverse etc.?

 

[ElYubiYubi]

There's a New App in the eShop called the Save Data Transfer Tool. Basically all it do is transfer the save data from a cart to the Downloadable version of the game.

There are some 3DS Save Backup Dongle out there so could insert a hack to the save then upload it to the cart and then use the app to transfer the save to the 3DS and then run the digital game with the exploitable save?

Kinda like in the PS Vita.

Or maybe to get the saves of the Nand Save Games like Pokemon Y&X. I mean while the app is tranfering the save from the cart to the digital game it might lose the encryption or something.

Sorry If I said something ridiculously stupid.

 

[WaryLouka]

Because they know that DS mode is more vulnerable to hacking and they don't want people breaking out of DS mode and getting into 3DS mode.

It doesn't access the 3DS system. It just tells the console to reset.

I'm surprised that they bothered with the DS mode Home button functionality though. They could have just said in the documentation that the only way to quit a DS game is to turn the console off and on again (which is effectively what pressing Home then A does).

Look at it this way: If pressing the Home button while in DS mode brought you into 3DS mode, why didn't they allow you to view the 3DS Home Menu, see the date/time, launch the web browser, read notifications, access Miiverse etc.?

Alright. So, how DS Mode can alert the system if it doesn't have the function so?
I mean, to alert the system you must send a specific signal on the hardware. But DS Mode may have the Home Button implented, but however it doesn't have the 3DS Bootup Commands.

 

[BobDoleOwndU]

Alright. So, how DS Mode can alert the system if it doesn't have the function so?
I mean, to alert the system you must send a specific signal on the hardware. But DS Mode may have the Home Button implented, but however it doesn't have the 3DS Bootup Commands.

It's more than likely that some piece of the 3DS software/hardware stays active that allow it to use the home button function and likely the rest of the 3DS software and hardware shuts itself off to prevent exploits from DS mode, only to reboot when DS mode is exited. Whether the portion that stays active is exploitable is another question. If it was that would be a HUGE failure on Nintendo's part.

 

[Duo8]

Alright. So, how DS Mode can alert the system if it doesn't have the function so?
I mean, to alert the system you must send a specific signal on the hardware. But DS Mode may have the Home Button implented, but however it doesn't have the 3DS Bootup Commands.

Probably handled by the sandbox.
I'm kinda convinced that DS games run in a DSMode sandbox under limited hardware.

 

[WaryLouka]

It's more than likely that some piece of the 3DS software/hardware stays active that allow it to use the home button function and likely the rest of the 3DS software and hardware shuts itself off to prevent exploits from DS mode, only to reboot when DS mode is exited. Whether the portion that stays active is exploitable is another question. If it was that would be a HUGE failure on Nintendo's part.

So, we get back to one of my point:

To boot the 3DS Menu it would take way much time than that, just like when we are booting. So, it must be something else.

 

[WaryLouka]

Double Post i know, but this:

http://facepunch.com/showthread.php?t=1344627

It's a 22 nano meters dual-core pc in the shape of an sd card
I don't know about this. Perhaps it could help something in 3DS hacking?