Toggle sidebar

Any programs for security?

  • Thread starter Thread starter Memedew
  • Start date Start date
  • Views Views 3,287
  • Replies Replies 22
Last edited by Olmectron,
  • Like
Reactions: cearp
Can be easily bypassed by deleting config.bin in the luma folder
 
  • Like
Reactions: Alexander1970
Memedew said:
That's a password for accessing luma. Not the 3DS.
Click to expand...
Well… the 3DS won't boot either into Luma3DS settings, GodMode9 or the main OS without providing the correct combination – theoretically; as already mentioned, bypassing the pin is as easy as deleting the file on SD.
 
  • Like
Reactions: Alexander1970
Memedew said:
That's a password for accessing luma. Not the 3DS.
Click to expand...
Your 3DS won't boot without the PIN (unless you do as others set and remove the SD card, of course). So it's just what you asked.

I was just trying to help in case the Luma PIN lock was something you didn't read about before and maybe it could adjust to your needs (not actual security, but child proofing). But alright.
 
KleinesSinchen said:
Isn't that for A9LH?

Luma3DS pin is for child-proofing, not security against a determined attacker or a theft-deterrent.
The only way I can think of to make Luma3DS pin a bit more secure, is recompiling B9S so it starts from CTRNAND first instead of the SD. I wouldn't recommend this for various reasons. It is not really secure anyway as ntrboot can easily bypass this as well.
Click to expand...
Yeah. It's an old project. Strange they didn't set an option for saving the PIN config in the NAND instead of the SD Card. Maybe a lot of people actually forgot their PINs and/or didn't know how to remove it when in NAND.

Anyway, I was just giving a shoutout to some existing options out there in case the OP didn't know about them. Even then, yeah, 3DSafe not usable anymore with Luma.
 
Olmectron said:
Your 3DS won't boot without the PIN (unless you do as others set and remove the SD card, of course). So it's just what you asked.

I was just trying to help in case the Luma PIN lock was something you didn't read about before and maybe it could adjust to your needs (not actual security, but child proofing). But alright.
Click to expand...
Oh, my bad! It didnt show the password when I rebooted. Only when it shutdowns.


Also yes the file can be deleted but im pretty sure your typical "im gonna steal this 3ds" guy won't know what to do.
 
Olmectron said:
[…]Strange they didn't set an option for saving the PIN config in the NAND instead of the SD Card. Maybe a lot of people actually forgot their PINs and/or didn't know how to remove it when in NAND.[…]
Click to expand...
Luma3DS configuration (and pin) will be saved on NAND when booting from NAND (without SD inserted or without boot.firm on SD)… but since B9S tries booting from SD first, this is almost worthless as well. Even if Luma would use NAND for the pin in any case, this could still be bypassed by providing a custom boot file that does not do such a check.

You have to modify the bootloader (B9S) in order to get at least minimum security (not all attackers have an ntrboot cart at hand).


Memedew said:
[…]
Also yes the file can be deleted but im pretty sure your typical "im gonna steal this 3ds" guy won't know what to do.
Click to expand...
If the typical "im gonna steal this 3ds" guy is unable to read and type the message into a search engine, then maybe he doesn't know what to do. Won't bring back a stolen console though.
Ask a search engine about bypassing FRP (factory reset protection) on Android phones, you'll see that people jump over a lot of hurdles in order to circumvent the "Google lock" – depending on the device way more work than deleting a file on SD.
 
  • Like
Reactions: Alexander1970 and Komfi
3dsdev said:
Why would you need one? If you have to child proof it then just don't have hax or just give the child a (preferably new) 3ds of their own.
Click to expand...
Well, besides that one doesn't need a rational reason for wanting something, there is a usecase for the pin lock besides preventing a three-year-old from hex-editing SysNAND with GodMode9. I use it that way: In addition to the pin lock, Luma3DS allows showing a custom message on screen. That message contains my name, address and phone number and the fact that I offer a little compensation for returning. If I'm forgetful or clumsy, this significantly increases the chances to get my 3DS back when losing it.

It also tells the reader to not buy the console – for the case a stupid thief doesn't use search for removing the lock and wants to sell the 3DS.

I also had compiled B9S to prefer starting from CTRNAND, but deleted that again. A thief of opportunity would likely not have ntrboot at hand, but this method doesn't come without potential pitfalls so I went back to Fastboot3DS.
 
  • Like
Reactions: placebo_yue, Alexander1970 and Takokeshi
3bbb7 said:
i'm curious to hear a realistic situation where someone does this to access a pin locked 3DS
Click to expand...
I hope theft counts as a realistic (and common) situation. Pickpocket grabs console, runs away, turns it on and get this message (or error message from their perspective):
Enter the PIN using ABXY and the DPad to proceed.
Press START to shutdown, SELECT to clear
Click to expand...
The first line as search term gave me an old Reddit thread as top result with duckduckgo, startpage and google (Yes I know, startpage uses google, but sometimes I get different results). While this thread is old and talks about A9LH, all needed information is mentioned: Booting from NAND, booting from SD, deleting file.

This is enough to give an attacker with no prior knowledge about 3DS and Luma CFW the idea, that an easy bypass is possible. Sooner or later they will find the official Github page and the wiki
github.com/LumaTeam/Luma3DS/wiki/Optional-features said:
  • PIN lock:Require a PIN to be entered before continuing boot. A message can be displayed on the bottom screen at the PIN input screen by placing a text file named pinmessage.txt in /luma (800 characters maximum!). Has four options:
    • Off: No PIN enabled, continue boot normally.
    • 4: Require a 4 digit PIN.
    • 6: Require a 6 digit PIN.
    • 8: Require a 8 digit PIN.
    • Note: This is more effective as child-proofing than as a complete theft deterrent; a thief could bypass this as easily as deleting Luma3DS' configuration files, changing the boot.firm payload on the SD card (or, if using Luma3DS on CTRNAND, inserting an SD card with a boot.firm on its root, since boot9strap shows priority to the SD card. Even Luma3DS installed in FIRM0/1 isn't completely "safe"; it could be bypassed easily with ntrboot or similar methods.
Click to expand...
The official manual tells right away how to get rid of the lock.
It literally takes the thief less than five minutes to remove the PIN and put them in a position to sell the stolen good (good condition 3DS aren't exactly cheap at the moment).
If we have good(?) or bad(?) luck (depends on the view), the search engines will now pick up this thread as a manual how to bypass the Luma3DS PIN code.

⟹ Luma3DS PIN is not an effective theft deterrent.
 
  • Like
Reactions: Alexander1970
linuxares said:
No amount of security will make you get your 3ds back if stolen sadly.
Click to expand...
Exactly, 3DS and Switch don't have kill switch nor GPS tracking like many smartphones have it.

I recommend y'all to treat hacked 3DS and Switch as valuable and carry with you all time, so don't left alone anywhere.

I learned a hard lesson after my GBA got stolen twice back in 2003 and 2005.
 
  • Like
  • Sad
Reactions: Alexander1970 and KleinesSinchen
linuxares said:
No amount of security will make you get your 3ds back if stolen sadly.
Click to expand...
Correct. Already said the same above.
I still use the PIN function for increasing the chance of getting my console back if lost – not stolen – by adding my personal data to the message.

JeepX87 said:
Exactly, 3DS and Switch don't have kill switch nor GPS tracking like many smartphones have it.

I recommend y'all to treat hacked 3DS and Switch as valuable and carry with you all time, so don't left alone anywhere.

I learned a hard lesson after my GBA got stolen twice back in 2003 and 2005.
Click to expand...
I'm quite happy that 3DS do NOT include such features(?). I don't want my devices to track me.
That said, to my knowledge some phones can be unlocked with tricks and have the "find my device" disabled by an attacker. The IMEI might be a possibility to track down a thief, but who knows if the police would even bother… just to find somebody who unknowingly bought stolen goods (sometimes it is NOT apparent) and doesn't know who the seller is.
=======

There are really not much other use cases than preventing little kids from accessing GodMode9. Storing sensitive data on the small 3DS NAND and hoping, that nobody will be able to access it, isn't going to work either.
 
  • Like
Reactions: Takokeshi, linuxares and Alexander1970

Site & Scene News

Go to forum More news

Popular threads in this forum

Help on 3DS prices...

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Hardware  2 Broken 3DSes, need help

Website for finding alternative games for 3DS

Homebrew  My Secret World DS: is there a way to bypass the password lock?

Homebrew Homebrew app  [Release] GridLauncher Rosalina

please help, wont boot

Hardware  I Have 2 THQ Dev Kit 3DSes (Panda), Need Help On Preserving What’s Inside