Hacking 3DS Hacking Theory Thread

Knyaz Vladimir · Mar 30, 2011

Well, we have a FAQ on 3DS Hacking, but I've noticed that all actual discussions are all around this forum. It gets kind of confusing moving around threads trying to make sense of everything.

I'll post what we have in theories right now:

A- Run updates through a proxy, replacing all update files with homebrew. (Somewhat possible)

B- Brute forcing a private key. (Impossible)

C- Use the Photo or Sound channels and boot up an exploit in JPG, MPO, or MP3. I doubt having a rar file in a JPG would work. (Somewhat possible)

D- Use a HEX editor to find an unencrypted file on a 3DS and figuring out more information on system and the keys (if it even has that). (Very unlikely)

E- Run ROMs through a HEX Editor, which is impossible right now, due to no ROMs existing at time of writing. (Even LESS unlikely)

F- Wait for the May update and make an exploit. (Probable)

F.b- Extra points if you can make the exploit on the OoT remake. Irony. (EXTREMELY Unlikely)

G- try and use exploits already made to do this. Which is EXTREMELY unlikely.

H- Transfer a Mii with an exploit or scan an exploited QR code. (Mii with exploit somewhat possible, QR is very unlikely)

I- Randomly smash at the buttons. Something should happen, with any luck. (Like getting a play coin) (It's a VG Cats reference, it's even less probable than B)

That's all ideas that I have right now, if we have any theories or experiments on said theories, just throw them here instead of making another thread.

Relys · Mar 30, 2011

Let me just get rid of a few theories so you have responsible OP content (I'm a CS major).

B. Not going to happen.

F.b the Epona exploit was an array out of bounds overflow from the string from the hourses name stored on the save file. Zelda TP engine is not the same as Zelda OOT engine. I wouldn't be supprised if you see some sort of buffer overflow for OOT or SF64 due to older coding standards from the N64 era though.

G. The Wiis architecture is not the 3DS architecture and they run on different operating systems.

H. lolwut... noe (for scanning at least).

I. No.

Slyakin · Mar 30, 2011

I like your enthusiasm.

I'm assuming that the 3DS will be "opened up" in a few years due to some type of bad coding in a 3DS game.. Like how the millions of Lego games on the Wii all seem to have the same exploit in them.

Knyaz Vladimir · Mar 30, 2011

I was referring to DSi exploits, lol.

Anyway, just wanted to clarify something. I know that TP and OoT use a different engine, but it would be ironic if the first exploit used OoT. And I don't mean the horse, I mean ANYTHING in OoT.

B was an old theory in the update thread, which kind of swept under the rug. H was another said exploit theory, which was barely mentioned (three words, no more) and letter I was a VG Cats reference to "High Roller" strategy in fighting games.

And yes, I'm going into CS. Which is about the same as Science as plumbing is to building airplanes.

Relys · Mar 30, 2011

Knyaz Vladimir said:
I was referring to DSi exploits, lol.

Anyway, just wanted to clarify something. I know that TP and OoT use a different engine, but it would be ironic if the first exploit used OoT. And I don't mean the horse, I mean ANYTHING in OoT.

B was an old theory in the update thread, which kind of swept under the rug. H was another said exploit theory, which was barely mentioned (three words, no more) and letter I was a VG Cats reference to "High Roller" strategy in fighting games.

And yes, I'm going into CS. Which is about the same as Science as plumbing is to building airplanes.

Oh right. I shouldn't have made that assumption, you seem pretty smart compared to all these idiots who are like "lol lets brute force the private key so we can have our pirate games durrr.".

DSi exploits are for the DSi bios. the 3DS kernel is not accessible through the DSi mode.

My guess is that some well known seen will release an software exploit which will result in CFW and a slew of flashkarts.

Working on dumping ROMS should be our first step. Also, it is nice that the update process has been analyzed but is useless without an exploit (to decrypt firmware).

I would suspect that something in OOT will cause an exploit due to remaining old code from N64 days

.

Anyways, a hack for the 3DS is going to take extensive knowledge of hardware and software architecture. This is not going to be preformed by anyone on gbatemp (that I know of lol).

trumpet-205 · Mar 30, 2011

A. can only happened if it is signed with official Nintendo key.

Knyaz Vladimir · Mar 30, 2011

Relys said:
Knyaz Vladimir said:

I was referring to DSi exploits, lol.

Anyway, just wanted to clarify something. I know that TP and OoT use a different engine, but it would be ironic if the first exploit used OoT. And I don't mean the horse, I mean ANYTHING in OoT.

B was an old theory in the update thread, which kind of swept under the rug. H was another said exploit theory, which was barely mentioned (three words, no more) and letter I was a VG Cats reference to "High Roller" strategy in fighting games.

And yes, I'm going into CS. Which is about the same as Science as plumbing is to building airplanes.

Click to expand...

Oh right. I shouldn't have made that assumption, you seem pretty smart compared to all these idiots who are like "lol lets brute force the private key so we can have our pirate games durrr.".

DSi exploits are for the DSi bios. the 3DS kernel is not accessible through the DSi mode.

My guess is that some well known seen will release an software exploit which will result in CFW and a slew of flashkarts.

Working on dumping ROMS should be our first step. Also, it is nice that the update process has been analyzed but is useless without an exploit (to decrypt firmware).

I would suspect that something in OOT will cause an exploit due to remaining old code from N64 days

.

Anyways, a hack for the 3DS is going to take extensive knowledge of hardware and software architecture. This is not going to be preformed by anyone on gbatemp (that I know of lol).

Modifying DSi exploits? ... Nah.

The update process gave us a decent slew of information, but still quite useless as we don't have a way to decode the files.

OoT is reprogrammed from scratch, and it only uses a very small fraction of the N64 code, since the 3DS isn't 64-bit, and it's a remake of Master Quest, too. Using GameCube code, more likely.

I also doubt anyone on GBAtemp could do it, but we might get somewhere, leave GBAtemp, continue our conversation in private for 3DS, and figuring out everything we can about it. If we do this correctly (which is also unlikely, but we will get somewhere, we already did), we can actually make an exploit for 3DS, leading to a very basic hello world application, and eventually, a homebrew channel.

Brute forcing was another idea for getting homebrew on the 3DS, piracy should be still blocked by us, too. Emulation of other consoles, at most.

DeadlyFoez · Mar 30, 2011

Everything you said as an idea is all software based. What you need to realize is before we can do a software based exploit, we will need to do a hardware based exploit which shouldn't be too hard since there are so many test points on the motherboard. We need at least one key before we can start opening up the rest of the doors.... just like on the wii.

Sheimi · Mar 30, 2011

There is a boot error I noticed with mine. All that I need to do is create a code to buffer overflow it.

Knyaz Vladimir · Mar 30, 2011

Sheimi said:
There is a boot error I noticed with mine. All that I need to do is create a code to buffer overflow it.

Go on...

Also, for the hardware-based exploit thing- that's where I made up the jokingly-named Team Exactoknivez, based off of Team Twizzers. Really, that might be the first thing that we need to do and then get a software exploit.

Plans of operation:
1. Open up 3DS and find exploit in hardware.
2. Make sure that 3DS works.
3. Use said exploit to help develop software based exploits.
4. Develop decent apps while avoiding piracy.

ichichfly · Mar 30, 2011

A is not working you need a key but you can update only a part of the 3DS

H mii qr can be readed by the PC but i think they have a checksumm or something like that.

J use aircrack-ng (if someone find a exploit here i think it won`t be released because nearly nobody can use them and you can hack all 3DS near you)

xakota · Mar 30, 2011

Sheimi said:
There is a boot error I noticed with mine. All that I need to do is create a code to buffer overflow it.

Not sure if troll...

If you guys are looking for hardware exploits maybe try to find one in the SD slot? SD card exploit would be godly.

pachura · Mar 30, 2011

Well, I understand you're trying, but most of your ideas are ridiculous and you clearly have never hacked anything. You know how the hacks are made ? By lonely geeks in their parents' basements, who already know bazilion times more than you about software and hardware. Your advices would be completely useless to them.

Anyway, to comment on the OP:

A- Run updates through a proxy, replacing all update files with homebrew. (Somewhat possible)
This is not a method of hacking, this would be a method of delivering a hack. You would still need to know the key for signing the fake update. Not even to mention no one knows what CPU is there inside and how it communicates with the rest of 3DS' hardware ! You cannot even compile a simple "Hello World" application without knowing the target hardware...

B- Brute forcing a private key. (Impossible)
Do you know why it is impossible ? Because you have to at least know the encryption algorithm before starting to hack... or maybe the original, unencrypted content. If you don't know any of these, how would you know if an example generated key works or not ?

C- Use the Photo or Sound channels and boot up an exploit in JPG, MPO, or MP3. I doubt having a rar file in a JPG would work. (Somewhat possible)
RAR file in a JPG ? WTF ?
Apart from that, it might be that Nintendo uses one of the modern ARM processors with special security measures built-in (TrustZone, xN), making buffer-overflow exploits much less possible (like Data Execution Prevention on Windows).

F.b- Extra points if you can make the exploit on the OoT remake.
Just buy the fucking game, people...

Dead End · Mar 30, 2011

I doubt Files Hidden inside .JPGs will work... theirs no specific code for the 3DS to pick up when viewing the image (as far as I know)

I dont think a RAR file would work anyways.. it might have to be some kind of 'boot.n3d' file... (or whatever format 3DS Games are)

xakota · Mar 30, 2011

QUOTE said:
RAR file in a JPG ? WTF ?

Kind of funny how you're trying to put people down for not knowing enough about hacking while you don't even know about steganography

Awdofgum · Mar 30, 2011

I was kinda surprised that DSi hacking efforts were never really apparent. Not complaining, I just figured that someone out there would have wanted it as bad.

xakota · Mar 30, 2011

Awdofgum said:
I was kinda surprised that DSi hacking efforts were never really apparent. Not complaining, I just figured that someone out there would have wanted it as bad.

There really aren't any benefits to hacking the DSi besides a moderate speed increase.

Antoids · Mar 30, 2011

pachura said:
RAR file in a JPG ? WTF ?

LOL

more ironic than oot breaking the 3ds open

protip: get a couple .jpgs, compress them into a rar, rename the file to be a .jpg, then upload it

when someone else saves the image and renames it back to a .rar, it'll be unzippable, and before that it'll display as the first image in the folder

pachura · Mar 30, 2011

xakota said:
QUOTE said:

RAR file in a JPG ? WTF ?Kind of funny how you're trying to put people down for not knowing enough about hacking while you don't even know about steganography

Antoids

Click to expand...

protip: get a couple .jpgs, compress them into a rar, rename the file to be a .jpg, then upload it

And what's the point of changing .RAR extension to .JPG ? How could it help with hacking 3DS ? Granted, 3DS picture viewer does not have RAR decompression routines built-in. So the only thing that might happen is the picture viewer displaying "Invalid JPEG file" message - or crashing. Now crashing might be potentially interesting, but why would it crash specifically for RAR archives ?

Nollog · Mar 30, 2011

Knyaz Vladimir said:
B- Brute forcing a private key. (Impossible) this is possible you have to be patient.

C- Use the Photo or Sound channels and boot up an exploit in JPG, MPO, or MP3. I doubt having a rar file in a JPG would work. (Somewhat possible)

H- Transfer a Mii with an exploit or scan an exploited QR code. (Mii with exploit somewhat possible, QR is very unlikely) this is just as likely as a jpg or mpo overflow

Also, GREAT another thread of baseless fantasy!

Hacking 3DS Hacking Theory Thread

3DS Hacker

^(Software | Hardware) Exploit? Development.$

See ya suckers

3DS Hacker

^(Software | Hardware) Exploit? Development.$

Embrace the darkness within

3DS Hacker

XFlak Fanboy

A cute Vixen!

3DS Hacker

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Wadofgum

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum