Hacking 3DS update process analyzed

OuHiroshi · Mar 28, 2011

xdixonx said:
WiiBricker said:

We need the 3DS common key.

Click to expand...

Well if we know what we're looking for it's a start I guess... worst case scenario is that the key takes years to find, much like the ps3.

The first software exploit on the Wii was a stack overflow on the horse name in Zelda. So let's hope there will be something like that on the 3DS.

xakota · Mar 28, 2011

Wouldn't it be awesome if OOT ended up having such an exploit?

notmeanymore · Mar 28, 2011

xakota said:
Wouldn't it be awesome if OOT ended up having such an exploit?

Ironic is the word you were looking for.

Nollog · Mar 28, 2011

Cyan said:
save files are un-transfearable.
You can't even copy a save to another SD card and use it on your own 3DS.
You also can't make backups of your savefile to restore later, the console keeps tracks of the last used time of every files, so no possibility to overwrite it with another (older or newer) save file.
You have to share the entire "Nintendo 3ds" folder to make sharing save game possible, but I think the saves are locked to the console.

3DS Transfer will allow this in May.

MakiManPR · Mar 28, 2011

This thread is really interesting
I have a question Have you used any flashcart to see if the 3DS send something extra or something different to Nintendo and/or viceversa

Schlupi · Mar 28, 2011

Why is it that EVERYTIME I try to update it, it stays at the "Updating..." screen without progress in the bar? I turned it off fearing to brick it (I lost a PSP Go to the FW updating related brick) and it worked fine after, but I hope I can update it without this happening every damn time.

My connections is great, it's not the problem (WEP, and SFIV3D works perfectly laggless playing hundreds of matches) can anybody tell me what the issue is? There is a launch day USA update right?

Anybody have a solution/comment on this?

MakiManPR · Mar 28, 2011

Maybe is yours cuz I updated successfully with the progress bar, I guess it still have the store warranty if so take it there

Schlupi · Mar 28, 2011

MakiManPR said:
Maybe is yours cuz I updated successfully with the progress bar, I guess it still have the store warranty if so take it there

I tried it again just now, and it worked fine. >

I guess there was just s server issue/overload or something.

I now have my Ok Go video.

I was happy to see some of the cheesy "Pop out at you" effect, to be honest. When the dog came at the screen I was a little startled lol. Playing Street Fighter does not give any of that lol.

Deleted User · Mar 28, 2011

Schlupi said:
Why is it that EVERYTIME I try to update it, it stays at the "Updating..." screen without progress in the bar? I turned it off fearing to brick it (I lost a PSP Go to the FW updating related brick) and it worked fine after, but I hope I can update it without this happening every damn time.

My connections is great, it's not the problem (WEP, and SFIV3D works perfectly laggless playing hundreds of matches) can anybody tell me what the issue is? There is a launch day USA update right?

Anybody have a solution/comment on this?

Well, I had this problem too but I just left it for a while, and it worked. It took ages and was stuck without progress but randomly it did "progress", I'd say after about... 10 minutes on my PAL 3DS.

It's ridiculous really.

notmeanymore · Mar 28, 2011

Schlupi said:
Why is it that EVERYTIME I try to update it, it stays at the "Updating..." screen without progress in the bar? I turned it off fearing to brick it (I lost a PSP Go to the FW updating related brick) and it worked fine after, but I hope I can update it without this happening every damn time.

My connections is great, it's not the problem (WEP, and SFIV3D works perfectly laggless playing hundreds of matches) can anybody tell me what the issue is? There is a launch day USA update right?

Anybody have a solution/comment on this?

It took me a solid 5 minutes to update. How long did you wait, like 30 seconds? lol

Knyaz Vladimir · Mar 28, 2011

Cyan said:
1 - I don't think there are UserID data in the file. I think it's only encrypted with my own public key, so it will work and be decrypted only on my console.

That makes sense in many ways for Nintendo's anti-piracy policy. They'd want you to be able to play only games that are for your own console, and until we find a way to make the system recognize any savefile, we're kind of stuck. If custom channels existed on the 3DS, you couldn't do shite, because they'd have patched bannerbomb early on.

2 - Even the video is encrypted. There's no significant pattern (video, multiple jpeg or audio). the file header is ...G>[email protected].>.3, and is different for every files.

No shit. The video is 3D, it's obviously encrypted in a different manner. Why would people think otherwise is beyond me. If we can get a second video dump and analyze the two together, we might figure out something from this. Too bad, I don't have a 3DS.

3 - They have a lot of space now, I don't remember exactly but I think it's 1.5GB.

Around so, I can't answer for sure.

My comments to the statement way above is in the quote. And in bold. Amazing.

Anyway, time for irony- the first two exploits we find is Link's name in OoT (because Nintendo fixed Epona's name, but broke Link's in return, bad Ninty!) and the Star Wars exploit that I'm too lazy to research and make a witty comment about.

That's my statement, I'll go drink my tea before being horribly mutilated by a doctor because I'm getting surgery done. And I'm without a laptop.

ichichfly · Mar 28, 2011

pachura said:
1. You're writing that "you've dumped the files, but can't share them". So you do have them on your computer ? Are you afraid that publishing these files would somehow reveal your UserID or something ?

lol download it yourself http://nus.cdn.c.shop.nintendowifi.net/ccs...025000/00000000

they are encrypted so don't expect that you can see anything

ADD: you may can use this to only update a part of your 3DS

ADD2: mutch spam in here lol so i make some more spam

ADD3: the file is also on the DSi update/DSiware server why?

ADD4: i also get a connection to nppl.c.app.nintendowifi.net:443 (pingable) as well as nasc.nintendowifi.net:443 (not pingabel) and some 2 to .a248.e.akamai.net:443

Knyaz Vladimir · Mar 28, 2011

ichichfly said:
pachura said:

1. You're writing that "you've dumped the files, but can't share them". So you do have them on your computer ? Are you afraid that publishing these files would somehow reveal your UserID or something ?

Click to expand...

lol download it yourself http://nus.cdn.c.shop.nintendowifi.net/ccs...025000/00000000

they are encrypted so don't expect that you can see anything

ADD: you may can use this to only update a part of your 3DS

ADD2: mutch spam in here lol so i make some more spam

ADD3: the file is also on the DSi update/DSiware server why?

ADD4: i also get a connection to nppl.c.app.nintendowifi.net:443 (pingable) as well as nasc.nintendowifi.net:443 (not pingabel) and some 2 to .a248.e.akamai.net:443

How do you find this stuff?

Looking at it through a hex editor, I can't see a way to decode it as of yet. It's interesting, to say the least. Using Translhextion for HEX editing.

EDIT1: What I truly know:
File name and path: D :\*****\3DS HACKING0000000
File size: 15763968 bytes = 15394 kilobytes.

Number of hexdump lines: 788199.

EDIT2: Reading it through OEM, I see a lot of DE bytes. But I doubt that it's the encoding.

EDIT3: Seached for said string, not found. Searched for G>. and found the HEX offset 0x27C0, 0xA6A0, 0x2A995, and so on because I'm only 3% in the file. Still no luck. Anyone else want to help out?

Thulinma · Mar 28, 2011

Knyaz Vladimir said:
No shit. The video is 3D, it's obviously encrypted in a different manner. Why would people think otherwise is beyond me. If we can get a second video dump and analyze the two together, we might figure out something from this. Too bad, I don't have a 3DS.

Normally I am quite quiet on these forums, but I couldn't resist writing a response to this blatant ignorance:
Video is not encrypted but encoded. 3D video is encoded exactly the same way 2D video is, so you would indeed be able to see a "normal" video header if the content were sent plain. Obviously the 3DS uses the same method of getting files from the Nintendo servers as the DSi and Wii do (after all, why would you change a working system) - and files are sent encrypted to the system. So, what you have here is an encrypted file, containing "standard" encoded video. Just because it's 3D doesn't mean it is magic and needs special encryption or whatever. Decrypting all this will be trivial once the common key is found (and it will be found, it is after all stored in every 3DS system for decrypting this stuff) since the tools for it already exist and the process is well documented. However, decrypting this stuff will not be very useful. You still need the private key to make anything the 3DS would accept, and chances are this key will never be found. It wasn't ever found for the Wii, after all. We didn't end up needing it, though, and we probably won't need it for the 3DS either.

On a different note - I do wonder what 3D video standard (side by side? over and under? two streams? alternating frames? etc) and format (MKV? AVI? MP4?) Nintendo decided to use. I can't wait to convert my collection of 3D movies for proper watching on 3DS :-)

Knyaz Vladimir · Mar 28, 2011

Aw, crap- I meant 3D video is encoded a different way. I'm not sure how the 3DS works, but there are many ways on how it runs. It's encypted specially for 3DS, not because of it being 3D. Sorry for any misunderstandings, English is my third language.

Also, as a side note- I think the video is 800x240 and... I'm not sure what video format it is. If we can transfer a video saved by the 3DS onto a SD Card (maybe in May), then we'll get somewhere.

ichichfly · Mar 28, 2011

Knyaz Vladimir said:
If we can transfer a video saved by the 3DS onto a SD Card (maybe in May), then we'll get somewhere.

I don`t think so because i think nintendo will encrypt them,too.

I think we need the SD-Key not the common key.

ADD: The QR Code for mii are not encrypted and can be readed easy by the PC have fun.

Nollog · Mar 28, 2011

ichichfly said:
some 2 to .a248.e.akamai.net:443

The Akamai
HD Network
A revolutionary new approach to delivering HD video online that offers unmatched scale, quality and a highly interactive video viewing experience across Flash, Silverlight and to the iPhone.
View the demo
http://www.akamai.com/index.html

MOST INTERESTING. Most.

Knyaz Vladimir · Mar 28, 2011

ichichfly said:
Knyaz Vladimir said:

If we can transfer a video saved by the 3DS onto a SD Card (maybe in May), then we'll get somewhere.

Click to expand...

I don`t think so because i think nintendo will encrypt them,too.

I think we need the SD-Key not the common key.

ADD: The QR Code for mii are not encrypted and can be readed easy by the PC have fun.

MPO and JPGs are used by the 3DS. So are MP3s.

I'll just twiddle my thumbs and scream in pain. (Damn surgery, the freezing wore off)

WB3000 · Mar 28, 2011

The content system appears to be similar to the Wii and DSi systems (once again). The server used is the same as the DSi server, however there are changes to the tmd file format that prevent a lot of tools from working (including all my NUSD builds). You can read more about the tmd changes here. There is also code available to read the tmd information from this new format.

If you put any of those titleIds into NUSD, the tmd will be fetched but content information will be incorrect and consequently contents will 404. Should time permit, NUSD could be extended to 3DS support as well.

QUOTE said:
The Akamai
HD Network

I'm fairly sure that it just one of Akamai's services, and that Nintendo has been using Akamai for general distribution for quite awhile.

QUOTEI think we need the SD-Key not the common key.

Both keys are useful for different things. Stuff like gamesaves and other encrypted things require the SD Key to make changes. I'm not positive, but I believe that the idea behind savegame exploits is 1) get sd key 2) decrypt gamesave and insert exploit changes 3) re-encrypt with SDkey and distribute.

All of these files you are getting from NUS are useless in their current state. Do not waste your time examining the video file, or any of the others. Once the common key is released, these files can be decrypted and will probably be very easy to extract video, etc.

Knyaz Vladimir · Mar 28, 2011

Okay, I dropped the video file. I still have it, though, if need be.

So, how are we supposed to find the common key? My idea is trying to figure out an exploit, but without a decrypter, we're kind of screwed over. So, let's think of ideas on obtaining said key as fast as possible, and just so I can have my 3DS be a remote for my Wii. (using it as a keyboard and mouse, imo)

Hacking 3DS update process analyzed

Member

Well-Known Member

Well-Known Member

Well-Known Member

Banned!

Gbatemp's Official Earthbound Maniac™

Banned!

Gbatemp's Official Earthbound Maniac™

Deleted User

Guest

Well-Known Member

3DS Hacker

Well-Known Member

3DS Hacker

Computer Magician

3DS Hacker

Well-Known Member

Well-Known Member

3DS Hacker

Well-Known Member

3DS Hacker

Similar threads

Popular threads in this forum