Hacking 3DS Hacking Theory Thread
- Thread starter Knyaz Vladimir
- Start date
- Views 42,116
- Replies 205
- Status
We need to know whether the data for loading a game is loaded from the game card, or is already stored and translates the game data into something playable, but seeing that roms are leaked (?) it means that the loader is stored in the 3DS, this can be further confirmed by Nintendo telling that your system will shut down if it detects third-party stuff.
Exceptionally hard to hack, but it seems that big N releases patches / updates that change firmware, basically we have to keep track what changes and where, and after 2 or 3 patches we can notice a pattern in patching...
that way an exploit may be found allowing us to fool the system that the game is the SD card, but then I am afraid the security will kick in...
But, I noticed and it IS confirmed and that is also why people get some SD card altogether with the system: the game files can be saved to the SD card! This way we can exploit a save file, forcing the loader to ignore security check and then reading a game file from the sd card. The 3DS E-store... buying games online... yeah, it will be easy to crack if we have patience, but right now it is almost impossible.
They sure didn't lie about ''their systems having the latest technology''
Exceptionally hard to hack, but it seems that big N releases patches / updates that change firmware, basically we have to keep track what changes and where, and after 2 or 3 patches we can notice a pattern in patching...
that way an exploit may be found allowing us to fool the system that the game is the SD card, but then I am afraid the security will kick in...
But, I noticed and it IS confirmed and that is also why people get some SD card altogether with the system: the game files can be saved to the SD card! This way we can exploit a save file, forcing the loader to ignore security check and then reading a game file from the sd card. The 3DS E-store... buying games online... yeah, it will be easy to crack if we have patience, but right now it is almost impossible.
They sure didn't lie about ''their systems having the latest technology''
D
Deleted User
Guest
Hum m...
game cart exploit with savedata is not impossible,but you do carelessness search,you will not be read and write savedata.
(Because of Nintendo library.)
Posts merged
Hum m...
game cart exploit with savedata is not impossible,but you do carelessness search,you will not be read and write savedata.
(Because of Nintendo library.)
game cart exploit with savedata is not impossible,but you do carelessness search,you will not be read and write savedata.
(Because of Nintendo library.)
Posts merged
Hum m...
game cart exploit with savedata is not impossible,but you do carelessness search,you will not be read and write savedata.
(Because of Nintendo library.)
Diari said:
So far no one even knows what fucking processor is there inside, so no one can even start coding simple "Hello world" application (not to mention designing and implementing an exploit).
- Joined
- Sep 24, 2010
- Messages
- 621
- Trophies
- 0
- Age
- 28
- Location
- My computer in Sharpedo Bluff
- Website
- Visit site
- XP
- 158
- Country
Stop speculating. It's likely that there are other methods that the hacker teams are testing now anyway, but we will never know which method works until they release the info. Leave this to the hackers.
pachura said:
Wait... What? We know the processor(well, processors). Dual ARM11s @266 mhz. There are and have been compilers and assemblers for these processors for years and the ISA is totally open, so even without using pre-existing tools someone could write an assembler and using that create a compiler. The problem is that until the binary format has been studied more, getting even a small piece of code running will prove difficult.
montgoej said:
1. Although these specs look pretty believable and inline with Nintendo's strategy of choosing the cheapest acceptable hardware, they are just a rumour (released by IGN, if I remember correctly). Totally unconfirmed.
2. Even if CPU's architecture was known and someone was able to compile some ARMxx assembly into executable code, you still need more than that even to just display a simple text message. A standard library, system APIs, knowledge of hardware architecture (how all the components interact with each other) - at least one of these. I believe the only hope is some rogue 3DS game developer disclosing internal details.
I was spending some time uses ARM functions to try to enable the previously locked 3D Mode function on the Nintendo 3DS using a Nintendo 3DS , updated and AceKard 2i and R4i 3DS. I have successfully determined that many of the ARM functions do indeed work and trigger functions previously locked out by 3DS System Software.
ie
ARM1-3 = Give a Random ARMxx Error and often display "3DS Mode Cannot be Intialized"
ARM4-6 = Give a Random ARMxx Error and often display "3D Mode Error xx.xx"
ARM7-9 = Give a Random ARMxx Error and often display "3DS Mode Could Not Be Started"
ARM10-11 = Give a Random ARMxx Error and often display all 3 error messages
I've included a diagram of the differences between 2D Mode and 3D in hopes that it can give ideas for future coders/developers to implement a possible exploit possibly via a similar DSiWareHax or Sudokuhax (Or Any Othe Embedded Game Save Hack , Image File Hack or Media File Hack). I have tried many methods and used every ARM function available with no success getting 3D Mode fully unlocked
Pics of Worklog will be posted ASAP
Here is the diagram of how DS 2D Mode and 3DS 3D Mode Work and Are Different
I hope that this information can help with a breakthrough and possible exploit of the 3DS as well as compatible kernel software for Flash Carts and 3D Mode
Happy Cracking
[MOFO]
PS: The ARM Functions were recompiled into Mario Kart 3DS , Super Street Fighter IV 3DS and Super Mario 3DS as in order to get a fully functioning exploit with installer you need to completely Dump the NAND Flash and then Edit it the source hoping to find an exploit/loophole ie something similar to SudokuHaxx or DSiWareHaxx but because the ARM Functions don't function fully your best option is to edit the NAND Flash , the only problem is the method of getting your NAND Flash xD
ie
ARM1-3 = Give a Random ARMxx Error and often display "3DS Mode Cannot be Intialized"
ARM4-6 = Give a Random ARMxx Error and often display "3D Mode Error xx.xx"
ARM7-9 = Give a Random ARMxx Error and often display "3DS Mode Could Not Be Started"
ARM10-11 = Give a Random ARMxx Error and often display all 3 error messages
I've included a diagram of the differences between 2D Mode and 3D in hopes that it can give ideas for future coders/developers to implement a possible exploit possibly via a similar DSiWareHax or Sudokuhax (Or Any Othe Embedded Game Save Hack , Image File Hack or Media File Hack). I have tried many methods and used every ARM function available with no success getting 3D Mode fully unlocked
Pics of Worklog will be posted ASAP
Here is the diagram of how DS 2D Mode and 3DS 3D Mode Work and Are Different
I hope that this information can help with a breakthrough and possible exploit of the 3DS as well as compatible kernel software for Flash Carts and 3D Mode
Happy Cracking
[MOFO]
PS: The ARM Functions were recompiled into Mario Kart 3DS , Super Street Fighter IV 3DS and Super Mario 3DS as in order to get a fully functioning exploit with installer you need to completely Dump the NAND Flash and then Edit it the source hoping to find an exploit/loophole ie something similar to SudokuHaxx or DSiWareHaxx but because the ARM Functions don't function fully your best option is to edit the NAND Flash , the only problem is the method of getting your NAND Flash xD
[MOFO said:
If I understand correctly, you wrote a piece of code to call random ARM functions (whatever might they be) and ran it on 3DS in DS mode hoping it will switch back into the 3DS mode, right ?
In my opinion, the DS mode is sandboxed and it is impossible to switch back into the 3DS mode without restarting the console. Which would make your attempts useless. But who knows ? Good luck, anyway.
Hi guys.
Have a read here->
http://hackmii.com/2011/05/dsi-system-upda...-4-2/#more-1406
about certificates. I'm pretty sur they have similary secure the 3DS.
Have a read here->
http://hackmii.com/2011/05/dsi-system-upda...-4-2/#more-1406
about certificates. I'm pretty sur they have similary secure the 3DS.
Correct pachura but you left out one point where I added Random ARM functions to deploy DURING the reboot , using a very similar method to the BannerBomb exploit on the Wii. The ARM functions did deploy during reboot enabling the first load of a 3DS Rom to display ARMxx Errors and 3D Mode Not Accessible errors which leads me to think I'm on the right direction with this..
PS: The ARM Functions are just Random ARM Functions (Jibberish Numbers) on each of the ARM Channels 1-11. I'm still not %100 sure which ARM Function is going to do it or wether it is completely write protected similar to other devices..
"The new 1.4.2 system settings title verifies the APCert with TWCert stored in NAND. This stops us from modifying DSiWare savedata for arbitrary systems, as the only way to get those system certs is from NAND. When you don’t already have DSiWareHax, it’s impossible to obtain your system certs without soldering NAND. The new system settings will not allow any DSiWare on SD card signed by other systems to copy to “internal memory”.
So that's the answer to why the 3DS mode will not enable as we do not have the TWCert which leads me to believe it's just a matter of time before we have a full NAND dump of the 3DS , when that's going to happen I'm really not sure.. but knowledge is power friends and I'm still happy I took this much effort towards it already
Happy Cracking and May Nintendo fuck up and bless us all with a successfull NAND dump xD
PS: The ARM Functions are just Random ARM Functions (Jibberish Numbers) on each of the ARM Channels 1-11. I'm still not %100 sure which ARM Function is going to do it or wether it is completely write protected similar to other devices..
"The new 1.4.2 system settings title verifies the APCert with TWCert stored in NAND. This stops us from modifying DSiWare savedata for arbitrary systems, as the only way to get those system certs is from NAND. When you don’t already have DSiWareHax, it’s impossible to obtain your system certs without soldering NAND. The new system settings will not allow any DSiWare on SD card signed by other systems to copy to “internal memory”.
So that's the answer to why the 3DS mode will not enable as we do not have the TWCert which leads me to believe it's just a matter of time before we have a full NAND dump of the 3DS , when that's going to happen I'm really not sure.. but knowledge is power friends and I'm still happy I took this much effort towards it already
Happy Cracking and May Nintendo fuck up and bless us all with a successfull NAND dump xD
I just had a thought, don't know if anyone has mentioned it already... couldn't we use ds download play somehow? Even if it would require a wii to send the data. We do have the wii hacked, couldn't we somehow make the wii send games to the 3ds? Hmm would perhaps not help running homebrew and our own code, but it might be a start.
Ghork said:
No, that wouldn't work. It does the same checks as on a 3DS cart in 3DS Download Play to make sure it's authentic.
- Status
Similar threads
- Poll
-
-
-
-
-
-
@
Psionic Roshambo:
Some sort of police thing going on near me lol "Get out of the car with your hands up and walk backwards towards us" over a loud speaker thing -
-
-
-
-
-
-
-
-
-
-
-
-
-
@
Julie_Pilgrim:
@Psionic Roshambo i have 16 gb in my pc and i run into issues with ram more than i'd like to admit -
-
-
-
-
