Hacking Post your ideas regarding how to hack the 3DS, here

rufus83 · Sep 10, 2011

Mega-Mario said:
First of all, Nintendo isn't Sony. They don't usually introduce major security holes in their software.

Next, the 'Nintendo 3DS' screen while loading games is most likely there just to distract the user while the data is being decrypted, verified and copied to RAM. If you removed the cart/sdcard while data is being loaded, the system would notice it, either 'hey, no more data is arriving, the card was most likely taken out' or an IRQ is triggered by hardware when the card is removed. Unless you're quick enough to switch the cards between two accesses (don't say it is impossible, I saw Chuck Norris do that and it worked. Chuck Norris could also obtain the common key by just looking at the device).

Admitting you manage to swap the cards at the right time, the 3DS is now reading contents you want it to read. What do you put in the card? Data has to be encrypted and signed.

Also, why are you promoting piracy and saying you hate to do that? This is like stealing your neighbour's car and going 'aw, i hate to promote car theft'. It's like you're trying to hide the warez kiddie that is inside you.

Wow... What a douche bag. I guess I won't post here anymore.

Vulpes Abnocto · Sep 10, 2011

While it's true that Mega-Mario has a very... blunt way of stating his point,
he's been listening to these ideas for quite some time, and he's got valid counter-points to the theories that most people present.

But he didn't actually insult you.
Try to refrain from using insults, yourself.

This goes for everyone.

machomuu · Sep 10, 2011

Vulpes Abnocto said:
While it's true that Mega-Mario has a very... blunt way of stating his point,
he's been listening to these ideas for quite some time, and he's got valid counter-points to the theories that most people present.

I couldn't have said it better myself [, but I'll try anyway]. While Mario's methods of argument me seem harsh and feel like a bit much, he has been in every hacking theory thread so far. While he may seem mean, listen to him, it can only help.

Arisotura · Sep 10, 2011

I'm sorry if I sound mean, because honestly I don't intend to be mean to beginners and such. I just want to teach them why their theories can't work. I'm not being pessimistic, but I know how it is: the only thing that would work would be dumping/sniffing the RAM (unless some godly browser exploit would let one display RAM contents on a webpage, but that's unlikely). Buffer overflows are useless until we gain more knowledge of the hardware and internals. Other theories (like that famous one, spoofing the Nintendo update servers to send modified firmware data) obviously come from people who didn't read around them before posting (updates are encrypted and signed). And other theories are just plain silly (plug 3DS headphone jack to PC audio output and play buffer-overflowing MP3), coming from either trolls or total dumbasses.

And now, I may be wrong. Noone has absolute knowledge. So if you can prove me wrong, do so. But again I don't think there's a way to hack the 3DS by software without doing hardware hacking first.

Algernon · Sep 11, 2011

This isn't a theory per-se but mostly a premenition.

I don't see current flash cards working in 3DS mode... well, ever. It's not a matter of how far we get with them or what exploit we find within any one game or two games. It's mostly the fact that the 3DS boots the flash carts as DS titles and therein goes into DS mode.

Something tells me an actual 3DS flash cartridge would have to be implimented that runs from 3DS mode from the 3DS menu and by those means, would be used to utilize 3DS titles being loaded from the cart's 3DS booted menu. Now whether we could use the one 3DS flash cart for DS and 3DS is anyone's guess since the 3DS would then be in 3DS mode and I have no idea whether it can switch on the fly or if the cartridge could have a switch on it that could be toggled "DS" and "3DS".

Anyone's guess.

....Still, won't it be cool to see some 3D flash cart menus? Damn right it would.

josiascaignard · Sep 18, 2011

Hello, im not an expert as much as I like to be in the scene of any console, but I've think something that could be useful, anddd here's my thougt

I've been using a flashcart, and it starts in ds mode from the menu of the 3ds, it starts from a spongebob exploit I think, so I had a thought reading the comments on this post. what if a flashcart starts from the spongebob (or some other) and there, inside of the menu, of the flashcart, select a Rom of 3ds, then the flashcart (I don't know How) starts to transfer the data from the ROM, to a principal Data storage place in the flashcart (Wich memory got readen first in the main menu of the 3ds (in that place, has to be first the Spongebob exploit to launch the flashcart menu, and with the menu loaded, the exploit has to be deleted after the rom loads to the memory unit) and it emulates an original cartridge) then when the rom has been loaded to the data storage, the flasscart SO exits to the main menu (manually or automatic) and in the place where the spongebob explit was, now has to be placed the icon from the rom you loaded, because the flashcart has loaded the rom to a memory, that the 3ds acces first. and it cannot detect the data sector that have the flashcart SO.

Please don't be rude with me, im new in the scene of DS, I'm not promoting piracy, is just a theory on how to hack the 3ds, beacuse i love the homebrew, the 3ds has too much potential, and the users seems to be developing better aplciations than the official developers.

Sorry for my bad english, i'm from chile, and hope that my idea can help to the scene

Intl_guy · Sep 18, 2011

(Just made an account to spit this idea out).

Is it possible to attach wires to the connectors of the 3DS cartridge, and sniff the data that gets sent and received into the card as it is mounted into the 3DS console?
I am just reminded of how, in order to obtain the DVD Drive-key from an Xbox 360 disk drive (and eventually, flash with modified firmware) an electronic dongle is used to sniff the data, by splicing a certain piece of the circuitry, applying the tip of the electronic dongle to the circuit, and obtaining the decrypted drive key, appearing on a simple alarm-clock style LCD display on the dongle.

Is that type of maneuver possible with 3DS hardware?
Is that what they do already?
Am I wasting everyone's time?
Damn, my first post and ALREADY I'm a stupid!

NOOO

lol

Tom · Sep 20, 2011

Maybe we could play 3ds roms with a crown 3ds lol

jay3ds · Sep 20, 2011

the worried problem is if the system is cracked,could it be possible that the system remains cracked after updating the firmwire.

AXYPB · Sep 22, 2011

How likely is it that Nintendo 3DS Sound or Camera can be crashed with an exploit audio or image file?

Arisotura · Sep 22, 2011

Unlikely. Such mistakes have already been done, namely by Microsoft (JPEG exploit) and dumb Sony (PSP TIFF exploit), so chances are that Nintendo learnt from that.

BaronGalf · Sep 23, 2011

I have a quick question. Do the encrypted keys are set into the roms itself, completely apart from it or it's like in packet where the very first byte are the keys.

rondoh70 · Sep 23, 2011

no one knows since the game cant be read exept the decrypted save file which cannot be re encrypted

Heran Bago · Sep 23, 2011

Good thread idea, I hope all the future threads with 'great 3DS hacking theories' get closed and the authors referred here.

Arisotura · Sep 24, 2011

* The decryption keys are stored inside a ROM inside the SoC, or something like that. Having them stored in the ROMs would be kinda like locking a door and placing the key right next to the door, that'd be stupid.

* Save files can be reencrypted. The game ROMs can be read, but they're encrypted, so yeah...

* postcount++ much?

iNFiNiTY · Sep 26, 2011

Mega-Mario said:
First of all, Nintendo isn't Sony. They don't usually introduce major security holes in their software.

Really... really? Nintendo had clearly the worst security by far out of the 3 consoles. The Wii had exploits right in their own System Menu that they even managed to fuck up fixing the first time and leave the exploit working with minor changes. You can make anything you want run on the DS and they can't even fix it in DSi mode without it being bypassed again. Even DSi has had quite a few exploits (but quickly fixed to be fair). PS3 took the longest to have any hack out of pretty much any major platform ever, and it still was not totally taken over. PSP has had what looks like a lot of hacks but many were in third party games. Same in your examples, the TIFF exploit was a bug in many things that handled TIFF files it's not even Sony's fault. Anyway...

Intl_guy what you are saying appears to be on the right track as to what the Crown3DS does, except the wrong way around; media not the media reader. The reason the 360 was vulnerable though is a lot in part because of the third party DVD drives which easily allowed you to flash them. There's no separate device with it's own firmware to try and attack here, i'm assuming cart read commands come straight from untouchable areas of the system. So they choose to aim at the cart's side of the communication with the system.

Hopefully we'll know more soon but to be honest it sounds like it's going to be a pretty limited method compared to what we're used to at least. Not to mention it could possibly (or even likely) be blocked with update. It doesn't even really open up any possibilities in running code or even any other methods really.

Gamer5501 · Sep 26, 2011

I don't know if anyone has come up with this but if we were to have a homebrew channel of some sort like the Wii then would there be a way to hack to notifications through mac address like the Wii does with LetterBomb? This is something I'd love to see in the future

rondoh70 · Sep 26, 2011

that may be possible but expliots have to be done first so we can get more information on the system

Arisotura · Sep 29, 2011

iNFiNiTY said:
Mega-Mario said:

First of all, Nintendo isn't Sony. They don't usually introduce major security holes in their software.

Click to expand...

Really... really? Nintendo had clearly the worst security by far out of the 3 consoles. The Wii had exploits right in their own System Menu that they even managed to fuck up fixing the first time and leave the exploit working with minor changes. You can make anything you want run on the DS and they can't even fix it in DSi mode without it being bypassed again. Even DSi has had quite a few exploits (but quickly fixed to be fair). PS3 took the longest to have any hack out of pretty much any major platform ever, and it still was not totally taken over. PSP has had what looks like a lot of hacks but many were in third party games. Same in your examples, the TIFF exploit was a bug in many things that handled TIFF files it's not even Sony's fault. Anyway...

The Wii is a real Swiss cheese, yeah. But for each exploit given, they'd fix it in the next firmware update. On Sony's side, hackers found the PS3 private key, so pretty much anything can be done, and there's nothing Sony can do to fix that (aside from suing left and right). The PSP is also a total Swiss cheese... but given what happened to the PS3, I wouldn't say that the worst security is Nintendo's

Net_Bastard · Oct 1, 2011

The 3DS's interface is very similar to that of the DSi's, so maybe there could be a DSiwarehax-type of thing with the 3DS e-shop?

Hacking Post your ideas regarding how to hack the 3DS, here

Active Member

Not Dead Yet

Drops by occasionally

rise of melonism

Member

Active Member

New Member

Gbatemp's Unofficial Modder

New Member

Well-Known Member

rise of melonism

New Member

Well-Known Member

Where do puyo come from?

rise of melonism

Well-Known Member

Active Member

Well-Known Member

rise of melonism

Well-Known Member

Similar threads

Popular threads in this forum