Hacking 3DS decapping fundraising topic.

[Syphurith]

Correct me if I'm wrong, but can the decapping reveal some possible exploits, that are "unusable" because of the update?
EDIT : nevermind, got my answers!

There may be some details we can not take advantages of but the update can not change many things.
Software exploits can be easily fixed. but you can never fix one hardware exploit with software.
Updates are software. so it can not change the ROM and CHIPS and so on.
Even it does not find out some exploit we can know the chip better and even build an emulator before have a real hack.

 

[Pluupy]

Will the data from the project be released for a select group or for anyone to use?

 

[Syphurith]

Will the data from the project be released for a select group or for anyone to use?

We're considering giving contributors a copy of the images produced as thanks.

But that statement means it is not for sure now.
Since you donate the collector would get your email or other things related to your money.
I do think they have the access to give us that images.
Images is raw data that needs to be analysed, however Analysis Result might not be spread all around.
In fact only those groups or ones can understand them well so i guess the analysed data will be given to specified ones.

 

[Syphurith]

I noticed there is a branch of that LAB in China.
I wondered how much would it takes if it can be decapped in its Chinese branch.
I want one of my friends (who is also in Shanghai) to check it out.
So please someone answer me:

What's your accepted standard of scanning the chip? Please reply in details as many as possible.

That will influence the prices, certainly.
If the cost is cheapper than that of now, would you consider decapping it in China?
If you can not trust us, please send someone to monitor and we will also spare other guys to look at it.

 

[DiabloStorm]

I noticed there is a branch of that LAB in China.
I wondered how much would it takes if it can be decapped in its Chinese branch.
I want one of my friends (who is also in Shanghai) to check it out.
So please someone answer me:

What's your accepted standard of scanning the chip? Please reply in details as many as possible.

That will influence the prices, certainly.
If the cost is cheapper than that of now, would you consider decapping it in China?
If you can not trust us, please send someone to monitor and we will also spare other guys to look at it.

Not sure if I understand your question, but: http://www.eaglabs.com/mc/scanning-electron-microscopy.html

 

[Syphurith]

Not sure if I understand your question, but: http://www.eaglabs.com/mc/scanning-electron-microscopy.html

well thanks i got that

Signal Detected: Secondary & backscattered electrons and x-rays, absorbed current, light (Cathodoluminescence) and induced current (EBIC)
Elements Detected: B-U (EDS mode)
Detection Limits: 0.1-1at%
Depth Resolution: 0.5-3µm (EDS)
Imaging/Mapping: Yes
Lateral Resolution/Probe Size: 15-45Å

Now That's clear for me. It seems they do provide services with such a resolution. but is the price (gshock got) that for 0.5um?

Spoiler

Considering of anything related to hardware to perform Timing attack (if they check before use).

 

[DiabloStorm]

well thanks i got that

Now That's clear for me. It seems they do provide services with such a resolution. but is the price (gshock got) that for 0.5um?

Spoiler

Considering of anything related to hardware to perform Timing attack (if they check before use).

I have no way of knowing what depth resolution they got a quote for, have you tried their IRC channel? maybe someone other than gshock there would know (since it seems he's been absent?)

 

[Syphurith]

I have no way of knowing what depth resolution they got a quote for, have you tried their IRC channel? maybe someone other than gshock there would know (since it seems he's been absent?)

Thanks as well. Jl12 is very busy now (he has a dev), so i would not expect see him on IRC. I've sent a email several days ago.
That's common sense that higher solution is better for us to analyse.

Well considering where can perform such a good attack..

 

[DiabloStorm]

That's common sense that higher solution is better for us to analyse.

I'm no expert but I would assume the same thing, but it may affect the pricing, again, no idea.

 

[Syphurith]

I'm no expert but I would assume the same thing, but it may affect the pricing, again, no idea.

Thanks. That's what i wanna know exactly.
They must have already checked the minium resolution.
Well i will wait for another month..

Spoiler

If comparsion happened in launching 3ds game..

 

[DiabloStorm]

Thanks. That's what i wanna know exactly.
They must have already checked the minium resolution.
Well i will wait for another month..

Spoiler

If comparsion happened in launching 3ds game..

surely neimod or yellows8 would know of the minimum usable resolution they'd need to work with?

 

[Syphurith]

surely neimod or yellows8 would know of the minimum usable resolution they'd need to work with?

Some guys use dev unit to generate and decrypt for unsigned code. Some use ram dump.
That is yellows8 tells me i should send Jl12 email instead of finding any way to contact him.
Well the new idea i got minutes ago is titled 'go back to gbatemp'. If you want to have a look.

Spoiler

Type:Hardware
Requirements: There is comparsion where we want a specified value. They do not design to use NOP or anything to fill the time cost. We can slow down the clock or have facility enough for that, and we know how to check the time cost.
Explaination: Codes execute in a row in hardware. the time cost of compare a 1001 to 1000 and that of 0101 to 1000 is different. So with that we can get some sense of what may be. You can never expect a value is correct, you should check its range first. Or to decrypt one with 8Gb data encrypted you may first check a 100B long string first.
Notice this only works where there is visible time difference.

 

[DiabloStorm]

Some guys use dev unit to generate and decrypt for unsigned code. Some use ram dump.
That is yellows8 tells me i should send Jl12 email instead of finding any way to contact him.
Well the new idea i got minutes ago is titled 'go back to gbatemp'. If you want to have a look.

That was just somebody being rude, ignore them. Who is "shlee" anyway...

 

[Syphurith]

That was just somebody being rude, ignore them. Who is "shlee" anyway...

Thanks. I will try to contact those i can remember instead.
But that method has limitations... Right. Well there must be somewhere we can use it.
Oh.. I think a method invented later than 3ds got published may have opportunity to succeed.
Because no one find the exploit and perform such actions before it got published.

So the attack methods in Cryptography that in 2011,2012 may help right?

 

[Seratonin]

Thanks. I will try to contact those i can remember instead.
But that method has limitations... Right. Well there must be somewhere we can use it.
Oh.. I think a method invented later than 3ds got published may have opportunity to succeed.
Because no one find the exploit and perform such actions before it got published.

So the attack methods in Cryptography that in 2011,2012 may help right?

Are you saying someone else is hacking the 3DS? I am confused with your statement "Some guys use dev unit to generate and decrypt for unsigned code.".

 

[DiabloStorm]

Are you saying someone else is hacking the 3DS? I am confused with your statement "Some guys use dev unit to generate and decrypt for unsigned code.".

No, some people at 3Dbrew have dev unit 3DS's "panda 3ds"

 

[Syphurith]

Are you saying someone else is hacking the 3DS? I am confused with your statement "Some guys use dev unit to generate and decrypt for unsigned code.".

You want to know who it that? Oh he is very busy now (to even reply your email.)
Guess who is that. (Related to this thread)

Right DiabloStorm got the correct meaning.
I'm Sorry but my english is just so-so

 

[DiabloStorm]

You want to know who it that? Oh he is very busy now (to even reply your email.)
Guess who is that. (Related to this thread)

Right DiabloStorm got the correct meaning.
I'm Sorry but my english is just so-so

It's okay, but admittedly, it is hard to understand you at times

 

[Seratonin]

No, some people at 3Dbrew have dev unit 3DS's "panda 3ds"

How far will using that device go when it comes down to hacking?

 

[DiabloStorm]

How far will using that device go when it comes down to hacking?

3DSGuy did an entire thread on the panda units: http://gbatemp.net/threads/3ds-development-hardware.327858/ Personally, I have no idea, I don't have one and even if I did it would be pretty much useless in my hands lol