Hacking 3DS Hack: "We hacked it"

[Pong20302000]

I want homebrew so we can change the User Interface... I find the UI of 3DS a bit ugly.

unlikely you would be able to do that, but who knows
nice starbound avatar

 

[8BitWalugi]

Question, has anything arisen from this?

I mean, you can't expect someone to read through 95 pages of random comments and theorizing could come of this?

I just want to know if it's confirmed real or fake or whatever.

 

[Nurio]

Question, has anything arisen from this?

I mean, you can't expect someone to read through 95 pages of random comments and theorizing could come of this?

I just want to know if it's confirmed real or fake or whatever.

Confirmed real. Nothing released yet. Very few details/specifics have been given by the team.
There's a 3DS Hack Compilation thread in the stickies that you can check for updated information.

 

[urbanman2004]

if they can permanently hack this in the next coming months, i'll probably upgrade to a 3ds

 

[SifJar]

That's what reversing the firmware is for, what you have to do is a firmware hack. As soon as you have access to the kernel you have access to the service that flashes firmware modules to the NAND. The only problem is that channel has to be written and whatever checks for the signed code has to be disabled which can be overcome and lead to a permanent hack.

Not so. You are making the assumption that you can just modify the system software to remove the signature checks; but this software itself is also signed, and it's signature will be checked earlier in the boot process.

On the Wii for example, boot0 will load and check the hash of boot1 against the hash in OTP (One Time Programmable memory). Then, as long as the hashes match, it will load boot1. This means that boot1 cannot be changed in anyway, because boot0 and OTP can't be changed (not physically possible due to the types of memory used), so boot1 has to match the hash stored exactly (i.e. very high chance it is the exact same file). Then boot1 will check the signature of boot2, and if it passes this check, it will load it. (BootMii/boot2 worked due to exploit [trucha bug] in boot1; once this was fixed in newer Wiis, there was no way to reintroduce it, because boot1 can't be changed; this is also why Nintendo couldn't fix the bug and block BootMii/boot2 on already manufactured Wiis).

So provided to be able to modify system software, you need an exploit in the stage before it in the "chain of trust". i.e. you essentially need a bootloader exploit of some sort to be able to do what you suggest.

Bear in mind that the bootloader contains a fairly minimal amount of code (basically enough to load the actual firmware and not much more), and less code means less chance of vulnerable code, and also consider that Nintendo have experienced bootloader exploits before [i.e. BootMii/boot2], so will probably be quite careful in that regard.

 

[Deltaechoe]

Oh shit, you're right, I'm stuck in nexus land where an unlocked bootloader is norm and the actual signature checks are done in the kernel. Forgetting nintendo does it differently...FML I hate when I have to put my foot in my mouth...

 

[SifJar]

Oh shit, you're right, I'm stuck in nexus land where an unlocked easily unlockable bootloader is norm and the actual signature checks are done in the kernel. Forgetting nintendo does it differently...FML I hate when I have to put my foot in my mouth...

 

[Deltaechoe]

Considering that it takes only one easy command in a command line to unlock the damn thing, I consider it unlocked already

 

[SirAileron]

On the Wii for example, boot0 will load and check the hash of boot1 against the hash in OTP (One Time Programmable memory). Then, as long as the hashes match, it will load boot1. This means that boot1 cannot be changed in anyway, because boot0 and OTP can't be changed (not physically possible due to the types of memory used), so boot1 has to match the hash stored exactly (i.e. very high chance it is the exact same file). Then boot1 will check the signature of boot2, and if it passes this check, it will load it. (BootMii/boot2 worked due to exploit [trucha bug] in boot1; once this was fixed in newer Wiis, there was no way to reintroduce it, because boot1 can't be changed; this is also why Nintendo couldn't fix the bug and block BootMii/boot2 on already manufactured Wiis).

It may be off-topic to do this, but thank you. I haven't seen anywhere else that explained so clearly what prevented BootMii to be installed on Boot2. That's something I've always been curious of, since it can be loaded as an IOS otherwise.

 

[Deltaechoe]

It may be off-topic to do this, but thank you. I haven't seen anywhere else that explained so clearly what prevented BootMii to be installed on Boot2. That's something I've always been curious of, since it can be loaded as an IOS otherwise.

Boot1 does an integrity check on Boot2, the old versions of Boot1 had a bug which allowed for this integrity check to be effectively bypassed (I think it was fakesigning and the trucha bug). The updated boot1 fixed that problem and didn't allow for that integrity check to be bypassed, disallowing unauthorized software to be flashed into boot2

 

[DroRox]

I can't wait for this hack to be released. Homebrew for the 3ds seems really promising. That is, depending which components of the console are figured out.
Let's be real though, being able to play commercial 3ds games would be nice. However, I'm not completely looking forward to that. I'd be 100 times more content with being able to play .nds roms off the SD card or similar since I no longer have a flashcart.

 

[Kikirini]

I can't wait for this hack to be released. Homebrew for the 3ds seems really promising. That is, depending which components of the console are figured out.
Let's be real though, being able to play commercial 3ds games would be nice. However, I'm not completely looking forward to that. I'd be 100 times more content with being able to play .nds roms off the SD card or similar since I no longer have a flashcart.

Gotta agree, I love my DSTwo but it drains the hell out of that battery. Would love to play NDS roms with the 3DS hack.

 

[Thorhian]

Gotta agree, I love my DSTwo but it drains the hell out of that battery. Would love to play NDS roms with the 3DS hack.

The 3DS already has the built in virtualization OS in it. It probably wouldn't be too complicated to do to simply to inject a DS Rom into it via home brew. Plus I'm still wondering if a wifi based "wrapper" could be implemented to fool the DS firmware into thinking that the network the 3DS was connected to was a network it could connect to, fixing the whole "I'm not stupid with my network, so I don't use WEP, but I can't go online with my DS games " situation.

 

[Foxi4]

Biggest feature DSi mode offers is WPA encryption. I don't care about using the cameras in the games.

Do you care for more RAM and faster clock frequency? Because more resources is factually the best DSi Mode feature.

 

[Thorhian]

Do you care for more RAM and faster clock frequency? Because more resources is factually the best DSi Mode feature.

You could say that, and I agree. However, the fact that they finally ditched the WEP only policy/ firmware was a good move even if only dsi enhanced games could handle it.

 

[Cerberus87]

Do you care for more RAM and faster clock frequency? Because more resources is factually the best DSi Mode feature.

Of course, but only if the games can fully utilize it. Anything that is not DSi enhanced plays on DSi as if they were on a DS, so there's no real gain.

 

[fmhugo]

If you take the lock region now would be a good thing.

 

[Vappy]

Man, yellows8 has been making some real headway documenting the GPU commands the past few days.

 

[Thorhian]

Honestly, I just want to see a model viewer right now (without using the dev app). I wonder how far yellows8 is doing with the GPU commands and such and dealing with OpenGL.

 

[Deleted User]

Hey dudes, I run the Hack Compilations thread and I'm changing it a bit this weekend. Since no one understands the basics of how the 3DS works (including me since Androids work really differently from this), if you wouldn't mind, I'd appreciate it if you could send me info about it on Twitter or even better Google Docs. I'll post it in the compilations thread so that everyone can read it at the top. I'm talking about stuff like how the boot loader works btw. Thx.