Toggle sidebar

Hacking 3DS Hack: "We hacked it"

  • Thread starter Thread starter michael18
  • Start date Start date
  • Views Views 737,756
  • Replies Replies 2,186
  • Likes Likes 5
Status
Not open for further replies.
Question, has anything arisen from this?

I mean, you can't expect someone to read through 95 pages of random comments and theorizing could come of this?

I just want to know if it's confirmed real or fake or whatever.
 
8BitWalugi said:
Question, has anything arisen from this?

I mean, you can't expect someone to read through 95 pages of random comments and theorizing could come of this?

I just want to know if it's confirmed real or fake or whatever.
Click to expand...
Confirmed real. Nothing released yet. Very few details/specifics have been given by the team.
There's a 3DS Hack Compilation thread in the stickies that you can check for updated information.
 
Deltaechoe said:
That's what reversing the firmware is for, what you have to do is a firmware hack. As soon as you have access to the kernel you have access to the service that flashes firmware modules to the NAND. The only problem is that channel has to be written and whatever checks for the signed code has to be disabled which can be overcome and lead to a permanent hack.
Click to expand...
Not so. You are making the assumption that you can just modify the system software to remove the signature checks; but this software itself is also signed, and it's signature will be checked earlier in the boot process.

On the Wii for example, boot0 will load and check the hash of boot1 against the hash in OTP (One Time Programmable memory). Then, as long as the hashes match, it will load boot1. This means that boot1 cannot be changed in anyway, because boot0 and OTP can't be changed (not physically possible due to the types of memory used), so boot1 has to match the hash stored exactly (i.e. very high chance it is the exact same file). Then boot1 will check the signature of boot2, and if it passes this check, it will load it. (BootMii/boot2 worked due to exploit [trucha bug] in boot1; once this was fixed in newer Wiis, there was no way to reintroduce it, because boot1 can't be changed; this is also why Nintendo couldn't fix the bug and block BootMii/boot2 on already manufactured Wiis).

So provided to be able to modify system software, you need an exploit in the stage before it in the "chain of trust". i.e. you essentially need a bootloader exploit of some sort to be able to do what you suggest.

Bear in mind that the bootloader contains a fairly minimal amount of code (basically enough to load the actual firmware and not much more), and less code means less chance of vulnerable code, and also consider that Nintendo have experienced bootloader exploits before [i.e. BootMii/boot2], so will probably be quite careful in that regard.
 
  • Like
Reactions: 2ndApex, Thorhian and pelago
Oh shit, you're right, I'm stuck in nexus land where an unlocked bootloader is norm and the actual signature checks are done in the kernel. Forgetting nintendo does it differently...FML I hate when I have to put my foot in my mouth...
 
Deltaechoe said:
Oh shit, you're right, I'm stuck in nexus land where an unlocked easily unlockable bootloader is norm and the actual signature checks are done in the kernel. Forgetting nintendo does it differently...FML I hate when I have to put my foot in my mouth...
Click to expand...
:ph34r:
 
Considering that it takes only one easy command in a command line to unlock the damn thing, I consider it unlocked already
 
SifJar said:
On the Wii for example, boot0 will load and check the hash of boot1 against the hash in OTP (One Time Programmable memory). Then, as long as the hashes match, it will load boot1. This means that boot1 cannot be changed in anyway, because boot0 and OTP can't be changed (not physically possible due to the types of memory used), so boot1 has to match the hash stored exactly (i.e. very high chance it is the exact same file). Then boot1 will check the signature of boot2, and if it passes this check, it will load it. (BootMii/boot2 worked due to exploit [trucha bug] in boot1; once this was fixed in newer Wiis, there was no way to reintroduce it, because boot1 can't be changed; this is also why Nintendo couldn't fix the bug and block BootMii/boot2 on already manufactured Wiis).
Click to expand...
It may be off-topic to do this, but thank you. I haven't seen anywhere else that explained so clearly what prevented BootMii to be installed on Boot2. That's something I've always been curious of, since it can be loaded as an IOS otherwise.
 
SirAileron said:
It may be off-topic to do this, but thank you. I haven't seen anywhere else that explained so clearly what prevented BootMii to be installed on Boot2. That's something I've always been curious of, since it can be loaded as an IOS otherwise.
Click to expand...

Boot1 does an integrity check on Boot2, the old versions of Boot1 had a bug which allowed for this integrity check to be effectively bypassed (I think it was fakesigning and the trucha bug). The updated boot1 fixed that problem and didn't allow for that integrity check to be bypassed, disallowing unauthorized software to be flashed into boot2
 
I can't wait for this hack to be released. Homebrew for the 3ds seems really promising. That is, depending which components of the console are figured out.
Let's be real though, being able to play commercial 3ds games would be nice. However, I'm not completely looking forward to that. I'd be 100 times more content with being able to play .nds roms off the SD card or similar since I no longer have a flashcart.
 
DroRox said:
I can't wait for this hack to be released. Homebrew for the 3ds seems really promising. That is, depending which components of the console are figured out.
Let's be real though, being able to play commercial 3ds games would be nice. However, I'm not completely looking forward to that. I'd be 100 times more content with being able to play .nds roms off the SD card or similar since I no longer have a flashcart.
Click to expand...
Gotta agree, I love my DSTwo but it drains the hell out of that battery. Would love to play NDS roms with the 3DS hack.
 
Kikirini said:
Gotta agree, I love my DSTwo but it drains the hell out of that battery. Would love to play NDS roms with the 3DS hack.
Click to expand...
The 3DS already has the built in virtualization OS in it. It probably wouldn't be too complicated to do to simply to inject a DS Rom into it via home brew. Plus I'm still wondering if a wifi based "wrapper" could be implemented to fool the DS firmware into thinking that the network the 3DS was connected to was a network it could connect to, fixing the whole "I'm not stupid with my network, so I don't use WEP, but I can't go online with my DS games :(" situation.
 
Foxi4 said:
Do you care for more RAM and faster clock frequency? Because more resources is factually the best DSi Mode feature. :P
Click to expand...
You could say that, and I agree. However, the fact that they finally ditched the WEP only policy/ firmware was a good move even if only dsi enhanced games could handle it.
 
Foxi4 said:
Do you care for more RAM and faster clock frequency? Because more resources is factually the best DSi Mode feature. :P
Click to expand...

Of course, but only if the games can fully utilize it. Anything that is not DSi enhanced plays on DSi as if they were on a DS, so there's no real gain.
 
Honestly, I just want to see a model viewer right now (without using the dev app). I wonder how far yellows8 is doing with the GPU commands and such and dealing with OpenGL.
 
Hey dudes, I run the Hack Compilations thread and I'm changing it a bit this weekend. Since no one understands the basics of how the 3DS works (including me since Androids work really differently from this), if you wouldn't mind, I'd appreciate it if you could send me info about it on Twitter or even better Google Docs. I'll post it in the compilations thread so that everyone can read it at the top. I'm talking about stuff like how the boot loader works btw. Thx. :)
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

[WIP] SMW 3DS Port - Early Playable Demo by ZalgonEn

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Homebrew  [Progress update] LCE Minecraft 3ds

Gaming  any good rpgs on 3ds?