Hacking 3ds hacking idea

[ChrisRX]

It always does disappoint me seeing how easy people think it is to hack hardware and software. Having studied cryptography it's no easy task at all!
I think a general rule should be that users should read this first and if they don't understand everything, then they should not be allowed to speculate on how to find exploits.

 

[Fishaman P]

i think there could be a possible way to hack it by getting a wifi usb dongle
and some software to make the 3ds think its another 3ds and wile the dongle is passing data
it can send a special code that puts it into debug mode or something like that so what do you guys think
(i know already the 3ds is not out it might be some security flaw or something so dont post a million times spamming saying you dont know...)

Dude, stop destroying our efforts!
If you post this publicly, NINTY WILL KNOW AND FIX THIS!!!!!!!!!

 

[Deleted_171835]

i think there could be a possible way to hack it by getting a wifi usb dongle
and some software to make the 3ds think its another 3ds and wile the dongle is passing data
it can send a special code that puts it into debug mode or something like that so what do you guys think
(i know already the 3ds is not out it might be some security flaw or something so dont post a million times spamming saying you dont know...)

Dude, stop destroying our efforts!
If you post this publicly, NINTY WILL KNOW AND FIX THIS!!!!!!!!!

Nothing is being destroyed.
The 3DS isn't out yet. We know jackshit about how it works. This idea won't work. joshbean39 knows nothing about hacking. He's just making up ideas which is fine to do. Even if Nintendo was watching this thread, they wouldn't care. They would be laughing.

 

[Kwartel]

I think the best way is making an Flashcard who mimics an original cartridge. One fashcard with powerfull CPU, like the SuperCard DS2.

This! I guess... but it need to be fakesigned and that will couse a problem.

 

[insidexdeath]

First the 3DS isn't out so you don't even know about hardware properly, so you obviously cannot hack it. Second the 3DS is going to be hackable I can guarantee it, because Nintendo has always said that their console/handheld has some anti piracy measures and yet they fail and as for those who suggested to buy the launch handheld then I'm gonna have to say that it's not playing games whether the first system will be hackable or not, because all of them will.

 

[Taellon]

I'll be honest, if I can help it, I'm not going to buy a flash cart this time around. With my DS flashcart I just download all these games, play them for 15 minutes, then move on to the next thing. When there's a title coming out that I know I'll like and I have the money, I buy it anyways. I enjoy being able to test out games before I buy them, but it just leaves me feeling empty in the end.

3DS will be cracked, it's just a matter of time. And there are a number of theoretical ideas for how we might hack the system, but until it's released and we discover what kind of security it has in place, it's all pointless. Though I did have an idea of how you might be able to crack the system myself, I have no idea if it will work. I'm not a hacker, but I've been around long enough to kind of see how it's done. I'm not even going to bother posting my idea because of 2 reasons. The first is that we don't have the system and don't know what security it has so my idea probably won't work anyways and will be difficult to execute even if it does. The second reason is, as childish as it may sound, Nintendo could very well be watching threads like this and if somebody brings up and interesting exploit idea that Nintendo hasn't though to cover, then they'll just report it and that hole in the security would be fixed.

 

[ChrisRX]

Also I'd like to point out that what you're describing is not the actual hacking of it, but the method of delivery. That's the easy bit.
The difficult bit that takes months or years to do is the hacking, with massive amounts of reverse engineering that you probably wouldn't have the first clue about.

So basically, if a group of people are smart enough to be able to crack hardware security, then they're probably smart enough to realise that they can quickly whip up a delivery method over wifi.

 

[Fluto]

dont post a million times spamming saying you dont know

But you really don't.

yea i dont know the 3ds isn't out

Seriously, we dont know a fuck about the 3DS.

Hell, i think there's an exploit in the slide pad, when you slide it a little to the upper left about {-69, 69}, the 3DS will fuck itself up allowing you to run any code you like.
what do you guys think.

Quite possible. The mobo is around that area, so if it were to slightly touch it the 3DS could go into a Debug Menu. All you would have to do is solder a Fluxcompacitor, to the slider, and mobo. Perfect, this is how the 3DS will be hacked.

XD flux capacitor 1.21 gigawatts

 

[FireGrey]

When you put a DS flashcart in the 3DS it switches into secure mode to block the flashcart but also opens up a flaw in the SD slot making the ability to run any code from SD cards, interesting :/

 

[SamAsh07]

TC is funny.

 

[gibberish]

this thread is 80% embarrassing

 

[pachura]

Well, there are many attack vectors.

I imagine the simplest would be emulating game carts with external devices, pretending the original is inserted into the slot. Similar to the Xbox360 DVD drive firmware hack, it would allow playing pirated games, but won't open 3DS for homebrew, which is the most interesting.

Another is to try various buffer overflows in hope that 3DS will execute custpm code. I imagine 3DS will interact with users' content (displaying photos, playing
music, savegames on SD card...), so there's a chance there will be something exploitable there (like TIFF exploit on PSP). However, nowadays there are many countermeasures against such attacks (e.g. DEP, ASLR in Windows).

If ARMs in 3DS have a built-in hypervisor, it might not be possible to run custom code without signing (read: encrypting) it. So again, someone would need to extract the codes.

 

[Rydian]

However, nowadays there are many countermeasures against such attacks (e.g. DEP, ASLR in Windows).From what I'm reading ARM6 introduced hardware DEP (they call it the XN bit, eXecute Never).... however there's a little hope.

http://www.tomshardware.com/reviews/charli...eak,2710-2.htmlQUOTETH: Why doesn’t the ARM XN-bit, also known as NX-bit or XD-bit, prevent overflows like this?

Charlie: Before Data Execution Prevention (DEP), buffer overflows would redirect execution of the process into user-injected code or shellcode. However, DEP forbids this, as the processor knows that the injected code is data, which is not supposed to be executed. As a way around this, exploits use what is known as return oriented programming (ROP). Here, instead of jumping to user-injected code, the exploit jumps to code from the actual process. In this case, code within MobileSafari and the libraries it needs. By reusing little bits of code from the process, the exploit is able to perform the actions necessary to do general purpose actions.

TH: So, to understand this correctly, iOS does have some form of DEP, and this prevents arbitrary injection of user code. But the way around it is to use bits and pieces of legitimate code--the equivalent of a ransom note made out of cut up newspaper letters?

And from there I suppose you can start talking about whether the standard 3DS OS allows writing to protected areas of the firmware or if it employs permissions system (for example disallowing firmware writes when executing cart-given code, requiring a quick (perhaps almost invisible or seamless) reboot to let some of the beginning code/permissions (which are flushed when moving to the main OS) take care of it... or if it's as simple as "jumping over" some software legitimacy check (but are they going to encrypt 3DS binaries?) and... all sorts of stuff.

 

[BedtimeGuy]

one thing: savegame exploits.

 

[Bluelaserman]

the best hacking method for all systems is the screwdriver.
you stab the system numerous times with a screwdriver till its hacked.

most up to date hacking hardware:

 

[Mesiskope]

sledge hammer bash the ds2-i mean 3ds with it in a hacking motion.

 

[BloodyFlame]

sledge hammer bash the ds2-i mean 3ds with it in a hacking motion.

or you can use a flashlight and flash light on it.

 

[Mesiskope]

 

[Nollog]

Well, I've also thought about the possibility of exploiting StreetPass or SpotPass and pushing a hacked firmware update, but IIRC, all the communications on the Wii were encrypted via SSL, so we couldn't do anything with it, and I highly doubt that they won't do the same thing on the 3DS.

custom firmwares are hard because systems should do checks on your updates.
RSA encryption etc.