1. DarkenSX

    DarkenSX GBAtemp Regular
    Member

    Joined:
    Mar 28, 2009
    Messages:
    103
    Country:
    United States
    Heres an idea while we (We as in General Console Hacking scene ( psp, ds, ps3 blah blah blah blah)) have used in the past the tiff exploit which really is not usful anymore to execute code or create an exploit point...
    Why not use the video player as a way... But Dark you yell at me it has a proprietary format with no exploit!!! while yes this is true (starting from that format) we forget we can convert our movies to that format... so what about injecting code into a movie converting it (may require a converter from the scene that ignores the code and converts it regardless not sure :S ) and attempting to run / play the file. ( on PC wma file used to always have virus injected into them and media player would still play it and *Cough* Destroy your pc) fact is video files and audio file have this ability more then the tiff file question is can it be applied to the 3ds in some form? either audio or video... or the videos audio channel.
     
  2. cloud1250000

    cloud1250000 Advanced Member
    Newcomer

    Joined:
    Dec 18, 2008
    Messages:
    81
    Country:
    Canada
    impossible. When converting your video, the converter will notice there`s a problem with it and stop the conversion. The only way to launch a modded video would be with the youtube application hack to launch anykind of video.
     
  3. Duo8

    Duo8 GBAtemp Psycho!
    Member

    Joined:
    Jul 16, 2013
    Messages:
    3,578
    Country:
    Vietnam
    It's not proprietary. It's just some common video format, but in 3D.
    Also, we could just get a random video that the 3DS would read and inject code into it directly. No "converter" is needed.
    Problem is, it is likely the 3DS camera app can already handle "corrupted" files like this.
    Only hope is that amazingly badly-coded YouTube app.
     
    cloud1250000 likes this.
  4. curley12

    curley12 Mr.Awesome
    Member

    Joined:
    Dec 24, 2012
    Messages:
    321
    Country:
    United Kingdom
    why isnt anyone tryin this then :P
     
  5. Mariosegafreak

    Mariosegafreak AKA ZeroTheSavior
    Member

    Joined:
    Aug 7, 2011
    Messages:
    319
    Country:
    United States
    It loads other parts of the picture into memory one at a time, i doubt that will work
     
  6. Devrim

    Devrim GBAtemp Regular
    Member

    Joined:
    Mar 2, 2014
    Messages:
    107
    Country:
    Netherlands
    It is possible to run video's outside youtube from the youtube app. So you would only need a vid with injected code to try and see if it works. The app is based on the browser of the 3ds and supports .mp4 with H264 video. To play the video you only need to create a HTML5 page and put the vid between <video>
     
  7. pokemoner2500

    pokemoner2500 GBAtemp Advanced Fan
    Member

    Joined:
    Aug 14, 2013
    Messages:
    872
    Country:
    United States
    If SSB 3DS has custom stages would it be possible to do something similar to smash stack?
     
  8. Subtle Demise

    Member

    Joined:
    Sep 17, 2009
    Messages:
    2,243
    Country:
    United States
    Possible, but highly unlikely. IF Nintendo implements custom stages, they have obviously already learned their lesson from the Wii.
     
  9. Duo8

    Duo8 GBAtemp Psycho!
    Member

    Joined:
    Jul 16, 2013
    Messages:
    3,578
    Country:
    Vietnam
    Even if there's an exploit identical to SmashStack in the new game, it's actually patchable now.
     
  10. Apache Thunder

    Apache Thunder I have cameras in your head!
    Member

    Joined:
    Oct 7, 2007
    Messages:
    4,266
    Country:
    United States
    I'm curious as to if this has any application to the 3DS. 3DS uses RSA encryption yes?

    RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

    This was used to exploit laptops, but nothing in there says a 3DS would by any more immune then a laptop. Unless the lower power consumption of the 3DS makes this more difficult? I would think it would be easier since there's no fans or other moving parts in the 3DS that operate while the console is powered up.
     
  11. Duo8

    Duo8 GBAtemp Psycho!
    Member

    Joined:
    Jul 16, 2013
    Messages:
    3,578
    Country:
    Vietnam
    I did bring this up a few months back. It's difficult because the 3DS uses a low power SoC instead of a full CPU like in the example. Not to mention it's hard to pull off.
     
  12. Thunderking>9000

    Newcomer

    Joined:
    Dec 30, 2013
    Messages:
    4
    Country:
    Netherlands
    When the firmware gets decrypted and stored somewhere (nand?), can't we dump it from there?
     
  13. X_Frost

    X_Frost GBAtemp Regular
    Member

    Joined:
    Aug 30, 2011
    Messages:
    128
    Country:
    United States
    I'm not a programmer and have no experience at all but would it be possible to use DLC from a game to launch an exploit, using it to redirect access to the SD card, and launch from there.

    If Launching from 3ds home-brew from there, unless corrected, you could do so without the need to use an exploit on regular ds firmware, removing the need to relaunch when using ds mode, right?

    If the idea has been presented, and debunked, I apologize for sounding foolish.
     
  14. lambstone

    lambstone No. Nyet. 不. Non. Nein.
    Banned

    Joined:
    Aug 14, 2011
    Messages:
    615
    Country:
    You don't launch exploits. You make use of it, exploits are found not created. You can't just say to use a DLC to launch an exploit. It's like trying to cook something by freezing it.
     
    pelago likes this.
  15. X_Frost

    X_Frost GBAtemp Regular
    Member

    Joined:
    Aug 30, 2011
    Messages:
    128
    Country:
    United States
    Thanks for the clarification. I meant to say find an exploit similar to how to installing the Home-brew channel on Wii, using DLC in place of a letterbomb.
     
  16. Duo8

    Duo8 GBAtemp Psycho!
    Member

    Joined:
    Jul 16, 2013
    Messages:
    3,578
    Country:
    Vietnam
    DLCs are as secure as normal titles. And normal titles are very secure.

    Dump what? We can already dump NAND but encrypted.
     
  17. Thunderking>9000

    Newcomer

    Joined:
    Dec 30, 2013
    Messages:
    4
    Country:
    Netherlands
    I mean while the 3ds is running, it must decrypt the firm partition and store it somewhere. Can we dump it at that time?
     
  18. Duo8

    Duo8 GBAtemp Psycho!
    Member

    Joined:
    Jul 16, 2013
    Messages:
    3,578
    Country:
    Vietnam
    Well, you can dump part of it if it's loaded into memory.
     
  19. soulrazor

    soulrazor GBAtemp Regular
    Member

    Joined:
    May 18, 2012
    Messages:
    194
    Country:

    yes and its developments can be found at 3dbrew.org recent activity tab for latest modifications
     
  20. Thunderking>9000

    Newcomer

    Joined:
    Dec 30, 2013
    Messages:
    4
    Country:
    Netherlands
    Okay, and would it be possible to modify a small part of the firmware to f.e. disable a rom decryptor/legitimacy check jump? Would this allow running homebrew/hacks/fan translations (maybe even from the sd card)?
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - Hacking, Ideas, Ideas