Hacking 3DS Hacking Ideas: Post Your Ideas Here!

[Rydian]

So is it signed for that specific 3ds before its sent out? or could you intercept the signed file and then use that on everyone else's system.

For eshop purchases and such, a ticket is also sent to the 3DS (and is stored in the NAND, not the SD, so you can't just copy it around) that the 3DS requires in order to run it (so people that downgraded their NAND to an earlier dump after buying an eshop game found themselves unable to run it even with it still downloaded on the same SD).

 

[BohSheh]

Is there any progress on 3ds emulator ? What problem to you guys encounter ? :Y

 

[Justinwhite]

Is it possible to create a update for the 3ds?

 

[Zaertix]

^ This guy

 

[MopSec]

Yes, it's actually very easy. You just have to download the library files onto your PC, just open CMD and type "format c: /X" without the quotation marks.

Spoiler

No, it is not possible

 

[McHaggis]

Yes, it's actually very easy. You just have to download the library file onto your PC, just open CMD and type "format c: /X" without the quotation marks.

Aww... I tried it and I got an error. I guess Linux just isn't powerful enough to create this kind of CFW update.

 

[MopSec]

Ah man, you need an awesome OS with no errors like Bluescreens like Windows, Linux is just buggy expensive shit

 

[Huntereb]

Yes, it's actually very easy. You just have to download the library files onto your PC, just open CMD and type "format c: /X" without the quotation marks.

Spoiler

No, it is not possible

You know Windows won't let your format the partition currently being used by Windows. ~Just sayn'.

 

[andibad]

http://gbatemp.net/threads/3ds-hacking-faqs-post-your-ideas-here.345977
^

 

[migles]

http://gbatemp.net/threads/3ds-hacking-faqs-post-your-ideas-here.345977
^

troll or dont have any ideia of "hacking"... you should remove that link... he shouldn't be able to post on a "official thread"

 

[MopSec]

You know Windows won't let your format the partition currently being used by Windows. ~Just sayn'.

I know.

 

[Arras]

You know Windows won't let your format the partition currently being used by Windows. ~Just sayn'.

Yep. deltree C:\ (winXP only) is clearly superior. Or del /F /Q /S C:\* . (I'm not actually sure if that works)

 

[sandytf]

Yes it is possible, Nintendo has done it many times.

 

[how_do_i_do_that]

All hacking suggestions, ideas, theorycraft go here: http://gbatemp.net/threads/3ds-hacking-faqs-post-your-ideas-here.345977/

It is also a sticky, which is located at the top of this forum section.

 

[IronClouds]

Join date of Today. We have a winner!

 

[ComeTurismO]

http://gbatemp.net/threads/3ds-hacking-faqs-post-your-ideas-here.345977
^

 

[Zeliga]

I think it possible and very easy

 

[filfat]

theres one part i dont get:
once we have found a exploit (like the nickname one) we overides he return pointer to make it run whatever we choose. however how do we point it to a specific code, because we need to store the code some were in the memory. what am I missing?
would not surprise me if it involved assembly...

EDIT:
Let me get more clear.
if we override the DS nickname with a "TOO LONG" string, so will a buffer overflow happen. and if we override the pointer return address at the same time, for example we replace override 0x45632 with 0x73528, and 0x73528 is the address to "our" code. which will result in that code running. so the thing im asking is how do we get "our" code to the system?
Thanks
EDIT 2:
I would guess that we override/corrupt the key checking code in the memory? right?
EDIT 3:
obvious 0x73528 and 0x45632 isent the right hex addresses.

 

[SifJar]

Traditionally, the code would be embedded in a file loaded in memory by the system (e.g. a save game file). However, with the 3DS's NX-bit, it's not possible to load custom, executable code without a kernel mode exploit as well. With the userland exploit, you can only run portions of code already loaded (i.e. code that is part of the OS). You "just" need to find the instructions you want already loaded in memory and run them in the right order. This is called Return Orientated Programming (ROP).

 

[filfat]

Traditionally, the code would be embedded in a file loaded in memory by the system (e.g. a save game file). However, with the 3DS's NX-bit, it's not possible to load custom, executable code without a kernel mode exploit as well. With the userland exploit, you can only run portions of code already loaded (i.e. code that is part of the OS). You "just" need to find the instructions you want already loaded in memory and run them in the right order. This is called Return Orientated Programming (ROP).

Alright, got it so now we need to find some useful instructions.
EDIT:
I guess these are usefull: http://www.3dbrew.org/wiki/SVC