Toggle sidebar

Hacking 3DS Hacking Ideas: Post Your Ideas Here!

  • Thread starter Thread starter Rydian
  • Start date Start date
  • Views Views 105,953
  • Replies Replies 420
  • Likes Likes 18
Thunderking>9000 said:
Okay, and would it be possible to modify a small part of the firmware to f.e. disable a rom decryptor/legitimacy check jump? Would this allow running homebrew/hacks/fan translations (maybe even from the sd card)?
Click to expand...

I think the real problem is, is that no one really is interested in hacking the 3DS. Best case scenario some gateway/r4/supercard-like company will take the exploit and sell cards and make money out of it.
 
curley12 said:
You make it sound so easy
Click to expand...

Nothing it's impossible. You think it's really difficult and it isn't. It's as easy as you know how things work and what you have to do.

The matter is... how many people invest their time in that? Most people don't know how to program a simple calculator... I'm surprised that the thing that surprises you most is that someone hacks something made by other person...

Maybe you don't know persons like Leibniz because he didn't make a flashcart or similar.
 
pokefan92 said:
Nothing it's impossible. You think it's really difficult and it isn't. It's as easy as you know how things work and what you have to do.

The matter is... how many people invest their time in that? Most people don't know how to program a simple calculator... I'm surprised that the thing that surprises you most is that someone hacks something made by other person...

Maybe you don't know persons like Leibniz because he didn't make a flashcart or similar.
Click to expand...

All I am saying is i dont want a flashcart i dont want something which sounds impossible or i have to put my final 2 brain cells together just to do it XD
 
Duo8 said:
DLCs are as secure as normal titles. And normal titles are very secure.
Click to expand...

Understood, thanks for clarifying.

How about using patches for games, to run code, instead of standalone DLC.

Devrim said:
I think the real problem is, is that no one really is interested in hacking the 3DS. Best case scenario some gateway/r4/supercard-like company will take the exploit and sell cards and make money out of it.
Click to expand...

This thread couldn't exist if that was true, though. And many of us wish we could but are severely limited skill wise.

pokefan92 said:
The matter is... how many people invest their time in that?
Click to expand...

Not many can, it's the reason we rely on the people here, instead of doing this ourselves.
 
Sorry for double posting, didn't realize it was the same thread. Please delete this post if possible.
 
I think there are enough people who are enthusiastic about this, but not many of them are skilled. I myself have some experience with arm7 assembly, and would give this a try if I had an idea how. Modifying a part of the firmware run-time may work, but will need to be repeated every time and I don't know how and where the firmware is stored after decryption. My guess is if we want something like this, we'd either need to modify the bios to decrypt and redirect the firmware to an accessible and known place, (hard without the chip being decapped), or find a way to modify the firmware right before it gets re-encrypted, like during a software update. Would that be possible?
 
Hello, another hack idea (sorry if it was already posted) : do you think title banners/icons are encrypted with the same security level as the titles themselves? If it is not the case, maybe we could attack it by, for example, not putting the image end byte and write awesome homebrew code here. I know smealum played with the banners and icons, but I don't know if he tried to attack it.

@daniiilS : It would not be possible, firmware is never decrypted then re-encrypted by the console, it just gets decrypted with an asymetric key; if you modify the bios, (I don't know how, but maybe it could be possible), you could eventually run code before any other code is loaded, then you could do whatever you want, as I think the bios is not encrypted (there must be any thing that is not encrypted, as I think the decryption is done softwareside and not hardware-side)

PS : Feel free to tell me if I'm doing any error (I'm not very experimented)
(And if you just don't understand what I'm trying to say, don't worry, I'm French and my English is relatively bad, feel free to correct me again ^_^)
 
X_Frost said:
Understood, thanks for clarifying.

How about using patches for games, to run code, instead of standalone DLC.
Click to expand...

Patches are DLCs IIRC.

Thunderking>9000 said:
Okay, and would it be possible to modify a small part of the firmware to f.e. disable a rom decryptor/legitimacy check jump? Would this allow running homebrew/hacks/fan translations (maybe even from the sd card)?
Click to expand...
Yeah. But not permanently.
 
X_Frost said:
I meant insert code through the vulnerabilities that required patching in the first place.
Use the patch to introduce code when the original game loads.
Click to expand...
Just because something requires patching doesn't mean that it's a vulnerability, not to mention that not all bugs and crashes can be used to load anything, especially not code. On top of that, there's a whole spectrum of obstacles to get through just to get the loaded code to actually work.
 
The boot-rom (BIOS) is stored in mask-ROM on the CPU die. It would be easier to just get the private key than it would be to change it in any way that's usable for homebrew.
 
Kargaroc said:
The boot-rom (BIOS) is stored in mask-ROM on the CPU die. It would be easier to just get the private key than it would be to change it in any way that's usable for homebrew.
Click to expand...
Yes, I know. My idea was if it's maybe to keep the original bios in its place, but block the signals and send a modified custom version instead. But so far we don't know enough about the 1048 0H to do that, sadly.
 
Has anyone gotten a successful RAM dump working? If so could I have a link to a blog post or something?
Maybe someone has had this idea already but I'm still working through all the pages of this thread.
I was thinking maybe there's something we can snatch up from RAM when the system goes to create a save game backup.
 
migles said:
it is not possible to packet inject the pokebank app, or another game?
Click to expand...

And even then pokebank will be useless because of the new 7.x keys used. The only way pokebank would work is if you were on 7.x and injecting it then would be pointless because well... eshop.
 
lambstone said:
And even then pokebank will be useless because of the new 7.x keys used. The only way pokebank would work is if you were on 7.x and injecting it then would be pointless because well... eshop.
Click to expand...

and i forgot about eshop.. it is not possible to packet inject it? or edit packets which are sent to the 3ds? i am aware about probably having something like SSL protection but come on, how it is not possible to manipulate messages if we are the courier who delivered letters from the beggining...

i mean, let's say, all your communication to your friend goes through me, if you send crypted letters, your friend will not be able to read it, unless you send him the keys and that keys must go through me...
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Gaming  any good rpgs on 3ds?

Hardware  2 Broken 3DSes, need help

Website for finding alternative games for 3DS

Help on 3DS prices...

GodMode9 wont launch, holding START just goes to home screen

Homebrew  My Secret World DS: is there a way to bypass the password lock?

please help, wont boot