3DS Hacking Theory Thread

Discussion in '3DS - Flashcards & Custom Firmwares' started by Knyaz Vladimir, Mar 30, 2011.

Thread Status:
Not open for further replies.
Mar 30, 2011
  1. Knyaz Vladimir
    OP

    Member Knyaz Vladimir 3DS Hacker

    Joined:
    Apr 18, 2009
    Messages:
    555
    Location:
    Unconfirmed
    Country:
    Canada
    Well, we have a FAQ on 3DS Hacking, but I've noticed that all actual discussions are all around this forum. It gets kind of confusing moving around threads trying to make sense of everything.

    I'll post what we have in theories right now:

    A- Run updates through a proxy, replacing all update files with homebrew. (Somewhat possible)

    B- Brute forcing a private key. (Impossible)

    C- Use the Photo or Sound channels and boot up an exploit in JPG, MPO, or MP3. I doubt having a rar file in a JPG would work. (Somewhat possible)

    D- Use a HEX editor to find an unencrypted file on a 3DS and figuring out more information on system and the keys (if it even has that). (Very unlikely)

    E- Run ROMs through a HEX Editor, which is impossible right now, due to no ROMs existing at time of writing. (Even LESS unlikely)

    F- Wait for the May update and make an exploit. (Probable)

    F.b- Extra points if you can make the exploit on the OoT remake. Irony. (EXTREMELY Unlikely)

    G- try and use exploits already made to do this. Which is EXTREMELY unlikely.

    H- Transfer a Mii with an exploit or scan an exploited QR code. (Mii with exploit somewhat possible, QR is very unlikely)

    I- Randomly smash at the buttons. Something should happen, with any luck. (Like getting a play coin) (It's a VG Cats reference, it's even less probable than B)

    That's all ideas that I have right now, if we have any theories or experiments on said theories, just throw them here instead of making another thread.
     


  2. Relys

    Member Relys Master of Computer Science

    Joined:
    Jan 5, 2007
    Messages:
    860
    Country:
    United States
    Let me just get rid of a few theories so you have responsible OP content (I'm a CS major).

    B. Not going to happen.

    F.b the Epona exploit was an array out of bounds overflow from the string from the hourses name stored on the save file. Zelda TP engine is not the same as Zelda OOT engine. I wouldn't be supprised if you see some sort of buffer overflow for OOT or SF64 due to older coding standards from the N64 era though.

    G. The Wiis architecture is not the 3DS architecture and they run on different operating systems.

    H. lolwut... noe (for scanning at least).

    I. No.
     
  3. Slyakin

    Member Slyakin See ya suckers

    Joined:
    Oct 15, 2008
    Messages:
    4,450
    Location:
    Soviet Slyakin
    Country:
    United States
    I like your enthusiasm. [​IMG]

    I'm assuming that the 3DS will be "opened up" in a few years due to some type of bad coding in a 3DS game.. Like how the millions of Lego games on the Wii all seem to have the same exploit in them.
     
  4. Knyaz Vladimir
    OP

    Member Knyaz Vladimir 3DS Hacker

    Joined:
    Apr 18, 2009
    Messages:
    555
    Location:
    Unconfirmed
    Country:
    Canada
    I was referring to DSi exploits, lol.

    Anyway, just wanted to clarify something. I know that TP and OoT use a different engine, but it would be ironic if the first exploit used OoT. And I don't mean the horse, I mean ANYTHING in OoT.

    B was an old theory in the update thread, which kind of swept under the rug. H was another said exploit theory, which was barely mentioned (three words, no more) and letter I was a VG Cats reference to "High Roller" strategy in fighting games.

    And yes, I'm going into CS. Which is about the same as Science as plumbing is to building airplanes.
     
  5. Relys

    Member Relys Master of Computer Science

    Joined:
    Jan 5, 2007
    Messages:
    860
    Country:
    United States

    Oh right. I shouldn't have made that assumption, you seem pretty smart compared to all these idiots who are like "lol lets brute force the private key so we can have our pirate games durrr.".

    DSi exploits are for the DSi bios. the 3DS kernel is not accessible through the DSi mode.

    My guess is that some well known seen will release an software exploit which will result in CFW and a slew of flashkarts.

    Working on dumping ROMS should be our first step. Also, it is nice that the update process has been analyzed but is useless without an exploit (to decrypt firmware).

    I would suspect that something in OOT will cause an exploit due to remaining old code from N64 days [​IMG].

    Anyways, a hack for the 3DS is going to take extensive knowledge of hardware and software architecture. This is not going to be preformed by anyone on gbatemp (that I know of lol).
     
  6. trumpet-205

    Member trumpet-205 Embrace the darkness within

    Joined:
    Jan 14, 2009
    Messages:
    4,363
    Country:
    United States
    A. can only happened if it is signed with official Nintendo key.
     
  7. Knyaz Vladimir
    OP

    Member Knyaz Vladimir 3DS Hacker

    Joined:
    Apr 18, 2009
    Messages:
    555
    Location:
    Unconfirmed
    Country:
    Canada
    Modifying DSi exploits? ... Nah.

    The update process gave us a decent slew of information, but still quite useless as we don't have a way to decode the files.

    OoT is reprogrammed from scratch, and it only uses a very small fraction of the N64 code, since the 3DS isn't 64-bit, and it's a remake of Master Quest, too. Using GameCube code, more likely.

    I also doubt anyone on GBAtemp could do it, but we might get somewhere, leave GBAtemp, continue our conversation in private for 3DS, and figuring out everything we can about it. If we do this correctly (which is also unlikely, but we will get somewhere, we already did), we can actually make an exploit for 3DS, leading to a very basic hello world application, and eventually, a homebrew channel.

    Brute forcing was another idea for getting homebrew on the 3DS, piracy should be still blocked by us, too. Emulation of other consoles, at most.
     
  8. DeadlyFoez

    Member DeadlyFoez Banned

    Joined:
    Apr 12, 2009
    Messages:
    5,223
    Country:
    United States
    Everything you said as an idea is all software based. What you need to realize is before we can do a software based exploit, we will need to do a hardware based exploit which shouldn't be too hard since there are so many test points on the motherboard. We need at least one key before we can start opening up the rest of the doors.... just like on the wii.
     
  9. Sheimi

    Member Sheimi A cute Vixen!

    Joined:
    Oct 22, 2009
    Messages:
    1,866
    Location:
    Tachikawa
    Country:
    Japan
    There is a boot error I noticed with mine. All that I need to do is create a code to buffer overflow it.
     
  10. Knyaz Vladimir
    OP

    Member Knyaz Vladimir 3DS Hacker

    Joined:
    Apr 18, 2009
    Messages:
    555
    Location:
    Unconfirmed
    Country:
    Canada
    Go on...

    Also, for the hardware-based exploit thing- that's where I made up the jokingly-named Team Exactoknivez, based off of Team Twizzers. Really, that might be the first thing that we need to do and then get a software exploit.

    Plans of operation:
    1. Open up 3DS and find exploit in hardware.
    2. Make sure that 3DS works.
    3. Use said exploit to help develop software based exploits.
    4. Develop decent apps while avoiding piracy.
     
  11. ichichfly

    Member ichichfly GBAtemp Advanced Fan

    Joined:
    Sep 23, 2009
    Messages:
    618
    Country:
    Germany
    A is not working you need a key but you can update only a part of the 3DS

    H mii qr can be readed by the PC but i think they have a checksumm or something like that.

    J use aircrack-ng (if someone find a exploit here i think it won`t be released because nearly nobody can use them and you can hack all 3DS near you)
     
  12. xakota

    Member xakota GBAtemp Fan

    Joined:
    Mar 18, 2010
    Messages:
    340
    Country:
    United States
    Not sure if troll...

    If you guys are looking for hardware exploits maybe try to find one in the SD slot? SD card exploit would be godly.
     
  13. pachura

    Member pachura GBAtemp Advanced Fan

    Joined:
    Dec 9, 2006
    Messages:
    566
    Country:
    Well, I understand you're trying, but most of your ideas are ridiculous and you clearly have never hacked anything. You know how the hacks are made ? By lonely geeks in their parents' basements, who already know bazilion times more than you about software and hardware. Your advices would be completely useless to them.

    Anyway, to comment on the OP:

    A- Run updates through a proxy, replacing all update files with homebrew. (Somewhat possible)
    This is not a method of hacking, this would be a method of delivering a hack. You would still need to know the key for signing the fake update. Not even to mention no one knows what CPU is there inside and how it communicates with the rest of 3DS' hardware ! You cannot even compile a simple "Hello World" application without knowing the target hardware...

    B- Brute forcing a private key. (Impossible)
    Do you know why it is impossible ? Because you have to at least know the encryption algorithm before starting to hack... or maybe the original, unencrypted content. If you don't know any of these, how would you know if an example generated key works or not ?

    C- Use the Photo or Sound channels and boot up an exploit in JPG, MPO, or MP3. I doubt having a rar file in a JPG would work. (Somewhat possible)
    RAR file in a JPG ? WTF ?
    Apart from that, it might be that Nintendo uses one of the modern ARM processors with special security measures built-in (TrustZone, xN), making buffer-overflow exploits much less possible (like Data Execution Prevention on Windows).

    F.b- Extra points if you can make the exploit on the OoT remake.
    Just buy the fucking game, people...
     
  14. Dead End

    Member Dead End GBAtemp Fan

    Joined:
    Mar 12, 2009
    Messages:
    440
    Location:
    Rockford IL.
    Country:
    United States
    I doubt Files Hidden inside .JPGs will work... theirs no specific code for the 3DS to pick up when viewing the image (as far as I know)

    I dont think a RAR file would work anyways.. it might have to be some kind of 'boot.n3d' file... (or whatever format 3DS Games are)
     
  15. xakota

    Member xakota GBAtemp Fan

    Joined:
    Mar 18, 2010
    Messages:
    340
    Country:
    United States
    Kind of funny how you're trying to put people down for not knowing enough about hacking while you don't even know about steganography
     
  16. Awdofgum

    Member Awdofgum Wadofgum

    Joined:
    Mar 17, 2007
    Messages:
    1,884
    Country:
    United States
    I was kinda surprised that DSi hacking efforts were never really apparent. Not complaining, I just figured that someone out there would have wanted it as bad.
     
  17. xakota

    Member xakota GBAtemp Fan

    Joined:
    Mar 18, 2010
    Messages:
    340
    Country:
    United States
    There really aren't any benefits to hacking the DSi besides a moderate speed increase.
     
  18. Antoids

    Newcomer Antoids Advanced Member

    Joined:
    Sep 12, 2009
    Messages:
    51
    Country:
    United States
    LOL

    more ironic than oot breaking the 3ds open

    protip: get a couple .jpgs, compress them into a rar, rename the file to be a .jpg, then upload it

    when someone else saves the image and renames it back to a .rar, it'll be unzippable, and before that it'll display as the first image in the folder
     
  19. pachura

    Member pachura GBAtemp Advanced Fan

    Joined:
    Dec 9, 2006
    Messages:
    566
    Country:
    And what's the point of changing .RAR extension to .JPG ? How could it help with hacking 3DS ? Granted, 3DS picture viewer does not have RAR decompression routines built-in. So the only thing that might happen is the picture viewer displaying "Invalid JPEG file" message - or crashing. Now crashing might be potentially interesting, but why would it crash specifically for RAR archives ?
     
  20. Nollog

    Member Nollog GBAtemp Addict

    Joined:
    Oct 10, 2008
    Messages:
    2,691
    Country:
    Ireland
    Also, GREAT another thread of baseless fantasy!
     
Thread Status:
Not open for further replies.

Share This Page