Hacking 3DS Hacking Theory Thread

[pcmantinker]

Reading about the DS firmware being dumped from the 3DS is interesting to me for one reason: It appears the DS firmware has been edited for the 3DS. Instead of asking to shutdown, it asks if you want to return to the menu (which must mean the 3DS home menu). It's possible that the only edit was a simple text edit, but who knows? Maybe there's more to the edited firmware than that, however doubtful.

I don't believe that the 3DS firmware works in quite the same way as the DS firmware. The interface is similar to the DSi, but I'm under the impression that the firmware had to be completely coded from scratch due to the significant hardware differences. It wasn't as simple as making a text edit to the binary of the firmware. I believe it's possible to make a software exploit for the 3DS, but like many others have said, hardware exploits usually need to be found first in order to find software exploits. It will be interesting to see how the homebrew scene develops for 3DS in a year or so.

 

[deakster]

These threads really are pointless, since 95% of the people are commenting on things they really have no understanding on to comment, so it is ultimately just a bunch of kids throwing random pointless thoughts about. There is the occasional person who knows what he is talking about.

I don't believe that the 3DS firmware works in quite the same way as the DS firmware. The interface is similar to the DSi, but I'm under the impression that the firmware had to be completely coded from scratch due to the significant hardware differences. It wasn't as simple as making a text edit to the binary of the firmware. I believe it's possible to make a software exploit for the 3DS, but like many others have said, hardware exploits usually need to be found first in order to find software exploits. It will be interesting to see how the homebrew scene develops for 3DS in a year or so.

If the 3DS can play NDS games, it means it is able to set the hardware can be set into a mode where it emulates the DS hardware, i.e. it can perform the same instruction set exactly as it did on the DS.

If the hardware is able to run in a mode where it executes the same instruction set on the CPU as an old DS, then no, the changes to the firmware itself were indeed minor, since that runs on - you guessed it - the DS hardware. Since the 3DS CPU is ARM based too, it is trivial for them to make it possible to operate it in a backwards compatible process path.

Of course it isn't just a text edit, the firmware is the compiled binary result from source code. Nintendo have all the source code to the firmware, they created a 3DS branch of the original code, made the changes, and re-built the resulting firmware binary. That's how it works in the industry, you change the source code, not the resulting binaries, as that would be the most retarded thing to do in the world.

 

[totalnoob617]

so how exactly does the 3ds accomplish ds mode? does it have a full ds chipset that runs the ds code?
or does it do it through emulation on the 3ds chipset ?or is it partial emulation,like in the ps3 ,where some models have an emotion engine and some do not,some ps3's have 2 of the cpu's from the ps2 chip set and some have only one,thats why some have 80% and other models have 100% back compatability ,because the software emulatior isnt that good,and that combined with the missing chip gives you the 20%loss of compatibility ,im sure either way the back compatibility on the 3ds is 100%
nintendo doesnt do things that way,
so,if the 3ds is using emulation either partial or full to run ds code then wont it make it that much more easier to find an exploit through ds mode?and would finding an exploit through ds mode be totally imposible if it doesnt use any emulation for ds code?

 

[pcmantinker]

These threads really are pointless, since 95% of the people are commenting on things they really have no understanding on to comment, so it is ultimately just a bunch of kids throwing random pointless thoughts about. There is the occasional person who knows what he is talking about.

I don't believe that the 3DS firmware works in quite the same way as the DS firmware. The interface is similar to the DSi, but I'm under the impression that the firmware had to be completely coded from scratch due to the significant hardware differences. It wasn't as simple as making a text edit to the binary of the firmware. I believe it's possible to make a software exploit for the 3DS, but like many others have said, hardware exploits usually need to be found first in order to find software exploits. It will be interesting to see how the homebrew scene develops for 3DS in a year or so.

If the 3DS can play NDS games, it means it is able to set the hardware can be set into a mode where it emulates the DS hardware, i.e. it can perform the same instruction set exactly as it did on the DS.

If the hardware is able to run in a mode where it executes the same instruction set on the CPU as an old DS, then no, the changes to the firmware itself were indeed minor, since that runs on - you guessed it - the DS hardware. Since the 3DS CPU is ARM based too, it is trivial for them to make it possible to operate it in a backwards compatible process path.

Of course it isn't just a text edit, the firmware is the compiled binary result from source code. Nintendo have all the source code to the firmware, they created a 3DS branch of the original code, made the changes, and re-built the resulting firmware binary. That's how it works in the industry, you change the source code, not the resulting binaries, as that would be the most retarded thing to do in the world.

Yeah, I was merely pointing out that the 3DS firmware includes support for the new hardware and it probably isn't as easy as modifying the DSi firmware to work on the 3DS. The 3DS firmware also probably has much stronger protection schemes than the DSi firmware too to protect against software exploits. I am aware of the fact that there is backwards compatibility with the DS, but I haven't yet tried DS compatibility mode to see how it works as I can't seem to find my DS games since I bought my 3DS. Also, has it been confirmed that the 3DS actually emulates the DS/DSi or is it just a compatibility layer?

About the firmware, yes, you would never do a text edit of the binary. This would render the firmware useless. You would edit of the source code and then compile the binary. I am familiar with compilers, high level languages, and assembly. I guess I misunderstood TCJJ's claim about text editing the firmware.

Also, deakster, I agree that these threads are mainly pointless, but I actually do understand about buffer overflows and software exploits. I am a computer science major and I understand how the Wii was originally exploited through the save file on Twilight Princess creating a buffer overflow and executing homebrew code. I know it takes time to find exploits, but sooner or later, one will surface. Programmers aren't perfect. It's hard to check for every bug when publishing a game.

 

[totalnoob617]

so has anyone either confirmed or proven wrong the rumor about the 3ds using some sort of voltage/current detection in the cart slot to circumvent flashcards?or flashcards running a processor?i heard something about the 3ds monitoring how much power is being drawn from the cart slot in order for it to tell if its a legit cart or not,im sure it would only be one part of the security but still nice to know if its there or not,case an sd exploit isnt possible

 

[Deleted User]

I support I
/sarcasm

 

[Rydian]

Flash carts work on the 3DS, including those like the DSTwo that can use more power.

 

[Seaking]

i think the first exploit is gonna be when you are able to transfer DSiWare to the 3DS...Sudoku anyone?

 

[Rydian]

i think the first exploit is gonna be when you are able to transfer DSiWare to the 3DS...Sudoku anyone?

It doesn't actually transfer from one to another. It downloads from the NUS, and the Sudoku version there has been patched.

 

[totalnoob617]

yeah i know the ds flashcarts work i have a dstwo,but not a 3ds yet ,but i meant in 3ds mode,i dont think they would bother implementing that sort of security for ds mode

i would think the chinese flashcard manufacturers have had their hands on the 3ds hardware for awhile now ,since it is made in china im sure,i know my ds lite says made in china on it
i think its a security risk for ninty to make their consoles their in the first place,so maybe the first exploits will be in the form of a flashcard,maybe they could be ported to an sd card exploit or hack ,but who knows,but id feel alot better if saw that marcan or bushing were working on this,i didnt see anything about it on either of their twitter pages

 

[qaz00]

How much do we know about the 3DSes internals yet - How many CPUs, CPU Architecture(s)?
Are they doing the same thing as the Wii with an on-die BootROM (boot0)?
If so, can we dump it by decapping the processor?
If we can dump it, what are the odds that Ninty's programmers made the same/a similar mistake again (fakesigning)?
I don't think they will make the same mistakes twice.

However, I can think of one thing that may work - does anyone want to try a tweezer attack on the RAM when in DS mode? Might be able to get the common key the same way as was done for the Wii?

 

[Seaking]

i think the first exploit is gonna be when you are able to transfer DSiWare to the 3DS...Sudoku anyone?

It doesn't actually transfer from one to another. It downloads from the NUS, and the Sudoku version there has been patched.

ah well...there goes my idea

. i was thinking they had a transfer thing from the DSi to the 3DS. im an idiot ignore what i posted haha

 

[Rydian]

It will have a "transfer" function, but it likely won't stream the data from one device to another.

 

[totalnoob617]

but does anyone know if ds mode is emulated fully ,partialy or if there is a full ds chipset for ds mode?

 

[Rydian]

Nobody knows for sure.

 

[Alexrose]

o hai guyz

im just her 2 post about stuff i dont kno about

LOL LETZ HACK 3DS

 

[epicCreations.or]

It will have a "transfer" function, but it likely won't stream the data from one device to another.

Wasn't it just supposed to redownload the software using some authentication method? Otherwise you could get sudokuhax on 3DS

(not saying you'd actually be able to use it

)

o hai guyz

im just her 2 post about stuff i dont kno about

LOL LETZ HACK 3DS

yey!

lemme baffer underflow my dsi 3dxl using download play and street fighter

 

[totalnoob617]

i find it odd that someone as smart as marcan is "not interested in the 3ds at this time"
but i saw him doing stuff with miley cyrus guitar and some leapfrog kids learning toys
i dont know maybe he has kids or something ,so it could be understandable ,but the vii,come on
how is he interested in vii but not 3ds?or did he have a hand in making the vii,i saw some picture of him in HK in front of some electronics or toy factory or something,unless he is behind the vii and helped to design it or something i cant see how a cheap chinese knock off,and a really bad one at that ,could be more interesting than the 3ds,especially for someone of his genius ,you think he would want more of a challenge than hacking.moding kids toys

 

[Thesolcity]

Any hack now will be useless when we need it later, we shouldn't burn any exploits yet.

 

[ChrisRX]

Simply put, the majority of people who are smart enough to actually break security systems are not the sort of people who frequent this forum. Yes there may potentially be a few ingenious individuals here, but lets be honest, the majority of people wouldn't have the first clue.
If this were a forum or group full of people who actually understood computer architecture and security algorithms then this would've been 8 pages of technical information by now.
EDIT: Which is why you also see everyone throwing about the words "buffer overflow" as if that's the be all and end all of hacking, and all you have to do is just make a file that causes that.