Hacking 3DS Hacking Theory Thread
- Thread starter Knyaz Vladimir
- Start date
- Views 44,544
- Replies 205
- Status
We need to know whether the data for loading a game is loaded from the game card, or is already stored and translates the game data into something playable, but seeing that roms are leaked (?) it means that the loader is stored in the 3DS, this can be further confirmed by Nintendo telling that your system will shut down if it detects third-party stuff.
Exceptionally hard to hack, but it seems that big N releases patches / updates that change firmware, basically we have to keep track what changes and where, and after 2 or 3 patches we can notice a pattern in patching...
that way an exploit may be found allowing us to fool the system that the game is the SD card, but then I am afraid the security will kick in...
But, I noticed and it IS confirmed and that is also why people get some SD card altogether with the system: the game files can be saved to the SD card! This way we can exploit a save file, forcing the loader to ignore security check and then reading a game file from the sd card. The 3DS E-store... buying games online... yeah, it will be easy to crack if we have patience, but right now it is almost impossible.
They sure didn't lie about ''their systems having the latest technology''
Exceptionally hard to hack, but it seems that big N releases patches / updates that change firmware, basically we have to keep track what changes and where, and after 2 or 3 patches we can notice a pattern in patching...
that way an exploit may be found allowing us to fool the system that the game is the SD card, but then I am afraid the security will kick in...
But, I noticed and it IS confirmed and that is also why people get some SD card altogether with the system: the game files can be saved to the SD card! This way we can exploit a save file, forcing the loader to ignore security check and then reading a game file from the sd card. The 3DS E-store... buying games online... yeah, it will be easy to crack if we have patience, but right now it is almost impossible.
They sure didn't lie about ''their systems having the latest technology''
D
Deleted User
Guest
Hum m...
game cart exploit with savedata is not impossible,but you do carelessness search,you will not be read and write savedata.
(Because of Nintendo library.)
Posts merged
Hum m...
game cart exploit with savedata is not impossible,but you do carelessness search,you will not be read and write savedata.
(Because of Nintendo library.)
game cart exploit with savedata is not impossible,but you do carelessness search,you will not be read and write savedata.
(Because of Nintendo library.)
Posts merged
Hum m...
game cart exploit with savedata is not impossible,but you do carelessness search,you will not be read and write savedata.
(Because of Nintendo library.)
Diari said:
So far no one even knows what fucking processor is there inside, so no one can even start coding simple "Hello world" application (not to mention designing and implementing an exploit).
- Joined
- Sep 24, 2010
- Messages
- 621
- Solutions
- 1
- Reaction score
- 6
- Trophies
- 0
- Age
- 30
- Location
- My computer in Sharpedo Bluff
- Website
- Visit site
- XP
- 178
- Country
Stop speculating. It's likely that there are other methods that the hacker teams are testing now anyway, but we will never know which method works until they release the info. Leave this to the hackers.
- Joined
- Feb 1, 2010
- Messages
- 827
- Solutions
- 3
- Reaction score
- 126
- Trophies
- 0
- Age
- 36
- Website
- qwertymodo.com
- XP
- 540
- Country
pachura said:
Wait... What? We know the processor(well, processors). Dual ARM11s @266 mhz. There are and have been compilers and assemblers for these processors for years and the ISA is totally open, so even without using pre-existing tools someone could write an assembler and using that create a compiler. The problem is that until the binary format has been studied more, getting even a small piece of code running will prove difficult.
montgoej said:
1. Although these specs look pretty believable and inline with Nintendo's strategy of choosing the cheapest acceptable hardware, they are just a rumour (released by IGN, if I remember correctly). Totally unconfirmed.
2. Even if CPU's architecture was known and someone was able to compile some ARMxx assembly into executable code, you still need more than that even to just display a simple text message. A standard library, system APIs, knowledge of hardware architecture (how all the components interact with each other) - at least one of these. I believe the only hope is some rogue 3DS game developer disclosing internal details.
I was spending some time uses ARM functions to try to enable the previously locked 3D Mode function on the Nintendo 3DS using a Nintendo 3DS , updated and AceKard 2i and R4i 3DS. I have successfully determined that many of the ARM functions do indeed work and trigger functions previously locked out by 3DS System Software.
ie
ARM1-3 = Give a Random ARMxx Error and often display "3DS Mode Cannot be Intialized"
ARM4-6 = Give a Random ARMxx Error and often display "3D Mode Error xx.xx"
ARM7-9 = Give a Random ARMxx Error and often display "3DS Mode Could Not Be Started"
ARM10-11 = Give a Random ARMxx Error and often display all 3 error messages
I've included a diagram of the differences between 2D Mode and 3D in hopes that it can give ideas for future coders/developers to implement a possible exploit possibly via a similar DSiWareHax or Sudokuhax (Or Any Othe Embedded Game Save Hack , Image File Hack or Media File Hack). I have tried many methods and used every ARM function available with no success getting 3D Mode fully unlocked
Pics of Worklog will be posted ASAP
Here is the diagram of how DS 2D Mode and 3DS 3D Mode Work and Are Different
I hope that this information can help with a breakthrough and possible exploit of the 3DS as well as compatible kernel software for Flash Carts and 3D Mode
Happy Cracking
[MOFO]
PS: The ARM Functions were recompiled into Mario Kart 3DS , Super Street Fighter IV 3DS and Super Mario 3DS as in order to get a fully functioning exploit with installer you need to completely Dump the NAND Flash and then Edit it the source hoping to find an exploit/loophole ie something similar to SudokuHaxx or DSiWareHaxx but because the ARM Functions don't function fully your best option is to edit the NAND Flash , the only problem is the method of getting your NAND Flash xD
ie
ARM1-3 = Give a Random ARMxx Error and often display "3DS Mode Cannot be Intialized"
ARM4-6 = Give a Random ARMxx Error and often display "3D Mode Error xx.xx"
ARM7-9 = Give a Random ARMxx Error and often display "3DS Mode Could Not Be Started"
ARM10-11 = Give a Random ARMxx Error and often display all 3 error messages
I've included a diagram of the differences between 2D Mode and 3D in hopes that it can give ideas for future coders/developers to implement a possible exploit possibly via a similar DSiWareHax or Sudokuhax (Or Any Othe Embedded Game Save Hack , Image File Hack or Media File Hack). I have tried many methods and used every ARM function available with no success getting 3D Mode fully unlocked
Pics of Worklog will be posted ASAP
Here is the diagram of how DS 2D Mode and 3DS 3D Mode Work and Are Different
I hope that this information can help with a breakthrough and possible exploit of the 3DS as well as compatible kernel software for Flash Carts and 3D Mode
Happy Cracking
[MOFO]
PS: The ARM Functions were recompiled into Mario Kart 3DS , Super Street Fighter IV 3DS and Super Mario 3DS as in order to get a fully functioning exploit with installer you need to completely Dump the NAND Flash and then Edit it the source hoping to find an exploit/loophole ie something similar to SudokuHaxx or DSiWareHaxx but because the ARM Functions don't function fully your best option is to edit the NAND Flash , the only problem is the method of getting your NAND Flash xD
[MOFO said:
If I understand correctly, you wrote a piece of code to call random ARM functions (whatever might they be) and ran it on 3DS in DS mode hoping it will switch back into the 3DS mode, right ?
In my opinion, the DS mode is sandboxed and it is impossible to switch back into the 3DS mode without restarting the console. Which would make your attempts useless. But who knows ? Good luck, anyway.
- Joined
- Oct 26, 2010
- Messages
- 127
- Reaction score
- 32
- Trophies
- 1
- Location
- Lausanne
- Website
- www.stut.ch
- XP
- 494
- Country
Hi guys.
Have a read here->
http://hackmii.com/2011/05/dsi-system-upda...-4-2/#more-1406
about certificates. I'm pretty sur they have similary secure the 3DS.
Have a read here->
http://hackmii.com/2011/05/dsi-system-upda...-4-2/#more-1406
about certificates. I'm pretty sur they have similary secure the 3DS.
Correct pachura but you left out one point where I added Random ARM functions to deploy DURING the reboot , using a very similar method to the BannerBomb exploit on the Wii. The ARM functions did deploy during reboot enabling the first load of a 3DS Rom to display ARMxx Errors and 3D Mode Not Accessible errors which leads me to think I'm on the right direction with this..
PS: The ARM Functions are just Random ARM Functions (Jibberish Numbers) on each of the ARM Channels 1-11. I'm still not %100 sure which ARM Function is going to do it or wether it is completely write protected similar to other devices..
"The new 1.4.2 system settings title verifies the APCert with TWCert stored in NAND. This stops us from modifying DSiWare savedata for arbitrary systems, as the only way to get those system certs is from NAND. When you don’t already have DSiWareHax, it’s impossible to obtain your system certs without soldering NAND. The new system settings will not allow any DSiWare on SD card signed by other systems to copy to “internal memory”.
So that's the answer to why the 3DS mode will not enable as we do not have the TWCert which leads me to believe it's just a matter of time before we have a full NAND dump of the 3DS , when that's going to happen I'm really not sure.. but knowledge is power friends and I'm still happy I took this much effort towards it already
Happy Cracking and May Nintendo fuck up and bless us all with a successfull NAND dump xD
PS: The ARM Functions are just Random ARM Functions (Jibberish Numbers) on each of the ARM Channels 1-11. I'm still not %100 sure which ARM Function is going to do it or wether it is completely write protected similar to other devices..
"The new 1.4.2 system settings title verifies the APCert with TWCert stored in NAND. This stops us from modifying DSiWare savedata for arbitrary systems, as the only way to get those system certs is from NAND. When you don’t already have DSiWareHax, it’s impossible to obtain your system certs without soldering NAND. The new system settings will not allow any DSiWare on SD card signed by other systems to copy to “internal memory”.
So that's the answer to why the 3DS mode will not enable as we do not have the TWCert which leads me to believe it's just a matter of time before we have a full NAND dump of the 3DS , when that's going to happen I'm really not sure.. but knowledge is power friends and I'm still happy I took this much effort towards it already
Happy Cracking and May Nintendo fuck up and bless us all with a successfull NAND dump xD
I just had a thought, don't know if anyone has mentioned it already... couldn't we use ds download play somehow? Even if it would require a wii to send the data. We do have the wii hacked, couldn't we somehow make the wii send games to the 3ds? Hmm would perhaps not help running homebrew and our own code, but it might be a start.
Ghork said:
No, that wouldn't work. It does the same checks as on a 3DS cart in 3DS Download Play to make sure it's authentic.
- Status
Site & Scene News
New Hot Discussed
-
-
25K views
Twilight Princess PC port "Dusk" gets its first release
It wasn't too long ago we saw our first glimpse of Courage Reborn, another Twilight Princess PC port in the works based on last year's decompilation efforts. With... -
14K views
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
13K views
Nintendo announces price increases across the board, set to come into effect from September in western regions
After much speculation, Nintendo has finally followed their competitors in announcing price increases for their hardware. You can find a breakdown of what's changing... -
11K views
Star Fox 64 remake for the Switch 2 announced in surprise Nintendo Direct
Airing last night with very little in the way of warning, a brand new Nintendo Direct was aired. Running for 15 minutes in total, it took a moment to celebrate the... -
10K views
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
9K views
Nintendo president Shuntaro Furukawa explains Switch 2 price increases in recent Financial Results Briefing
As a part of their Financial Results Briefing for the previous year, Nintendo president Shuntaro Furukawa took to the floor to answer key questions around the Switch... -
8K views
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
7K views
Forza Horizon 6 leaks online after Steam preload data was uploaded without encryption
We are once again here to tell you about a game leaking before its release, but for once, it's not one published by Nintendo. The game files for Microsoft's upcoming... -
7K views
Pokémon Crystal gets a PC port titled "suiCune" based on C/C++ language
Continuing with the great news of Pokémon Platinum getting a native unofficial PC port just a few days ago, today, yet another classic title from the franchise has... -
6K views
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the...
-
-
-
168 replies
Steam Deck gets a major price bump, more than 40% increase for US buyers
With very little in the way of announcement, Valve has today increased the price of the Steam Deck but some fairly considerable margins. Both of the available models... -
163 replies
Twilight Princess PC port "Dusk" gets its first release
It wasn't too long ago we saw our first glimpse of Courage Reborn, another Twilight Princess PC port in the works based on last year's decompilation efforts. With... -
144 replies
Nintendo announces price increases across the board, set to come into effect from September in western regions
After much speculation, Nintendo has finally followed their competitors in announcing price increases for their hardware. You can find a breakdown of what's changing... -
134 replies
Star Fox 64 remake for the Switch 2 announced in surprise Nintendo Direct
Airing last night with very little in the way of warning, a brand new Nintendo Direct was aired. Running for 15 minutes in total, it took a moment to celebrate the... -
101 replies
Pokemon Platinum PC port gets a surprise release
Seemingly out of nowhere a PC port for Pokemon Platinum has surfaced online, bundled alongside the source code for those interested in building and developing it for... -
92 replies
Sony announces PlayStation Plus price increase for new customers starting May 20
Earlier this year, Sony announced major price increases for the PS5, PS5 Pro, and PlayStation Portal. Now the company is raising prices again, this time for... -
83 replies
Nintendo president Shuntaro Furukawa explains Switch 2 price increases in recent Financial Results Briefing
As a part of their Financial Results Briefing for the previous year, Nintendo president Shuntaro Furukawa took to the floor to answer key questions around the Switch... -
73 replies
Paper Mario PC recompilation "ReCut" gets its first pre-release build
The latest in a growing number of native PC ports, Paper Mario ReCut got its first pre-release build earlier this week. Based on the N64 recompilation toolchain, the... -
71 replies
PlayStation State of Play June 2, 2026 broadcast - new God of War announced
A whole hour of PlayStation content is on the way, thanks to the latest State of Play showcase. Headlining the stream will be Marvel's Wolverine, alongside a... -
63 replies
Call of Duty: Modern Warfare 4 to launch on Nintendo Switch 2 in October
For the first time in 13 years, the Call of Duty series will again return to Nintendo's consoles. Set to launch on the 23rd of October, the latest release, Modern...
-
