Hacking 3DS Hacking Theory Thread

[doyama]

hmm, i followed some of MOFO's steps and I was successfully able to run my own code


"Snip"

"yaytroll"


Anyways, has anyone gotten anything to work here? I haven't been to this thread in a while.

Anyone on this forum specifically. No.

Ironically MOFO was at least talking semi-non-gibberish about some things, which was as step up up from the usual nonsense most people were talking about here. Though his methodology was quite flawed in several areas. He also pretty much lost credibitily on the 'AES128 is 'easy'' which a lot of people in the cryptography field would love to hear about since AES is generally considered secure aside from massive brute force attacks.

 

[Arisotura]

'AES128 is easy'

I couldn't get to read his latest posts before they were deleted, but if he really said that, it makes me laugh. Given the current computing power, AES128 would take more than the age of universe to be bruteforced. Our only solution to decrypt ROMs is to find the key. Chances are that said key is inside the NAND, but the NAND is encrypted too. The NAND key is most likely somewhere in the bootloader code.

Long story short, we have to wait until someone manages to dump the bootloader, and finds the NAND decryption key in there.

I'm also not going to attempt anything before we know more about the 3DS's hardware. I wouldn't want to blow all the chances of running custom code before it is actually useful

 

[Keva]

This is mostly a brain fart but maybe it'll be useful.

Could a hack be found out through the java capabilities of the 3DS browser similar to the wireless iOS jailbreak?

 

[raulpica]

This is mostly a brain fart but maybe it'll be useful.

Could a hack be found out through the java capabilities of the 3DS browser similar to the wireless iOS jailbreak?

If you're referring to JailbreakMe.com 2.0, that was done using an exploit in the PDF viewer.

 

[Rydian]

Java exploits are well-known on the PC, though.

But any version of a plugin that we get on a console is going to be an older one (for requirement issues), and thus likely to be more tested.

 

[pachura]

This is mostly a brain fart but maybe it'll be useful.

Could a hack be found out through the java capabilities of the 3DS browser similar to the wireless iOS jailbreak?

3DS' browser has no Java capabilities.
A brain fart.

 

[Rydian]

Every console in use today (as well as the 3DS and PSP for handhelds) have gotten major features/additions well after release.

 

[LinkReincarnate]

Java exploits are well-known on the PC, though.

But any version of a plugin that we get on a console is going to be an older one (for requirement issues), and thus likely to be more tested.

What about webkit? Seems rife with sploits...
http://www.google.com/search?rlz=1C1CHFX_e...webkit+exploits

 

[chose]

Well, I guess it's great to give out ideas, but you guys do realize that by just saying stuff and using cimplicated words it gets no work done?

I don't want to sound mean, but the people who could actually do something probably aren't reading those speculations threads. You can keep ideas flowing, but from what I've seen, most post are about 15 years old kids trying to look cool using the word buffer overflow, without really making any sense about the context it is used in.

For my personal information, just to know, do any of you even know whta IS a buffer overflow? Or do you even know or to get a compilator (even easier, just get an IDE that includes a compilator fully set in the instalation package) running and making a simple hello word on a computer environnement? Just suggesting to know the basics before trying to jump the big guns, or you might get disapointed kids...

 

[epicCreations.or]

Well, I guess it's great to give out ideas, but you guys do realize that by just saying stuff and using cimplicated words it gets no work done?

I don't want to sound mean, but the people who could actually do something probably aren't reading those speculations threads. You can keep ideas flowing, but from what I've seen, most post are about 15 years old kids trying to look cool using the word buffer overflow, without really making any sense about the context it is used in.

For my personal information, just to know, do any of you even know whta IS a buffer overflow? Or do you even know or to get a compilator (even easier, just get an IDE that includes a compilator fully set in the instalation package) running and making a simple hello word on a computer environnement? Just suggesting to know the basics before trying to jump the big guns, or you might get disapointed kids...

Would this include you? Because I've never used a compilator for programming and I'm pretty sure cimplicated and environnement aren't words.

In other news I lol'd when I saw all the trashed posts and also when at the idea that AES-128 is easy. :

:

 

[Rydian]

Chose, I think I covered that like 7 pages ago.

 

[epicCreations.or]

Chose, I think I covered that like 7 pages ago.

Made my day :

:

 

[Quincy]

Mhmm.. I found something, but without a ramdump its useless.. I succesfully found a vurnerability in the SSFIV save files.. A longer nick creates a crash, while a normal change gives a corrupt savefile, so we found that SSFIV checks the name BEFORE the checksum!

 

[chose]

Well, I guess it's great to give out ideas, but you guys do realize that by just saying stuff and using cimplicated words it gets no work done?

I don't want to sound mean, but the people who could actually do something probably aren't reading those speculations threads. You can keep ideas flowing, but from what I've seen, most post are about 15 years old kids trying to look cool using the word buffer overflow, without really making any sense about the context it is used in.

For my personal information, just to know, do any of you even know whta IS a buffer overflow? Or do you even know or to get a compilator (even easier, just get an IDE that includes a compilator fully set in the instalation package) running and making a simple hello word on a computer environnement? Just suggesting to know the basics before trying to jump the big guns, or you might get disapointed kids...

Would this include you? Because I've never used a compilator for programming and I'm pretty sure cimplicated and environnement aren't words.

In other news I lol'd when I saw all the trashed posts and also when at the idea that AES-128 is easy. :

:

Well, english is actually my second language, so that must be why some words may sound strange XD Replace with compiler and with environment. And i'm older than 15, so nope

(Seriously though, I've done 4 courses in CS at university level. Seems like someone already crushed their dream 7 pages ago, but I was reading through this thread morning and almost spilled my coffee on my screen out of laughter (like hex editing NSMB level and hoping it still works (ok, I shouldn't be THAT mean). Felt like someone had to tell them, but I've really just read the first 3 pages.)

Anyway, this is entertaining

 

[doyama]

This is mostly a brain fart but maybe it'll be useful.

Could a hack be found out through the java capabilities of the 3DS browser similar to the wireless iOS jailbreak?

Well I will say the concept of looking at the browser for exploits is a good idea. I think Team Twiizers will probably be looking into this, since they like to find exploits that would be available to all users not just for some random game if possible. As stated previously tehre's no javascript capabilities in the browser. But you might find a PDF exploit or a TIFF/JPG exploit that might yield something.

 

[epicCreations.or]

This is mostly a brain fart but maybe it'll be useful.

Could a hack be found out through the java capabilities of the 3DS browser similar to the wireless iOS jailbreak?

Well I will say the concept of looking at the browser for exploits is a good idea. I think Team Twiizers will probably be looking into this, since they like to find exploits that would be available to all users not just for some random game if possible. As stated previously tehre's no javascript capabilities in the browser. But you might find a PDF exploit or a TIFF/JPG exploit that might yield something.

Lies, there is Javascript; just no Java

 

[doyama]

Oops typoed the javascript part. I meant java

We'll see if there's anything in the 2.0 firmware worth hacking. I think Nintendo might hold back features to see if anything is hacked, so they can add them in as 'feature updates' later to patch. Thus forcing users to upgrade.

 

[Arisotura]

Possibly. Also

You guys should stop dreaming and wait a little more anyway. Right now, even if one of us managed to find a suitable 3DS-mode exploit, it would be useless. Being able to run custom code is one thing, but if you don't know how the hardware works and what to do to ensure that the exploit worked or do other fancy things, you're just wasting your time. What would be required in order to do potentially useful things, would be RAM dumps with the unencrypted system code and all. Or the 3DS SDK (CTR-SDK). Until we get one of those two things, all we can do is wait.

If you guys find exploits now and talk about them all over the internet, Nintendo will close them and we'll have nothing back when we'll be able to use exploits efficiently. So I guess it'd be better to wait until we actually know how to do stuff with the 3DS's hardware.

 

[xakota]

I just really hope there's actually talented people working on this right now

 

[marcosxd]

I just really hope there's actually talented people working on this right now

Me too, I have been searching for any news all over the web since past week with no successful trace of anything in progress... of course I am talking about forums and websites (not IRC), some hackers blogs like bushing's, crediar's youtube page, etc... I think we will just have to wait.