3DS Unbricking Possible!

Status
Not open for further replies.

bkifft

avowed Cuthwaldian
Member
Joined
Jun 10, 2010
Messages
613
Trophies
0
XP
625
Country
Gambia, The
Thanks for your hard work on the RasPi code. I have a question regarding what you've done: on GitHub, you're writing not to run the code with a kernel with the SD/MMC subsystem enabled. Could you explain that further? So far, I have no experience with the RasPi, and not a whole lot with Linux kernels.

Sure. The default kernel used in raspberry pi linux distributions has drivers for the SD slot integrated (else one couldn't run the default setup from SD card). In order to "abuse" the SD slot for unbricking those drivers mustn't be there as they would interfere with the communication. and as those drivers are built into the usual kernel images and not loaded as modules (external driver files) one has to use a custom built kernel without said SD/MMC drivers. You can find guides on compiling/building your own raspberry kernel, I will release a ready to flash linux image in a few days.

edit: somehow I mised a quite important "not" there... (in regards "not as modules")
bkifft what are you compile flags?

I tried:

gcc main.c -std=c99

And get implict declaration of functions, "usleep", "sd_issue_command", as well as unknown type "useconds_t". I presume I am supposed to link to another library.

-lm not helping either...


strange, i don't link any libs explicitly and on the rasppi i don't have any c host flags set up. let me investigate.

edit: usleep and useconds_t should be defined in unistd.h. my built in compiler options:
Code:
root@SpillPassPi:~/perverseunbrick# gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/arm-linux-gnueabihf/4.6/lto-wrapper
Target: arm-linux-gnueabihf
Configured with: ../src/configure -v --with-pkgversion='Debian 4.6.3-14+rpi1' --with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.6 --enable-shared --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.6 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --enable-plugin --enable-objc-gc --disable-sjlj-exceptions --with-arch=armv6 --with-fpu=vfp --with-float=hard --enable-checking=release --build=arm-linux-gnueabihf --host=arm-linux-gnueabihf --target=arm-linux-gnueabihf
Thread model: posix
gcc version 4.6.3 (Debian 4.6.3-14+rpi1)
 
  • Like
Reactions: Ennea and Vappy

Vengenceonu

Revenge is beneath me but accidents do happen.
Member
Joined
Jun 20, 2013
Messages
2,211
Trophies
2
Location
The C Standard Library
XP
2,326
Country
United States
I wonder if the R4i team will see this thread and start offering "R4i Deluxe Unbricking Service... now with Ramble Pak"

On another note: So the only way the unbricking can be done is with Any micro-controller/mini computer (i.e Rasberry pi, beaglebone, arduino?) Hopefully a more user friendly method will reveal itself.
 

keithbeat

Member
Newcomer
Joined
Jul 20, 2009
Messages
15
Trophies
0
XP
125
Country
United States
I guest that's how its done in the EAST but here in the WEST we don't put kill code in or product case in point "team xecuter " their product are clone all the time they just have good product awesome staff and awesome forum if you need help someone is always their so they don't have to worry about customers they will have one for life !!we are not fighting for the same cooked RAT burger here in the west were we don't have to do sh!t like that GATEWAY !!!!
 

lordofthereef

Well-Known Member
Member
Joined
Dec 9, 2013
Messages
879
Trophies
0
Age
38
Location
Boston, MA
XP
343
Country
United States
I have a raspi and would be happy to do unbricking for people in the US at my cost (shipping, wires, etc... so a couple bucks). Or you can send me the card adapter with your 3DS and pay for return shipping. Have already done just the nand dump mod for a few people here.

Would need some small amount of directions for the raspi flash though.
 

krisztian1997

Well-Known Member
Member
Joined
Dec 14, 2013
Messages
370
Trophies
0
Age
27
XP
300
Country
Romania
I have a raspi and would be happy to do unbricking for people in the US at my cost (shipping, wires, etc... so a couple bucks). Or you can send me the card adapter with your 3DS and pay for return shipping. Have already done just the nand dump mod for a few people here.

Would need some small amount of directions for the raspi flash though.
bkiff is gonna release some intructions and his own kernel when the code is stable enough for end user use
 

Sparks43

Well-Known Member
Newcomer
Joined
Jan 1, 2014
Messages
77
Trophies
0
XP
150
Country
Sweet Great work guys.

Could this be a step towards either hacking the 3ds fully or a possible firmware downgrade.

Either way its brilliant to see a solution to bricked 3ds systems
 

Wisenheimer

Well-Known Member
Member
Joined
Sep 23, 2013
Messages
377
Trophies
0
Age
35
XP
246
Country
United States
I like how ethical hackers are so good at rooting out the unethical ones and fixing their malicious code.

I wonder if something like this could be used to permanent rewrite the firmware to something custom.
 

Wisenheimer

Well-Known Member
Member
Joined
Sep 23, 2013
Messages
377
Trophies
0
Age
35
XP
246
Country
United States
Downgrading wont be possible with the efuses in place


I don't know much about architecture? Do the efuses disable the parts of the chip where the firmware is located if an encryption key or something of that nature is not provided?
 

ryuga93

Well-Known Member
Newcomer
Joined
Mar 8, 2011
Messages
96
Trophies
0
XP
159
Country
Malaysia
Maybe I can offer unbricking service on my country and test it on arduino lol.so, who needs unbricking in Malaysia? :lol:
 

Duo8

Well-Known Member
Member
Joined
Jul 16, 2013
Messages
3,613
Trophies
2
XP
3,009
Country
Vietnam
I like how ethical hackers are so good at rooting out the unethical ones and fixing their malicious code.

I wonder if something like this could be used to permanent rewrite the firmware to something custom.

Doubt that. This has nothing to do with the encryption.
Downgrading wont be possible with the efuses in place

So it's confirmed that the 3DS has efuses?
 

3bbb7

Well-Known Member
Member
Joined
Jun 28, 2012
Messages
797
Trophies
0
XP
501
Country
United States
awesome. Maybe people who get their consoles unbricked will learn to stop trusting companies who appear out of nowhere.
 

YoshiInAVoid

Banned!
OP
Banned
Joined
Jan 10, 2011
Messages
560
Trophies
1
Website
google.com
XP
465
Country
Sure. The default kernel used in raspberry pi linux distributions has drivers for the SD slot integrated (else one couldn't run the default setup from SD card). In order to "abuse" the SD slot for unbricking those drivers mustn't be there as they would interfere with the communication. and as those drivers are built into the usual kernel images and not loaded as modules (external driver files) one has to use a custom built kernel without said SD/MMC drivers. You can find guides on compiling/building your own raspberry kernel, I will release a ready to flash linux image in a few days.

edit: somehow I mised a quite important "not" there... (in regards "not as modules")



strange, i don't link any libs explicitly and on the rasppi i don't have any c host flags set up. let me investigate.

edit: usleep and useconds_t should be defined in unistd.h. my built in compiler options:
Code:
root@SpillPassPi:~/perverseunbrick# gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/arm-linux-gnueabihf/4.6/lto-wrapper
Target: arm-linux-gnueabihf
Configured with: ../src/configure -v --with-pkgversion='Debian 4.6.3-14+rpi1' --with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.6 --enable-shared --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.6 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --enable-plugin --enable-objc-gc --disable-sjlj-exceptions --with-arch=armv6 --with-fpu=vfp --with-float=hard --enable-checking=release --build=arm-linux-gnueabihf --host=arm-linux-gnueabihf --target=arm-linux-gnueabihf
Thread model: posix
gcc version 4.6.3 (Debian 4.6.3-14+rpi1)
Would it be possible for you to provide a pre-compiled binary? Also, I'd like your modified Raspbian OS which disables SD / MCC drivers.
 

krisztian1997

Well-Known Member
Member
Joined
Dec 14, 2013
Messages
370
Trophies
0
Age
27
XP
300
Country
Romania
Would it be possible for you to provide a pre-compiled binary? Also, I'd like your modified Raspbian OS which disables SD / MCC drivers.

He already mentioned that he will provide a pre-compiled debian with removed drivers and all the unnecessary stuffs
 

bkifft

avowed Cuthwaldian
Member
Joined
Jun 10, 2010
Messages
613
Trophies
0
XP
625
Country
Gambia, The
Would it be possible for you to provide a pre-compiled binary? Also, I'd like your modified Raspbian OS which disables SD / MCC drivers.

Currently I'm working on getting an as small as possible raspian image done (780 MB atm) as my upstream speed sucks balls and i don't want to wait 20h for the upload to finish.

Tomorrow or wednesday I should receive my MMC card to "refine (a blatant euphemism for throw out of the window and rewrite) my code.

I've already taken wednesday to friday off (gotta burn some of my overhours anyway and this project is a good reason to finally do it.)

So there should be a not-yet-public beta version available soon and the public release soon+a bit longer (see what i did there, GW?).

Edit: if you'd be willing to participate in said closed beta I'll gladly send you the links.
 
  • Like
Reactions: Vappy
Status
Not open for further replies.

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    BakerMan @ BakerMan: hey qwerty look at that you ain't the youngest here anymore