Hacking 3DS update process analyzed

[wuebas]

Then only remains to find an exploit or load additional kernel from the cartridge to allow read 3ds roms

 

[Coto]

should it be a good start looking at this?

http://gbatemp.net/index.php?act=findpost&...amp;pid=3557830

Since bushing did some sort of that while using tweezers to let "sniff" the whole ram, including assembly to access chipset onboard the wii. Well, what could happen if while 3DS communicates between wii (Transferring miis (dont know if is it possible yet), downloading signed stuff, etc) and someone like bushing do exactly the same, when he hacked the first wii and sniff code while transferring stuff to 3DS?

 

[Cyan]

I'm not sure if sniffing transmitted data between 2 (3)DS, or a (3)DS/wii is easy.
First your computer/wifi card/driver have to be compatible with promiscuity mode : Sniffing wifi packets not destined for your its own network MAC address.
Some cards can do it, and usually using Linux only.
It's usually used to hack WEP.

Second, the NiFi (wifi for DS local play) transmitted data is not a full TCP/IP packet, it's missing the IP layer, as it doesn't need to go through internet, the DS don't need an IP to communicate with another DS.
The sniffing software should be able to analyze this "cropped" packets and follow the streams nevertheless.
a NiFi driver exists for XP and 2k, but I think the flaw enabling Download play with a computer got patched in DSlite. Tell me if I'm wrong about Wifime.


Though, the transmitted data analysis done on the Wii side, using homebrews acting as the Mii channel, is a good idea. But I don't know if it's a working idea. Wii devs will have to comment about it and try it.
But if it was a good idea, I'm sure someone already used it to hack the DSi.

 

[Coto]

I'm not sure if sniffing transmitted data between 2 (3)DS, or a (3)DS/wii is easy.
First your computer/wifi card/driver have to be compatible with promiscuity mode : Sniffing wifi packets not destined for your its own network MAC address.
Some cards can do it, and usually using Linux only.
It's usually used to hack WEP.

Second, the NiFi (wifi for DS local play) transmitted data is not a full TCP/IP packet, it's missing the IP layer, as it doesn't need to go through internet, the DS don't need an IP to communicate with another DS.
The sniffing software should be able to analyze this "cropped" packets and follow the streams nevertheless.
a NiFi driver exists for XP and 2k, but I think the flaw enabling Download play with a computer got patched in DSlite. Tell me if I'm wrong about Wifime.


Though, the transmitted data analysis done on the Wii side, using homebrews acting as the Mii channel, is a good idea. But I don't know if it's a working idea. Wii devs will have to comment about it and try it.
But if it was a good idea, I'm sure someone already used it to hack the DSi.

No. I meant the process bushing used to access wii RAM the first time. And while Wii communicates with 3DS (thanks to Nintendo Channel update), dump the whole assemby code being built by Wii to a computer using a debugger, it may lead to something good.

 

[Gnargle]

Brute Force a Private key? Let me put it this way, if they used 256 bit encryption, the number of variables is roughly equal to the number of atoms in the universe! Someone brute forced a 64 bit key and it took them 5 years with some heavy duty computers, 256 vs 64 bit encryption is a billion trillion (or something to that affect... MUCH MUCH MORE SECURE) times more difficult to bypass. It would take 200 years with all the computers in the world working on it present and future. Hopefully it is just leaked, or more plausible, we find ways around the encryption tricking the system to accept unencrypted code....

Honestly, you have a horrible understanding of atoms, the universe, and about cryptology. It isn't the amount of variables, it's the amount of possible keys. There actually isn't all that many variables at all in encryption, from a programming standpoint, that is if YOU understand what a variable actually is. And 200 years is really low balling that guesstimate. Brute forcing could possibly take a heck of a lot longer, in theory. That is if you don't get lucky and find the right key within a certain period of time. But usually when people figure the amount of time to bruteforce a key, they figure the amount of time it would take to try every possible key. In reality, no one knows at what point the key would be found. It could be found in five minutes or 500 years.

The 3DS will be cracked. I highly doubt it will take long. I expect a few months at the most. The problem is, people will crack it, but many of them will keep that info to themselves and never publicly release it.

if a PC takes 500 years, 500 pcs for 1 year
1000 pc - 6 months
6000 pc - 1 month
This post has 8,013 visits. if each user runs a program of the brute force partitioning key ranges in 20 days or less appear the key

That's not how it works, at all.

 

[Tom]

???Why would you post the links if you don;t want to share the data,no offense,but you can just but the url into the browser and download it

 

[Deleted User]

Maybe someone should harness the power of many computers through a voluntary process and we could all pitch into this cracking thingy.
/doesn't know anything in the help of "it might help"

 

[dark_day]

Anyone have any knowlege of setting up a folding server for the key? oh and btw, you can use a decent graphics card / cards to crack SHA keys. i've got a setup using my 2 5870's and an i7 to crack wpa keys. I can get something like 60 000 per second using my setup.

You can use pyrit in linux or elcomsoft Wireless Security Auditor in windows for GPU acceleration.

I know bruteforce is a terrible terrible idea, but eh if it makes people feel usefull i say go nuts.

 

[thela_kid]

Anyone have any knowlege of setting up a folding server for the key? oh and btw, you can use a decent graphics card / cards to crack SHA keys. i've got a setup using my 2 5870's and an i7 to crack wpa keys. I can get something like 60 000 per second using my setup.

You can use pyrit in linux or elcomsoft Wireless Security Auditor in windows for GPU acceleration.

I know bruteforce is a terrible terrible idea, but eh if it makes people feel usefull i say go nuts.

i have 5870 too, how do you utilize the gpu?

 

[dark_day]

I've only used my GPU(s) as an accelerator to crack WPA and WPA2 encryption using a dictionary based attack. There are tutorials all over the net for this, google it.
I imagine the same or simmilar methods can be used to bruteforce a 3ds key, assuming someone manages to figure out how the key is salted.

 

[jwcgator]

There are only 115792089237316195423570985008687907853269984665640564039457584007913129639936 possible keys (in 256 bit encryption), so if we get say 1000 people to try and brute force at 60,000 keys per second it would only take about 61195717718013379113590280424851972271515085756828473300068484 years max to find the right key.

 

[thela_kid]

There are only 115792089237316195423570985008687907853269984665640564039457584007913129639936 possible keys (in 256 bit encryption), so if we get say 1000 people to try and brute force at 60,000 keys per second it would only take about 61195717718013379113590280424851972271515085756828473300068484 years max to find the right key.

all right folks. let's get started

oh wait....I left my time stopper at home

 

[dark_day]

ok ok, point taken

 

[jwcgator]

Oh hey, look at it this way though: If we increase the amount of people doing 60,000 calculations per second to say, 1 billion people, it would only take 61195717718013379113590280424851972271515085756828473300 years!

 

[BlueStar]

But you have just as much chance at guessing it right on the first try as you do on the last, so maybe it'll only take a minute or so.

 

[popoffka]

But you have just as much chance at guessing it right on the first try as you do on the last, so maybe it'll only take a minute or so.

That's not true, because with every try the number of possible keys that you haven't checked yet decreases by 1 (i.e. on the last try the possibility is 100%).

 

[totalnoob617]

yea but i see what he is saying , you could conceivable ,just get really really lucky,and guess it really earl on if not on your first try them maybe a month in or a day in or week in ,in your attempt to search for it
hey why not try a psychic, police use them all the time
or you could get the plans for those machines that the U.S. government and the russians built that are supposed to increasce psychic ability , and facilitate "remote viewing" maybe you could build one and remote view the keys ,or maybe you can astra travel in to miyamotos briefcase or ninty's HQ in japan to the safe where they keep all the keys and remote view them ,or a game devs studio that has the keys
well 2 diffeerent techniques i think ,remote viewing, and asta travel ,
i wonder how long this new japanese supercomputer would take running at 100% to do it, its faster than the supercomputer that the chinese just had that surpassed the U.S. supercomputer as the fastest in the world

 

[Link5084]

I hope 3DS hacking goes a long way

 

[cherryduck]

How exactly did you sniff thes files? If I use Wireshark all I can see are ARP and DNS requests but none of the specifics, ie what files are downloaded, and if I try ARP poisoning the 3DS won't connect :-(

 

[rickdgray]

Be realistic, guys. Brute forcing is obviously not even plausible. The only option we have is to get creative and do some research on the hardware. Just quit bringing it up and getting hopeful and confusing other people. It's not gonna happen.