Chat that might be useful for future exploits

Discussion in '3DS - Homebrew Development and Emulators' started by Psi-hate, Dec 29, 2014.

Thread Status:
Not open for further replies.
  1. Psi-hate
    OP

    Psi-hate GBATemp's Official Psi-Hater

    Member
    1,621
    1,035
    Dec 14, 2014
    United States
    Houston
    why dont we just fukkin use homepass lol
    [12/28/2014 11:52:38 PM] TheBoxGamer: anyways
    [12/28/2014 11:52:57 PM] TheBoxGamer: ninjhax gives you acess to services right
    [12/28/2014 11:52:59 PM] Psi-Hate: Yea
    [12/28/2014 11:53:24 PM] TheBoxGamer: which means we change the update service
    [12/28/2014 11:53:40 PM] TheBoxGamer: and change the MD5 hash
    [12/28/2014 11:53:49 PM] Psi-Hate: Explain
    [12/28/2014 11:53:57 PM] TheBoxGamer: and then you remove the sdcard
    [12/28/2014 11:54:04 PM] TheBoxGamer: and mod the firmware
    [12/28/2014 11:54:20 PM] TheBoxGamer: then you thake the hash from that
    [12/28/2014 11:54:56 PM] TheBoxGamer: and mod the update service to download the update hash from your site
    [12/28/2014 11:55:26 PM] TheBoxGamer: and then use a system update
    [12/28/2014 11:55:42 PM] TheBoxGamer: with the cfw
    [12/28/2014 11:56:05 PM] TheBoxGamer: or you know
    [12/28/2014 11:56:27 PM] TheBoxGamer: you can just use the swapnote debug mode enabler
    [12/28/2014 11:56:45 PM] Psi-Hate: So what does this allow you to do?
    [12/28/2014 11:56:49 PM] TheBoxGamer: to enable dev mode
    [12/28/2014 11:57:18 PM] Psi-Hate: And with dev mode?
    [12/28/2014 11:57:40 PM] TheBoxGamer: install software with out an game
    [12/28/2014 11:58:42 PM] TheBoxGamer: its been inthere since the 3dses release
    [12:00:08 AM] Psi-Hate: Install what software? Can you do some stuff like kernel exploits and stuff?
    [12:00:36 AM] TheBoxGamer: any fukkin thing
    [12:00:44 AM] Psi-Hate: Dude no way
    [12:00:49 AM] TheBoxGamer: though
    [12:01:01 AM] Psi-Hate: Does smea know this?
    [12:01:20 AM] TheBoxGamer: no but um
    [12:01:23 AM] TheBoxGamer: wait
    [12:01:24 AM] TheBoxGamer: WAT
    [12:01:45 AM] TheBoxGamer: nothing = When combined with other flaws: ARM11-kernelmode code execution
    [12:03:16 AM] Psi-Hate: What's with that
    [12:03:30 AM] TheBoxGamer: idk
    [12:04:34 AM] Psi-Hate: So with custom firmware, could you possibly insert your findings to ninjhax?
    [12:05:15 AM] Psi-Hate: Like unlock Kernel mode with cfw and update ninjhax with it?
    [12:05:22 AM] TheBoxGamer: well, ninjhax would need a service to allow update modifaction but theeeen
    [12:05:27 AM] TheBoxGamer: shudder shudder
    [12:05:33 AM] TheBoxGamer: 3ds viruses
    [12:05:39 AM] TheBoxGamer: shudder shudder
    [12:05:46 AM] Psi-Hate: Oh jeez
    [12:06:17 AM] Psi-Hate: How would viruses develp?
    [12:08:12 AM] TheBoxGamer: simple
    [12:08:54 AM] TheBoxGamer: replace the system with nothing
    [12:09:25 AM] Psi-Hate: That'd fuckin suck
    [12:09:40 AM] TheBoxGamer: you do reallize we could install win95 on to that if we had that service
    [12:09:48 AM] Psi-Hate: Lol
    [12:09:59 AM] TheBoxGamer: or xp
    [12:10:23 AM] Psi-Hate: Well would the site be like, open to everyone to change?
    [12:10:35 AM] TheBoxGamer: meh
    [12:10:38 AM] TheBoxGamer: im tired
    [12:10:48 AM] Psi-Hate: Oh okay.
    [12:11:08 AM] Psi-Hate: So any improvements with the site or are you off to bed
    [12:11:32 AM] TheBoxGamer: not off yet but
    [12:11:36 AM] TheBoxGamer: anyways
    [12:11:46 AM] TheBoxGamer: there are still unpatched exploits too
    [12:13:17 AM] Psi-Hate: What about them?
    [12:13:29 AM] Psi-Hate: Are you talking about smeas
    [12:13:35 AM] TheBoxGamer: all kernal exploits
    [12:13:36 AM] Psi-Hate: Or something else
    [12:13:38 AM] TheBoxGamer: UNPATCHED
    [12:13:45 AM] TheBoxGamer: as in working on 9.4
    [12:13:52 AM] Psi-Hate: Holy
    [12:13:58 AM] Psi-Hate: How do you access?
    [12:14:06 AM] TheBoxGamer: oh
    [12:14:22 AM] TheBoxGamer: they arent truely exploited
    [12:14:24 AM] TheBoxGamer: but
    [12:14:28 AM] TheBoxGamer: its a thing
    [12:14:46 AM] TheBoxGamer: petit computer can exploit too
    [12:14:56 AM] TheBoxGamer: you can force crach the game
    [12:15:02 AM] Psi-Hate: What do you mean?
    [12:15:35 AM] TheBoxGamer: when the game crashes, it has too reboot out of ds emunand
    [12:15:47 AM] TheBoxGamer: theres a breif exploitable period
    [12:16:16 AM] Psi-Hate: And is there a way you can use the exploit to run a kernel access hack?
    [12:16:41 AM] TheBoxGamer: probally
    [12:16:52 AM] TheBoxGamer: the same way gate way does it
    [12:17:14 AM] TheBoxGamer: and PC is THE ONLY DS game you can crash
    [12:17:49 AM] Psi-Hate: Can ninjhax copy the exploit?
    [12:18:08 AM] TheBoxGamer: probs
    [12:18:45 AM] Psi-Hate: I'm suprised that nobody has tried
    [12:18:55 AM] TheBoxGamer: its a niche game
    [12:19:13 AM] TheBoxGamer: but its decent
    [12:19:17 AM] TheBoxGamer: unlike CN
    [12:20:05 AM] TheBoxGamer: and crashmo has an SDCARD save game
    [12:20:19 AM] Psi-Hate: Which does?
    [12:20:23 AM] *** ***
    [12:21:56 AM] Psi-Hate: What can you do with it?
    [12:22:07 AM] TheBoxGamer: mod it
    [12:22:17 AM] Psi-Hate: Ohh
    [12:22:19 AM] TheBoxGamer: faq i have that game
    [12:22:24 AM] TheBoxGamer: im try something
    [12:22:55 AM] TheBoxGamer: wait no i dont
    [12:23:17 AM] Psi-Hate: What could you do by hacking the savegame?
    [12:23:44 AM] TheBoxGamer: what can you do by hacking cns savegame
    [12:25:51 AM] Psi-Hate: Is that what ninjhax does
    [12:25:58 AM] TheBoxGamer: mhm
    [12:26:13 AM] Psi-Hate: So use homebrew launcher?
    [12:26:28 AM] TheBoxGamer: yep
    [12:26:54 AM] Psi-Hate: What would be the differece?
    [12:27:20 AM] TheBoxGamer: we would need a compatible save game
    [12:28:09 AM] Psi-Hate: Explainm
    [12:28:26 AM] TheBoxGamer: we would need a modded save game
    [12:28:48 AM] TheBoxGamer: we can do this with pokemon's phtcache
    [12:28:52 AM] TheBoxGamer: or better yet
    [12:29:25 AM] TheBoxGamer: the systems phtcache
    [12:32:03 AM] Psi-Hate: Explain more please this is way too interesting
    [12:36:18 AM] TheBoxGamer: hm
    [12:37:18 AM] TheBoxGamer: what are the possible exploits i have thought of
    [12:38:04 AM] TheBoxGamer: forced exsplot, phtcache, pokemon, crashmo, petit computer
    [12:38:31 AM] Psi-Hate: Will you ever try them?
    [12:38:40 AM] TheBoxGamer: no
    [12:38:55 AM] TheBoxGamer: though your welcome to report my findings to the fourms
    [12:39:25 AM] TheBoxGamer: just give me credit
     
  2. Psi-hate
    OP

    Psi-hate GBATemp's Official Psi-Hater

    Member
    1,621
    1,035
    Dec 14, 2014
    United States
    Houston
    SOOOO Yeah something about more exploits that might be possible. Hopefully William341's info helps in any way.
     
  3. william341

    william341 Last remaining VinsClone

    Member
    385
    203
    Dec 26, 2014
    United States
    the boxgamer is me
     
  4. mastermodr94

    mastermodr94 GBAtemp Regular

    Member
    136
    84
    Dec 3, 2014
    United States
    What is the swapnote debug enabler?
     
  5. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy

    Member
    1,961
    3,231
    Nov 18, 2012
    United States
    Las Vegas
    Sigh, so much cringe in here. This might be the next kennel exploit joke for a while...

    First things first, you can't just modify a service. Doesn't work that way, let alone modify the system update service with anything. Second, you can't just modify a savegame off the SD card, they are all encrypted with a console-specific key, meaning that even if you wanted to you couldn't just hack the save file and do that. You'd need a kernel exploit in the first place to get xorpads + other things for your console and your console only, decrypt, add your payload, and re-encrypt.

    Also,
    Win95 runs on an x86 instruction set, not ARM. Same with XP. So there ain't no way you could just run Windows on a 3DS. Not to mention drivers and all that crap.
     
  6. Psi-hate
    OP

    Psi-hate GBATemp's Official Psi-Hater

    Member
    1,621
    1,035
    Dec 14, 2014
    United States
    Houston
    Oy, not to have a go or anything but eh, he told me nothing of what he really knew. Practically he told me some stuff that he thought about but refused to, you know, tell me real info that would've been useful. ;3;
     
  7. Psi-hate
    OP

    Psi-hate GBATemp's Official Psi-Hater

    Member
    1,621
    1,035
    Dec 14, 2014
    United States
    Houston
    Still, practically we were just saying that running code isn't that hard and we can access things easily that really should give us something to work on. The chat we had kinda just happened for a few minutes, obviously not going to an actual representation of what we had thought. Kinda like a crack joke, as what most we were saying was complete BS if that wasn't obvious enough.
     
  8. Psi-hate
    OP

    Psi-hate GBATemp's Official Psi-Hater

    Member
    1,621
    1,035
    Dec 14, 2014
    United States
    Houston
    You could say it's more of a midnight ramble of what we could try experimenting with. To be honest I had no clue as to what we were talking about when saying things about Windows OS (Pretty obvious that it wouldn't be easily achievable, right?)
     
  9. Psi-hate
    OP

    Psi-hate GBATemp's Official Psi-Hater

    Member
    1,621
    1,035
    Dec 14, 2014
    United States
    Houston
    So, eh. Just a suggestion so don't get mad, K? :)
     
  10. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,445
    4,761
    Mar 17, 2010
    Norway
    Alola
    It would be a start if you don't quadruple post.
     
  11. Duo8

    Duo8 I don't like video games

    Member
    3,438
    1,138
    Jul 16, 2013
    tl;dr. Shorten it for me so I can find what to cringe to.
     
  12. NCDyson

    NCDyson Hello Boys...

    Member
    271
    113
    Nov 9, 2009
    United States
    the entire thing.

    I'm not trying to be 100% a dick here, but not a single bit of that would work. To run any unsigned code on the 3ds you need some sort of exploit, to modify any of the system's code, you need a kernel exploit, and the one that was publicly known has been patched for a long time. Anybody who has the skills to find another one, or be in the good graces of the people who do have the skills to find one wouldn't(and shouldn't) be "midnight rambling" like that, even if they were higher than a kite.

    In order to sign any code(or system uppdates, or whatever) to run without an exploit, you'd need Nintendo's keys, which you're not going to get short of some serious Espionage, Technology that doesn't exist yet, Psychic powers, or a deal with the King of Hell. Also you'd need an ungodly amount of luck.

    Can we get a close please?
     
  13. william341

    william341 Last remaining VinsClone

    Member
    385
    203
    Dec 26, 2014
    United States
    yep, I basically reallized the whole thing was stupid so, ignore it.
     
  14. Rinnegatamante

    Rinnegatamante GBAtemp Psycho!

    Member
    3,127
    3,260
    Nov 24, 2014
    Italy
    Bologna
    http://wololo.net/hacking-portal/

    Just to let know you how hard could be find and sets up only a simple usermode exploit (like ninjhax) (and take note that for PSP we know everything (how to decrypt, encrypt savedata for example, we can debug our crashes etc...) and we have an opensource binary loader like HBL easily portable to every usermode exploit).
     
  15. titegtnodI

    titegtnodI Advanced Member

    Newcomer
    82
    67
    Nov 25, 2014
    Canada
    I don't mean to sound offensive but it sounds like you guys are just starting out and only really know what's going on, on a pretty high level. You should probably observe more of what's going on, on the popular #3dsdev channels, and maybe look into how other consoles were exploited on a lower level. There's a plethora of information on hacking the ePSP on wololo.net which is probably a great start.

    Edit:

    win95 isn't ARM based lmfao, it's x86.
     
  16. raulpica

    raulpica With your drill, thrust to the sky!

    Supervisor
    11,020
    7,329
    Oct 23, 2007
    Italy
    PowerLevel: 9001
    Since this thread is a big "NOPE", it's now locked.
     
Thread Status:
Not open for further replies.