1. TwinRetro

    TwinRetro Former Staff
    Former Staff

    Joined:
    Aug 29, 2008
    Messages:
    6,256
    Country:
    Djibouti
    Ah. That makes a lot of sense. Cool.
     
  2. CollosalPokemon

    CollosalPokemon ばん。。。かい
    Member

    Joined:
    Oct 18, 2009
    Messages:
    682
    Country:
    United States
    Or an exploit. I think it is more of a lib3ds. It's important for homebrew, but it does require an exploit. If an exploit comes the RSA wouldn't matter.
    I still think it's good that this is getting done ahead of time, 'cause the 3DS scene doesn't exactly know everything about CXIs yet. (even though you're right, the hardware guys will be the ones to exploit/allow exploits to be made)
     
  3. SifJar

    SifJar Not a pirate
    Member

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    I don't think it's really a "lib3ds", more of just a compiler as I understand. In other words, you provide it with all the raw materials, and it'll turn them into a CXI. lib3ds implies an SDK with a bunch of functions specific for the 3DS etc. I don't think there's such a library with any such functions.
     
    1 person likes this.
  4. Foxi4

    Foxi4 On the hunt...
    Global Moderator

    Joined:
    Sep 13, 2009
    Messages:
    26,150
    Country:
    Poland
    I'm just wondering why he assumes that this image is actually correctly compiled code. Sure, it falls right into the categories, but he can't test it on actual hardware since he can't encrypt or sign it.

    What about hardware adresses? How does he even know that the binary would run if signed if he has no idea what exactly he's coding? Hell, even the CPU appears to be custom-made for Nintendo, even if he used ARM Assembly, he has no guarantee that the code would actually work.

    At this point, this is sort of... "junk", really.

    It's like taking some random code, slapping a DS header onto it and calling it an .nds binary. It's not - it's junk code with a header on it.
     
  5. Rydian

    Rydian Resident Furvert™
    Member

    Joined:
    Feb 4, 2010
    Messages:
    27,880
    Country:
    United States
    Yeah this isn't a library, it's about the executable format itself.

    And yeah the project in general is old news, this is just an update, but it's not an exploit. In order for it to be usable, an exploit would have to be made, then we'd have to make proper programs, this is step 2 with no step 1. A good thing still.
     
    1 person likes this.
  6. Cyan

    Cyan GBATemp's lurking knight
    Former Staff

    Joined:
    Oct 27, 2002
    Messages:
    23,160
    Country:
    France
    2 people like this.
  7. Deltaechoe

    Deltaechoe The Dopefish
    Member

    Joined:
    May 3, 2012
    Messages:
    511
    Country:
    United States
    Neimod is going to have to finish his work before these teams are going to be able to contribute anything useful. However once the system keys are spit out, the scene will explode from what I have seen (pun not intended)
     
  8. ferofax

    ferofax End of the World
    Member

    Joined:
    Jan 26, 2009
    Messages:
    2,566
    Country:
    if it's for Homebrew Bounty, it means it's a homebrew. which means he probably managed to crack a window. i don't see how an exploit can qualify as homebrew though.
     
  9. SifJar

    SifJar Not a pirate
    Member

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    Maybe I'm being stupid, but what pun?
     
    1 person likes this.
  10. Deltaechoe

    Deltaechoe The Dopefish
    Member

    Joined:
    May 3, 2012
    Messages:
    511
    Country:
    United States
    scene -> seen(pun)

    (yes seen is a member function of scene rawr)
     
  11. reaper527

    reaper527 GBAtemp Regular
    Member

    Joined:
    Aug 22, 2011
    Messages:
    105
    Country:
    United States
    do we know for a fact that he can't run his compiled code? more specifically, while he can't just put his output on a retail 3ds and go to town with it, he might able to make some verifications using a 3ds dev unit if he has access to one. [/hypothetical]
     
  12. Sicklyboy

    Sicklyboy #JOYCONBOYZFOREVER
    Global Moderator

    Joined:
    Jul 15, 2009
    Messages:
    5,935
    Country:
    United States
    Allow me to retort.

    How do you propose one runs unsigned code?
     
  13. reaper527

    reaper527 GBAtemp Regular
    Member

    Joined:
    Aug 22, 2011
    Messages:
    105
    Country:
    United States

    it was a hypothetical question because i am uncertain about the security on a dev unit (which realistically probably does run unsigned code). i was hoping someone more familiar with those kits could chime in with an answer about if he would be able to test his output on a dev unit
     
  14. CollosalPokemon

    CollosalPokemon ばん。。。かい
    Member

    Joined:
    Oct 18, 2009
    Messages:
    682
    Country:
    United States
    Nope. They still need signed code. (of course the signing and encryption keys for Dev-Units are different than retail units' keys)

    However, all CTR (3DS) SDK software contains universal SD card signing keys. (Dev-Unit NAND signing keys (different than Retail-Unit NAND signing keys) have to be obtained separately, but not terribly difficult to obtain for Dev-Units)
    The Dev-Unit NAND keys are also universal, it's just most developers don't need NAND access so it's not included in the SDK by default.
     
    1 person likes this.
  15. reaper527

    reaper527 GBAtemp Regular
    Member

    Joined:
    Aug 22, 2011
    Messages:
    105
    Country:
    United States
    i see, so in other words, since we have a universal signing key, the dev unit may require signed code, but we can sign it ourselves? (meaning the main point of my post was accurate?)
     
  16. CollosalPokemon

    CollosalPokemon ばん。。。かい
    Member

    Joined:
    Oct 18, 2009
    Messages:
    682
    Country:
    United States
    Well yes, provided a developer leaks his keys (or the SDK is leaked because it also contains Dev SD keys - DIFFERENT THAN RETAIL SD KEYS)
    The Dev NAND keys, well, only a handful of them are distributed so those are less likely to be leaked. It could happen, but not every developer has the NAND keys. And actually there are several different NAND keys for different purposes. I heard a few of those Dev NAND keys aren't really distributed much, if at all. (I assume the NAND keys to make firmware for the DevUnit are very rarely distributed to Developers, for instance)

    Basically:

    1 key for DevUnit SD import
    (3? Maybe more?) keys for DevUnit NAND importing

    The DevUnit NAND keys all allow importing to the NAND, but depending on which one was used to sign it may import for different purposes. (NAND Application, NAND System, Firmware, ect)
    The keys are indeed universal for DEV UNITS ONLY. The keys CANNOT be used on retail units. So, I could, for example, have a friend with a dev unit and send him an application I make and it'll work on both my unit and his without changing signing keys. The only exception is older dev units cannot import to the SD card (but they can be upgraded with software to newer revs and after they're upgraded they can import to the SD) so if I had a unit that could import to the SD, and my friend had an older unit where SD importing wasn't available, I would have to have and resign my application to import to the NAND so he could use my application.

    The keys are universal, but the code isn't unsigned. (you'd still need to obtain the keys though, with DevUnit SD being the "easiest" to get) The main point of your post was that DevUnits can run unsigned code, which isn't accurate.
    Also we don't have the universal signing keys for DevUnits yet, though. Or at least they aren't leaked publicly. Even if we did have them they wouldn't work on a retail unit.

    This doesn't mean Xcution's contribution is worthless; it just means he's getting a head start so by the time an exploit comes we'll already be able to make homebrew. (an exploit would not check the signing keys)
     
    1 person likes this.
  17. reaper527

    reaper527 GBAtemp Regular
    Member

    Joined:
    Aug 22, 2011
    Messages:
    105
    Country:
    United States
    i see, thanks for elaborating. (my main point was actually if it was possible for him to test his work on a dev unit, the whole unsigned code aspect was just the premise i incorrectly used to reach that conclusion). i hadn't realized that the universal signing key hadn't leaked. when i saw your first post mentioning a universal signing key, i assumed it is something that had been leaked and made available.

    i also wasn't necessarily referring to the average user being able to use Xcution's work on retail (because obviously an exploit would be needed for that), but just if there was some feasible way for him to test it at all to verify that it does what its supposed to do (since my post was in response to someone saying there is no way for him to test it). since the universal signing keys aren't available, i guess using a dev unit to test would be out of the question.
     
    1 person likes this.
  18. Rydian

    Rydian Resident Furvert™
    Member

    Joined:
    Feb 4, 2010
    Messages:
    27,880
    Country:
    United States
    The lack of ability to test is what called this project into question a few times before.
     
  19. shawnanastasio

    shawnanastasio Advanced Member
    Newcomer

    Joined:
    May 15, 2011
    Messages:
    98
    Country:
    United States
    If the SDK comes with a 3DS emulator (It most likely does), and is able to run unsigned code, thats a way to test it... That is, if the SDK gets leaked..
     
  20. nukeboy95

    nukeboy95 Old skool member
    Member

    Joined:
    Aug 24, 2010
    Messages:
    2,275
    Country:
    United States
    what are the odds of sdk getting leaked

    nintendo wud never let that get leaked and who ever leaked it nintendo wud kill
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - development, CiTRUS,