Toggle sidebar

Hacking Config Application

  • Thread starter Thread starter Relys
  • Start date Start date
  • Views Views 3,814
  • Replies Replies 20
Relys

Relys

^(Software | Hardware) Exploit? Development.$
Member
Level 7
Joined
Jan 5, 2007
Messages
878
Reaction score
803
Trophies
1
XP
1,259
Country
United States
Note: Please do not attempt to mess around with the Config Menu options without a hardware NAND mod until these functions are confirmed safe.

I noticed that the Config Menu application:

http://3dbrew.org/wiki/3DS_Development_Unit_Software#Config

Has the option to boot into Test Menu (which is a limited alternative to Home Menu):

http://3dbrew.org/wiki/3DS_Development_Unit_GUI#Test_Menu

Allegedly it allows booting from slot1 devices and the Dev Menu (which can be used to launch CIAs). The interesting thing about the Test Menu is that there is alleged screenshot support.

I do not have a NAND mod anymore (I had to remove it to replace my LCD screen), so I was wondering if someone who does could test it out and report back if these features are safe. Since the Home Menu is unloaded I would suspect that the Test Menu would be operating outside of our emunand environment, but I'm not certain. Hell, I don't even know if the Test Menu exists on retail units (is it part of the application or part of the firm)???

Edit: Found some more information regarding it:
http://3dbrew.org/wiki/NS#Alternate_menu

Does anyone know if this title has been dumped? It may still be on the NAND depending on the method of deletion.

Note: Please do not attempt to mess around with the Config Menu options without a hardware NAND mod until these functions are confirmed safe.
 
It probably is firmware rooted but if it is able to be booted from nand (I don't see why it wouldn't be possible) this will be a big leap for the community.
 
Link999123 said:
It probably is firmware rooted but if it is able to be booted from nand (I don't see why it wouldn't be possible) this will be a big leap for the community.
Click to expand...


Found some more information regarding it:
http://3dbrew.org/wiki/NS#Alternate_menu

Does anyone know if this title has been dumped? It may still be on the NAND depending on the method of deletion.
 
  • Like
Reactions: Link999123
"When launching the regular menu fails, NS will then attempt to launch the alternate menu. This title could be used as a recovery process, however it's normally not used after the factory. This title is used at the factory for installing system titles, this title seems to be installed from a factory gamecard. This installer title likely deletes itself from NAND once it's finished installing titles.
On development Units, this is the Test Menu, and isn't deleted after being setup at factory.
Click to expand...
.[/quote]


So according to this if someone has a dev unit, they could dump the nand and using a gateway someone could download the menu to the nand or use it with emunand?
 
gudenaurock said:
Still think that the crypto needs to be completely reversed before a CFW will 'stick'. :-P
Click to expand...


You would have to find an exploit in the bootrom (if there is even any) to get your sig patches to stick. It doesn't really have to do anything with crypto at this point unless they failed on their signature implementation (which is unlikely).

Link999123 said:
So according to this if someone has a dev unit, they could dump the nand and using a gateway someone could download the menu to the nand or use it with emunand?
Click to expand...

Exactly.

Another interesting thought:

"This title could be used as a recovery process" and "this title seems to be installed from a factory gamecard"

I wounder if the card was dumped if it would be possible to use Sky3DS to run it, seeing as it looks like it's signed for retail units. If it could run, this would allow for installing retail signed CIAs (games,dlc,patches) and possibly even downgrading system titles. It of course would not allow unsigned code as FRIM would still be running in the background enforcing signature checks, but if you can downgrade system titles then you can downgrade to exploitable version and gain full controll.
 
  • Like
Reactions: Saxer
Relys said:
Once crypto is completely reversed (chip decapping to get keyX and keyscrambler algo) downgrading units might be possible. I think you'd still need a hardware exploit to dump the unique per console keys though... However, you would have to find an exploit in the bootrom (if there is even any) to get your sig patches to stick.
Click to expand...


True, now to dump the bootrom... :-P
 
  • Like
Reactions: daicon
So according to this if someone has a dev unit, they could dump the nand and using a gateway someone could download the menu to the nand or use it with emunand?[/quote]
gudenaurock said:
True, now to dump the bootrom... :-P
Click to expand...

Eh, you'd still have to dump unique keyX from the keyslot used to encrypt NAND and moveable.sed from the private filesystem which is used to initalize keyY on the NAND so forget about downgrading. Decapping would just allow doing all the decryption without using a 3DS as a slave.
 
Relys said:
Eh, you'd still have to dump unique keyX from the keyslot used to encrypt NAND and moveable.sed from the private filesystem which is used to initalize keyY on the NAND so forget about downgrading. Decapping would just allow doing all the decryption without using a 3DS as a slave.
Click to expand...

I do have a 4.X dump, I just want custom channels on the NAND for homebrew.
 
Relys said:
Once crypto is completely reversed (chip decapping to get keyX and keyscrambler algo) downgrading units would be possible. However, you would have to find an exploit in the bootrom (if there is even any) to get your sig patches to stick.



Exactly.

Another interesting thought:

"This title could be used as a recovery process" and "this title seems to be installed from a factory gamecard"

I wounder if the card was dumped if it would be possible to use Sky3DS to run it, seeing as it looks like it's signed for retail units. If it could run, this would allow for installing retail signed CIAs (games, dlc, patches) and possibly even downgrading system titles. It of course would not allow unsigned code as FRIM would still be running in the background enforcing signature checks.
Click to expand...
According to the page it is installed to the NAND so therefore, it would need to have privileges to access the NAND, assuming the privileges are that which a game has, then yes it should work, but this is only theoretically speaking.
 
gudenaurock said:
On the real NAND? I was not aware.
Click to expand...


You not be able to run homebrew without entering exploit to patch signature checks unless there is a bootrom exploit.

Theoretically you should be able to install properly signed retail titles though...
 
Relys said:
You not be able to run homebrew without entering exploit to patch signature checks unless there is a bootrom exploit.

Theoretically you should be able to install properly signed retail titles though...
Click to expand...

Oh, I thought I missed some big news. :-P I need to get my SD card adaptor made, I do not have the time though.
 
I guess the real question would be at what firmware does that card run at and if it can be used on any firmware. If it can then the simple answer would be that the only limitation would be the 3ds itself.
 
gudenaurock said:
It is 16 joints for how I will do it, not much at all.
Click to expand...
I'm a little squeamish with soldering systems especially after watching my ds light get mutilated... the L button got sticky so it was taken apart and... yeah... it was not so pretty...
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Hacking  Modding Reassurance