Hacking Crediar just Released 3DSaveTool!

TankedThomas

TankedThomas

Well-Known Member
Member
Level 5
Joined
May 5, 2009
Messages
624
Trophies
1
Location
New Zealand
XP
560
Country
New Zealand
Yes, Streetpass data is saved on the SD card, but not all games use it. Theoretically then, games such as Lego Star Wars III and Super Street Fighter IV could also be used to exploit it. However, as far as I know, not all games will let you use an overflow.

For starters, you'll most likely need a text entry screen, and I know Lego Star Wars III doesn't have one of those (I'm not getting Super Street Fighter IV for another few days, so I'm not sure about it, but I don't think it has text entry either. Prove me wrong if you want). Again, I could be wrong about HAVING to have text entry to cause the overflow, but I'm sure it definitely helps (like in Twilight Princess, where it was triggered by the name entry for your horse).
 
hufacuse

hufacuse

Member
Newcomer
Level 1
Joined
Apr 9, 2010
Messages
21
Trophies
0
Location
New Zealand
XP
31
Country
New Zealand
idulkoan said:
lol alreadyy!!?? dangg i got my 3ds today, and dont see why ppl r complaining so much..
biggrin.gif
Click to expand...

Haha, in your sig about the consoles stolen, when someone broke into my place, they only took the computers. 3 DS Lites were lying on my table and a PS2, t.v etc and they weren't touched
tongue.gif
 
P

pachura

Well-Known Member
Member
Level 3
Joined
Dec 9, 2006
Messages
566
Trophies
0
XP
240
Country
Slowking said:
Crediar said it was because the saves contain a lot of zeros. I guess that's to be expected if you have a fixed save file size but games that don't have much save data. Nintendo should really have filled that up with garbage data, or you know, used something secure like AES. XD
Click to expand...

Ha. Ha. Ha.

This error is so common I really can't believe someone's committed it again.
0 XOR key = key, for fuck sake. Don't you have any quality assurance in your development process ? Outsourced to India to cut costs, I guess.
I remember once Microsoft was running some super-complicated key generation routine in one of their applications, but then they were simply using it to XOR a file full of zeroes... heh.
On the other hand, if the saveGame() method is handled by 3DS' operating system, they can just include better crypt in next update.

Has anyone tried to decrypt the file, change it a bit (increase stamina, whatever) and encrypt it again ? Is it signed or just XORed ?
 
Fear Zoa

Fear Zoa

Still Alive
Member
Level 4
Joined
Jun 18, 2009
Messages
1,437
Trophies
0
Age
30
Location
Maryland
XP
505
Country
United States
10 points if the first exploit is on OoT
5 points its on a lego game *looks at wii*

This might lead to an exploit.....or maybe not....maybe the os has a safety of sorts
 
TankedThomas

TankedThomas

Well-Known Member
Member
Level 5
Joined
May 5, 2009
Messages
624
Trophies
1
Location
New Zealand
XP
560
Country
New Zealand
Actually, 3dbrew.org (I knew it would be made, but I was trying 3dsbrew.org with no success. Dunno why they don't have the "s" in the domain name, but oh well) explained that the encryption key repeats after the first 512 bytes, and that most of those 512 bytes are empty spaces (zeros), so.... yeah, Nintendo failed at encryption..... I guess that's something for them to work on. I'm sure later games could use better encryption, although a firmware update for the 3DS would probably be needed to allow for such a thing, I would imagine.

Also, if an exploit comes out for the first Lego game for the 3DS, that'd be pure win, because that's currently the only game I have. They did it with the Wii, so maybe. I mean, Lego Star Wars III is full of bugs and glitches anyway. I definitely think an exploit for Super Street Fighter IV would best though, since that game is probably the one with the most owners right now.
 
N

nekoakuma

Well-Known Member
Newcomer
Level 2
Joined
Feb 20, 2010
Messages
96
Trophies
0
XP
183
Country
Just used the tool to decrypt my Ridge Racer (JPN) save, and changed my name in a hex editor. (Cos thats all I know how to do.)

Restoring it to my cart now. Will post back.


Hm... unless I did something wrong, nothing has changed.

My name still shows up as my original name, and not the edited one. (and yes, I restored the edited file.)
 
Nollog

Nollog

Well-Known Member
Member
Level 8
Joined
Oct 10, 2008
Messages
2,964
Trophies
0
XP
1,327
Country
Ireland
pachura said:
Slowking said:
Crediar said it was because the saves contain a lot of zeros. I guess that's to be expected if you have a fixed save file size but games that don't have much save data. Nintendo should really have filled that up with garbage data, or you know, used something secure like AES. XD
Click to expand...

Ha. Ha. Ha.

This error is so common I really can't believe someone's committed it again.
0 XOR key = key, for fuck sake. Don't you have any quality assurance in your development process ? Outsourced to India to cut costs, I guess.
I remember once Microsoft was running some super-complicated key generation routine in one of their applications, but then they were simply using it to XOR a file full of zeroes... heh.
On the other hand, if the saveGame() method is handled by 3DS' operating system, they can just include better crypt in next update.

Has anyone tried to decrypt the file, change it a bit (increase stamina, whatever) and encrypt it again ? Is it signed or just XORed ?
Click to expand...
An XOR works like this.
I'm not sure how you can say it's a programmer's fault...
 
Keva

Keva

Well-Known Member
Member
Level 3
Joined
Sep 28, 2004
Messages
306
Trophies
0
Age
37
Location
Wiltshire
Website
Visit site
XP
299
Country
wuebas said:
so now from this little exploit, it will be possible to insert code in the original firmware?
Click to expand...

AFAIK there isn't an exploit as such that can even be used yet. Yes we can now decrypt the save games but that's about it. This tool basically allows someone to have a look at the code being used and allows them to try and exploit it.
 
spiritofcat

spiritofcat

Well-Known Member
Member
Level 2
Joined
Dec 20, 2007
Messages
577
Trophies
0
XP
202
Country
Nollog said:
pachura said:
Slowking said:
Crediar said it was because the saves contain a lot of zeros. I guess that's to be expected if you have a fixed save file size but games that don't have much save data. Nintendo should really have filled that up with garbage data, or you know, used something secure like AES. XD
Click to expand...

Ha. Ha. Ha.

This error is so common I really can't believe someone's committed it again.
0 XOR key = key, for fuck sake. Don't you have any quality assurance in your development process ? Outsourced to India to cut costs, I guess.
I remember once Microsoft was running some super-complicated key generation routine in one of their applications, but then they were simply using it to XOR a file full of zeroes... heh.
On the other hand, if the saveGame() method is handled by 3DS' operating system, they can just include better crypt in next update.

Has anyone tried to decrypt the file, change it a bit (increase stamina, whatever) and encrypt it again ? Is it signed or just XORed ?
Click to expand...
An XOR works like this.
I'm not sure how you can say it's a programmer's fault...
Click to expand...
It's the programmer's fault for using such an easily detectable method.
 
N

notmeanymore

Well-Known Member
Member
Level 5
Joined
Nov 29, 2009
Messages
2,700
Trophies
1
XP
711
Country
United States
jan777 said:
TehSkull said:
I hope if a Buffer overflow is discovered, it's only announced and made public in May. Which would allow for 2 great possibilities:
1. Nintendo doesn't fix it in the May update because they simply didn't know in time.
2. Nintendo preempts us and fixes it before it's even announced(which would let people who are still pre-May update stay hackable, if willing to sacrifice eShop and the other features).

Well, they could fix it with a June update.

Unless the June update contains as much content as the May update, that isn't a concern.

modshroom128 said:
3DSaveTool released?

soon my pretties soon you will have something special


edit: start thanking Team Twiizers
I lol'd. Good one.

Also, with all this "Fuck you for asking about Ridge Racer" madness, I'd find it rather ironic if the first buffer overflow save exploit is found through Ridge Racer. XD

TCJJ said:
Yes, Streetpass data is saved on the SD card, but not all games use it. Theoretically then, games such as Lego Star Wars III and Super Street Fighter IV could also be used to exploit it. However, as far as I know, not all games will let you use an overflow.

For starters, you'll most likely need a text entry screen, and I know Lego Star Wars III doesn't have one of those (I'm not getting Super Street Fighter IV for another few days, so I'm not sure about it, but I don't think it has text entry either. Prove me wrong if you want). Again, I could be wrong about HAVING to have text entry to cause the overflow, but I'm sure it definitely helps (like in Twilight Princess, where it was triggered by the name entry for your horse).
Don't you get to pick a username for online play?

Nollog said:
QUOTE(pachura @ Apr 3 2011, 08:19 AM)
Click to expand...
QUOTE(Slowking @ Apr 2 2011, 05:34 PM)
Click to expand...
Crediar said it was because the saves contain a lot of zeros. I guess that's to be expected if you have a fixed save file size but games that don't have much save data. Nintendo should really have filled that up with garbage data, or you know, used something secure like AES. XD
Click to expand...

Ha. Ha. Ha.

This error is so common I really can't believe someone's committed it again.
0 XOR key = key, for fuck sake. Don't you have any quality assurance in your development process ? Outsourced to India to cut costs, I guess.
I remember once Microsoft was running some super-complicated key generation routine in one of their applications, but then they were simply using it to XOR a file full of zeroes... heh.
On the other hand, if the saveGame() method is handled by 3DS' operating system, they can just include better crypt in next update.

Has anyone tried to decrypt the file, change it a bit (increase stamina, whatever) and encrypt it again ? Is it signed or just XORed ?
Click to expand...
An XOR works like this.
I'm not sure how you can say it's a programmer's fault...
Click to expand...
He was getting at filling those zeroes with garbage data. (Or at least, that's my understanding...)
 
Cyan

Cyan

GBATemp's lurking knight
Former Staff
Level 25
Joined
Oct 27, 2002
Messages
23,749
Trophies
4
Age
45
Location
Engine room, learning
XP
15,649
Country
France
The May update may not patch this, as this is the game cartridge data format. We don't know yet if it's the console which Xor the data or the game script itself using a function from their dev kit.
Maybe they need to update their devkit to write the save file in another format on future games.
If the game data (rom) is also Xor'ed, then it's the firmware doing the job.

I imagine that with the May update, the saves exported on the SD card with the backup feature will be encrypted with the unique console key, like the actual extdata. This tools doesn't/won't work on encrypted files.
So if there's an exploit with a save game, users will need a way to read/write EEPROM on the cartridge itself.
 
P

pachura

Well-Known Member
Member
Level 3
Joined
Dec 9, 2006
Messages
566
Trophies
0
XP
240
Country
Relys said:
Ugh, it's getting kind of annoying to read these completely clueless messages about hacking over and over again. There's only like three people over the course of the last week that have posted on this forum that know what they're talking about. The rest are a bunch of pirates (you), who keep using big hacker words like buffer overflow without having the vaguest clue what it actually means.
Click to expand...

Exactly.

Could someone recommend another 3DS forum with more mature audience ?
 
M

mrbradeli

Member
Newcomer
Level 1
Joined
Jun 20, 2009
Messages
5
Trophies
0
XP
45
Country
United States
pachura said:
Relys said:
Ugh, it's getting kind of annoying to read these completely clueless messages about hacking over and over again. There's only like three people over the course of the last week that have posted on this forum that know what they're talking about. The rest are a bunch of pirates (you), who keep using big hacker words like buffer overflow without having the vaguest clue what it actually means.
Click to expand...

Exactly.

Could someone recommend another 3DS forum with more mature audience ?
Click to expand...
Some of us just want to write homebrew and experiment with the console.java script:bbc_pop()
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Translation Project  DQM2SP translation

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: Crowbar?