idulkoan said:lol alreadyy!!?? dangg i got my 3ds today, and dont see why ppl r complaining so much..
Slowking said:Crediar said it was because the saves contain a lot of zeros. I guess that's to be expected if you have a fixed save file size but games that don't have much save data. Nintendo should really have filled that up with garbage data, or you know, used something secure like AES. XD
An XOR works like this.pachura said:Slowking said:Crediar said it was because the saves contain a lot of zeros. I guess that's to be expected if you have a fixed save file size but games that don't have much save data. Nintendo should really have filled that up with garbage data, or you know, used something secure like AES. XD
Ha. Ha. Ha.
This error is so common I really can't believe someone's committed it again.
0 XOR key = key, for fuck sake. Don't you have any quality assurance in your development process ? Outsourced to India to cut costs, I guess.
I remember once Microsoft was running some super-complicated key generation routine in one of their applications, but then they were simply using it to XOR a file full of zeroes... heh.
On the other hand, if the saveGame() method is handled by 3DS' operating system, they can just include better crypt in next update.
Has anyone tried to decrypt the file, change it a bit (increase stamina, whatever) and encrypt it again ? Is it signed or just XORed ?
QUOTE said:Released 3DSaveTool v0.2 -> http://3dbrew.org/wiki/3DSaveTool vor ungefähr 3 Stunden via web
wuebas said:so now from this little exploit, it will be possible to insert code in the original firmware?
It's the programmer's fault for using such an easily detectable method.Nollog said:An XOR works like this.pachura said:Slowking said:Crediar said it was because the saves contain a lot of zeros. I guess that's to be expected if you have a fixed save file size but games that don't have much save data. Nintendo should really have filled that up with garbage data, or you know, used something secure like AES. XD
Ha. Ha. Ha.
This error is so common I really can't believe someone's committed it again.
0 XOR key = key, for fuck sake. Don't you have any quality assurance in your development process ? Outsourced to India to cut costs, I guess.
I remember once Microsoft was running some super-complicated key generation routine in one of their applications, but then they were simply using it to XOR a file full of zeroes... heh.
On the other hand, if the saveGame() method is handled by 3DS' operating system, they can just include better crypt in next update.
Has anyone tried to decrypt the file, change it a bit (increase stamina, whatever) and encrypt it again ? Is it signed or just XORed ?
I'm not sure how you can say it's a programmer's fault...
He was getting at filling those zeroes with garbage data. (Or at least, that's my understanding...)jan777 said:An XOR works like this.TehSkull said:I hope if a Buffer overflow is discovered, it's only announced and made public in May. Which would allow for 2 great possibilities:
1. Nintendo doesn't fix it in the May update because they simply didn't know in time.
2. Nintendo preempts us and fixes it before it's even announced(which would let people who are still pre-May update stay hackable, if willing to sacrifice eShop and the other features).
Well, they could fix it with a June update.
Unless the June update contains as much content as the May update, that isn't a concern.
modshroom128 said:3DSaveTool released?
soon my pretties soon you will have something special
edit: start thanking Team Twiizers
I lol'd. Good one.
Also, with all this "Fuck you for asking about Ridge Racer" madness, I'd find it rather ironic if the first buffer overflow save exploit is found through Ridge Racer. XD
Crediar said it was because the saves contain a lot of zeros. I guess that's to be expected if you have a fixed save file size but games that don't have much save data. Nintendo should really have filled that up with garbage data, or you know, used something secure like AES. XDTCJJ said:Yes, Streetpass data is saved on the SD card, but not all games use it. Theoretically then, games such as Lego Star Wars III and Super Street Fighter IV could also be used to exploit it. However, as far as I know, not all games will let you use an overflow.
For starters, you'll most likely need a text entry screen, and I know Lego Star Wars III doesn't have one of those (I'm not getting Super Street Fighter IV for another few days, so I'm not sure about it, but I don't think it has text entry either. Prove me wrong if you want). Again, I could be wrong about HAVING to have text entry to cause the overflow, but I'm sure it definitely helps (like in Twilight Princess, where it was triggered by the name entry for your horse).
Don't you get to pick a username for online play?
QUOTE(Slowking @ Apr 2 2011, 05:34 PM)Nollog said:QUOTE(pachura @ Apr 3 2011, 08:19 AM)
Ha. Ha. Ha.
This error is so common I really can't believe someone's committed it again.
0 XOR key = key, for fuck sake. Don't you have any quality assurance in your development process ? Outsourced to India to cut costs, I guess.
I remember once Microsoft was running some super-complicated key generation routine in one of their applications, but then they were simply using it to XOR a file full of zeroes... heh.
On the other hand, if the saveGame() method is handled by 3DS' operating system, they can just include better crypt in next update.
Has anyone tried to decrypt the file, change it a bit (increase stamina, whatever) and encrypt it again ? Is it signed or just XORed ?
I'm not sure how you can say it's a programmer's fault...
Relys said:Ugh, it's getting kind of annoying to read these completely clueless messages about hacking over and over again. There's only like three people over the course of the last week that have posted on this forum that know what they're talking about. The rest are a bunch of pirates (you), who keep using big hacker words like buffer overflow without having the vaguest clue what it actually means.
Some of us just want to write homebrew and experiment with the console.java script:bbc_pop()pachura said:Relys said:Ugh, it's getting kind of annoying to read these completely clueless messages about hacking over and over again. There's only like three people over the course of the last week that have posted on this forum that know what they're talking about. The rest are a bunch of pirates (you), who keep using big hacker words like buffer overflow without having the vaguest clue what it actually means.
Exactly.
Could someone recommend another 3DS forum with more mature audience ?