Homebrew Eol is lol: the 34c3 talk for 3ds that never was

zoogie

playing around in the end of life
OP
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,004
Country
Micronesia, Federated States of
Like some of you (I hope) I was a little bummed the 3ds didn't get a talk at last year's 34c3. It seems like the 3ds, and it's homebrew scene, are riding off into the sunset and we should just accept that and move on to the Switch.

I think the 3ds has a little bit of steam left though, so here I present my little thing I've been working on the last month to you all:
https://zoogie.github.io/web/34⅕c3/
Anyway, enjoy the presentation, and I'll be around to answer a few questions.
----------
Update:
POC of 34.2c3 released
https://github.com/zoogie/seedminer
(check readme.txt for instructions)

You need patience, remember that. My test run was 24.5 hours on a core i7 running 8 threads.
Your experience may be better or worse.

Variables include:
- how fast your PC is
- how old your 3ds is (newer is better) error correction data has a bias toward newer systems.
- luck

Notes:
-The release archive contains python exe's if you don't want to install Python2.7. Not recommended.
Just download the repository and run the scripts.
Q. Why the name?
A. I once searched "Fast Sha256 implementations" during a dev session and google vomited out a bunch of Bitcoin mining links, lol.
I figured what we're doing here really isn't that different, just that we're mining seeds instead of bitcoins, so the name seedminer was born.
I'm just happy it doesn't have "hax", "sploit", or "pwn" in it. :P
 
Last edited by zoogie,

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,142
Country
United States
Like some of you (I hope) I was a little bummed the 3ds didn't get a talk at last year's 34c3. It seems like the 3ds, and it's homebrew scene, are riding off into the sunset and we should just accept that and move on to the Switch.

I think the 3ds has a little bit of steam left though, so here I present my little thing I've been working on the last month to you all:
https://zoogie.github.io/web/34⅕c3/

My plan right now is just to absorb some feedback, and later, but not too long from now, talk about a POC release and such.
I'm sorry this wasn't released during 34c3, as was my original plan. There was a lot of work involved, and since I dev solo, it's really tough to meet deadlines.

Anyway, enjoy the presentation, and I'll be around to answer a few questions.
*sigh* This reminds me of the recent DSi crypto attack I developed (you can bruteforce decryption keys for any DSi NAND with just the first 512 bytes of it, essentially). Nintendo loves to take something high entropy and then just lower the entropy of it... ugh. Gg Ninty. Anyway, if you need any help feel free to ask :)
 

zoogie

playing around in the end of life
OP
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,004
Country
Micronesia, Federated States of
*sigh* This reminds me of the recent DSi crypto attack I developed (you can bruteforce decryption keys for any DSi NAND with just the first 512 bytes of it, essentially). Nintendo loves to take something high entropy and then just lower the entropy of it... ugh. Gg Ninty. Anyway, if you need any help feel free to ask :)
I plan to release my CPU brute-force implementation this afternoon after I get some sleep. I tried to get an openCL implementation going, but just couldn't. I know "jack shit" about gpu coding so I could use some help with that. I tried to contact Jimmy-Z of bfCL fame but he hasn't been online.
 
Last edited by zoogie,

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,142
Country
United States
I plan to release my CPU brute-force implementation this afternoon after I get some sleep. I tried to get an openCL implementation going, but just couldn't. I know "jack shit" about gpu coding so I could use some help with that. I tried to contact Jimmy-Z of bfCL fame but he hasn't been online.
mm, I don't know much about GPU programming either... I mean, just getting it set up is kind of a pain (I tried porting bfCL to linux, and quickly ran into lots of problems that I didn't feel like resolving :P )
 
  • Like
Reactions: zoogie

Billy Acuña

Well-Known Member
Member
Joined
Oct 10, 2015
Messages
3,126
Trophies
1
Age
31
XP
3,701
Country
Mexico
Nice find about the movable_sed.
But at this point where bootroms dump are a thing I don't see the 3ds worth of talks, man, even the wiiu which is (still?) pretty much a big ocean to explore deserves more talks than just "after all, is just the wiiu".
But that does not mean that we cannot develop homebrew and do some bonus findings on the old beloved handheld, so good job I guess :)
 

Giodude

GBAtemp's official rock
Member
Joined
May 17, 2015
Messages
5,094
Trophies
1
Age
23
Location
New York
XP
2,761
Country
United States
Wow, I wish that was presented. It was short, easy to grasp, and seems like it would be the logical next step for the community. Hope to see this attempted.
 
  • Like
Reactions: zoogie

zoogie

playing around in the end of life
OP
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,004
Country
Micronesia, Federated States of
Here it is, the POC of 34.2c3
https://github.com/zoogie/seedminer
(check readme.txt for instructions)

You need patience, remember that. My test run was 24.5 hours on a core i7 running 8 threads.
Your experience may be better or worse.

Variables include:
- how fast your PC is
- how old your 3ds is (newer is better) error correction data has a bias toward newer systems.
- luck

Notes:
-The release archive contains python exe's if you don't want to install Python2.7. Not recommended.
Just download the repository and run the scripts.
Q. Why the name?
A. I once searched "Fast Sha256 implementations" during a dev session and google vomited out a bunch of Bitcoin mining links, lol.
I figured what we're doing here really isn't that different, just that we're mining seeds instead of bitcoins, so the name seedminer was born.
I'm just happy it doesn't have "hax", "sploit", or "pwn" in it. :P
 
Last edited by zoogie,

Searinox

"Dances" with Dragons
Member
Joined
Dec 16, 2007
Messages
2,073
Trophies
1
Age
36
Location
Bucharest
XP
2,229
Country
Romania
I'm speechless. WHY do this? Did they want it to be deterministic based on LFCS and chip ID...? Even so they could've avoided all this by simply hashing the result once. How much more fail, Nintendo?
 
  • Like
Reactions: zoogie

dark_samus3

Well-Known Member
Member
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,142
Country
United States
btw, how can one contribute new stuff for the error correction? I'll just post my key Y for completeness-sake :P
56C7C00000000000511EC1217E8D2600

(o3ds system, obviously)

Also, dear lord Nintendo, as a person who loves crypto, this just makes me sad. Why are there so many 0s, why are parts of the key mathematically related to each other aaaaaa
 
Last edited by dark_samus3,
  • Like
Reactions: zoogie

dimmidice

Well-Known Member
Member
Joined
Sep 12, 2009
Messages
2,359
Trophies
2
XP
3,005
Country
Belgium
I got a 64GB sd card in my older 3DS and a 16GB in my new 3DS. I've been putting off moving everything over because it'd take hours. If i'm reading this right there's gonna be a way to change my new 3DS to accept the old Sd card? or did i misread that?
 

zoogie

playing around in the end of life
OP
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,004
Country
Micronesia, Federated States of
btw, how can one contribute new stuff for the error correction? I'll just post my key Y for completeness-sake :P
snip
You shouldn't post the whole thing :P
Thanks a bunch though, it will help. Anyone with a LFCS close to yours will have a nice, short bf session.

I'll upload the tool to dump the needed info (that's more privacy oriented than sharing the whole seed) in a bit.
These nodes really aren't needed if we can get an opencl implementation. That's why I plan on waiting a few days before I start
crowdsourcing msed data.
I got a 64GB sd card in my older 3DS and a 16GB in my new 3DS. I've been putting off moving everything over because it'd take hours. If i'm reading this right there's gonna be a way to change my new 3DS to accept the old Sd card? or did i misread that?
I think you misread that. Movable.sed deals with crypto, not tickets or anything like that.
 

dimmidice

Well-Known Member
Member
Joined
Sep 12, 2009
Messages
2,359
Trophies
2
XP
3,005
Country
Belgium
I think you misread that. Movable.sed deals with crypto, not tickets or anything like that.
Oh okay. I was confused by

"
  • Its purpose is to be make it possible to transfer the contents of one 3ds to another without having to redownload/re-encrypt the entire contents of the sd card - hence the "movable" part of its name"
That a bit.
 
  • Like
Reactions: zoogie

zoogie

playing around in the end of life
OP
Developer
Joined
Nov 30, 2014
Messages
8,560
Trophies
2
XP
15,004
Country
Micronesia, Federated States of
https://github.com/zoogie/seedminer_toolbox/tree/master/msed_data_dumper
There's the msed data dumper cia. I don't really need those right now, just give it a few days and hopefully a fast openCL version of stage3 will be out and we won't need them ever.

There's another thing there, "ctcertifier" that will become useful once some of you get your movable.sed.
TADpole needs a ctcert+privatekey to create importable modified dsiware. *Anyone* with cfw can dump this and *any* 3ds can use that one dump.
That ctcert is very console unique so I would caution against anyone sharing theirs unless you just don't give a F***. :P
Certainly don't upload it here.
 
Last edited by zoogie,
  • Like
Reactions: Quantumcat

JimmyZ

Sarcastic Troll
Member
Joined
Apr 2, 2009
Messages
681
Trophies
0
XP
762
Country
Zimbabwe
Too bad this still needs a user land entry point, which we don't have on latest firmware I believe?

Anyway I ported mbed TLS sha256 to OpenCL and it works, the rest should be done in about a couple of hours.

For the record, I don't know shit about GPU programming, I just ported plain C code and they ran pretty fine.
 
Last edited by JimmyZ,
  • Like
Reactions: zoogie

8BitWonder

Small Homebrew Dev
Member
Joined
Jan 23, 2016
Messages
2,489
Trophies
1
Location
47 4F 54 20 45 45 4D
XP
5,435
Country
United States
Too bad this still needs a user land entry point, which we don't have on latest firmware I believe?
This lists all primary and secondary sploits:
https://www.3dbrew.org/wiki/Homebrew_Exploits
Looks like four primaries work on 11.6 currently.

Also very nice presentation! I might take a look at dumping my own key for this in a bit.
If the exact ratio/formula from LFCS -> movable.sed were to be figured out, would that allow people to calculate the LFCS from movable.sed?
 
Last edited by 8BitWonder,
  • Like
Reactions: JimmyZ

JimmyZ

Sarcastic Troll
Member
Joined
Apr 2, 2009
Messages
681
Trophies
0
XP
762
Country
Zimbabwe
This lists all primary and secondary sploits:
https://www.3dbrew.org/wiki/Homebrew_Exploits
Looks like four primaries work on 11.6 currently.

Also very nice presentation! I might take a look at dumping my own key for this in a bit.
If the exact ratio/formula from LFCS -> movable.sed were to be figured out, would that allow people to calculate the LFCS from movable.sed?
Never knew they were constantly updated, thanks for the info.
 

Searinox

"Dances" with Dragons
Member
Joined
Dec 16, 2007
Messages
2,073
Trophies
1
Age
36
Location
Bucharest
XP
2,229
Country
Romania
I'm curious. Those who are banned cannot generate LFCSs out of nothing that work online. Now that we better understand how they are generated, would it be possible to generate entirely fresh ones that Nintendo can still find valid? That way we don't have to use LFCSs of unbanned consoles anymore. Maybe this is why they left it so low entropy in the first place, to make it possible for Nintendo to reverse it and verify it belongs to a genuine console?
 

JimmyZ

Sarcastic Troll
Member
Joined
Apr 2, 2009
Messages
681
Trophies
0
XP
762
Country
Zimbabwe
Code:
$ echo c27164f2e0994db82e3d14737dd5c901|xxd -r -p|openssl sha256
(stdin)= afcb0cc132bd2aeb8e0a6b6a841c51c01d9428a3e5b33079421ce9e2adc70158

$ bfcl msky c27164f2e0994db8000000007dd5c901 afcb0cc132bd2aeb8e0a6b6a841c51c0
selected device Tahiti on platform AMD Accelerated Parallel Processing
0.557 seconds for OpenCL compiling
local work size: 256
got a hit: c27164f2e0994db82e3d14737dd5c901
2.40 seconds, 803.74 M/s
I hope this is what you want, haven't read your code yet.

BTW that's not a real key, just a random to test it out.

update: code pushed to github and binary for testing in attachment. updated binary below.
 
Last edited by JimmyZ,
  • Like
Reactions: zoogie

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Veho @ Veho:
    Sus even
  • K3Nv2 @ K3Nv2:
    Shiddy
  • Veho @ Veho:
    Eminemio.
  • K3Nv2 @ K3Nv2:
    Fat diddy
  • K3Nv2 @ K3Nv2:
    I haven't heard anything that crazy off it yet tbh
  • Veho @ Veho:
    "There, I fixed it."
  • K3Nv2 @ K3Nv2:
    McDonald's has a new banana kit Kat mcflufry so tempting
  • Veho @ Veho:
    Mmm, banana.
  • K3Nv2 @ K3Nv2:
    Were sorry machine broke
  • Veho @ Veho:
    Then just give me the Kit Kat crumbs, I'll provide my own banana.
  • K3Nv2 @ K3Nv2:
    #2 right boss?
  • Veho @ Veho:
    Can't be arsed to listen right now, what's he rappin about?
  • K3Nv2 @ K3Nv2:
    Mostly pronouns, fatshaming, his daughters, Christopher reeves, caitlyn Jenner usual stuff
  • Veho @ Veho:
    Is he for or against those things?
  • K3Nv2 @ K3Nv2:
    He's drawing a line in the sand
  • Veho @ Veho:
    That makes it harder to snort.
  • Veho @ Veho:
    Can't he do a line on the table?
  • K3Nv2 @ K3Nv2:
    Are you against or for
  • Veho @ Veho:
    Coke? I'm all for it.
  • Veho @ Veho:
    Weird song. "Yeah use whatever pronoun you want but women are still bitches and whores. Also, midgets funny."
  • K3Nv2 @ K3Nv2:
    Psi will love that song
  • Veho @ Veho:
    Not gonna get psycho anal about his state of mind because I don't give a fuck.
  • Veho @ Veho:
    But like come up with some new material, you did this in the 90s.
    Veho @ Veho: But like come up with some new material, you did this in the 90s.