Hacking For people scared of updating above 1.0

[BlueStar]

I've seen a bit of consensus on here about the idea that everyone should refrain from updating from the stock firmware (I don't know if it's actually called 1.0, I'm just using these numbers for the sake of argument) to increase the chance of being able to hack the system in future. Firstly, I've never known a hack to be released which requires an older version of firmware to the current one available at the time the hack was released, probably because companies rarely patch exploits that don't yet exist in the wild, and are notoriously bad at detecting their own vulnerabilities and addressing them before hackers do.

But consider this. You stay on 1.0, shunning added functionality, 3DSware etc, holding out for a hack. You log on to GBATemp after a few days away and glory! An exploit has been found! Someone's found a vulnerability in the 3DS movie player which can cause a buffer overrun and execute unsigned code! But wait... You don't have the movie player, that came with 1.1. Best update after all so I can run the hack. Wait, Nintendo quickly patched the exploit and when you update you end up on 1.2, where the exploit no longer works. Fuuuuuuuuuuuuu-

 

[bigpaws]

I agree.

what people want to watch for, however, is if there was a hack for their version before they update. Waiting a little bit after the update release is not a bad idea.
And another problem is that games could come with forced updates.
Does lil' Timmy wanna play Star Fox 3d?
UPDATE DAMN IT AND YOU CAN!!!!
MUAHAHAHAHAHAHA!

 

[Rydian]

Firstly, I've never known a hack to be released which requires an older version of firmware to the current one available at the time the hack was released

Pretty much the entire PSP hacking scene has a bone to pick with that... exploits are very rarely released for the current firmware (when one was for 6.35 people were amazed), if you go around to the various blogs and such you'll see every time a new hack is released people bitch that they're on a later firmware. In fact HBL itself was made so that people on a firmware later than has been fully hacked could at least run a subset of homebrew.

As for the firmware updates we'll have to see if you can run specific ones from an SD card (like how the PSP/PS3 lets you).

 

[bigpaws]

The psp was hacked at its first firmware before any updates, wasn't it?
later adopters had fw problems though.
but this is about the first hack.

and ninty knows what happened to psp. they are not going to make it possible to even run updates off of the card. ninty has to be careful. they have said that it was dangerous to add the new sd card features as it was. they believe they secured that. Making it possible to run the update from the cart could easily lead to cfw.

 

[spiritofcat]

But consider this. You stay on 1.0, shunning added functionality, 3DSware etc, holding out for a hack. You log on to GBATemp after a few days away and glory! An exploit has been found! Someone's found a vulnerability in the 3DS movie player which can cause a buffer overrun and execute unsigned code! But wait... You don't have the movie player, that came with 1.1. Best update after all so I can run the hack. Wait, Nintendo quickly patched the exploit and when you update you end up on 1.2, where the exploit no longer works. Fuuuuuuuuuuuuu-

If the updates aren't available to be downloaded on a PC and installed via SD card, then there's still the option of using updates included on game cartridges.

 

[xist]

The psp was hacked at its first firmware before any updates, wasn't it?
later adopters had fw problems though.
but this is about the first hack.

No. The first PSP firmware 1.00 didn't need hacking as it could run unsigned code. Sony realised this and corrected it. After that why do you think that the gold standard for PSP installation of CFW was DOWNGRADING to 1.50?

I'd really like a consensus from the cart teams because as it stands most people here have no clear idea about whether an update now is a bad thing.

 

[dgwillia]

Im personally gonna update whenever they have them. I still have my DS Lite, so its not like i lose all hackability.

 

[BlueStar]

If the updates aren't available to be downloaded on a PC and installed via SD card, then there's still the option of using updates included on game cartridges.

We've seen with the Wii the difficulty in finding a game with a specific firmware on it, particularly ones that had a short life span before the next update. There are many features like DSiWare, the movie channel, system transfer etc which aren't yet implimented and the more of these features you have available, the more potential exploits there are. Wasn't PSP 1.5 hacked when it was current?

 

[bigpaws]

im gunna update as well
i relize i regreted it with my psp as a hack came out the day after i upgraded
and i was not daring enough then(i sold it with some stuff for $200 a few years back)

 

[Ravenius]

Safest option: check the internet every day, when a hack is found and only works in the latest firmware (I kinda doubt this but yeah, it is possible), then update before Nintendo releases any new updates. I don't think they'd be able to release a new update within the first hours of the hack becoming available.

Besides, it's more possible that the new update fixes security holes instead of creating them. It was this way with the DSi as well: every firmware version UNDER 1.4 worked, but 1.4 blocked flashcarts.

 

[dgwillia]

If the updates aren't available to be downloaded on a PC and installed via SD card, then there's still the option of using updates included on game cartridges.

We've seen with the Wii the difficulty in finding a game with a specific firmware on it, particularly ones that had a short life span before the next update. There are many features like DSiWare, the movie channel, system transfer etc which aren't yet implimented and the more of these features you have available, the more potential exploits there are. Wasn't PSP 1.5 hacked when it was current?

Yeah, i remember all of those emulators flowing out when it was 1.5. Though like an idiot i updated to 2.0

 

[Donald Serrot]

Im personally gonna update whenever they have them. I still have my DS Lite, so its not like i lose all hackability.

Yup, this is me right here. I have both my Lite and my DSi (gotta move stuff from the i still and I need something to play my old GBA games) so no matter what I'll have two backups. Most likely I'll just leave the Acekard 2i in my DSi and not worry too much about it.

 

[doodads]

I plan to update all the time at least until the big May update. Maybe after then I'll be more weary.

 

[Habstinat]

But consider this. You stay on 1.0, shunning added functionality, 3DSware etc, holding out for a hack. You log on to GBATemp after a few days away and glory! An exploit has been found! Someone's found a vulnerability in the 3DS movie player which can cause a buffer overrun and execute unsigned code! But wait... You don't have the movie player, that came with 1.1. Best update after all so I can run the hack. Wait, Nintendo quickly patched the exploit and when you update you end up on 1.2, where the exploit no longer works. Fuuuuuuuuuuuuu-

That point is pretty moot, as (unless Nintendo is doing some wacky thing with blobs like iOS) you should always be able to upgrade to any firmware higher than yours, whether it be 1.1 or 1.1.1 or [insert number over 9000]. They're all signed, so all you would have to do is get it from someone else's (or your own) server versus Nintendo's.

 

[BlueStar]

But consider this. You stay on 1.0, shunning added functionality, 3DSware etc, holding out for a hack. You log on to GBATemp after a few days away and glory! An exploit has been found! Someone's found a vulnerability in the 3DS movie player which can cause a buffer overrun and execute unsigned code! But wait... You don't have the movie player, that came with 1.1. Best update after all so I can run the hack. Wait, Nintendo quickly patched the exploit and when you update you end up on 1.2, where the exploit no longer works. Fuuuuuuuuuuuuu-

That point is pretty moot, as (unless Nintendo is doing some wacky thing with blobs like iOS) you should always be able to upgrade to any firmware higher than yours, whether it be 1.1 or 1.1.1 or [insert number over 9000]. They're all signed, so all you would have to do is get it from someone else's (or your own) server versus Nintendo's.

And what methods would you plan on using to extract the firmware to put on the server and spoof the 3DS into downloading it?

 

[Habstinat]

But consider this. You stay on 1.0, shunning added functionality, 3DSware etc, holding out for a hack. You log on to GBATemp after a few days away and glory! An exploit has been found! Someone's found a vulnerability in the 3DS movie player which can cause a buffer overrun and execute unsigned code! But wait... You don't have the movie player, that came with 1.1. Best update after all so I can run the hack. Wait, Nintendo quickly patched the exploit and when you update you end up on 1.2, where the exploit no longer works. Fuuuuuuuuuuuuu-

That point is pretty moot, as (unless Nintendo is doing some wacky thing with blobs like iOS) you should always be able to upgrade to any firmware higher than yours, whether it be 1.1 or 1.1.1 or [insert number over 9000]. They're all signed, so all you would have to do is get it from someone else's (or your own) server versus Nintendo's.

And what methods would you plan on using to extract the firmware to put on the server and spoof the 3DS into downloading it?

Anything that can be downloaded onto a 3DS can be downloaded onto a computer (someone already analysed the update process), so then it's simply a matter of reuploading an old update and having your router serve that update when the 3DS asks for it instead of the most current one. It would be signed and higher than the current version, so the 3DS would have no problems with it.

 

[CCNaru]

I have a dial-up so I can't really update atm even if i wanted to :

 

[xakota]

Looking at the PSP Scene...I now feel like a fucking moron for upgrading just for that fucking 3D video. Then again I kind of doubt it fixed any security holes given none have been found yet.

And honestly I bet (/hope) hackers will wait until the big May update to release anything.

 

[bigpaws]

the update was for fixing the bsod and stuff

and has anyone noticed that the real world seems different after 3d or is it just me?

 

[pachura]

Well, I wanted to post exactly the same topic

Anti-piracy measures are always reactive, not proactive.
A hacker finds an exploit ---> releases it to the public ---> Sony/Nintendo acknowledges it ---> Sony/Nintendo issues firmware update blocking the exploit

So there's no need to be scared shitless. The guy to hack 3DS probably hasn't even put his hands on one due to all these shortages...