Hacking Gateway 3DS - First 3DS Flashcart

[Rydian]

if someone makes a compiler for this, the 3DS will be openwide in no time and publicly.

The 3DS won't run unsigned code. Even if you compiled programs and put them on this, the 3DS would not run them.

 

[sightlight]

Im just saying. I would like to see it giving up an error.

 

[bene]

tj_cool really needs to get rid of the pointless sticky about it not being hackable now

 

[Metoroid0]

tj_cool really needs to get rid of the pointless sticky about it not being hackable now

Well it's not hackable yet...

 

[Rydian]

tj_cool really needs to get rid of the pointless sticky about it not being hackable now

But it's not. When a product is released and actually available 9and assuming it works), then it will be edited to note that ROMs can be played but not 3DS homebrew.

But this is not released and is not available, so there's no way to play ROMs yet. GBATemp does not edit official info based on rumors, it edits official info based on facts, which is why we're being sent a unit to review, to confirm what it actually is and does.

 

[bene]

Well it's not hackable yet...

He put "NOTHING PLAYS 3DS ROMS / 3DS STILL NOT HACKED" and a "/" means an alternative description so clearly he considers hackable being able to play 3DS ROMS. He can at least update the sticky to say that something is coming. Not everyone looks at the home page (forums bookmarked).

But it's not. When a product is released and actually available 9and assuming it works), then it will be edited to note that ROMs can be played but not 3DS homebrew.




But this is not released and is not available, so there's no way to play ROMs yet. GBATemp does not edit official info based on rumors, it edits official info based on facts, which is why we're being sent a unit to review, to confirm what it actually is and does.

So you're really skeptical enough to believe that the video they posted could be fake? Do you mark every single dollar bill you get to check to make sure it's not counterfeit? There's little reason to believe they would post some bull**** video.

 

[Metoroid0]

He put "NOTHING PLAYS 3DS ROMS / 3DS STILL NOT HACKED" and a "/" means an alternative description so clearly he considers hackable being able to play 3DS ROMS. He can at least update the sticky to say that something is coming. Not everyone looks at the home page (forums bookmarked).

Im just replying on what you said "tj_cool really needs to get rid of the pointless sticky about it not being hackable now"

Well i think the reason for not doing that is because they want to be 100% sure of things, that is until someone actually has it like Physically and test it, than done a review and all those stuff
...But hawing 3DS flash-cart doesn't mean 3DS is actualy hacked. (i think...)

 

[Rydian]

So you're really skeptical enough to believe that the video they posted could be fake? Do you mark every single dollar bill you get to check to make sure it's not counterfeit? There's little reason to believe they would post some bull**** video.

No. But "existing" != "obtainable".

For example there's been evidence of very basic 3DS-mode homebrew used to map out the internals, as evidenced by all the info here... http://www.3dbrew.org/wiki/Main_Page But the methods and data used to do this are not public.

 

[Snailface]

He put "NOTHING PLAYS 3DS ROMS / 3DS STILL NOT HACKED" and a "/" means an alternative description so clearly he considers hackable being able to play 3DS ROMS. He can at least update the sticky to say that something is coming. Not everyone looks at the home page (forums bookmarked).



So you're really skeptical enough to believe that the video they posted could be fake? Do you mark every single dollar bill you get to check to make sure it's not counterfeit? There's little reason to believe they would post some bull**** video.

You forget also that the Gateway team is going to be cannon fodder for an absolutely vicious legal assault by Nintendo. I think they'll still get cards out there, but its not a sure thing.

 

[ut2k4master]

No Region Free = me no buying and supportiing this. Still waiting for Region Free hack, but this is at least start.

told you so

 

[Naridar]

So you're really skeptical enough to believe that the video they posted could be fake? Do you mark every single dollar bill you get to check to make sure it's not counterfeit? There's little reason to believe they would post some bull**** video.

Does the name Crown3DS ring a bell? What I mean is we've been fooled before with a video, so the skepticism from most is understandable.

 

[Chocolina]

I'm faced with a problem here, with no support for import titles, then whats the point? I could just continue to buy my retail games.

But if I don't get one as soon as possible, who knows when this will be shutdown or something?

 

[SifJar]

if someone makes a compiler for this, the 3DS will be openwide in no time and publicly.

Repeating this isn't going to make it more likely to happen.

Im just saying. I would like to see it giving up an error.

Seeing an error will do what, exactly? Nothing. If you really want to see it, just stick an old DS flashcard or un-updated DSi flashcard into a 3DS. Same error will show as would with an unsigned ROM on this card.

EDIT: This is the error:

 

[Metoroid0]

I'm faced with a problem here, with no support for import titles, then whats the point? I could just continue to buy my retail games.

But if I don't get one as soon as possible, who knows when this will be shutdown or something?

 

[PsyBlade]

Edit: Also unsigned code is a joke, the key nintendo's using is 128bit RSA, you could factor that bad boy with <100$ of ec2 time if you knew the modulus they were using. You already have the public key(or will soon) add the modulus, and it can be factored in no time. Like the ps3, nintendo dun goofed. They chose a key that's _way_ too weak, and was only considered "good" 20 years ago.

I don't believe that for a second.
No one in their right mind would use a 128 bit RSA key.
That's like building a save out of paper towels, utterly ridiculous.

You wouldn't even need anything fancy like ec2.
Any dated PC can do it. My extra cheap android phone could probably do it.

Just cracked some of these to see how long it would take:
about 90ms

psyblade@exile:~/Downloads/msieve-1.51$ openssl genrsa -out private_key.pem 128
Generating RSA private key, 128 bit long modulus
.....+++++++++++++++++++++++++++
..+++++++++++++++++++++++++++
e is 65537 (0x10001)
psyblade@exile:~/Downloads/msieve-1.51$ openssl rsa -text -in private_key.pem
Private-Key: (128 bit)
modulus:
    00:c8:e5:53:b1:a1:8e:92:54:c9:ae:3e:34:8d:0d:
    2e:67
publicExponent: 65537 (0x10001)
privateExponent:
    5f:bb:58:5c:a7:3e:07:60:62:df:97:f2:4a:5b:de:
    21
prime1: 18045925538829197897 (0xfa7001aa89106249)
prime2: 14797596946545642287 (0xcd5ba00598420b2f)
exponent1: 5192364891369793929 (0x480efc5bbe4e6989)
exponent2: 1626365119031512907 (0x169202757af58f4b)
coefficient: 15246574586748322863 (0xd396b6ce8ca1c42f)
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MGICAQACEQDI5VOxoY6SVMmuPjSNDS5nAgMBAAECEF+7WFynPgdgYt+X8kpb3iEC
CQD6cAGqiRBiSQIJAM1boAWYQgsvAghIDvxbvk5piQIIFpICdXr1j0sCCQDTlrbO
jKHELw==
-----END RSA PRIVATE KEY-----
psyblade@exile:~/Downloads/msieve-1.51$ time ./msieve -vt4 0x00c8e553b1a18e9254c9ae3e348d0d2e67
 
 
Msieve v. 1.51 (SVN Unversioned directory)
Wed Jun  5 21:40:19 2013
random seeds: 98227976 5cf15695
factoring 267036332650968963298315293404894670439 (39 digits)
no P-1/P+1/ECM available, skipping
commencing quadratic sieve (39-digit input)
using multiplier of 31
using generic 64kb sieve core
sieve interval: 2 blocks of size 65536
processing polynomials in batches of 51
using a sieve bound of 7151 (450 primes)
using large prime bound of 286040 (18 bits)
polynomial 'A' values have 5 factors
restarting with 312 full and 2381 partial relations
 
699 relations (312 full + 387 combined from 2381 partial), need 546
sieving complete, commencing postprocessing
begin with 2693 relations
reduce to 1020 relations in 2 passes
attempting to read 1020 relations
recovered 1020 relations
recovered 128 polynomials
attempting to build 699 cycles
found 699 cycles in 1 passes
distribution of cycle lengths:
  length 1 : 312
  length 2 : 387
largest cycle: 2 relations
matrix is 450 x 699 (0.1 MB) with weight 13338 (19.08/col)
sparse part has weight 13338 (19.08/col)
filtering completed in 3 passes
matrix is 432 x 496 (0.0 MB) with weight 8381 (16.90/col)
sparse part has weight 8381 (16.90/col)
commencing Lanczos iteration
memory use: 0.1 MB
lanczos halted after 8 iterations (dim = 430)
recovered 64 nontrivial dependencies
prp20 factor: 14797596946545642287
prp20 factor: 18045925538829197897
elapsed time 00:00:00
 
real    0m0.087s
user    0m0.064s
sys    0m0.020s

 

[Metoroid0]

I don't believe that for a second.
No one in their right mind would use a 128 bit RSA key.
That's like building a save out of paper towels, utterly ridiculous.

You wouldn't even need anything fancy like ec2.
Any dated PC can do it. My extra cheap android phone could probably do it.

Just cracked some of these to see how long it would take:
about 90ms

psyblade@exile:~/Downloads/msieve-1.51$ openssl genrsa -out private_key.pem 128
Generating RSA private key, 128 bit long modulus
.....+++++++++++++++++++++++++++
..+++++++++++++++++++++++++++
e is 65537 (0x10001)
psyblade@exile:~/Downloads/msieve-1.51$ openssl rsa -text -in private_key.pem
Private-Key: (128 bit)
modulus:
    00:c8:e5:53:b1:a1:8e:92:54:c9:ae:3e:34:8d:0d:
    2e:67
publicExponent: 65537 (0x10001)
privateExponent:
    5f:bb:58:5c:a7:3e:07:60:62:df:97:f2:4a:5b:de:
    21
prime1: 18045925538829197897 (0xfa7001aa89106249)
prime2: 14797596946545642287 (0xcd5ba00598420b2f)
exponent1: 5192364891369793929 (0x480efc5bbe4e6989)
exponent2: 1626365119031512907 (0x169202757af58f4b)
coefficient: 15246574586748322863 (0xd396b6ce8ca1c42f)
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MGICAQACEQDI5VOxoY6SVMmuPjSNDS5nAgMBAAECEF+7WFynPgdgYt+X8kpb3iEC
CQD6cAGqiRBiSQIJAM1boAWYQgsvAghIDvxbvk5piQIIFpICdXr1j0sCCQDTlrbO
jKHELw==
-----END RSA PRIVATE KEY-----
psyblade@exile:~/Downloads/msieve-1.51$ time ./msieve -vt4 0x00c8e553b1a18e9254c9ae3e348d0d2e67
 
 
Msieve v. 1.51 (SVN Unversioned directory)
Wed Jun  5 21:40:19 2013
random seeds: 98227976 5cf15695
factoring 267036332650968963298315293404894670439 (39 digits)
no P-1/P+1/ECM available, skipping
commencing quadratic sieve (39-digit input)
using multiplier of 31
using generic 64kb sieve core
sieve interval: 2 blocks of size 65536
processing polynomials in batches of 51
using a sieve bound of 7151 (450 primes)
using large prime bound of 286040 (18 bits)
polynomial 'A' values have 5 factors
restarting with 312 full and 2381 partial relations
 
699 relations (312 full + 387 combined from 2381 partial), need 546
sieving complete, commencing postprocessing
begin with 2693 relations
reduce to 1020 relations in 2 passes
attempting to read 1020 relations
recovered 1020 relations
recovered 128 polynomials
attempting to build 699 cycles
found 699 cycles in 1 passes
distribution of cycle lengths:
  length 1 : 312
  length 2 : 387
largest cycle: 2 relations
matrix is 450 x 699 (0.1 MB) with weight 13338 (19.08/col)
sparse part has weight 13338 (19.08/col)
filtering completed in 3 passes
matrix is 432 x 496 (0.0 MB) with weight 8381 (16.90/col)
sparse part has weight 8381 (16.90/col)
commencing Lanczos iteration
memory use: 0.1 MB
lanczos halted after 8 iterations (dim = 430)
recovered 64 nontrivial dependencies
prp20 factor: 14797596946545642287
prp20 factor: 18045925538829197897
elapsed time 00:00:00
 
real    0m0.087s
user    0m0.064s
sys    0m0.020s

but, if it's that easy, why not crack 3DS? ..seriously

 

[masterz87]

I don't believe that for a second.
No one in their right mind would use a 128 bit RSA key.
That's like building a save out of paper towels, utterly ridiculous.

You wouldn't even need anything fancy like ec2.
Any dated PC can do it. My extra cheap android phone could probably do it.

Just cracked some of these to see how long it would take:
about 90ms
...snipped...

Shh... I want to run off 100$, and I'm going by the FAQ in this section abuot the 3ds. I haven't looked at the 3ds that much. And I was saing that because even if it's way more than that, with ec2 you can factor the key really quickly if it's anything <4096bits.

 

[PsyBlade]

but, if it's that easy, why not crack 3DS? ..seriously

sure
give me the RSA modulus or the full public key (which must be in the 3ds somewhere)
and if(!) its really 128 bit RSA I will hand you the private key (which only Ninty should have) shortly

 

[masterz87]

sure
give me the RSA modulus or the full public key (which must be in the 3ds somewhere)
and if(!) its really 128 bit RSA I will hand you the private key (which only Ninty should have) shortly

and there we go. It's likely in hardware stored on the 3ds. I don't know what length they're using but either way, 2048 can be fatored on ec2 in <12hrs for ~100$. Either way here's hoping that someone writes a bunch of emulators for the 3ds so I don't have such big buyers remorse since all of the games have been meh except kid iccarus. Super mario 3dland 2nd part is ungodly hard for no reason and the bosses cheat. Professor layton? Meh. Not much of anything on the horizon really(maybe 1-2 games maximum). I'm hoping to at least make it an emulation machine.

 

[Metoroid0]

sure
give me the RSA modulus or the full public key (which must be in the 3ds somewhere)
and if(!) its really 128 bit RSA I will hand you the private key (which only Ninty should have) shortly

I dont hawe one but will decapping help that somehow?
Cool, those are great news I remember when Rydian said it would take million years to crack the key.. but hearing this now sounds so cool