[Hacking] New to the Nintendo DS/3DS Hacking Scene!

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by [GBATemp]~IceStorm, Aug 5, 2015.

  1. [GBATemp]~IceStorm
    OP

    [GBATemp]~IceStorm Banned

    Banned
    71
    5
    Oct 29, 2013
    United States
    yo mama's house
    I am new to the Nintendo DS/3DS Hacking scene. I want to know more about the DS and 3DS consoles, their internal structure (both hardware and software). The main reason is I want to create exploits and homebrew applications. However, I am not a complete noob. I know about flashcarts and I have a thorough knowledge in C++ and I am beginning to learn devkitARM and libnds.

    Does anyone have any links where I can learn about the 3DS/DS, preferably a link for a beginner AND a more advanced link about both the hardware and software aspects of these two consoles for exploiting?

    (Please Note: I know pretty much nothing about the hardware or software of these consoles; I didn't even know how many cores the DS had [1] or what NAND was)
     
  2. [GBATemp]~IceStorm
    OP

    [GBATemp]~IceStorm Banned

    Banned
    71
    5
    Oct 29, 2013
    United States
    yo mama's house
    EDIT: Does this work on version 9.9?
     
  3. gunner007

    gunner007 GBAtemp Advanced Maniac

    Member
    1,506
    368
    Dec 31, 2013
    United States
    It's a hardware modification to the NAND. System Menu version is irrelevant. Well it's relevant in the fact that you can't do anything on 9.9.

    You should read up on ARM assembly and get to learn how it operates, registers, ROP, and have a general understanding of assembly code and other basic computer programming skills (heap, arrays, etc...)

    You're better off finding a 9.2 or less console, as your 9.9 is useless, even with the mod as you have no way of decrypting anything you dump.

    Check out 3DBrew as the 3DS has been pretty well documented over the years. I would wet your feet first in learning ARM (there's plenty of ARM manuals and books related to programming - ARM9/11) and understanding how the 3DS operates. You won't be exploiting or create homebrew for quite some time until you understand how ARM CPU's operate and the underlying code and restrictions placed by your environment.
     
  4. hundshamer

    hundshamer GBAtemp Advanced Maniac

    Blacklisted Trader
    1,810
    806
    May 22, 2009
    United States
    Yes, it will.
     
  5. [GBATemp]~IceStorm
    OP

    [GBATemp]~IceStorm Banned

    Banned
    71
    5
    Oct 29, 2013
    United States
    yo mama's house
    Thank you. What about the actual PCB itself? Any suggestions on learning how to work with the actual PCB itself. When I looked this up on Google, I was blasted with a plethora of vocabulary that I have never heard before (like "Ground" and "Data 0" ...what?) I'm not exactly an electrical engineer, so can anyone recommend anything to learn about PCBs and such?
     
  6. gunner007

    gunner007 GBAtemp Advanced Maniac

    Member
    1,506
    368
    Dec 31, 2013
    United States
    There's nothing you can really do with PCB inside the 3DS as most of the IC's inside the unit are SoC or other IC's which usually are well documented. You should probably get familiar with SOC's and IC's and how they work (would explain ground, DAT, CLK pins - usually being traces to the legs of an IC)
     
  7. [GBATemp]~IceStorm
    OP

    [GBATemp]~IceStorm Banned

    Banned
    71
    5
    Oct 29, 2013
    United States
    yo mama's house
    Thanks. I am mostly interested in learning about the PCB to learn about hardware mods for the 3DS.

    One more question: After I have learned more about the ARM assembly *language* , how do I apply this knowledge to the 3DS for exploiting? Is this information provided in devkitARM?

    Also: Do I need a hex editor?
     
  8. gunner007

    gunner007 GBAtemp Advanced Maniac

    Member
    1,506
    368
    Dec 31, 2013
    United States
    Well that's kind of my point. What mods are you really planning on doing? Again, learning the PCB is irrelevant (as many of the IC's and SOC's) are well documented out there on 3DBrew. And again, you'll be interfacing with encrypted data so it's not just something you "learn" as you need a way to interpret what you can interface with. We've come a long way from just dumping RAM and editing.

    You'll need a hex editor for basic programming and RE anyways.

    As to your 2nd question - you don't really apply it. The 3DS is well documented in it's commands and functions on 3DBrew, however if your plan is eventual exploitation and control of the console, you'll need to reverse engineer components you intend to exploit. RE is a different skill requiring extrapolation and knowledge of control and program flow (as stated earlier with things like heaps, arrays, return oriented programming, and memory addressing and limitations)

    My recommendation is to start with something simple before jumping into the 3DS.

    Devkit ARM is just a development platform for ARM based CPU's - ARM cpu's are in many products you find today as they're the most common SoC for lower power devices as well as larger platforms.
     
  9. [GBATemp]~IceStorm
    OP

    [GBATemp]~IceStorm Banned

    Banned
    71
    5
    Oct 29, 2013
    United States
    yo mama's house
    No, no.
    my question is does devkitARM allow me to write assembly code and run the code as an exploit on the 3DS? If so, how?

    PS: I apologize if my questions may be a bit frustrating to all the 3DS experts out there, I don't really understand how this works. All I do is programming and game development on PC with C++, I haven't done any real return oriented programming (ever)
     
  10. [GBATemp]~IceStorm
    OP

    [GBATemp]~IceStorm Banned

    Banned
    71
    5
    Oct 29, 2013
    United States
    yo mama's house
  11. gunner007

    gunner007 GBAtemp Advanced Maniac

    Member
    1,506
    368
    Dec 31, 2013
    United States
    DevKit is just a collection of pre-compiled libraries for whatever platform you intend to code on. (imagine in C++ when you have #include iostream.h)

    You can code in whatever language you wish. The NDS and such kits are mostly there to allow you to leverage existing code and compile projects into whatever you wish (whether that be .DAT, etc...)

    DevKit won't run anything. That's where Reverse engineering and ROPs come in. Modern systems come with a heavy layer of security preventing unsigned code from executing. The first step of exploiting a system is finding an entry point into the system, and then finding additional exploits to find additional privilege escalations until you're able to run your own code. Coding is the relatively easy part - defeating modern security mechanisms is not. Even Ninjihax (with no kernel access) was 4 separate exploits before being able to run unsigned code.

    That's why my recommendation would be to find a console with a lower firmware. At 9.9, there are no known ways to enable unsigned code to run - so you'd be facing an uphill battle on the programming front.

    As far as ROP, if you intend to exploit the system, it's a critical thing to understand how ROP works as it is the basis for almost all reverse engineering projects with the end result of unsigned code or changes as you need a way to branch from the standard path to your own code placed in memory.

    Edit: The first link is a good general idea of how ROP works and the many methods used in attempting to exploit a system. The 2nd link I'm not sure but it was like 25 pages and didn't include the rest. The SoC I wouldn't worry too much about. Check out 3DBrew for that one as it's well documented on there for all the pinouts, identification, and specs.
     
  12. [GBATemp]~IceStorm
    OP

    [GBATemp]~IceStorm Banned

    Banned
    71
    5
    Oct 29, 2013
    United States
    yo mama's house
    Thanks to everyone who helped me on this thread. I have found a lot of manuals on ARM assembly and am reading it.
    I mean once I have found said "entry point" into the system, how to I run the code in the 3DS itself? That is, if I am programming on my computer, how do I get the code onto the 3DS. Do I have to somehow move the code into a flashcart or something and execute it? If so, what file format is it?
     
  13. Melon__Bread

    Melon__Bread ~It's A Magik~

    Member
    710
    400
    Dec 9, 2013
    United States
    http://3dbrew.org

    This will teach you a lot about how the 3ds works and a little bit on how to set up a enviorment
     
  14. gunner007

    gunner007 GBAtemp Advanced Maniac

    Member
    1,506
    368
    Dec 31, 2013
    United States
    The standard around here seems to be .DAT files, can be loaded from the internal SD card. Ninjihax works off 3DSX
     
  15. [GBATemp]~IceStorm
    OP

    [GBATemp]~IceStorm Banned

    Banned
    71
    5
    Oct 29, 2013
    United States
    yo mama's house
    I see. So what tools (other than IDA Pro and a hexadecimal editor) should be used for hacking? Like the assembler for ARM asm/compiler for C++ code, or other tools.