Hacking progress - Encryption?

Discussion in '3DS - Flashcards & Custom Firmwares' started by Neo Draven, Sep 14, 2011.

  1. Neo Draven
    OP

    Neo Draven End Boss of the Entire Internet

    Member
    822
    492
    May 3, 2010
    United States
    I am just wondering; the DS was cracked within months. The PSP was cracked within months. The Wii took awhile for an exploit to have been found, and the PS3 took FOREVER.

    Since there are devkits for the 3DS floating around, are we being stymied by not being able to crack the encryption of the 3DS? I have performed hundreds of hacks on the Wii, PSP, DS, GBA, 360, PS2 and PS3, using programs that were already discovered, so I do have SOME knowledge of how it works, and I have looked into buffer overflow exploits, save game exploits, etc.

    I'm just curious as to what exactly it is that is holding us back from getting homebrew to run on the 3DS as it is. Once we crack the encryption, then the door should be flung wide open, right?

    Finally, does anyone know of any teams that actually are working on the 3DS right now? I check GBATemp every morning in the hopes that some miraculous method has been found, but this is the only page I know of to get any kind of details from.

    Thanks!
     


  2. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,045
    8,564
    Oct 27, 2002
    France
    Engine room, learning
    Previous console generation didn't have encryption key. They were working on hardware/device detection (original CD, DVD, burned with specific errors or boot sector, etc.)

    DS has it, but the hack came from hardware bypass to redirect slot1 access to slot2 after the game identification. You needed an original DS game in slot1 to fake the DS and then redirect all read/write to Slot2.
    Current slot1 card are using the same method and that's why they are appearing as another game ID/Icon on the DSi/3DS menu. They are using an original/not blacklisted bootstrap. First it was game chips from original/retail cards included in the Slot1 hardware to not require an original game inserted in the passme device anymore. now recent card can have their bootstrap updated by the user.
    There were also custom firmware to redirect to slot2/run unsigned code from wifi-me.

    Wii is encrypted, and we still don't know the masterkey. the first hack was a modchip/hardware too. then came the truchabug discovery.

    SDK alone is not enough, the decryption key (Masterkey) is not in the SDK. they are unique to each consoles.
    The PS3 flaw was that they were using the same masterkey for all consoles, therefore the key could be calculated. But the PS3 3.60 SDK leak won't help decrypting games, the masterkey is not included in the SDK either.


    Now, developers won't make the same mistakes for newer consoles :
    PS3 had the same key for all console : make an unique for each 3DS.
    Wii had a memory compare bug : 3DS is more likely not reproducing that bug anymore.
    Wii software was hacked though savegame exploit: 3DS use a lot of CRC and encryption (though, only XOR'ed) for the save file.

    If the PS3 didn't use the same key for all the console, nobody could "defeat the encryption", like DS or Wii, nobody could, even if the consoles are wide open to homebrew we still don't know the keys!
     
  3. terawyvenx

    terawyvenx Member

    Newcomer
    31
    5
    Aug 12, 2011
    You know, I was just thinking what team_Legacy accomplished a few months back about the whole 3DS rom dumping, its awfully strange that we never heard from them again ever since. Wasnt it mentioned that they own hardware that would help them play those 3DS backup as well? Theyve been awfully quiet ever since

    And what about the guy that manage to run javascript through the 3DS internet browser?

    Why are these people holding back on us?

    are they afraid? or are just waiting for the right moment to strike!!?
     
  4. CollosalPokemon

    CollosalPokemon ばん。。。かい

    Member
    682
    342
    Oct 18, 2009
    United States
    What your saying is basically "if I had the keys to bank vaults I could rob a bank." we don't have them yet.

    If you're looking for save exploits though we are close to being able to modify those because Nintendo added a lot of encryption to those. What needs to be done is figuring out how to fully re-CRC the save files because they now have CRC checks, and then save exploits might become possible.

    But as long as you're on this topic now, ANY exploit right now would be virtually worthless. We don't know how to make CXI's or CIA's so even if an exploit was found absolutely nothing could be done yet except crash the 3DS.

    Check back next year and maybe you'll be lucky to see just a hello world, if even that, but more than likely not a rom loader.
     
  5. T.Kuranari

    T.Kuranari GBAtemp Regular

    Member
    150
    2
    Aug 30, 2011
    It's actually quite simple why it takes so long with the 3DS. People simply can't work with the 3DS at this point of time because everything is encrypted and looks gibberish under IDA. First is to find out the common-key which is used to encrypt system data. With it hackers can decrypt the files, then view the code via IDA, reverse engineer and look for possible exploits. But a common-key alone is not a guarantee for an exploit, look at the DSi.

    In order to find the encryption key, I would bet that ramhax is the way to go, meaning real hardware hackers are necessary, not stupid random hacking theories from a scene site.

    Also I hate when people use the word "we", because there is no "we", there is only "they" and "they" have another ideals than the average pirate.
     
  6. Immortal_no1

    Immortal_no1 GBAtemp Regular

    Member
    266
    12
    Jul 17, 2003
    Yes they apparently dumped the encrypted roms, they can be found everywhere. Yes they put up a picture of the hardware they used, but we can't confirm that that's all they used. Yes they said they could play back the rom they dumped, but there's no proof of this.

    So i have to ask the question whether or not they actually did...
    it's not unknown for people in the business to get a hold of a rom and release it before the release date, is there potential that this is what Team Legacy did?

    I've been working on Analysing the hardware to see if i can replicate what they did but without more information, video, pictures it's difficult to see where to go and what to do.

    They said they were going to wait for someone else to figure it out too before releasing the info, but if you ask me it would be more worth while for them to sell their 'hack' to the supercard team or alike so they can get it working and get it out there.

    If i think about it and put myself in their shoes. My reason for not telling everyone would be to wait until lots of games have been released so that it wouldn't give nintendo enough time to counteract the dumping process in hardware. I would probably wait and see what happens after MGS 3DS gets released as that would be a good time as any to get the info out there.
     
  7. morphius

    morphius The King of the Cosmos

    Member
    298
    32
    Nov 21, 2008
    United States
    I posed this same Q back in July

    http://gbatemp.net/t301639-why-no-new-roms?&st=0
     
  8. BlueStar

    BlueStar GBAtemp Psycho!

    Member
    4,094
    427
    Jan 10, 2006
    UK
    Or, more likely, it came to nothing and they hit a brick wall.
     
  9. synce

    synce だいこんちゃんのだいふぁん

    Member
    500
    35
    Nov 5, 2009
    United States
    Doesn't the 3DS use AES encryption? I don't think even the US government can crack that. Maybe Legacy was BSing because they knew the chances of someone finding an exploit are about the same as getting struck by lightning [​IMG]
     
  10. dickfour

    dickfour Banned

    Banned
    581
    130
    Jun 20, 2011
    United States
    I'm wondering if it's possible to make a cart that's exact in every respect to a 3ds game with the exception that it can be reflashed. it'd be just like a retail cart in all other respects. That's how things were done in the old days.
     
  11. Fyrus

    Fyrus Artilleur Carmin

    Member
    798
    127
    Jul 6, 2010
    France
    Marseille - France
    I think you'd have your answer on why it wouldn't work a few post above, with a similar flag as mine.
     
  12. elisherer

    elisherer I ♥ 3DS

    Member
    778
    153
    Dec 16, 2009
    Iceland
    3dbrew.org
    It's been said that you could dump roms via some kind of an adapter like the NDS adapter plus.
    You need to saw off the extra piece of plastic the 3ds carts have.
    I've seen parts of dumped roms from other games (other then the 3 that was published).

    If you search 3dbrew.org youll see that there's still info that isn't disclosed and being held back from the public.

    Just be patient.
    (Or get a job at nintendo [​IMG] If you can't beat'em Join'em)
     
  13. Evo.lve

    Evo.lve All that you could be.

    Member
    1,786
    21
    Oct 11, 2010
    Away from you.
    Actually, a lot of people aren't hacking the 3DS or aren't supporting hacking it because it would simply just kill the system.

    The DS got hacked, 5500 of it's like, 5800 games are pieces of shovelware shit.

    Devs go "oh, it's hacked, we won't make any money, let's just put out some turd"
     
  14. Zaraf

    Zaraf GBAtemp Advanced Fan

    Member
    742
    15
    Sep 23, 2005
    Canada
    Edmonton, Alberta
    Personally, I think that if anyone even found something right now, they would keep quiet about it or else the hole might get plugged. Until they find a way to make use of the exploit and prevent Nintendo from being able to fix it, they might not come out with it.
     
  15. Ron

    Ron somehow a weeb now.

    Member
    2,840
    388
    Dec 10, 2009
    Canada
    here
    Again, the plain truth is, sooner or later, it'll have tons of shovelware, whether it's hacked or not.

    The reason there's so much shovelware on the DS is because 1st, the DS is relatively cheap and easy to code for, 2nd Nintendo has ZERO quality control now, so Developers will be able to make a few bucks easy. It's the same for the 3DS.

    The 3DS already has shovelware, look at the Ubisoft lineup, and "Pet Zombies"
     
  16. zanfire

    zanfire GBAtemp Regular

    Member
    276
    21
    May 14, 2011
    United States
    its the same old argument people use that has almost no real validity to it. Nintendo is more to blame for the shovelware than anything, they are now the system of the casuals and let any monkey put a game on their system. Again the PS3/360 are hacked...why not tons of shovelware there? because they dont allow as much crap to float by. Shovelware was there from day one and will continue, reguardless of it being hacked or not. You do realize the people who make shovelware want to make money too right?
     
  17. synce

    synce だいこんちゃんのだいふぁん

    Member
    500
    35
    Nov 5, 2009
    United States
    Do you kiddos even realize that shovelware has been around since forever? Maybe the amount of shitty DS games is proportional to the amount of shit-for-brains DS owners. It's like the best selling system ever, or some junk like that. A publisher sees a canvas that large and throws everything it because something's gotta stick.
     
  18. reaper527

    reaper527 GBAtemp Regular

    Member
    103
    25
    Aug 22, 2011
    United States
    if you don't want shovelware, don't buy a nintendo console. look at the ds, look at the wii. both of these are LOADED with shovelware. the psp/ps3/x360, not so much (and all hacked). you can even take a look at the 3ds's upcoming line up as of today

    http://ds.ign.com/index/upcoming.html?inde...s&locale=us

    hacked? no. shovelware incoming? yup.
     
  19. Critica1

    Critica1 GBAtemp Regular

    Member
    185
    33
    Oct 4, 2011
    United States
    CA
    People use FPGA boards and try to communicate with some of the hardware in the system. I didn't go to research back as far as other systems, but for the DS it started out by using a FPGA board connected to something like a flash cart communicating with your DS (GBA bus) and between your computer (hopefully with USB as host). These are how exploited consoles work. Hardware plays a very important role in understanding enclosed environment systems.
     
  20. elisherer

    elisherer I ♥ 3DS

    Member
    778
    153
    Dec 16, 2009
    Iceland
    3dbrew.org
    Our best shot now is the save files (much like the wii did with the zelda twilight princess)
    The most progress we have is in the save business.

    We just need to figure out all of the CRC and hashes (which most already are)

    Then we need to change some saves.

    Find the game that wil read an altered save (with bad information or not legal)
    and make the game crash to a boot file.

    But we need a lot of people to test all of the games... (It might be even a losing battle)