Hacking progress - Encryption?

Discussion in '3DS - Flashcards & Custom Firmwares' started by Neo Draven, Sep 14, 2011.

Sep 14, 2011
  1. Neo Draven
    OP

    Member Neo Draven End Boss of the Entire Internet

    Joined:
    May 3, 2010
    Messages:
    815
    Country:
    United States
    I am just wondering; the DS was cracked within months. The PSP was cracked within months. The Wii took awhile for an exploit to have been found, and the PS3 took FOREVER.

    Since there are devkits for the 3DS floating around, are we being stymied by not being able to crack the encryption of the 3DS? I have performed hundreds of hacks on the Wii, PSP, DS, GBA, 360, PS2 and PS3, using programs that were already discovered, so I do have SOME knowledge of how it works, and I have looked into buffer overflow exploits, save game exploits, etc.

    I'm just curious as to what exactly it is that is holding us back from getting homebrew to run on the 3DS as it is. Once we crack the encryption, then the door should be flung wide open, right?

    Finally, does anyone know of any teams that actually are working on the 3DS right now? I check GBATemp every morning in the hopes that some miraculous method has been found, but this is the only page I know of to get any kind of details from.

    Thanks!
     


  2. Cyan

    Global Moderator Cyan GBATemp's lurking knight

    Joined:
    Oct 27, 2002
    Messages:
    16,430
    Location:
    Engine room, learning
    Country:
    France
    Previous console generation didn't have encryption key. They were working on hardware/device detection (original CD, DVD, burned with specific errors or boot sector, etc.)

    DS has it, but the hack came from hardware bypass to redirect slot1 access to slot2 after the game identification. You needed an original DS game in slot1 to fake the DS and then redirect all read/write to Slot2.
    Current slot1 card are using the same method and that's why they are appearing as another game ID/Icon on the DSi/3DS menu. They are using an original/not blacklisted bootstrap. First it was game chips from original/retail cards included in the Slot1 hardware to not require an original game inserted in the passme device anymore. now recent card can have their bootstrap updated by the user.
    There were also custom firmware to redirect to slot2/run unsigned code from wifi-me.

    Wii is encrypted, and we still don't know the masterkey. the first hack was a modchip/hardware too. then came the truchabug discovery.

    SDK alone is not enough, the decryption key (Masterkey) is not in the SDK. they are unique to each consoles.
    The PS3 flaw was that they were using the same masterkey for all consoles, therefore the key could be calculated. But the PS3 3.60 SDK leak won't help decrypting games, the masterkey is not included in the SDK either.


    Now, developers won't make the same mistakes for newer consoles :
    PS3 had the same key for all console : make an unique for each 3DS.
    Wii had a memory compare bug : 3DS is more likely not reproducing that bug anymore.
    Wii software was hacked though savegame exploit: 3DS use a lot of CRC and encryption (though, only XOR'ed) for the save file.

    If the PS3 didn't use the same key for all the console, nobody could "defeat the encryption", like DS or Wii, nobody could, even if the consoles are wide open to homebrew we still don't know the keys!
     
  3. terawyvenx

    Newcomer terawyvenx Member

    Joined:
    Aug 12, 2011
    Messages:
    31
    Country:
    South Africa
    You know, I was just thinking what team_Legacy accomplished a few months back about the whole 3DS rom dumping, its awfully strange that we never heard from them again ever since. Wasnt it mentioned that they own hardware that would help them play those 3DS backup as well? Theyve been awfully quiet ever since

    And what about the guy that manage to run javascript through the 3DS internet browser?

    Why are these people holding back on us?

    are they afraid? or are just waiting for the right moment to strike!!?
     
  4. CollosalPokemon

    Member CollosalPokemon ばん。。。かい

    Joined:
    Oct 18, 2009
    Messages:
    681
    Country:
    United States
    What your saying is basically "if I had the keys to bank vaults I could rob a bank." we don't have them yet.

    If you're looking for save exploits though we are close to being able to modify those because Nintendo added a lot of encryption to those. What needs to be done is figuring out how to fully re-CRC the save files because they now have CRC checks, and then save exploits might become possible.

    But as long as you're on this topic now, ANY exploit right now would be virtually worthless. We don't know how to make CXI's or CIA's so even if an exploit was found absolutely nothing could be done yet except crash the 3DS.

    Check back next year and maybe you'll be lucky to see just a hello world, if even that, but more than likely not a rom loader.
     
  5. T.Kuranari

    Member T.Kuranari GBAtemp Regular

    Joined:
    Aug 30, 2011
    Messages:
    150
    Country:
    Japan
    It's actually quite simple why it takes so long with the 3DS. People simply can't work with the 3DS at this point of time because everything is encrypted and looks gibberish under IDA. First is to find out the common-key which is used to encrypt system data. With it hackers can decrypt the files, then view the code via IDA, reverse engineer and look for possible exploits. But a common-key alone is not a guarantee for an exploit, look at the DSi.

    In order to find the encryption key, I would bet that ramhax is the way to go, meaning real hardware hackers are necessary, not stupid random hacking theories from a scene site.

    Also I hate when people use the word "we", because there is no "we", there is only "they" and "they" have another ideals than the average pirate.
     
  6. Immortal_no1

    Member Immortal_no1 GBAtemp Regular

    Joined:
    Jul 17, 2003
    Messages:
    266
    Country:
    United Kingdom
    Yes they apparently dumped the encrypted roms, they can be found everywhere. Yes they put up a picture of the hardware they used, but we can't confirm that that's all they used. Yes they said they could play back the rom they dumped, but there's no proof of this.

    So i have to ask the question whether or not they actually did...
    it's not unknown for people in the business to get a hold of a rom and release it before the release date, is there potential that this is what Team Legacy did?

    I've been working on Analysing the hardware to see if i can replicate what they did but without more information, video, pictures it's difficult to see where to go and what to do.

    They said they were going to wait for someone else to figure it out too before releasing the info, but if you ask me it would be more worth while for them to sell their 'hack' to the supercard team or alike so they can get it working and get it out there.

    If i think about it and put myself in their shoes. My reason for not telling everyone would be to wait until lots of games have been released so that it wouldn't give nintendo enough time to counteract the dumping process in hardware. I would probably wait and see what happens after MGS 3DS gets released as that would be a good time as any to get the info out there.
     
  7. morphius

    Member morphius The King of the Cosmos

    Joined:
    Nov 21, 2008
    Messages:
    298
    Country:
    United States
    I posed this same Q back in July

    http://gbatemp.net/t301639-why-no-new-roms?&st=0
     
  8. BlueStar

    Member BlueStar GBAtemp Psycho!

    Joined:
    Jan 10, 2006
    Messages:
    4,094
    Location:
    UK
    Country:
    United Kingdom
    Or, more likely, it came to nothing and they hit a brick wall.
     
  9. synce

    Member synce だいこんちゃんのだいふぁん

    Joined:
    Nov 5, 2009
    Messages:
    487
    Country:
    United States
    Doesn't the 3DS use AES encryption? I don't think even the US government can crack that. Maybe Legacy was BSing because they knew the chances of someone finding an exploit are about the same as getting struck by lightning [​IMG]
     
  10. dickfour

    Banned dickfour Banned

    Joined:
    Jun 20, 2011
    Messages:
    581
    Country:
    United States
    I'm wondering if it's possible to make a cart that's exact in every respect to a 3ds game with the exception that it can be reflashed. it'd be just like a retail cart in all other respects. That's how things were done in the old days.
     
  11. Fyrus

    Member Fyrus Artilleur Carmin

    Joined:
    Jul 6, 2010
    Messages:
    766
    Location:
    Marseille - France
    Country:
    France
    I think you'd have your answer on why it wouldn't work a few post above, with a similar flag as mine.
     
  12. elisherer

    Member elisherer I ♥ 3DS

    Joined:
    Dec 16, 2009
    Messages:
    778
    Location:
    3dbrew.org
    Country:
    Israel
    It's been said that you could dump roms via some kind of an adapter like the NDS adapter plus.
    You need to saw off the extra piece of plastic the 3ds carts have.
    I've seen parts of dumped roms from other games (other then the 3 that was published).

    If you search 3dbrew.org youll see that there's still info that isn't disclosed and being held back from the public.

    Just be patient.
    (Or get a job at nintendo [​IMG] If you can't beat'em Join'em)
     
  13. Evo.lve

    Member Evo.lve All that you could be.

    Joined:
    Oct 11, 2010
    Messages:
    1,786
    Location:
    Away from you.
    Country:
    Australia
    Actually, a lot of people aren't hacking the 3DS or aren't supporting hacking it because it would simply just kill the system.

    The DS got hacked, 5500 of it's like, 5800 games are pieces of shovelware shit.

    Devs go "oh, it's hacked, we won't make any money, let's just put out some turd"
     
  14. Zaraf

    Member Zaraf GBAtemp Advanced Fan

    Joined:
    Sep 23, 2005
    Messages:
    699
    Location:
    Edmonton, Alberta
    Country:
    Canada
    Personally, I think that if anyone even found something right now, they would keep quiet about it or else the hole might get plugged. Until they find a way to make use of the exploit and prevent Nintendo from being able to fix it, they might not come out with it.
     
  15. Ron

    Member Ron somehow a weeb now.

    Joined:
    Dec 10, 2009
    Messages:
    2,837
    Location:
    here
    Country:
    Canada
    Again, the plain truth is, sooner or later, it'll have tons of shovelware, whether it's hacked or not.

    The reason there's so much shovelware on the DS is because 1st, the DS is relatively cheap and easy to code for, 2nd Nintendo has ZERO quality control now, so Developers will be able to make a few bucks easy. It's the same for the 3DS.

    The 3DS already has shovelware, look at the Ubisoft lineup, and "Pet Zombies"
     
  16. zanfire

    Member zanfire GBAtemp Regular

    Joined:
    May 14, 2011
    Messages:
    270
    Country:
    United States
    its the same old argument people use that has almost no real validity to it. Nintendo is more to blame for the shovelware than anything, they are now the system of the casuals and let any monkey put a game on their system. Again the PS3/360 are hacked...why not tons of shovelware there? because they dont allow as much crap to float by. Shovelware was there from day one and will continue, reguardless of it being hacked or not. You do realize the people who make shovelware want to make money too right?
     
  17. synce

    Member synce だいこんちゃんのだいふぁん

    Joined:
    Nov 5, 2009
    Messages:
    487
    Country:
    United States
    Do you kiddos even realize that shovelware has been around since forever? Maybe the amount of shitty DS games is proportional to the amount of shit-for-brains DS owners. It's like the best selling system ever, or some junk like that. A publisher sees a canvas that large and throws everything it because something's gotta stick.
     
  18. reaper527

    Member reaper527 GBAtemp Regular

    Joined:
    Aug 22, 2011
    Messages:
    103
    Country:
    United States
    if you don't want shovelware, don't buy a nintendo console. look at the ds, look at the wii. both of these are LOADED with shovelware. the psp/ps3/x360, not so much (and all hacked). you can even take a look at the 3ds's upcoming line up as of today

    http://ds.ign.com/index/upcoming.html?inde...s&locale=us

    hacked? no. shovelware incoming? yup.
     
  19. Critica1

    Member Critica1 GBAtemp Regular

    Joined:
    Oct 4, 2011
    Messages:
    185
    Location:
    CA
    Country:
    United States
    People use FPGA boards and try to communicate with some of the hardware in the system. I didn't go to research back as far as other systems, but for the DS it started out by using a FPGA board connected to something like a flash cart communicating with your DS (GBA bus) and between your computer (hopefully with USB as host). These are how exploited consoles work. Hardware plays a very important role in understanding enclosed environment systems.
     
  20. elisherer

    Member elisherer I ♥ 3DS

    Joined:
    Dec 16, 2009
    Messages:
    778
    Location:
    3dbrew.org
    Country:
    Israel
    Our best shot now is the save files (much like the wii did with the zelda twilight princess)
    The most progress we have is in the save business.

    We just need to figure out all of the CRC and hashes (which most already are)

    Then we need to change some saves.

    Find the game that wil read an altered save (with bad information or not legal)
    and make the game crash to a boot file.

    But we need a lot of people to test all of the games... (It might be even a losing battle)
     

Share This Page