How to find exploits in DsiWare?

Discussion in '3DS - Homebrew Development and Emulators' started by jacob1223, Dec 3, 2016.

  1. jacob1223
    OP

    jacob1223 GBAtemp Regular

    Member
    244
    5
    Apr 3, 2016
    Chad
    I only have 2 dsiware on my O3ds on 11.1. I want to know what people do to find exploits in these games so I could try to do it.
     
  2. dubbz82

    dubbz82 GBAtemp Advanced Maniac

    Member
    1,512
    815
    Feb 2, 2014
    United States
    If you have to ask, you don't have the skill to do so.
     
    Zidapi, KunoichiZ, nooby89 and 2 others like this.
  3. Jayro

    Jayro MediCat USB and Mini Windows 10 Developer

    Member
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    5,116
    2,794
    Jul 23, 2012
    United States
    Octo Canyon
    I'm also wondering why nobody can find more save file overflows... Like, can't someone make a MaskHax using Majora's Mask 3D, similar to OoT3DHax? Or how about LeafHax using Animal Crossing? Surely there can be more cart-based games to exploit. And PowerSaves is only $15 if you know where to look, got mine from Amazon for $15 and $5 shipping.
     
    LongDongSilver likes this.
  4. jacob1223
    OP

    jacob1223 GBAtemp Regular

    Member
    244
    5
    Apr 3, 2016
    Chad
    I just wanna know like what to look for when doing this.
     
  5. xtheman

    xtheman GBAtemp Guru

    Member
    5,847
    5,279
    Jan 28, 2016
    United States
    You don't
     
  6. dubbz82

    dubbz82 GBAtemp Advanced Maniac

    Member
    1,512
    815
    Feb 2, 2014
    United States
     
  7. LongDongSilver

    LongDongSilver GBAtemp Regular

    Member
    179
    102
    Dec 1, 2016
    United States
    The Buvvins
    if you're asking forget about ever finding one yourself.If we knew what we could exploit in every game and what it looked like the 3ds would be hacked 15 minutes after every
    new update
     
  8. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ ☠️Grunt☠️

    Member
    20,199
    21,553
    Sep 13, 2009
    Antarctica
    Between insane and insecure
    First: Know what you are doing
    Second: If you have to ask, you don't know what you are doing
    Third: ????
    4: No profit because you have no idea what you are doing
     
    Zidapi likes this.
  9. darklordrs

    darklordrs GBAtemp Advanced Fan

    Member
    785
    210
    Aug 16, 2015
    United States
    first second third 4

    hnng inconsistency
     
  10. nl255

    nl255 GBAtemp Addict

    Member
    2,599
    367
    Apr 9, 2004
    You have to look for places where user controlled data (such as the character's name in a saved game) is loaded into memory but the length of the data is not checked before putting it into a pointer. However doing so requires knowing assembly language programming so that you can go step by step through the game code in a debugger/emulator to find it.

    So the first step is for you to learn ARM assembly which can take quite a while especially if you don't have any programming experience.
     
    Last edited by nl255, Dec 3, 2016
    Zidapi and Lotoonlink like this.
  11. jacob1223
    OP

    jacob1223 GBAtemp Regular

    Member
    244
    5
    Apr 3, 2016
    Chad
    thanks
     
  12. Giodude

    Giodude Ruler of Italy

    Member
    GBAtemp Patron
    Giodude is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    4,133
    1,241
    May 17, 2015
    United States
    New York
    Majoras mask was looked through, and no exploit could be found. Animal crossing I'm pretty sure is also stable as all hell.
     
  13. Quantumcat

    Quantumcat Dead and alive

    Member
    11,466
    6,155
    Nov 23, 2014
    Australia
    Canberra, Australia
    Yeah this - start with an easy language like Java or Python to get used to how to think programmatically, then after a year or two learn something a bit harder and bare metal like C++, then take a computer science course and learn all about how memory is laid out, the instruction set, stack vs. heap, the whole architecture of the thing, then learn assembly, then study previous exploits to learn how they work, then debug games with current exploits and see if you can find the vulnerabilities yourself independently, then do the same with other games and be prepared to spend many months hunting red herrings before you find something new.
     
    Zidapi likes this.
  14. nooby89

    nooby89 A normal member with a stupid alias

    Member
    1,615
    223
    Aug 18, 2015
    Canada
    The list of DSiWares game with exploit :
    • Legends Of Exidia (buy it right now if you want to downgrade)
    • Fieldrunners
    • Guitar Rock Tour
    • The Legend Of Zelda - Four Sword
    • Sudoku Arts
     
  15. Logan Pockrus

    Logan Pockrus Knawledge is key.

    Member
    1,339
    1,021
    Jan 1, 2016
    United States
    Well, if the game in question has bounds checking for the length of the string you're examining, then you can't use it in a buffer over exploit. I'm no security expert, but I think it's a pretty safe assumption that most, but not all (looking at you LoZ: OOT), 3ds games (specifically ACNL) have bounds checking on something like the name of the profile. And by the way, "save file overflows" do exist...and they're everywhere (OOT3DHax, maybe stickerhax, (v*)hax, perhaps even more).
     
  16. Jayro

    Jayro MediCat USB and Mini Windows 10 Developer

    Member
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    5,116
    2,794
    Jul 23, 2012
    United States
    Octo Canyon
    Well I have BaseHax and OoTHax, but they don't launch 100% of the time... I'd say roughly 65% to 75%. Sometimes it just hangs on the white screen, or it will error out of the game, rebooting the console.
     
  17. Adryel

    Adryel Member

    Newcomer
    22
    1
    Jul 20, 2016
    It can be physical right? because if I remember correctly there's a store over here that still sells Guitar Rock Tour.
     
  18. Quantumcat

    Quantumcat Dead and alive

    Member
    11,466
    6,155
    Nov 23, 2014
    Australia
    Canberra, Australia
    No, the whole point is it is intalled to your NAND and can access said NAND. Physical carts can't access the NAND.