Homebrew How to find exploits in DsiWare?

J

jacob1223

Well-Known Member
OP
Member
Level 2
Joined
Apr 3, 2016
Messages
244
Trophies
0
Age
33
XP
205
Country
Chad
I only have 2 dsiware on my O3ds on 11.1. I want to know what people do to find exploits in these games so I could try to do it.
 
Jayro

Jayro

MediCat USB Dev
Developer
Level 26
Joined
Jul 23, 2012
Messages
12,999
Trophies
4
Location
WA State
Website
ko-fi.com
XP
17,077
Country
United States
I'm also wondering why nobody can find more save file overflows... Like, can't someone make a MaskHax using Majora's Mask 3D, similar to OoT3DHax? Or how about LeafHax using Animal Crossing? Surely there can be more cart-based games to exploit. And PowerSaves is only $15 if you know where to look, got mine from Amazon for $15 and $5 shipping.
 
  • Like
Reactions: LongDongSilver
LongDongSilver

LongDongSilver

Well-Known Member
Member
Level 4
Joined
Dec 1, 2016
Messages
220
Trophies
0
Age
33
Location
The Buvvins
XP
507
Country
United States
jacob1223 said:
I only have 2 dsiware on my O3ds on 11.1. I want to know what people do to find exploits in these games so I could try to do it.
Click to expand...
if you're asking forget about ever finding one yourself.If we knew what we could exploit in every game and what it looked like the 3ds would be hacked 15 minutes after every
new update
 
N

nl255

Well-Known Member
Member
Level 11
Joined
Apr 9, 2004
Messages
3,000
Trophies
2
XP
2,799
Country
jacob1223 said:
I just wanna know like what to look for when doing this.
Click to expand...

You have to look for places where user controlled data (such as the character's name in a saved game) is loaded into memory but the length of the data is not checked before putting it into a pointer. However doing so requires knowing assembly language programming so that you can go step by step through the game code in a debugger/emulator to find it.

So the first step is for you to learn ARM assembly which can take quite a while especially if you don't have any programming experience.
 
Last edited by nl255,
  • Like
Reactions: Zidapi and Lotoonlink
J

jacob1223

Well-Known Member
OP
Member
Level 2
Joined
Apr 3, 2016
Messages
244
Trophies
0
Age
33
XP
205
Country
Chad
nl255 said:
You have to look for places where user controlled data (such as the character's name in a saved game) is loaded into memory but the length of the data is not checked before putting it into a pointer. However doing so requires knowing assembly language programming so that you can go step by step through the game code in a debugger/emulator to find it.

So the first step is for you to learn ARM assembly which can take quite a while especially if you don't have any programming experience.
Click to expand...
thanks
 
Giodude

Giodude

GBAtemp's official rock
Member
Level 11
Joined
May 17, 2015
Messages
5,094
Trophies
1
Age
23
Location
New York
XP
2,761
Country
United States
Jayro said:
I'm also wondering why nobody can find more save file overflows... Like, can't someone make a MaskHax using Majora's Mask 3D, similar to OoT3DHax? Or how about LeafHax using Animal Crossing? Surely there can be more cart-based games to exploit. And PowerSaves is only $15 if you know where to look, got mine from Amazon for $15 and $5 shipping.
Click to expand...
Majoras mask was looked through, and no exploit could be found. Animal crossing I'm pretty sure is also stable as all hell.
 
Quantumcat

Quantumcat

Dead and alive
Member
Level 21
Joined
Nov 23, 2014
Messages
15,144
Trophies
0
Location
Canberra, Australia
Website
boot9strap.com
XP
11,094
Country
Australia
nl255 said:
So the first step is for you to learn ARM assembly which can take quite a while especially if you don't have any programming experience.
Click to expand...
Yeah this - start with an easy language like Java or Python to get used to how to think programmatically, then after a year or two learn something a bit harder and bare metal like C++, then take a computer science course and learn all about how memory is laid out, the instruction set, stack vs. heap, the whole architecture of the thing, then learn assembly, then study previous exploits to learn how they work, then debug games with current exploits and see if you can find the vulnerabilities yourself independently, then do the same with other games and be prepared to spend many months hunting red herrings before you find something new.
 
  • Like
Reactions: Zidapi
nooby89

nooby89

A normal member with a stupid alias
Member
Level 5
Joined
Aug 18, 2015
Messages
1,625
Trophies
0
XP
648
Country
Canada
The list of DSiWares game with exploit :
  • Legends Of Exidia (buy it right now if you want to downgrade)
  • Fieldrunners
  • Guitar Rock Tour
  • The Legend Of Zelda - Four Sword
  • Sudoku Arts
 
Logan Pockrus

Logan Pockrus

Knawledge is key.
Member
Level 7
Joined
Jan 1, 2016
Messages
1,338
Trophies
0
XP
1,062
Country
United States
Jayro said:
I'm also wondering why nobody can find more save file overflows... Like, can't someone make a MaskHax using Majora's Mask 3D, similar to OoT3DHax? Or how about LeafHax using Animal Crossing? Surely there can be more cart-based games to exploit. And PowerSaves is only $15 if you know where to look, got mine from Amazon for $15 and $5 shipping.
Click to expand...
Well, if the game in question has bounds checking for the length of the string you're examining, then you can't use it in a buffer over exploit. I'm no security expert, but I think it's a pretty safe assumption that most, but not all (looking at you LoZ: OOT), 3ds games (specifically ACNL) have bounds checking on something like the name of the profile. And by the way, "save file overflows" do exist...and they're everywhere (OOT3DHax, maybe stickerhax, (v*)hax, perhaps even more).
 
Jayro

Jayro

MediCat USB Dev
Developer
Level 26
Joined
Jul 23, 2012
Messages
12,999
Trophies
4
Location
WA State
Website
ko-fi.com
XP
17,077
Country
United States
Logan Pockrus said:
Well, if the game in question has bounds checking for the length of the string you're examining, then you can't use it in a buffer over exploit. I'm no security expert, but I think it's a pretty safe assumption that most, but not all (looking at you LoZ: OOT), 3ds games (specifically ACNL) have bounds checking on something like the name of the profile. And by the way, "save file overflows" do exist...and they're everywhere (OOT3DHax, maybe stickerhax, (v*)hax, perhaps even more).
Click to expand...
Well I have BaseHax and OoTHax, but they don't launch 100% of the time... I'd say roughly 65% to 75%. Sometimes it just hangs on the white screen, or it will error out of the game, rebooting the console.
 
Adryel

Adryel

Member
Newcomer
Level 1
Joined
Jul 20, 2016
Messages
22
Trophies
0
Age
25
XP
56
Country
nooby89 said:
The list of DSiWares game with exploit :
  • Legends Of Exidia (buy it right now if you want to downgrade)
  • Fieldrunners
  • Guitar Rock Tour
  • The Legend Of Zelda - Four Sword
  • Sudoku Arts
Click to expand...

It can be physical right? because if I remember correctly there's a store over here that still sells Guitar Rock Tour.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Hardware  Why does my 3DS take so long to turn off?

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: https://www.youtube.com/watch?v=MGhhGhvxbvI