[IDEA] Exploit? probably Not though

Discussion in '3DS - Homebrew Development and Emulators' started by DeoNaught, Aug 22, 2016.

  1. DeoNaught
    OP

    DeoNaught ¯\_(ツ)_/¯

    Member
    1,470
    1,300
    Aug 22, 2016
    United States
    Over there ;)
    So what if we could send custom code through the 3ds download play application. so we would have to 3dses one hacked other one would be fresh so like we would send custom code from the hacked ds to the unhacked ds, and then from there it would set off a few things and then (I say that alot) it would launch Boot.3dsx. JUST AN IDEA
     


  2. Scarlet

    Scarlet Phone Charm

    Member
    GBAtemp Patron
    Scarlet is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    1,787
    1,861
    Jan 7, 2015
    United Kingdom
    Middleish North-Right
    Faaaaaaairly sure Download Play still checks for signed content. Otherwise, it'd almost be too easy.
     
    Alex1234, Darkyose and Koko-Kun like this.
  3. Zero72463

    Zero72463 GBAtemp Maniac

    Member
    1,255
    602
    Jun 27, 2016
    United States
    Doesn't work like that. Thinking isn't enough. You have absolutely no idea how download play works do you? If you don't understand the full console don't make speculations. This is NOT an exploit.
     
    TheCyberQuake likes this.
  4. deishido

    deishido Texture Modder

    Member
    239
    114
    Jul 8, 2009
    United States
    Indiana
    While its a sound idea, it has been tried and tested plenty of times. Unfortunately there's just not a vulnerability there. If you're ever curious about other attempted exploits, you can skim the first few pages of the homebrew and hacking forum.

    Currently, there are nearly a dozen exploits. One of which comes standard (free) on all systems and is a primary exploit, the rest are supplementary and are still rather easy to do. And with almost all 3ds fw systems exploitable by some method, or downloadable to an exploitable fw, I don't believe there is a need for more research into a new exploit when devs could be focusing on their software at this point.

    The homebrew scene isn't exactly going as strongly as the old nds scene did, I think we still have plenty more to do on that front.
     
  5. DeoNaught
    OP

    DeoNaught ¯\_(ツ)_/¯

    Member
    1,470
    1,300
    Aug 22, 2016
    United States
    Over there ;)
    OK but I was thinking, like possibly we could modify a game with multiplayer and inject custom code into the Data it sends to the other system
     
  6. TheKawaiiDesu

    TheKawaiiDesu Ball of Kawaiiness

    Member
    1,429
    1,497
    Aug 23, 2015
    Korea, North
    Lowee
    The 3DS only runs signed code. Editing a game would require to have signature patch, since modifying it would break the signature. And, well, if you have sig patch, the whole thing becomes kinda useless.
    And admitting we can inject our own code, that still doesn't mean there's a vulnerability in the Download Play app / the way Download Play works.
     
    Last edited by TheKawaiiDesu, Aug 22, 2016
    Darkyose, NekoMichi and Koko-Kun like this.
  7. ADS3500

    ADS3500 GBAtemp Fan

    Member
    329
    99
    Jul 27, 2016
    Canada
    Even if this were possible, it would just be another hbl entry point, and there's already enough of those.
     
  8. Thirty3Three

    Thirty3Three Musician Member

    Member
    3,302
    1,749
    Mar 22, 2013
    United States
    Wherever you want me, baby.
    just in case, guys. I want to say this, before (if) anyone starts bashing OP.

    Don't be a dick simply because you have more knowledge of a certain subject. OP is just speculating and trying to push some ideas. He's trying to help the scene.

    [​IMG] Theeeeeeenks!!
     
    Swiftloke, XRaTiX, Buttsnake and 4 others like this.
  9. Joom

    Joom  ❤❤❤

    Member
    3,902
    2,623
    Jan 8, 2016
    United States
    This has already been thought of. It's not possible.
     
  10. gamesquest1

    gamesquest1 Nabnut

    Member
    14,119
    9,455
    Sep 23, 2013
    its not that its simply "not possible" given the right circumstances it may be possible, iirc it was either MK7 or nes VC games allowed a user to modify the game and have those changes show up on the download play client side even if the system was unhacked, so if there was a game that could be exploited via such a route it may be possible, that said the way most DLP games work the host would probably end up loading the file that would trigger the crash/exploit before the client gets a look in.....idk its not as clear cut as people would thing,

    that said, i think we have more than enough entrypoints atm, and the window of exploitation here is pretty slim, and i would imagine the main dev's have already explored all the obvious targets
     
    Last edited by gamesquest1, Aug 22, 2016
    TotalInsanity4 and Darkyose like this.
  11. Swiftloke

    Swiftloke Hwaaaa!

    Member
    1,770
    1,516
    Jan 26, 2015
    United States
    Nowhere
    @gamesquest1 is correct. Though I have no idea how, loading custom mk7 tracks and custom NES VC has been done.
    However, if a true blue homebrew exploit were possible, I think it would be been done already. ;)
     
  12. Joom

    Joom  ❤❤❤

    Member
    3,902
    2,623
    Jan 8, 2016
    United States
    Yeah, except those things pass signature checks. There was a thread a couple months ago about sending unsigned CIAs through Download Play by injecting them into MK7 and it was deemed impossible.
     
  13. DutchyDutch

    DutchyDutch COPYRIGHT LOLOLOLOL

    Member
    872
    431
    Nov 16, 2014
    Netherlands
    The fact that this thread actually exists in 2016 is crazy. You don't know how many people have thought of this "genius idea" before. It's not possible. If you had googled this, you would've found hundreds of other masterminds thinking of this concept. There's no vulnerability in Download Play, at least nothing that's useful to us.

    Edit: Sorry if I sound rude but come on. Search the forums.
     
    Last edited by DutchyDutch, Aug 22, 2016
  14. gamesquest1

    gamesquest1 Nabnut

    Member
    14,119
    9,455
    Sep 23, 2013
    no, but im talking about a malformed track/player model or something that could be used to trigger a exploitable crash (im not saying it exists or is possible, im just point out how being able to send modified content over could lead to a new exploit route) , not modifying the DLP package but triggering a exploit in how the games assets are parsed

    (again just playing devils advocate here, im sure its already been looked into by actual dev's, but we cant just make a blanket statement that DLP is totally secure)
     
    Last edited by gamesquest1, Aug 22, 2016
    TotalInsanity4 likes this.
  15. Joom

    Joom  ❤❤❤

    Member
    3,902
    2,623
    Jan 8, 2016
    United States
    Well, nothing is totally secure. It took nedwill quite a long time to find an exploit in the Music app even months after it was suggested. It just takes time and dedication. I even watched him stream an hour or so long debugging sessions trying to find anything, and it still took a month or so for him to find something useful. Throwing around ideas like this is fun and all, but it takes someone with the knowhow and aspiration to actually find an exploitable vector.
     
  16. DeoNaught
    OP

    DeoNaught ¯\_(ツ)_/¯

    Member
    1,470
    1,300
    Aug 22, 2016
    United States
    Over there ;)
    since the host console is hacked cant we disable sig check, or are you saying the target system will check sig.
     
  17. gamesquest1

    gamesquest1 Nabnut

    Member
    14,119
    9,455
    Sep 23, 2013
    yeah i know, threads like this dont really contribute anything really, im sure those who would be able to actually make such an exploit would already have good enough knowlage of the system to be aware of what possible routes they have to explore
    basically it will not work how you are thinking, the actual executable that is sent to the other 3DS MUST be signed, the only "in" is via the rom assets that are sent being able to trigger a exploit in the signed and unmodified executable, its not just as simple as making a devmenu cia file and sending it over or something as silly as that
     
    Last edited by gamesquest1, Aug 22, 2016
  18. Dracari

    Dracari GBAtemp Maniac

    Member
    1,404
    386
    Apr 5, 2009
    United States
    Target will indeed Sig check.
     
  19. DeoNaught
    OP

    DeoNaught ¯\_(ツ)_/¯

    Member
    1,470
    1,300
    Aug 22, 2016
    United States
    Over there ;)
    Sigh... Okay but what is necessary for a possible exploit?
     
  20. Dracari

    Dracari GBAtemp Maniac

    Member
    1,404
    386
    Apr 5, 2009
    United States
    not to be that Ass but its been explained Multiple times,

    "There Is No Exploit/It IS Not Possible!"