Homebrew [IDEA] Exploit? probably Not though

DeoNaught

I'm here to steal memes and break dreams
OP
Member
Joined
Aug 22, 2016
Messages
2,261
Trophies
0
Location
Constant Fear
Website
Gbatemp.net
XP
2,227
Country
United States
So what if we could send custom code through the 3ds download play application. so we would have to 3dses one hacked other one would be fresh so like we would send custom code from the hacked ds to the unhacked ds, and then from there it would set off a few things and then (I say that alot) it would launch Boot.3dsx. JUST AN IDEA
 

Scarlet

Soy Consoomer
Editorial Team
GBAtemp Patron
Joined
Jan 7, 2015
Messages
4,538
Trophies
2
Location
Middleish North-Right
XP
11,497
Country
United Kingdom
So what if we could send custom code through the 3ds download play application. so we would have to 3dses one hacked other one would be fresh so like we would send custom code from the hacked ds to the unhacked ds, and then from there it would set off a few things and then (I say that alot) it would launch Boot.3dsx. JUST AN IDEA
Faaaaaaairly sure Download Play still checks for signed content. Otherwise, it'd almost be too easy.
 

Zero72463

Well-Known Member
Member
Joined
Jun 27, 2016
Messages
1,383
Trophies
0
XP
1,496
Country
United States
So what if we could send custom code through the 3ds download play application. so we would have to 3dses one hacked other one would be fresh so like we would send custom code from the hacked ds to the unhacked ds, and then from there it would set off a few things and then (I say that alot) it would launch Boot.3dsx. JUST AN IDEA

Doesn't work like that. Thinking isn't enough. You have absolutely no idea how download play works do you? If you don't understand the full console don't make speculations. This is NOT an exploit.
 
  • Like
Reactions: TheCyberQuake

deishido

Texture Modder
Member
Joined
Jul 8, 2009
Messages
244
Trophies
0
Age
29
Location
Indiana
XP
400
Country
United States
While its a sound idea, it has been tried and tested plenty of times. Unfortunately there's just not a vulnerability there. If you're ever curious about other attempted exploits, you can skim the first few pages of the homebrew and hacking forum.

Currently, there are nearly a dozen exploits. One of which comes standard (free) on all systems and is a primary exploit, the rest are supplementary and are still rather easy to do. And with almost all 3ds fw systems exploitable by some method, or downloadable to an exploitable fw, I don't believe there is a need for more research into a new exploit when devs could be focusing on their software at this point.

The homebrew scene isn't exactly going as strongly as the old nds scene did, I think we still have plenty more to do on that front.
 

Deleted member 370671

Ball of Kawaiiness
Member
Joined
Aug 23, 2015
Messages
1,435
Trophies
1
Location
Lowee
XP
1,601
Country
Korea, North
OK but I was thinking, like possibly we could modify a game with multiplayer and inject custom code into the Data it sends to the other system
The 3DS only runs signed code. Editing a game would require to have signature patch, since modifying it would break the signature. And, well, if you have sig patch, the whole thing becomes kinda useless.
And admitting we can inject our own code, that still doesn't mean there's a vulnerability in the Download Play app / the way Download Play works.
 
Last edited by Deleted member 370671,

ADS3500

Well-Known Member
Member
Joined
Jul 27, 2016
Messages
330
Trophies
0
XP
266
Country
Canada
Even if this were possible, it would just be another hbl entry point, and there's already enough of those.
 

Thirty3Three

Musician Member
Banned
Joined
Mar 22, 2013
Messages
3,956
Trophies
0
Location
Wherever you want me, baby.
XP
2,595
Country
United States
just in case, guys. I want to say this, before (if) anyone starts bashing OP.

Don't be a dick simply because you have more knowledge of a certain subject. OP is just speculating and trying to push some ideas. He's trying to help the scene.

hqdefault.jpg
Theeeeeeenks!!
 

gamesquest1

Nabnut
Global Moderator
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,227
its not that its simply "not possible" given the right circumstances it may be possible, iirc it was either MK7 or nes VC games allowed a user to modify the game and have those changes show up on the download play client side even if the system was unhacked, so if there was a game that could be exploited via such a route it may be possible, that said the way most DLP games work the host would probably end up loading the file that would trigger the crash/exploit before the client gets a look in.....idk its not as clear cut as people would thing,

that said, i think we have more than enough entrypoints atm, and the window of exploitation here is pretty slim, and i would imagine the main dev's have already explored all the obvious targets
 
Last edited by gamesquest1,

Swiftloke

Hwaaaa!
Member
Joined
Jan 26, 2015
Messages
1,770
Trophies
0
Location
Nowhere
XP
1,335
Country
United States
@gamesquest1 is correct. Though I have no idea how, loading custom mk7 tracks and custom NES VC has been done.
However, if a true blue homebrew exploit were possible, I think it would be been done already. ;)
 

Joom

 ❤❤❤
Member
Joined
Jan 8, 2016
Messages
6,024
Trophies
1
Location
US
Website
mogbox.net
XP
5,961
Country
United States
@gamesquest1 is correct. Though I have no idea how, loading custom mk7 tracks and custom NES VC has been done.
However, if a true blue homebrew exploit were possible, I think it would be been done already. ;)
Yeah, except those things pass signature checks. There was a thread a couple months ago about sending unsigned CIAs through Download Play by injecting them into MK7 and it was deemed impossible.
 

DutchyDutch

COPYRIGHT LOLOLOLOL
Member
Joined
Nov 16, 2014
Messages
954
Trophies
0
Age
22
XP
817
Country
Netherlands
The fact that this thread actually exists in 2016 is crazy. You don't know how many people have thought of this "genius idea" before. It's not possible. If you had googled this, you would've found hundreds of other masterminds thinking of this concept. There's no vulnerability in Download Play, at least nothing that's useful to us.

Edit: Sorry if I sound rude but come on. Search the forums.
 
Last edited by DutchyDutch,

gamesquest1

Nabnut
Global Moderator
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,227
Yeah, except those things pass signature checks. There was a thread a couple months ago about sending unsigned CIAs through Download Play by injecting them into MK7 and it was deemed impossible.
no, but im talking about a malformed track/player model or something that could be used to trigger a exploitable crash (im not saying it exists or is possible, im just point out how being able to send modified content over could lead to a new exploit route) , not modifying the DLP package but triggering a exploit in how the games assets are parsed

(again just playing devils advocate here, im sure its already been looked into by actual dev's, but we cant just make a blanket statement that DLP is totally secure)
 
Last edited by gamesquest1,
  • Like
Reactions: TotalInsanity4

Joom

 ❤❤❤
Member
Joined
Jan 8, 2016
Messages
6,024
Trophies
1
Location
US
Website
mogbox.net
XP
5,961
Country
United States
(again just playing devils advocate here, im sure its already been looked into by actual dev's, but we cant just make a blanket statement that DLP is totally secure)
Well, nothing is totally secure. It took nedwill quite a long time to find an exploit in the Music app even months after it was suggested. It just takes time and dedication. I even watched him stream an hour or so long debugging sessions trying to find anything, and it still took a month or so for him to find something useful. Throwing around ideas like this is fun and all, but it takes someone with the knowhow and aspiration to actually find an exploitable vector.
 

DeoNaught

I'm here to steal memes and break dreams
OP
Member
Joined
Aug 22, 2016
Messages
2,261
Trophies
0
Location
Constant Fear
Website
Gbatemp.net
XP
2,227
Country
United States
The 3DS only runs signed code. Editing a game would require to have signature patch, since modifying it would break the signature. And, well, if you have sig patch, the whole thing becomes kinda useless.
And admitting we can inject our own code, that still doesn't mean there's a vulnerability in the Download Play app / the way Download Play works.

since the host console is hacked cant we disable sig check, or are you saying the target system will check sig.
 

gamesquest1

Nabnut
Global Moderator
Joined
Sep 23, 2013
Messages
15,153
Trophies
2
XP
12,227
Well, nothing is totally secure. It took nedwill quite a long time to find an exploit in the Music app even months after it was suggested. It just takes time and dedication. I even watched him stream an hour or so long debugging sessions trying to find anything, and it still took a month or so for him to find something useful. Throwing around ideas like this is fun and all, but it takes someone with the knowhow and aspiration to actually find an exploitable vector.
yeah i know, threads like this dont really contribute anything really, im sure those who would be able to actually make such an exploit would already have good enough knowlage of the system to be aware of what possible routes they have to explore
since the host console is hacked cant we disable sig check, or are you saying the target system will check sig.

basically it will not work how you are thinking, the actual executable that is sent to the other 3DS MUST be signed, the only "in" is via the rom assets that are sent being able to trigger a exploit in the signed and unmodified executable, its not just as simple as making a devmenu cia file and sending it over or something as silly as that
 
Last edited by gamesquest1,

You may also like...

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3N1 @ K3N1: https://youtube.com/shorts/5_yMwLMHhjc?feature=share