Homebrew [IDEA] Exploit? probably Not though

[DeoNaught]

So what if we could send custom code through the 3ds download play application. so we would have to 3dses one hacked other one would be fresh so like we would send custom code from the hacked ds to the unhacked ds, and then from there it would set off a few things and then (I say that alot) it would launch Boot.3dsx. JUST AN IDEA

 

[Scarlet]

So what if we could send custom code through the 3ds download play application. so we would have to 3dses one hacked other one would be fresh so like we would send custom code from the hacked ds to the unhacked ds, and then from there it would set off a few things and then (I say that alot) it would launch Boot.3dsx. JUST AN IDEA

Faaaaaaairly sure Download Play still checks for signed content. Otherwise, it'd almost be too easy.

 

[Zero72463]

So what if we could send custom code through the 3ds download play application. so we would have to 3dses one hacked other one would be fresh so like we would send custom code from the hacked ds to the unhacked ds, and then from there it would set off a few things and then (I say that alot) it would launch Boot.3dsx. JUST AN IDEA

Doesn't work like that. Thinking isn't enough. You have absolutely no idea how download play works do you? If you don't understand the full console don't make speculations. This is NOT an exploit.

 

[deishido]

While its a sound idea, it has been tried and tested plenty of times. Unfortunately there's just not a vulnerability there. If you're ever curious about other attempted exploits, you can skim the first few pages of the homebrew and hacking forum.

Currently, there are nearly a dozen exploits. One of which comes standard (free) on all systems and is a primary exploit, the rest are supplementary and are still rather easy to do. And with almost all 3ds fw systems exploitable by some method, or downloadable to an exploitable fw, I don't believe there is a need for more research into a new exploit when devs could be focusing on their software at this point.

The homebrew scene isn't exactly going as strongly as the old nds scene did, I think we still have plenty more to do on that front.

 

[DeoNaught]

OK but I was thinking, like possibly we could modify a game with multiplayer and inject custom code into the Data it sends to the other system

 

[Deleted member 370671]

OK but I was thinking, like possibly we could modify a game with multiplayer and inject custom code into the Data it sends to the other system

The 3DS only runs signed code. Editing a game would require to have signature patch, since modifying it would break the signature. And, well, if you have sig patch, the whole thing becomes kinda useless.
And admitting we can inject our own code, that still doesn't mean there's a vulnerability in the Download Play app / the way Download Play works.

 

[ADS3500]

Even if this were possible, it would just be another hbl entry point, and there's already enough of those.

 

[Thirty3Three]

just in case, guys. I want to say this, before (if) anyone starts bashing OP.

Don't be a dick simply because you have more knowledge of a certain subject. OP is just speculating and trying to push some ideas. He's trying to help the scene.

Theeeeeeenks!!

 

[Joom]

This has already been thought of. It's not possible.

 

[gamesquest1]

its not that its simply "not possible" given the right circumstances it may be possible, iirc it was either MK7 or nes VC games allowed a user to modify the game and have those changes show up on the download play client side even if the system was unhacked, so if there was a game that could be exploited via such a route it may be possible, that said the way most DLP games work the host would probably end up loading the file that would trigger the crash/exploit before the client gets a look in.....idk its not as clear cut as people would thing,

that said, i think we have more than enough entrypoints atm, and the window of exploitation here is pretty slim, and i would imagine the main dev's have already explored all the obvious targets

 

[Swiftloke]

@gamesquest1 is correct. Though I have no idea how, loading custom mk7 tracks and custom NES VC has been done.
However, if a true blue homebrew exploit were possible, I think it would be been done already.

 

[Joom]

@gamesquest1 is correct. Though I have no idea how, loading custom mk7 tracks and custom NES VC has been done.
However, if a true blue homebrew exploit were possible, I think it would be been done already.

Yeah, except those things pass signature checks. There was a thread a couple months ago about sending unsigned CIAs through Download Play by injecting them into MK7 and it was deemed impossible.

 

[DutchyDutch]

The fact that this thread actually exists in 2016 is crazy. You don't know how many people have thought of this "genius idea" before. It's not possible. If you had googled this, you would've found hundreds of other masterminds thinking of this concept. There's no vulnerability in Download Play, at least nothing that's useful to us.

Edit: Sorry if I sound rude but come on. Search the forums.

 

[gamesquest1]

Yeah, except those things pass signature checks. There was a thread a couple months ago about sending unsigned CIAs through Download Play by injecting them into MK7 and it was deemed impossible.

no, but im talking about a malformed track/player model or something that could be used to trigger a exploitable crash (im not saying it exists or is possible, im just point out how being able to send modified content over could lead to a new exploit route) , not modifying the DLP package but triggering a exploit in how the games assets are parsed

(again just playing devils advocate here, im sure its already been looked into by actual dev's, but we cant just make a blanket statement that DLP is totally secure)

 

[Joom]

(again just playing devils advocate here, im sure its already been looked into by actual dev's, but we cant just make a blanket statement that DLP is totally secure)

Well, nothing is totally secure. It took nedwill quite a long time to find an exploit in the Music app even months after it was suggested. It just takes time and dedication. I even watched him stream an hour or so long debugging sessions trying to find anything, and it still took a month or so for him to find something useful. Throwing around ideas like this is fun and all, but it takes someone with the knowhow and aspiration to actually find an exploitable vector.

 

[DeoNaught]

The 3DS only runs signed code. Editing a game would require to have signature patch, since modifying it would break the signature. And, well, if you have sig patch, the whole thing becomes kinda useless.
And admitting we can inject our own code, that still doesn't mean there's a vulnerability in the Download Play app / the way Download Play works.

since the host console is hacked cant we disable sig check, or are you saying the target system will check sig.

 

[gamesquest1]

Well, nothing is totally secure. It took nedwill quite a long time to find an exploit in the Music app even months after it was suggested. It just takes time and dedication. I even watched him stream an hour or so long debugging sessions trying to find anything, and it still took a month or so for him to find something useful. Throwing around ideas like this is fun and all, but it takes someone with the knowhow and aspiration to actually find an exploitable vector.

yeah i know, threads like this dont really contribute anything really, im sure those who would be able to actually make such an exploit would already have good enough knowlage of the system to be aware of what possible routes they have to explore

since the host console is hacked cant we disable sig check, or are you saying the target system will check sig.

basically it will not work how you are thinking, the actual executable that is sent to the other 3DS MUST be signed, the only "in" is via the rom assets that are sent being able to trigger a exploit in the signed and unmodified executable, its not just as simple as making a devmenu cia file and sending it over or something as silly as that

 

[Dracari]

since the host console is hacked cant we disable sig check, or are you saying the target system will check sig.

Target will indeed Sig check.

 

[DeoNaught]

Sigh... Okay but what is necessary for a possible exploit?

 

[Dracari]

Sigh... Okay but what is necessary for a possible exploit?

not to be that Ass but its been explained Multiple times,

"There Is No Exploit/It IS Not Possible!"