Hi. First off, I'd like to say that I will never be involved in any business involving 3DS hacking. I do this for fun. I enjoy reversing and finding exploits on consoles, although, this is the first exploit I have found that proves useful.
To those who have extracted the data from the patch (decrypting is the hard part, but some people already know how to do this) - you may notice a function that will override signature checks by calling it with a key stored in the decrypted package. I guess Nintendo has a whitelist for certain keys? I haven't yet looked into the signature checking function yet but could not find the decrypted key anywhere in the 3DS RAM, so it's obviously somewhat encrypted. The decrypted key is 8 bytes long.
This allows us to sign our own packages using the same key and override function. I already have a 3D "Hello world" application running! There is no good reason I can think of for Nintendo doing this, I believe that they used it for eShop debugging and forgot to remove it. A simple mistake. But be quick to look because I am sure they will remove it in a new firmware sooner or later.
Sorry for any bad English![smile :) :)](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
To those who have extracted the data from the patch (decrypting is the hard part, but some people already know how to do this) - you may notice a function that will override signature checks by calling it with a key stored in the decrypted package. I guess Nintendo has a whitelist for certain keys? I haven't yet looked into the signature checking function yet but could not find the decrypted key anywhere in the 3DS RAM, so it's obviously somewhat encrypted. The decrypted key is 8 bytes long.
This allows us to sign our own packages using the same key and override function. I already have a 3D "Hello world" application running! There is no good reason I can think of for Nintendo doing this, I believe that they used it for eShop debugging and forgot to remove it. A simple mistake. But be quick to look because I am sure they will remove it in a new firmware sooner or later.
Sorry for any bad English