Introduction to how 3DS hacks work

Discussion in '3DS - Flashcards & Custom Firmwares' started by MrJason005, Dec 5, 2017.

  1. Josephvb10

    Josephvb10 I like Pokémon

    Aug 26, 2009
    Costa Rica
    Thanks for taking the time to write this.
  2. fire-pls

    fire-pls Newbie

    May 28, 2019
    Fascinating write-up! I originally hacked my o3ds with OoT & rxTools a few years back, had no idea what I was doing then. Re-installed cfw a few months back with & it was much simpler -- but still had no idea what I was doing lol.

    As far as a "general" understanding goes, I think this post explains it pretty well. But I do have one question regarding sighax:

    As it was described in the post, I don't exactly understand how the "brute force" comes into play as described here --
    Sorry if my noob understanding is flawed, but this is how it's parsed in my mind:
    1. Set the inner block size
    2. Hackers set this to the beginning of the actual calculated hash (instead of the correct hash)
    3. The parser then jumps to the area immediately outside the signature
    4. It treats these bytes as input for generating a new calculated hash
    5. That region outside the signature is overwritten with this new calculated hash
    6. Then it jumps back? (is it GOTO assembly style?) to the actual calculated hash designated at the start
    7. It compares the designated region with the region outside the actual signature
    8. This will pass, because this region
      (calculated from the previous signature check?)
    I guess another question is how much control do hackers have over the area beyond the calculated hash?

    Forgive my lack of understanding... I'd really like to understand the mechanics as it's fascinating
  3. Dasher_The_Viral

    Dasher_The_Viral Newbie

    Jun 5, 2019
    I am very glad that you wrote this description, it really helps me understand how people managed to completely take over the 3DS, and it's like a freaking breadcrumb trail story, where the person who wanted to be free, found a way out! :D

    This really helps me further understand why this works and how people managed to make it work, and for that, I thank you very much! ^~^