Is it possible to make a Download Play exploit?

Discussion in '3DS - Homebrew Development and Emulators' started by Stalls, Dec 20, 2015.

  1. Stalls
    OP

    Stalls GBAtemp Regular

    Member
    128
    58
    Oct 10, 2015
    United States
    Is there a way to send a signal to the 3DS from a PC to run boot.3dsx in Download Play?
     
  2. TecXero

    TecXero Technovert

    Member
    2,814
    909
    Apr 13, 2014
    United States
    Mainframe
    Sure, if you find a vulnerability or decrypt their keys and encryption and whatever else they use, and then develop the software and payload for it.
     
  3. Monado_III

    Monado_III GBAtemp Advanced Fan

    Member
    637
    352
    Feb 8, 2015
    Canada
    /dev/null
    This. Do this and you could theoretically exploit spreetpass, spotpass and any other wireless communication the 3ds uses. But the chance of someone doing that is extremely slim.
     
    GotKrypto67 likes this.
  4. Tomato Hentai

    Tomato Hentai baja boner blast

    Member
    3,782
    6,202
    Oct 30, 2014
    Canada
    actually north korea. please send help
    Not unless you're aided by the power of BLACK MAGIC
     
    Red9419, TheKawaiiDesu, Sinon and 7 others like this.
  5. TecXero

    TecXero Technovert

    Member
    2,814
    909
    Apr 13, 2014
    United States
    Mainframe
    Yep, I don't think someone wants to dedicate a significant portion of their lives to decrypting that crap. Unless they're really lucky and talented, they could spend years working on it.
     
    Hiccup and Tomato Hentai like this.
  6. Mrrraou

    Mrrraou GBAtemp Advanced Maniac

    Member
    1,869
    2,167
    Oct 17, 2015
    France
    Search on Google for nwm_beaconkey and yellows8's beacon data tool. Use monitor mode and capture packets sent. Have fun (that's how smashbroshax was made)
     
    Red9419, Sinon, GotKrypto67 and 8 others like this.
  7. Acryt

    Acryt GBAtemp Fan

    Member
    309
    72
    Aug 22, 2015
    United States
    and if you do this you should consider selling that information for millions of dollars as you invalidate millions of dollars of crypto tech
     
    Last edited by Acryt, Dec 20, 2015
  8. Jack_Sparrow

    Jack_Sparrow Ruthless Pirate

    Banned
    855
    478
    Nov 17, 2015
    United States
    The Black Pearl
    Why are you asking? It seems to me like you heard something not yet to be heard by the public...

    — Posts automatically merged - Please don't double post! —

    When Download Play is running the Vendor Tag overflow holds potential exploiting. If you've been hearing about a 9.3+ Kexploit this is what people are looking into. Once this happens theoretically we could inject a payload into the app.


    No need to decrypt the keys. Thats the vulnerability and thats all that's known at this point.
     
    JustPingo likes this.
  9. TecXero

    TecXero Technovert

    Member
    2,814
    909
    Apr 13, 2014
    United States
    Mainframe
    Well, I mean without a vulnerability, but that was more meant to just convey how ridiculous of an undertaking it would be without stumbling across another vulnerability.
     
    Last edited by TecXero, Dec 20, 2015
  10. jamieyello

    jamieyello Professional Dumbass

    Member
    377
    255
    Mar 11, 2013
    United States
    All you need is a quantum computer and all of cryptography is a joke to you.
     
    Red9419, WindozeNT, BlastXDX and 7 others like this.
  11. orly3

    orly3 Advanced Member

    Newcomer
    64
    58
    Jun 8, 2015
    Google have one don't they?
    If we break into googles headquarters, we can hack everything :D
    Wait... does that mean google could already have a 9.3+ kexploit?
    Goohax confirmed!
     
  12. GalladeGuy

    GalladeGuy Freeze Kirby :3

    Member
    2,588
    2,652
    Oct 28, 2015
    United States
    Unfortunately, Goohax was just blocked by the new 10.4 update. Here are the patch notes:

    Patched the Goohax exploit STABILITY!!!!!!
     
  13. RainCode

    RainCode The Temper that Tampers

    Member
    162
    57
    Sep 29, 2015
    /dev/null
    If boot.3dsx were to be pushed over to an other 3DS then the payload may need to be downloaded and execute after. Can be the other way around if the payload waits for the boot.3dsx file to be fully downloaded.
     
  14. Heran Bago
    This message by Heran Bago has been removed from public view by Sicklyboy, Dec 21, 2015, Reason: Pointless.
    Dec 20, 2015
  15. JoostinOnline
    This message by JoostinOnline has been removed from public view by Sicklyboy, Dec 21, 2015, Reason: Pointless.
    Dec 20, 2015
  16. GalladeGuy
    This message by GalladeGuy has been removed from public view by Sicklyboy, Dec 21, 2015, Reason: Pointless.
    Dec 20, 2015
  17. marksteele
    This message by marksteele has been removed from public view by Sicklyboy, Dec 21, 2015, Reason: Pointless.
    Dec 20, 2015
  18. Jack_Sparrow

    Jack_Sparrow Ruthless Pirate

    Banned
    855
    478
    Nov 17, 2015
    United States
    The Black Pearl
    Which i showed you the vulnerability stumbled upon.
     
  19. TecXero

    TecXero Technovert

    Member
    2,814
    909
    Apr 13, 2014
    United States
    Mainframe
    Okay. I don't know what all has been found relating to that. I haven't messed with it at all, just spouting out the general rhetoric for what's needed for a usable exploit. Even with a vulnerability, assuming the vulnerability will give you access to everything you need to make it usable, there's still a lot of work that has to be done before it's usable.

    I'd assume the 3DS's Download Play (and local play in general) uses something slightly different from the 802.11g standard, so you'd have to also write custom software just for a PC to broadcast something the 3DS will recognize at all.
     
  20. Bubsy Bobcat

    Bubsy Bobcat sipp

    Member
    1,478
    5,726
    Jul 8, 2015
    Zimbabwe
    This. You can't just "make an exploit" Squiddo.
     
  21. Pikasack

    Pikasack What is a title

    Member
    635
    203
    Apr 27, 2015
    Canada
    Kiddo =/= Squiddo, nice try
     
  22. Sinon
    This message by Sinon has been removed from public view by Sicklyboy, Dec 21, 2015, Reason: Pointless.
    Dec 21, 2015
  23. MsMidnight
    This message by MsMidnight has been removed from public view by Sicklyboy, Dec 21, 2015, Reason: Pointless.
    Dec 21, 2015
  24. Sinon
    This message by Sinon has been removed from public view by Sicklyboy, Dec 21, 2015, Reason: Pointless.
    Dec 21, 2015
  25. GalladeGuy
    This message by GalladeGuy has been removed from public view by Sicklyboy, Dec 21, 2015, Reason: Pointless.
    Dec 21, 2015
  26. MsMidnight

    MsMidnight part time fe modder

    Member
    1,753
    1,308
    Oct 12, 2015
    kys
    Yep. I don't give any regard to stuff or people

    Anyways back on topic, can't we send a buffer overflow of packets ?
     
  27. doctorgoat

    doctorgoat GBAtemp Advanced Fan

    Member
    624
    234
    Jun 3, 2015
    United States
    I don't know. Can we?

    Go give it a shot.
     
  28. GalladeGuy

    GalladeGuy Freeze Kirby :3

    Member
    2,588
    2,652
    Oct 28, 2015
    United States
    He used can't the exact way its supposed to in that sentence. You don't say "may we not send a buffer overflow of packets?".