Is Possible To Make a Serial MAC Spoofer/ Serial Number spoofer on 3DS [Like WII]

Discussion in '3DS - Homebrew Development and Emulators' started by zannalabianca, Feb 15, 2015.

  1. zannalabianca
    OP

    zannalabianca GBAtemp Regular

    Member
    154
    17
    Aug 13, 2013
    Good evening everyone, I wanted to ask a simple question: is it possible to access the current 3ds , create a homebrew for spoofing MAC address spoofing or Serial Number 3DS ? this is because Nintendo started the march towards the destruction , and as you have seen , I have proof . It will be possible a homebrew that? perhaps through codes Gecko in games ?

     


  2. klincheR

    klincheR Member

    Newcomer
    13
    5
    Feb 3, 2015
    Gambia, The
    out of map
    keep me posted. :D
     
  3. NCDyson

    NCDyson Hello Boys...

    Member
    271
    113
    Nov 9, 2009
    United States
    If it is possible, the people who know probably aren't going to tell.
     
  4. Ericthegreat

    Ericthegreat Not New Member

    Member
    1,798
    313
    Nov 8, 2008
    United States
    Vana'diel
    I think it should be possible to spoof mac, if not through your 3ds through your router.
     
    zannalabianca likes this.
  5. zannalabianca
    OP

    zannalabianca GBAtemp Regular

    Member
    154
    17
    Aug 13, 2013
    you're telling me that I can change the MAC 3ds through my router ?

    and how can I do ? I have to change the mac of the router itself ?
     
  6. JustPingo

    JustPingo GBAtemp Fan

    Member
    497
    996
    Jan 11, 2015
    France
    Nintendo can't see your MAC adress because of internet limitations. That means that there are 2 possibilities: 1) The ban isn't MAC-related. That's an answer I really like because using MAC filtering is very known at being super bad, and Nintendo aren't highschool computer scientists, they know what they are doing. 2) The MAC adress is sent alongside the message. In this case, a RAM patch would be enough, please check 3dbrew.
    I would be really surprised if Nintendo kept a list of every 3DSes MAC adresses since that would be a pain for the servers to handle. But possible though. You might only be able to swap your MAC with another console then. I don't know how that was managed by the Wii though, so I may be completely wrong ^^
     
    Nightwish likes this.
  7. cearp

    cearp the ticket master

    Member
    7,397
    4,644
    May 26, 2008
    Tuvalu
    yes it is possible to change your serial, it should unban someone, but i cannot test because i am not banned
     
  8. NCDyson

    NCDyson Hello Boys...

    Member
    271
    113
    Nov 9, 2009
    United States
    inb4 innocent people's consoles get banned from people using their serial numbers...
     
    I pwned U! and lemanuel like this.
  9. cearp

    cearp the ticket master

    Member
    7,397
    4,644
    May 26, 2008
    Tuvalu
    how are 'innocent' peoples serial numbers going to get taken?
     
  10. Apache Thunder

    Apache Thunder I have cameras in your head!

    Member
    4,088
    3,986
    Oct 7, 2007
    United States
    Levelland, Texas
    There's quite a few eBay listings where sellers are careless enough to so show the serial number on the back of their console/on box. Not to mention you can simply drop by your local Wal-Mart and write down the exposed serial numbers on the 3DS/3DS XL boxes. (not sure about the n3DS. I seen the n3DS boxes in my Wal-Mart and they aren't visible or is on the back of the box so opening the display case would be required to see them)

    If serial number spoofing becomes widespread, Nintendo will be forced to start rolling back their bans as it will start causing significant collateral damage to their legitimate customers and they will start getting a lot of complaint's, lawsuits, negative press, etc. :P

    You can file serial number spoofing on the long list of things you can't do on a Sky3DS. So maybe it won't be big enough of a problem for Nintendo to notice/care... :P

    Unless there's a different number stored in the console's firmware/SOC that is related to but not the same as the one we see on the back of the console/box? Otherwise, showing your console's serial number to the internet would be a bad idea. :P

    And if it's the other case where the serial stored inside the SoC/firmware that needs to be spoofed isn't what you see on the back of the console/box, then many could start buying 3DSs from Wal-Mart, dumping the serial numbers stored inside them and "returning" the console back to Wal-Mart when their done. They could do multiple consoles over a span of a few weeks and in the end if they all get banned, then the legit customers who bought them will be SOL because at this stage it's unlikely Nintendo will budge on the bans.

    There's also pawn shops and other stores. Unlike games, I think you can still return opened electronics to Wal-Mart. They just have a much smaller return window then other things. It's 14 days I believe and a receipt is required. It's a large upfront cost, but your getting your money back in the end, so I can see quite a few doing this if serial spoofing becomes a thing. :P

    Perhaps you can ask someone who has been banned to dump their serial and give it to you to test. It will work in the reverse. If you spoof to a banned console ID, you can't play online and will get the error. Then when you return to your real console ID, you can go online again. That would be one way of testing it without actually owning a banned console. ;)
     
  11. cearp

    cearp the ticket master

    Member
    7,397
    4,644
    May 26, 2008
    Tuvalu
    it is not that simple, the file where the console serial is, it is signed. so it cannot simply be edited.
     
  12. Apache Thunder

    Apache Thunder I have cameras in your head!

    Member
    4,088
    3,986
    Oct 7, 2007
    United States
    Levelland, Texas
    Obviously Sky3DS users will be SOL. But I'm sure you can patch out the signing check on 9.2 and below systems if you want to modify the console ID. Gateway might at some point try this if it becomes an issue for them as well. Sky3DS can't really do anything given how their product works. But Gateway might... ;)

    Indeed the average user won't be able to do this on their own. A dev here would have to release a tool or something that can do this for them provided they have access to emunand.
     
  13. zannalabianca
    OP

    zannalabianca GBAtemp Regular

    Member
    154
    17
    Aug 13, 2013

    I got banned yesterday morning , in the topic in the section of flashcards 002-0102 we talked about it , I used it a few days publica header , and then I used header only private pokemon ruby on all my bakup , and nintendo , banned me ..

    I also made a video , are the first in Italy to get this , and I can not buy a new 3ds for this, so I offer to test your spoof and tell you if I work

    I will be of help to you and you shall be to me ..
    I wait for you , I'm here ..
    a video demonstration of my damn ban:
     
  14. Rinnegatamante

    Rinnegatamante GBAtemp Psycho!

    Member
    3,127
    3,260
    Nov 24, 2014
    Italy
    Bologna
    It taught 2 minutes creating it :P (Don't take attention to icon/banner, i reused my ORGANIZ3D settings)
    (I spent more time uploading the video on YouTube, i love my crappy internet connection T.T)
     
    I pwned U!, nastys, Celice and 3 others like this.
  15. Immortal_no1

    Immortal_no1 GBAtemp Regular

    Member
    266
    12
    Jul 17, 2003
    You have source to share for that spoofer? i haven't seen elsewhere that much information about the MAC address, i only find a few instances of my MAC in my extracted EMMC NAND
     
  16. Rinnegatamante

    Rinnegatamante GBAtemp Psycho!

    Member
    3,127
    3,260
    Nov 24, 2014
    Italy
    Bologna
    It seems MAC spoofing is not working very well cause 3DS rewrites shared-mem MAC address every time you connect to the net (and not only at console startup) so WiFi is initialized always with network adapter parameters :/
    Maybe reprotecting shared-mem addresses or RE NWM service can help to fix this.
    Anyway i just modified MAC address stored in shared-mem with a CIA build with shared-mem r/w privileges.
     
  17. Immortal_no1

    Immortal_no1 GBAtemp Regular

    Member
    266
    12
    Jul 17, 2003
    Is it possible to modify your source to output the contents of memory to The top screen screen for a given memory region? and possibly a search function to search the memory returning the offset in memory if the search string is found? i assume that it shouldn't be a major task? or even dump the memory region to the SDMC? Whatever you share will be very useful, or drop it on the Wiki for whatever you have.
    http://wiki.gbatemp.net/wiki/List_of_3DS_homebrew
     
  18. Rinnegatamante

    Rinnegatamante GBAtemp Psycho!

    Member
    3,127
    3,260
    Nov 24, 2014
    Italy
    Bologna
    We know shared-mem offset of WiFi Mac Address. NWM module just take Mac Address from Network Adapater and store this value to shared-mem.
    Anyway, i'm doing soming like this:
    Code:
        *(u8*)0x1FF81060 = 0xF2;
        *(u8*)0x1FF81061 = 0xEE;
        *(u8*)0x1FF81062 = 0xEE;
        *(u8*)0x1FF81063 = 0xEE;
        *(u8*)0x1FF81064 = 0xEE;
        *(u8*)0x1FF81065 = 0xEE;
     
    cearp likes this.
  19. Immortal_no1

    Immortal_no1 GBAtemp Regular

    Member
    266
    12
    Jul 17, 2003
    have you had any confirmation from zannalabianca as to whether this had any impact on the banning? i would assume that it would be based on the console ID / NNID rather than MAC. Nintendo no doubt track the MAC addresses. There's a file in NAND, can't remember which one that holds a list of addresses that have been visited online, wonder if it's possible to scan memory for the MAC/NNID/Console ID in the memory after accessing the online service and exiting back to the home screen then run the CIA? to in effect generate a report of the process used to authenticate the device online?

    Otherwise the Console ID in NAND contains the 2048byte signature over the region code and the Console ID, but once it's been read i wonder if it can be modified in memory?? unless the signature is checked during the online authentication process?
     
  20. Immortal_no1

    Immortal_no1 GBAtemp Regular

    Member
    266
    12
    Jul 17, 2003
    I've made an app and can read it out perfectly fine, but i appear to be unable to write it back, is there some form of protection on that area of memory, it should be rw shared shouldn't it?