Homebrew Is Possible To Make a Serial MAC Spoofer/ Serial Number spoofer on 3DS [Like WII]

[zannalabianca]

Good evening everyone, I wanted to ask a simple question: is it possible to access the current 3ds , create a homebrew for spoofing MAC address spoofing or Serial Number 3DS ? this is because Nintendo started the march towards the destruction , and as you have seen , I have proof . It will be possible a homebrew that? perhaps through codes Gecko in games ?

 

[klincheR]

keep me posted.

 

[NCDyson]

If it is possible, the people who know probably aren't going to tell.

 

[Ericthegreat]

Good evening everyone, I wanted to ask a simple question: is it possible to access the current 3ds , create a homebrew for spoofing MAC address spoofing or Serial Number 3DS ? this is because Nintendo started the march towards the destruction , and as you have seen , I have proof . It will be possible a homebrew that? perhaps through codes Gecko in games ?

I think it should be possible to spoof mac, if not through your 3ds through your router.

 

[zannalabianca]

I think it should be possible to spoof mac, if not through your 3ds through your router.

you're telling me that I can change the MAC 3ds through my router ?

and how can I do ? I have to change the mac of the router itself ?

 

[JustPingo]

Nintendo can't see your MAC adress because of internet limitations. That means that there are 2 possibilities: 1) The ban isn't MAC-related. That's an answer I really like because using MAC filtering is very known at being super bad, and Nintendo aren't highschool computer scientists, they know what they are doing. 2) The MAC adress is sent alongside the message. In this case, a RAM patch would be enough, please check 3dbrew.
I would be really surprised if Nintendo kept a list of every 3DSes MAC adresses since that would be a pain for the servers to handle. But possible though. You might only be able to swap your MAC with another console then. I don't know how that was managed by the Wii though, so I may be completely wrong ^^

 

[cearp]

yes it is possible to change your serial, it should unban someone, but i cannot test because i am not banned

 

[NCDyson]

inb4 innocent people's consoles get banned from people using their serial numbers...

 

[cearp]

inb4 innocent people's consoles get banned from people using their serial numbers...

how are 'innocent' peoples serial numbers going to get taken?

 

[Apache Thunder]

how are 'innocent' peoples serial numbers going to get taken?

There's quite a few eBay listings where sellers are careless enough to so show the serial number on the back of their console/on box. Not to mention you can simply drop by your local Wal-Mart and write down the exposed serial numbers on the 3DS/3DS XL boxes. (not sure about the n3DS. I seen the n3DS boxes in my Wal-Mart and they aren't visible or is on the back of the box so opening the display case would be required to see them)

If serial number spoofing becomes widespread, Nintendo will be forced to start rolling back their bans as it will start causing significant collateral damage to their legitimate customers and they will start getting a lot of complaint's, lawsuits, negative press, etc.

You can file serial number spoofing on the long list of things you can't do on a Sky3DS. So maybe it won't be big enough of a problem for Nintendo to notice/care...

Unless there's a different number stored in the console's firmware/SOC that is related to but not the same as the one we see on the back of the console/box? Otherwise, showing your console's serial number to the internet would be a bad idea.

And if it's the other case where the serial stored inside the SoC/firmware that needs to be spoofed isn't what you see on the back of the console/box, then many could start buying 3DSs from Wal-Mart, dumping the serial numbers stored inside them and "returning" the console back to Wal-Mart when their done. They could do multiple consoles over a span of a few weeks and in the end if they all get banned, then the legit customers who bought them will be SOL because at this stage it's unlikely Nintendo will budge on the bans.

There's also pawn shops and other stores. Unlike games, I think you can still return opened electronics to Wal-Mart. They just have a much smaller return window then other things. It's 14 days I believe and a receipt is required. It's a large upfront cost, but your getting your money back in the end, so I can see quite a few doing this if serial spoofing becomes a thing.

yes it is possible to change your serial, it should unban someone, but i cannot test because i am not banned

Perhaps you can ask someone who has been banned to dump their serial and give it to you to test. It will work in the reverse. If you spoof to a banned console ID, you can't play online and will get the error. Then when you return to your real console ID, you can go online again. That would be one way of testing it without actually owning a banned console.

 

[cearp]

it is not that simple, the file where the console serial is, it is signed. so it cannot simply be edited.

 

[Apache Thunder]

it is not that simple, the file where the console serial is, it is signed. so it cannot simply be edited.

Obviously Sky3DS users will be SOL. But I'm sure you can patch out the signing check on 9.2 and below systems if you want to modify the console ID. Gateway might at some point try this if it becomes an issue for them as well. Sky3DS can't really do anything given how their product works. But Gateway might...

Indeed the average user won't be able to do this on their own. A dev here would have to release a tool or something that can do this for them provided they have access to emunand.

 

[zannalabianca]

yes it is possible to change your serial, it should unban someone, but i cannot test because i am not banned

Obviously Sky3DS users will be SOL. But I'm sure you can patch out the signing check on 9.2 and below systems if you want to modify the console ID. Gateway might at some point try this if it becomes an issue for them as well. Sky3DS can't really do anything given how their product works. But Gateway might...

Indeed the average user won't be able to do this on their own. A dev here would have to release a tool or something that can do this for them provided they have access to emunand.

I got banned yesterday morning , in the topic in the section of flashcards 002-0102 we talked about it , I used it a few days publica header , and then I used header only private pokemon ruby on all my bakup , and nintendo , banned me ..

I also made a video , are the first in Italy to get this , and I can not buy a new 3ds for this, so I offer to test your spoof and tell you if I work

I will be of help to you and you shall be to me ..
I wait for you , I'm here ..
a video demonstration of my damn ban:

 

[Rinnegatamante]

It taught 2 minutes creating it (Don't take attention to icon/banner, i reused my ORGANIZ3D settings)
(I spent more time uploading the video on YouTube, i love my crappy internet connection T.T)

 

[Immortal_no1]

You have source to share for that spoofer? i haven't seen elsewhere that much information about the MAC address, i only find a few instances of my MAC in my extracted EMMC NAND

 

[Rinnegatamante]

You have source to share for that spoofer? i haven't seen elsewhere that much information about the MAC address, i only find a few instances of my MAC in my extracted EMMC NAND

It seems MAC spoofing is not working very well cause 3DS rewrites shared-mem MAC address every time you connect to the net (and not only at console startup) so WiFi is initialized always with network adapter parameters :/
Maybe reprotecting shared-mem addresses or RE NWM service can help to fix this.
Anyway i just modified MAC address stored in shared-mem with a CIA build with shared-mem r/w privileges.

 

[Immortal_no1]

It seems MAC spoofing is not working very well cause 3DS rewrites shared-mem MAC address every time you connect to the net (and not only at console startup) so WiFi is initialized always with network adapter parameters :/
Maybe reprotecting shared-mem addresses or RE NWM service can help to fix this.
Anyway i just modified MAC address stored in shared-mem with a CIA build with shared-mem r/w privileges.

Is it possible to modify your source to output the contents of memory to The top screen screen for a given memory region? and possibly a search function to search the memory returning the offset in memory if the search string is found? i assume that it shouldn't be a major task? or even dump the memory region to the SDMC? Whatever you share will be very useful, or drop it on the Wiki for whatever you have.
http://wiki.gbatemp.net/wiki/List_of_3DS_homebrew

 

[Rinnegatamante]

We know shared-mem offset of WiFi Mac Address. NWM module just take Mac Address from Network Adapater and store this value to shared-mem.
Anyway, i'm doing soming like this:

    *(u8*)0x1FF81060 = 0xF2;
    *(u8*)0x1FF81061 = 0xEE;
    *(u8*)0x1FF81062 = 0xEE;
    *(u8*)0x1FF81063 = 0xEE;
    *(u8*)0x1FF81064 = 0xEE;
    *(u8*)0x1FF81065 = 0xEE;

 

[Immortal_no1]

have you had any confirmation from zannalabianca as to whether this had any impact on the banning? i would assume that it would be based on the console ID / NNID rather than MAC. Nintendo no doubt track the MAC addresses. There's a file in NAND, can't remember which one that holds a list of addresses that have been visited online, wonder if it's possible to scan memory for the MAC/NNID/Console ID in the memory after accessing the online service and exiting back to the home screen then run the CIA? to in effect generate a report of the process used to authenticate the device online?

Otherwise the Console ID in NAND contains the 2048byte signature over the region code and the Console ID, but once it's been read i wonder if it can be modified in memory?? unless the signature is checked during the online authentication process?

 

[Immortal_no1]

I've made an app and can read it out perfectly fine, but i appear to be unable to write it back, is there some form of protection on that area of memory, it should be rw shared shouldn't it?