Hacking New Gateway Update 29/07/2013

[profi200]

Nope. I'm not one of the Gateway idiots, but i know, how it works. I know, where the vulnerability, which the blue Gateway uses, is. If you don't trust me, ask yellows8 or neimod.

 

[Devin]

Source?

http://puu.sh/3S2zX.png

Looks like release is still on schedule for Saturday.

 

[Rydian]

The thing is, people on PS3 scene can play any game up to date with custom game patched. I, personally, don't give a sh** about my numbers in about screen if I can play any game.

That's because some major PS3 cryptography keys are known. It was so big (for something like that to be hacked out) that it hit mainstream media and the guys gave a presentation at a hacking convention.

That is entirely speculation.

No, it's an educated guess. Everything they tell us (especially the mention of the entry point) matches what we've known for a while about 4.x and above, that there's a save data exploit (used as an entrypoint), but the kernel-mode exploit was closed in 5.x.

 

[pasc]

Also Sony was pretty p***ed at that leak.

http://puu.sh/3S2zX.png

Looks like release is still on schedule for Saturday.

Yeah, WHY am I looking at your tabs ?

 

[Rytoast]

That is entirely speculation.

Besides the very few snippets of information provided through the three news updates, and brief emails here and there, EVERYTHING that's been said and is being said currently about GW3DS since they first made themselves public has been speculation.

 

[linuxares]

http://puu.sh/3S2zX.png

Sweet!

And I might like sexy little tabs? Why do you judge me?! *cries*

 

[Pong20302000]

http://puu.sh/3S2zX.png

Looks like release is still on schedule for Saturday.

because no one believe me LOL

 

[Thirty3Three]

because no one believe me LOL

Well to be fair, you've given no evidence for your claims, as far as I can tell. I can see how people on the internet would be skeptical.

 

[gamefan5]

Well to be fair, you've given no evidence for your claims, as far as I can tell. I can see how people on the internet would be skeptical.

And believe me, that isn't certainly the first time.

 

[Coto]

Exactly. They are based on 2 vulnerabilities. One is fixed in 5.X and the other works up to 6.1, but if the second is fixed, the blue Gateway becomes useless and it is over. Without the second vulnerabillity a kernelmode exploit is useless, because kernelmode exploits are inside the system. The last chance to get it working then is a savegame exploit, but there are not a good chance to find one, because, there are not so many games with the old savegame encryption and to modifi the savegame, ARM9 code execution is needed (generating AES MAC).

say, you need to feed the binary blob with a correct AES MAC so it can be re-encrypted? sandboxed mode requires some authentication to let run code outside?

 

[umdking]

Exactly. They are based on 2 vulnerabilities. One is fixed in 5.X and the other works up to 6.1

so,which one is the kernelmode exploit ? the one still in 6.1 system?or the already patched one?
on 3Dbrew,it seems that they said the kernel one has been patched already,which is more precious than the savedata one.(though,maybe i misunderstood the whole situation)

 

[3DSGuy]

say, you need to feed the binary blob with a correct AES MAC so it can be re-encrypted? sandboxed mode requires some authentication to let run code outside?

No, the save encryption for early games is already known so re-encrypting is no problem. But in order to update the savegame AES MAC, the key-scrambler, the savegame's KeyY, and the KeyX for savegames is required. Currently(Except for the savegame's KeyY) only Nintendo and each 3DS knows that. So the only practical way of updating the AES MAC, is via a 3DS with ARM9 code execution.

 

[johnnywalker]

Where is Crown... ups - Gatesh.t 3DS? Two months of waiting for nothing.

 

[Boy12]

Where is Crown... ups - Gatesh.t 3DS? Two months of waiting for nothing.

Let's not say that to fast!
Let's give them some time.

 

[Lordmau5]

Did they invent Windows in one day? I guess not.

It takes time for such cards to find exploitable points on the device, so they can do their work.

It's the same with jailbreaking the iDevices.

 

[profi200]

so,which one is the kernelmode exploit ? the one still in 6.1 system?or the already patched one?
on 3Dbrew,it seems that they said the kernel one has been patched already,which is more precious than the savedata one.(though,maybe i misunderstood the whole situation)

Yes, the kernelmode exploit is already fixed in 5.X. Without a new kernelmode exploit, there is no chance to get it working up to 6.1, because they patch some parts of the firmware in RAM to disable some security. This needs total control.

 

[Boy12]

Did they invent Windows in one day? I guess not.

It takes time for such cards to find exploitable points on the device, so they can do their work.

It's the same with jailbreaking the iDevices.

Yep, this.

 

[Bladexdsl]

shit i think i accidentally updated mine to 6x because it wouldn't let me use the eshop

 

[logon]

Sorry if this isn't the place to post this

If i'm correct their are 3 types of 3ds':
-Europe
-USA
-Japanese

The 3ds in Australia have -E at the end of their version
Does that mean European roms would work on the gateway on an Australian 3ds

 

[TemplarGR]

Yes, the kernelmode exploit is already fixed in 5.X. Without a new kernelmode exploit, there is no chance to get it working up to 6.1, because they patch some parts of the firmware in RAM to disable some security. This needs total control.

Isn't it possible to install a modified 5.x+ version of firmware on an already hacked 3DS? If you already have total control at 4.5 firmware, isn't it possible to somehow get access to the newer firmware without installing it, examine and modify it, and install the modified version instead of the official one?