Possible Nintendo 3DS exploit/vulnerability (Found by me!)

Discussion in '3DS - Homebrew Development and Emulators' started by NipponRyan97, Apr 3, 2012.

Thread Status:
Not open for further replies.
  1. NipponRyan97
    OP

    Newcomer NipponRyan97 Member

    Joined:
    Feb 29, 2012
    Messages:
    20
    Location:
    New York
    Country:
    United States
    http://www.youtube.com/watch?v=K5xir386QsI&feature=youtube_gdata_player

    Watch that, read the description, and read my comment. I think I might of actually found something. If what everyone on 3DBrew, Gbatemp, and other 3DS hacking sites say, then I might of just found the first actual vulnerability in the 3DS that isn't a crash or buffer overflow, but an exploit in the HOME Menu and its headers/filesystem that loads game data from the RAM and NAND. If this is actually exploitable, then that means I can finally complete the puzzle for Neimod and break region locking if unsigned code is made. If you read my YouTube description and comment you will see why this could be it.

    - Ryan (all credit goes to me!)

    What do you think? Pretty different, huh?


     
    1 person likes this.


  2. Ericthegreat

    Member Ericthegreat Not New Member

    Joined:
    Nov 8, 2008
    Messages:
    1,764
    Location:
    Vana'diel
    Country:
    United States
    Cool but still how would we load code? Wouldn't we need somthing more like a save file glitch?
     
  3. DarkShinigami

    Member DarkShinigami #1 strongest Shinigami BANKAI

    Joined:
    Sep 12, 2009
    Messages:
    1,836
    Location:
    Soul Society
    Country:
    United States
    yeah hate to burst your parade but that aint an exploit
     
  4. Tom Bombadildo

    Contributor Tom Bombadildo Honk!

    pip
    Joined:
    Jul 11, 2009
    Messages:
    8,789
    Location:
    I forgot
    Country:
    United States
    We'd still need a way to actually run the code, that is, if it's even possible. I don't think this would lead to anything.


    EDIT: In response to your post below, just because it doesn't load anything doesn't mean it's exploitable. There could still be security checks, we just don't have enough information. I wouldn't go throwing this out as an "exploit" or "vulnerability". Just a neat trick that may lead to something
     
  5. NipponRyan97
    OP

    Newcomer NipponRyan97 Member

    Joined:
    Feb 29, 2012
    Messages:
    20
    Location:
    New York
    Country:
    United States
    We would need a hacker or a team to make unsigned code. This is exploitable because it hangs when you try to open anything. This means it was loading something and it had an error, which is a hole right there waiting to be dug. Notice how the top screen never freezes, this definitely could be of use. Notice the no headers and how we've had a thing on headers before. A lot can be done, we just need someone who can take advantage of this.

    Yes, I'm on 3.0.0-6 if anyone's asking!


     
  6. Ericthegreat

    Member Ericthegreat Not New Member

    Joined:
    Nov 8, 2008
    Messages:
    1,764
    Location:
    Vana'diel
    Country:
    United States
    I think he is trying to say if you do this when trying to dump the nand we might get somthing different then when you normaly try and do this, using neimods nand dumper...?
     
    1 person likes this.
  7. CollosalPokemon

    Member CollosalPokemon ばん。。。かい

    Joined:
    Oct 18, 2009
    Messages:
    681
    Country:
    United States
    Bullshit.
    Not that it wasn't obvious.

    If wrote code to do this, maybe.
    If it's simply a system glitch, I doubt it.

    And just because it doesn't show the top screen logos it means jack shit.
     
  8. NipponRyan97
    OP

    Newcomer NipponRyan97 Member

    Joined:
    Feb 29, 2012
    Messages:
    20
    Location:
    New York
    Country:
    United States
    So tricking the hypervisor does nothing at all?
     
  9. Janthran

    Member Janthran Solarian

    Joined:
    Sep 17, 2011
    Messages:
    3,777
    Location:
    The Pacific Northwet
    Country:
    United States
    lol'd
    Make unsigned code
     
  10. DarkShinigami

    Member DarkShinigami #1 strongest Shinigami BANKAI

    Joined:
    Sep 12, 2009
    Messages:
    1,836
    Location:
    Soul Society
    Country:
    United States
     
  11. NipponRyan97
    OP

    Newcomer NipponRyan97 Member

    Joined:
    Feb 29, 2012
    Messages:
    20
    Location:
    New York
    Country:
    United States
    I DIDN'T FAKE THIS VIDEO! WHY CALL IT BS!? I just said it might lead to an exploit and its a vulnerability. I didn't modify this video in anyway!
    If there was a cartridge, why is there no header and no cartridge inserted and a cartridge on my bed?
     
  12. Janthran

    Member Janthran Solarian

    Joined:
    Sep 17, 2011
    Messages:
    3,777
    Location:
    The Pacific Northwet
    Country:
    United States
    If you put the cartridge back in, can you boot it?
     
  13. Snailface

    Member Snailface My frothing demand for 3ds homebrew is increasing

    Joined:
    Sep 20, 2010
    Messages:
    4,324
    Location:
    Engine Room with Cyan, watching him learn.
    Country:
    Antarctica
    You can remove the game while the little dreamcast thing is swirling and it just keeps looping forever.
    Totally exploitable stuff I'm sure. :toot:

    Doubt any of these glitches are exploitable, but it's worth noting 'FTR'.
     
    4 people like this.
  14. CollosalPokemon

    Member CollosalPokemon ばん。。。かい

    Joined:
    Oct 18, 2009
    Messages:
    681
    Country:
    United States
    I'm saying the 'vulnerability' is jack shit.

    For all you know, yes, maybe there was an error, but this shows Nintendo caught that error. By not showing the banners and continuing to work (without problems) it must read something as invalid and catches/refuses to load it.
     
  15. Ericthegreat

    Member Ericthegreat Not New Member

    Joined:
    Nov 8, 2008
    Messages:
    1,764
    Location:
    Vana'diel
    Country:
    United States
    He means, if there was code executed to make this happen, and then you were somehow able to continue to send code from there, then this could lead to an exploit.

    Also does this happen with only kid icarus or all games?
     
  16. CollosalPokemon

    Member CollosalPokemon ばん。。。かい

    Joined:
    Oct 18, 2009
    Messages:
    681
    Country:
    United States
    Which would only work if Nintendo didn't catch the error. This video shows the error was caught, and therefore the banners were not shown. If the system did NOT catch the error it would lead to a BSOD or error code...

    It's like saying you can safely break into a bank while making a ton of noise and stepping loudly. (if you do that you get caught and cannot rob the bank)
    Exploits only work when there is an error which is not caught.
     
    1 person likes this.
  17. Ammako

    Member Ammako GBAtemp Guru

    Joined:
    Dec 22, 2009
    Messages:
    6,372
    Country:
    Canada
    You're just like Ian Hecox, you suck at holding the camera.
    But that's fine. It actually isn't.
     
    1 person likes this.
  18. CollosalPokemon

    Member CollosalPokemon ばん。。。かい

    Joined:
    Oct 18, 2009
    Messages:
    681
    Country:
    United States
    If you want to see a Black screen Error on the 3DS I've taken one of mine:

    [​IMG]

    When you get one of those, maybe you can talk. (it would depend on how it was generated though)
     
    3 people like this.
  19. Ericthegreat

    Member Ericthegreat Not New Member

    Joined:
    Nov 8, 2008
    Messages:
    1,764
    Location:
    Vana'diel
    Country:
    United States
    You have a nand dumper?
     
  20. ichidansan

    Member ichidansan GBAtemp Regular

    Joined:
    Feb 10, 2010
    Messages:
    215
    Country:
    United States
    I know of a way to get an error while accessing the camera. my little bros friend tried to clean his 3ds with Windex of all things, and it still plays games, just no camera access. then it give the black screen while attempting to start the camera :yaysp:.
     
Thread Status:
Not open for further replies.

Share This Page