Hacking Post your ideas regarding how to hack the 3DS, here

[DarkWork0]

I was wondering if the mii data on the 3ds is encrypted or not as well. Since the Wii is completely open, couldn't we put some type of sniffing program in a mii and transfer it to the 3ds from the wii? Like something that would let us dump info to the sd card, or back to the wii or computer? Kind of like a backdoor or something along those lines. I know what your going to say..."how are we going to run the code on the 3ds without the keys etc." well it's just a theory anyway as an opening to these types of things.

 

[Vigilante]

why not try and make a cart that works in 3ds mode
dont worry about playing games just getting one to start whilst in that mode would be great

see if its possible to run a 3ds rom on a fake 3ds flash cart to simply play that rom and nothing else?
so basically just transfer the contents of the real cart to a fake one

i think i read earlier on that someone needed to know more about the hardware
http://3dbrew.org/wiki/Hardware

i also read that someone suggested to try brute force hacking of the needed code
followed by people telling him it would take to long
i have a suggestion
why not split the work so that
someone can hack the first 50 billion combinations while other people are hacking the other possible combinations
thus first halving the time it will take if 2 people do it
and its not going to take the whole computer it could just be a program running in background while you do your stuff on the internet
and i think its at least giving it a shot imagine what we could do with the right code

2. You expect a Windows exec to run on the 3DS? How the hell would we even get a Windows program on the 3DS anyways?

why not try hacking the roms? or the encrypted files on the sd card that could be done on a pc

Wow your telling someone to get 1 combination from 50 billion other possible combinations.

 

[wchill]

why not try and make a cart that works in 3ds mode
dont worry about playing games just getting one to start whilst in that mode would be great

see if its possible to run a 3ds rom on a fake 3ds flash cart to simply play that rom and nothing else?
so basically just transfer the contents of the real cart to a fake one

i think i read earlier on that someone needed to know more about the hardware
http://3dbrew.org/wiki/Hardware

i also read that someone suggested to try brute force hacking of the needed code
followed by people telling him it would take to long
i have a suggestion
why not split the work so that
someone can hack the first 50 billion combinations while other people are hacking the other possible combinations
thus first halving the time it will take if 2 people do it
and its not going to take the whole computer it could just be a program running in background while you do your stuff on the internet
and i think its at least giving it a shot imagine what we could do with the right code

2. You expect a Windows exec to run on the 3DS? How the hell would we even get a Windows program on the 3DS anyways?

why not try hacking the roms? or the encrypted files on the sd card that could be done on a pc

Read my post. Gives you an overview on just how hard this is. Far more than 50 billion other combos, by the way, more like 50 billion billion billion billion billion billion billion billion. I'm not exaggerating.
Even if we used 10 billion machines (assuming that they all were able of testing 10 billion keys per second; highly unlikely), 1*10^20 is nothing compared to 5*10^73 (and the real number is on an order of magnitude of 10^78 for a 256-bit key). It would take 2*10^54 seconds in the worst case. Compare this to the current the age of the universe (1.4*10^17 seconds). Getting the key within a reasonable amount of time would be like winning the lottery jackpot 50 times in a row.

It's all a matter of math. For every bit the key is, the complexity doubles. Thus, a 256 bit key would have complexity 2^256. More than likely, the 3DS has a 512-bit key.

I'm going to take an idea from Digital Fortress (a novel that has a supercomputer designed for bruteforce attacks). Say we have a supercomputer with 3 million Core i7 processors. According to data on Core i7s about how fast they can check an AES key, the i7-975 is capable of checking 250 million keys per second. (Let's round it up to 400 million anyway.) This supercomputer would be able to test 1.2 * 10^15 keys per second. That doesn't even hold a candle to the possibilities of the AES keys we're talking about here.

Also, that's the wrong hardware page. This is the correct one: http://3dbrew.org/wiki/Gamecards
Looks like the card communication protocol involves encryption as well. Makes life harder.

I was wondering if the mii data on the 3ds is encrypted or not as well. Since the Wii is completely open, couldn't we put some type of sniffing program in a mii and transfer it to the 3ds from the wii? Like something that would let us dump info to the sd card, or back to the wii or computer? Kind of like a backdoor or something along those lines. I know what your going to say..."how are we going to run the code on the 3ds without the keys etc." well it's just a theory anyway as an opening to these types of things.

Doesn't work that way. Miis are just data. The Wii and 3DS in no way use Miis as executable code.

 

[DarkWork0]

why not try and make a cart that works in 3ds mode
dont worry about playing games just getting one to start whilst in that mode would be great

see if its possible to run a 3ds rom on a fake 3ds flash cart to simply play that rom and nothing else?
so basically just transfer the contents of the real cart to a fake one

i think i read earlier on that someone needed to know more about the hardware
http://3dbrew.org/wiki/Hardware

i also read that someone suggested to try brute force hacking of the needed code
followed by people telling him it would take to long
i have a suggestion
why not split the work so that
someone can hack the first 50 billion combinations while other people are hacking the other possible combinations
thus first halving the time it will take if 2 people do it
and its not going to take the whole computer it could just be a program running in background while you do your stuff on the internet
and i think its at least giving it a shot imagine what we could do with the right code

2. You expect a Windows exec to run on the 3DS? How the hell would we even get a Windows program on the 3DS anyways?

why not try hacking the roms? or the encrypted files on the sd card that could be done on a pc

Read my post. Gives you an overview on just how hard this is. Far more than 50 billion other combos, by the way, more like 50 billion billion billion billion billion billion billion billion. I'm not exaggerating.
Even if we used 10 billion machines (assuming that they all were able of testing 10 billion keys per second; highly unlikely), 1*10^20 is nothing compared to 5*10^73 (and the real number is on an order of magnitude of 10^78 for a 256-bit key). It would take 2*10^54 seconds in the worst case. Compare this to the current the age of the universe (1.4*10^17 seconds). Getting the key within a reasonable amount of time would be like winning the lottery jackpot 50 times in a row.

It's all a matter of math. For every bit the key is, the complexity doubles. Thus, a 256 bit key would have complexity 2^256. More than likely, the 3DS has a 512-bit key.

I'm going to take an idea from Digital Fortress (a novel that has a supercomputer designed for bruteforce attacks). Say we have a supercomputer with 3 million Core i7 processors. According to data on Core i7s about how fast they can check an AES key, the i7-975 is capable of checking 250 million keys per second. (Let's round it up to 400 million anyway.) This supercomputer would be able to test 1.2 * 10^15 keys per second. That doesn't even hold a candle to the possibilities of the AES keys we're talking about here.

Also, that's the wrong hardware page. This is the correct one: http://3dbrew.org/wiki/Gamecards
Looks like the card communication protocol involves encryption as well. Makes life harder.

I was wondering if the mii data on the 3ds is encrypted or not as well. Since the Wii is completely open, couldn't we put some type of sniffing program in a mii and transfer it to the 3ds from the wii? Like something that would let us dump info to the sd card, or back to the wii or computer? Kind of like a backdoor or something along those lines. I know what your going to say..."how are we going to run the code on the 3ds without the keys etc." well it's just a theory anyway as an opening to these types of things.

Doesn't work that way. Miis are just data. The Wii and 3DS in no way use Miis as executable code.

I was just thinking of using them as a piggy back for the executable code. If they get encrypted then we wouldn't have to find the keys yes? Of course we would have to find a way to execute that code once it was on the 3ds. I'm not a coder, but I do like to learn about what can and can't happen if I think of stuff that others with more experience and knowledge may try and use. Never know how things are going to work out until it happens, may be able to add a HBC or something in the end.

 

[wchill]

*snip*

I was just thinking of using them as a piggy back for the executable code. If they get encrypted then we wouldn't have to find the keys yes? Of course we would have to find a way to execute that code once it was on the 3ds. I'm not a coder, but I do like to learn about what can and can't happen if I think of stuff that others with more experience and knowledge may try and use. Never know how things are going to work out until it happens, may be able to add a HBC or something in the end.

Well, we can't execute that code without creating encrypted code by ourselves. The Mii stuff would use separate encryption from all the important system stuff.

 

[CoolAs]

*snip*

I was just thinking of using them as a piggy back for the executable code. If they get encrypted then we wouldn't have to find the keys yes? Of course we would have to find a way to execute that code once it was on the 3ds. I'm not a coder, but I do like to learn about what can and can't happen if I think of stuff that others with more experience and knowledge may try and use. Never know how things are going to work out until it happens, may be able to add a HBC or something in the end.

Well, we can't execute that code without creating encrypted code by ourselves. The Mii stuff would use separate encryption from all the important system stuff.

Yeah, but could you do a buffer overflow with the Mii data resulting in writing to the memory and maybe running unsigned code.
But then, I doubt nintendo would be stupid enough to let that happen.
Even overflowing a buffer by a word is going somewhere, but you would never know if you actually overflowed because you can't run unsigned code to check it xD.

 

[DarkWork0]

Even now freezing the entire system and only regaining control by hard boot(removing battery) would be a giant leap forward. I've also noticed awhile back when I had my bluetooth dongle on my computer, whenever the 3ds went into sleep mode, the dongle would pick it up. Anyone come across this before? I know the 3ds doesn't have bluetooth, it might be a wifi with similar broadcastings as bluetooth?

 

[wchill]

Even now freezing the entire system and only regaining control by hard boot(removing battery) would be a giant leap forward. I've also noticed awhile back when I had my bluetooth dongle on my computer, whenever the 3ds went into sleep mode, the dongle would pick it up. Anyone come across this before? I know the 3ds doesn't have bluetooth, it might be a wifi with similar broadcastings as bluetooth?

Wi-Fi and Bluetooth share similar frequencies. Though it shouldn't be possible, the fact that the 3DS was picked up by a Bluetooth dongle may point to buggy code in the dongle or 3DS. Either that, the dongle has some kind of dual-mode capability (thus having Wi-Fi and Bluetooth). Also, I fail to see how a system freeze would help. Please elaborate.

*snip*

I was just thinking of using them as a piggy back for the executable code. If they get encrypted then we wouldn't have to find the keys yes? Of course we would have to find a way to execute that code once it was on the 3ds. I'm not a coder, but I do like to learn about what can and can't happen if I think of stuff that others with more experience and knowledge may try and use. Never know how things are going to work out until it happens, may be able to add a HBC or something in the end.

Well, we can't execute that code without creating encrypted code by ourselves. The Mii stuff would use separate encryption from all the important system stuff.

Yeah, but could you do a buffer overflow with the Mii data resulting in writing to the memory and maybe running unsigned code.
But then, I doubt nintendo would be stupid enough to let that happen.
Even overflowing a buffer by a word is going somewhere, but you would never know if you actually overflowed because you can't run unsigned code to check it xD.

Buffer overflows are useless unless you know that they exist at a particular place in RAM. We would need the length of said buffer to calculate how to construct a hackable Mii.
Of course, this is assuming that a 3DS would accept said Mii and not just reject it as corrupt data. Also, I don't think you can fit said hack into a QR code, making distribution difficult.

 

[DarkWork0]

I was just referring to the fact that, if there was a system freeze, it would show that there is a flaw in the code/hardware. We wouldn't know anything about it at this point such as if it were random or reproducible or if it will in the long run do anything, but it would be a step forward in my opinion. Since the 3ds sounds like a dolphin's butthole....water tight.

As to your QR code reply, the 3ds connects to the Wii to download Mii's in a hidden option on the Wii in the Mii Maker(that they tell you the button combo to bring it up). It also connects to other 3ds' via local broadcast through the 3ds' built in Mii Maker software. So I think he was referring to putting it onto the Wii, then transferring it over to the 3ds in that fashion. And to me that's another way over that gets onto the 3ds internal storage, bypassing 2 things I know are encrypted(SD card data/Game Cards).

 

[roastable]

Well, I'm not full of any knowledge as to hacking the 3DS, but while we're on the topic of system freezes, I kind of got one.
I guess it's more of a semi-freeze, seeing as it didn't have to have the battery taken out.

I was playing Sonic Generations, and the game froze while audio still continued. None of the buttons worked.
I knew the game cart hadn't moved since I'd been playing it on a flat surface, but by ejecting and reinserting it, I was able to get the "The Game has been removed, press the Home Button" message.
So I'm not sure if this qualifies as a system freeze, seeing as the OS was still running properly in the background.

 

[RupeeClock]

Probably a stupid idea that would require understanding how the 3DS receives streetpass data, which probably includes some sort of encryption signal/key, but it's be pretty funky if, by spoofing a streetpass wireless signal, the 3DS received an illegal Mii in the Streetpass plaza, that triggered some sort of crash similar to the twilight hack by an impossible recent title or long greeting message.

But hey I'm just imagining things, it's not like I have technical knowledge.

 

[DarkWork0]

I did just read on hackmii that "the Mii data format and the code to read them don’t appear to have any exploitable bugs." There goes my theory out the window rofl.

 

[CoolAs]

Is that talking about the wii or the 3DS?

Anyway, I though that you could store mii's on a SD card...

 

[rondoh70]

you cant store miis on the sd card but you can store your miis qr code on the sd card.

 

[DarkWork0]

Is that talking about the wii or the 3DS?

Anyway, I though that you could store mii's on a SD card...

you cant store miis on the sd card but you can store your miis qr code on the sd card.

The Miis on the 3ds are stored on the extdata file on the SD card isn't it?

 

[wchill]

The 3DS is not going to be able to generate a QR code that has malformed Mii data (at least the kind of data that we would want it to have to cause an overflow).
Also, the extdata on the SD card is encrypted.

 

[3DZ]

i think we need to use an application in the eshop thats free, like four swords, from different systems to compare the encrypted data using notepad or whatever program. if we get enough different files, we might be able to find an ecryption key.

 

[DarkWork0]

I have 4 swords on my 3ds and my dsixl, but wouldnt know where to start looking. I guess i could look at them in my hex compare program or notepad++.

 

[SuzieJoeBob]

The only idea that I could think of was the following:

Everytime the 3DS receives a spotpass message on the message board, and when you entire Mii Plaza, the 3DS will then say "Spotpass Encounters: ##" or something of the like.
I also heard that the Mii data is possibly stored on the SD card, so if that is true, wouldn't there be a file on the SD card holding the amount of spotpasses, Puzzle Swap pieces, etc???

If that is true, then wouldn't it be possible for someone to use 2+ brand new 3DS systems and brand new SD cards (same model) to take individual dumps after every 1 spotpass encounter??? If a person were to take those dumps, compare all the ones from the same systems together, and then compare the final result from each system together to see if there is a commonality??? Whether it be trying to search for total spotpass values or something else, I don't know.

Then from there, some trial and error will most likely be involved to tell whether the commonality is a stepping stone towards the encryption key. Maybe the serial code of the 3DS might need to be mathematically combined with the aforementioned commonality, if not is the standalone key hiding in plain sight??? These are just my thoughts, but anything is possible as of now......

 

[Janthran]

The only idea that I could think of was the following:

Everytime the 3DS receives a spotpass message on the message board, and when you entire Mii Plaza, the 3DS will then say "Spotpass Encounters: ##" or something of the like.
I also heard that the Mii data is possibly stored on the SD card, so if that is true, wouldn't there be a file on the SD card holding the amount of spotpasses, Puzzle Swap pieces, etc???

If that is true, then wouldn't it be possible for someone to use 2+ brand new 3DS systems and brand new SD cards (same model) to take individual dumps after every 1 spotpass encounter??? If a person were to take those dumps, compare all the ones from the same systems together, and then compare the final result from each system together to see if there is a commonality??? Whether it be trying to search for total spotpass values or something else, I don't know.

Then from there, some trial and error will most likely be involved to tell whether the commonality is a stepping stone towards the encryption key. Maybe the serial code of the 3DS might need to be mathematically combined with the aforementioned commonality, if not is the standalone key hiding in plain sight??? These are just my thoughts, but anything is possible as of now......

SD cards are somewhat expensive.
And it'd be pretty simple to just download the same app over and over.