Hacking Post your ideas regarding how to hack the 3DS, here

[ferret7463]

Here recently I've been reading about how Nintendo is going to allow retailers sell "codes" to let you enter it on the eshop and then download a digital copy of the retail game. http://www.1up.com/news/3ds-wii-u-retail-game-downloads My question would be could some one create a "Code" generator like they do for window apps? Of course if this has been brought before here, then over look me, I am not reading over 50 pages to find the reference.

 

[SifJar]

Here recently I've been reading about how Nintendo is going to allow retailers sell "codes" to let you enter it on the eshop and then download a digital copy of the retail game. http://www.1up.com/n...-game-downloads My question would be could some one create a "Code" generator like they do for window apps? Of course if this has been brought before here, then over look me, I am not reading over 50 pages to find the reference.

If someone did that, it'd be very much a jerk move. If you generate a working code, that is one genuine code that is now invalid because it has been used. So someone who rightfully deserves the game cannot receive it because you used their code. With Windows apps, generally you apply a "crack" to make it work without a code/with a fake code. I think it is rare for it to be a case of generating a genuine code.

Besides this, to be able to generate a code, you'd need to understand Nintendo's algorithm for generating the codes. It could even be that codes are generated on a basis of when they're needed, then a record kept of what game each code refers to until the code is redeemed. In this case, the codes could be completely random and there is no chance of you being able to calculate a code.

In short, no. And even if it was, it'd be horrible to use such a tool. And also not hacking [hacking in this context refers to loading unsigned code on the 3DS], so it doesn't belong in this topic.

 

[ferret7463]

if i had made a independent thread than i would have most likely have told to put this idea in this thread... catch 22 . I don't think it would knock anybody out of a Legit copy just as my XP OS serial number Generator has not cut anybody out of a legit copy of XP. It's just an idea nothing more.

 

[SifJar]

if i had made a independent thread than i would have most likely have told to put this idea in this thread... catch 22 . I don't think it would knock anybody out of a Legit copy just as my XP OS serial number Generator has not cut anybody out of a legit copy of XP. It's just an idea nothing more.

With online services, any particular code can be used once only. With codes for stuff like XP you can use the same code multiple times in the event of e.g. reinstalling. What I said was true. And I never said you should have made another thread, I just said it didn't belong here (i.e. you shouldn't have posted it because like I said before, it is a jerk idea)

 

[alphamule]

Here recently I've been reading about how Nintendo is going to allow retailers sell "codes" to let you enter it on the eshop and then download a digital copy of the retail game. http://www.1up.com/n...-game-downloads My question would be could some one create a "Code" generator like they do for window apps? Of course if this has been brought before here, then over look me, I am not reading over 50 pages to find the reference.

If someone did that, it'd be very much a jerk move. If you generate a working code, that is one genuine code that is now invalid because it has been used. So someone who rightfully deserves the game cannot receive it because you used their code. With Windows apps, generally you apply a "crack" to make it work without a code/with a fake code. I think it is rare for it to be a case of generating a genuine code.

Besides this, to be able to generate a code, you'd need to understand Nintendo's algorithm for generating the codes. It could even be that codes are generated on a basis of when they're needed, then a record kept of what game each code refers to until the code is redeemed. In this case, the codes could be completely random and there is no chance of you being able to calculate a code.

In short, no. And even if it was, it'd be horrible to use such a tool. And also not hacking [hacking in this context refers to loading unsigned code on the 3DS], so it doesn't belong in this topic.

Think of those money cards... Totally useless unless loaded. Yes, you have the right idea. Until purchase, the code wouldn't work. That is, if they have any sense.

The easiest way for them to combat guessing or copying a recently sold code is to give the buyer the option of locking it to their account or system at the time of purchase. If you're going to do that, why bother with retail? That is the reason that the codes probably won't be used for long. Remember ever seeing a Famicom disk drive in the US? Or modem? Some things are just short fads in the Nintendo business or limited to (sometimes, extremely) specific markets.

 

[Janthran]

Okay so since this post has reached 52 pages I am sorry if this idea has already been mentioned. (which i dont see why it wouldnt have been)

So i recently letterbombed my 4.3U wii and it made me think, the 3ds is very similar in layout (though I have no idea codewise)

And you can see your mac address on the 3ds, and there is a sd slot. So wouldn't it be plausible to create a letterbomb technique for the 3ds? My only issue that I seem to notice is, is there even a message board on my 3ds? Ive been looking and have only found the notifications page, and am not sure if that is the same.

Anyways what are the thoughts on this?

letterbox

Ah, I see you have to download it, no wonder I can't find it.

---

 

[iNFiNiTY]

Overmaxing as you are calling it is the method used for a lot of exploits. The most obvious one is where the game will read a savegame file for the name you made for the file. If it's coded in a certain way it will have a space for the name to be put into memory, but it will just write the whole name no matter what size the space is supposed to be. So anything next to the space is overwritten by the deliberately long series of bytes added into the savegame; (note: in certain conditions where there's no kind of validation on the name, and lots of other things need to be right)

FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00
The eight FF bytes would be the space for the string, then if theres code in memory in the the 00 bytes, you could overwrite by making a name above eight bytes in length. The system will then try and read code from that area, and whatever you put there in raw machine code will work. So often you'd simply put a 'jump' command. or 'bnc' on 3DS. so when it's read you can 'jump' into your own code stored elsewhere in memory. It's a lot more complex than that in practice .. that's how i understand it at least though.

Thought i'd explain it a bit anyway considering it's been the main way to exploit handhelds and the wii, so it's good to know basics of how it works. Although i should say it could just be totally useless on 3DS/Vita/any other new system, and i think will definitely be impossible with savegames at the least. Used so much now that this is why the PS3/360 have Hypervisors you may have heard about, it essentially stops any attack like this, unless that system has an exploit too.

 

[Janthran]

Overmaxing as you are calling it is the method used for a lot of exploits. The most obvious one is where the game will read a savegame file for the name you made for the file. If it's coded in a certain way it will have a space for the name to be put into memory, but it will just write the whole name no matter what size the space is supposed to be. So anything next to the space deliberately long series of bytes added into the savegame; (note: in certain conditions where there's no kind of validation on the name, and lots of other things need to be right)

FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00
The eight FF bytes would be the space for the string, then if theres code in memory in the the 00 bytes, you could overwrite by making a name above eight bytes in length. The system will then try and read code from that area, and whatever you put there in raw machine code will work. So often you'd simply put a 'jump' command. or 'bnc' on 3DS. so when it's read you can 'jump' into your own code stored elsewhere in memory. It's a lot more complex than that in practice .. that's how i understand it at least though.

Thought i'd explain it a bit anyway considering it's been the main way to exploit handhelds and the wii, so it's good to know basics of how it works. Although i should say it could just be totally useless on 3DS/Vita/any other new system, and i think will definitely be impossible with savegames at the least. Used so much now that this is why the PS3/360 have Hypervisors you may have heard about, it essentially stops any attack like this, unless that system has an exploit too.

Okay well that's not what I was talking about at all but sure.

 

[iNFiNiTY]

You're talking about crashing the game in a useful way due to some data being too long.. and this is why can work. It's exactly what you were saying. You even said that it needs to be done on a computer which would be right. Swapnote saves it's notes where you can't modify them like this though.

Also the code some of you are talking about could be compared to a mobile phone top-up code, ever heard of someone able to do that considering there's no way to actually test many codes at once.

 

[Janthran]

You're talking about crashing the game in a useful way due to some data being too long.. and this is why can work. It's exactly what you were saying. You even said that it needs to be done on a computer which would be right. Swapnote saves it's notes where you can't modify them like this though.

Also the code some of you are talking about could be compared to a mobile phone top-up code, ever heard of someone able to do that considering there's no way to actually test many codes at once.

Interesting. Also didn't know notes weren't just stored openly, because I haven't looked in my SD card on a computer.

 

[alphamule]

Buffer Overrun exploit (also comes in underrun variation where you shrink the stack to a negative size) is the common name. It generally relies on stuff like the walking bug of zero-terminated strings or converting between char arrays (fixed size) and a string (variable-length). Think of variable-length strings as stacks and if you write beyond the end... and code just happens to be right nearby, guess what happens if you insert the right bytes into the string. The fact that this is possible without any deliberate effort (using normal code examples shown in most documentation) is a sign that the language and/or it's libraries are poorly designed as far as security thinking goes. The string/char conversion should ignore too much data and return an error code, not just write wherever it feels like or wait on something like the MMU code in the OS to detect the violation. In theory, it's also possible to check the contents of code memory between running and leaving code but this is as slow as bounds-checking in the string library itself if not way worse. It's the price of manually-allocated memory. You have to do EVERYTHING including garbage collection and making sure there's no oddly dangling pointer or nothing bad like that. It's partly why one of the standard tests of if a code is likely to have tons of exploits is to see if it keeps gaining size in memory every time you run and exit a specific part of the code. It is likely a good indication of the coding quality since it often has a common origin with the exploitable bugs.

Escape codes like %s are also evil. You can crash many old programs using just %s and other hidden variable names that the input parser in old C code uses. It's silly though to have made everyone write their own parser just because the standard one was crap. You get code that is harder to maintain and more likely to have OTHER bugs you don't notice for a very, very long time.

 

[Fudge]

Has anyone tried replacing the main data from a demo of an eShop download with the main data from the full download?? It's a longshot, I know, but still interesting to see if the 3DS keeps the same title for the same software

 

[McHaggis]

Has anyone tried replacing the main data from a demo of an eShop download with the main data from the full download?? It's a longshot, I know, but still interesting to see if the 3DS keeps the same title for the same software

The Title IDs are different, so it won't work. Full games end with 00, demo games end with 01.

 

[Robbieiscool]

did the engage ridley mother f*cker code ever get us anywhere or was it unexploitable

---

 

[Janthran]

did the engage ridley mother f*cker code ever get us anywhere or was it unexploitable

---

 

[BlackFlameAngel]

what about a program to add in some extra codes to the system

 

[jrk190]

You can't add extra codes, or unsigned codes without the system keys. Until we get the keys, we can't even really consider any exploits, and if so, only a few are options that could work.

 

[Coltonamore]

Hey will a twiser atack work for the 3ds to get the keys like the wii or will it be harder to do because of how locked the consal is.

 

[Luigi2012SM64DS]

Hey will a twiser atack work for the 3ds to get the keys like the wii or will it be harder to do because of how locked the consal is.

i said that already.
no we don't know what to short or whatever

 

[NathanDuma]

I don't know if people has mentioned this yet, but here it goes.

Remember the gameshark for Nintendo 64?

If I remember correctly, it didn't have a lockout chip, and it needed a n64 game on top for it to even boot.
So maybe someone can do something like that, but for the 3ds.