Hacking Post your ideas regarding how to hack the 3DS, here

h2so4gun

h2so4gun

Hacking for new love plus..........
Newbie
Level 1
Joined
May 4, 2013
Messages
3
Trophies
0
Age
30
XP
51
Country
Switzerland
Gabelvampir said:
I think trying to exploit/hack/crash/whatever a web browser is common enough these days that the people trying to hack the 3DS should have tried that already. If Nintendo did any sensible security design on the 3DS firmware at all, all one would be able to do is crashing the browser with no other effect then that, or run code in the browser which would not help much as it should not have any direct hardware access. And the hardware ressources the browser can use are probably pretty limited as it is one of the few things you can start without closing a suspended application.
It could of course be possible to gain more rights if the implementation of the browser AND the security system is flawed, but as I said, exploiting a browser is so common these days (probably the most used attack point at the moment to gain remote access) that many 3DS hackers should have tried that.
Click to expand...
i got it.no one knows how 3DS operating system working,you means that browser cant write/read system?
 
TheHomesk1llet

TheHomesk1llet

Also known as "Kupo"
Member
Level 4
Joined
Apr 29, 2013
Messages
210
Trophies
0
Location
Cyberspace
XP
439
Country
United States
Here's an idea for the devs.

I sent my 3ds XL in for a repair recently, leaving it on so I would get streetpass, and oh, did I get streetpass. In addition to having about half the states in the US on my region map now, I noticed that every single person's "recently played" games was the system settings. I decided to look in my activity log to see if mine had been in the system settings, but the only title there was something called "???", and it was played for one minute.

My guess is that it's some sort of diag tool, but knowing Nintendo, it wouldn't just show things like system configurations and such. I haven't been in the 3DS's workings, but my guess is that it's the same as the wii, pertaining to IOSs. I definitely know that they check the innermost parts of the 3DS system, and therefore have full access to everything. What makes me think that it's a lot more than a diag tool is that it was only used for 1 minute, maybe less, so it probably changed the time it was used around to make it seem less significant to the user. In addition, before sending my system in, I had ~10 playcoins. It was gone for three days. When I got it back, I had 300 playcoins. I think the tool used does more than just check the system. That means, whatever tool used for accessing the 3DS has full access to everything. This might mean that a Nintendo employee that's kind enough could leak it, or the devs could look at the affected systems and figure out what it is and does.

My two cents.
 
S

Syphurith

Beginner
Member
Level 3
Joined
Mar 8, 2013
Messages
641
Trophies
0
Location
Xi'an, Shaanxi Province
XP
364
Country
Switzerland
TheHomesk1llet said:
Here's an idea for the devs.

I sent my 3ds XL in for a repair recently, leaving it on so I would get streetpass, and oh, did I get streetpass. In addition to having about half the states in the US on my region map now, I noticed that every single person's "recently played" games was the system settings. I decided to look in my activity log to see if mine had been in the system settings, but the only title there was something called "???", and it was played for one minute.

My guess is that it's some sort of diag tool, but knowing Nintendo, it wouldn't just show things like system configurations and such. I haven't been in the 3DS's workings, but my guess is that it's the same as the wii, pertaining to IOSs. I definitely know that they check the innermost parts of the 3DS system, and therefore have full access to everything. What makes me think that it's a lot more than a diag tool is that it was only used for 1 minute, maybe less, so it probably changed the time it was used around to make it seem less significant to the user. In addition, before sending my system in, I had ~10 playcoins. It was gone for three days. When I got it back, I had 300 playcoins. I think the tool used does more than just check the system. That means, whatever tool used for accessing the 3DS has full access to everything. This might mean that a Nintendo employee that's kind enough could leak it, or the devs could look at the affected systems and figure out what it is and does.

My two cents.
Click to expand...
There seems to be a page on wiki about such a diag tool. However please not count on someone would leak it. So sorry i forgot which title it has. It would do much things to your device, however it may not access anything that is too sensitive (ie, crypto, SoC). It may have many priveledges at least including scan chips that is outside the SoC (as your expression)..Even it has power to burn code into the SoC, it may only have the encrypted data (the repair center may hardly hold the decrypted one).
It may help debug, but now how to make the system think or just ignore the homebrew is legit IS a PROBLEM.
AES do against know-text attack, but modifying it may need the action inside the SoC...
Also it may remove itself from the memory or other (ie save) media. If there is only a signal or titleid it would not be too much help.
I have no experience in 3ds hacking now. these are JUST MY OPINION.
(even getting an encrypted one would be much work. and it may burn those downloaded - take a look at if your device is the latest firmware version - if not that means they used the one prepared - but bypass would let other device upgrade your system without alert. That is not a too serious situation - so they don't need to force the SoC to do without Homemenu.)

Well if you think that should be consider at once, talk to them on the IRC (check the address efnet.org and channel #3dsdev do please talk politely). Maybe there is one that too talented can find something out.
 
TheHomesk1llet

TheHomesk1llet

Also known as "Kupo"
Member
Level 4
Joined
Apr 29, 2013
Messages
210
Trophies
0
Location
Cyberspace
XP
439
Country
United States
Syphurith said:
There seems to be a page on wiki about such a diag tool. However please not count on someone would leak it. So sorry i forgot which title it has. It would do much things to your device, however it may not access anything that is too sensitive (ie, crypto, SoC). It may have many priveledges at least including scan chips that is outside the SoC (as your expression)..Even it has power to burn code into the SoC, it may only have the encrypted data (the repair center may hardly hold the decrypted one).
It may help debug, but now how to make the system think or just ignore the homebrew is legit IS a PROBLEM.
AES do against know-text attack, but modifying it may need the action inside the SoC...
Also it may remove itself from the memory or other (ie save) media. If there is only a signal or titleid it would not be too much help.
I have no experience in 3ds hacking now. these are JUST MY OPINION.
(even getting an encrypted one would be much work. and it may burn those downloaded - take a look at if your device is the latest firmware version - if not that means they used the one prepared - but bypass would let other device upgrade your system without alert. That is not a too serious situation - so they don't need to force the SoC to do without Homemenu.)

Well if you think that should be consider at once, talk to them on the IRC (check the address efnet.org and channel #3dsdev do please talk politely). Maybe there is one that too talented can find something out.
Click to expand...
If I'm understanding you correctly (frankly, your English isn't great. Sorry :3) the title that the diag tool is run under is disguised as the System Settings. I'll go ahead and ask the devs on IRC, but I guess there's not much to do after reading what you've posted. Most, if not all, of the Nintendo staff aren't going to leak the tool, and it might even be encrypted like everything else 3DS. Even if I were to get the software, I doubt I would be able to do anything with it. The level of encryption is so high that I can't even view a save file in a game from the SD card. It wouldn't be on the SD card unless by mistake, but I doubt that. My games aren't even in the same folder T_T and there's no way of telling which is which. I was just thinking find a way to trick the system into thinking it's in diag mode or something, and then exploiting it from there. That's probably unlikely, though. aarg.


I've been trying to crack the 3DS's encryption for months. So far, I've only been able to scratch the surface. Any changes I make to anything render the part I changed (mainly save data) unusable. I'm so used to just waiting around for a hack to come for these systems, but now I know how hard it is to actually make successful hacks. I just hate, hate, HATE, NINTENDO, HOW YOU WON'T LET US DO WHAT WE WANT WITH THE SYSTEM WE BOUGHT. I just wish Satoru Iwata were reading these. He's an amazing man, but I think he needs to get his priorities straight, and I think it's customers before games, games before security, and security before updates. I'm even fine if they do what Sony did with the PS3, and make it so that the system can't be emulated, which blocks a lot of piracy. Seeing as you can't even modify the 3DS titles to work, yet, I don't get why we can't at least run homebrew. I'm even fine with updates to the systems that don't delete homebrew loaders or applications, except the ones that are used for illegal purposes.

Anyways, I have no lead on anything, but I feel like I'm so close to getting the encryption concept of the 3DS, even though it's supposedly random. If it really were random, the 3DS wouldn't be able to read the titles. I think there's a method to the madness, and that the best way to figure it out for now is to analyze the way the encryption is generated, and look for patterns. It'd be a lot easier if I could analyze the 3DS reading the files, but I'm pretty sure there's no way to do that. Streetpass would be the best place to start, though, since it requires no software invasion, just monitoring, and I'm sure that it uses similar, if not the exact same encryption techniques that disallow the emulation or simulation of Streetpass. Things I expect to be the same are the ID or serial number of the device, even if it's translated to some other form. Then I at least know something that helps, and the ultimate goal is probably to disable the random encryption process entirely. I might not be an official 3DBrew dev, but I'm still going to try my best to crack this thing for the 3DS owners that have been patiently waiting for an exploit to come out.
 
Metoroid0

Metoroid0

Samus Aran
Member
Level 10
Joined
Nov 2, 2012
Messages
2,276
Trophies
1
Location
Unknown region of space
Website
www.metroidwiki.org
XP
2,242
Country
Japan
Meditate..Calm your mind and Hack will be visible to you...​
"Nothing is perfect"
"All the best things are simple"​
meditate.jpg
Heh, only way i can help.​
Sorry, i'm not that technical.. :P
 
h2so4gun

h2so4gun

Hacking for new love plus..........
Newbie
Level 1
Joined
May 4, 2013
Messages
3
Trophies
0
Age
30
XP
51
Country
Switzerland
Metoroid0 said:
Meditate..Calm your mind and Hack will be visible to you...​
"Nothing is perfect"​
"All the best things are simple"​
meditate.jpg
Heh, only way i can help.​
Sorry, i'm not that technical.. :P
Click to expand...
i find a way to hack,and learn a bit japanese.
NEW LOVE PLUS,what a great game for loser,but NO ENGLISH EDITION
hack it or learn japanese...both of them is difficult for me.
BUT
recently,i explore the LINUX website,and know bugs in WebKIt
for example,one bug in WebKit made the Code runs(put code in RAM)
so i wonder bugs in WebKit is a challenging and promising way,because hacker can put code in RAM and run it
maybe is wrong idea because i dont know anything about Operating System(I am reading Operating System Concept slowly.....)
 
Metoroid0

Metoroid0

Samus Aran
Member
Level 10
Joined
Nov 2, 2012
Messages
2,276
Trophies
1
Location
Unknown region of space
Website
www.metroidwiki.org
XP
2,242
Country
Japan
h2so4gun said:
i find a way to hack,and learn a bit japanese.
NEW LOVE PLUS,what a great game for loser,but NO ENGLISH EDITION
hack it or learn japanese...both of them is difficult for me.
BUT
recently,i explore the LINUX website,and know bugs in WebKIt
for example,one bug in WebKit made the Code runs(put code in RAM)
so i wonder bugs in WebKit is a challenging and promising way,because hacker can put code in RAM and run it
maybe is wrong idea because i dont know anything about Operating System(I am reading Operating System Concept slowly.....)
Click to expand...
Why are you replying on my post, what did i said? :D
What about love plus? why for looser? Linux..? whaa? :P
 
KingBlank

KingBlank

King of Nothing
Member
Level 9
Joined
Sep 17, 2008
Messages
700
Trophies
1
Age
28
Location
New Zealand
XP
1,721
Country
New Zealand
h2so4gun said:
i find a way to hack,and learn a bit japanese.
NEW LOVE PLUS,what a great game for loser,but NO ENGLISH EDITION
hack it or learn japanese...both of them is difficult for me.
BUT
recently,i explore the LINUX website,and know bugs in WebKIt
for example,one bug in WebKit made the Code runs(put code in RAM)
so i wonder bugs in WebKit is a challenging and promising way,because hacker can put code in RAM and run it
maybe is wrong idea because i dont know anything about Operating System(I am reading Operating System Concept slowly.....)
Click to expand...

I think you need to learn english before japanese :)
could just be my reading tho.

Good luck!
 
Metoroid0

Metoroid0

Samus Aran
Member
Level 10
Joined
Nov 2, 2012
Messages
2,276
Trophies
1
Location
Unknown region of space
Website
www.metroidwiki.org
XP
2,242
Country
Japan

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Hardware  New Nintendo 3DS XL Louvre

What's the best 3DS emulator (especially after Citra's shutdown)?

So what's the current state of hacking and freeshop?

Hacking Homebrew  Animal Crossing New Leaf (ACNL) help: data corrupt??

Hacking  Can you install a legit cia and keep the game? + Question about 3ds modding

Pokemon Ultra Sun/Moon from piracy site doesn't work

Hacking Homebrew  3DS System Transfer Questions

Accidentally snapped sd card in half, what to do now?

General chit-chat
Help Users
  • No one is chatting at the moment.
  • realtimesave @ realtimesave:
    I tried to get a slim on a black friday once, but they ran out of stock for the $100 one
  • realtimesave @ realtimesave:
    many ages ago
  • BigOnYa @ BigOnYa:
    You can find them $50-75 nowdays if catch a deal
  • K3Nv2 @ K3Nv2:
    Still remember grabbing this ps4 slim on black Friday for $200 when the msrp was still around 300
     +1
  • BigOnYa @ BigOnYa:
    I went to auction at a mom/pops video game store few months ago that was closing, and bought 11 slims for $200, 1 was DOA but 10 work fine. so hella deal. Already rgh3'ed 8 of them. But most younger kids don't even want anymore, unless it plays stupid "fortnight", or newer shit.
  • K3Nv2 @ K3Nv2:
    Think I'm gonna use my giftcard balance on a nice pair of headphones but $100 is still limited
  • K3Nv2 @ K3Nv2:
    Soundcore q30s are nice but they leak so much sound it sounds like speakers
  • Psionic Roshambo @ Psionic Roshambo:
    Ken spend the 100 on a gun and skii mask, wait for a jogger at the park jewelry money and headphones!
     +1
  • K3Nv2 @ K3Nv2:
    If only Amazon sold guns
  • K3Nv2 @ K3Nv2:
    Fucking dick heads think it's a bad idea to get a gun 2 days later
  • BigOnYa @ BigOnYa:
    Wait, I thought you were the dickhe...nvm
  • K3Nv2 @ K3Nv2:
    I got balls on my chin and two dicks on my forehead sir
     +1
  • BigOnYa @ BigOnYa:
    Sorry, no offense there double dickhead chinballs.
  • K3Nv2 @ K3Nv2:
    Chicks still love it
     +1
  • BigOnYa @ BigOnYa:
    "Mommy, look, what is that?". "That's your soon to be daddy."
     +1
  • K3Nv2 @ K3Nv2:
    That you'll only see once
     +2
  • Veho @ Veho:
    Double dickhead chinballs is still better than double dickhead eyeballs.
  • Veho @ Veho:
    As in, the balls will grow in your eye sockets.
  • K3Nv2 @ K3Nv2:
    I paid 5 grand to get them moved to my chin
     +1
  • Veho @ Veho:
    This you?
  • Veho @ Veho:
    Ballchinian_alien.jpg
    +1
  • K3Nv2 @ K3Nv2:
    My hair can't be that cool
  • BigOnYa @ BigOnYa:
    :rofl2:
  • K3Nv2 @ K3Nv2:
    https://infimobile.com/details/plans-5734270 this is kinda tempting
  • Sonic Angel Knight @ Sonic Angel Knight:
    JOE! :P
    Sonic Angel Knight @ Sonic Angel Knight: JOE! :P