Hacking Post your ideas regarding how to hack the 3DS, here

[SifJar]

Do you need the encryption of the device to make a modchip? *** Don't flame me. I don't know much about this subject***

On the Wii, modchips existed before any keys were known. It was thanks to modchips that the first ever custom code was run on a Wii (GC homebrew). On the Wii, all the first modchips did was make the disc drive accept burnt discs. As the burnt games were direct copies of legitimate games, all the encryption and signatures were in tact, so the games booted. The modchip just told the drive to accept the disc. (GC discs didn't have the same cryptography applied to them, so once burnt discs were accepted, it was fairly easy to load a custom GC disc with homebrew on it, which allowed Team Twiizers to poke about in memory, which led to the Twiizer Attack and eventually to the discovery of the Trucha Bug, which then allowed them to create custom Wii discs and load them using modchips)

EDIT: So in theory perhaps, a modchip could allow a flashcard with an exact 1:1 dump of a 3DS game. Although if you clone the hardware of a 3DS card, it shouldn't be necessary to use a modchip.

In short, a modchip will probably be no use on the 3DS. They are really more for disc based consoles.

 

[Deltaechoe]

Do you need the encryption of the device to make a modchip? *** Don't flame me. I don't know much about this subject***

Considering what a modchip does, I would say yes you will still need the keys

keyS dont we only need one

No, there is a key for the encryption process and it's inverse to decrypt the data, we very well may need both

Here is some useful reading that might explain more:
en.wikipedia.org/wiki/RSA_(algorithm)
http://en.wikipedia.org/wiki/RSA_problem

and these are the kinds of numbers that you have to factor
http://en.wikipedia.org/wiki/RSA_numbers

 

[Rat.2]

even if we find a exploit there is still the encryption problem

If you want to play a rom you need the encryption keys and it's inverse

what i was really suggesting in that unquoted text is to find out if it is even encrypted not all games are going to bother encrypting the information thats sent wirelessly especially local multiplayer games and intercepting this changing stuff to cause an error then exploit or load custom firmware

 

[aiden0109]

Just thought, Mario Kart 7 and many other games use the SD slot to analyse the data of the update/Optional Data.

Just like the Twilight Hack, won't this data be in similar code to the Wii.

So a modified Mario Kart 7 update will read data from a certain folder on the SD card and open a new application that sets the privileges to RW or something similar and then being able to encode applications that will run from the Home/SD card but a drawback from my idea is the "What my friends are playing" button (don't actually know the name of the button). Will Nintendo be able to detect the current version of Mario Kart that will be used.

Please don't flame my idea. It also contains a warning if this does happen.

 

[Transdude1996]

Forgive me, I have been off this subject for a while.

Why don't we try to record all the code that is used while downloading a program for the 3DS. If you think about it, eventually the key will show up to prove to the system that the software is Nintendo approved. The reason i got this idea was because at E3 during the 3DS press conference, Nintendo talked about how you would be able to download full games for the 3DS instead of having to buy them from the local game store.

 

[PsyBlade]

eventually the key will show up to prove to the system that the software is Nintendo approved.

Not if someone an nintendo has the slightest clue about what they are doing.
HINT: public key crypto

 

[SifJar]

eventually the key will show up to prove to the system that the software is Nintendo approved.

Not if someone an nintendo has the slightest clue about what they are doing.
HINT: public key crypto

There is a chance he means the public key (aka common key), which will be somewhere in RAM at some point when any title is being installed. Where in RAM though, is another question entirely. Anyway, the only way to look at RAM is through a setup like neimod's. If it's possible to find the common key through that method, neimod has already done it. If he hasn't already done it, it most likely cannot be found that way (I'd say it probably can, but couldn't be sure)

 

[Deltaechoe]

Just thought, Mario Kart 7 and many other games use the SD slot to analyse the data of the update/Optional Data.

Just like the Twilight Hack, won't this data be in similar code to the Wii.

So a modified Mario Kart 7 update will read data from a certain folder on the SD card and open a new application that sets the privileges to RW or something similar and then being able to encode applications that will run from the Home/SD card but a drawback from my idea is the "What my friends are playing" button (don't actually know the name of the button). Will Nintendo be able to detect the current version of Mario Kart that will be used.

Please don't flame my idea. It also contains a warning if this does happen.

I very much doubt that anything that bears resemblance to the twilight hack will not work, Nintendo has learned their lesson about that. Exploits similar to the smash stack hack may pop up before too long, but we will be hard pressed to find a module that has anything like the trucha bug again so it's very likely that we'll run into problems trying to boot unsigned applications

 

[alphamule]

I wonder what the system does to keep you from modifying RAM 'on the fly'. Probably shadows (caches) things, to gain speed, like the old BIOS feature for IBM compatibles. Sure it's encrypted (probably by a stream cipher, seeing what's documented at 3DBrew), but it doesn't seem realistic to constantly be doing signature checks on RAM. The overhead would cut performance to a fraction of the theoretical capability - it would just kill the speed. They obviously didn't do something stupid like the Game Cube's crypto unit sending the 'junk' (read: plaintext) bits back over the firmware's serial bus. Or at least I hope because that would hurt my head if true.

 

[nukeboy95]

I wonder what the system does to keep you from modifying RAM 'on the fly'. Probably shadows (caches) things, to gain speed, like the old BIOS feature for IBM compatibles. Sure it's encrypted (probably by a stream cipher, seeing what's documented at 3DBrew), but it doesn't seem realistic to constantly be doing signature checks on RAM. The overhead would cut performance to a fraction of the theoretical capability - it would just kill the speed. They obviously didn't do something stupid like the Game Cube's crypto unit sending the 'junk' (read: plaintext) bits back over the firmware's serial bus. Or at least I hope because that would hurt my head if true.

nope neimod was able to change then name of the setting

 

[JuanGomezFernand]

[color=#303030 !important]
alphamule, on 18 June 2012 - 10:22 AM, said:[/color]


I wonder what the system does to keep you from modifying RAM 'on the fly'. Probably shadows (caches) things, to gain speed, like the old BIOS feature for IBM compatibles. Sure it's encrypted (probably by a stream cipher, seeing what's documented at 3DBrew), but it doesn't seem realistic to constantly be doing signature checks on RAM. The overhead would cut performance to a fraction of the theoretical capability - it would just kill the speed. They obviously didn't do something stupid like the Game Cube's crypto unit sending the 'junk' (read: plaintext) bits back over the firmware's serial bus. Or at least I hope because that would hurt my head if true.


nope neimod was able to change then name of the setting

nEI

The Modification the rom in 3ds is very dificult, 3ds have code lock by software and hardware chip. No is the same a 3ds european version that a usa region.

 

[Thorhian]

The funny thing is though, is that we can't do anything with an exploit unless the exploit will STOP ENCRYPTION CHECKS! So, no keys, then it will be REALLY hard to find a usable exploit for the public. If we had an exploit that could run unencrypted code, then we might (that is might, not 100% for sure) be able to stop encryption checks. Please correct me if im wrong, as im not a professional hacker.

 

[Deltaechoe]

The funny thing is though, is that we can't do anything with an exploit unless the exploit will STOP ENCRYPTION CHECKS! So, no keys, then it will be REALLY hard to find a usable exploit for the public. If we had an exploit that could run unencrypted code, then we might (that is might, not 100% for sure) be able to stop encryption checks. Please correct me if im wrong, as im not a professional hacker.

You're looking for something similar to the trucha bug

 

[nukeboy95]

why not try something like a x360key for the 3ds

 

[Luigi2012SM64DS]

why not try something like a x360key for the 3ds

 

[SifJar]

The funny thing is though, is that we can't do anything with an exploit unless the exploit will STOP ENCRYPTION CHECKS! So, no keys, then it will be REALLY hard to find a usable exploit for the public. If we had an exploit that could run unencrypted code, then we might (that is might, not 100% for sure) be able to stop encryption checks. Please correct me if im wrong, as im not a professional hacker.

You're looking for something similar to the trucha bug

Nope. Any exploit will run unencrypted code. Something similar to the trucha bug is necessary for bypassing signature checks for writing content to NAND or something similar to that. To run code, you just need a regular exploit (as an example, on Wii, Twilight Hack could load any code without the code being encrypted, Trucha Bug was needed for installing a custom channel to NAND [it could also be used for created fake signed discs, but that's different]). So any standard buffer overflow or whatever will do for just getting some homebrew code running.

 

[Deltaechoe]

The funny thing is though, is that we can't do anything with an exploit unless the exploit will STOP ENCRYPTION CHECKS! So, no keys, then it will be REALLY hard to find a usable exploit for the public. If we had an exploit that could run unencrypted code, then we might (that is might, not 100% for sure) be able to stop encryption checks. Please correct me if im wrong, as im not a professional hacker.

You're looking for something similar to the trucha bug

Nope. Any exploit will run unencrypted code. Something similar to the trucha bug is necessary for bypassing signature checks for writing content to NAND or something similar to that. To run code, you just need a regular exploit (as an example, on Wii, Twilight Hack could load any code without the code being encrypted, Trucha Bug was needed for installing a custom channel to NAND [it could also be used for created fake signed discs, but that's different]). So any standard buffer overflow or whatever will do for just getting some homebrew code running.

I was just assuming that he wanted a backup loader in which you will very likely need to write custom modules to the system NAND, if you want just regular homebrew then all you need is a 3ds mode exploit, so yes I agree with you sifjar

 

[Janthran]

Didn't feel like creating a new thread for this.
I just heard of a "back2FW.nds" file, that flashcarts could use to go back to the NDS menu.
I'm not expecting this to hack 3DS mode, but would it be possible to get to the DS mode menu using it?
I want Pictochat..

 

[NathanDuma]

Didn't feel like creating a new thread for this.
I just heard of a "back2FW.nds" file, that flashcarts could use to go back to the NDS menu.
I'm not expecting this to hack 3DS mode, but would it be possible to get to the DS mode menu using it?
I want Pictochat..

I just tried this and it just says "You've gotta come back with me. Where? Back to the firmware!". It just keeps at that screen and does nothing.

 

[MelodieOctavia]

Second and final warning before I start handing out warns. This is not EoF. Don't treat it as such.