Hacking Post your ideas regarding how to hack the 3DS, here

[henn64]

I've check those certs (named 'CTR Common Prod 1'that 3ds used to connect to eshop with ssl) and found no difference between that of my Japanese one and that of my friend's USA one. Can we infer that they have the exactly same private key?
Why is such a certificate so common? can it be stored with that '3ds Common Key' somewhere in chips on board? or even its private key is just the '3ds Common Key'.. I highly doubt, 'cause that all those certs is signed by 'Nintendo CA - G3' of 'Nintendo of America Inc' in Washington, USA. (All the same, including the expire date and serial, lol)
If you think you have a hint of where its private key is please reply. If that won't help u hacking, please just ignore this.

I really doubt that the key is the exact same, but I wouldn't put it above N to do that.

haha i'm a noob for this stuff (zeros and ones) but i must admit, it's WAY COOL to read this
I like programming and all this, but i don't have talent like you guys
I wish i could help....

I don't really have much programming experience, either aside from C, Basic, Bash, etc.

 

[Syphurith]

I really doubt that the key is the exact same, but I wouldn't put it above N to do that.
I don't really have much programming experience, either aside from C, Basic, Bash, etc.

Verified that. The cert belongs to Package ClCertA (Universal. so that is not related to region)
Even ClcertA also included an encrypted private key, You can not use that to decrypt since the SSL used private key of server. So that way is aborted. Well i think i should learn how to ram dump now.

 

[Syphurith]

A new hint pops up. Please anyone talented in Hardware check its possibility (spoiler).

Spoiler

tiny board log bytestream from game card to slot (or other locations that worthful).

Internal: Schmidt hysteresis comparator *4, memory chip/SDcard chip*n + Decoder*2 + X-bit counter*2 + Zener diode *2, Analog-Digital & Digital-Analog chip*n, 8088/51 chip*1, USB port *1, Signal Generator*1; External: switch *1

0.switch: control whether the board works or bypass the bytestream.
1.Comparator: compare voltage with -3.6,-0.7,+0.7,+3.6; check the flow of bytestream.
2.Zener diode + A-D/D-A: Regulate the voltage via Comparator, form a new bytestream.
3.Counter + Decoder + Memory / SDCard: Locate new storage bit for every byte in bytestream. then store it to storage on board. * If the flow is for this group, log them into mem of this group; if not, log 0 instead (and that will help when compare data in/out)
4.8088/51 Chip + USB port: send out bytestream stored in specified group's mem to USB.

If we can log all the bytestream easily we can surely analyse the communication between two point.
I can remember the latency of filesystem is said to be 2250ms. Well this day is a good day.

 

[cspanick]

If you modify a program/game, the signatures will become invalid and the 3DS won't run it.

Apparently not as my 3ds games modify themselves somehow.

 

[Rydian]

Apparently not as my 3ds games modify themselves somehow.

... ?

 

[medoli900]

So...
its an active encryption that the 3DS signature have? o.o

 

[ComeTurismO]

I'm still into the Wii way.

 

[ninjuhturdel]

I'm guessing Nintendo reads this thread on a daily basis and uses the info posted here to develop future anti-piracy measures. Let the race begin! Seriously though, good luck to you guys. I'm rooting for you!

 

[FireGrey]

We design a flashcard that works in 3DS mode.

 

[aids0109]

Well no shit mr FireGrey... What do you think were trying to do? Use our 3ds' as boats?

Also is he faking admin status or is he really an admin?

 

[porkiewpyne]

Well no shit mr FireGrey... What do you think were trying to do? Use our 3ds' as boats?

Also is he faking admin status or is he really an admin?

 

[Attila13]

Well no shit mr FireGrey... What do you think were trying to do? Use our 3ds' as boats?

Also is he faking admin status or is he really an admin?

Seriously?

 

[Metoroid0]

...How does the 3DS console run 3DS games (demos for example) i downloaded onto my SD card?

I mean, there must be something in there that makes 3DS say "ok, you have that something, so you must be a 3DS game, i cal let you run through my circuits.."

Maybe that something can be used to run other stuff through SD slot, if you can find out what it is... i mean..i think it's easier to explore an SD card than 3DS game card..right? you just stick SD in card reader and into USB and open the files on your PC..


I know i'm a noob, and this is probably stupid, but i'm just posting my idea

 

[Rydian]

... it's signed, first off. And we do not have the signatures.

 

[Metoroid0]

... it's signed, first off. And we do not have the signatures.

but it's there, right? on the SD card somewhere?

 

[Rydian]

but it's there, right? on the SD card somewhere?

The signatures are not. They're at Nintendo's headquarters or whatever and never leave the building.

 

[SifJar]

The signatures are not. They're at Nintendo's headquarters or whatever and never leave the building.

Well, the signatures are there, the keys used to generate them aren't. (At least, that's my understanding of cryptography, which is admittedly very limited).

[Metroid0: It's akin to a signature (i.e. on a document) needing to be signed in a certain pen; we can look at the signature, but without the special pen (i.e. the key), we can't create our own. This is how I understand it, anyway. As I mentioned, my understanding of cryptography is limited (at best).]

 

[Rydian]

Yeah, that's what I meant. XD

 

[Metoroid0]

Let me say this in English (i'm not all that technical so... go easy on me please. Arigatou gozaimasu ^^ )

Is it logical for example...
If you want to open a specific door
but you don't have a key with specific pattern on it that matches that door's key-hole,
but your brother has it (Nintendo for example) and he can open it.

Now, your bother won't give you that key (just like Nintendo won't give theirs), but you can make a copy of that same key
by studying a Key-hole, because just like the key, the key-hole is also specific, because it has that same pattern that the key has, but in Negative and it can be opened only with THAT key. Correct?


OMG what i just wroted xD
(again, sorry for being a noob, but this is interesting and hey, maybe hackers see my posts as inspiration..who knows )

 

[Rydian]

Let me say this in English (i'm not all that technical so... go easy on me please. Arigatou gozaimasu ^^ )

Is it logical for example...
If you want to open a specific door
but you don't have a key with specific pattern on it that matches that door's key-hole,
but your brother has it (Nintendo for example) and he can open it.

Now, your bother won't give you that key (just like Nintendo won't give theirs), but you can make a copy of that same key
by studying a Key-hole, because just like key, the key-hole is also specific because it can open that door only with THAT key. Correct?


OMG what i just wroted xD
(again, sorry for being a noob, but this is interesting and hey, maybe hackers see my posts as inspiration..who knows )

Nope. The encryption is specifically designed so that that is not possible. This type of encryption is the same stuff used by governments and junk too, so it's known to not be simple like that.