Hacking Post your ideas regarding how to hack the 3DS, here

[h2so4gun]

I think trying to exploit/hack/crash/whatever a web browser is common enough these days that the people trying to hack the 3DS should have tried that already. If Nintendo did any sensible security design on the 3DS firmware at all, all one would be able to do is crashing the browser with no other effect then that, or run code in the browser which would not help much as it should not have any direct hardware access. And the hardware ressources the browser can use are probably pretty limited as it is one of the few things you can start without closing a suspended application.
It could of course be possible to gain more rights if the implementation of the browser AND the security system is flawed, but as I said, exploiting a browser is so common these days (probably the most used attack point at the moment to gain remote access) that many 3DS hackers should have tried that.

i got it.no one knows how 3DS operating system working,you means that browser cant write/read system?

 

[Rydian]

i got it.no one knows how 3DS operating system working,you means that browser cant write/read system?

Correct. The browser does not have kernel-mode/admin rights.

 

[Gabelvampir]

Correct. The browser does not have kernel-mode/admin rights.

That's what I suspected, else it would have been hacked by lunch.

 

[medoli900]

-snip- hacked by lunch.

Omnomnomnom...
I will throw my 3DS from a 69 level building,microwave it,let it 1 week in benzene and finally,crush the rest with a hammer.It is what we call unfragmenting?
Otherwise,i'll decap it with alcohol.

 

[TheHomesk1llet]

Here's an idea for the devs.

I sent my 3ds XL in for a repair recently, leaving it on so I would get streetpass, and oh, did I get streetpass. In addition to having about half the states in the US on my region map now, I noticed that every single person's "recently played" games was the system settings. I decided to look in my activity log to see if mine had been in the system settings, but the only title there was something called "???", and it was played for one minute.

My guess is that it's some sort of diag tool, but knowing Nintendo, it wouldn't just show things like system configurations and such. I haven't been in the 3DS's workings, but my guess is that it's the same as the wii, pertaining to IOSs. I definitely know that they check the innermost parts of the 3DS system, and therefore have full access to everything. What makes me think that it's a lot more than a diag tool is that it was only used for 1 minute, maybe less, so it probably changed the time it was used around to make it seem less significant to the user. In addition, before sending my system in, I had ~10 playcoins. It was gone for three days. When I got it back, I had 300 playcoins. I think the tool used does more than just check the system. That means, whatever tool used for accessing the 3DS has full access to everything. This might mean that a Nintendo employee that's kind enough could leak it, or the devs could look at the affected systems and figure out what it is and does.

My two cents.

 

[Syphurith]

Here's an idea for the devs.

I sent my 3ds XL in for a repair recently, leaving it on so I would get streetpass, and oh, did I get streetpass. In addition to having about half the states in the US on my region map now, I noticed that every single person's "recently played" games was the system settings. I decided to look in my activity log to see if mine had been in the system settings, but the only title there was something called "???", and it was played for one minute.

My guess is that it's some sort of diag tool, but knowing Nintendo, it wouldn't just show things like system configurations and such. I haven't been in the 3DS's workings, but my guess is that it's the same as the wii, pertaining to IOSs. I definitely know that they check the innermost parts of the 3DS system, and therefore have full access to everything. What makes me think that it's a lot more than a diag tool is that it was only used for 1 minute, maybe less, so it probably changed the time it was used around to make it seem less significant to the user. In addition, before sending my system in, I had ~10 playcoins. It was gone for three days. When I got it back, I had 300 playcoins. I think the tool used does more than just check the system. That means, whatever tool used for accessing the 3DS has full access to everything. This might mean that a Nintendo employee that's kind enough could leak it, or the devs could look at the affected systems and figure out what it is and does.

My two cents.

There seems to be a page on wiki about such a diag tool. However please not count on someone would leak it. So sorry i forgot which title it has. It would do much things to your device, however it may not access anything that is too sensitive (ie, crypto, SoC). It may have many priveledges at least including scan chips that is outside the SoC (as your expression)..Even it has power to burn code into the SoC, it may only have the encrypted data (the repair center may hardly hold the decrypted one).
It may help debug, but now how to make the system think or just ignore the homebrew is legit IS a PROBLEM.
AES do against know-text attack, but modifying it may need the action inside the SoC...
Also it may remove itself from the memory or other (ie save) media. If there is only a signal or titleid it would not be too much help.
I have no experience in 3ds hacking now. these are JUST MY OPINION.
(even getting an encrypted one would be much work. and it may burn those downloaded - take a look at if your device is the latest firmware version - if not that means they used the one prepared - but bypass would let other device upgrade your system without alert. That is not a too serious situation - so they don't need to force the SoC to do without Homemenu.)

Well if you think that should be consider at once, talk to them on the IRC (check the address efnet.org and channel #3dsdev do please talk politely). Maybe there is one that too talented can find something out.

 

[TheHomesk1llet]

There seems to be a page on wiki about such a diag tool. However please not count on someone would leak it. So sorry i forgot which title it has. It would do much things to your device, however it may not access anything that is too sensitive (ie, crypto, SoC). It may have many priveledges at least including scan chips that is outside the SoC (as your expression)..Even it has power to burn code into the SoC, it may only have the encrypted data (the repair center may hardly hold the decrypted one).
It may help debug, but now how to make the system think or just ignore the homebrew is legit IS a PROBLEM.
AES do against know-text attack, but modifying it may need the action inside the SoC...
Also it may remove itself from the memory or other (ie save) media. If there is only a signal or titleid it would not be too much help.
I have no experience in 3ds hacking now. these are JUST MY OPINION.
(even getting an encrypted one would be much work. and it may burn those downloaded - take a look at if your device is the latest firmware version - if not that means they used the one prepared - but bypass would let other device upgrade your system without alert. That is not a too serious situation - so they don't need to force the SoC to do without Homemenu.)

Well if you think that should be consider at once, talk to them on the IRC (check the address efnet.org and channel #3dsdev do please talk politely). Maybe there is one that too talented can find something out.

If I'm understanding you correctly (frankly, your English isn't great. Sorry :3) the title that the diag tool is run under is disguised as the System Settings. I'll go ahead and ask the devs on IRC, but I guess there's not much to do after reading what you've posted. Most, if not all, of the Nintendo staff aren't going to leak the tool, and it might even be encrypted like everything else 3DS. Even if I were to get the software, I doubt I would be able to do anything with it. The level of encryption is so high that I can't even view a save file in a game from the SD card. It wouldn't be on the SD card unless by mistake, but I doubt that. My games aren't even in the same folder T_T and there's no way of telling which is which. I was just thinking find a way to trick the system into thinking it's in diag mode or something, and then exploiting it from there. That's probably unlikely, though. aarg.


I've been trying to crack the 3DS's encryption for months. So far, I've only been able to scratch the surface. Any changes I make to anything render the part I changed (mainly save data) unusable. I'm so used to just waiting around for a hack to come for these systems, but now I know how hard it is to actually make successful hacks. I just hate, hate, HATE, NINTENDO, HOW YOU WON'T LET US DO WHAT WE WANT WITH THE SYSTEM WE BOUGHT. I just wish Satoru Iwata were reading these. He's an amazing man, but I think he needs to get his priorities straight, and I think it's customers before games, games before security, and security before updates. I'm even fine if they do what Sony did with the PS3, and make it so that the system can't be emulated, which blocks a lot of piracy. Seeing as you can't even modify the 3DS titles to work, yet, I don't get why we can't at least run homebrew. I'm even fine with updates to the systems that don't delete homebrew loaders or applications, except the ones that are used for illegal purposes.

Anyways, I have no lead on anything, but I feel like I'm so close to getting the encryption concept of the 3DS, even though it's supposedly random. If it really were random, the 3DS wouldn't be able to read the titles. I think there's a method to the madness, and that the best way to figure it out for now is to analyze the way the encryption is generated, and look for patterns. It'd be a lot easier if I could analyze the 3DS reading the files, but I'm pretty sure there's no way to do that. Streetpass would be the best place to start, though, since it requires no software invasion, just monitoring, and I'm sure that it uses similar, if not the exact same encryption techniques that disallow the emulation or simulation of Streetpass. Things I expect to be the same are the ID or serial number of the device, even if it's translated to some other form. Then I at least know something that helps, and the ultimate goal is probably to disable the random encryption process entirely. I might not be an official 3DBrew dev, but I'm still going to try my best to crack this thing for the 3DS owners that have been patiently waiting for an exploit to come out.

 

[Metoroid0]

Meditate..Calm your mind and Hack will be visible to you...​

​

"Nothing is perfect"
"All the best things are simple"​

​

​

​

Heh, only way i can help.​

Sorry, i'm not that technical.. ​

 

[nukeboy95]

-snip-​

um what?

 

[Metoroid0]

-snip-

um what?

Exactly...what? When did i said "-snip-" haha xD

 

[h2so4gun]

Meditate..Calm your mind and Hack will be visible to you...​

​

"Nothing is perfect"​

"All the best things are simple"​

​

​

​

Heh, only way i can help.​

Sorry, i'm not that technical.. ​

i find a way to hack,and learn a bit japanese.
NEW LOVE PLUS,what a great game for loser,but NO ENGLISH EDITION
hack it or learn japanese...both of them is difficult for me.
BUT
recently,i explore the LINUX website,and know bugs in WebKIt
for example,one bug in WebKit made the Code runs(put code in RAM)
so i wonder bugs in WebKit is a challenging and promising way,because hacker can put code in RAM and run it
maybe is wrong idea because i dont know anything about Operating System(I am reading Operating System Concept slowly.....)

 

[Metoroid0]

i find a way to hack,and learn a bit japanese.
NEW LOVE PLUS,what a great game for loser,but NO ENGLISH EDITION
hack it or learn japanese...both of them is difficult for me.
BUT
recently,i explore the LINUX website,and know bugs in WebKIt
for example,one bug in WebKit made the Code runs(put code in RAM)
so i wonder bugs in WebKit is a challenging and promising way,because hacker can put code in RAM and run it
maybe is wrong idea because i dont know anything about Operating System(I am reading Operating System Concept slowly.....)

Why are you replying on my post, what did i said?
What about love plus? why for looser? Linux..? whaa?

 

[KingBlank]

i find a way to hack,and learn a bit japanese.
NEW LOVE PLUS,what a great game for loser,but NO ENGLISH EDITION
hack it or learn japanese...both of them is difficult for me.
BUT
recently,i explore the LINUX website,and know bugs in WebKIt
for example,one bug in WebKit made the Code runs(put code in RAM)
so i wonder bugs in WebKit is a challenging and promising way,because hacker can put code in RAM and run it
maybe is wrong idea because i dont know anything about Operating System(I am reading Operating System Concept slowly.....)

I think you need to learn english before japanese
could just be my reading tho.

Good luck!

 

[Ziver.W]

I have an idea.How about forst the 3DS?First use the DS flash card run a special program，then write a special code to an address.Then forst the 3DS.
Reference:http://www.forbes.com/sites/andygre...nes-data-by-chilling-its-memory-in-a-freezer/

 

[Metoroid0]

I have an idea.How about forst the 3DS?First use the DS flash card run a special program，then write a special code to an address.Then forst the 3DS.
Reference:http://www.forbes.com/sites/andygre...nes-data-by-chilling-its-memory-in-a-freezer/

That's new..i like it i bet Rydian will tell you something about that

 

[Rydian]

That people were already dumping the 3DS's RAM like a year ago?
http://www.flickr.com/photos/neimod/

 

[Metoroid0]

That people were already dumping the 3DS's RAM like a year ago?
http://www.flickr.com/photos/neimod/

On -15ºC ?

 

[Deleted User]

On -15ºC ?

no on -16 ºC

 

[Metoroid0]

On -15ºC ?

no on -16 ºC

I feel sarcasm xD​

 

[Deleted User]

I feel sarcasm xD​

i cant feel anything :X