Toggle sidebar

Homebrew [Question] Cracking the BOOTROM?

  • Thread starter Thread starter survive9
  • Start date Start date
  • Views Views 5,019
  • Replies Replies 37
dubbz82 said:
This is already theoretically possible, it would require someone to actually build it out though, which isn't trivial. Nintendo's built in OS isn't THAT bad, is it?
Click to expand...
No I actually like it, but I also like something fresh.

--------------------- MERGED ---------------------------

TuxSH said:
A bootROM vulnerability exploitable by the end-user would be both a full system-control exploit and an entrypoint, hardcoded in hardware.
If such a flaw exists, it would literally kill the 3DS's security, in fact the 3DS as a whole.

What about Linux?
Click to expand...
I have a 2ds so I don't think it would run that well
 
Last edited by survive9,
Actually i think that a VERY limited linux version would run pretty well.

The point is why should i run a so limited linux version?
 
Jhyrachy said:
Actually i think that a VERY limited linux version would run pretty well.

The point is why should i run a so limited linux version?
Click to expand...
I agree. Something like Tiny Core Linux or TTYLinux (distributions roughly around 6 - 11 mb in size) would be optimal for the 3DS, but why even bother? There'd have to be a way to use the 3DS's peripherals, and even if that were developed, I still don't understand why anyone would want it other than just to say they have it.
 
Someday Citra will be able to play encrypted ROMs.. Just look at previous no$gba that decrypted NDS games only. Now the encrypted NDS ROMs are playable with No$GBA.
 
capito27 said:
you do know that the signing keys are no where on the 3ds, right ? the keys available are only for decryption, all signature would be invalid without the private signing keys in some nintendo bunker
Click to expand...

If we can get control early enough it won't matter.
Think of signatures as a key to the lock of Nintendo's sign checks.

If we get control early enough we can just take off the whole door.
 
  • Like
Reactions: FenrirWolf
Which is more or less what we already do with existing cfw and a9lh. But being able to decrypt stuff on PC would definitely be nice.
 
Joom said:
I agree. Something like Tiny Core Linux or TTYLinux (distributions roughly around 6 - 11 mb in size) would be optimal for the 3DS, but why even bother? There'd have to be a way to use the 3DS's peripherals, and even if that were developed, I still don't understand why anyone would want it other than just to say they have it.
Click to expand...
The PS2 can run Debian 5.0 + X.Org perfectly and it only had 32MB of RAM, and a slower (IMO) CPU. A properly optimized distro with a hardware accelerated TinyX + FLTK + lightweight tools would be quite speedy. Not to mention it's a portable ofc, with WiFi and all that fancy stuff that the PS2 didn't have.
 
Wolfvak said:
The PS2 can run Debian 5.0 + X.Org perfectly and it only had 32MB of RAM, and a slower (IMO) CPU. A properly optimized distro with a hardware accelerated TinyX + FLTK + lightweight tools would be quite speedy. Not to mention it's a portable ofc, with WiFi and all that fancy stuff that the PS2 didn't have.
Click to expand...
The reason I mentioned those distributions is because I don't particularly see Debian fitting on the 3DS NAND.
 
Just throwing this out there for fun: isn't a9lh a bootROM exploit itself?

I mean, the bootROM code is responsible for the FIRMX verification. a9lh exploits a flaw in this verification and tricks the bootROM into jumping to the attacker's unsigned code.

Not all bootROM exploits need to be code-takeover within the bootROM code itself, right?
(I know I'm probably mistaken somewhere. Probably the flaw is in a9loader and it jumps to the code)
 
Last edited by zoogie,
EDIT: Disregard this, someone already asked that question...... Whoops...

Wouldn't we be able to theoretically boot up something like linux on 3ds without the system running in the background, allowing us to have more memory to work with? (And of course, I imagine that homebrew would need to be made specifically for this type of environment)
 
Last edited by Bkool999,
zoogie said:
Just throwing this out there for fun: isn't a9lh a bootROM exploit itself?

I mean, the bootROM code is responsible for the FIRMX verification. a9lh exploits a flaw in this verification and tricks the bootROM into jumping to the attacker's unsigned code.

Not all bootROM exploits need to be code-takeover within the bootROM code itself, right?
(I know I'm probably mistaken somewhere. Probably the flaw is in a9loader and it jumps to the code)
Click to expand...
Loading code out to RAM at boot is a bootrom flaw, not a bootrom exploit though.

Also I just feel like clarifying some things, all bootrom would give is:
  • Most if not all encryption keys, meaning the ability to encrypt/decrypt on PC. Also would mean being able to possibly decrypt/encrypt NAND partitions without xorpads, among other console-specific stuff.
  • No signing keys, you can't sign stuff even given bootrom.
  • More answers about console init and where things come from, ie what makes a console specific to itself and what ties it to it's NAND
  • Possible bootrom-level exploits, which could make getting OTP easier, but no guarantees.
For the end user, it's not all that interesting, might make things a bit more painless but it mostly benefits emulation users and developers. A bootrom exploit vs k9lhax probably wouldn't be all that noticable in terms of speed.
 
  • Like
Reactions: klear and zoogie

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

[WIP] SMW 3DS Port - Early Playable Demo by ZalgonEn

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Homebrew  [Progress update] LCE Minecraft 3ds

Gaming  any good rpgs on 3ds?