Hacking Savefile encryption of Ridge Racer 3D has been broken

S

SanGor

Witchhunter
OP
Member
Level 2
Joined
Aug 21, 2008
Messages
993
Trophies
0
Website
Visit site
XP
215
Country
United States
https://twitter.com/#!/BroadOn/status/53320201315430400

We might get an exploit earlier than we've expected
smile.gif
 
Xuphor

Xuphor

I have lied to all of you. I am deeply sorry.
Banned
Level 8
Joined
Jul 14, 2007
Messages
1,681
Trophies
0
Age
36
Location
USA
XP
1,470
Country
United States
Interesting. Stil though, April first is here/coming depending on country.... Someone cold have just edited that in hex editor, it might not run on 3DS at all.
 
X

xakota

Well-Known Member
Member
Level 2
Joined
Mar 18, 2010
Messages
340
Trophies
0
XP
166
Country
United States
Don't get too excited. It's a minor flaw in the savefile encryption. It probably isn't going to lead to anything.
 
U

ultimatt42

Active Member
Newcomer
Level 1
Joined
Nov 25, 2009
Messages
29
Trophies
0
XP
31
Country
United States
xakota said:
Don't get too excited. It's a minor flaw in the savefile encryption. It probably isn't going to lead to anything.
Click to expand...

A minor flaw is the same as a major flaw if it lets you decrypt (and presumably re-encrypt) savefiles. I agree, it's probably not going to be useful by itself, but it's still a prerequisite for a lot of the things we'd like to be able to do on the 3DS. I've heard that saves aren't transferable because each save is encrypted using a system-specific key, but if we're able to decrypt them then we can make them transferable.

Also, if you can modify savefiles you can start poking around for buffer overflows and other exploitable bugs. I really hope Nintendo has had a few words with their third-party devs (and first-party devs, for that matter) asking them to triple check that ALL buffers in savefile reading code have overflow protection given how badly they got bitten on the Wii, but devs are still fallible so it's worth checking.

I wonder what the "slight flaw" was, anyone have any more info yet?
 
spiritofcat

spiritofcat

Well-Known Member
Member
Level 2
Joined
Dec 20, 2007
Messages
577
Trophies
0
XP
202
Country
That was posted on twitter 21 hours ago, which is before April 1st even here in Australia so maybe it is true.
I wasn't aware that anyone had even found a way of extracting save files yet.

Edit: Looking at that twitter account there's a new post about that same fail applying to games too.
 
KuRensan

KuRensan

aka Pearbook
Member
Level 3
Joined
Apr 27, 2009
Messages
898
Trophies
0
Age
28
Location
Somewhere in the sky
Website
intheseaofclouds.tumblr.com
XP
335
Country
Netherlands
xakota said:
deathking said:
Ooops looks like the same fail applies to games! http://bit.ly/eQSrkD (No April's Fool!)

i hope something comes out of this
Click to expand...
how could they POSSIBLY know that? There's no dumps!
Click to expand...

Because it is in the SAVEFILE which means it's in the save file and not in the game itself
 
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,350
Trophies
2
XP
18,246
Country
Sweden
That man really love to find loopholes =)

I really want to know what he works with IRL! =)

Good work man!
 
K

koji2009

Well-Known Member
Member
Level 2
Joined
Mar 13, 2009
Messages
1,193
Trophies
0
XP
197
Country
United States
Could this lead to an exploit? Possibly... The original wii exploit was taking advantage of a buffer overflow relating to Epona's name... The easiest way to test is to simply input a longer name than should be possible and see if the game crashes. That wouldn't be a guarantee it'd work, but it would tell us if there is any possible way to exploit it, or if the game would simply truncate the nick to fit.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Hardware  Why does my 3DS take so long to turn off?

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
    Xdqwerty @ Xdqwerty: @K3Nv2, 4th what?