Hacking seedminer (single system DSiWare injection)

Marenthyu · Apr 3, 2018

albarah said:
It's a New 3DS and it's received a system transfer from BOTH. I've also used Figgy's SeedHelper and I've been in the brute-forcing step forever.
The New 3DS has never been hacked before.
It's never been sent to Nintendo.
There's only one id0 in sdmc://Nintendo

Link to my movable_part1.sed: ufile.io/3egzb
Screenshots below that my help understand the situation.

It having received a system transfer makes it a lot harder to brute force.

I bet zoogie's messaged you already or will reply here when they can.

Totorido · Apr 3, 2018

Hello!
This is my ID0: c0f631f9c486bace9589deb979dfc052
My friend code is: 2191-7768-4637
Can someone provide me the movable_part1.sed, or movable.sed (both are ok, i can bruteforce it)?
Thank you in advance!

Hunter · Apr 3, 2018

Totorido said:
Hello!
This is my ID0: c0f631f9c486bace9589deb979dfc052
My friend code is: 2191-7768-4637
Can someone provide me the movable_part1.sed, or movable.sed (both are ok, i can bruteforce it)?
Thank you in advance!

add 0791-7428-1045 i'll send your _part1

Totorido · Apr 3, 2018

Hunter said:
add 0791-7428-1045 i'll send your _part1

Done!

Totorido · Apr 3, 2018

Hunter said:
add 0791-7428-1045 i'll send your _part1

Everything done, thank you!

Hunter · Apr 4, 2018

@zoogie https://www.dropbox.com/s/7vveu6lhjib35q2/moars.rar?dl=1
folder was getting full again ><

AC/DS · Apr 4, 2018

In order to download the DSi ware game for SeedMiner my New 3DSXL wants to update firmware to allow me to use eShop.
I'm currently on 11.4.0-37, should I allow it to update? It is brand new, never hacked. I have no idea what version of firmware it will update to... Sorry if a n00b question, have not been here in ages.

zoogie · Apr 4, 2018

AC/DS said:
In order to download the DSi ware game for SeedMiner my New 3DSXL wants to update firmware to allow me to use eShop.
I'm currently on 11.4.0-37, should I allow it to update? It is brand new, never hacked. I have no idea what version of firmware it will update to... Sorry if a n00b question, have not been here in ages.

11.4 is identical to the latest, 11.6, in terms of hacking. And you can do seedminer on 11.6.

AC/DS · Apr 4, 2018

Thanks a lot.

MrJason005 · Apr 4, 2018

this took longer than usual

Hunter · Apr 5, 2018

albarah said:
So I'm having a problem with Seedminer. I'm using an R9 390 w/ 8GB VRAM and my offset is at the 2400s. I've triple checked my id0 and I've had different people get my movable_part1.sed with confirmations saying there is nothing wrong with it. I've had others brute force it for me with the same results with the offset just going up (Right now it's in the 2400s) and no movable.sed file. I've ran out of options and was recommended to come here. Can anyone help me?

F/C: 3755-1765-7006
id0: a2af7e877b1c1b18413892909fa125b6

and @zoogie

I have had 2 people with 2000-4000 offsets that havnt been able to get hits
both formatted and got hits within 50 offsets, so formatting may be an option

zoogie · Apr 5, 2018

Hunter said:
and @zoogie

I have had 2 people with 2000-4000 offsets that havnt been able to get hits
both formatted and got hits within 50 offsets, so formatting may be an option

Quoting from what I said in the discord #dev channel:

nintendo hb discord said:
zoogie - btw - the cause of the un-seedminerable systems. The LFCS in the config savegame (low 5 bytes) isn't synced with LFCS of the the movable.sed keyy like in the seedminerable systems - which ruins the brute force. I still have no idea what causes this. All 3 systems I've seen are: new3ds's with an old3ds msed. Don't know how that might play into it. Another of these systems was bought used and another sent to nintendo. Again, not sure if a factor.

zoogie - I have a suspicion that homebrew sys formats might be the culprit behind the unsynced LFCSs, but I'm probably wrong.

I think what happens here is that when you do a proper system format, the config savegame gets updated with the system's real LFCS. I'm really starting to lean to the possiblity that homebrew system formats don't call the function that updates the config savegame, thus, that's what probably causing the mismatched and unminable keyy's. Need to test to confirm this though.

Another obvious reason for a mismatched LFCS. Unbanning (this changes the first half of the movable.sed keyy so the 1/5 proportion doesn't hold true anymore). System formatting will likely revert to your system's fallback LFCS which will unscrew it up.

Hunter · Apr 5, 2018

zoogie said:
Quoting from what I said in the discord #dev channel:

I think what happens here is that when you do a proper system format, the config savegame gets updated with the system's real LFCS. I'm really starting to lean to the possiblity that homebrew system formats don't call the function that updates the config savegame, thus, that's what probably causing the mismatched and unminable keyy's. Need to test to confirm this though.

Another obvious reason for a mismatched LFCS. Unbanning (this changes the first half of the movable.sed keyy so the 1/5 proportion doesn't hold true anymore). System formatting will likely revert to your system's fallback LFCS which will unscrew it up.

strange thing is, both of the ones I did, were New3DS not Old3DS/transfers just very weird, but they got done in the end, thats all that counts

MaxInve · Apr 5, 2018

A little bunch of files

MrJason005 · Apr 5, 2018

just spent 57 minutes bruteforcing an LFCS for someone with a banned 3DS using the mii method, and then an additional 15 minutes bruteforcing the movable.sed
people if you can, get someone to add you instead! don't wait around

Driley97 · Apr 5, 2018

I’m getting a new 2ds xl and want to install crew on it. I have a computer that can handle the brute force and I can get a dsi Ware game. I need someone who could help me with the part that I need a friend. I am getting it tonight, so I should in theory be able to do the hack tomorrow. If anybody is willing to help I would greatly appreciate it.

volexity · Apr 6, 2018

(PLEASE HELP)
as soon as i launch my Seedminer_Launcher it freezes for a bit everything looks good then it will come up with Error: Out of Recourses

--------------------- MERGED ---------------------------

MrJason005 said:
just spent 57 minutes bruteforcing an LFCS for someone with a banned 3DS using the mii method, and then an additional 15 minutes bruteforcing the movable.sed
people if you can, get someone to add you instead! don't wait around

if you could help me you'd be amazing

reix · Apr 6, 2018

Hi I'm using a Mac OS System and just compiled both of the programs for it. It's attached if someone else is interested in brute forcing on Mac OS

Thanks for the great work!

The archive just contains the modded python script (the start command is not available on Mac OS, so I used the equivalent) and the compiled (and modified) binaries for bfcl and seedminer.
The changed sources are added in bfCL-mac-os-patched-sources.zip and seedminer-mac-os-patched-sources.zip.

To start on Mac OS open terminal and change into the extracted directory, then run the same python commands as for windows.

Brute force on GPU didn't work on my Intel GPU, but it worked very well on my AMD

dan80315 · Apr 6, 2018

Q. Could Nintendo patch this?
A. Yes, certainly at least the dsiware injection. Now that it's a primary, they might consider it more of a priority to fix than when it was just used for dsiware transfer hax (3ds.guide). That doesn't account for the possibility of additional dsiware savehax games, however. The movable.sed vuln itself will be a bit more difficult to patch since it's pretty deeply built into the security infrastructure of the 3ds. They could at least make it harder to fish out the LFCS from userland and below.

Does this mean that if I use this method my 3DS can potentially be reverted to stock settings in the future by a patch? Or just that new people wont be able to use this method anymore but the ones who did keep their 3DS as is?

Hunter · Apr 6, 2018

dan80315 said:
Q. Could Nintendo patch this?
A. Yes, certainly at least the dsiware injection. Now that it's a primary, they might consider it more of a priority to fix than when it was just used for dsiware transfer hax (3ds.guide). That doesn't account for the possibility of additional dsiware savehax games, however. The movable.sed vuln itself will be a bit more difficult to patch since it's pretty deeply built into the security infrastructure of the 3ds. They could at least make it harder to fish out the LFCS from userland and below.

Does this mean that if I use this method my 3DS can potentially be reverted to stock settings in the future by a patch? Or just that new people wont be able to use this method anymore but the ones who did keep their 3DS as is?

they can patch the exploit to gain CFW, but once CFW is installed, it wont get patched out

Hacking seedminer (single system DSiWare injection)

If you are planning on using seedminer, do you have a dedicated graphics card in your PC?

Yes!

No

What's dedicated graphics?

I'm a cat, we can just guess our movable.sed through feline intuition

Well-Known Member

New Member

i'ma stuffup the board

New Member

New Member

i'ma stuffup the board

Well-Known Member

playing around in the end of life

Well-Known Member

√2

Attachments

i'ma stuffup the board

playing around in the end of life

i'ma stuffup the board

New Member

Attachments

√2

Attachments

Member

New Member

New Member

Attachments

Well-Known Member

i'ma stuffup the board

Similar threads

Popular threads in this forum