Homebrew Some hacking concepts and links

[MewtwoEx]

Keep up the good work guys, if anyone have the brains to do this, that´s you!
Which is easier said than done

 

[unicode2CP]

Neimod recently added some new pics into his Flickr gallery.

 

[elisherer]

How is the app your using is different from 3DSaveTool which was made a year ago?
Plus, 3dsexplorer do the same thing and lets you save the key from the file-tree...
Unless you come up with a way to get the actual key for making that xorpad or figure out how to get the key for the newer files (i.e. mk7/sm3dl)
this discussion is just repeating stuff that have been said a year ago...

 

[Mefisteso]

Did you know about that site?
User Shagraarath offer full roms releases of US and EUR regions. You could easily find his blogspot or facebook profile.
If noone offers real 3ds roms(which are substantial during hacking) this guy seems legit.

 

[totalnoob617]

yes too bad damn letitbit has blocked US traffic , someone said a few days after the mega raid it would be reopened up to US in a week but last i tried a few days ago(which was over a week) it was still blocking US =( ,be lucky you dont live in this $hit hole police state, and now they are censoring torrents too,and btjunkie has closed
i can get the torrents on other torrent sites that are "censored by a US court" with a proxy, but letitbit and proxies? i have tried proxy servers,but they slow my connection down so bad its not even worth it.

people should have been out protesting ACTA here like they were in poland

 

[Mefisteso]

Actually, I'm from Poland but I can use links without any restrictions
And yes, ACTA caused great disgust in Poland, that's not easy to forget about the whole action but atm rectification of ACTA was moved by half year what is temporary success.


If you have problem with downloading in US, maybe you should use european/asian proxy server? That's slower but well...free version of letitbit is slow already...

 

[RichardAnthonyMa]

A fucking essay right there i couldnt be assed reading it

 

[Deleted member 282441]

So, this fourm is about goals on hacking? When the 3DS is hacked, I want game icons on my homescreen, like the forwarder channels you can put on a hacked wii.

 

[high.kaze]

If it actually/eventually get hacked, they've got to make it so that it ends up REGION-FREE. Some japanese games like Super Robot Wars will never come over to the states, so we just really need this for a gamer like me.

 

[SifJar]

So, this fourm is about goals on hacking? When the 3DS is hacked, I want game icons on my homescreen, like the forwarder channels you can put on a hacked wii.

If it actually/eventually get hacked, they've got to make it so that it ends up REGION-FREE. Some japanese games like Super Robot Wars will never come over to the states, so we just really need this for a gamer like me.

These things are not what this thread is for. This is for serious discussion of actual hacking methods. Not for dreaming up what you want to happen when something is hacked.

 

[high.kaze]

So, this fourm is about goals on hacking? When the 3DS is hacked, I want game icons on my homescreen, like the forwarder channels you can put on a hacked wii.

If it actually/eventually get hacked, they've got to make it so that it ends up REGION-FREE. Some japanese games like Super Robot Wars will never come over to the states, so we just really need this for a gamer like me.

These things are not what this thread is for. This is for serious discussion of actual hacking methods. Not for dreaming up what you want to happen when something is hacked.

Oh, okay. There is a similar topic, so I didn't think this forum would take on the same discussion type. But I'm sorry.
Anyway, I've come up with a theory: what if we grabbed the update download link, switch it with a custom firmware located on a different server, and force-install it? Viable solution?

 

[SifJar]

Oh, okay. There is a similar topic, so I didn't think this forum would take on the same discussion type. But I'm sorry.
Anyway, I've come up with a theory: what if we grabbed the update download link, switch it with a custom firmware located on a different server, and force-install it? Viable solution?

Again, actual hacking methods not "theories". There is a thread for those, and this is not it.

 

[high.kaze]

Oh, okay. There is a similar topic, so I didn't think this forum would take on the same discussion type. But I'm sorry.
Anyway, I've come up with a theory: what if we grabbed the update download link, switch it with a custom firmware located on a different server, and force-install it? Viable solution?

Again, actual hacking methods not "theories". There is a thread for those, and this is not it.

Ah crap, so sorry =.=;

 

[Deleted member 282441]

...Sorry. I'll go there...

 

[TheDreamLord]

I had an idea, it may be stupid, but shoot me, I'm young.
I was thinking, there are many different 3DS browser tricks, (Can't think of one) It let you move zelda around a map, and play a sound when you pressed A or B, would it be possible to insert some bad code inside of a .php or .html? It seems stupid, but I felt I had to say it, considering there are things like that, maybe we can utilize the hard drive inside of the 3DS too, like we used the a and b button?

 

[Luigi2012SM64DS]

I had an idea, it may be stupid, but shoot me, I'm young.
I was thinking, there are many different 3DS browser tricks, (Can't think of one) It let you move zelda around a map, and play a sound when you pressed A or B, would it be possible to insert some bad code inside of a .php or .html? It seems stupid, but I felt I had to say it, considering there are things like that, maybe we can utilize the hard drive inside of the 3DS too, like we used the a and b button?

i think we already know the brower is sandboxed
(btw wth does sandboxed mean)

 

[TheDreamLord]

I had an idea, it may be stupid, but shoot me, I'm young.
I was thinking, there are many different 3DS browser tricks, (Can't think of one) It let you move zelda around a map, and play a sound when you pressed A or B, would it be possible to insert some bad code inside of a .php or .html? It seems stupid, but I felt I had to say it, considering there are things like that, maybe we can utilize the hard drive inside of the 3DS too, like we used the a and b button?

i think we already know the brower is sandboxed
(btw wth does sandboxed mean)

Sandboxed means cut off from the rest. So is it sandboxed? I have a few other ideas then. With the 3DS save backup and restore, could you insert a .elf or whatever into it and use the buffer overflow in OoT to cause something?

 

[SifJar]

No to both ideas. No offence, but I suggest you leave the ideas to people who know what they're doing. Chances are they will think of the possibilities themselves, and they will know whether stuff is likely to work or not. Even better, learn all this stuff yourself, then you will have more of an idea of viable exploit vectors.

 

[FAST6191]

I tend not to note minor changes I make to the first post but this I will. In the opening post I mentioned a nice talk/writeup called 17 mistakes Microsoft made in the (original) xbox security system but the xbox linux wiki was and still is down. However the wayback machine decided to work for me today (it was being temperamental the night I typed this opening post) and drummed up a nice copy of the document which I previously/otherwise could not find (I could only find references to it and the slides made for the 2005 C3 congress presentation although I also found the paper* as a result of today's efforts). I highly recommend reading it if you have an interest in hacking

http://web.archive.org/web/20090212084156/http://xbox-linux.org/wiki/17_Mistakes_Microsoft_Made_in_the_Xbox_Security_System

I grabbed a copy as well so might try to port it back out.

* http://events.ccc.de/congress/2005/fahrplan/attachments/591-paper_xbox.pdf

 

[iNFiNiTY]

I don't see why 'it's sandboxed' is supposed to counter that point.. new Android versions were reported rooted recently with a not-yet disclosed webkit exploit, then a user mode to root seperate exploit. Pretty sure they use the same ideas of sandboxing on there though. The browser is a lot weaker area than savegames that people keep wanting to go back to. Nintendo knows savegames are a problem, and has done a fair bit to try and stop it. So more attractive is the more-and-more-each-day vulnerable webkit engine in the browser.. the Android non-disclosed was not system specific.

I think it was an awful idea.. so many platforms devices using this engine now, it's going to be THE big target for hackers.. and no doubt 3DS/Vita will both be affected at least by some of them, and maybe even their own specific ones. There's some nice ways for testing devices for vulnerabilities with crafted webpages that try to just do everything possible to find a buffer overflow/force a crash. Maybe useful in future. If google can't sandbox Chrome to not allow code execution i'm not sure Sony/Nintendo can.