Hacking the 3ds will update (better for hackers)

[Sicklyboy]

Think about it, would you really let just anyone mess around with files that control how charging and power works?

Don't quite think it works this way. I could make a 4.6v 900mA charger cradle (tape wires to the contacts, more like) and charge the battery outside of the 3DS. When the power is off, it isn't running code to charge the battery. a 4.6v current is going through the contacts of the DS into the battery, and a small amount of that is used to power the charging LED. (honestly, 5v USB lead would likely work just fine. Also, just noticed the 3DS's charger outputs less than the DS Lite's)

 

[Slynk]

This discussion is weird... stop speculating and wait, we won't know what will (or won't) be released with the update. Two things ARE certain to be unlocked: System Transfer and the Internet Browser. Personally that's what I'm waiting for... and perhaps they'll add new firmware that blocks flashcarts. Personally I don't want them too, but there would be those that debate that point.

And the e-shop, can't forget that.

 

[ccfreak2k]

Think about it, would you really let just anyone mess around with files that control how charging and power works?

Don't quite think it works this way. I could make a 4.6v 900mA charger cradle (tape wires to the contacts, more like) and charge the battery outside of the 3DS. When the power is off, it isn't running code to charge the battery. a 4.6v current is going through the contacts of the DS into the battery, and a small amount of that is used to power the charging LED. (honestly, 5v USB lead would likely work just fine. Also, just noticed the 3DS's charger outputs less than the DS Lite's)

It wouldn't work fine. The PAIC30108 chip is likely the charge controller, which means you'd be charging the battery wrong by doing that. There's some circuitry in the battery pack for control and failsafe functions, what with Lithium ion packs being quite dangerous by themselves, but there's still special considerations for charging it that charge chips can take care of. Your point is actually correct, though; the CPUs have no involvement in battery charging, and in fact the only real software interaction is probably battery level/charging status,

 

[stinkoman]

Are you stupid? It never, EVER works this way.
EVER.

Usually when someone has this type of mentality, its later that their proven wrong. Keep an open mind, who knows which firmware version it'll get hacked at. No point in arguing.

He's implying that them updating is immediately going to give us NAND access. That's way more than likely not the case. WAYYYYY more.

 

[iceberg303]

It may not make things easier but if the update downloads to the SD card before installing it will be a matter of disassembly to learn how updates work. That then may allow for custom firmware. It may also not allow for custom firmware depending on a large number of factors. The first thing that needs to happen is to obtain an untainted copy of the new firmware.

In case the firmware does not download to SD I highly suggest you set up a packet logger to capture it, and have your favorite ARM debugger handy.

Knowing what the fw update does will be invaluable.

 

[ChrisRX]

Think about it, would you really let just anyone mess around with files that control how charging and power works?

Don't quite think it works this way. I could make a 4.6v 900mA charger cradle (tape wires to the contacts, more like) and charge the battery outside of the 3DS. When the power is off, it isn't running code to charge the battery. a 4.6v current is going through the contacts of the DS into the battery, and a small amount of that is used to power the charging LED. (honestly, 5v USB lead would likely work just fine. Also, just noticed the 3DS's charger outputs less than the DS Lite's)

But you need either software or hardware running to cut off the battery charging when it's full, along with all other manner of algorithms to charge safely. I don't know if they use hardware or software to do that so it may well be that it's included in the software. Charging the battery by just connecting a constant voltage(I think it's li-ion) will overcharge the battery and either reduce the life of the battery or cause it to catch fire and/or explode.

 

[ccfreak2k]

It may not make things easier but if the update downloads to the SD card before installing it will be a matter of disassembly to learn how updates work. That then may allow for custom firmware. It may also not allow for custom firmware depending on a large number of factors. The first thing that needs to happen is to obtain an untainted copy of the new firmware.

In case the firmware does not download to SD I highly suggest you set up a packet logger to capture it, and have your favorite ARM debugger handy.

Knowing what the fw update does will be invaluable.

Having the update download to the SD card isn't the greatest idea. What about users that don't have the SD card plugged in? Or, even better, why would you want to put such a thing outside the "secure zone" of encrypted flash? How about, if an attacker manages to create an executable "system update" with a virus payload, which storage area do you think it would be designed to run from? Unless Nintendo has plans to distribute updates via SD card, disabling that ability is their best course of action.

As for packet logging: I can virtually guarantee you that they use TLS encryption between the 3DS and the update server, so you'd have to crack at least that session to get the binary (apparently there was at least one attack). If they were smart, the binary itself would also be encrypted or at least signed, the latter case allowing for disassembly at least.

 

[Fear Zoa]

This is how it goes....updates patch old exploits...and most of the time they also inadvertently create new ones...this update isn't going to do much since we (as far as the scene knows) don't have much to begin with

That and I see pretty much everyone doing this update....its not like a wii update that ONLY prevent piracy...it actually adds allot of stuff...stuff we paid for..

 

[iceberg303]

Having the update download to the SD card isn't the greatest idea. What about users that don't have the SD card plugged in? Or, even better, why would you want to put such a thing outside the "secure zone" of encrypted flash? How about, if an attacker manages to create an executable "system update" with a virus payload, which storage area do you think it would be designed to run from? Unless Nintendo has plans to distribute updates via SD card, disabling that ability is their best course of action.

As for packet logging: I can virtually guarantee you that they use TLS encryption between the 3DS and the update server, so you'd have to crack at least that session to get the binary (apparently there was at least one attack). If they were smart, the binary itself would also be encrypted or at least signed, the latter case allowing for disassembly at least.

well there is no doubt there will be some kind of cipher or signing.

still you want the base to start from

 

[RaiKitsun]

Knowing what things the patch changes could reveal previously unknown flaws, if it is broken, fix it, if it was fixed, it was previously broken and potentially exploitable.

 

[ccfreak2k]

Knowing what things the patch changes could reveal previously unknown flaws, if it is broken, fix it, if it was fixed, it was previously broken and potentially exploitable.

But it wouldn't help anyone who already updated. The most it would yield would be insight into Nintendo's software design, or at least their methodology for fixing things.

 

[Slynk]

Knowing what things the patch changes could reveal previously unknown flaws, if it is broken, fix it, if it was fixed, it was previously broken and potentially exploitable.

But it wouldn't help anyone who already updated. The most it would yield would be insight into Nintendo's software design, or at least their methodology for fixing things.

You're not thinking about it from all angles. XD

Sure, people who already updated would not benefit, BUT it would give hackers a foothold on the system. From there they can get a more in depth look at the system and find an unpatched exploit.

 

[silversonic1]

One thing you can't do is compare the 3DS's security to the Wii's. For starters, unlike the Wii, the 3DS isn't disc based and saves to the game card(aside from the SpotPass stuff). In other words, less ways to exploit flaws. However, that doesn't mean that we should give up. Download play and even the firmware update system could be exploited somehow. Even the SD could work in our favor. Just give it time and talent. I'm sure we'll see some real progress soon. Maybe DSi mode will be unlocked first.

 

[Ben_j]

Yet another "I don't know shit about hacking but couldn't we X to hack the 3DS ?" thread...

 

[Deleted User]

Um, troll much? Well...

 

[dragonhan]

Yet another "I don't know shit about hacking but couldn't we X to hack the 3DS ?" thread...

Another "i don't know if it can be done this way?.....so i'm just gonna say is impossible"
i'm giving a possibility here so go away