Hacking Was the hack patched?

[Rydian]

Lol, your totally right. However, The userland exploit will only land us ROP (thinking back on when the exploit was revealed) access right? Isn't that a bit restrictive in general? You would be at the mercy of the built in system subroutines and calls right?

Yes, but depending on how large the chunk of code you have access to is, you'll still be able to do things because as far as I know the registers and stack will still function normally, so you should be able to call certain lines of code in a certain order to edit some register to be a certain value that's used later in the code to point somewhere you need/want or something of that nature.

I'm still really newbie at assembly in general though, so I don't have any examples. Only modification stuff I do is for game hacks/cheats on the PC.

 

[Thorhian]

Yes, but depending on how large the chunk of code you have access to is, you'll still be able to do things because as far as I know the registers and stack will still function normally, so you should be able to call certain lines of code in a certain order to edit some register to be a certain value that's used later in the code to point somewhere you need/want or something of that nature.

I'm still really newbie at assembly in general though, so I don't have any examples. Only modification stuff I do is for game hacks/cheats on the PC.

Yeah, im not familiar with assembly yet lol. All im saying is that it might take quite a bit of skill to get any sort of "Good" homebrew running if your using ROP. Plus, one thing quite a few people REALLY want besides upgrading their current piracy skills, is a Region Unlock. Im not sure how you would implement that in ROP (but of coures, I am not all knowing lol).

 

[driverdis]

Yeah, im not familiar with assembly yet lol. All im saying is that it might take quite a bit of skill to get any sort of "Good" homebrew running if your using ROP. Plus, one thing quite a few people REALLY want besides upgrading their current piracy skills, is a Region Unlock. Im not sure how you would implement that in ROP (but of coures, I am not all knowing lol).

Kernel mode would be required to have a regionfree hack as it seems the System Menu itself would need to be patched to prevent it from not showing out of region games when they are inserted into the game cart slot.

Every 3DS title regardless of location (NAND/SD Card/Game Card) is subject to region lockout scrutiny by the Home Menu. And the home menu treats 'out-of-region' titles by simply refusing to show them on the home menu. No messages are shown on the home menu to notify the user, the title is simply ignored.

having said this, if someone gets this far enough to make a working regionfree hack, maybe, they could unblacklist flashcarts also. I would love my AK2i to work again.

 

[Rydian]

Kernel mode would be required to have a regionfree hack as it seems the System Menu itself would need to be patched to prevent it from not showing out of region games when they are inserted into the game cart slot.



having said this, if someone gets this far enough to make a working regionfree hack, maybe, they could unblacklist flashcarts also. I would love my AK2i to work again.

Could even use the cyclo and such if the whitelist check was removed.

 

[iNFiNiTY]

To me it seems as if they just informed Nintendo of the kernel exploits they had considering those exact exploits were fixed and NOT the save game exploit. Like Nintendo coincidentally found the exact known exploits after 3dbrew found them? This is the company that could not patch exploits correctly on the Wii now they are apparently capable enough to do this. They never patched anything of that kind on the 3DS before and they also put it IN the patch notes - why do that unless you know already the exploits are known by others?

Anyway these kernel exploits alone are useless you need an exploit to get to usermode to be able to then go to kernel (basically usermode only means homebrew only and kernel exploit on top of that means possibility of piracy but im guessing its been said a hundred times now).

Don't bother analyzing anything the devs say, it's stupid.. of course any public dev doing this will say 'no piracy'.. who knows if its the truth because nobody wants to be blatantly pro piracy in that position. Just watch 3dbrew and see the progress continue.

And also why the worry about if they patched or not anyway.. anything released will be patched so either you intend to stick on v4. for homebrew/more or update.. updates likely change enough to make any piracy method useless. So you'll have to choose to update sooner or later, best to stick on v4. because at least its known to be hacked and clearly possible.

 

[totalnoob617]

Neimod stated he is not going to release it, so why is everyone so hopeful?
hes not going to change his mind due to he would have a lawsuit on his hands

he couldnt get sued , if it just were to appear anon on the web, there is always plausible deniability , and there were certain gatekeeprs in the ps3 scene who had no plans on releasing things that eventually got out to the public due to internal scene politics if you wil

 

[Rydian]

To me it seems as if they just informed Nintendo of the kernel exploits they had considering those exact exploits were fixed and NOT the save game exploit. Like Nintendo coincidentally found the exact known exploits after 3dbrew found them?

Yes. This shit happens all the time. Look at the PSP with HBL, and the Vita with VHBL. As soon as the company is alerted which titles have a problem, they can run over them in a much more fine and personal manner. In addition when it comes to software issues, bugs are fixed all the time. If one of the bugs fixed happens to close something needed in an exploit, plus for them. You'll see things on the Wii that went multiple system menu updates without being patched even with the software being out there.

Hell, look at HBC's latest update for the Wii U. The Wii U had a Wii software bug fixed that was apparently fixed, but Nintendo just never release a build/update that had that particular fix for the Wii. When it came time for the Wii U's vWii mode, that fix was in their latest build at the time I'd guess.

http://hackmii.com/2012/12/hbc-release-for-a-new-wii-u/

This is the company that could not patch exploits correctly on the Wii now they are apparently capable enough to do this. They never patched anything of that kind on the 3DS before and they also put it IN the patch notes - why do that unless you know already the exploits are known by others?

Yes, they did patch bugs in the 3DS before. It's just people either didn't care since it didn't relate to hacks, or they were happy if the bugs fixed actually fixed some of the issues they were having. Do remember that a lot of the modern hacks evolve from oversights that would normally lead to an all-out crash, and people just hijacked the crash to do something useful for them. There's even an article on this shit for the PSP.

http://wololo.net/hacking-portal/

Don't bother analyzing anything the devs say, it's stupid.. of course any public dev doing this will say 'no piracy'.. who knows if its the truth because nobody wants to be blatantly pro piracy in that position. Just watch 3dbrew and see the progress continue.

They don't want their tools used for piracy... and that's apparently been their stance before as well. They never made any sort of backup loader for the Wii, PS3, or anything else. In fact, they specifically edited out some important info in the PS3 hack they released in order to stop backup loading, and people needed to make those changes in the source before backups would work.
http://www.fyygame.com/news/FAQ-of-PS3-jailbreak
(Funny thing, that's actually a copy of the guide that I wrote back in the day, just mine broke in the forum mode.)

These guys tend to do the main hacking, then other people come in after them, using the tools they built, and make backup loaders.




You might want to read up on your history before opening your mouth, man. You're much better spoken than most newbies people complain about in here, but your lack of info and respect is still on the newbie level.

 

[iNFiNiTY]

It doesn't happen all the time though? Your example is Sony patching things that are publicly known, i don't understand that -when was Nintendo alerted? I'm saying is you probably don't just stumble upon and find these exact exploits unless you've been informed where to look. Bugs fixed, sure.. those would have likely been from feedback. But even if they had coincidentally found MULTIPLE exploits after hackers already had those specific ones figured - why would you put in patch notes a big red THIS IS A KERNEL LEVEL VULNERABILITY notice? This is the kind of thing you definitely would put under some generic 'various security fixes' message, no hint to anyone to go looking for the exploits then. That's what Sony often does too, as said on wololo about the latest Vita update.

I mean they probably follow 3dbrew and can be tipped off by progress on there that there's an exploit. But that doesn't narrow it down at all, and they apparently ignored looking for a savegame exploit that yellows8 directly talks about. As i said i think they informed Nintendo considering they have everything working on the v4. update anyway. It's no loss at this point.

And i don't know who you consider to be 'they' in this, but i'm saying they (as in any public homebrew attempt and the people involved) are never going to reveal their hand and say why they withhold certain things. The PS3 is a bad example considering leaked information from the 'homebrew' people led to the development of the True Blue dongle that's solely for piracy. It just shows people are not as homebrew-only as they seem. Speculation is pointless... they repeatedly say 'not releasing these exploits' but also say to stick on the old firmware? There is a plan probably and it doesn't need to be public.

As if this makes a difference anyway, Nintendo not going to ignore a homebrew capable usermode exploit in any circumstance - it will be patched. Anyway there's nothing morally wrong with discovering exploits on other platforms or in software that could potentially cause a lot of problems for a lot of people (far more than this) - but it IS standard among the more morally upstanding hackers to inform the developer of the potentially damaging exploit in advance so it can be patched.

 

[Rydian]

It doesn't happen all the time though? Your example is Sony patching things that are publicly known, i don't understand that -when was Nintendo alerted?

Here's how the process goes for that example.

1 - The people at HBL find a game exploit and make it into an HBL launcher.
2 - They announce which game it is.
3 - People usually have like 24 hours or something to buy the game from PSN.
4 - Sony, knowing which game it is, pulls it from the shop to check for exploits and patch it, so that once they pull it, nobody else can get that hack.
5 - Then the HBL people release the actual hack.

If they released the hack first, Sony would pull and patch the game far too quickly for any significant number of people to actually use the hack. By announcing the game beforehand but not releasing the hack or any info, they have a bit of wiggle room as it takes Sony relatively longer to find and fix the bug in the game.

In the 3DS case, only some of the bugs were fixed. Some of the internal bugs were fixed on the system as a whole (every piece of internal software was updated according to 3Dbrew), this closed off the kernel-exploit that they were using, but not the save exploit (and ROP IIRC) they were using to run unsigned code on the 3DS in the first place in user-mode. In addition, the hackers said that there were other exploits they had that were not fixed.

If it was purposeful with knowledge of the situation, then Nintendo would have blocked the initial hacks that let people in in the first place too, like they usually do with the Wii and such. Twilight hack, smash bros exploit, etc. were fixed so people couldn't run any code in the first place. In addition Nintendo added specific checks for title IDs used by the homebrew channel and such to remove them, to further stop people from launching any sort of unsigned code.

And, while it's only one example for the DSi, the DSi had a save game exploit from an eshop game, EA's Sudoku, and it was pulled and patched after only ~200 people had exploited it. And then the DSi software was updated to specifically block copying in a hacked save for that particular game...
http://hackmii.com/2011/08/final-dsiwarehax/

So my point is that Nintendo is quite aware of save game exploits, and they can and will patch them when they know about them. But they didn't patch this one, even though the 3DS's save system has shown itself updateable (new encryption for 3DS game saves for example), and games themselves can get updates, even cart-based games like Mario Kart 3DS (got an update to fix some bugs with certain tracks). They didn't patch it because they didn't know anything about it.

Whew, hopefully that covers everything!

I'm saying is you probably don't just stumble upon and find these exact exploits unless you've been informed where to look.

You don't need to try to fix an exploit to close a hole. You just need to fix some bugs. Video game software can be buggy too, like I pointed out, and It's in Nintendo's best interest if their games/systems aren't locking up, freezing, crashing, and generally pissing off the customer. Of course, if in the normal bug fix process they do find some big thing like this... all the better for them as far as they're concerned.

As i said i think they informed Nintendo considering they have everything working on the v4. update anyway. It's no loss at this point.

No, in fact the team tends to go out of their way to hide the exploit used from Nintendo via obfuscation, in order to make it harder for Nintendo to find the actual bug and fix it.
http://hackmii.com/2012/12/hbc-release-for-a-new-wii-u/

Despite all of the anti-reverse-engineering tricks we put into our last installment of the HackMii Installer, Nintendo managed to find the IOS exploit we used to install The Homebrew Channel and fix it sometime within the last two years.

And i don't know who you consider to be 'they' in this

Team Twiizers/fail0verflow and the individuals working on the 3DS, who are members of each others groups and/or at least collaborate depending on the association.

 

[iNFiNiTY]

I'm not sure what you are describing there is the nature of the kernel exploits considering they said you need to get usermode exploit first to even use the kernel exploit... but with how wide the firmware is and how many different systems are in place it's impossible to speculate on what it is.

I don't want to get into detail about Nintendo's competence with security.. i'm just looking at the situation. 3dbrewers find a multiple number of exploits then Nintendo happens to find the same exploits in some close timeframe after and no others, then go onto say in the patch notes they did so.. ignoring even the coincidence, why would they do that and announce the fixes? They have no obligation to do that..

Both your examples are simply a quick reaction from Sony and Nintendo, how is is relevant? There was no public information for them to react to, unless they decided 3dbrew got a bit scary looking lately and just went looking randomly for exploits. But then failed to do a savegame fix thats clearly hinted at on there, despite Nintendo being well aware of savegames according to you.

They probably updated the software system wide so none of it is able to be used in any way for more hacks found on v4 software.. if anything i'm just more convinced they were told, by them doing that. The whole update seems to be a reaction because they know v4. is now wide open if the information is released. They even appeared to rush it out too quickly and had to do the second v5. update.

I don't know if the same people are working on it as the Wii but the strategies would be different considering the Wii was entirely fucked up security wise from the start. Maybe there is reasons we don't know why they would tell Nintendo some of the exploits, maybe it has a benefit. For anyone staying on the older fw it's no big deal anyway.

Quoting 3dbrew
"NATIVE_FIRM versions prior to 5.0.0-11 can't access the logo data in applications built since 5.0.0-11. Therefore regardless of gamecard system-updates, applications built since 5.0.0-11 can only be run with the 5.0.0-11+ NATIVE_FIRM"

They sure seem concerned about cutting off any connection to the old firmware all of a sudden don't they?

 

[FAST6191]

Do we actually have any hard info on the kernel vs userland differences? The GBA and DS had a whole load of BIOS calls and coprocessors for various things but what little I have seen thus far points to maybe playing fun and games and looking at other locked hardware it seems companies have upped the ante a bit as well (though I am not saying anything that should be read into at this point looking at the likes of the 360 it had encrypted memory which kills a lot of coding techniques like dynamic recompilation, used extensively in modern emulators built for speed, and ASM stone dead).

Re: Nintendo's security people. I would have thought that after the shambles that was the Wii and DS someone could have been convinced to unarse some money for a security engineer/team, doubly so if they are set to be making more than the token online effort (granted systems/hardware security and making sure you do not have an SQL injection are not the same thing).

Re: devs and piracy.... some of the PSP and wii people sure and given these guys seem tied to the latter then maybe. Other times it gets very odd (looking back at the likes of the neoflash and golden sun team mainly).

As for the matter at large their work, their exploit and so their choice; soldering gear, oscilloscopes, logic analysers, copious information on security principles is all available for not a great deal of money (I reckon if done right no more expensive than maintaining a nice power tool/back yard machine shop, track car or half nice games/video/modelling rig and thus anybody that feels like having a go is invited to try their hand at it.

 

[Rydian]

i'm just looking at the situation. 3dbrewers find a multiple number of exploits then Nintendo happens to find the same exploits in some close timeframe after

It was over four months later (I'm not sure on the exact date they first hacked it, but I did see a notice about the hack back in December). In the security world, that's a long-ass time. Compare it to updates done purposefully to prevent piracy, which are often done within days, sometimes 24 hours if it's somebody like Sony.

And again, they notably didn't do what they would normally do to block hacking of the system by stopping code from getting in in the first place.

and no others, then go onto say in the patch notes they did so.. ignoring even the coincidence, why would they do that and announce the fixes? They have no obligation to do that..

Nintendo didn't mention it in the changelogs for 5.x where it was fixed.
http://www.nintendo.com/consumer/systems/3ds/en_na/system_update.jsp
3D brew, however, put out a notice not to update so that other hackers could keep kernel-mode access on their personal 3DS units in order to continue their work.

I'm going to stop responding there, because all of your assumptions are based on wrong info and a lack of history knowledge so all my posts would just be more of this, "no that's not what they said, yes that does actually happen", etc.

 

[Jayro]

HBC does the functions of DVDX now though.

But still, 4.2 and 4.3 offer nothing but exploit patches, and give nothing new to the system.