What stops us from 100% custom Firmware?

Discussion in '3DS - Flashcards & Custom Firmwares' started by xdarkmario, May 23, 2015.

  1. xdarkmario
    OP

    xdarkmario Philosopher

    Member
    1,331
    309
    Dec 30, 2010
    United States
    Mushroom Kingdom
    I am wondering, now we have came so far in the 3ds hacking community with gateway, homebrew, apps and emulators. and now we even have some semi custom firmwares via exploits. we even have access to the SYSnand and the ability to install there now.
    but i was wondering what stops us from becoming the full hacked 3ds we want to be? a custom firmware installed to the SYSnand with no security/signature checks. Just boot up the 3ds and your done, like a psp.
    now i dont know much about 3ds coding/devs but i would assume its because of the inability to forge these files?

    ticket.db
    certs.db
    title.db
    import.db

    or perhaps because even if we do, a simple update could patch the whole thing so that would keep up limited to one version?
    im just swinging in the dark here.
    some Pro information would be appreciated.
     
    Kippykip, Jaggent360 and Margen67 like this.


  2. Kionea

    Kionea Advanced Member

    Newcomer
    73
    12
    Jan 5, 2014
    United States
    I've been wondering this too. Someone correct me if I'm wrong but I think it's something similar to what halted the PS3 scene for so long. Encryption on the system was so strong it wasn't cracked until someone leaked the keys.
     
    Margen67 likes this.
  3. coolfuze

    coolfuze GBAtemp Fan

    Member
    367
    174
    Jun 25, 2013
    Some noob information, it's all about those encryption keys. If we had the keys that nintendo uses to encrypt and decrypt the sysnand I believe we could literally do a 100% edit on the 3DS. I think my statement is at least half right. Gotta wait for that pro answer.
     
    Margen67 likes this.
  4. VinsCool

    VinsCool Comfortably Numb

    Member
    GBAtemp Patron
    VinsCool is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,854
    28,348
    Jan 7, 2014
    Canada
    Another World
    That's what it is missing. 3ds common key. without it, impossible to sign critical system binaries, thus the 3ds bricks if anything in nand is modified whilst not signed.
    I mean for 3ds firmware modules.
     
    billzo, Margen67 and TotalInsanity4 like this.
  5. Luckkill4u

    Luckkill4u 4 guys in a car ( ͡° ͜ʖ ͡°)

    Member
    997
    527
    Jul 13, 2008
    Canada
    Insomnia
    Well there are a few possible reasons. There are no hackers that want piracy on the 3ds or hackers dont want to release anything. Maybe a temp CFW is better because touching sysNAND could be dangerous where having a emulated NAND your protected. Maybe there isnt really much of a bonus of having a full cfw.

    Those are my opinions
     
  6. coolfuze

    coolfuze GBAtemp Fan

    Member
    367
    174
    Jun 25, 2013
    Even the PS3 isn't fully open yet afaik, people still need either systems on 3.55 or soldering skills and the right mods, there is no softmod available for it that runs from the latest firmware. I'm hoping the 3DS scene comes close to the psp scene of old.
     
    cvskid and Margen67 like this.
  7. Kafke

    Kafke GBAtemp Fan

    Member
    415
    144
    Jan 2, 2009
    United States
    AFAIK, no access to exploiting the boot loader means that we need the FW to be properly signed. We can't properly sign the FW because we don't have the keys. So instead we use an exploit to run code, which then reboots with patches, or alternatively running the system off SD instead, where we can modify it as we please.

    But no access to the boot loader or keys means we can't touch the startup system.
     
  8. xdarkmario
    OP

    xdarkmario Philosopher

    Member
    1,331
    309
    Dec 30, 2010
    United States
    Mushroom Kingdom
    But don't we already have the 7x keys? I think?
     
    Margen67 likes this.
  9. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    12,092
    5,166
    Mar 17, 2010
    Norway
    Alola
    We can't, because the 3DS boot ROM verifies the firmware so if it isn't signed it won't boot. Only Nintendo has these keys, they're not even on the 3DS. It's kind of like how newer wiis don't work with bootmii, because they don't have a usable exploit in boot1. Such an exploit could be found in the 3DS boot ROM too, but it's a whole lot more secure than the Wii was and we can't even read the boot rom.
     
    ll0rT likes this.
  10. Kionea

    Kionea Advanced Member

    Newcomer
    73
    12
    Jan 5, 2014
    United States
    It would be wonderful if we could get to the level of the Wii. (Or the old ones at least)
     
    Margen67 likes this.
  11. Kafke

    Kafke GBAtemp Fan

    Member
    415
    144
    Jan 2, 2009
    United States

    AFAIK we have decryption keys for games. Still no way to properly sign the stuff, which is why we can't create legit CIAs (we can only rip them). This doesn't really effect the FW at all, since it's different keys and such needed entirely.

    The issue is getting properly signed (and encrypted) code to run as FW. We can't do this at the moment because we can't sign our custom code, and we can't modify the boot loader to accept it regardless.
     
    Margen67 likes this.
  12. coolfuze

    coolfuze GBAtemp Fan

    Member
    367
    174
    Jun 25, 2013
    I heard something as well regarding that, not sure why we didn't at least have a cfw on 7.x before pasta, maybe palatines work wasn't open source and if it was maybe no one was willing to improve upon it.
     
  13. Kionea

    Kionea Advanced Member

    Newcomer
    73
    12
    Jan 5, 2014
    United States
    As brute forcing the encryption isn't exactly viable, what's the next best option? Is it trying to find some way to look at the boot ROM? Or will KARL open up new possiblities when (if) it's released?
     
    Margen67 likes this.
  14. Kafke

    Kafke GBAtemp Fan

    Member
    415
    144
    Jan 2, 2009
    United States

    Well 'we' didn't, but there's certainly people who were using the keys to have a CFW on newer than 7.X. Gateway in particular I think was using them for their card. And even "CFWs" aren't modifying the booted FW (which is a different issue entirely).
     
    Margen67 likes this.
  15. coolfuze

    coolfuze GBAtemp Fan

    Member
    367
    174
    Jun 25, 2013
    The best option might have been the decapping fund lol. If someone could code software that allows the pc's to combine processing power and bruteforce it it might be doable, sorta like seti@home for the 3DS :P Probably not possible though but I can dream.
     
  16. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy

    Member
    1,964
    3,238
    Nov 18, 2012
    United States
    Las Vegas
    Like Kafke said, this isn't a keys issue, although having all the keys would certainly be nice. This is an issue of not being able to sign content, and signing cannot be reversed or done even with a complete bootrom dump as far as I know. For now the only way around this issue of signing is to exploit ARM9 and modify the firmware loaded into RAM.
     
  17. Kakkoii

    Kakkoii Old fart

    Member
    621
    282
    Sep 14, 2007
    Canada
    It's unfortunate there were so many a-holes trying to prevent this from happening in the decapping thread that was going on last year. It's like, if it doesn't affect you, just f**k off, why ruin other people's enjoyment?
     
    Margen67 likes this.
  18. daicon

    daicon GBAtemp Regular

    Member
    290
    82
    Feb 16, 2014
    United States
    correct me if I'm wrong, best bet at this point would be investigating actual hardware modifications to circumvent checks at boot. thats how it sounds to me atleast?
     
  19. Kionea

    Kionea Advanced Member

    Newcomer
    73
    12
    Jan 5, 2014
    United States
    Like the modchips of old? I don't think I've messed with those since the PS2. That would actually be kinda fun, hardmodding something again.
     
    atkfromabove and Margen67 like this.
  20. Kafke

    Kafke GBAtemp Fan

    Member
    415
    144
    Jan 2, 2009
    United States

    That's called a hard mod, and has been done for every console ever, except for the newest ones. Most people dislike the idea of having to physically modify their hardware. And quite often there's some sort of software patch that causes problems with the mod.

    The current 3DS hard mod simply allows backup/restore of the sysNand without needing a software exploit. So you can update to sysnand 9.7 and restore back to 9.2 whenever you'd like. No getting around the boot loader yet. But I'm guessing that's because we already have software exploits and people don't care to mess around with hardware stuff.
     
    Margen67 likes this.