Thread Status:
Not open for further replies.
  1. Syphurith

    Syphurith Beginner
    Member

    Joined:
    Mar 8, 2013
    Messages:
    641
    Country:
    Switzerland
    I'm very sorry to read the paper almost throughout with my poor ARM hardware knowledge.
    The main clock speed of LPC1768 (Cortex-M3) which mentioned in the paper is 100MHz. However the target CPU in the paper is Marvell Kirkwood 88F6281 (ARM926), which has a maximum main clock speed as 1.2GHz, while there is 88F6282 can archieve 2.0GHz in the family. That sounds good isn't it?
    "Our approach neither requires hardware modifications nor expensive test equipment.", "The first step is to stop the SUT by sending a debug request via JTAG. At this point, the OCD takes control over the CPU." However 3DS's MPCore didn't expose a JTAG. I'm getting disappointed.

    Also about its section 2.1:
    pin-level probes and sockets [ACL89][KF95] - ...
    without contact by exposing the circuit to a particle beam [KF95][VKC+92][ELDF92] - Beam?
    using lasers [PLF03] or to electromagnetic inferences [KF95][VCG+05] - Orz.

    Well.. i recalled something special. (With the f**king cheap STM32 ARM Chips). Chips have a lowest possible working voltage. Lower than that, it would function abnormally. Also, there is a main clock source, or other crystals that generate the clock chips need (even feeded to PLLs lately). When you give it a much slower clock source, that slower than its PLL could adjust, it would have a inproper clock speed, or just function abnormally. I don't know if there are similar faults with the hardware that exploitable. Hope it isn't one including a source as MSP430.

    I'm sorry to disturb you. NTR's debugger has some issues that related to multi-core support. I thought of BKPT or a modified HardFault that could trigger. However he is busy playing with iWatch or anything (doesn't matter), so it is much likely to be a finished one currently. I wouldn't ask you for helping him directly, but if you know some techinics that may solve this.. Yes even 44670 isn't a friend of mine.
    Even i don't like close-sourced ones, i respect what you chose. I would say thanks to your work. And hope you play well with your research.


    Be Free the "No-Fee" or "Freedom". So i don't consider NTR a Free(dom) Solution now. And well the code is within their hands, so open or not is their choice - at least you can not hit one of them with your fist and threaten him to open the code (yep). I would say nothing if one chose close-source. Those are all Karma.
     
    Last edited: Jun 12, 2015
  2. motezazer

    motezazer GBAtemp Maniac
    Member

    Joined:
    Feb 6, 2015
    Messages:
    1,214
    Country:
    France
    Well, clock glitching - voltage glitching - radiation glitching were all tried (not by me, of course). None of them worked.
    And I read that the reset line of the SoC wasn't found, so no reset glitching.
     
    Margen67 and Syphurith like this.
  3. Syphurith

    Syphurith Beginner
    Member

    Joined:
    Mar 8, 2013
    Messages:
    641
    Country:
    Switzerland
    Well thanks for the info. So still a way should be found if it is planned to be done. At least JTAG isn't exposed..
    Maybe could search for those cirterias about this subject (hardware injection/corruption?) on EI or I3E.
    0-T0. 1/2*T0: HALT! ? Failed >> 1/4*T0...

    BTW what about the usefulness of a ARM9 customizable patch loader (from file, no need to re-compile and load it)? (forgive me asking this here)
     
    Margen67 likes this.
  4. motezazer

    motezazer GBAtemp Maniac
    Member

    Joined:
    Feb 6, 2015
    Messages:
    1,214
    Country:
    France
    There is also another way to completly break the security of past, present and future 3DS and New 3DS : factorize a semi-prime number into two prime numbers... :)

    The most useful thing would be to find the SoC reset line. From here -> reset glitching -> fault -> in-bootrom code execution -> dump of bootrom and OTP registers -> you won.

    Could be useful, but please discuss of it in another thread.
     
    Margen67 and Syphurith like this.
  5. Kuifa

    Kuifa Advanced Member
    Newcomer

    Joined:
    Feb 22, 2015
    Messages:
    95
    Country:
    What does SALT mean?
     
    Margen67 likes this.
  6. Psi-hate

    Psi-hate GBATemp's Official Psi-Hater
    Member

    Joined:
    Dec 14, 2014
    Messages:
    1,697
    Country:
    United States
    I think it's the new project name. :O
     
    Margen67 likes this.
  7. Vappy

    Vappy GBAtemp Advanced Maniac
    Member

    Joined:
    May 23, 2012
    Messages:
    1,510
    Country:
    If rxTools continues, or if Pasta devs add emuNAND, there'd be little benefit to trying to crack SALT for sig checks. Might be worth it if they add N3DS keys that are still private at the time, though, and if Gateway haven't already obtained them themselves that's certainly an option for them :P
     
    NaviLoz101 and Margen67 like this.
  8. NaviLoz101

    NaviLoz101 Banned
    Banned

    Joined:
    Mar 12, 2015
    Messages:
    115
    Country:
    United States
    my bad i misspelled all your names i meant to say yls8 x3 he's the one where all the work is coming from have fun ill see ''karl'' when its released and well go from there ;3 btw hey @Huntereb @Reisyukaku its starting gain ;P

    — Posts automatically merged - Please don't double post! —

    @Huntereb @Reisyukaku this is why i like @Vappy at least someone makes good points on this thread :3 also hey vappy long time no chat ^.^/
     
    Vappy likes this.
  9. Kuifa

    Kuifa Advanced Member
    Newcomer

    Joined:
    Feb 22, 2015
    Messages:
    95
    Country:
    I meant, what it stand for.
     
  10. Psi-hate

    Psi-hate GBATemp's Official Psi-Hater
    Member

    Joined:
    Dec 14, 2014
    Messages:
    1,697
    Country:
    United States
    I know now. Maybe they'll say soon? :P
     
  11. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy
    Member

    Joined:
    Nov 18, 2012
    Messages:
    1,970
    Country:
    United States
    It's just something actually less tacky for a name.
     
  12. Psi-hate

    Psi-hate GBATemp's Official Psi-Hater
    Member

    Joined:
    Dec 14, 2014
    Messages:
    1,697
    Country:
    United States
    Super-Awesome-(no)Loader-Time B-)
     
    Margen67 likes this.
  13. WhoAmI?
    This message by WhoAmI? has been removed from public view by Veho, Jun 13, 2015, Reason: No.
    Jun 13, 2015 Show
  14. EmceeKerser
    This message by EmceeKerser has been removed from public view by Veho, Jun 13, 2015, Reason: Back on topic, please.
    Jun 13, 2015 Show
  15. WhoAmI?
    This message by WhoAmI? has been removed from public view by Veho, Jun 13, 2015, Reason: Back on topic, please.
    Jun 13, 2015 Show
  16. EmceeKerser
    This message by EmceeKerser has been removed from public view by Veho, Jun 13, 2015, Reason: Back on topic, please.
    Jun 13, 2015 Show
  17. VinsCool
    This message by VinsCool has been removed from public view by Veho, Jun 13, 2015, Reason: Back on topic, please.
    Jun 13, 2015 Show
  18. WhoAmI?
    This message by WhoAmI? has been removed from public view by Veho, Jun 13, 2015, Reason: Back on topic, please.
    Jun 13, 2015 Show
  19. SLiV3R

    SLiV3R 3DS Friend Code: 0473-9069-2206
    Member

    Joined:
    Jan 9, 2006
    Messages:
    2,283
    Country:
    LOL :)

    Well, well. With rx tools and Pasta I wonder what this will offer?
     
  20. EmceeKerser

    EmceeKerser GBAtemp Maniac
    Member

    Joined:
    Jun 3, 2014
    Messages:
    1,374
    Country:
    Nothing it seems. Unless they get autoboot functionality, then this will be the go to CFW
     
  21. WhoAmI?
    This message by WhoAmI? has been removed from public view by Veho, Jun 13, 2015.
    Jun 13, 2015 Show
  22. WeedZ
    This message by WeedZ has been removed from public view by Veho, Jun 13, 2015, Reason: Back on topic, please.
    Jun 13, 2015 Show
  23. Psi-hate

    Psi-hate GBATemp's Official Psi-Hater
    Member

    Joined:
    Dec 14, 2014
    Messages:
    1,697
    Country:
    United States
    How about we don't post crude things out in the open.. Heh..
     
    Zidapi likes this.
  24. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy
    Member

    Joined:
    Nov 18, 2012
    Messages:
    1,970
    Country:
    United States
    Actual chances of having non-Gateway emuNAND on an N3DS?
     
    kactusss, Gadorach, lPolarisl and 2 others like this.
  25. VinsCool

    VinsCool Cattus Incerta Tacitusque
    Member

    Joined:
    Jan 7, 2014
    Messages:
    13,623
    Country:
    Canada
    THIS IS WHAT I AM LOOKING FOR
     
  26. Kuifa

    Kuifa Advanced Member
    Newcomer

    Joined:
    Feb 22, 2015
    Messages:
    95
    Country:
    Can't you tell us before this thread is close? Or will you tell us once it's released or something?
     
  27. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy
    Member

    Joined:
    Nov 18, 2012
    Messages:
    1,970
    Country:
    United States
     
    gudenau, Kuifa, Gadorach and 8 others like this.
  28. zoogie

    zoogie playing around in the dsiware
    Developer

    Joined:
    Nov 30, 2014
    Messages:
    7,991
    Country:
    Micronesia, Federated States of
    wow, that's actually really clever. :P props
     
    Margen67 likes this.
Loading...

Hide similar threads Similar threads with keywords - Loadcode, KARL3DS, Ninjhax

Thread Status:
Not open for further replies.