Homebrew [33c3] Console Hacking 2016 (3DS/WiiU) talk Dec 27-30: smea, derrek, nedwill, naehrwert

[Mrrraou]

What are you talking about we can sign our own firmware. And Nintendo can't fix it.

ok that's cool but that's not gonna be implemented for a long time plus nintendo can't fix k9lh either

 

[einhuman197]

... but in order to do that, we need to dump boot9 first.

We know how to dump it. Then let's write a boot9helper. It shouldn't be too difficult.

 

[pandavova]

We know how to dump it. Then let's write a boot9helper. It shouldn't be too difficult.

Than do it

 

[Psi-hate]

We only know what methods cause bootrom exceptions, not the methods that don't. The Vector glitch is the way to go, other ways are just too hard/unpractical.. at least for first tries. Still, someone has to be able to exploit it.

 

[metroid maniac]

It shouldn't be too difficult.

Famous last words.

Just remember that the bootrom dumping exploit has been known since forever yet nobody has done it so far because of how precise the timing must be.

 

[Psi-hate]

Also, we had the ntr card to get bootrom a while ago but we never actually knew where to go with it. With a sky3ds+, you can determine exactly when slot1 is inited, but that's about as much info you're gonna get to get started.

 

[jDSX]

ok that's cool but that's not gonna be implemented for a long time plus nintendo can't fix k9lh either

I am talking about fasthax/soundhax this


"If you haven't watched the stream already for 33c3, MANY MANY things were announced regarding the WiiU, 3DS, and 2DS!

For the 3DS:

• kernel mode access
• Boot9 ROM dumped
• Boot11 ROM dumped
• Ability to sign custom firmware on 2DS and N3DS

REMINDER: If you're on 11.x (or don't have A9LH already) - don't upgrade!!!!

The implementation of soundhax will (likely, based on the presentation) literally be a mpeg file you put on your SD card and play -> arbitrary code execution aka Primary hack. This is going to be a nice late Christmas present for many many people ..."

 

[Joom]

What are you talking about we can sign our own firmware. And Nintendo can't fix it.

Who's "we"? You and I can't, which was my point.

What's are you talking about we have the dump and that sound hax comparison was a joke.

Where is the dump? Because all I've seen are a couple hashes.

 

[einhuman197]

Than do it

No with my skills I'll program a new gateway launcher i mean bricker. I hope the guys that did A9lh this year will do bootromhax next year. Dark samus, Aurora wright and the other cool people!

 

[Salamencizer]

no, i mean people who really care.
fuck, it's fucking boring. reversing this shit is awfully boring and long. even derrek is bored by it as you can see by what he says in the talk lol

Was reading through, and would like to quote you on this
Hacking involves stuff which is really boring and long, and requires you to do stuff over and over again... If you can't do it than don't try to hack stuff lol

 

[einhuman197]

Just remember that the bootrom dumping exploit has been known since forever yet nobody has done it so far because of how precise the timing must be.

Well, the Exploit was available on 3dsbrew since September I guess. And nobody real noticed it. It's like mset back in 2012.

 

[Joom]

Well, the Exploit was available on 3dsbrew since September I guess. And nobody real noticed. It's like mset back in 2012.

There's also UnbanMii, which has also been covered by 3dbrew (or at least the steps for creating it have been) for quite a long time, but nobody has publicly implemented it.

 

[Mrrraou]

Was reading through, and would like to quote you on this
Hacking involves stuff which is really boring and long, and requires you to do stuff over and over again... If you can't do it than don't try to hack stuff lol

lol no comment. i know what it is, and i know what is definitely boring. wii u is not fun in any way. 3ds is fun.

 

[mehmeh11]

so, I'm in o3ds 11.0, no CFW, none of the 4 dsiwarehax games, will I be able to do anything?

 

[tbclandot]

Here's another noob question I bricked my old 3DS awhile back trying to install cfw... would any of the exploits revealed today allow me to revive it or harmod is still the only way?

 

[Joom]

Here's another noob question I bricked my old 3DS awhile trying to install cfw... would any of the exploits revealed today allow me to revive it or harmod is still the only way?

You'll still have to hardmod it, and even that would be useless if you don't have a backup prior to bricking it.

 

[einhuman197]

There's also UnbanMii, which has also been covered by 3dbrew (or at least the steps for creating it have been) for quite a long time, but nobody has publicly implemented it.

Exactly, but this is something big and "simple" to program, many Guys are interested in.

 

[Gizametalman]

Man oh man... Can the 3DS really be more open than it already is?

 

[Joom]

Exactly, but this is something big and "simple" to program, many Guys are interested in.

So is UnbanMii. All it requires is implementing a simple fopen into an ARM9 binary that loads files into the ITCM of a banned console. This %100 unbanns a console at the cost of another, and also causes incorrect update titles to be downloaded during sleep if you use the CTCert from a mismatched consoles. All things considered though, it's much easier to implement than Sighax or any of the other stuff announced today. This scene just has a stupidly small handful of developers that everyone else relies on.

 

[tbclandot]

You'll still have to hardmod it, and even that would be useless if you don't have a backup prior to bricking it.

Well thanks man lesson learned I have a souvenir broken old 3DS luckily I'll be extremely careful with my new 3DS XL running 11.2.