Homebrew [33c3] Console Hacking 2016 (3DS/WiiU) talk Dec 27-30: smea, derrek, nedwill, naehrwert

What will Santa Hax bring us this year?

  • Slowhax (arm11 kernelhax)

    Votes: 184 32.1%

  • Soundhax (free primary userland sploit)

    Votes: 183 31.9%

  • Bootrom dump method !!

    Votes: 166 28.9%

  • Something more awesome than the above.

    Votes: 156 27.2%

  • Something nice for the WiiU

    Votes: 178 31.0%

  • Nothing. Ninty will banhammer: 001-1337 "Your use of this speech has been restricted by Nintendo"

    Votes: 80 13.9%

  • This checkbox pleases me

    Votes: 152 26.5%

  • ( ͡° ͜ʖ ͡°)

    Votes: 92 16.0%
  • Total voters
    574
  • Poll closed .
hacksn5s4

hacksn5s4

Banned!
Banned
Level 7
Joined
Aug 12, 2015
Messages
4,332
Trophies
0
XP
1,322
Country
is sound hax kinda unpatchable because they would have to change how it plays the music to fix it and have they ever updated the sound app i don't think so i also don't think they update system titles that are on the home menu with firmware updates mii plaza only gets updated in the app
 
Last edited by hacksn5s4,
DavidRO99

DavidRO99

Average Ryzen user.
Member
Level 6
Joined
Jun 11, 2016
Messages
1,018
Trophies
0
Age
26
Location
your back-door
XP
948
Country
Korea, North
hacksn5s4 said:
is sound hax kinda unpatchable because they would have to change how it plays the music to fix it and have they ever updated the sound app i don't think so
Click to expand...
.... You that they can just update it right? Even if they didnt update it in the past they still can, like they own the damn thing
 
  • Like
Reactions: gnmmarechal and Alex1234
gkoelho

gkoelho

Well-Known Member
Member
Level 3
Joined
Apr 16, 2015
Messages
558
Trophies
0
Age
31
XP
346
Country
Brazil
metroid maniac said:
No, nothing has changed. It has always been possible ever since the arm9 was pwned. Using sighax is no different to using a9lh, and it opens up no new possibilities. The only difference is that it's easier to install because it does not rely on the OTP hash for encrypting a arm9loader key.
Click to expand...

Doesnt bootrom has more access to hardware than arm9? I remember a flow chart of the 3ds architeture that showed something alike it.

Edit: Also arm9 only allow to patch code as its loaded and Sighax can have entire new code and calls permanently.
 
Last edited by gkoelho,
M

metroid maniac

An idiot with an opinion
Member
Level 11
Joined
May 16, 2009
Messages
2,089
Trophies
2
XP
2,682
Country
gkoelho said:
Doesnt bootrom has more access to hardware than arm9? I remember a flow chart of the 3ds architeture that showed something alike it.
Click to expand...

Eh sort of, but only to the extent that you can dump the bootrom and OTP as well. It's hard to go much more into detail without tediously correcting all the terminology.
 
hacksn5s4

hacksn5s4

Banned!
Banned
Level 7
Joined
Aug 12, 2015
Messages
4,332
Trophies
0
XP
1,322
Country
the problem is theirs no eur old version of sudoku hax so you have to pay more money to downgrade 3ds since you need to buy a bigger game that can fit exdia hax
 
Last edited by hacksn5s4,
  • Like
Reactions: monkey69
einhuman197

einhuman197

Well-Known Member
Member
Level 6
Joined
Aug 17, 2015
Messages
989
Trophies
0
Location
Inside your bootloader (´◉◞౪◟◉)
XP
794
Country
Germany
hacksn5s4 said:
the problem is theirs no eur old version of sudoku hax so you have to pay more money to downgrade 3ds since you need to buy a bigger game that can fit exdia hax
Click to expand...
Come on you jerk you save hundreds of euros/dollars/whatever with piracy and you cry because you have to buy a 7 euros/dollars/whatever game? Are you kidding me?
 
Last edited by einhuman197,
  • Like
Reactions: konsolenumbau.expert, Victorum, SirHaxALot and 2 others
M

mathieulh

Well-Known Member
Member
Level 6
Joined
Feb 28, 2008
Messages
378
Trophies
0
Website
keybase.io
XP
897
Country
France
Aqib Ali said:
You do not need luma with sighax, or any CFW at all because signatures will be signed.
Click to expand...
You can only forge FIRM signature, and only for boot9 (Process9 isn't vulnerable), this means you can't just forge cia signatures and whatnot so you will still need "CFW". The 3DS isn't a Playstation 3.
 
  • Like
Reactions: Gray_Jack, DrkBeam, gnmmarechal and 6 others
M

mathieulh

Well-Known Member
Member
Level 6
Joined
Feb 28, 2008
Messages
378
Trophies
0
Website
keybase.io
XP
897
Country
France
Luke Gainsford said:
Could the CtCert be taken from another console, say a Wii or WiiU?
Click to expand...
No, well not quite, the CtCert is stored in the OTP area (you just don't see it when dumping your OTP because it's stored in encrypted form), the OTP is copied by boot9 to the ITCM and decrypted, later on the part of the decrypted OTP which does not contain CtCert is wiped by boot9 from memory. This means the original place where the CtCert is stored (assuming you have the means to encrypt it) cannot be overwritten.

It is however possible to read the CtCert from the memory of an exploited unit (or from a decrypted OTP) and overwrite it in another console (in memory) early enough in the boot chain so that the firmware uses it instead of the one that's written in the OTP.

Needless to say you can't just craft your own CtCert for obvious reasons and need a real one generated by Nintendo.

--------------------- MERGED ---------------------------

Mrrraou said:
no one is gonna bruteforce an hash for a patched firmware though. however there will definitely be some kind of payload chainloader i assume.
Click to expand...
I agree, a universal loader is the way to go. if just for safety and convenience, something small and straightforward that does not require much (if any) changes over time.
 
  • Like
Reactions: Gray_Jack, Noroxus, naddel81 and 1 other person
Mrrraou

Mrrraou

Well-Known Member
Member
Level 11
Joined
Oct 17, 2015
Messages
1,873
Trophies
0
XP
2,374
Country
France
mathieulh said:
I agree, a universal loader is the way to go. if just for safety and convenience, something small and straightforward that does not require much (if any) changes over time.
Click to expand...
definitely, plus people have already been doing this with k9lh so i assume it to be easy enough, as there's not that much difference between the post-k9l environment and the post-boot9 environment
 
  • Like
Reactions: Gray_Jack

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Hardware  New Nintendo 3DS XL Louvre

What's the best 3DS emulator (especially after Citra's shutdown)?

So what's the current state of hacking and freeshop?

Hacking Homebrew  Animal Crossing New Leaf (ACNL) help: data corrupt??

Hacking  Can you install a legit cia and keep the game? + Question about 3ds modding

Pokemon Ultra Sun/Moon from piracy site doesn't work

Accidentally snapped sd card in half, what to do now?

Hacking Homebrew  3DS System Transfer Questions

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Veho @ Veho:
    It's a DS Lite in a slightly bigger DS Lite shell.
     +1
  • Veho @ Veho:
    It's not a Nintendo / iQue official product, it's a 3rd party custom.
     +1
  • Veho @ Veho:
    Nothing special about it other than it's more comfortable than the Lite
    for people with beefy hands.
     +1
  • Jayro @ Jayro:
    I have yaoi anime hands, very lorge but slender.
  • Jayro @ Jayro:
    I'm Slenderman.
  • Veho @ Veho:
    I have hands.
  • Veho @ Veho:
    king-shark-hand.gif
    +1
  • BakerMan @ BakerMan:
    imagine not having hands, cringe
     +1
  • AncientBoi @ AncientBoi:
    ESPECIALLY for things I do to myself :sad:.. :tpi::rofl2: Or others :shy::blush::evil:
     +1
  • The Real Jdbye @ The Real Jdbye:
    @SylverReZ if you could find a v5 DS ML you would have the best of both worlds since the v5 units had the same backlight brightness levels as the DS Lite unlockable with flashme
  • The Real Jdbye @ The Real Jdbye:
    but that's a long shot
  • The Real Jdbye @ The Real Jdbye:
    i think only the red mario kart edition phat was v5
  • BigOnYa @ BigOnYa:
    A woman with no arms and no legs was sitting on a beach. A man comes along and the woman says, "I've never been hugged before." So the man feels bad and hugs her. She says "Well i've also never been kissed before." So he gives her a kiss on the cheek. She says "Well I've also never been fucked before." So the man picks her up, and throws her in the ocean and says "Now you're fucked."
     +2
  • AncientBoi @ AncientBoi:
    :O:ohnoes::lol::rofl::rofl2:
  • BakerMan @ BakerMan:
    lmao
  • BakerMan @ BakerMan:
    anyways, we need to re-normalize physical media

    if i didn't want my games to be permanent, then i'd rent them
     +1
  • BigOnYa @ BigOnYa:
    Agreed, that why I try to buy all my games on disc, Xbox anyways. Switch games (which I pirate tbh) don't matter much, I stay offline 24/7 anyways.
  • AncientBoi @ AncientBoi:
    I don't pirate them, I Use Them :mellow:. Like I do @BigOnYa 's couch :tpi::evil::rofl2:
     +1
  • cearp @ cearp:
    @BakerMan - you can still "own" digital media, arguably easier and better than physical since you can make copies and backups, as much as you like.

    The issue is DRM
  • cearp @ cearp:
    You can buy drm free games / music / ebooks, and if you keep backups of your data (like documents and family photos etc), then you shouldn't lose the game. but with a disk, your toddler could put it in the toaster and there goes your $60

    :rofl2:
  • cearp @ cearp:
    still, I agree physical media is nice to have. just pointing out the issue is drm
  • rqkaiju2 @ rqkaiju2:
    i like physical media because it actually feels like you own it. thats why i plan on burning music to cds
  • cearp @ cearp:
    It's nice to not have to have a lot of physical things though, saves space
     +1
  • AncientBoi @ AncientBoi:
    Nor clothes 🤮 . Saves on time, soap, water and money having to wash them. :D
  • SylverReZ @ SylverReZ:
    @rqkaiju2, Physical media is a great source for archiving your data, none of that cloud storage shiz.
    SylverReZ @ SylverReZ: @rqkaiju2, Physical media is a great source for archiving your data, none of that cloud storage...