Hacking Post your ideas regarding how to hack the 3DS, here

[Rydian]

sorry to bother you, but there is something i feel strange.
i had found 2 files has exactly 0x00004200 length long, while both of them is a part of the 3ds update file.
So..Rydian i beg you take a look at that >>Can it be any clue? .. If not please let me apologize for my impatient.

I don't know much about the 3DS's security or how it manages files specifically.

 

[Syphurith]

I don't know much about the 3DS's security or how it manages files specifically.

But i should thank your patience, as always. Indeed i found myself thinking nervously after finding that.

I know why i feel strange now. It is said to attach a 0x200 sized key to the encrypted file.. Maybe.

 

[Syphurith]

Question: Does 3ds's Browser support gziped image? Can this be a portal to overflow it?

Spoiler

Tip: If a browser can support gziped image, it will appear with notices in its header. Gziped image can be rather small sometimes, even the original image is enough big to flow the memory.. When recieved an image from server, the browser will try to unzip the image first then display it to the screen. So it is possible to overflow your PC browser to make your PC out of service.
So you can use a image of size 1024px*(1024*128)px all blank (that means 0xffffff, white) then segment of data to flow into in HEX.
Bitmap type will be your friend. Someone can even use .bmp file to script 'Hello World' in C. Oh..I like TIFF exploit..

But i'm also wondering where will the left data go when its previous part overflew the memory.

 

[Rydian]

IIRC the browser's sandboxed, meaning it can't write to anything other than itself.

 

[Janthran]

Question: Does 3ds's Browser support gziped image? Can this be a portal to overflow it?

Spoiler

Tip: If a browser can support gziped image, it will appear with notices in its header. Gziped image can be rather small sometimes, even the original image is enough big to flow the memory.. When recieved an image from server, the browser will try to unzip the image first then display it to the screen. So it is possible to overflow your PC browser to make your PC out of service.
So you can use a image of size 1024px*(1024*128)px all blank (that means 0xffffff, white) then segment of data to flow into in HEX.
Bitmap type will be your friend. Someone can even use .bmp file to script 'Hello World' in C. Oh..I like TIFF exploit..

But i'm also wondering where will the left data go when its previous part overflew the memory.

Pretty sure the 3DS browser would just say "Cannot load this image"

 

[nukeboy95]

Why not just softmod it in a way similar to the Wii? They all come with SD cards anyways. It looks almost like it's just a modified Wii software.

cuz of a new thing called movable.sed

 

[SSBBW]

cuz of a new thing called movable.sed

Encrypted?

 

[Rat.2]

I was thinking of downloading an app from the store playing it a little
then putting the Sd card in my computer editing the files for that game by using a hex editor or even just opening them up in notepad then taking out random chunks of the text then play the app to see if it crashes and what happens and see if the game crashing unexpectedly like this might cause in certain games could lead to an exploit :3

 

[pyromaniac123]

I was thinking of downloading an app from the store playing it a little
then putting the Sd card in my computer editing the files for that game by using a hex editor or even just opening them up in notepad then taking out random chunks of the text then play the app to see if it crashes and what happens and see if the game crashing unexpectedly like this might cause in certain games could lead to an exploit :3

If it were that easy it would of been hacked ages ago.

 

[Rat.2]

If it were that easy it would of been hacked ages ago.

Of course that wouldn't be all of it but i don't think it has been suggested here and it could actually work
it could really depend on the game where it crashes if it even fully crashes or just starts glitching weirdly
and of course because the files are encrypted we wouldn't know exactly what to edit on another 3Ds
but if no one has tried it it could be something worth trying it who knows what it could lead to

 

[Rat.2]

People have been trying to crash the 3Ds various ways to get an exploit and i think this might be the easiest way to crash it hundreds of different ways

 

[Rydian]

I was thinking of downloading an app from the store playing it a little
then putting the Sd card in my computer editing the files for that game by using a hex editor or even just opening them up in notepad then taking out random chunks of the text then play the app to see if it crashes and what happens and see if the game crashing unexpectedly like this might cause in certain games could lead to an exploit :3

If you edit the files, the signatures will become invalid and the 3DS will not run whatever it is anymore.

 

[Rat.2]

If you edit the files, the signatures will become invalid and the 3DS will not run whatever it is anymore.

I was hoping that wasn't the case
I wonder if they are any files they don't do a complete check on
I will check it out myself later

 

[Syphurith]

Oh yeah. The CDN Scanner does help me collecting the TMD files.
But it is not pausable.. Can anyone familiar with win32 take a look at it? WHERE I GOT IT.

Spoiler

I want to have pause & continue feather. The job can not be archived in a day..
i think pause it before sleep then continue it tomorrow will be a good idea..

Remember change the CDNScan.bat as the attachment below otherwise it will just delete the files.

Em... Does this thing really helps? I mean if that file really useful to a developer to be analyzed?
I'm wondering about that "Root-CA00000003CP0000000b"..That string seems always appear..
Elisherer it broke the structure you defined to analyse those TMDs!

Also attach some that generated.. named as 0000-00.zip.. Lots of TMD yeah.

 

[RedCoreZero]

You can simply crash it by taking out the specific files out of swapnote,replace it with files,and you got yourself a fucked up application!

 

[medoli900]

How much fucked up you mean? :3

 

[KittyPaws]

Hi, I haven't really read through this thread, but I was wondering. Since the nintendo eshop downloads demos and games onto the SD card, why can't we just take one of those downloaded demos and repackage a rom into it? Or patch a rom so it that the eshop thinks it was downloaded from the eshop?

 

[medoli900]

Signature encryption >_>

 

[nukeboy95]

encryption is the answer to all posts

 

[medoli900]

Now i really want that signature leaked...
Hey,big N! You want $. Leak it. PS3 code is on the loose and they aren't ruined. Better,the 3DS sell would go upward with all the hack n00bie that will brick their 3DS!
/Is hopeless...