Hacking Post your ideas regarding how to hack the 3DS, here

[jamieyello]

Yea I don't know much about that stuff, but if you're looking for crashes, Netflix crashes more than you want it to. Once I wanted to watch Futurama but it said "title not available", the top screen got some crazy pattern on it and it booted me to the home screen. Netflix crashes alll the time.

 

[nukeboy95]

Yea I don't know much about that stuff, but if you're looking for crashes, Netflix crashes more than you want it to. Once I wanted to watch Futurama but it said "title not available", the top screen got some crazy pattern on it and it booted me to the home screen. Netflix crashes alll the time.

netflix can not be exploited as all the save holds is acc info

 

[ComeTurismO]

Hey guys, what about the warnings you get at the back of 3DS games?

IMPORTANT! READ THE NINTENDO 3DS OPERATIONS MANUAL BEFORE SETUP OR USE OF YOUR SYSTEM.
THIS PRODUCT CONTAINS TECHNICAL PROTECTION MEASURES. USE OF AN UNAUTHORIZED DEVICE OR ANY UNAUTHORIZED TECHNICAL MODIFICATION TO YOUR NINTENDO 3DS SYSTEM, WILL RENDER THIS GAME AND/OR YOUR SYSTEM UNPLAYABLE[/QUOTE]

 

[nukeboy95]

Hey guys, what about the warnings you get at the back of 3DS games?

that is just a bluff from Nintendo its not in the system

 

[Syphurith]

>>some thoughts [but seems hopelessly]
Never run anything unsigned? Right. Then, how about do not use the chip of 3ds, taking pc's instead?
So i'm looking forward to that decapping and what they do now (is software's command analysis).
if the GPU not included in CPU we can continue analysis and take that GPU as an external renderer.
>>Nothing can be more important than analyse the hardware then....Despite there may be some mistakes.

Spoiler

[I've found something amusing..][Just take a break]
There're some people discussing about 3ds hacking. One said, the 3ds would not be hacked in this year, or, he will post "how to eat iphone" live.. The other said, it must be hacked within this year, or, he will "take his male part away"..(Also "live", Orz)
--So, i bookmarked those both.
Added Spoiler Mark. Thanks to DiabloStorm!

>>A question
Yum.. Has anyone tried to analyse the 3ds game card? It seems interesting what is the difference between the chips used in the true 3ds game card and that used in ace3ds pro's 3ds mode. [Forgive me, i found no clues about the internal of gamecard chips, Except some information on 3dbrew, but not about the chips]
>>Yep this question ends here.

[Another break~]
Somebody said that there is no difference between the trial-game data of same game title downloaded by difference 3ds machines, so it may be un-encrypted. Just a laughter. They confounded the game-sign with the save-sign..Correct?

I'm sure i've made some spelling or other mistakes.. Sorry for that. If you think this post is dirty please tell me and i'm earse something.. I mean if this made you fell uneasy..
[PS]I don't know how can you guys make a spoiler hider in your post.. I can not find such a thing in the editor..

 

[DiabloStorm]

[PS]I don't know how can you guys make a spoiler hider in your post.. I can not find such a thing in the editor..

[S poiler] [/S poiler] no spaces

 

[Syphurith]

[S poiler] [/S poiler] no spaces

Thanks Very MUCH! I must add that to my note. at least to my Signature on this forum..

Spoiler

Also Let me have a try. It does work. So i should change some silly joke i'm made before.

 

[jamieyello]

What about what Curley12 said with the titles downloaded from the eshop not being encripted? Also, even though it's 256something encrypted maybe an overclocked crazy powerful computer could crack it after 9 months of running?

 

[TheCasketMan]

bruteforce the keys and waiting over 9000 years. 100% Guaranteed to Work!!!

 

[jamieyello]

Ok, but what if you started a project where you got people to download decrypters to run on there own computers, bruteforce might be more effective with around 30,000, a 1/9000 chance per year for every 4 computers might just be good enough. Then again the few people that actually did hack the 3ds might be able just copy and paste the code but won't because of piracy. There is only one code right? It isn't unique for any games/systems?

 

[Rydian]

Ok, but what if you started a project where you got people to download decrypters to run on there own computers, bruteforce might be more effective with around 30,000, a 1/9000 chance per year for every 4 computers might just be good enough. Then again the few people that actually did hack the 3ds might be able just copy and paste the code but won't because of piracy. There is only one code right? It isn't unique for any games/systems?

Here's my copy-paste on the DSi, which used 128-bit encryption.

I present to you: "DSi Encryption Put In Perspective", also known as "I Love Crushing People's Dreams".

The DSi uses 128-bit encryption (IIRC).
How do you break it? You find the correct encryption key.

How many encryption keys are there? 2 (binary, a bit) to the 128th power (number of bits), divided by 8 (8 bits in a byte).
That's so many that the calculator that comes with windows (at least XP) can't even display the number without reverting to scientific notation.

128-bits is...
340,282,366,920,938,463,463,374,607,431,768,211,456 possible values in binary.
However, Since there's 8 bits in a byte, you divide 128 by 8 and get 16. That's 16 bytes, 16 characters.
That's 18,446,744,073,709,552,000 possible values, ranging from 0x0000000000000000 to 0xFFFFFFFFFFFFFFFF. Eighteen quintillion possible keys.
The actual number is a bit less less since a key will be a certain number of digits and be designed to not have repeating segments, but this puts it in perspective.

Let's say that you have a computer program which can try 50,000 unique keys a second.
That's 3,000,000 keys a minute.
180,000,000 keys in an hour.
4,320,000,000 keys a day.
1,576,800,000,000 keys in one year.

It would take 11,698,848 years to try all the keys at that speed.

So wait, how do they break other systems? If you can get a direct copy of the encrypted data and compare it to a copy of the unencrypted data (as well as view the data as it's transmitted around the DSi's internals), that goes a long way towards figuring out the key without having to try all possible combinations. You'll be able to find the key without all the guessing! The problem is you'd need to take a DSi apart and fuck with it's insides while it's on to try to get a copy of the data while it's unencrypted (since the DSi will unencrypt what it needs on the fly in order to use it), and usually when you're done with that the DSi's pretty broken and in no shape to game, or even to be experimented on a second time...

http://www.flickr.com/photos/micahdowty/sets/72157621023570420/

This process can be hampered by the internal design of the system, so you may need to take apart many systems before you even figure out how to read some of the data, let alone get a full copy of it, and last I checked DSi's don't cost $5...

Now realize that 129-bit encryption is DOUBLE that. And 130-bit encryption is double what 129-bit encryption was, and so on until you hit 256-bit.

It is not an option.

 

[Syphurith]

So, i got it. it is merely possible (or to say, impossible) to use decrypters to find the key.
(Unless the key was accidently leaked, as what happened to PS3.)
Then, The way left for us is analyse the hardware right? We HAVE TO DIVE..
Then modify it to correct the crypto methods, especially remove the nintendo sign check.
Or simply check the commands and build an emulator to avoid such problems.

Spoiler

Password is always the important word in security..
It's the battle-field..if you can not avoid it.
Hardware is kinda truth where all those softwares' method got terminated.

It seems that all raw rom are encrypted, except those in development unit.
Oh..I found there have been 1 days since 3dbrew's lastest update of Yellows8.
I got some upset. Are they facing some very confusing problems?
much wish if we had the talent or have the inspiration..

 

[Mefisteso]

Now realize that 129-bit encryption is DOUBLE that. And 130-bit encryption is double what 129-bit encryption was, and so on until you hit 256-bit.
It is not an option.

To support this point...
wiki:

AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2^128 times more computational power than a 128-bit key. A device that could check a billion billion (10^18) AES keys per second (if such a device could ever be made - as of 2012, supercomputers have computing capacities of 20 Peta-FLOPS, see Titan. So 50 supercomputers would be required to process (10^18) operations per second) would in theory require about 3×10^51 years to exhaust the 256-bit key space.

Hope you all get, that "^"=power in maths

 

[Syphurith]

About the new encryption method with games requiring 2.2.0+ firmware on 3ds:
Has anyone with a r4i save dongle tried to do so?
1.Understand the game is using new encryption method. IE, Mario Kart 7.
2.Enter the game with a save [Best: clear save, that may take some useless text out].
[I mean if you have this gamecard as a new one, pass that stories then save.]
3.Do nothing but Save the game. Then dump it out with that dongle.
4.Enter the game again, with that save you saved moments ago.
5.Save again, and also dongle again.
6.Use Hex comparer [or give these two saves to a developer] to XOR and tries to find the s*** key.
It doesn't affect the system much though. But it has its benefits.

 

[Rezialn]

Why not just softmod it in a way similar to the Wii? They all come with SD cards anyways. It looks almost like it's just a modified Wii software.

 

[Rydian]

Why not just softmod it in a way similar to the Wii? They all come with SD cards anyways. It looks almost like it's just a modified Wii software.

Why not just modify it with my dick?

And it's quite different from the Wii. They chose a similar style for consistency, sort of like how you can skin Windows and use a launcher+dock to make it look like OSX, but the internals are still very different.

 

[Rezialn]

Why not just modify it with my dick?

And it's quite different from the Wii. They chose a similar style for consistency, sort of like how you can skin Windows and use a launcher+dock to make it look like OSX, but the internals are still very different.

If you can modify it with your dick, go right ahead.

 

[Rydian]

If you can modify it with your dick, go right ahead.

Was pointing out that you need more than an interface to hack something.

 

[Rezialn]

Was pointing out that you need more than an interface to hack something.

It was never about the interface. I was under the impression that the software itself was similar to the Wii, and I know I know that I was mistaken.

I truly believe that looking to softmod it is a better route than attempting to create a flash cart.

 

[Syphurith]

Was pointing out that you need more than an interface to hack something.

sorry to bother you, but there is something i feel strange.
i had found 2 files has exactly 0x00004200 length long, while both of them is a part of the 3ds update file.
So..Rydian i beg you take a look at that >>

Spoiler

I've got two files with the same length 0x00004200. Story >>

Spoiler

When i tried to update my 3ds through that PS3.ProxyServer, i made it with filter '*' and got those links.
Today i grabed the links with download accelerator.

<<
I highly doubt if these two file is very special due to its length.

Spoiler

I thought it was a 4096RSA+256SHA1 but the length is not that number. But i consist it may be a key file.

Please give me a conclusion if you can, please.
Or, What type of such files should be?

Spoiler

CIA? TMD? or any other types? What i know only is it is a part of the 'present' file

I'll upload the files, packed as 7z. There is also a Readme for you in the package.
Gosh it's too big for this forum.. Uploaded to Skydrive instead. >>Link<<

Also, please can somebody make a new ProxyServer from that PS3.ProxyServer?
I request for detailed logging (ie, log the packages content with header set and get) badly, thanks.

Spoiler

Indeed the length seems to be the length of the key.bin. the length of key.bin is 512 Bytes.

Can it be any clue? .. If not please let me apologize for my impatient.