Nintendo 3DS Has Officially Been Hacked

The 3DS has been hacked, which was showcased at 32C3, the E3 equivalent for exploits and platform modifying. The exploit opens up doors to new...
  1. [​IMG]

    As some of you are probably aware, the Nintendo 3DS has been a tough nut to crack when it came to homebrews or hacks. Exploiters "Smealum" and "Yellows8" started the SDK ctrulib and released the first "hax" for the Ubisoft game Cubic Ninja, which led to all sorts of homebrews and eventually Kernal Access for firmwares 9.2 and below. Since that day, Nintendo has been locking down their software more and more with their "stability" updates, which eventually patched both the Webkit exploit Browserhax and the menu exploit Menuhax. However, for those of you who have been following the scene, you probably know that kernel access was nothing short of a dream if you were above firmware 9.2, until today that is.

    At 32C3 earlier today, Smealum, DerrekR6, and Plutoo all spoke about their efforts in the 3DS scene, their methods, and how the console worked. There is a full recording available, which will be linked below.

    For those of you who would prefer a run-down of what was talked about, here is what the stream taught us: the Nintendo 3DS uses a special function called NS that is sand-boxed on the system, which nothing can access since it handles all of the main functions such as encryption and downgrading. Our current means of user-land access from our "hax" that was released unfortunately can't touch that sandbox without some added privileges or work with ROP. At this point of the stream, Smealum introduces some interesting information of what the GPU can and cannot access in the sandbox.

    The NS has am:u access, which lets us downgrade individual titles and it has access to system module-specific calls. NS is also in a region of the sandbox we can partially mess with, however, it is beyond the cutoff of what the GPU can access... but what if we were to move it?

    The main idea is to remove NS and fill its place with garbage data to essentially push it to where it can be accessed.

    [​IMG]

    This isn't a foolproof plan, since we need NS in order to launch it in the first place and we can't run multiple instances of it. Luckily, the 3DS has a "safe mode" feature where most system titles have their own safe mode partner; there is a catch, however. The system still can't run a safe mode title if a normal version is already running. But for some reason, Nintendo decided to introduce a small concept to the New 3DS that could prove useful since it is a separate title beside NS, which in turn provides us with a simple way to keep NS running but allocate more data so that you can get below the cutoff and run the New 3DS version of NS.

    [​IMG]

    This exploit will give us code execution under a system module which will then give us access to other exploits, such as downgrades. This is just a rough overview; there is much more detail to this to this, especially once the other speakers come on during the stream. You can watch the full stream below if you would like any more insight on this hack.

    https://streaming.media.ccc.de/32c3/relive/7240/

    Share This Article

Comments

To make a comment simply sign up and become a member!
  1. Apollo
    This has already been done via CFW.
    1. View previous replies...
    2. Red
      On systems on 9.2 or below..that and this is a hardware exploit meaning it cant be patched
    3. Apollo
      Yes, but once you have it you can spoof your Firmware version. And that's what people said when the JTAG exploit first came out, but microsoft patched the exploit by what the community calls "burning fuses".
    4. Red
      The 3ds runs different then the xbox. That and you could only spoof the new 3ds up to 9.5 when the newest is 10.3

      The issue with the 3ds was just the lack of kernal access above 9.2
  2. LEGIT767
    Can't wait for me hacked Pokemans, especially the mews


    The feels....
    1. Red
      Thats already a thing with Homebrew
    2. Th3-Chronikk
      How is this done with homebrew, i have it now
    3. Tmo
      You can do it now with a PowerSave (save transfer / edit) or possibly a Flash Card (Like SKY3DS and such) There was a way to do it with only a sd card and internet access a while back but it got patched.
  3. Omegle
    Haha! It was hack-able in the Summer. Where were you?
    1. Red
      On firmwares below 9.2 everything above was simple usermode homebrew that had next to no access. This is the newest firmware
  4. Stonerzard
    I was thinking my 3DS wouldn't see much action outside of the Pokémon releases. It definitely will now, who doesn't love free games?
    1. Red
      Games probably won't first. Most of the scene has a strong stance against piracy unfortunately. If you're interested in that you can always get a Sky3ds
  5. TheItalianLad
    yay, now they can make another system which is better than the crappy 3DS
    1. Stonerzard
      How was the 3DS crappy?
  6. Visual Studio
    Video is pretty interesting.
  7. 3xTiNcT
    Wow, never really thought of one to be hacked. lol. That's cool though.
  8. Pyroman
    I thought it was "hacked" a while ago? With like some cube game or ninja game(I forgot off-hand) and some other stuff, I did it to my last 3ds, but haven't looked much into I just followed tutorials and what not.
    1. Red
      Only if you were below 9.2
    2. Pyroman
  9. Th3-Chronikk
    So is there a release of a tool or something to do this to a 3DS?
    1. Red
      Not yet. Soon though. Someone still needs to put all of this together into a full working exploit
    2. Th3-Chronikk