What's new

News Nintendo 3ds Has Officially Been Hacked! [32c3 Overview]

Red

Red

Newbie
VIP
Retired
Scaling the Mountain Mythical Veteran MotM
Messages
15,343
Reaction score
10,407
As some of you are already aware the Nintendo 3ds has been a tough nut to crack when it came to homebrew or "hacks" until Smealum and Yellows8 started the SDK ctrulib and released the first "hax" for the Ubisoft game Cubic Ninja, which lead to all sorts of homebrew and eventually Kernal Access for firmwares 9.2 and below. Since that day Nintendo has been locking down their software more and more with their "stability" updates which eventually patched both the webkit exploit Browserhax and the menu exploit Menuhax. However for those of us who have been following the scene you probably know that Kernal access was nothing but a dream if you were above 9.2..until today

Today at 32c3 Smealum Derrick and Plutoo all spoke about their efforts in the 3ds Scene, their efforts, methods, and how the console worked. If you're interesting in viewing the recording in it's entirety you can do so here; https://streaming.media.ccc.de/32c3/relive/7240/

For those of you who would prefer a run down here is what the stream taught us. The Nintendo 3ds uses a special function called NS that is sand boxed on the system that nothing can access since it handles all of the main functions such as encryption and downgrading. Our current means of user-land access from our "hax" that was released unfortunately can't touch that sandbox without some added privileges or work with ROP. At this point of the stream Smealum introduces some interesting information of what the gpu can and can not access in the sandbox.

What is NS?
NS has am:u access, which lets us downgrade individual titles and it has access to system module-specific calls, NS is also in a region of the sandbox we can partially mess with. However it is beyond the cutoff of what the GPU can access...but what if we move it?

The main idea is to remove NS and fill its place with garbage data to essentially push it to were we can touch it

RNEByJC.png


However that isn't a full proof plan. Since we need NS in order to launch it in the first place, and we can't run multiple instances of it. However luckily the 3ds has a "safe" mode feature where most system titles have their own safe mode partner there is a catch however. The system still cant run a safe mode title if a normal version is already running. But for some reason Nintendo decided to introduce a small friend to the New 3ds that could prove useful since it is separate title besides NS which then in turn provides us with a simple outcome which is to keep NS running but allocate more data so that you can get below the cutoff and run the New3ds version of NS

xWX5y8j.png


What this will allow us to do is that it will give us code execution under a system module which will then give us access to other exploits!

i.e. downgrades


This is just a rough over view. There is much more detail to this to this especially once the other speakers come on. I recommend watching the full stream for a more in depth overview
 
Last edited:
VinnyHaw

VinnyHaw

Premium
Premium
Mythical Veteran Trifecta End of the Year 2015
Messages
14,055
Reaction score
5,487
Sooooo can u do stuff to my Ds now?
 
Owl

Owl

Inhale, Exhale, Repeat.
Mythical Veteran MotM Platinum Record
Messages
6,168
Reaction score
4,662
Yes sir 10.3 is fair game again

Broh just having the ability to be able to downgrade my 3DS would be amazing. I might be reading it wrong but is this idea based off the new 3DSs?
 
Red

Red

Newbie
VIP
Retired
Scaling the Mountain Mythical Veteran MotM
Messages
15,343
Reaction score
10,407
Broh just having the ability to be able to downgrade my 3DS would be amazing. I might be reading it wrong but is this idea based off the new 3DSs?
It is indeed.
 
Red

Red

Newbie
VIP
Retired
Scaling the Mountain Mythical Veteran MotM
Messages
15,343
Reaction score
10,407
what can we do?
Almost anything. This opens up the whole system. For one if you have a way to launch homebrew currently you can install older eshop titles that nintendo has "hidden" which will then allow you to launch homebrew right from the console from a cold boot
 
VinnyHaw

VinnyHaw

Premium
Premium
Mythical Veteran Trifecta End of the Year 2015
Messages
14,055
Reaction score
5,487
Almost anything. This opens up the whole system. For one if you have a way to launch homebrew currently you can install older eshop titles that nintendo has "hidden" which will then allow you to launch homebrew right from the console from a cold boot

well you know everything I have. can I do any of this?
 
MrDoop159

MrDoop159

Enthusiast
Messages
30
Reaction score
11
What are the bad side effetcs of this? Any?
 
N

nibelheim

Newbie
Messages
2
Reaction score
0
how do i get ironfall on the eshop as stated in the instructions? i dont see it on the old version of eshop.

EDIT: Actually, whats the point in having ironhax when you have menuhax (firmware under 9.9)?
 
Last edited:
7slover34

7slover34

Newbie
Messages
15
Reaction score
0
how do i get ironfall on the eshop as stated in the instructions? i dont see it on the old version of eshop.

EDIT: Actually, whats the point in having ironhax when you have menuhax (firmware under 9.9)?
 
Ironhax could be backup plan
 
Red

Red

Newbie
VIP
Retired
Scaling the Mountain Mythical Veteran MotM
Messages
15,343
Reaction score
10,407
how do i get ironfall on the eshop as stated in the instructions? i dont see it on the old version of eshop.

EDIT: Actually, whats the point in having ironhax when you have menuhax (firmware under 9.9)?
Backup plan really. It's always best to have multiple entry points imo in case one gets patched or you accidentally erase one.

i.e. I have Themehax Ironhax, and Ninjhax
 
CrazyPotato

CrazyPotato

Enthusiast
Messages
171
Reaction score
98
Can you get money for eshop?
Nope. Just wait I'm sure all the eshop games and dlc will be leaked soon (.cia files) so there won't ever need to pay.
Correct me if I'm wrong but I think it's been like that for a long time now .cia games and .roms
 
Top Bottom