33c3 3DS Digest: BootROM cracked, ability to sign firmwares
It came to my attention thanks to developer Red that today was the day of the 33c3 Nintendo Talk. For those unaware of what c3 is, it is a yearly hacking conference organized by the Chaos Communication Congress. While most of the event is not relevant for the readership here (you guys), since last year’s event brought us the famous a9lh hack, I decided to take a peek at what they had in store for us this year.
It was a pretty interesting show, even for someone such as me who barely understands the meat of the matter. A few things were discussed, but the short version is that the 3DS is completely cracked at this point. With nothing left to crack, derrekr6 just told the audience they were ready for the Nintendo Switch.
Soundhax and Fasthax!
The talk started with the announcement of both Soundhax and Fasthax. Soundhax is an exploit which was presented by hacker nedwill that relies on the 3DS’ sound player. As is the case with many exploits on the 3DS, it is a buffer overflow exploit. For what you care about, Soundhax means now you will have a free exploit that works offline! That’s great news since the discovery of exploits in games usually leads to horrible price gouging (this was mentioned by nedwill in the presentation). An good example of this is how games like Cubic Ninja shot from $5 to values like $80 just because of Ninjhax.
Fasthax is kernel11 exploit which we can assume will work on all current firmwares (so that’s up to 11.2 at least). While I don’t understand the nitty-gritty of it, I do know it will allow for CIA installation on the exploitable firmwares and if it goes like last year, probably more.
BootROM dumped! Sighax!
This is when derrekr took to the stage to talk about the BootROM. He spent a good time talking about the entire process of hacking the BootROM and how it is protected. He said that half of it is visible and the other half isn’t and they used that as a starting point. It was mentioned there is a flaw in the 3DS hardware in which some RAM is not cleared on a reboot. That allowed for injection of code that led to the dumping of the BootROM. Pretty neat!
This next part however is when everyone got really hyped. After a long explanation about the CPU of the 2DS and the RSA signatures Nintendo uses, he talks about how they were able to figure out that it doesn’t look for an entire signature, but only part of it. With this enormous flaw figured out, they were able to bruteforce their way into the valid part of the signature. This means that from now on, if this gets released, developers will be able to sign their own firmwares. This is even bigger than a9lh that only allowed us to patch code as it was loaded. This means that the 3DS might have complete custom firmware on boot. Let us hope this gets released!
BootROM11 dumped too!
At this point the only thing left to do was dumping the BootROM of the ARM11 processor (the previous was the ARM9 processor’s BootROM). derrekr said they could have tried the same process as earlier, but went with something different. When looking at the unprotected part of the ARM11 BootROM, they noticed there were references to the ARM11 RAM. So they tried overwriting data on Boot11 and discovered it was not blacklisted! Instant dump. As the slide said: “That was easy”.
They added this was all done in the Summer of 2015 and just waited to see if Nintendo would eventually fix it. They didn’t.
You can watch the entire 3DS part of the conference from this video supplied by Red:
Did you pay attention to the 33c3? I remember that Smealum teased something about it for the 3DS in my conversation with him about the Nintendo Bug Bounty. I never imagined it would be something this huge.
Let’s hope for that Sighax release!
Fist!!!!
Foot!
SAD
nintendo is weak
Apparently you don’t remember the 2 year dry spell between firmware 4.5 and 9.0, where you couldn’t do *** with your 3DS if it was running anything in between.
So weak that despite having the hackier hardware they flushed Sony out of the handheld market. Not that Sony put up much of a fight after the PSP…
Meanwhile, sony locked down the PS3 and Vita fairly well and what did that do for them? Not much.
What about the wii u talk ?
Sorry, I don’t own a Wii U so Red didn’t tell me about the Wii U talk until it was pretty much done. I apologize 🙁
Ill get you a Wii U next year for Christmas if you stay off the naughty list
truly awesome stuff, i hope that they fake sign a firmware which enables homebrew i have been waiting for a way to properly hack my console for some time now
“They added this was all done in the Summer of 2015 and just waited to see if Nintendo would eventually fix it. They didn’t.”
PFFFFFFFFFFffffffffuking ***! We could’ve had full CFW on the 3DS a year and a half ago!
Does this allow us to install a custom firmware directly to a unhacked 3/2ds
I mean the signature part of the dumped Bootrom
Hmmm….Would think that you would need to go A9LH first and then install the custom firmware. This really breaks open the 3DS permanently.
problem is I have updated my 2ds a while ago because i couldn’t play my favorite games, so no A9LH for me, but if they release a workaround like a custom dns server or something which you can use to “update” your 3/2ds to a custom firmware, now that would be awesome. And the system won’t recognize it as hack because it has a signature.
I don’t fully understand this. Don’t you just need an entry point to the homebrew launcher? I’ve heard SoundHax will be 11.2.
The full talk can be found on their site… https://media.ccc.de/v/33c3-8344-nintendo_hacking_2016
They wont release sickhax and wont leak boot9.
Sickhax means, we can bruteforce a working signature (we dont know yer, if its a skelleton sign). Before we can bruteforce it, we need boot9 for details. Bruteforcing such sign can take ca. 6 months, depending of the amount of avaiable machines.
People are trying to dump boot9 since a long time, as this way to dump is publicly known since may 2015.
Also, kernel9loader is an arm 9 exploit/entrypoint aswell as sickhax. In both cases you loose the entrypoint when you overwrite the firmware partitions.
“This is even bigger than a9lh that only allowed us to patch code as it was loaded.”