33c3 3DS Digest: BootROM cracked, ability to sign firmwares

19 Responses

  1. slolol

    nintendo is weak

    • DSpider

      Apparently you don’t remember the 2 year dry spell between firmware 4.5 and 9.0, where you couldn’t do *** with your 3DS if it was running anything in between.

    • Jack Attack

      So weak that despite having the hackier hardware they flushed Sony out of the handheld market. Not that Sony put up much of a fight after the PSP…

      Meanwhile, sony locked down the PS3 and Vita fairly well and what did that do for them? Not much.

  2. Alan

    What about the wii u talk ?

  3. iam666

    truly awesome stuff, i hope that they fake sign a firmware which enables homebrew i have been waiting for a way to properly hack my console for some time now

  4. DSpider

    “They added this was all done in the Summer of 2015 and just waited to see if Nintendo would eventually fix it. They didn’t.”

    PFFFFFFFFFFffffffffuking ***! We could’ve had full CFW on the 3DS a year and a half ago!

  5. DarkLPs

    Does this allow us to install a custom firmware directly to a unhacked 3/2ds

    • DarkLPs

      I mean the signature part of the dumped Bootrom

      • Downfallofusall

        Hmmm….Would think that you would need to go A9LH first and then install the custom firmware. This really breaks open the 3DS permanently.

        • DarkLPs

          problem is I have updated my 2ds a while ago because i couldn’t play my favorite games, so no A9LH for me, but if they release a workaround like a custom dns server or something which you can use to “update” your 3/2ds to a custom firmware, now that would be awesome. And the system won’t recognize it as hack because it has a signature.

          • Franky

            I don’t fully understand this. Don’t you just need an entry point to the homebrew launcher? I’ve heard SoundHax will be 11.2.

  6. Calvin

    The full talk can be found on their site… https://media.ccc.de/v/33c3-8344-nintendo_hacking_2016

  7. julian20

    They wont release sickhax and wont leak boot9.
    Sickhax means, we can bruteforce a working signature (we dont know yer, if its a skelleton sign). Before we can bruteforce it, we need boot9 for details. Bruteforcing such sign can take ca. 6 months, depending of the amount of avaiable machines.
    People are trying to dump boot9 since a long time, as this way to dump is publicly known since may 2015.

    Also, kernel9loader is an arm 9 exploit/entrypoint aswell as sickhax. In both cases you loose the entrypoint when you overwrite the firmware partitions.
    “This is even bigger than a9lh that only allowed us to patch code as it was loaded.”