33c3 3DS Digest: BootROM cracked, ability to sign firmwares

19 Responses

  1. M says:

    Fist!!!!

  2. slolol says:

    nintendo is weak

    • DSpider says:

      Apparently you don’t remember the 2 year dry spell between firmware 4.5 and 9.0, where you couldn’t do *** with your 3DS if it was running anything in between.

    • Jack Attack says:

      So weak that despite having the hackier hardware they flushed Sony out of the handheld market. Not that Sony put up much of a fight after the PSP…

      Meanwhile, sony locked down the PS3 and Vita fairly well and what did that do for them? Not much.

  3. Alan says:

    What about the wii u talk ?

    • Typhoon_Neon says:

      Sorry, I don’t own a Wii U so Red didn’t tell me about the Wii U talk until it was pretty much done. I apologize 🙁

  4. iam666 says:

    truly awesome stuff, i hope that they fake sign a firmware which enables homebrew i have been waiting for a way to properly hack my console for some time now

  5. DSpider says:

    “They added this was all done in the Summer of 2015 and just waited to see if Nintendo would eventually fix it. They didn’t.”

    PFFFFFFFFFFffffffffuking ***! We could’ve had full CFW on the 3DS a year and a half ago!

  6. DarkLPs says:

    Does this allow us to install a custom firmware directly to a unhacked 3/2ds

    • DarkLPs says:

      I mean the signature part of the dumped Bootrom

      • Downfallofusall says:

        Hmmm….Would think that you would need to go A9LH first and then install the custom firmware. This really breaks open the 3DS permanently.

        • DarkLPs says:

          problem is I have updated my 2ds a while ago because i couldn’t play my favorite games, so no A9LH for me, but if they release a workaround like a custom dns server or something which you can use to “update” your 3/2ds to a custom firmware, now that would be awesome. And the system won’t recognize it as hack because it has a signature.

          • Franky says:

            I don’t fully understand this. Don’t you just need an entry point to the homebrew launcher? I’ve heard SoundHax will be 11.2.

  7. Calvin says:

    The full talk can be found on their site… https://media.ccc.de/v/33c3-8344-nintendo_hacking_2016

  8. julian20 says:

    They wont release sickhax and wont leak boot9.
    Sickhax means, we can bruteforce a working signature (we dont know yer, if its a skelleton sign). Before we can bruteforce it, we need boot9 for details. Bruteforcing such sign can take ca. 6 months, depending of the amount of avaiable machines.
    People are trying to dump boot9 since a long time, as this way to dump is publicly known since may 2015.

    Also, kernel9loader is an arm 9 exploit/entrypoint aswell as sickhax. In both cases you loose the entrypoint when you overwrite the firmware partitions.
    “This is even bigger than a9lh that only allowed us to patch code as it was loaded.”

  1. January 5, 2017

    […] the recent 33c3 concluding at the end of last year, came numerous exploit announcements for the 3DS scene, many of which have since been implemented and are in working stable condition. Two of those […]