33c3 3DS Digest: BootROM cracked, ability to sign firmwares
It came to my attention thanks to developer Red that today was the day of the 33c3 Nintendo Talk. For those unaware of what c3 is, it is a yearly hacking conference organized by the Chaos Communication Congress. While most of the event is not relevant for the readership here (you guys), since last year’s event brought us the famous a9lh hack, I decided to take a peek at what they had in store for us this year.
It was a pretty interesting show, even for someone such as me who barely understands the meat of the matter. A few things were discussed, but the short version is that the 3DS is completely cracked at this point. With nothing left to crack, derrekr6 just told the audience they were ready for the Nintendo Switch.
Soundhax and Fasthax!
The talk started with the announcement of both Soundhax and Fasthax. Soundhax is an exploit which was presented by hacker nedwill that relies on the 3DS’ sound player. As is the case with many exploits on the 3DS, it is a buffer overflow exploit. For what you care about, Soundhax means now you will have a free exploit that works offline! That’s great news since the discovery of exploits in games usually leads to horrible price gouging (this was mentioned by nedwill in the presentation). An good example of this is how games like Cubic Ninja shot from $5 to values like $80 just because of Ninjhax.
Fasthax is kernel11 exploit which we can assume will work on all current firmwares (so that’s up to 11.2 at least). While I don’t understand the nitty-gritty of it, I do know it will allow for CIA installation on the exploitable firmwares and if it goes like last year, probably more.
BootROM dumped! Sighax!
This is when derrekr took to the stage to talk about the BootROM. He spent a good time talking about the entire process of hacking the BootROM and how it is protected. He said that half of it is visible and the other half isn’t and they used that as a starting point. It was mentioned there is a flaw in the 3DS hardware in which some RAM is not cleared on a reboot. That allowed for injection of code that led to the dumping of the BootROM. Pretty neat!
This next part however is when everyone got really hyped. After a long explanation about the CPU of the 2DS and the RSA signatures Nintendo uses, he talks about how they were able to figure out that it doesn’t look for an entire signature, but only part of it. With this enormous flaw figured out, they were able to bruteforce their way into the valid part of the signature. This means that from now on, if this gets released, developers will be able to sign their own firmwares. This is even bigger than a9lh that only allowed us to patch code as it was loaded. This means that the 3DS might have complete custom firmware on boot. Let us hope this gets released!
BootROM11 dumped too!
At this point the only thing left to do was dumping the BootROM of the ARM11 processor (the previous was the ARM9 processor’s BootROM). derrekr said they could have tried the same process as earlier, but went with something different. When looking at the unprotected part of the ARM11 BootROM, they noticed there were references to the ARM11 RAM. So they tried overwriting data on Boot11 and discovered it was not blacklisted! Instant dump. As the slide said: “That was easy”.
They added this was all done in the Summer of 2015 and just waited to see if Nintendo would eventually fix it. They didn’t.
You can watch the entire 3DS part of the conference from this video supplied by Red:
Did you pay attention to the 33c3? I remember that Smealum teased something about it for the 3DS in my conversation with him about the Nintendo Bug Bounty. I never imagined it would be something this huge.
Let’s hope for that Sighax release!