Kodewerx
https://www.kodewerx.org/forum/

71 C9 3F E9 BB 0A 3B 18
https://www.kodewerx.org/forum/viewtopic.php?f=11&t=7517
Page 1 of 1

Author:  Parasyte [ Sat Apr 02, 2011 11:50 pm ]
Post subject:  71 C9 3F E9 BB 0A 3B 18

I don't know why, but 3DS issues a new card command during startup. It's the second command sent, and never changes. It also reads back no data. :mystery:

Also, unrelated, but interesting: Bit-28 in the ROM ID signifies the game uses the 3DS protocol.

Pictures!
http://parasyte.kodewerx.org/projects/3ds/la_1.jpg

Author:  James0x57 [ Sun Apr 03, 2011 10:52 am ]
Post subject:  Re: 71 C9 3F E9 BB 0A 3B 18

I would love to learn what you're doing to get this info. So fascinating to me.


And I know it's early (and Kodewerx never really got into Wii hacking), but if you want to host it, I would love to replicate GeckoCodes for 3DS codes sexified with Kodewerx header. I suspect Kodewerx could do very well with 3DS hacking - even if it's just for fun, it'll boost traffic. =D
(and I can send paypal to pay for hosting)

Author:  Parasyte [ Sun Apr 03, 2011 12:55 pm ]
Post subject:  Re: 71 C9 3F E9 BB 0A 3B 18

Yes. KW needs a little pickmeup.

As for the photo, it's just a logic analyzer on the card bus. It's pretty easy to read the wave forms. Just getting the equipment is expensive, and there is soldering involved.

Author:  James0x57 [ Mon Apr 04, 2011 6:07 pm ]
Post subject:  Re: 71 C9 3F E9 BB 0A 3B 18

We've got access to the Wii's Mii channel and the 3DS can receive Miis from Wii.
Could a hacked Mii on the Wii + some alterations on the sending be the key for a chain loader on 3DS?

Author:  Parasyte [ Tue Apr 05, 2011 12:05 am ]
Post subject:  Re: 71 C9 3F E9 BB 0A 3B 18

Depends if there are any buffers to overflow, and if they are exploitable. The most common buffer overflows are caused by bad memory management around string manipulations. For example, using a really long name that should not be possible. Other attack vectors include exploiting decompression code, and plain old pointer manipulations.

I thought the same thing about GameCube being hacked through the GBA link (not GBA Player) and look how that turned out! The original hack was through Phantasy Star Online. lol.

Author:  Hextator [ Tue Apr 05, 2011 5:57 pm ]
Post subject:  Re: 71 C9 3F E9 BB 0A 3B 18

Which pins did you have to choose from aside from the card's bus and is it safe to assume what you're analyzing isn't encrypted?

Edit: What about stepping through things so they make sense, etc? Is there a clock you can manipulate?

Author:  Parasyte [ Wed Apr 06, 2011 8:56 pm ]
Post subject:  Re: 71 C9 3F E9 BB 0A 3B 18

It is the second command sent and does not change between eject/insert cycles, or even different game cards. There is no pre-initialization for any kind of encryption. If it's encrypted at all, decrypting it would be unnecessary.

See also: http://3dbrew.org/wiki/Gamecards

Page 1 of 1 All times are UTC - 8 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/