3ds emulater?

[Karjam]

Adding on to what machomuu said, if you were to read this thread, you'd find out that an actual working 3DS emulator doesn't exist yet.

 

[ThorhianTheUltimate]

There's also the point of having to emulate the 3DS's operating system in order to emulate the system properly, and the fact that apparently, the latest firmware blocks Gateway and other flashcards.

The former is very difficult unless you have the actual ROM images of the firmware/OS.

The fact that it even has an OS is the reason why the latter's difficult to get around of (or even that it's nearly impossible to run homebrew on the 3DS level instead of the NDS level). The OS itself can detect whenever a certain exploit is trying to be used and either prevents it from happening or throws an error message (you know, those black screen of deaths that the 3DS had in the past?).

It's for this reason why Gateway doesn't work with firmware version 5 and above (we're currently in version 7). And if you don't upgrade, you're missing on a lot of features like the eshop and the latest games.

That's probably what the rumored "enhanced protection against software pirates" are.

Smeal and Gateway got around that by bootstrapping the latest firmware from the ancient version of it while running unsigned code from the background. Even then, it's very risky to do (they're lucky that Nintendo didn't try to prevent this from happening, not to mention the fact that this method can potentially break your system if you didn't do it properly).

Finding a new exploit is the real problem. Also, most devices have OS's, including the original DS, has an operating system. The real problem here is the software is updatable, not that it has an OS.

Using Emunand is actually pretty safe, seeing as it loads a NAND image from the SD card, not the all important physical one, since you could consider this like another hyper visor or sandbox they have created. DEVELOPING the application and services around this software for Emunand can be dangerous since not enough is known about the 3DS and people can accidentally mess with the OS/Firmware. Those guys can run unsigned code, Ninty can't do crap when you've got full kernal control, you just have to know how to use it. It can't magically detect if it has been exploited when you disable of its software security checks. Ninty patched the kernal exploit in the 5.0+ updates, that's why those flash carts/Homebrew programs don't work on newer versions. They have to find the the code that can be exploited and fix it. The Userland exploit was later fixed in 7.0. Thankfully I can still play pokemon X.

One last thing, the guys who are doing this are pretty darn good at what they do. Unless you do something VERY bad to the 3DS (I'm wondering what happened to Yellow8's 3DS), your only going to get a software brick. Before doing there work, they make NAND dumps. You can restore with those, and even downgrade with them (but for their own systems, they won't work on others due to encryption). All it takes is a bit of soldering and a few USB parts and a computer.

 

[Karjam]

What I mean by "OS" is that the OS is much more involved with the 3DS functions on 3DS mode compared to the original NDS, which is why it, like the Wii U, has parts of the 3DS memory reserved for it, why you can access the home menu while the game's running, the fact that it's the 3DS's OS itself that gives off the wifi-based error messages, the fact that certain games uses the OS's built-in keyboard for input, etc.

And just because the fact that it's running off of "Emunand" doesn't mean Nintendo can't use a previously-undiscovered means for detecting it and blocking itself from running on it (or at least certain features). They just apparently haven't done so yet.

Afterall, as you said yourself, "not much is known about the 3DS".

 

[ThorhianTheUltimate]

What I mean by "OS" is that the OS is much more involved with the 3DS functions on 3DS mode compared to the original NDS, which is why it, like the Wii U, has parts of the 3DS memory reserved for it, why you can access the home menu while the game's running, the fact that it's the 3DS's OS itself that gives off the wifi-based error messages, the fact that certain games uses the OS's built-in keyboard for input, etc.

And just because the fact that it's running off of "Emunand" doesn't mean Nintendo can't use a previously-undiscovered means for detecting it and blocking itself from running on it (or at least certain features). They just apparently haven't done so yet.

Afterall, as you said yourself, "not much is known about the 3DS".

Oh, they have already tried to, or at least inadvertently tried withh 7.0+, too bad more patches to the software for Emunand can be done to defeat such countermeasures. Hacking is a cat and mouse game, a REALLY LONG cat and mouse game. As long as someone has Kernal access, it's free game for the hackers. Emunand is similar to virtualization in the fact that it is sandboxed and can be influenced by outside software, but it is nearly impossible to for the software inside to do anything to the outside. If there were any aggressive security protocols in 4.5, they would have probably been discovered by now. The main security measures in the 3DS are hardware level encryption, which normally prevents kernal access along with some software security such as the hyper visor tech used to seperate OS and the application running. A LOT of the OS, sys calls, services, etc are known, people really just need to learn more about the more technical aspects of the GPU calls and the hardware itself, which is why a SoC decapping would be beneficial.


The funny thing with Emunand though, is that since it will probably work (I don't know the future, so I can't say for sure, no one can) so well that it may distract Gateway and it's clones/competitors from finding a better exploit. Hopefully neimod and smealum will keep on working with that.

 

[Karjam]

In case you guys don't know: I'm not saying it's impossible to hack the 3DS. I'm saying that it's difficult.

Anyway, just because it's sandboxed doesn't mean that the firmware itself can't detect that it's sandboxed and thus react accordingly.

And who says Nintendo can't get clever and perform tricks to prevent unsigned code/unauthorized copies of games from running even while it's sandboxed?

Also, in case you didn't know already, Smeal would never release his 3DS hacking results to the public due to paranoia about piracy. He said so himself.

EDIT: Third revision of post. If a reply doesn't match up to what I've said, this is why. :P

 

[machomuu]

Also, in case you didn't know already, Smeal would never release his 3DS hacking results to the public due to paranoia about piracy. He said so himself.

Smart decision, because there was a crapton of piracy on the DS. That's considering that one had to pay to buy a flashcart to play games, and a little more to play GBA games. Using a flashcart on the 3DS, or rather, getting one for a 3DS is an expensive deal. But if there was an exploit that let people softmod the 3DS for free? It would be on a whole other level. That's also taking into consideration the rapidly increasing popularity of the system and the increasing awareness of flashcarts and emulators.

It would put a dent in sales, but it wouldn't kill the 3DS. It could, however, damage and scare away developers. This was the case of the easily softmoddable Wii and various potential DS developers. For instance, the creator of Red Steel ended at 2 because of the rate of piracy for the game. It could be devastating for indie developers. So I'd say that the "paranoia" is just.

 

[Karjam]

It would put a dent in sales, but it wouldn't kill the 3DS. It could, however, damage and scare away developers. This was the case of the easily softmoddable Wii and various potential DS developers. For instance, the creator of Red Steel ended at 2 because of the rate of piracy for the game. It could be devastating for indie developers. So I'd say that the "paranoia" is just.

I agree.

This is Nintendo's motivation for making it difficult to hack the 3DS: to prevent piracy.

 

[ThorhianTheUltimate]

In case you guys don't know: I'm not saying it's impossible to hack the 3DS. I'm saying that it's difficult.

Anyway, just because it's sandboxed doesn't mean that the firmware itself can't detect that it's sandboxed and thus react accordingly.

And who says Nintendo can't get clever and perform tricks to prevent unsigned code/unauthorized copies of games from running even while it's sandboxed?

Also, in case you didn't know already, Smeal would never release his 3DS hacking results to the public due to paranoia about piracy. He said so himself.

EDIT: Third revision of post. If a reply doesn't match up to what I've said, this is why. :P

The problem with trying to detect if its sandboxxed it would need to see inaccuracies while running. The problem with implementing like I said before is that the hacker is still on 4.5, and even if they pull a nasty trick that somehow screws with the data on the real NAND, then you just use your NAND backup and react from there. Ninty can't stop people from running unsigned code if they are still on 4.5. The only thing that I think they could do is try to preventing unsigned code inside the Sandbox by implementing enough checks, therefore making it so you have to make the setup more and more accurate. Of course, I bet you could still monitor RAM, whether via software or by hardware like Neimod's setup. I'm pretty sure Ninty wouldn't really try to go to too many extremes, since they have bigger fish to fry. They just need to keep finding more and more bugs and exploits to fix and patch holes to prevent newer exploits on newer firmware. The people who are on 4.5 and hacking their system is quite minuscule, and can't really hurt them right now whether or not they Emunand.

Also, I am aware smeal won't release his software. I thinks its respectful. I don't do piracy, I only rip from my Carts/disks. Unfortunately, people are using awesome hacks for not so great things. I think you could say I'm a dying breed compared to the majority of people who usually hack devices such as this. He did say if he can find a solution that would only allow Homebrew, then he would release (I am unsure of that possibility myself though).

Smart decision, because there was a crapton of piracy on the DS. That's considering that one had to pay to buy a flashcart to play games, and a little more to play GBA games. Using a flashcart on the 3DS, or rather, getting one for a 3DS is an expensive deal. But if there was an exploit that let people softmod the 3DS for free? It would be on a whole other level. That's also taking into consideration the rapidly increasing popularity of the system and the increasing awareness of flashcarts and emulators.

It would put a dent in sales, but it wouldn't kill the 3DS. It could, however, damage and scare away developers. This was the case of the easily softmoddable Wii and various potential DS developers. For instance, the creator of Red Steel ended at 2 because of the rate of piracy for the game. It could be devastating for indie developers. So I'd say that the "paranoia" is just.

BTW, you need some sort of hardware to hack 3DS. Smealum used some other game's exploit I think, but I'll have to double check. You need a device that can replace the save data. The easiest way to do it is with a DS mode flashcart. When you load the payload to the 3DS, you really DONT need a flashcart. Gateway is just a easy way to load ROMs, instead of programming an SD loader. Smealum said it himself that it would be easy to write such a thing since Emunand works. Gateway IMO is a cash grab, and similar to the PS3 dongle bull crap.

 

[Karjam]

As far as I know, Smeal's exploit involves going to the system settings and viewing something (I think save data).

And, as you said, it's a cat-and-mouse game.

Meaning, Nintendo can make it harder and harder for it to work in ways that it's not intended to work in by, for example, by researching how emu-nand works, and then, when it detects it in software memory (since it has to leave some traces behind in system memory in order for it to work. And no, I'm not talking about firmware), refuse to run. And also check to see if it can access all four corners of its memory to see if it can access it, and, if some of the memory's been paged onto the SD card itself, trace its read-write speed, and if it detects an unusual speed, refuse to run (since SD cards are very slow, and even if you use an SD card that supports top speeds, it's limited by the speed of the bus that it has to be plugged into).

And I don't think Nintendo would just let electronics modify the core memory of the 3DS through chips on 3DS cartridges and SD cards, especially since it has Data Execution Prevention. (Google it - this is my 13th post, and I can only post links when I posted at least 15 times here.)

It's not like I don't want it to be hacked, it's just that I'm concerned for piracy. Thus, the people who are hacking the devices nowadays are reluctant to release their results unless they approve of piracy (like Gateway).

Even Team Twiizers, one of the original hackers of the original Wii, seem reluctant in releasing their breakthroughs in hacking the Wii U due to concern over Piracy (which they've learnt the hard way when they've released their breakthroughs in hacking the PS3).

By the way, DemonicWolf, the one who started this thread to ask about a 3DS emulator, actually asked because he wanted to play "Professor Layton and the Azran Legacy" on his computer (ie, he's implying he wants to pirate 3DS games).

 

[ThorhianTheUltimate]

As far as I know, Smeal's exploit involves going to the system settings and viewing something (I think save data).

And, as you said, it's a cat-and-mouse game.

Meaning, Nintendo can make it harder and harder for it to work in ways that it's not intended to work in by, for example, by researching how emu-nand works, and then, when it detects it in software memory (since it has to leave some traces behind in system memory in order for it to work. And no, I'm not talking about firmware), refuse to run. And also check to see if it can access all four corners of its memory to see if it can access it, and, if some of the memory's been paged onto the SD card itself, trace.... Snipped due to size, go read original post if you want the whole thing, sorry karjam.

Yeah, I get what your saying, and I don't like piracy either. Also, yeah, I think your right about the D.E.P. Memory. I'm trying to investigate currently the more technical aspects of Emunand. From what I've learned so far, at least from what smealum did (I have no idea about the Gateway Emunand), he ran from NAND image almost directly, except he did something to allow for custom code obviously due to some of his experiments. I wonder if he can control the boot up sequence from there and load a program from there..... I do feel kinda bad for smea, a lot of people are harassing him because they just want to get their greedy little fingers over hundreds of ROMs that they don't own/ have a license to (no offense to the other people who asked kindly for better purposes).

Also, I thought Fail0verflow hacked the Wii U, or are they one in the same (or have multiple people part of both teams)? When I get the time I'm going to watch their 30c3 presentation.

Also, I found out someone managed to patch the Gateway launcher to install Emunand with region free access, no 3DS flash cart required, just a way to load the original .nds file. Also, since you don't have the gateway cart, no ROM loading either.

Oh, and Karjam, when you see the system settings and etc when they have a hacked 3DS, they use the MSET Userland hack which involves overwriting some of the DS settings and then I'm pretty sure you do a smash stack when you load those settings in the 3DS OS when you click there. From there, you have to use ROP chain programming to target some vulnerabilities in NATIVE_FIRM. The NATIVE_FIRM vulns gives you kernal access, and that was fixed in 5.0+. The MSET hack was fixed in 7.0+. That's why Gateway has only mentioned the possibility of supporting versions up to 6.3, since they still have the Userland vuln.

 

[Karjam]

I, uh, confused Fail0verflow for Team Twiizers.

Everyone makes mistakes, here. :P

And thanks for the info about how they did the stack overflow exploit.

 

[ThorhianTheUltimate]

I, uh, confused Fail0verflow for Team Twiizers.

Everyone makes mistakes, here. :P

And thanks for the info about how they did the stack overflow exploit.

Well I'm pretty sure after looking at their presentation for the Wii U, thy are the same people under a different name. They were Twiizers because of their Tweezer Wii hack.