back

Console Hacking

Breaking the 3DS

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
01:12:47
Language
English
Abstract
In 2011 the Nintendo 3DS was released. Today it is the most popular current-gen handheld console, having sold more than 50 million units worldwide. The 3DS features a completely redesigned architecture from its predecessors the DS and the DSi. This talk will focus on the security features of the 3DS, and how we got around them.

We start by presenting a summary of the security system of the 3DS from the ground up. After the introduction, we proceed to elaborately exploit each layer of the 3DS operating system, starting with userspace, kernelspace, and finally gain code-execution in the security processor.

We also present how we figured out a hardware secret built into the console, and an early break in the chain of trust.

Basic knowledge of embedded systems and CPU architectures is recommended, although we aim to also make it enjoyable for non-technical audiences.

Talk ID
7240
Event:
32c3
Day
1
Room
Hall G
Start
11 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
plutoo
derrek
smea
Talk Slug & media link
32c3-7240-console_hacking

Talk & Speaker speed statistics

Very rough underestimation:
129.0 wpm
701.2 spm
While speaker(s) speak(s):
129.7 wpm
707.0 spm
166.6 wpm
915.7 spm
123.2 wpm
648.7 spm
96.4 wpm
534.9 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
129.0 wpm
701.2 spm
memorykernelcodesystemaccessbasicallykeykeysarm93dsarm11niceregiongpucallsdatahardwareapplauseuserlandthinggameversioncoursememchunkfunctiontimeapplicationstuffexecutioncallnsreadhomebrewnormalfirmwareinterestingbitgamespointerthingsmodepointrunningmenunintendooverwritedecryptexploittitlesecurity
While speakers speak:
129.7 wpm
707.0 spm
memorykernelcodeaccesssystembasicallykeykeysarm93dsarm11gpuniceregiondatacallshardwareuserlandthinggameversionfunctioncoursememchunkapplicationapplausecallnsstuffhomebrewfirmwaretimebitinterestingnormalexecutionreadgamespointermenurunningthingsmodepointoverwritenintendosecurityexploittitleobjects
smea:
166.6 wpm
915.7 spm
accesssystemcodebasicallygame3dsapplicationgpunsthingdatahomebrewnicehardwareversionarm11arm9menumemorycoursetitletimerunsregionpointapplausegamesmainkernelmodestuffnintendointerestingexploitannoyingbrowserseparaterunninguserlandentryservicegreattalkreleasedeshopcpufcramthingsropreason
plutoo:
123.2 wpm
648.7 spm
keykeysarm9basicallycodebitdecrypt3dsfirmwarenormalbinarynandmemorykeyxkeyyi/osetreadloaderbootromwiidsarm11jumpcryptosharedregionhashapplausehardwarefunctionsmeathingsniceenginecartridgebytesbitscleardataexecutionbootchangeotpearlypartitiongamesprocessorsecurityregions
derrek:
96.4 wpm
534.9 spm
kernelmemorysystemcodememchunkcallspointeruserlandaccessaddressobjectsfunctioncallc++objectmappedheapbasicallysizeexecutablefreeheaderoverwriteallocatorslabipcmapreadregionarm11smallexecutionhandlecounterinterestingstufflargesetgpupointersproblemsecuritycreatetablefcramcoursemappingupdatenormaldma