Jailbreaking the 3DS through 7 years of hardening

The presentation discusses the vulnerability of Nintendo's 3DS system and how it can be exploited through the SMB server. The speaker also explains the limitations of DEP and how DMA can be used to overwrite memory.

• Nintendo's 3DS system has vulnerabilities that can be exploited through the SMB server
• DEP is a good mitigation but has limitations
• DMA can be used to overwrite memory
• The speaker's personal goal is to run homebrew on the 3DS system

The speaker used a fuzzing code to find a vulnerability in the SMB server that allowed them to overwrite the return address and execute remote code. They also explained how DMA can be used to overwrite memory and the limitations of DEP. The speaker's personal goal is to run homebrew on the 3DS system.

The 3DS was one of Nintendo's first serious attempts at security, featuring a cool microkernel based OS and actual exploit mitigations. That didn't stop it from getting hacked pretty hard, making it possible for people to write their own homebrew software for the console. But Nintendo isn't one to back off from a fight and, as a result, has put significant effort into not only fixing vulnerabilities but also introducing new security features targeted specifically at killing exploit techniques used by hackers. This talk will describe hacking the console through all these defensive features by walking through a 0-day exploit chain that takes us all the way from zero access to a full system jailbreak.