Hacking Link's Awakening - Crashing the entire 3DS system

[RupeeClock]

[youtube]Ltf23TWRvic[/youtube]

So here's the skinny of it all.

Basically by using the dog house glitch to get into a glitched section of map, after wandering around in there for long enough I got to this area.

I made a savestate here, and by correctly walking down the right-section of the screen, you'll reach all the way to the final boss, where the game will completely freeze the 3DS system. Can't access the emulator touch screen menu, home button does nothing, all that's left is to force power off.

I've also grabbed the save file off my SD card, and hopefully someone will be able to load the save file onto their copy of Link's Awakening.
It's a 00000001.sav file, a combined SRAM and savestate file actually. Just put it in the right folder, over-writing the old LA Save file and you should be able to access the save state and try freezing your own 3DS. It's from a UK system, so try it on another UK system.

http://www.megaupload.com/?d=TDFHF8I6

Using the savestate to get to the section of the map can be a little tricky, but every time you get to the final boss screen, the freeze is 100% certain to happen.

I doubt actually freezing the 3DS this way will yield anything, but it's nice to have a way to be able to crash the entire system through an official software.
A Gameboy Color emulator, of all things. You'd think the rom crash would just mess up the emulation.

 

[Langin]

I think we should report this to Nintendo. They need to fix this really. may I give this to Nintendo?

I am serious! I think that if this happens to other games it might give more problems then just a freeze...

 

[RupeeClock]

I think we should report this to Nintendo. They need to fix this really. may I give this to Nintendo?

I dunno, to get the system to freeze, you had to perform some pretty extreme glitching to begin with.

It'd be more fun if someone found something about the 3DS by crashing it, and I dunno, examining RAM dumps or something. Whatever they can find by using a reproducable system crash.

 

[Quincy]

I think we should report this to Nintendo. They need to fix this really. may I give this to Nintendo?

I dunno, to get the system to freeze, you had to perform some pretty extreme glitching to begin with.

It'd be more fun if someone found something about the 3DS by crashing it, and I dunno, examining RAM dumps or something. Whatever they can find by using a reproducable system crash.

RAM dumps still haven't happend..

 

[RupeeClock]

RAM dumps still haven't happend..

Yeah, I haven't been following much.
I just thought that a system crash may be useful to someone somehow. It's there to be used now.

 

[raulpica]

Aren't SD save files encrypted on a per-system basis?

This probably won't work on any other 3DS out there.

 

[RupeeClock]

Aren't SD save files encrypted on a per-system basis?

This probably won't work on any other 3DS out there.

If that's true, that's unfortunate.

Still, if I was able to get to this scenario, it should be possible for other players to get to the same screen and get to the same area to crash the system.

That being said, there's a quick way to get to the screen, but it doesn't result in a system crash like this, I think you have to explore the doghouse map for some time before its possible to freeze the system.

 

[Snailface]

Even if you did manage somehow to get some injected code running, there remains the fact that you're only in DS or DSi mode. I doubt this would be any more helpful than crashing a GB game while using a DS flashcart.

Anyway, I still don't want to discourage people from tinkering and tampering, something is bound to work in the future.

 

[RupeeClock]

Even if you did manage somehow to get some injected code running, there remains the fact that you're only in DS or DSi mode. I doubt this would be any more helpful than crashing a GB game while using a DS flashcart.

Anyway, I still don't want to discourage people from tinkering and tampering, something is bound to work in the future.

Link's Awakening, the virtual console title is running in 3DS mode actually.

 

[raulpica]

Even if you did manage somehow to get some injected code running, there remains the fact that you're only in DS or DSi mode. I doubt this would be any more helpful than crashing a GB game while using a DS flashcart.

Anyway, I still don't want to discourage people from tinkering and tampering, something is bound to work in the future.

Link's Awakening, the virtual console title is running in 3DS mode actually.

Yeah, it should be 3DS mode. Anyway this might just be a simple crash, and not necessarily something exploitable.

Also I'm pretty sure that only Team Twiizers (at least publicly) knows how to inject code into a DSiWare successfully.
That was on DSiWare, so it might not work on 3DSWare, and we don't even know if the exploit the used for injecting the code was fixed or not.

 

[RupeeClock]

Unbelievably enough, I just found a way to freeze the system with a very quick and easy path, just from the entrance of the dog house.

All you need is the ability to jump over some glitched tiles, that would otherwise send you elsewhere. That's the Roc's Feather from the first dungeon.

I'm gonna make a video of it ASAP, since you don't need a savestate or anything.

 

[Quincy]

Let the guys in #3dsdev know. I doubt that anything will come out of it without ram dumps but maybe...

 

[RupeeClock]

Let the guys in #3dsdev know. I doubt that anything will come out of it without ram dumps but maybe...

Is that an IRC chat room around here? I don't use IRC or anything like it, so...

Anyhow here's the improved crash method, no savestate needed, just a gamesave that has the Roc's feather ready.

[youtube]RCyhUTpdWB8[/youtube]

 

[cojiro]

Let the guys in #3dsdev know. I doubt that anything will come out of it without ram dumps but maybe...

Is that an IRC chat room around here? I don't use IRC or anything like it, so...

Anyhow here's the improved crash method, no savestate needed, just a gamesave that has the Roc's feather ready.

[youtube]RCyhUTpdWB8[/youtube]

http://chat.efnet.org/irc.cgi

chose #OTHER, and then type in #3dsdev

 

[RupeeClock]

http://chat.efnet.org/irc.cgi

chose #OTHER, and then type in #3dsdev

Thanks, I've dropped them a message on there.
Someone's already responded.

 

[RupeeClock]

Well now, this is curious.
I just tried performing this crash glitch on my gameboy color with the original cartridge, and it froze in the exact same way.

Is the 3DS emulating the GBC rom so exactly that what freezes a GBC system, will also freeze a 3DS system?

Can what we've learnt about the Gameboy color be applied to the virtual console on the 3DS, in some contrived way?

 

[Quincy]

Well now, this is curious.
I just tried performing this crash glitch on my gameboy color with the original cartridge, and it froze in the exact same way.

Is the 3DS emulating the GBC rom so exactly that what freezes a GBC system, will also freeze a 3DS system?

Can what we've learnt about the Gameboy color be applied to the virtual console on the 3DS, in some contrived way?

Normally, big N fixes known bugs before submiting them to the Virtual Console (If they still do it the same way as they did with WiiVC). Apart from that it is an exact emulation. See it as VBA for 3DS, but only for the GBC version for LA.

 

[Tom Bombadildo]

Well now, this is curious.
I just tried performing this crash glitch on my gameboy color with the original cartridge, and it froze in the exact same way.

Is the 3DS emulating the GBC rom so exactly that what freezes a GBC system, will also freeze a 3DS system?

Can what we've learnt about the Gameboy color be applied to the virtual console on the 3DS, in some contrived way?

Normally, big N fixes known bugs before submiting them to the Virtual Console (If they still do it the same way as they did with WiiVC). Apart from that it is an exact emulation. See it as VBA for 3DS, but only for the GBC version for LA.

That's correct, but it's still crashing the whole 3DS system. It's been assumed that the system processes run on one CPU while games and such run on the other, if that's true, in theory, you'd be able to activate system processes by pressing the home button or by pressing the power button. So the glitch must be crashing the entire system. Although I doubt it will lead to any kind of exploit (don't quote me on that in case it does

) It's still pretty interesting. Perhaps we could find more glitches in the VC games on the 3DS that may lead to an exploit. Or not. Whatever, we'll never know until it happens

.

But very interesting find! I don't think a lot of people would have thought to do some random glitch on any virtual console games! Do you think you could tell us what the people in 3dsdev said about your find?

 

[Slyakin]

I assumed that pressing the Home Button was a process that was a part of the emulation; In that way, the OS doesn't have to be layered on top giving Nintendo more RAM to work with. So, by freezing emulation, you freeze the "3DS Processes".

So... Nothing too interesting. :/

Unless of course I am completely wrong. :

 

[Quincy]

Well now, this is curious.
I just tried performing this crash glitch on my gameboy color with the original cartridge, and it froze in the exact same way.

Is the 3DS emulating the GBC rom so exactly that what freezes a GBC system, will also freeze a 3DS system?

Can what we've learnt about the Gameboy color be applied to the virtual console on the 3DS, in some contrived way?

Normally, big N fixes known bugs before submiting them to the Virtual Console (If they still do it the same way as they did with WiiVC). Apart from that it is an exact emulation. See it as VBA for 3DS, but only for the GBC version for LA.

That's correct, but it's still crashing the whole 3DS system. It's been assumed that the system processes run on one CPU while games and such run on the other, if that's true, in theory, you'd be able to activate system processes by pressing the home button or by pressing the power button. So the glitch must be crashing the entire system. Although I doubt it will lead to any kind of exploit (don't quote me on that in case it does

) It's still pretty interesting. Perhaps we could find more glitches in the VC games on the 3DS that may lead to an exploit. Or not. Whatever, we'll never know until it happens

.

But very interesting find! I don't think a lot of people would have thought to do some random glitch on any virtual console games! Do you think you could tell us what the people in 3dsdev said about your find?

Thank god for my massive IRC buffer:

Hi guys.
Some guys at GBAtemp thought I should let you know about this bug I found
I found a way to freeze the Nintendo 3DS in 3DS mode, using Link's Awakening DX on virtual console
I've prepared a video demonstrating it too
http://www.youtube.com/watch?v=RCyhUTpdWB8
Hope you guys maybe find some sort of use for it, being a system freeze.
not sure it will help, but nice find
Thanks
What's nice is that you only need a small bit of game progress and no pre-requisite files
--after this it gets kinda offtopic--
Hi, someone found a way to freeze 3ds with links awakening, is that exploitable?
probably not
he's already here anyway as RupeeCloc
or perhaps she*
Yeah, I doubt it's exploitable, but I still think it was worth sharing just in case
Then, I have only £6.60 and I cant add funds anymore.Should I download this title or wait??
download it, it's a great game
It's still a fun game to play, but don't buy it if you just want to freeze your system
It's probably only good for a little bit of R&D
n00b661: if you think you will play the game then go ahead
I've only truly beaten a few games in my life
so in general I get games that you can't really beat but you can play over and over
I am ambassador(yay!) and I think i will wait for a new title.
yeah
* Mrafrohea ([email protected]) Quit (Read error: Connection reset by peer)
I'd suggest waiting
I'm sure as an ambassador you will get plenty of entertainment for free
Are the users in this room a member of hack teams or
single hacker? (Sorry for my English.)
n00b661: depends on who you are refering to
* Mrafrohea ([email protected]) has joined #3dsdev
I myself am not really a hacker
but I'm sure others in here are
I recognise a few members in the users list as hackers like CaitSith2 and DarkFader
I might be mistaken
So only think we can do is waiting...
thing*
CS2 was foolin with the PIN reset thing I think
Thanks for yours answers, I am going to sleep.