What about DSaveManager ? I have a 3ds with a flash card, can i use this software to restore a savegame to a 3ds cartridge?
I don't think he's asking whether or not the keys are ever in Main Memory, I think he's asking if they are on the device, and they are - on the encryption chip which is separate from the rest of the hardware and deals with encryption and encryption alone. If the console did not have a key to decrypt content, it wouldn't play the content. If it didn't have a key to sign content, eShop wouldn't work. You technically can sign content on the 3DS itself and for your own use - the console does it natively."most of the time, they are" - no they aren't. That would completely defeat the point of assymetric encryption. The only time private keys were stored on a console was some of the PSP keys being stored on the PS3.
Unfortunately not. This method requires that you load DSaveManager on your DS Lite or DS system, and then swap the cartridge so it can read/write that cart's save data via WLAN.What about DSaveManager ? I have a 3ds with a flash card, can i use this software to restore a savegame to a 3ds cartridge?
No, the private key is not on the console in anyway. Unless someone screwed up big time. A console specific key is there, but that is not enough to sign executable content.I don't think he's asking whether or not the keys are ever in Main Memory, I think he's asking if they are on the device, and they are - on the encryption chip which is separate from the rest of the hardware and deals with encryption and encryption alone. If the console did not have a key to decrypt content, it wouldn't play the content. If it didn't have a key to sign content, eShop wouldn't work. You technically can sign content on the 3DS itself and for your own use - the console does it natively.
The problem lays in the key only, as it is pretty much unreadable and blanks out upon a decapping attempts as far as I know - it has its own embedded memory, so you can't "jack into it" from the outside either.
Then how, pray tell, is the 3DS "signing" content downloaded from the eShop in such a fashion that it is bootable only on one specific 3DS, when I am pretty certain that it does not download pre-signed? I'm not saying you're wrong, I'd just like an explaination - the way I see it, the console has to sign the content in some fashion.No, the private key is not on the console in anyway. Unless someone screwed up big time. A console specific key is there, but that is not enough to sign executable content.
Then how, pray tell, is the 3DS "signing" content downloaded from the eShop in such a fashion that it is bootable only on one specific 3DS, when I am pretty certain that it does not download pre-signed? I'm not saying you're wrong, I'd just like an explaination - the way I see it, the console has to sign the content in some fashion.
Then how, pray tell, is the 3DS "signing" content downloaded from the eShop in such a fashion that it is bootable only on one specific 3DS, when I am pretty certain that it does not download pre-signed? I'm not saying you're wrong, I'd just like an explaination - the way I see it, the console has to sign the content in some fashion.
Why would it not download pre-signed? Makes more sense to download content pre-signed.
Because that would require the 3DS to actually send the 3DS-specific key each time via the Internet, and that can be intercepted. It actually makes MORE sense to me to use an on-board chip with memory on the silicone instead.The content is signed by Nintendo and then encrypted with a 3DS specific key, I think. Then it is put on the SD card.
Exchanging SD cards between 3DSs should not work if that is true.
The content that is downloaded is signed with Nintendo's private key, prior to being made available for download. The signature is verified and the content will be re-encrypted using the per-console key as part of the process of installing it to NAND. (I may have over simplified slightly or whatever, but this is the gist; content that is download is already signed. It is just encrypted again with a per console key, not signed). It does download pre-signed. It would be a foolish security system to have signing done on the client system.Then how, pray tell, is the 3DS "signing" content downloaded from the eShop in such a fashion that it is bootable only on one specific 3DS, when I am pretty certain that it does not download pre-signed? I'm not saying you're wrong, I'd just like an explaination - the way I see it, the console has to sign the content in some fashion.
To clarify, this does not happen. The downloaded version will be signed with the 3DS private key (universal to all 3DS systems due to the corresponding common key present on all units), then the client 3DS will do the per-console crypto to stop it being copied to another 3DS unit. The 3DS private key (should) never be present on any 3DS, or indeed anywhere outside of some isolated computer at Nintendo HQ (that's a postulation, but it's probably not far fetched; they don't want to risk it leaking at all).Because that would require the 3DS to actually send the 3DS-specific key each time via the Internet, and that can be intercepted. It actually makes MORE sense to me to use an on-board chip with memory on the silicone instead.
I must've confused the common key with the private key - private sort-of implies that it's private to every console, common is the one that's common with all. Nomenclature, nomenclature.-stuff-
Because that would require the 3DS to actually send the 3DS-specific key each time via the Internet, and that can be intercepted. It actually makes MORE sense to me to use an on-board chip with memory on the silicone instead.
Because that would require the 3DS to actually send the 3DS-specific key each time via the Internet, and that can be intercepted. It actually makes MORE sense to me to use an on-board chip with memory on the silicone instead.
I must've confused the common key with the private key - private sort-of implies that it's private to every console, common is the one that's common with all. Nomenclature, nomenclature.
Common key (aka public key) is indeed common to all. It is also "public" in the sense that it is "known" by consumer 3DS units.I must've confused the common key with the private key - private sort-of implies that it's private to every console, common is the one that's common with all. Nomenclature, nomenclature.
The common key IS the same for each and every console, so that part is right. The private key is private because only Nintendo has it. From what I understand the things probably happen sort of like this:I must've confused the common key with the private key - private sort-of implies that it's private to every console, common is the one that's common with all. Nomenclature, nomenclature.
Yeah, the signing vs encrypting is kind of confusing to me too. I mean, for the end user, the result is the same (not being able to launch content on a different system), so it's hard to tell the difference, but the implementation, security and speed are different. It doesn't help that encrypting stuff is one of the steps in signing something.I think I'm getting the gist of it - I simply called "encryption on the device itself" signing, nevermind. Arras's description checks out with what I had in mind, I just thought that it's not pre-signed.
While that may be possible, you'll need to figure out how the actual encrypting/signing is done as well and you need to grab the key which is probably pretty much impossible without a hacked or heavily hardware modded (like neimod's RAM setup) 3DS. There might also be more stuff that prevents such a thing. You may need to register that game as installed in the 3DS's internal memory somewhere, for example.So, with the console key(found in movable.sed?) we can re-encrypt eShop games to be played on every 3DS..