Hacking Atmosphere-NX - Custom Firmware in development by SciresM

SciresM

SciresM

Developer
Developer
Level 19
Joined
Mar 21, 2014
Messages
973
Trophies
3
Age
33
XP
8,297
Country
United States
Deathscreton said:
@SciresM

/* Package2 size, version number is stored XORed in header CTR. */
/* Nintendo, what the fuck? */

I loled. I don't know what he's talking about, but it must have been the blunder for him to be that exasperated about it. Can we get a little context?
Click to expand...

Ah, yeah. So, package2 header is basically [Signature] || [CTR] || [Encrypted Header]. When they decrypt the encrypted header, they decrypt everything after the signature in place, and then fix the CTR to be what it was pre-decryption.

Then, they derive some important values from the CTR (how big is the package2, what version is it).

AES-CTR's security relies on the CTR being a random number, and Nintendo's derivation results in a CTR that's certainly random...however, they sacrifice some of that randomness in order to derive values from it.
In particular, the CTR should be 128 random bits, but because of their derivations they only actually get 88 bits of randomness.

It's super WTF, because there's plenty of space where they could have stored that metadata elsewhere, without sacrificing any randomness...
 
  • Like
Reactions: Rauliki, uyjulian, lordelan and 14 others
theMille

theMille

Member
Newcomer
Level 3
Joined
Apr 3, 2016
Messages
23
Trophies
0
Age
41
XP
332
Country
United States
SciresM said:
Ah, yeah. So, package2 header is basically [Signature] || [CTR] || [Encrypted Header]. When they decrypt the encrypted header, they decrypt everything after the signature in place, and then fix the CTR to be what it was pre-decryption.

Then, they derive some important values from the CTR (how big is the package2, what version is it).

AES-CTR's security relies on the CTR being a random number, and Nintendo's derivation results in a CTR that's certainly random...however, they sacrifice some of that randomness in order to derive values from it.
In particular, the CTR should be 128 random bits, but because of their derivations they only actually get 88 bits of randomness.

It's super WTF, because there's plenty of space where they could have stored that metadata elsewhere, without sacrificing any randomness...
Click to expand...


Sooooooooo by sacrificing said randomness, technically wouldn't it then be less secure, I mean it seems bad enough that they would use an off the shelf arm with plenty of documented security shortcomings, but then also take liberties such as this.
 
T

Tilde88

Well-Known Member
Member
Level 7
Joined
Feb 16, 2015
Messages
295
Trophies
0
Age
36
XP
1,068
Country
United States
theMille said:
Sooooooooo by sacrificing said randomness, technically wouldn't it then be less secure, I mean it seems bad enough that they would use an off the shelf arm with plenty of documented security shortcomings, but then also take liberties such as this.
Click to expand...
I mean, I could be wrong, but it's still 88 encrypted characters. That's still quite formidable....
Let's see...

Assuming it only uses lowercase letters, uppercase letters, digits, and the 33 normal special characters. That is a total of 95 different characters per slot. 88 slots. So 95 to the 88th power, that is how many possible combinations exist. Would still take thousands of years (if not more) for the best cluster of supercomputers to bruteforce this.

Oh, this also assumes you were able to figure out the "pattern" and get the other 40 characters.if not, then it is 95 the 128th power. :-p
 
Last edited by Tilde88,
  • Like
Reactions: reminon
Nezztor

Nezztor

Well-Known Member
Member
Level 8
Joined
Nov 8, 2016
Messages
488
Trophies
0
XP
1,338
Country
Mexico
SciresM said:
Ah, yeah. So, package2 header is basically [Signature] || [CTR] || [Encrypted Header]. When they decrypt the encrypted header, they decrypt everything after the signature in place, and then fix the CTR to be what it was pre-decryption.

Then, they derive some important values from the CTR (how big is the package2, what version is it).

AES-CTR's security relies on the CTR being a random number, and Nintendo's derivation results in a CTR that's certainly random...however, they sacrifice some of that randomness in order to derive values from it.
In particular, the CTR should be 128 random bits, but because of their derivations they only actually get 88 bits of randomness.

It's super WTF, because there's plenty of space where they could have stored that metadata elsewhere, without sacrificing any randomness...
Click to expand...


*Nintendo hiring scires to make the next generation of console security*
 
SciresM

SciresM

Developer
Developer
Level 19
Joined
Mar 21, 2014
Messages
973
Trophies
3
Age
33
XP
8,297
Country
United States
theMille said:
Sooooooooo by sacrificing said randomness, technically wouldn't it then be less secure, I mean it seems bad enough that they would use an off the shelf arm with plenty of documented security shortcomings, but then also take liberties such as this.
Click to expand...

88 bits is totally sufficient randomness for a CTR, it's more a "wtf are you doing with this garbage design" than anything. My complaint is about how it makes the format gross (I want Nintendo to have clean, well-thought-out formats) more than anything.
 
  • Like
Reactions: theMille and Lacius
O

ootnes2

Well-Known Member
Member
Level 7
Joined
Oct 26, 2015
Messages
220
Trophies
0
Age
39
XP
1,107
Country
United States
SciresM said:
88 bits is totally sufficient randomness for a CTR, it's more a "wtf are you doing with this garbage design" than anything. My complaint is about how it makes the format gross (I want Nintendo to have clean, well-thought-out formats) more than anything.
Click to expand...

Surely you have been a professional programmer long enough to know how ugly the sausage is made, no matter which company is writing the code.
 
TheCyberQuake

TheCyberQuake

Certified Geek
Member
Level 14
Joined
Dec 2, 2014
Messages
5,012
Trophies
1
Age
28
Location
Las Vegas, Nevada
XP
4,433
Country
United States
TheCyberQuake said:
I would make some kind of meme picture with radial blur for speed emphasis but I'm way to lazy right now
Click to expand...
NVM I got bored and made it anyway
AiEVARX.png
 
  • Like
Reactions: uyjulian, theMille, MachRc and 9 others
TheCyberQuake

TheCyberQuake

Certified Geek
Member
Level 14
Joined
Dec 2, 2014
Messages
5,012
Trophies
1
Age
28
Location
Las Vegas, Nevada
XP
4,433
Country
United States
At this point I keep a tab open on my phone with the github to check commits. Most of it goes over my head but it's fun to watch it progress.

At this point I have wifi set to not automatically connect, and when it does connect it goes through fiddler proxy for update blocking
Only connect to wifi to download games while I can.

Hoping I can nab typoman before an update comes out.

Looking forward to seeing what the full release is. Maybe we'll get custom themes (or at least custom colors)
 
Nezztor

Nezztor

Well-Known Member
Member
Level 8
Joined
Nov 8, 2016
Messages
488
Trophies
0
XP
1,338
Country
Mexico
TheCyberQuake said:
At this point I keep a tab open on my phone with the github to check commits. Most of it goes over my head but it's fun to watch it progress.

At this point I have wifi set to not automatically connect, and when it does connect it goes through fiddler proxy for update blocking
Only connect to wifi to download games while I can.

Hoping I can nab typoman before an update comes out.

Looking forward to seeing what the full release is. Maybe we'll get custom themes (or at least custom colors)
Click to expand...

Any plans on getting a 2 switch for homebrew? or just holding with zelda like the 1.0.0 users
 
TheCyberQuake

TheCyberQuake

Certified Geek
Member
Level 14
Joined
Dec 2, 2014
Messages
5,012
Trophies
1
Age
28
Location
Las Vegas, Nevada
XP
4,433
Country
United States
Nezztor said:
Any plans on getting a 2 switch for homebrew? or just holding with zelda like the 1.0.0 users
Click to expand...
I have a 4.1.0 switch, so I can play any game right now and will have access to future physical copies for a bit after an update comes out. Blocking updates from there, and I have no plans to buy a second switch. My game library is large enough to hold out on 4.1.0, and I don't care about most games currently announced, and even then I can wait a bit for anything I do care about rather than buy a new switch.
 
  • Like
Reactions: Nezztor
S

SoslanVanWieren

Banned!
Banned
Level 6
Joined
Feb 6, 2017
Messages
1,809
Trophies
0
XP
857
Country
Australia
TheCyberQuake said:
I have a 4.1.0 switch, so I can play any game right now and will have access to future physical copies for a bit after an update comes out. Blocking updates from there, and I have no plans to buy a second switch. My game library is large enough to hold out on 4.1.0, and I don't care about most games currently announced, and even then I can wait a bit for anything I do care about rather than buy a new switch.
Click to expand...
Would rather have full control over the console in months to come instead of years.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Hacking Misc Tutorial  Eiyuden Chronicle Hundred Heroes save editing

Hacking  Weird findings from that DQ trilogy switch port

Migswitch backups without certificate files

Help a noob with if I need to update CFW to 18.0 or not

Emulation Misc  Is a totk memory editor possible? If so why has no one made one yet?

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Quincy @ Quincy:
    Usually when such a big title leaks the Temp will be the first to report about it (going off of historical reports here, Pokemon SV being the latest one I can recall seeing pop up here)
  • K3Nv2 @ K3Nv2:
    I still like how a freaking mp3 file hacks webos all that security defeated by text yet again
  • BigOnYa @ BigOnYa:
    They have simulators for everything nowdays, cray cray. How about a sim that shows you playing the Switch.
  • K3Nv2 @ K3Nv2:
    That's called yuzu
     +1
  • K3Nv2 @ K3Nv2:
    https://www.verizon.com/home/intern...0a82b82a&vendorid=CJM&PID=552179&AID=11365093 can I cancel and keep the switch lol
     +1
  • BigOnYa @ BigOnYa:
    I want a 120hz 4k tv but crazy how more expensive the 120hz over the 60hz are. Or even more crazy is the price of 8k's.
  • K3Nv2 @ K3Nv2:
    No real point since movies are 30fps
  • BigOnYa @ BigOnYa:
    Not a big movie buff, more of a gamer tbh. And Series X is 120hz 8k ready, but yea only 120hz 4k games out right now, but thinking of in the future.
  • K3Nv2 @ K3Nv2:
    Mostly why you never see TV manufacturers going post 60hz
  • BigOnYa @ BigOnYa:
    I only watch tv when i goto bed, it puts me to sleep, and I have a nas drive filled w my fav shows so i can watch them in order, commercial free. I usually watch Married w Children, or South Park
  • K3Nv2 @ K3Nv2:
    Stremio ruined my need for nas
  • BigOnYa @ BigOnYa:
    I stream from Nas to firestick, one on every tv, and use Kodi. I'm happy w it, plays everything. (I pirate/torrent shows/movies on pc, and put on nas)
  • K3Nv2 @ K3Nv2:
    Kodi repost are still pretty popular
  • BigOnYa @ BigOnYa:
    What the hell is Kodi reposts? what do you mean, or "Wut?" -xdqwerty
  • K3Nv2 @ K3Nv2:
    Google them basically web crawlers to movie sites
  • BigOnYa @ BigOnYa:
    oh you mean the 3rd party apps on Kodi, yea i know what you mean, yea there are still a few cool ones, in fact watched the new planet of the apes movie other night w wifey thru one, was good pic surprisingly, not a cam
  • K3Nv2 @ K3Nv2:
    https://www.aliexpress.us/item/3256...acdffdfd18f8a017742186da306980d9cf365d&gclid= lol ali
     +1
  • BigOnYa @ BigOnYa:
    Damn, only $2.06 and free shipping. Gotta cost more for them to ship than $2.06
     +1
  • BigOnYa @ BigOnYa:
    I got my Dad a firestick for Xmas and showed him those 3rd party sites on Kodi, he loves it, all he watches anymore. He said he has got 3 letters from AT&T already about pirating, but he says f them, let them shut my internet off (He wants out of his AT&T contract anyways)
  • K3Nv2 @ K3Nv2:
    That's where stremio comes to play never got a letter about it
  • BigOnYa @ BigOnYa:
    I just use a VPN, even give him my login and password so can use it also, and he refuses, he's funny.
  • BigOnYa @ BigOnYa:
    I had to find and get him an old style flip phone even without text, cause thats what he wanted. No text, no internet, only phone calls. Old, old school.
  • K3Nv2 @ K3Nv2:
    https://youtu.be/z9E_uv5IT-o?si=0qMdVEnRK8mmclzS
  • K3Nv2 @ K3Nv2:
    @BigOnYa, https://m.youtube.com/watch?v=qRJog...com/&source_ve_path=MjM4NTE&feature=emb_title
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    @BigOnYa, Lol I bought a new USB card reader thing on AliExpress last month for I think like 87 cents. Free shipping from China... It arrived it works and honestly I don't understand how it was so cheap.
     +1
    Psionic Roshambo @ Psionic Roshambo: @BigOnYa, Lol I bought a new USB card reader thing on AliExpress last month for I think like 87... +1