Homebrew [Coming Soon] OTPless A9LH installation on N3DS (no 2.1 downgrade)

dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
mathieulh said:
Not to sound like a douche, but pretty much everyone and their grandmother found the aes ecb hack, including the whole #ctrdev channel months back. I personally found it right after the ccc conference, I am pretty sure I wasn't the only one. The vulnerability is plain obvious when you know the slightest thing about AES implementation.

Envoyé de mon SM-G935F en utilisant Tapatalk
Click to expand...
well, yeah, I never said it was some huge achievement. It's cool, it requires a bit of lower level knowledge to find and I didn't have much experience when I found it. You're right it's quite obvious, I never said it wasn't (it's obvious to the point that I can't understand why nintendo would not have seen it...). Point is, it's my first thing, and no matter how simple it is, it's still a bit ethereal to have something I found come to fruition, but it's starting to sink in :)
 
  • Like
Reactions: sup3rgh0st, Quantumcat, ManuelKoegler and 11 others
J

jimmyleen

Well-Known Member
Member
Level 5
Joined
Feb 28, 2016
Messages
1,171
Trophies
0
XP
704
Country
In order to use this you still need to downgrade but only to version 9.2, no higher or lower.

I repeat only downgrade to version 9.2...if possible.
 
Myria

Myria

Well-Known Member
Member
Level 6
Joined
Jul 24, 2014
Messages
464
Trophies
0
Age
42
XP
851
Country
United States
mathieulh said:
Not to sound like a douche, but pretty much everyone and their grandmother found the aes ecb hack, including the whole #ctrdev channel months back. I personally found it right after the ccc conference, I am pretty sure I wasn't the only one. The vulnerability is plain obvious when you know the slightest thing about AES implementation.

Envoyé de mon SM-G935F en utilisant Tapatalk
Click to expand...
I remember knowing about the ECB trick a while ago. It was rather obvious. I just didn't think that there would be a viable option, because I had thought that the branch window was much narrower (such as in how arm9loaderhax now works). I hadn't thought of relying upon the boot ROM not clearing ARM9 WRAM to make the viable branch 'window' much larger.

Also, there is the matter of dark_samus actually doing all the research and manual checking of all the possible choices. That's where a lot of the effort was.
 
Last edited by Myria,
  • Like
Reactions: Quantumcat, peteruk, Xiphiidae and 4 others
M

mathieulh

Well-Known Member
Member
Level 6
Joined
Feb 28, 2008
Messages
378
Trophies
0
Website
keybase.io
XP
897
Country
France
dark_samus3 said:
well, yeah, I never said it was some huge achievement. It's cool, it requires a bit of lower level knowledge to find and I didn't have much experience when I found it. You're right it's quite obvious, I never said it wasn't (it's obvious to the point that I can't understand why nintendo would not have seen it...). Point is, it's my first thing, and no matter how simple it is, it's still a bit ethereal to have something I found come to fruition, but it's starting to sink in :)
Click to expand...
Well, it only works because they forgot to check the second key against a test vector. Of course it would have been safer if they had been using AES CBC instead (there was no point in using ECB, that's just very bad implementation from the get go in that specific usage), of course it would have been a whole lot safer to have hashed the keystore and encrypt said hash using an RSA private key.
That said, this would have killed the whole kernel9 loader hack in the first place. Nintendo shouldn't trust people developers working on security implementations when those do not know about the basis of cryptography. (A fact which they have plainly demonstrated)

Envoyé de mon SM-G935F en utilisant Tapatalk
 
  • Like
Reactions: VinsCool, SciresM, dark_samus3 and 1 other person
M

mathieulh

Well-Known Member
Member
Level 6
Joined
Feb 28, 2008
Messages
378
Trophies
0
Website
keybase.io
XP
897
Country
France
Myria said:
I remember knowing about the ECB trick a while ago. It was rather obvious. I just didn't think that there would be a viable option, because I had thought that the branch window was much narrower (such as in how arm9loaderhax now works). I hadn't thought of relying upon the boot ROM not clearing ARM9 WRAM to make the viable branch 'window' much larger.

Also, there is the matter of dark_samus actually doing all the research and manual checking of all the possible choices. That's where a lot of the effort was.
Click to expand...
I had though of using the vram (or basically any ARM9 accessible memory that could be filled before reboot) but judged it too dangerous, since ram is volatile by nature and one wrong thing can get you a very easy brick.

In fact you can make the widow even wider by wrapping around in memory.

That's one of reasons I (and others didn't get it to work) we focussed on having an implementation that would load the payload from nand rather than memory, which narrowed things down as to what addresses could be jumped to (even when wrapping addresses around) by a fairly large margin, so we were waiting for more FIRM from Nintendo to see if they'd ever release one that would allow for a safer implantation.

This also means we (the folks from #ctrdev at least) didn't work on a memory based implantation (as in, filling memory, rebooting and waiting for the cpu to jump to the payload we filled before reboot), even though we had the theory worked out, we didn't even seek/bruterforce a working instruction that'd jump to a proper memory address (even though a couple were spotted during brute force attempts if memory serves me right)

One other major drawback of this approach is that it does not allow for an easy, bruteforce free hardmod a9lh, something we were hoping for in the event that a firmware with no process9/kernel9 vulnerability ever shows up.

Envoyé de mon SM-G935F en utilisant Tapatalk
 
Last edited by mathieulh,
Myria

Myria

Well-Known Member
Member
Level 6
Joined
Jul 24, 2014
Messages
464
Trophies
0
Age
42
XP
851
Country
United States
mathieulh said:
Well, it only works because they forgot to check the second key against a test vector. Of course it would have been safer if they had been using AES CBC instead (there was no point in using ECB, that's just very bad implementation from the get go in that specific usage), of course it would have been a whole lot safer to have hashed the keystore and encrypt said hash using an RSA private key.
Click to expand...
AES-CBC would have just changed the types of attacks that were possible. For example, a trivial manipulation would have been to force a key of all zeroes by setting the second block equal to the first.

Fundamentally, the flaw is the lack of validation on the key. RSA here wouldn't be any more secure than simply a test vector like is done with the first key.
 
dark_samus3

dark_samus3

Well-Known Member
Member
Level 10
Joined
May 30, 2015
Messages
2,372
Trophies
0
XP
2,042
Country
United States
Myria said:
AES-CBC would have just changed the types of attacks that were possible. For example, a trivial manipulation would have been to force a key of all zeroes by setting the second block equal to the first.

Fundamentally, the flaw is the lack of validation on the key. RSA here wouldn't be any more secure than simply a test vector like is done with the first key.
Click to expand...
sure, but one RSA block at the beginning would have been simpler and less likely to be forgotten...
 
  • Like
Reactions: peteruk and LongTimeLurker
M

mathieulh

Well-Known Member
Member
Level 6
Joined
Feb 28, 2008
Messages
378
Trophies
0
Website
keybase.io
XP
897
Country
France
Myria said:
AES-CBC would have just changed the types of attacks that were possible. For example, a trivial manipulation would have been to force a key of all zeroes by setting the second block equal to the first.

Fundamentally, the flaw is the lack of validation on the key. RSA here wouldn't be any more secure than simply a test vector like is done with the first key.
Click to expand...
RSA would have been more effective as it'd exist to validate the whole keystore as opposed to a single block, and the developer wouldn't have forgotten to implement a second test vector and call the function.

I might also add, in the case of CBC that a 00ed key is all you could have tried, as opposed to every single ecb block that's part of the keystore (basically every individual keys in there) making it a whole lot harder to yield proper results during a bruteforce attempt.

Of course it wouldn't be perfect, but I am fairly confident OTP-less a9lh would likely have been avoided.

Envoyé de mon SM-G935F en utilisant Tapatalk
 
SciresM

SciresM

Developer
OP
Developer
Level 19
Joined
Mar 21, 2014
Messages
973
Trophies
3
Age
33
XP
8,294
Country
United States
mathieulh said:
That's one of reasons I (and others didn't get it to work) we focussed on having an implementation that would load the payload from nand rather than memory, which narrowed things down as to what addresses could be jumped to (even when wrapping addresses around) by a fairly large margin, so we were waiting for more FIRM from Nintendo to see if they'd ever release one that would allow for a safer implantation.

This also means we (the folks from #ctrdev at least) didn't work on a memory based implantation (as in, filling memory, rebooting and waiting for the cpu to jump to the payload we filled before reboot), even though we had the theory worked out, we didn't even seek/bruterforce a working instruction that'd jump to a proper memory address (even though a couple were spotted during brute force attempts if memory serves me right)
Click to expand...

Isn't this kind of silly? My implementation relies on exactly one instruction still being in memory post-reboot -- that's really very safe, considering the RAM uncleared on reboots flaw is well-tested. Everything else is loaded from NAND per normal A9LH (in fact, the single instruction I rely on being in RAM is just a branch to normal A9LH payload).

I do agree bruteforce free hardmod a9lh would have been nice, but I also don't see how you could get NAND payload loading out of a single branch? You'd know better than I would, I'm sure, but I don't actually understand the principle there. Unless, of course, you mean you were hoping for a branch to the normal A9LH payload location.
 
  • Like
Reactions: VinsCool
Clydefrosch

Clydefrosch

Well-Known Member
Member
Level 15
Joined
Jan 2, 2009
Messages
6,023
Trophies
2
XP
4,622
Country
Germany
Urbanshadow said:
I'm trying to understand the vuln the best I can and from the looks of it, this may be one of the biggest hits to 3ds security yet. And yeah, N shooted in the foot yet again. I bet gateway people will feel stupid once they find this out. And of course they will get this.
Click to expand...

is it really? it only works on already exploitable systems and just makes something currently easy a bit easier.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Is it possible...?

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

Translation Project  DQM2SP translation

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

3DS won't boot into DS Mode, Extended Memory Mode and more

General chit-chat
Help Users
    NinStar @ NinStar: unless nintendo is going to start selling consoles at a loss that thing won't be cheap based on...