Hacking Gateway 3DS - First 3DS Flashcart

  • Thread starter Devin
  • Start date
  • Views 523,786
  • Replies 1,490
  • Likes 13
Status
Not open for further replies.
masterz87

masterz87

Well-Known Member
Member
Level 5
Joined
Apr 21, 2013
Messages
484
Trophies
0
Age
37
XP
645
Country
United States
Metoroid0 said:
I dont hawe one :P but will decapping help that somehow?
Cool, those are great news :D I remember when Rydian said it would take million years to crack the key.. but hearing this now sounds so cool :D
Click to expand...
You must've not looked at that thread where I said he was wrong, he's not updated the thing for whatever reason. I don't knwo why, since he's spreading false information that makes people think the thing's harder than it actually is. His numbers _only_ apply symmetric encryption. Aka AES, and other such ones where you have 1 key. rsa is way way easier. Right now people are advised to use 4096bit rsa whilst only using 128bit aes on their sites is more than enough. So you can clearly see the big divide there.
 
  • Like
Reactions: Metoroid0
PsyBlade

PsyBlade

Snake Charmer
Member
Level 4
Joined
Jul 30, 2009
Messages
2,204
Trophies
0
Location
Sol III
XP
458
Country
Gambia, The
I don't know what encryption the 3DS uses.
My point was that I highly doubt that its 128bit RSA (because it would be extremely easy to crack)
I did not say that I can crack the 3DS.
 
masterz87

masterz87

Well-Known Member
Member
Level 5
Joined
Apr 21, 2013
Messages
484
Trophies
0
Age
37
XP
645
Country
United States
Ah OK, it says that the guy did 768bit rsa and cracked multiple keys using 75$ and rsa. Seems I remembered the story wrong/too happily, well there goes that then. Here's hoping nintendo's rng they used was as dumb as sony's with ecdsa.
 
SifJar

SifJar

Not a pirate
Member
Level 7
Joined
Apr 4, 2009
Messages
6,022
Trophies
0
Website
Visit site
XP
1,175
Country
masterz87 said:
You must've not looked at that thread where I said he was wrong, he's not updated the thing for whatever reason. I don't knwo why, since he's spreading false information that makes people think the thing's harder than it actually is. His numbers _only_ apply symmetric encryption. Aka AES, and other such ones where you have 1 key. rsa is way way easier. Right now people are advised to use 4096bit rsa whilst only using 128bit aes on their sites is more than enough. So you can clearly see the big divide there.
Click to expand...
He was not wrong. He was talking about bruteforcing the common key. You are talking about factoring the private key, which necessitates having the common (i.e. public) key first. From discussions on IRC, I don't believe even yellows8 or neimod have that, despite all their impressive software and hardware based hacks. I recall yellows8 mentioning the use of what he called an "oracle" unit for decryption, which essentially meant an exploited 3DS unit. (I think at the time the way it was done was to provide the 3DS with whatever data they had that was encrypted, wait for it to decrypt it and pull the decrypted content out of RAM, but this was a while ago and I may be remembering some details incorrectly).

EDIT: Judging by your post above, your earlier claims that 2048-bit RSA could be cracked for $100 of EC2 are obviously wrong. Can't say I'm surprised.
 
  • Like
Reactions: Deleted member 319809
masterz87

masterz87

Well-Known Member
Member
Level 5
Joined
Apr 21, 2013
Messages
484
Trophies
0
Age
37
XP
645
Country
United States
SifJar said:
He was not wrong. He was talking about bruteforcing the common key. You are talking about factoring the private key, which necessitates having the common (i.e. public) key first. From discussions on IRC, I don't believe even yellows8 or neimod have that, despite all their impressive software and hardware based hacks. I recall yellows8 mentioning the use of what he called an "oracle" unit for decryption, which essentially meant an exploited 3DS unit. (I think at the time the way it was done was to provide the 3DS with whatever data they had that was encrypted, wait for it to decrypt it and pull the decrypted content out of RAM, but this was a while ago and I may be remembering some details incorrectly).
Click to expand...
I've heard of those kinds of oracle's before, and with the chip being desoldered it's not going to take that long anyway. RSA keys have to have to be related. So it's not 2^128 that's impossible, as each and every 128bit number(if we're talking about 128bit rsa) cannot be prime. Prime numbers get smaller and smaller as you go up. So his numbers are still wrong. Even brute forcing the public key wouldn't take millions of years. There aren't that many public private key pairs out there. I mean yes there are tons but not 2^128 as he was talking about. The amount of primes that relate to eachother as defined in RSA is miniscule when compared to the total keyspace of a 128bit key.
 
Gabelvampir

Gabelvampir

Free Mars!
Member
Level 3
Joined
Mar 17, 2009
Messages
455
Trophies
1
Age
41
Location
K-Town
XP
304
Country
Germany
For 2048 or 4096 bit RSA Neimod would need access to that fabled NSA (or insert another intelligence agency here) key breaking super computer rumored about in dubious conspiracy theory circles pretty much since the widespread use of encryption (and after the NSA backdoor plot failed/backdoor rumours died down).
 
SifJar

SifJar

Not a pirate
Member
Level 7
Joined
Apr 4, 2009
Messages
6,022
Trophies
0
Website
Visit site
XP
1,175
Country
masterz87 said:
I've heard of those kinds of oracle's before, and with the chip being desoldered it's not going to take that long anyway. RSA keys have to have to be related. So it's not 2^128 that's impossible, as each and every 128bit number(if we're talking about 128bit rsa) cannot be prime. Prime numbers get smaller and smaller as you go up. So his numbers are still wrong. Even brute forcing the public key wouldn't take millions of years. There aren't that many public private key pairs out there. I mean yes there are tons but not 2^128 as he was talking about. The amount of primes that relate to eachother as defined in RSA is miniscule when compared to the total keyspace of a 128bit key.
Click to expand...

I have to be honest, I don't completely understand the RSA algorithm. Do both keys have to be prime numbers? Is there some easy way to check if a number is prime or not? Because surely you'll still have to go through every number and check if it's prime before rejecting it and moving onto the next? From what I know of primes, while the gaps between primes can be very roughly estimated, they cannot be accurately estimated, and there are plenty of "anomalies" where primes appear much closer together than expected etc. Which would mean the only way to be sure if a number is prime or not is to check, and depending on how long that takes, it may well be quicker just to test decryption with that key rather than check if the key is prime.

Anyhow, the 3DS uses more than one key pair; http://www.3dbrew.org/wiki/AES#Keyslots

[Apologies if anything I'm saying here isn't correct]
 
Metab.

Metab.

Check my signature for the latest news on the 3DS
Member
Level 1
Joined
Mar 23, 2013
Messages
254
Trophies
0
Age
34
XP
73
Country
You could simply have folders with every 3DS rom on one microSD and use an old DS flashcard to go in and cut the main rom in the root folder back to its game folder and move another game into the root folder.
I'm ashuming you will like need to name it a certain name like 'main' ect.
so every folder has the name of the game and the 'main.3ds(?)' in it, then it would be easy to swap games.
 
sightlight

sightlight

Well-Known Member
Member
Level 3
Joined
Aug 5, 2009
Messages
423
Trophies
0
XP
282
Country
United States
SifJar said:
Repeating this isn't going to make it more likely to happen.

Seeing an error will do what, exactly? Nothing. If you really want to see it, just stick an old DS flashcard or un-updated DSi flashcard into a 3DS. Same error will show as would with an unsigned ROM on this card.

EDIT: This is the error:

P1000554.jpg
Click to expand...



im sure people will experiment with this.. maybe some CIA files CCI CXI
 
  • Like
Reactions: Mthb54
masterz87

masterz87

Well-Known Member
Member
Level 5
Joined
Apr 21, 2013
Messages
484
Trophies
0
Age
37
XP
645
Country
United States
SifJar said:
I have to be honest, I don't completely understand the RSA algorithm. Do both keys have to be prime numbers? Is there some easy way to check if a number is prime or not? Because surely you'll still have to go through every number and check if it's prime before rejecting it and moving onto the next? From what I know of primes, while the gaps between primes can be very roughly estimated, they cannot be accurately estimated, and there are plenty of "anomalies" where primes appear much closer together than expected etc. Which would mean the only way to be sure if a number is prime or not is to check, and depending on how long that takes, it may well be quicker just to test decryption with that key rather than check if the key is prime.

Anyhow, the 3DS uses more than one key pair; http://www.3dbrew.org/wiki/AES#Keyslots
Click to expand...
Both numbers have to be prime, both numbers have to be the length specified(128bits in this example) they must also both be related, and they both _should_ be random. There are quite a few algorithms for testing whether a number is prime or not, that don't require you to literally try every single number that is less than 1 of the number you're checking. If you can find the public key, which has to be known on the 3ds it has to be stored there or else it'd not be able to verify anything. if it's in hardware the decapping would probably reveal where it is hidden and help people know where to look for the thing. I seriously doubt nintendo paid for hardware that checks against tampering and then kills itself if someone tries to find the thing, and does all of the crypto in the black box, as this is a console and is meant to be very very cost effective and those boxes are unbelieveably expensive and are only really seen/used by CAs(people who make SSL certs).

Now then it could and likely is using lots of different keys, still though the public key is exposed with each signature so you can verify it, if nintendo made it so that the key's in hardware IE it cannot be updated, then they wouldn't have to include it in the signature, but it's much more likely it's stored on some eeprom that can be overwritten with a new key if peopel figure it out(like the ps3). So if we decap it, someone gets literal hardware access to the thing, sees how everything works/looks it's end of it all. If they're including the public key with each signature(not much security loss with doing this) then you'd just have to find the thing and bam you're done. They're also likely if they've got the ability to add new keys going to be transmitting it in the firmware. Now then I seriously doubt they're going to be a sony thing again, sony did their own thing and failed hard. Nintendo has RSA doing it, the company that literally made this thing. So they're likely using everythign as it should be. I'd even guess that they have a hardware chip to do the AES, Sha1/256/512, and the RSA verifications.

Edit: and to just reiterate the keys have to be there, even if they're hiding them. Using oracle attacks against them, you'll eventually learn what the key is. We already have dumps of roms, so you have the signature there. You know what you're trying for. Now you just need the public key to verify. It has to be on the system, it has to be in there. And also like the ps3, they can't just revoke the old key, once it's factored that's it. They can force _new_ games to use the new key, but people will resign the old games to make them work with the older software. This is assuming they've went full out on this thing.

Edit 2: Btw that's AES, you don't need AES to run signed code. That's symmetric encryption, that's to _decrypt_ games and such. But to make your homebrew looke legit, you will be using the RSA keypair. So whilst that's interesting that they've chosen so many different ways to encrypting/decrypting, the key still has to be stored in the games to decrypt them. If they're stored encrypted, then the 3ds might have its own private key to decrypt the roms, and nintendo encrypts them with a public key for each region. Doing this would cause more headaches/work as you'd need to factor more stuff. But still if you've got the hardware schematics before you, you'll find a flaw in the system.

This stuff wasn't written by perfect gods, it was written by men. Even RSA can get hacked, evne they can screw up, no one's perfect. There are flaws, there is holes in there, it's just with each generation they get harder and harder to find.
 
Mthb54

Mthb54

Well-Known Member
Member
Level 2
Joined
Jun 4, 2013
Messages
107
Trophies
0
Age
27
XP
163
Country
Canada
Devin said:
I'd imagine a week or so before retailers get it. But I just asked them if they knew when they were sending it out. Waiting for a reply now. I'm sure they want to get the kinks out before sending it off to be reviewed.
Click to expand...
Thanks
 
Rydian

Rydian

Resident Furvert™
Member
Level 19
Joined
Feb 4, 2010
Messages
27,880
Trophies
0
Age
36
Location
Cave Entrance, Watching Cyan Write Letters
Website
rydian.net
XP
9,111
Country
United States
SifJar said:
(I think at the time the way it was done was to provide the 3DS with whatever data they had that was encrypted, wait for it to decrypt it and pull the decrypted content out of RAM, but this was a while ago and I may be remembering some details incorrectly).
Click to expand...
"RAM Tracing" was the phrase used, and they had a trace from boot that measured like 50+ GB or something like that to initially run through if I'm remebering the right number.
 
DiabloStorm

DiabloStorm

Anti-Semantic Bastard
Member
Level 4
Joined
May 29, 2011
Messages
666
Trophies
1
Location
Charicific Valley
XP
517
Country
Japan
I was looking up how exactly 3DS roms were being dumped and happened upon an old thread here on the temp that wound up in EOF (because I guess it was pointless at the time...)
Pingouin7 said:
What if the secret to playing ROM backups was something super obvious that everyone overlooked?
Click to expand...
Lol...it's funny how this applies, why wasn't the idea behind this cart used sooner? Was the 'trick' really that complicated? It doesn't seem like it. Didn't they just solder on an sd slot to where the rom used to be stored?
 
3

3DSGuy

No longer in scene
Member
Level 4
Joined
May 22, 2012
Messages
345
Trophies
0
XP
467
Country
United States
masterz87 said:
Both numbers have to be prime, both numbers have to be the length specified(128bits in this example) they must also both be related, and they both _should_ be random. There are quite a few algorithms for testing whether a number is prime or not, that don't require you to literally try every single number that is less than 1 of the number you're checking. If you can find the public key, which has to be known on the 3ds it has to be stored there or else it'd not be able to verify anything. if it's in hardware the decapping would probably reveal where it is hidden and help people know where to look for the thing. I seriously doubt nintendo paid for hardware that checks against tampering and then kills itself if someone tries to find the thing, and does all of the crypto in the black box, as this is a console and is meant to be very very cost effective and those boxes are unbelieveably expensive and are only really seen/used by CAs(people who make SSL certs).

Now then it could and likely is using lots of different keys, still though the public key is exposed with each signature so you can verify it, if nintendo made it so that the key's in hardware IE it cannot be updated, then they wouldn't have to include it in the signature, but it's much more likely it's stored on some eeprom that can be overwritten with a new key if peopel figure it out(like the ps3). So if we decap it, someone gets literal hardware access to the thing, sees how everything works/looks it's end of it all. If they're including the public key with each signature(not much security loss with doing this) then you'd just have to find the thing and bam you're done. They're also likely if they've got the ability to add new keys going to be transmitting it in the firmware. Now then I seriously doubt they're going to be a sony thing again, sony did their own thing and failed hard. Nintendo has RSA doing it, the company that literally made this thing. So they're likely using everythign as it should be. I'd even guess that they have a hardware chip to do the AES, Sha1/256/512, and the RSA verifications.

Edit: and to just reiterate the keys have to be there, even if they're hiding them. Using oracle attacks against them, you'll eventually learn what the key is. We already have dumps of roms, so you have the signature there. You know what you're trying for. Now you just need the public key to verify. It has to be on the system, it has to be in there. And also like the ps3, they can't just revoke the old key, once it's factored that's it. They can force _new_ games to use the new key, but people will resign the old games to make them work with the older software. This is assuming they've went full out on this thing.

Edit 2: Btw that's AES, you don't need AES to run signed code. That's symmetric encryption, that's to _decrypt_ games and such. But to make your homebrew looke legit, you will be using the RSA keypair. So whilst that's interesting that they've chosen so many different ways to encrypting/decrypting, the key still has to be stored in the games to decrypt them. If they're stored encrypted, then the 3ds might have its own private key to decrypt the roms, and nintendo encrypts them with a public key for each region. Doing this would cause more headaches/work as you'd need to factor more stuff. But still if you've got the hardware schematics before you, you'll find a flaw in the system.

This stuff wasn't written by perfect gods, it was written by men. Even RSA can get hacked, evne they can screw up, no one's perfect. There are flaws, there is holes in there, it's just with each generation they get harder and harder to find.
Click to expand...
http://www.3dbrew.org/wiki/NCSD "...is the format of retail game ROM dumps." "RSA-2048 SHA-256 signature of the NCSD header "

RSA-2048 signature = two 1024 bit prime numbers. Good luck getting those two, when you do, call me. I need to know if using websites and other forms of online communication secured with 2048-bit RSA, aren't as secure as I thought they were.

Although I could be wrong, and everyone who uses RSA-2048 or greater could have been tricked into thinking it's secure. You have a chance to point out how stupid I am to be speaking about subjects I obviously don't understand. The RSA-2048 public keys used to verify Tickets and TMD, are publicly available (in the certificate chain of a TMD or ticket from Nintendo's CDN). And if you know what you're talking about you'll be able to get them in less than 5 minutes.
 
Pleng

Pleng

Custom Title
Member
Level 12
Joined
Sep 14, 2011
Messages
2,440
Trophies
2
XP
2,812
Country
Thailand
natkoden said:
seeing the hands of the "lady" from the video, i'd say they're pretty much chinese
Click to expand...

Wow. Firstly you can tell Chinese vs any other Asian nation simply from a hand? That's pretty impressive.

Secondly. You may not have noticed, but there are actually Chinese people, and people of Chinese descent (but maybe your hand-recognising algorithm can detect that?) living outside of China.


Silverthorn said:
- Can it play games from other regions?
Currently no, however due to popular demand, we have launched an investigation into this possibility.
Click to expand...
I wonder how they would go about doing that?
I'm just really curious about how they would do that.
Click to expand...

I read it as "as soon as somebody else finds a genuine hack, we'll incorporate it into the firmware of the card if at all possible. But that's just the sceptic in me... :P
 
  • Like
Reactions: porkiewpyne, Silverthorn, Syphurith and 1 other person
natkoden

natkoden

Well-Known Member
Member
Level 6
Joined
Jul 25, 2006
Messages
1,182
Trophies
1
XP
916
Country
Argentina
Pleng said:
Wow. Firstly you can tell Chinese vs any other Asian nation simply from a hand? That's pretty impressive.

Secondly. You may not have noticed, but there are actually Chinese people, and people of Chinese descent (but maybe your hand-recognising algorithm can detect that?) living outside of China.




I read it as "as soon as somebody else finds a genuine hack, we'll incorporate it into the firmware of the card if at all possible. But that's just the sceptic in me... :P
Click to expand...


but they're still from China
 
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

Hacking Hardware  New Nintendo 3DS XL Louvre

Emulation  i have citra, i have my aes keys installed, how do i get the home menu

Hardware  Why does my 3DS take so long to turn off?

What's the best 3DS emulator (especially after Citra's shutdown)?

Tutorial  How to fix 007-2001

can't download system files on citra because im "not connected to the internet"

gacube emeleter

General chit-chat
Help Users
  • BakerMan @ BakerMan:
    Update: Turns out he's epileptic
  • K3Nv2 @ K3Nv2:
    Get a 2nd opinion run mris etc they told me that also
  • Psionic Roshambo @ Psionic Roshambo:
    Also a food allergy study would be a good idea
  • K3Nv2 @ K3Nv2:
    Turns out you can't sprinkle methamphetamine on McDonald's French fries
     +1
  • ZeroT21 @ ZeroT21:
    they wouldn't be called french fries at that point
     +1
  • ZeroT21 @ ZeroT21:
    Probably just meth fries
     +1
  • K3Nv2 @ K3Nv2:
    White fries hold up
     +1
  • The Real Jdbye @ The Real Jdbye:
    @K3Nv2 sure you can
  • BakerMan @ BakerMan:
    why tf do people hate android users? is it the video quality? just because "AnDrOiD = pOoR" bc they don't cost an arm and a leg like iphones do?
     +1
  • BakerMan @ BakerMan:
    i won't be turned off by an iphone, but don't pick on me for having an android, that's just how this shit should work
  • ZeroT21 @ ZeroT21:
    Should say more what these kind of android users say bout nokia 3310 users
  • BigOnYa @ BigOnYa:
    I've owned both iPhone and Androids over the years. Both are just as good, other than Apples higher price. I'm currently on Android, Samsung S21 I think, and very happy with it.
  • K3Nv2 @ K3Nv2:
    Got my 60 minute steps in whew
     +2
  • BigOnYa @ BigOnYa:
    I get mine in everyday, going back n forth to the fridge for a beer.
     +1
  • K3Nv2 @ K3Nv2:
    6,000 steps in so far legs almost broke getting off
     +1
  • AncientBoi @ AncientBoi:
    lol @BigOnYa
  • Psionic Roshambo @ Psionic Roshambo:
    https://youtu.be/-dma6gGhbHg?t=62
  • K3Nv2 @ K3Nv2:
    Your mind gets in a werid pattern of just finishing then when you're done you're like I need a soda
  • BigOnYa @ BigOnYa:
    You get a "walkers" high?
  • K3Nv2 @ K3Nv2:
    Not really I just use to love building up a sweat
  • BigOnYa @ BigOnYa:
    Funny, that's what uremum always says
  • K3Nv2 @ K3Nv2:
    Yeah and people that take viagra think they have a big dick
  • K3Nv2 @ K3Nv2:
    You cant fix one insult edit for another edit you pog
  • BigOnYa @ BigOnYa:
    Nuh I'm on my tablet n it always auto corrects me
  • K3Nv2 @ K3Nv2:
    Heorin and uremum do have close quarters
    K3Nv2 @ K3Nv2: Heorin and uremum do have close quarters