Hacking the Switch through the Album?

Discussion in 'Switch - Hacking & Homebrew' started by Jackson Ferrell, Jun 9, 2017.

  1. GerbilSoft

    GerbilSoft GBAtemp Advanced Maniac

    Member
    1,803
    1,696
    Mar 8, 2012
    United States
    HMAC = Hash-based message authentication code. Basically, you use a standard hash function, but add in a secret key. Nintendo DSi uses SHA1-HMAC for banners, which is why DSi-compatible flash carts use banners from licensed games instead of their own games.

    RSA signature = using RSA public key cryptography to create a signature that validates the contents of some file. Usually this is done by taking a hash of the contents and then encrypting the hash using the RSA private key. The signature can be verified by decrypting the hash with the public key and comparing that hash with the actual hash. RSA signatures are used by the DSi and 3DS for virtually everything.

    As far as I know, there are no general-purpose cracks for RSA signatures other than brute-force. However, that's assuming the implementation is working. The 3DS Boot ROM signature hax was only possible because the Boot ROM's RSA verification function is broken. (The main FIRM RSA verification is correct, though.)
     


  2. blujay

    blujay GBATemp's Official Warthog

    Member
    GBAtemp Patron
    blujay is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    1,656
    1,102
    Nov 2, 2015
    United States
    Gilbert, Arizona
    Alrighty! Thanks for letting me know. I'm assuming these things are stored outside of the image?
     
  3. GerbilSoft

    GerbilSoft GBAtemp Advanced Maniac

    Member
    1,803
    1,696
    Mar 8, 2012
    United States
    I haven't checked yet, but it may or may not be. The signature and/or HMAC could be in some EXIF tags, or simply appended to the file, or stored in some extra database file somewhere.

    The secret keys are definitely not stored in the image, though.
     
  4. xXxSwagnemitexXx

    xXxSwagnemitexXx GBAtemp Regular

    Member
    111
    16
    Dec 7, 2016
    Somewhere
    I was gonna say, maybe the hash is stored in the extra 44 bytes
     
  5. sarkwalvein

    sarkwalvein Professional asshole at GBATemp

    Member
    4,439
    4,263
    Jun 29, 2007
    Argentina
    Germany
    Yes, in the Maker notes EXIF.
     
  6. blujay

    blujay GBATemp's Official Warthog

    Member
    GBAtemp Patron
    blujay is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    1,656
    1,102
    Nov 2, 2015
    United States
    Gilbert, Arizona
    Did you confirm this? I was still a little confused about everything...
     
  7. sarkwalvein

    sarkwalvein Professional asshole at GBATemp

    Member
    4,439
    4,263
    Jun 29, 2007
    Argentina
    Germany
    Not confirmed that it is a hash or anything.
    But after checking the header, the only part that changes consistently between files and could contain a hash is this.
     
  8. blujay

    blujay GBATemp's Official Warthog

    Member
    GBAtemp Patron
    blujay is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    1,656
    1,102
    Nov 2, 2015
    United States
    Gilbert, Arizona
    Alright. Thanks for letting me know. I have to work on my 3ds homebrew for a few hours, but later I can check it out.
     
    Seelbreaker likes this.