Homebrew Is the OTP SHA256 hash console specific?

mashers

Stubborn ape
OP
Member
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
Now that OTP-less A9LH installation is possible, I want to add an alternate override to 3DSafe in case the user never dumped their OTP. I can write the leftover SHA to a file by simply writing 32 bytes from 0x1000A040. I can then load this file back into memory and use memcmp to check if the contents of the file matches the SHA in memory.

The question I have is whether the SHA in memory is console specific, or whether it's possible for two consoles to have the same SHA? Also, is the SHA in the same location no matter what device the user is running on?
 

Swiftloke

Hwaaaa!
Member
Joined
Jan 26, 2015
Messages
1,770
Trophies
1
Location
Nowhere
XP
1,467
Country
United States
^ what he said.
Also, since it's the same software (arm9loader) I don't see why it wouldn't be in the same area on all versions of the console.
 

smf

Well-Known Member
Member
Joined
Feb 23, 2009
Messages
6,638
Trophies
2
XP
5,834
Country
United Kingdom
The otp is console specific so the hash should be too I guess.

If the SHA1 is calculated on 256 bits or less of unique data then I believe the SHA1 is unique. However if it's calculated on more than 256 bits of unique data then there will be more than one set of unique data that hashes to the same value. Finding them is very hard, but they could be out there.
 

mashers

Stubborn ape
OP
Member
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
If the SHA1 is calculated on 256 bits or less of unique data then I believe the SHA1 is unique. However if it's calculated on more than 256 bits of unique data then there will be more than one set of unique data that hashes to the same value. Finding them is very hard, but they could be out there.
It is 256 bit :)
 

capito27

Well-Known Member
Member
Joined
Jan 19, 2015
Messages
874
Trophies
0
XP
1,220
Country
Swaziland
well, to be pedantic, a hashing function allows (along other things ) a large input to be converted into a smaller output in a supposedly unrecoverable fashion.
since the OTP is 144 bytes long and a sha256 is only 32 bytes long, if every possible OTP was to be tested, you would possibly get hash collisions, so no, one can not say that the sha256 hash generated by a lambda OTP is unique.
 
Last edited by capito27,
  • Like
Reactions: Mrrraou and ketal

mashers

Stubborn ape
OP
Member
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
well, to be pedantic, a hashing function allows (along other things ) a large input to be converted into a smaller output in a supposedly unrecoverable fashion.
since the OTP is 144 bytes long and a sha256 is only 32 bytes long, if every possible OTP was to be tested, you would possibly get hash collisions, so no, one can not say that the sha256 hash generated by a lambda OTP is unique.
Is it unlikely enough that they would match for it to be a decent security measure to use the hash to bypass the PIN lock?
 

capito27

Well-Known Member
Member
Joined
Jan 19, 2015
Messages
874
Trophies
0
XP
1,220
Country
Swaziland
Is it unlikely enough that they would match for it to be a decent security measure to use the hash to bypass the PIN lock?
how could anyone know ? hashing functions are never exact science, only statistics can somewhat predict the likelihood of that occurring, and i'm not gonna compute that ^^'
 
  • Like
Reactions: Mrrraou

mashers

Stubborn ape
OP
Member
Joined
Jun 10, 2015
Messages
3,837
Trophies
0
Age
40
Location
Kongo Jungle
XP
5,074
Country
how could anyone know ? hashing functions are never exact science, only statistics can somewhat predict the likelihood of that occurring, and i'm not gonna compute that ^^'
Well, I don't need the stats... just 'really unlikely to the point that somebody who stole a 3DS could drop their own SHA onto the SD card and it would almost definitely not match' or 'it's somewhat possible that somebody could steal a 3DS, put their own SHA on the SD card and get a match to bypass the PIN lock' would do :P
 

capito27

Well-Known Member
Member
Joined
Jan 19, 2015
Messages
874
Trophies
0
XP
1,220
Country
Swaziland
I need to know in practical terms not numerical, hence not the stats.
that doesn't change the fact that i have to compute the stats to tell you in practical terms, as i said, hashing functions are never exact science, you can't really predict that without statistical analysis + empirical data, and as said, i won't do that, since it's borring as hell and annoying to setup for someone else's project
 
Last edited by capito27,

PabloMK7

Red Yoshi! ^ω^
Developer
Joined
Feb 21, 2014
Messages
2,603
Trophies
2
Age
24
Location
Yoshi's Island
XP
5,000
Country
Spain
afaik, you can dump the OTP from a9lh, so why not making an OTP copy to SD before setting the pin? Then ask the users to copy it to a safe place and remove it from SD because (insert explaination here)
 

capito27

Well-Known Member
Member
Joined
Jan 19, 2015
Messages
874
Trophies
0
XP
1,220
Country
Swaziland
afaik, you can dump the OTP from a9lh, so why not making an OTP copy to SD before setting the pin? Then ask the users to copy it to a safe place and remove it from SD because (insert explaination here)
no, that's not how it works, otp is locked by the time a9lh is running
 

ketal

aiueo
Member
Joined
Aug 20, 2015
Messages
744
Trophies
0
XP
677
Country
Italy
Well, I don't need the stats... just 'really unlikely to the point that somebody who stole a 3DS could drop their own SHA onto the SD card and it would almost definitely not match' or 'it's somewhat possible that somebody could steal a 3DS, put their own SHA on the SD card and get a match to bypass the PIN lock' would do :P
Considering a flawless hashing function, given an output size of n and k messages to hash, the probability of a collision is (approximately) k^2/2^(n+1).
The otp is hashed with sha-256. Take a random number of messages, say one billion: collision probability is about 4.3*10^-60.
 
  • Like
Reactions: Quantumcat

evandixon

PMD Researcher
Developer
Joined
May 29, 2009
Messages
1,725
Trophies
0
Website
projectpokemon.org
XP
2,313
Country
United States
If the size of the hash is smaller than the size of the OTP, then the pigeon hole principle demands the hash is NOT unique.

However, I believe that it would still make an acceptable recovery option for a 3DS.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • SylverReZ @ SylverReZ:
    OUR products
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    +2
  • BakerMan @ BakerMan:
    @LeoTCK is your partner the sascrotch or smth?
  • Xdqwerty @ Xdqwerty:
    Good morning
  • Xdqwerty @ Xdqwerty:
    Out of nowhere I got several scars on my forearm and part of my arm and it really itches.
  • AdRoz78 @ AdRoz78:
    Hey, I bought a modchip today and it says "New 2040plus" in the top left corner. Is this a legit chip or was I scammed?
  • Veho @ Veho:
    @AdRoz78 start a thread and post a photo of the chip.
    +2
  • Xdqwerty @ Xdqwerty:
    Yawn
  • S @ salazarcosplay:
    and good morning everyone
    +1
  • K3Nv2 @ K3Nv2:
    @BakerMan, his partner is Luke
  • Sicklyboy @ Sicklyboy:
    Sup nerds
    +1
  • Flame @ Flame:
    oh hi, Sickly
  • K3Nv2 @ K3Nv2:
    Oh hi flame
  • S @ salazarcosplay:
    @K3Nv2 what was your ps4 situation
  • S @ salazarcosplay:
    did you always have a ps4 you never updated
  • S @ salazarcosplay:
    or were you able to get new ps4 tracking it \
    as soon as the hack was announced
  • S @ salazarcosplay:
    or did you have to find a used one with the lower firm ware that was not updated
  • K3Nv2 @ K3Nv2:
    I got this ps4 at launch and never updated since 9.0
  • K3Nv2 @ K3Nv2:
    You got a good chance of buying a used one and asking the seller how often they used or even ask for a Pic of fw and telling them not to update
  • RedColoredStars @ RedColoredStars:
    Speaking of PLaystation. I see Evilnat put out a beta for PS3 CFW 4.91.2 on the 22nd.
  • K3Nv2 @ K3Nv2:
    Don't really see the point in updating it tbh
  • BigOnYa @ BigOnYa:
    Yea you right, I thought about updating my PS3 CFW to 4.91, but why really, everything plays fine now. I guess for people that have already updated past 4.9 it would be helpful.
  • K3Nv2 @ K3Nv2:
    Idk if online servers are still active that would be my only thought
    K3Nv2 @ K3Nv2: Idk if online servers are still active that would be my only thought