Toggle sidebar

Hacking Bruteforcing.

  • Thread starter Thread starter kingcolex
  • Start date Start date
  • Views Views 7,148
  • Replies Replies 38
kingcolex

kingcolex

Joe "Coop" Cooper
Member
Level 1
Joined
Dec 31, 2011
Messages
194
Reaction score
38
Trophies
0
Location
Oklahoma
XP
83
Country
United States
So from my gathering of information it is possible but very unlikely to bruteforce the encryption of the 3ds? So my question is would you just bruteforce a 3ds rom? or am i mistaken and its impossible?
 
Well with no other solutions now wouldn't it be worth a shot if everyone from the forums alone bruteforced it for like idk 24 hours? Maybe worth a shot.
 
Theoretically, it's possible. Practically, it's not. This is because, IIRC, the 3DS uses secure RSA for encrypting (4096-bit IIRC). The number of possible keys is astronomical and will take "far longer than the age of the universe to complete". That's what I've heard, at least...

EDIT: Someone had made a good post about why it isn't possible to brute force 3DS keys... if I only can find it...
 
Impractical to do, unless you have access to CERN's supercomputer array.

Otherwise, it may take longer than the age of the universe to do on conventional computers.

There is another way to obtain the keys, and it's with Ramhax of some kind, and a lot of luck.
 
Our best bet is a hardware hack.
Just look at the 360.

First the DVD drive got hacked which lead to a Hypervisor escalation resulting in the King Kong exploit.
Then came the Timing Attack wich relied upon booting the base kernel via some glitching and patching it to Dash 4548.
Then came the jTAG hack wich relied upon a old CB and was usable up to dash 7371.
Then came the RGH wich also relies upon a certain CB to glitch the hashing and load a hacked 4548 kernel.

As for softmods on the 360?
There is NONE
And there won't be one very likely.
 
My guess is a flashcart of some kind, and I guess that the first hack will be similar to the King Kong exploit Dinoh mentioned for the 360, since, it's likely that everything on the 3DS, with the exception of the sysmenu (Which is encrypted) runs on a Hypervisor.
 
  • Like
Reactions: 1 person
Ericthegreat said:
I asked a question like this once and I was told it would take up to 50 years even with alot of people or somthing crazy like that....
Click to expand...

It would take 50 years if all the computers in the world, and all that are to be, focused it's tasks on bruteforcing this key. Every last one.

Otherwise, it would take longer than the age of the Universe.
 
Punyman said:
Ericthegreat said:
I asked a question like this once and I was told it would take up to 50 years even with alot of people or somthing crazy like that....
Click to expand...

It would take 50 years if all the computers in the world, and all that are to be, focused it's tasks on bruteforcing this key. Every last one.

Otherwise, it would take longer than the age of the Universe.
Click to expand...

if theres only one encryption level.....
 
just to put this into perspective, people proposed doing this on the xbox1 to get the private signing key, and it still hasn't yielded a key almost a decade later. (and that was a less complicated key).

in short, have fun!
 
DinohScene said:
Bruteforcing would take a VERY long time.
It might comes out with even more security and then it would still be bogus.
Click to expand...

*could take a VERY long time.

There is also a possibility it would be the first key generated. Such is the nature of a randomly generated number. It could be randomly generated again instantly or it could take hundreds of years.
 
  • Like
Reactions: 2 people
Here's my copy-paste about the DSi, when people were asking about it.

I present to you: "DSi Encryption Put In Perspective", also known as "I Love Crushing People's Dreams".

The DSi uses 128-bit encryption (IIRC).
How do you break it? You find the correct encryption key.

How many encryption keys are there? 2 (binary, a bit) to the 128th power (number of bits), divided by 8 (8 bits in a byte).
That's so many that the calculator that comes with windows (at least XP) can't even display the number without reverting to scientific notation.

128-bits is...
340,282,366,920,938,463,463,374,607,431,768,211,456 possible values in binary.
However, Since there's 8 bits in a byte, you divide 128 by 8 and get 16. That's 16 bytes, 16 characters.
That's 18,446,744,073,709,552,000 possible values, ranging from 0x0000000000000000 to 0xFFFFFFFFFFFFFFFF. Eighteen quintillion possible keys.
The actual number is a bit less less since a key will be a certain number of digits and be designed to not have repeating segments, but this puts it in perspective.

Let's say that you have a computer program which can try 50,000 unique keys a second.
That's 3,000,000 keys a minute.
180,000,000 keys in an hour.
4,320,000,000 keys a day.
1,576,800,000,000 keys in one year.

It would take 11,698,848 years to try all the keys at that speed.

So wait, how do they break other systems? If you can get a direct copy of the encrypted data and compare it to a copy of the unencrypted data (as well as view the data as it's transmitted around the DSi's internals), that goes a long way towards figuring out the key without having to try all possible combinations. You'll be able to find the key without all the guessing! The problem is you'd need to take a DSi apart and fuck with it's insides while it's on to try to get a copy of the data while it's unencrypted (since the DSi will unencrypt what it needs on the fly in order to use it), and usually when you're done with that the DSi's pretty broken and in no shape to game, or even to be experimented on a second time...
3869187499_da1665050d.jpg

http://www.flickr.com/photos/micahdowty/sets/72157621023570420/

This process can be hampered by the internal design of the system, so you may need to take apart many systems before you even figure out how to read some of the data, let alone get a full copy of it, and last I checked DSi's don't cost $5...
Click to expand...

For the 3DS, just assume it's even harder.
 
  • Like
Reactions: 1 person
Well,

You're assuming that the very last key tried is the proper one. If you're going in a random order (you know, instead of starting at like 00000000000001, with more zeroes before it), I'm sure somebody would find it before then.

The problem is co-ordinating it. I remember there used to be a program that was trying to decrypt the DSi common key, and it would check into a central server that had a list of what's been tried already... I used to run that thing, too, but it sort-of vanished... I had actually heard that some elitist hackers DID find the key already and just didn't tell anybody, so the rest of the world was just wasting CPU power on nothing. I'm sure somebody, somewhere, has figured it out - that's the problem with hackers, they don't want to come forward for fear of being sued, so they just do it for fun and never tell anybody.

Which is why we need this to be a group effort ;)

But yeah. Brute-forcing should totally be possible, it was being done for the DSi too... we just need to make sure this time everybody can view the results, etc. I'm not saying it's very practical, and I'm sure a different exploit will be found before anybody finds it via brute-force, but it would certainly be better than sitting around doing nothing while waiting for some elitist hackers to be nice enough to share their findings with us. No, I'm not going to coordinate this, do not ask me. :P
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Hardware  2 Broken 3DSes, need help

Help on 3DS prices...

Website for finding alternative games for 3DS

GodMode9 wont launch, holding START just goes to home screen

Homebrew  My Secret World DS: is there a way to bypass the password lock?

please help, wont boot

Homebrew Homebrew app  [Release] GridLauncher Rosalina