Homebrew Why is the 3DS's OTP required for the A9LH process? (Curious, not a support question)

Eradigon

Eradigon

Active Member
OP
Newcomer
Level 1
Joined
Jul 4, 2016
Messages
36
Trophies
0
Location
watching you sleep
Website
watchingyou.sleep
XP
54
Country
I don't know a lot about the technical workings of the 3DS and 3DS homebrew but I have some understanding of how it works. I get that the OTP is a console-unique key that is generated on startup, and I know why you have to downgrade to a pre-3.0 version to obtain it. My question is why is it needed to install A9LH? It isn't a useful encryption key in itself, right? From what I read it just is used by the console to obtain other keys, but nobody knows how it does this. So what is the OTP useful for in the A9LH process?
 
Nyap

Nyap

HTML Noob
Banned
Level 4
Joined
Jan 13, 2016
Messages
971
Trophies
0
Age
55
Location
That Chaos Site
XP
483
Country
Eradigon said:
I don't know a lot about the technical workings of the 3DS and 3DS homebrew but I have some understanding of how it works. I get that the OTP is a console-unique key that is generated on startup, and I know why you have to downgrade to a pre-3.0 version to obtain it. My question is why is it needed to install A9LH? It isn't a useful encryption key in itself, right? From what I read it just is used by the console to obtain other keys, but nobody knows how it does this. So what is the OTP useful for in the A9LH process?
Click to expand...
-snip-
actually nvm
 
Halvorsen

Halvorsen

Well-Known Member
Member
Level 9
Joined
Aug 12, 2015
Messages
2,060
Trophies
0
Website
halcove.com
XP
1,890
Country
United States
Upon my understanding, it's an area that the console's encryption keys derive from.
Meaning, at least in this case, we can inject payloads into FIRM0 and FIRM1 without the firms detecting it and refusing to boot.

When a FIRM is found to be invalid, it panics and jumps to a seemingly random point. A payload is inserted right where it jumps. However, if either of the FIRMs fail to have the console specific encryption, it refuses to launch.


That's where the OTP comes into play. Insert our payload, then encrypt it with our console-specific key. That's why we can use modified firms since the console sees the FIRMS as legit (because it's using the console specific key, from the OTP)
Though, I could be mistaken in part of this.
 
Last edited by Halvorsen,
  • Like
Reactions: Lightyose, Quantumcat, Subtle Demise and 2 others
Eradigon

Eradigon

Active Member
OP
Newcomer
Level 1
Joined
Jul 4, 2016
Messages
36
Trophies
0
Location
watching you sleep
Website
watchingyou.sleep
XP
54
Country
LinkSoraZelda said:
Upon my understanding, it's an area that the console's encryption keys derive from.
Meaning, at least in this case, we can inject payloads into FIRM0 and FIRM1 without the firms detecting it and refusing to boot.

When a FIRM is found to be invalid, it panics and jumps to a seemingly random point. A payload is inserted right where it jumps. However, if either of the FIRMs fail to have the console specific encryption, it refuses to launch.


That's where the OTP comes into play. Insert our payload, then encrypt it with our console-specific key. That's why we can use modified firms since the console sees the FIRMS as legit (because it's using the console specific key, from the OTP)
Though, I could be mistaken in part of this.
Click to expand...
Thanks!
 
Halvorsen

Halvorsen

Well-Known Member
Member
Level 9
Joined
Aug 12, 2015
Messages
2,060
Trophies
0
Website
halcove.com
XP
1,890
Country
United States
Eradigon said:
Thanks!
Click to expand...
Welcome. I think I may have felt some info out however. :/
So, these FIRMS are run immediately when you press the power button. It's what eventually loads native_firm, and then finally the HOME Menu. FIRM0 is the first that's run, and if it's found to be invalid in any way (like, in the case of a power outage during an update, or ahem. hax), the console uses FIRM1. This is used to our advantage.

One of the reasons a9lh exists is because of it randomly jumping to random instructions if a firm is found to be invalid. Using the OTP allows us to launch the FIRM without it refusing to boot, but since it fails another seperate integrity check, it still panics. But we injected our payload to where it jumps, so it unknowingly reads our instruction, which is arm9loaderhax. Profit.
 
Last edited by Halvorsen,
  • Like
Reactions: Subtle Demise
Swiftloke

Swiftloke

Hwaaaa!
Member
Level 8
Joined
Jan 26, 2015
Messages
1,770
Trophies
1
Location
Nowhere
XP
1,478
Country
United States
Completely untrue. The OTP is not used for any kind of FIRM encryption at all. Rather, the OTP is used in FIRM decryption.
The OTP is used to calculate keys that are used in arm9loader to decrypt FIRM0 & FIRM1. The FIRMs are signed by Nintendo, which obviously we can't change and still have signed. However, what we do is add a payload to the end of FIRM0. Because FIRM0 isn't signed, the arm9loader does not jump to it and reads the backup FIRM1, which is smaller, and thus our payload isn't unloaded when the valid FIRM1 is read and prepared to jump to. Now here's where the OTP comes into play. Simplified to an extreme, the FIRM1 is signed by Nintendo, but that doesn't mean it has to be read correctly, thanks to the unsigned keystore flaw. Because the keys are derived from the OTP, we obtain our OTP to mathematically determine a very special key. This key, when used by the arm9loader to decrypt FIRM1, will decrypt FIRM1 to, at the point where ARM9 jumps in, have an instruction to jump to our payload, still loaded in at the end of memory. Rekt.
I hope this answered any questions, and wasn't too confusing. Tell me if there's something I didn't cover, or doesn't make sense ;)
Something else to mention: FIRM0 is the only integrity check that's failed. The arm9loader does not check the keystore, which unknowingly leads itself to its doom.
 
Last edited by Swiftloke,
  • Like
Reactions: GerbilSoft, GilgameshArcher, deadf1sh and 8 others
Eradigon

Eradigon

Active Member
OP
Newcomer
Level 1
Joined
Jul 4, 2016
Messages
36
Trophies
0
Location
watching you sleep
Website
watchingyou.sleep
XP
54
Country
Swiftloke said:
Completely untrue. The OTP is not used for any kind of FIRM encryption at all. Rather, the OTP is used in FIRM decryption.
The OTP is used to calculate keys that are used in arm9loader to decrypt FIRM0 & FIRM1. The FIRMs are signed by Nintendo, which obviously we can't change and still have signed. However, what we do is add a payload to the end of FIRM0. Because FIRM0 isn't signed, the bootrom does not jump to it and reads the backup FIRM1, which is smaller, and thus our payload isn't unloaded when the valid FIRM1 is read and prepared to jump to. Now here's where the OTP comes into play. Simplified to an extreme, the FIRM1 is signed by Nintendo, but that doesn't mean it has to be read correctly, thanks to the unsigned keystore flaw. Because the keys are derived from the OTP, we obtain our OTP to mathematically determine a very special key. This key, when used by the bootrom to decrypt FIRM1, will decrypt FIRM1 to, at the point where ARM9 jumps in, have an instruction to jump to our payload, still loaded in at the end of memory. Rekt.
I hope this answered any questions, and wasn't too confusing. Tell me if there's something I didn't cover, or doesn't make sense ;)
Something else to mention: FIRM0 is the only integrity check that's failed. The arm9loader does not check the keystore, which unknowingly leads itself to its doom.
Click to expand...
Thank you, this makes perfect sense (I'm fairly knowledgeable about the internal workings of software and encryption).
 
RednaxelaNnamtra

RednaxelaNnamtra

Well-Known Member
Member
Level 12
Joined
Dec 8, 2011
Messages
1,208
Trophies
1
XP
3,334
Country
Germany
LinkSoraZelda said:
Welcome. I think I may have felt some info out however. :/
So, these FIRMS are run immediately when you press the power button. It's what eventually loads native_firm, and then finally the HOME Menu. FIRM0 is the first that's run, and if it's found to be invalid in any way (like, in the case of a power outage during an update, or ahem. hax), the console uses FIRM1. This is used to our advantage.

One of the reasons a9lh exists is because of it randomly jumping to random instructions if a firm is found to be invalid. Using the OTP allows us to launch the FIRM without it refusing to boot, but since it fails another seperate integrity check, it still panics. But we injected our payload to where it jumps, so it unknowingly reads our instruction, which is arm9loaderhax. Profit.
Click to expand...
not 100% percent right, we are putting our payload at the end of a firm version that is bigger, after this we are using the OTP's hash to encrypt our own firm encryption keys, where we changed the key that firmware 9.6+ uses on the new 3DS, and copy this to the nand. Because of this, the 3ds firmloader will decrypt firm 1, where we used the smaller 10.2 firm, to garbage. And because the firm1 is smaller than firm0 our payload is still left in the memory. So after the 3ds decrypted it the 3DS tries to jump to this garbage, where the first instuction is a jump our payload, because of our specific key, that we brute forced before.
So while firm0 is skipped, because we modified it and broke its signature, the signature of firm1 is still valid, because its an untouched firm without any modifications. On the other side we modified the key storage, which doesn't have a signature, which causes the brick on new 3DS systems, if we update Firm to a legit one, because it will still try to decrypt it to garbage.

Edit: @Swiftloke was a bit faster xD
 
Last edited by RednaxelaNnamtra,
Swiftloke

Swiftloke

Hwaaaa!
Member
Level 8
Joined
Jan 26, 2015
Messages
1,770
Trophies
1
Location
Nowhere
XP
1,478
Country
United States
RednaxelaNnamtra said:
not 100% percent right, we are putting our payload at the end of a firm version that is bigger, after this we are using the OTP's hash to encrypt our own firm encryption keys, where we changed the key that firmware 9.6+ uses on the new 3DS, and copy this to the nand. Because of this, the 3ds firmloader will decrypt firm 1, where we used the smaller 10.2 firm, to garbage. And because the firm1 is smaller than firm0 our payload is still left in the memory. So after the 3ds decrypted it the 3DS tries to jump to this garbage, where the first instuction is a jump our payload, because of our specific key, that we brute forced before.
So while firm0 is skipped, because we modified it and broke its signature, the signature of firm1 is still valid, because its an untouched firm without any modifications. On the other side we modified the key storage, which doesn't have a signature, which causes the brick on new 3DS systems, if we update Firm to a legit one, because it will still try to decrypt it to garbage.

Edit: @Swiftloke was a bit faster xD
Click to expand...
Damn you just got ninja'd harder than titanium
 
  • Like
Reactions: Deleted-379826 and RednaxelaNnamtra
RednaxelaNnamtra

RednaxelaNnamtra

Well-Known Member
Member
Level 12
Joined
Dec 8, 2011
Messages
1,208
Trophies
1
XP
3,334
Country
Germany
Swiftloke said:
Completely untrue. The OTP is not used for any kind of FIRM encryption at all. Rather, the OTP is used in FIRM decryption.
The OTP is used to calculate keys that are used in arm9loader to decrypt FIRM0 & FIRM1. The FIRMs are signed by Nintendo, which obviously we can't change and still have signed. However, what we do is add a payload to the end of FIRM0. Because FIRM0 isn't signed, the bootrom does not jump to it and reads the backup FIRM1, which is smaller, and thus our payload isn't unloaded when the valid FIRM1 is read and prepared to jump to. Now here's where the OTP comes into play. Simplified to an extreme, the FIRM1 is signed by Nintendo, but that doesn't mean it has to be read correctly, thanks to the unsigned keystore flaw. Because the keys are derived from the OTP, we obtain our OTP to mathematically determine a very special key. This key, when used by the bootrom to decrypt FIRM1, will decrypt FIRM1 to, at the point where ARM9 jumps in, have an instruction to jump to our payload, still loaded in at the end of memory. Rekt.
I hope this answered any questions, and wasn't too confusing. Tell me if there's something I didn't cover, or doesn't make sense ;)
Something else to mention: FIRM0 is the only integrity check that's failed. The arm9loader does not check the keystore, which unknowingly leads itself to its doom.
Click to expand...
To be completely correct, its not the bootrom that decrypts the firm, its the arm9loader, that got added on the new 3DS, and because of that its called arm9loaderhax :)
 
  • Like
Reactions: Krakatau
Friendsxix

Friendsxix

Introspective Potato
Member
Level 11
Joined
May 6, 2008
Messages
266
Trophies
1
Location
Best Hemisphere
XP
2,686
Country
United States
Swiftloke said:
Completely untrue. The OTP is not used for any kind of FIRM encryption at all. Rather, the OTP is used in FIRM decryption.
The OTP is used to calculate keys that are used in arm9loader to decrypt FIRM0 & FIRM1. The FIRMs are signed by Nintendo, which obviously we can't change and still have signed. However, what we do is add a payload to the end of FIRM0. Because FIRM0 isn't signed, the bootrom does not jump to it and reads the backup FIRM1, which is smaller, and thus our payload isn't unloaded when the valid FIRM1 is read and prepared to jump to. Now here's where the OTP comes into play. Simplified to an extreme, the FIRM1 is signed by Nintendo, but that doesn't mean it has to be read correctly, thanks to the unsigned keystore flaw. Because the keys are derived from the OTP, we obtain our OTP to mathematically determine a very special key. This key, when used by the bootrom to decrypt FIRM1, will decrypt FIRM1 to, at the point where ARM9 jumps in, have an instruction to jump to our payload, still loaded in at the end of memory. Rekt.
I hope this answered any questions, and wasn't too confusing. Tell me if there's something I didn't cover, or doesn't make sense ;)
Something else to mention: FIRM0 is the only integrity check that's failed. The arm9loader does not check the keystore, which unknowingly leads itself to its doom.
Click to expand...
You forgot the best part! Arm9loader generates two keys -- the old one that was compromised right away, and the new one Nintendo hastily generated in response. The reason the exploit works is because, while the original key was actually verified before it was used, the second key is not! :rofl2:
 
Swiftloke

Swiftloke

Hwaaaa!
Member
Level 8
Joined
Jan 26, 2015
Messages
1,770
Trophies
1
Location
Nowhere
XP
1,478
Country
United States
Friendsxix said:
You forgot the best part! Arm9loader generates two keys -- the old one that was compromised right away, and the new one Nintendo hastily generated in response. The reason the exploit works is because, while the original key was actually verified before it was used, the second key is not! :rofl2:
Click to expand...
Not necessarily related to the explanation of arm9loaderhax itself. Because so many people like that post, I might include that bit of info in a separate thread explaining arm9loaderhax in general.
Would you all like that? /:/
Also, it's two different versions of arm9loader, not keys.
 
  • Like
Reactions: BothyBhoy
B

BothyBhoy

Well-Known Member
Member
Level 3
Joined
Nov 27, 2015
Messages
838
Trophies
0
Age
71
XP
339
Country
Swiftloke said:
Not necessarily related to the explanation of arm9loaderhax itself. Because so many people like that post, I might include that bit of info in a separate thread explaining arm9loaderhax in general.
Would you all like that? /:/
Also, it's two different versions of arm9loader, not keys.
Click to expand...
yes please.......would make a very interesting read!!!!!,,
 
RednaxelaNnamtra

RednaxelaNnamtra

Well-Known Member
Member
Level 12
Joined
Dec 8, 2011
Messages
1,208
Trophies
1
XP
3,334
Country
Germany
@Swiftloke I think its the bootrom that checks the signatures, while the arm9loader is part of the firm partition and does the encryption of the (arm9-) firm inside of the firm partition. But im not 100% sure atm.
 
Friendsxix

Friendsxix

Introspective Potato
Member
Level 11
Joined
May 6, 2008
Messages
266
Trophies
1
Location
Best Hemisphere
XP
2,686
Country
United States
Swiftloke said:
Not necessarily related to the explanation of arm9loaderhax itself. Because so many people like that post, I might include that bit of info in a separate thread explaining arm9loaderhax in general.
Would you all like that? /:/
Also, it's two different versions of arm9loader, not keys.
Click to expand...
No, it's not only a different version -- it's a different key.

EDIT: Watch at 55:03.
 
Last edited by Friendsxix,
  • Like
Reactions: RednaxelaNnamtra

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Homebrew  A new way to experience StreetPass

After the 8th of April, will it still be possible to create a new NNID (Nintendo Network ID) and/or transfer a NNID from one console to another?

Is it possible...?

Hacking Homebrew  how to link pnid to 3ds/how to use juxtaposition?

Hacking  New 2ds Refuses to boot

Hacking Misc  VCRUNTIME140.dll UCRTBASED.dll Master Thread

Translation Project  DQM2SP translation

3DS won't boot into DS Mode, Extended Memory Mode and more

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: It's mostly the ones that are just pictures and no instructions at all