Hacking Needs some help understanding Decrypted Title Keys and the encryption state of installed cia files

apoptygma · Jul 6, 2016

I'm just trying to get my head around the existing database of Decrypted Title Keys -

1) These keys are generated from a purchased/installed title using what tool?
2) If a cia is installed from another source (be it 'clean' or otherwise) would the same key be able to be extracted from that working install?
3) Does the initial state of a given cia when installed determine what it's contents on the NAND will be? ie. is decryption performed at the time of install, so a decrypted title, encrypted title (with keys available) and a title installed from say uncart all end up in the same 'state' once installed or is it possible to have a title installed which does not run due to encryption?
4) Does the site validate keys against the CDN to prevent incorrect keys being submitted?
5) Would (local) brute-forcing be possible given that there's afaik 1.2089258e+24 possible keys for a given title?

Ricken · Jul 6, 2016

apoptygma said:
I'm just trying to get my head around the existing database of Decrypted Title Keys -

1) These keys are generated from a purchased/installed title using what tool?
2) If a cia is installed from another source (be it 'clean' or otherwise) would the same key be able to be extracted from that working install?
3) Does the initial state of a given cia when installed determine what it's contents on the NAND will be? ie. is decryption performed at the time of install, so a decrypted title, encrypted title (with keys available) and a title installed from say uncart all end up in the same 'state' once installed or is it possible to have a title installed which does not run due to encryption?
4) Does the site validate keys against the CDN to prevent incorrect keys being submitted?
5) Would (local) brute-forcing be possible given that there's afaik 1.2089258e+24 possible keys for a given title?

1) The keys are generated by Ninty, and they use their private software
2) Nope, because the key data isn't saved to the title. The eShop puts the keys in your Nand, hence why Decrypt9 can dump them
3) I'm not fully getting this question... but I don't think so. Correct me if I'm wrong, but keys are for eShop games only
4) Probably, as you can't enter names of games when submitting just a TID and DTK
5) Not easily, as I don't see how you could get the TID without having it installed, and if you have it installed, then either A. someone has dumpshared it, or B. you can dump your DTK.bin and upload it

apoptygma · Jul 6, 2016

Ricken said:
1) The keys are generated by Ninty, and they use their private software
2) Nope, because the key data isn't saved to the title. The eShop puts the keys in your Nand, hence why Decrypt9 can dump them
3) I'm not fully getting this question... but I don't think so. Correct me if I'm wrong, but keys are for eShop games only
4) Probably, as you can't enter names of games when submitting just a TID and DTK
5) Not easily, as I don't see how you could get the TID without having it installed, and if you have it installed, then either A. someone has dumpshared it, or B. you can dump your DTK.bin and upload it

I think the answer to 1) might be Decrypt9 from the sound of your second answer? I meant (to phrase it differently) how are people getting these keys to put them into the main database on the site.

your answer to 5 - I mean there's titles that are available elsewhere as .cia files that aren't listed in this database, so they've been dumped but the key wasn't submitted, so is there a way for me to get the keys from those dumps and then submit it (possibly using Decrypt9?)

So my understanding is that there's either a title that's installed without encryption being present, ie. the cia is decrypted - for those the key won't be present/installed in the NAND and then there's titles which have a key stored in the NAND, those can be extracted via decrypt9.

So my concept of grabbing a cia from another site, installing it and then using a tool to extract the key wont work because that title will have already been decrypted by the party that dumped it and the keys will have been discarded?

Ricken · Jul 6, 2016

apoptygma said:
I think the answer to 1) might be Decrypt9 from the sound of your second answer? I meant (to phrase it differently) how are people getting these keys to put them into the main database on the site.

your answer to 5 - I mean there's titles that are available elsewhere as .cia files that aren't listed in this database, so they've been dumped but the key wasn't submitted, so is there a way for me to get the keys from those dumps and then submit it (possibly using Decrypt9?)

So my understanding is that there's either a title that's installed without encryption being present, ie. the cia is decrypted - for those the key won't be present/installed in the NAND and then there's titles which have a key stored in the NAND, those can be extracted via decrypt9.

So my concept of grabbing a cia from another site, installing it and then using a tool to extract the key wont work because that title will have already been decrypted by the party that dumped it and the keys will have been discarded?

d0k3 doesn't work for Ninty. lol

Nope, unless you bought it off the eShop. Then you'd have keys to dump. Installing a .cia from a site like that Iso won't work as the keys aren't stored within the .cias

Again with the eShop

Yep, Discard

apoptygma · Jul 6, 2016

Ricken said:
d0k3 doesn't work for Ninty. lol

I meant how the keys got on the site , not what tool did nintendo generate them with but what tool was used to extract them, and It sounds like it was d0k3's tools.

Ricken · Jul 6, 2016

apoptygma said:
I meant how the keys got on the site , not what tool did nintendo generate them with but what tool was used to extract them, and It sounds like it was d0k3's tools.

Oh yeah, Decrypt9. my bad

c4388354 · Jul 6, 2016

apoptygma said:
1) These keys are generated from a purchased/installed title using what tool?
2) If a cia is installed from another source (be it 'clean' or otherwise) would the same key be able to be extracted from that working install?
3) Does the initial state of a given cia when installed determine what it's contents on the NAND will be? ie. is decryption performed at the time of install, so a decrypted title, encrypted title (with keys available) and a title installed from say uncart all end up in the same 'state' once installed or is it possible to have a title installed which does not run due to encryption?
4) Does the site validate keys against the CDN to prevent incorrect keys being submitted?
5) Would (local) brute-forcing be possible given that there's afaik 1.2089258e+24 possible keys for a given title?

1) You buy a title/game from the eShop, then use Decrypt9 Dump Titlekeys option to get a EncTitleKeys/bin / DecTitleKeys.bin file, which you can then upload

2) If the CIA was an eshop release (not converted from a Gamecart) and the CIA is NOT cryptofixed, then it might be possible that the keys are the same as the eShop.
If you have the CIA then you can extract the titleid and encrypted key from the CIA file.
if you don't have the CIA file, the encrypted key can be found in the 'ticket.db' file of your 3DS.

It is a bit of a lengthy process to verify the CIA key is correct.

The encrypted key is stored in the CIA at offset 0x2BFF (usually) and its length is 16 bytes.
The TitleID is stored in the CIA at offset (0x2C1C) (usually) and its length is 8 bytes.
You can take the TitleID and Encrypted key, make an 'EncTitleKey.bin' file (hex-editor) and decrypt it using Decrypt9.
Here is a sample EncTitleKey.bin file with ONE entry. (Filesize should be 48 bytes)

Code:

01000000 FFFFFFFF FFFFFFFF FFFFFFFF
00000000 FFFFFFFF <8 Bytes Title ID - e.g 00040000 12345678>
<16 bytes Encrypted Key - e.g 01234567 89ABCDEF FEDCBA98 7654321>

Open the DecTitleKey.bin file and get the decrypted key from it. (same format as EncTitleKey.bin file)

Then you can download the TMD (Title Meta Data): from:

Code:

http://ccs.cdn.c.shop.nintendowifi.net/ccs/download/<TITLEID>/TMD

(replace <TITLEID> with the titleid of the game - e.g 0004000012345678)

Get the TMD info using ctrtool using the command below and it will give an output like:

Code:

ctrtool.exe -i --intype=tmd "YourTMDFile.tmd"

Code:

<snip>
TMD contents:
Content id:             00000000
Content index:          0000
Content type:           0001 [encrypted]
Content size:           0000000007071000
Content hash:           C6AE521B811633D6F38C0748CA494DFE10CAC013B6F60CED3C03F3022A1F1C73

Content id:             00000001
Content index:          0001
Content type:           0001 [encrypted]
Content size:           0000000000139000
Content hash:           7E97901D65642822F163558765878579CDED0F328CE44C18A7914658E7C9366C

In the URL above, replace 'TMD' with the content ID filename to get the encrypted file. This TMD has two files:

Code:

http://ccs.cdn.c.shop.nintendowifi.net/ccs/download/0004000012345678/00000000
http://ccs.cdn.c.shop.nintendowifi.net/ccs/download/0004000012345678/00000001

The 'Content size' is the Filesize, but its in hex, so you'll need to convert it to decimal:
e.g File '00000000 = Hex: 0000000007071000 to Decimal: 117,903,360 (this is the size of file in bytes)
you only really need the first few kilobytes of one of the content files decrypt it and look at the header or
you can fully get one of the content files, decrypt it and verify the decrypted hash matches the one in the TMD .

The IV (Initial Value) is the 'Content Index' plus 14 bytes of 00's so:
for 00000000 the IV would be 0000 + 14 bytes of 00's (00000000000000000000000000000000)
for 00000001 the IV would be 0001 + 14 bytes of 00's (00010000000000000000000000000000)
(Note: the content ID and content index don't always match, sometimes it differs)

Now, you have the file content, try decrypting it with AES-128-CBC, using the Decrypted Key and IV.
The SHA-256 hash of the decrypted file should match the content hash in the TMD,
if so, then congratulations, your decrypted titlekey is correct

You can then make a 'ticket' with say FunKeyCIA / CDN-FX and name it "cetk" - no extension,
put it in a folder with the ENCRYPTED content files and TMD file named "tmd" - no extension,
then use make_cdn_cia to make it into a valid eshop CIA file.

3) Once the title is installed (and sig-checks patched) there is no functional difference,
a game converted from a gamecard will run the same as an eshop game.

4) yes the site does seem to check, this is why the site only accepts DECRYPTED keys.
The site seems to download and decrypt one of the content files and check that the hashes match the TMD
once this check is done and the hash matches then the decrypted key gets added to the site database.
If the hash doesn't match then the key will be rejected.
Once a day? / every few days? Those decrypted keys are 're-encrypted' and put on the site.

5) no, not feasible to brute-force a key...

apoptygma · Jul 7, 2016

c4388354 said:
1) You buy a title/game from the eShop, then use Decrypt9 Dump Titlekeys option to get a EncTitleKeys/bin / DecTitleKeys.bin file, which you can then upload

2) If the CIA was an eshop release (not converted from a Gamecart) and the CIA is NOT cryptofixed, then it might be possible that the keys are the same as the eShop.
If you have the CIA then you can extract the titleid and encrypted key from the CIA file.
if you don't have the CIA file, the encrypted key can be found in the 'ticket.db' file of your 3DS.

It is a bit of a lengthy process to verify the CIA key is correct.

The encrypted key is stored in the CIA at offset 0x2BFF (usually) and its length is 16 bytes.
The TitleID is stored in the CIA at offset (0x2C1C) (usually) and its length is 8 bytes.
You can take the TitleID and Encrypted key, make an 'EncTitleKey.bin' file (hex-editor) and decrypt it using Decrypt9.
Here is a sample EncTitleKey.bin file with ONE entry. (Filesize should be 48 bytes)

Code:

01000000 FFFFFFFF FFFFFFFF FFFFFFFF 00000000 FFFFFFFF <8 Bytes Title ID - e.g 00040000 12345678> <16 bytes Encrypted Key - e.g 01234567 89ABCDEF FEDCBA98 7654321>

Open the DecTitleKey.bin file and get the decrypted key from it. (same format as EncTitleKey.bin file)

Then you can download the TMD (Title Meta Data): from:

Code:

http://ccs.cdn.c.shop.nintendowifi.net/ccs/download/<TITLEID>/TMD

(replace <TITLEID> with the titleid of the game - e.g 0004000012345678)

Get the TMD info using ctrtool using the command below and it will give an output like:

Code:

ctrtool.exe -i --intype=tmd "YourTMDFile.tmd"

Code:

<snip> TMD contents: Content id: 00000000 Content index: 0000 Content type: 0001 [encrypted] Content size: 0000000007071000 Content hash: C6AE521B811633D6F38C0748CA494DFE10CAC013B6F60CED3C03F3022A1F1C73 Content id: 00000001 Content index: 0001 Content type: 0001 [encrypted] Content size: 0000000000139000 Content hash: 7E97901D65642822F163558765878579CDED0F328CE44C18A7914658E7C9366C

In the URL above, replace 'TMD' with the content ID filename to get the encrypted file. This TMD has two files:

Code:

http://ccs.cdn.c.shop.nintendowifi.net/ccs/download/0004000012345678/00000000 http://ccs.cdn.c.shop.nintendowifi.net/ccs/download/0004000012345678/00000001

The 'Content size' is the Filesize, but its in hex, so you'll need to convert it to decimal:
e.g File '00000000 = Hex: 0000000007071000 to Decimal: 117,903,360 (this is the size of file in bytes)
you only really need the first few kilobytes of one of the content files decrypt it and look at the header or
you can fully get one of the content files, decrypt it and verify the decrypted hash matches the one in the TMD .

The IV (Initial Value) is the 'Content Index' plus 14 bytes of 00's so:
for 00000000 the IV would be 0000 + 14 bytes of 00's (00000000000000000000000000000000)
for 00000001 the IV would be 0001 + 14 bytes of 00's (00010000000000000000000000000000)
(Note: the content ID and content index don't always match, sometimes it differs)

Now, you have the file content, try decrypting it with AES-128-CBC, using the Decrypted Key and IV.
The SHA-256 hash of the decrypted file should match the content hash in the TMD,
if so, then congratulations, your decrypted titlekey is correct

You can then make a 'ticket' with say FunKeyCIA / CDN-FX and name it "cetk" - no extension,
put it in a folder with the ENCRYPTED content files and TMD file named "tmd" - no extension,
then use make_cdn_cia to make it into a valid eshop CIA file.

3) Once the title is installed (and sig-checks patched) there is no functional difference,
a game converted from a gamecard will run the same as an eshop game.

4) yes the site does seem to check, this is why the site only accepts DECRYPTED keys.
The site seems to download and decrypt one of the content files and check that the hashes match the TMD
once this check is done and the hash matches then the decrypted key gets added to the site database.
If the hash doesn't match then the key will be rejected.
Once a day? / every few days? Those decrypted keys are 're-encrypted' and put on the site.

5) no, not feasible to brute-force a key...

Wow amazing info! Why do you say brute-force isn't plausible? Modern GPUs could throw millions/billions of keys at a locally stored binary?

c4388354 · Jul 7, 2016

its a 128 bit key, so 2 ^ 128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 possible keys
Number of seconds in one Year = 365 days x 24 hours x 60 minutes x 60 seconds = 31,536,000

Lets say you can test 10 BILLION keys per second, every second for a year...
(not exactly sure how many keys you could test per second, but lets say 10 billion per second)
31,536,000 x 10,000,000,000,000 = 315,360,000,000,000,000 keys per year per computer.

340,282,366,920,938,463,463,374,607,431,768,211,456 keys total (2 ^ 128)
000,000,000,000,000,000,000,315,360,000,000,000,000 keys checked per computer per year
(I've added leading zeros to show the huge difference between the numbers)

Lets say you can find the key after trying 50% of them, that is still
170,141,183,460,469,231,731,687,303,715,884,105,728 keys.

edit: forgot a zero

apoptygma · Jul 8, 2016

c4388354 said:
its a 128 bit key, so 2 ^ 128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 possible keys
Number of seconds in one Year = 365 days x 24 hours x 60 minutes x 60 seconds = 31,536,000

Lets say you can test 10 BILLION keys per second, every second for a year...
(not exactly sure how many keys you could test per second, but lets say 10 billion per second)
31,536,000 x 10,000,000,000,000 = 315,360,000,000,000,000 keys per year per computer.

340,282,366,920,938,463,463,374,607,431,768,211,456 keys total (2 ^ 128)
000,000,000,000,000,000,000,315,360,000,000,000,000 keys checked per computer per year
(I've added leading zeros to show the huge difference between the numbers)

Lets say you can find the key after trying 50% of them, that is still
170,141,183,460,469,231,731,687,303,715,884,105,728 keys.

edit: forgot a zero

well played sir, "r/TheyDidTheMath"
My mistake was thinking it was a 32-bit key

Hacking Needs some help understanding Decrypted Title Keys and the encryption state of installed cia files

Well-Known Member

Searching for the air to breathe~

Well-Known Member

Searching for the air to breathe~

Well-Known Member

Searching for the air to breathe~

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum