Homebrew nds-constrain't - Taking advantage of a flaw in the Nintendo DS(i) SSL library

FAST6191

Techromancer
Editorial Team
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,284
Country
United Kingdom
  • Like
Reactions: Tarmfot

Searinox

"Dances" with Dragons
Member
Joined
Dec 16, 2007
Messages
2,073
Trophies
1
Age
36
Location
Bucharest
XP
2,184
Country
Romania
There is a writeup of it all on
https://github.com/KaeruTeam/nds-constraint

In this case it is more that owing to a shoddy implementation of SSL on the DS we could use another key Nintendo signed for another purpose but have the have the DS think it is an acceptable substitution.
Looks like it's using SHA-1. IIRC it's now possible to produce collisions with this hash. Wouldn't this have been just as good for producing user certs whose hash matches that of another Nintendo-signed cert? No trust chain flaw required.
 

FAST6191

Techromancer
Editorial Team
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,284
Country
United Kingdom
Looks like it's using SHA-1. IIRC it's now possible to produce collisions with this hash. Wouldn't this have been just as good for producing user certs whose hash matches that of another Nintendo-signed cert? No trust chain flaw required.
I have not kept up with SHA1 stuff lately to see if complexity has been reduced further but the amount of computing power required for such a trick when the hashes were revealed back in 2017 was quite considerable (industrial espionage/nation state level, and last month https://www.schneier.com/blog/archives/2018/12/md5_and_sha-1_s.html reckons a preimage attack is still not on the cards). If we have suitable certs and keys and every game out there does not check the flag mentioned in the writeup then why bother forcing a hash? Even more so if a simple game mod (or even cheat) can also do the same thing?
 
  • Like
Reactions: Searinox

Esjay131

Well-Known Member
Newcomer
Joined
Mar 11, 2010
Messages
77
Trophies
1
Age
33
XP
424
Country
United States
There is a writeup of it all on
https://github.com/KaeruTeam/nds-constraint

In this case it is more that owing to a shoddy implementation of SSL on the DS we could use another key Nintendo signed for another purpose but have the have the DS think it is an acceptable substitution.
Ah, thank you for the response. I skimmed the github readme earlier and didn't retain anything about the keys.
 

Apache Thunder

I have cameras in your head!
Member
Joined
Oct 7, 2007
Messages
4,402
Trophies
3
Age
36
Location
Levelland, Texas
Website
www.mariopc.co.nr
XP
6,744
Country
United States
You know another thing that uses SHA-1? The decrypted RSA block of SRL files...Someone correct me if I'm wrong here, but as I recall the main way SRLs are authenticated (the header region specifically) is by decrypting the RSA region and comparing the SHA-1 value against a fixed region of the header area of the SRL. If the collision could be made to work on that SHA-1 hash then you could produce a modified SRL header that matches the original SHA-1?

Because with the way RSA works in this instance is that it's used to encrypt the region that the SHA-1 hash is stored. There is a public key used to decrypt it and a private key used to encrypt it. We can't encrypt because no private key and thus can't change the SHA-1 hash.

But I'm pretty sure getting public key is easy. Just pull that out of Launcher SRL as I'm sure it has to have it to decrypt SRL RSA regions. If you can manage to make a colliding SHA-1 you won't have to change the SHA-1 in the original RSA region, thus not needing to worry about re-encrypting it? Might be best to try and produce a colliding sha-1 of Launcher.

The main issue is TMD files though. You'd also have to break SHA-1 in those and I'm not sure if their RSA region is used in the same way...

Though as I recall TMDs have a SHA-1 for the entire SRL and that's how the TMD makes sure the SRL is the same. Could just collide that SHA-1 hash too with random data outside of the SRL header region. Since the RSA region only protects the DSi Extended header + NTR header of the SRL, data placed outside that can be used to make a colliding SHA-1 for the TMD? I think that could work.


The main issue though is entry point. We already have Unlaunch so there's no point doing this unless you can produce such a collision with a exported SRL via Data Management and make it easy for users to install Unlaunch on any DSi. I don't recall how the exported games are protected. As i recall it was easy to break and modify the save file stored in it for installing sudokuhax. If one could change the save, then one could change the SRL too? Later versions of Launcher fixed this attack point, but that shouldn't matter if you replace the SRL too and not worry about the save file. I think the main thing though is Launcher info in the ticket for the game to verify the content of the exported file. Haven't messed with these files that much so not sure on that one.

Oh also pretty sure 3DS related software uses SHA-256 and higher. Don't recall seeing much SHA-1 stuff there.
 
Last edited by Apache Thunder,

elenarguez

Well-Known Member
Member
Joined
Jun 14, 2018
Messages
231
Trophies
0
XP
991
Country
Spain
I have the same problem as the user here, I get error 31020 when trying to find downloads (DLC) with the DNS of altwfc in my dsi, is there any solution?
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Xdqwerty @ Xdqwerty:
    Good morning
  • Xdqwerty @ Xdqwerty:
    Out of nowhere I got several scars on my forearm and part of my arm and it really itches.
  • AdRoz78 @ AdRoz78:
    Hey, I bought a modchip today and it says "New 2040plus" in the top left corner. Is this a legit chip or was I scammed?
  • Veho @ Veho:
    @AdRoz78 start a thread and post a photo of the chip.
    +2
  • Xdqwerty @ Xdqwerty:
    Yawn
  • S @ salazarcosplay:
    and good morning everyone
    +1
  • K3Nv2 @ K3Nv2:
    @BakerMan, his partner is Luke
  • Sicklyboy @ Sicklyboy:
    Sup nerds
    +1
  • Flame @ Flame:
    oh hi, Sickly
  • K3Nv2 @ K3Nv2:
    Oh hi flame
  • S @ salazarcosplay:
    @K3Nv2 what was your ps4 situation
  • S @ salazarcosplay:
    did you always have a ps4 you never updated
  • S @ salazarcosplay:
    or were you able to get new ps4 tracking it \
    as soon as the hack was announced
  • S @ salazarcosplay:
    or did you have to find a used one with the lower firm ware that was not updated
  • K3Nv2 @ K3Nv2:
    I got this ps4 at launch and never updated since 9.0
  • K3Nv2 @ K3Nv2:
    You got a good chance of buying a used one and asking the seller how often they used or even ask for a Pic of fw and telling them not to update
  • RedColoredStars @ RedColoredStars:
    Speaking of PLaystation. I see Evilnat put out a beta for PS3 CFW 4.91.2 on the 22nd.
  • K3Nv2 @ K3Nv2:
    Don't really see the point in updating it tbh
  • BigOnYa @ BigOnYa:
    Yea you right, I thought about updating my PS3 CFW to 4.91, but why really, everything plays fine now. I guess for people that have already updated past 4.9 it would be helpful.
  • K3Nv2 @ K3Nv2:
    Idk if online servers are still active that would be my only thought
    +1
  • BigOnYa @ BigOnYa:
    Thats true, personally I don't play it online at all, in fact, I deleted all wifi details on it once I installed CFW, so it won't connect and auto-update itself
  • BigOnYa @ BigOnYa:
    I play most games that are on both PS3/360 strickly on the 360, but PS3 exclusives are really only games I play on the PS3 (You know me, I'm more of a Xbox junkie)
  • K3Nv2 @ K3Nv2:
    Ps3 really has no titles worth going online over nps is the only reason you'd want wifi
    K3Nv2 @ K3Nv2: Ps3 really has no titles worth going online over nps is the only reason you'd want wifi