Hacking 3DS Firmware has been decrypted

[indask8]

Neimod shared the key for the US Nintendo 3DS Camera application on IRC. Not sure what it means... (key for title id 0004001000022400 http://3dbrew.org/wiki/Title_list)

i present you a key, and you must find the lock!
the key is: ********************************
it's 3DS related, and also AES CBC related
...
fuck it, the title is 0004001000021400

Not gonna happen but a tiff exploit like on the good old psp would have been fun.

 

[3DSGuy]

Neimod shared the key for the US Nintendo 3DS Camera application on IRC. Not sure what it means... (key for title id 0004001000022400 http://3dbrew.org/wiki/Title_list)

i present you a key, and you must find the lock!
the key is: ********************************
it's 3DS related, and also AES CBC related
...
fuck it, the title is 0004001000021400

Can you un-astrix the key, so we can tell you if it is useful or not.

 

[DiNo29]

*key was here*

He also said he glanced over TWL_FIRM (DSi Firmware) so I guess it means he decrypted that too, but said "it's like MIOS for Wii", "it does not look anything like the actual DSi firmware"

 

[SanGor]

key works!

 

[tmactx]

key works!

like on Console for USA

 

[osm70]

So what is it good for?

 

[JackSakamoto]

Hmmm.. Is that useful for the moment ? remember Nintendo automatic updates..
Whatever,i hope that's true.

 

[3DSGuy]

Okay guys, I now know what this is. The key is definitely real. It is called the 'decrypted title key' for the Nintendo 3DS Camera app. What does that mean? It means that you can decrypt the the NCCH files for the Nintendo 3DS Camera app from their form as they exist on Nintendo's servers to a readable NCCH file. Note that the contents of the NCCH file is still encrypted. What is the relevance of this? Well there are only two way's (I can think of), which the title key could have been obtained:

1/ Decrypted the title key with the 3DS Common Key
2/ Watched the RAM while a system update was performed, and waited until the decrypted title key entered memory.

 

[osm70]

I will ask again.

So what is it good for?

 

[SanGor]

I will ask again.

So what is it good for?

absolutely nothing!

 

[3DSGuy]

I will ask again.

So what is it good for?

I will say again.

you can decrypt the the NCCH files for the Nintendo 3DS Camera app from their form as they exist on Nintendo's servers to a readable NCCH file.

 

[osm70]

I will ask again.

So what is it good for?

I will say again.

you can decrypt the the NCCH files for the Nintendo 3DS Camera app from their form as they exist on Nintendo's servers to a readable NCCH file.

So could I host custom NUS, connect by DNS spoofing and "update" the camera app to my custom program?

 

[3DSGuy]

I will ask again.

So what is it good for?

I will say again.

you can decrypt the the NCCH files for the Nintendo 3DS Camera app from their form as they exist on Nintendo's servers to a readable NCCH file.

So could I host custom NUS, connect by DNS spoofing and "update" the camera app to my custom program?

No. You can decrypt the NCCH files for the Nintendo 3DS Camera from nintendo's servers. I never said anything about spoofing

 

[osm70]

I will ask again.

So what is it good for?

I will say again.

you can decrypt the the NCCH files for the Nintendo 3DS Camera app from their form as they exist on Nintendo's servers to a readable NCCH file.

So could I host custom NUS, connect by DNS spoofing and "update" the camera app to my custom program?

No. You can decrypt the NCCH files for the Nintendo 3DS Camera from nintendo's servers. I never said anything about spoofing

If I can decrypt, cant I also encrypt?

 

[3DSGuy]

I will ask again.

So what is it good for?

I will say again.

you can decrypt the the NCCH files for the Nintendo 3DS Camera app from their form as they exist on Nintendo's servers to a readable NCCH file.

So could I host custom NUS, connect by DNS spoofing and "update" the camera app to my custom program?

No. You can decrypt the NCCH files for the Nintendo 3DS Camera from nintendo's servers. I never said anything about spoofing

If I can decrypt, cant I also encrypt?

Not with this key you can't. Plus you'd need to sign it.

 

[Rydian]

If I can decrypt, cant I also encrypt?

Some systems use a method where the decryption key is also the encryption key, but most game systems use a system where the keys are different.

http://en.wikipedia.org/wiki/Public-key_cryptography

 

[Ericthegreat]

I will ask again.

So what is it good for?

I will say again.

you can decrypt the the NCCH files for the Nintendo 3DS Camera app from their form as they exist on Nintendo's servers to a readable NCCH file.

So could I host custom NUS, connect by DNS spoofing and "update" the camera app to my custom program?

No. You can decrypt the NCCH files for the Nintendo 3DS Camera from nintendo's servers. I never said anything about spoofing

If I can decrypt, cant I also encrypt?

Not with this key you can't. Plus you'd need to sign it.

Dam I was excited....

 

[Ericthegreat]

yea....:

http://www.3dbrew.org/wiki/Talk:Nintendo_3DS_Camera

 

[MoshMarioMaldona]

yea....:

http://www.3dbrew.or...endo_3DS_Camera

And that means exactly?

 

[Sylantemp]

yea....:

http://www.3dbrew.or...endo_3DS_Camera

And that means exactly?

It's a brief explanation of how the NCCH (A type of container used by the 3DS) keys are randomized and individual per-console. This was probably asked to clarify the significance of the key recently released that is associated with the 3DS Camera, which is NOT used for decrypting the app, but is simply used for (Someone please correct me if I'm wrong) downloading the encrypted form from Nintendo servers. If the key HAD been a universal NCCH key, which is what 3dsguy was asking, it may have opened up a lot more options (again, I could be wrong, if anyone who knows better cares to correct me), such as being able to analyze the app header.

Edit: Before someone can take my words out of context, the key released will NOT enable anything hypothetically mentioned above.