Homebrew 9.5 Encryption Broke By Yellows8

[SLiV3R]

Yifan lu said that yellows8 is the sharpest RE in the 3ds scene. If you look at 3ds brew 95 % of all exploits are his discoveries. But gw are a team with more than 2 ppl involved. So it should not be impossible for them either I guess..

 

[Slushie3DS]

And now we will have a new GW announcement...

I'm starting to think Smea & Yellows8 are from GW team

That horse has been beaten into the next universe.

 

[Kikirini]

This is good news. Hopefully we won't have to wait months to transfer to our new 3DSes

 

[Arras]

IIRC another person also managed to hack it as well, and all the other keys could be extracted already (ie the rest of Nintendo's trap cards to stop emuNAND on N3DS). So whatever plans Nintendo had to block emuNAND with this are gone. They really messed this one up.

9.4 was already hackable on n3DS. The new key they added on 9.5 can be (apparently easily) extracted, yes, but what's preventing them from just changing it again, but without the mistake they made here?

 

[VMM]

This won't get public, don't get your hopes high

 

[shinyquagsire23]

9.4 was already hackable on n3DS. The new key they added on 9.5 can be (apparently easily) extracted, yes, but what's preventing them from just changing it again, but without the mistake they made here?

To be honest I'm not sure what the entire situation is with the keys, but I recall mathieu also extracted the keys and the slip-up also exposed the other key slots.

Wait, found that tweet:
https://twitter.com/Mathieulh/status/562923931565555714

TLDR; They dun messed up, and all their extra key slots they made to fend off Gateway are useless apparently without new hardware.

EDIT: Looks like it *might* be possible for this to be cleared by Nintendo, but basically the issue is that the key slots they used for encryption aren't cleared even on hard reboot, so I'm guessing you could grab those fairly easily from a vulnerable firmware. Full tweet is this:

Dear @Nintendo I spotted an implementation failure on the *New* 3DS that allows keyslot 0x11 to remain uncleared after a hard reboot. this allows to derive the secondary/regular key for keyslot 0x11 (by performing the AES-ECB on the unit and gathering the result). This basically makes the *New* 3DS ARM9 added cryptography step very much useless. this attack also allows a third party to get the KeyX for keyslots 0x18-0x20 (aka *New* 3DS Only keys) making those worthless too

 

[gothicall]

9.6 incoming.

Man, your avatar makes me laugh every time I see it. Cool Carlton.

 

[ewin00]

ofcourse the devs wont support anything about piracy except GW

 

[amback]

And yet still not any mention on sysnand 9.3+ support :/ for gateway.
or does this mean we will see gateway support for 9.3+?

someone please explain it to me

 

[shinyquagsire23]

And yet still not any mention on sysnand 9.3+ support :/ for gateway

Yeah, that ain't happening, so I wouldn't hold your breath there. The main exploit they used to get anywhere was patched up good.

 

[lemanuel]

And yet still not any mention on sysnand 9.3+ support :/ for gateway.
or does this mean we will see gateway support for 9.3+?

someone please explain it to me

the only thing this can possibly be used for is enabling emunand to work in 9.5 in the N3DS. But it means nothing for sysnand.

 

[shinyquagsire23]

the only thing this can possibly be used for is enabling emunand to work in 9.5 in the N3DS. But it means nothing for sysnand.

Basically this, also they patched the main hole used to for emuNAND (from sysNAND) in 9.5 which was firmlaunch-hax, to 9.5 is still a bit of a wall if it's on your sysNAND at all. 9.3 just patches the main tool used to execute code arbitrarily, although it may be possible to go around this using gsphax. Woudln't hold my breath for it though.

 

[davhuit]

It'll take a while before seeing a game that require 9.5, probably no games during 2015 will require it as games are often developped long before their releases.

Before fixing emunand 9.5 on N3DS, they first have to actually release the exploit anyway xD

 

[Secret Dragoon]

So will this basically allow for unsigned code to be run on 9.5? Will this allow us to get kernel level access?

 

[lemanuel]

So will this basically allow for unsigned code to be run on 9.5? Will this allow us to get kernel level access?

No, it's completely unrelated to that. This doesn't give you code execution.

 

[Secret Dragoon]

So are Gateway users the only ones affected by this then?

I'm pretty slow. Encryption could mean anything.

 

[NicEXE]

But EmuNAND means nothing to me cause I don't have a Gateway

you can have emunand without gateway

 

[Ericss]

This won't get public, don't get your hopes high

So it's yet another case of bragging and no sharing?

 

[ground]

So it's yet another case of bragging and no sharing?

Mweh, with this information people who need the key can getit. If you dont know how to get it touprobably cant use it.

 

[PandaMayFire]

Awesome news, the Nintendo 3DS scene is as pro-active as always, I just wish the PS Vita scene could finally see some action too