Toggle sidebar

Homebrew AES key scrambler

  • Thread starter Thread starter Suiginou
  • Start date Start date
  • Views Views 89,884
  • Replies Replies 455
  • Likes Likes 12
Suiginou said:
Code: 
$ arm-none-eabi-objdump -b binary -m arm -D arm90.bin|wc -l
142684

I'm not sure how fast you can read disassemblies, but one hundred and forty-two thousand instructions mixed with data (plus a few redumps because objdump isn't clever enough to detect switches to Thumb mode) seems like a lot to sift through.

When I have time, I'll instead try:

  1. Encrypt all-0 with keyslot 0x39 as-is. Save that result.
  2. Read ARM9 binary for firmware 9.3. For each offset, read 16 bytes, set those as keyY and see if encrypting all-0 matches the result from before.
  3. Read ARM9 binary for firmware 9.0. For each offset, read 16 bytes, set those as normalkey and see if encrypting all-0 matches the result from before.

EDIT: That plan seems to have failed with the step for the 9.3 keyY already.
Click to expand...

Getting the normalkey from the decrypted firmware would definitely be easier than trying every 16 bytes. And the keyY can probably be obtained from the O3DS 9.3+ firmware.

I'd get this done, but I don't have a N3DS. So I can't decrypt N3DS firmware to get the normalkey.
 
Last edited by windwakr,
windwakr said:
Getting the normalkey from the decrypted firmware would definitely be easier than trying every 16 bytes. And the keyY can probably be obtained from the O3DS 9.3+ firmware.

I'd get this done, but I don't have a N3DS. So I can't decrypt N3DS firmware.
Click to expand...
Trying every 16 bytes failed anyway, and that was the decrypted ARM9 firmware binary.

N3DS NATIVE_FIRM didn't start using N3DS-only crypto before 9.5, so you can decrypt 8.1, 9.0, 9.3 on an O3DS just as well.
 
Suiginou said:
Trying every 16 bytes failed anyway, and that was the decrypted ARM9 firmware binary.

N3DS NATIVE_FIRM didn't start using N3DS-only crypto before 9.5, so you can decrypt 8.1, 9.0, 9.3 on an O3DS just as well.
Click to expand...
No, I'm pretty sure arm9loader has always existed on N3DS. You definitely need a N3DS to decrypt the firmware.

If you open your 'decrypted' firmware in a hex editor, you'll find most of it looks like garbage.
 
Last edited by windwakr,
windwakr said:
If you open your 'decrypted' firmware in a hex editor, you'll find most of it looks like garbage.
Click to expand...

Well shit. That's what the huge block of 0xFF near the beginning meant. Abort mission, I guess.

Oddly enough, hashes checked out:

Code: 
Section 2              
 Type:                  ARM9
 Address:               0x08006000
 Offset:                0x00066A00
 Size:                  0x0008B600
 Hash (GOOD):           6549A292591840F5730C03323F2A0594F3EAE3486ED63D46B79BE309282C593C
 
  • Like
Reactions: Suiginou
@windwakr On a similar note, can you find the 0x25 keyX anywhere in O3Ds NATIVE_FIRM? I can't find it, and given that it's not glaringly obvious, thorough disassembly may be required to even find the NFC keys.
 
Suiginou said:
@windwakr On a similar note, can you find the 0x25 keyX anywhere in O3Ds NATIVE_FIRM? I can't find it, and given that it's not glaringly obvious, thorough disassembly may be required to even find the NFC keys.
Click to expand...
No, 0x25 keyX is not found directly in the firmware. The firmware uses some data on the 3DS to generate that key, then clears the data. Which means you need execution before the firmware clears the data to obtain the keyX for yourself. But since it was leaked anyways, it doesn't really matter.
 
Last edited by windwakr,
  • Like
Reactions: Suiginou
windwakr said:
If I'm reading the rxtools code right:
https://github.com/roxas75/rxTools/blob/master/rxtools/source/features/firm.c#L86
https://github.com/roxas75/rxTools/blob/master/rxtools/source/features/configuration.c#L255

It looks like it might save a decrypted copy of N3DS firm when run on N3DS. If someone's running rxtools on a N3DS, please send me your rxtools folder.
Click to expand...
Wasn't the keyY introduced in 9.3, though? Even if you have the 8.1/9.0 NATIVE_FIRM for the normalkey, the corresponding keyY is missing.
 
windwakr said:
If I'm reading the rxtools code right:
https://github.com/roxas75/rxTools/blob/master/rxtools/source/features/firm.c#L86
https://github.com/roxas75/rxTools/blob/master/rxtools/source/features/configuration.c#L255

It looks like it might save a decrypted copy of N3DS firm when run on N3DS. If someone's running rxtools on a N3DS, please send me your rxtools folder.
Click to expand...

Never mind on this, looks like there's a link to a decrypted copy of N3DS firm here:
https://github.com/Reisyukaku/ReiNand
 
  • Like
Reactions: zecoxao
I have another question. If we use the NFC crypto normalkey and keyY pair to get KeyX and finally C. does anyone know what KeyX we will be getting? there are different ones right? numerous key slots. what also uses that keyslot? if we have the constant, will we beable to solve for other KeyXs if we dont know the resulting normal key?
 
KazoWAR said:
...
if we have the constant, will we beable to solve for other KeyXs if we dont know the resulting normal key?
Click to expand...
I don't think so. AES output reveals nothing about the key. You'd basically have to bruteforce it, which would never ever happen.
The only way to get the other keyXs would be to dump the bootrom.

But hey, at least we have 0x25's keyX. So, decrypting the RomFS of newer O3DS games will be possible straight from your PC.
 
KazoWAR said:
I have another question. If we use the NFC crypto normalkey and keyY pair to get KeyX and finally C. does anyone know what KeyX we will be getting? there are different ones right? numerous key slots. what also uses that keyslot? if we have the constant, will we beable to solve for other KeyXs if we dont know the resulting normal key?
Click to expand...
The keyX we'd get is the keyX of slot 0x39, which is part of the keyX series 0x38-0x3B, which includes BOSS, download play (doesn't really help because of signing), DSiWare exports (keyY is console-unique), NFC and cart crypto.

Once C has been found, as long as you have at least two of keyX/keyY/normalkey, you can always solve relatively easily for the missing one without a physical 3DS. In many cases, you're missing two, however.
 
Last edited by Suiginou,
Suiginou said:
The keyX we'd get is the keyX of slot 0x39, which is part of the keyX series 0x38-0x3B, which includes BOSS, download play (doesn't really help because of signing), DSiWare exports (keyY is console-unique), NFC and cart crypto.

Once C has been found, as long as you have at least two of keyX/keyY/normalkey, you can always solve relatively easily for the missing one without a physical 3DS. In many cases, you're missing two, however.
Click to expand...
OK, so we can decrypt 3ds roms, but what about save data, SD files, or NAND?
 
KazoWAR said:
OK, so we can decrypt 3ds roms, but what about save data, SD files, or NAND?
Click to expand...
Nonsense.

We can only decrypt the RomFS and ExeFS entries that are not "icon" or "banner" of ROMs for fw >= 7.0. This does not include pre-7.0 ROMs or the exheader.

The other things you listed are all missing normalkeys and/or are console-unique.
 
Suiginou said:
Nonsense.

We can only decrypt the RomFS and ExeFS entries that are not "icon" or "banner" of ROMs for fw >= 7.0. This does not include pre-7.0 ROMs or the exheader.

The other things you listed are all missing normalkeys and/or are console-unique.
Click to expand...
OK so then what is the point of this. really? seems like you will still need a 3ds to fully decrpyt a rom so it makes it meaningless.
 
KazoWAR said:
OK so then what is the point of this. really? seems like you will still need a 3ds to fully decrpyt a rom so it makes it meaningless.
Click to expand...
One day(TM), the bootroms will be dumped and the missing keyX/keyY become available and all shall rejoice and sing in joy and praise the overlords that made this possible.

And what kind of scientist needs a "point" to further his or her knowledge?
 
  • Like
Reactions: bkifft and Xenon Hacks
Suiginou said:
Trying every 16 bytes failed anyway, and that was the decrypted ARM9 firmware binary.

N3DS NATIVE_FIRM didn't start using N3DS-only crypto before 9.5, so you can decrypt 8.1, 9.0, 9.3 on an O3DS just as well.
Click to expand...

You need a N3DS with NATIVE_FIRM below 9.5 (9.5 should also work using firmlaunch hack)
 
windwakr said:
--Snip--
Click to expand...
If you're on an exploitable firmware, you may want to setup HBL to load Decrypt9 made by d0k3 to decrypt the CIA content.
Then the decrypted content shares the same Content Index of encrypted ones. Hope you could use that.
Suiginou said:
--Snip--
Click to expand...
May be offtopic but there was a "N3DS 9.5 FIRM slot0x16 keys" leaked that useless before but containing the KeyX,KeyY,CTR.
However this contains no normal key.. hope some guys can write a program to let 3ds compute that out. So you might need to recover a KeyX afterwards.
And for the keyslot0x25 KeyX you might want to look at this page https://www.caitsith2.com/snes/dsp/ around the bottom.

UPDATE::Almost forgot.. I don't know what keys are leaked, and if the normal one is also. Like
Code: 
      Norm  KeyX  KeyY  CTR
0x16  NO    YES   YES   YES
 
Last edited by Syphurith,
  • Like
Reactions: Xenon Hacks

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Hacking  Modding Reassurance