Toggle sidebar

Homebrew AES key scrambler

  • Thread starter Thread starter Suiginou
  • Start date Start date
  • Views Views 89,887
  • Replies Replies 455
  • Likes Likes 12
Suiginou said:
Trying every 16 bytes failed anyway, and that was the decrypted ARM9 firmware binary.

N3DS NATIVE_FIRM didn't start using N3DS-only crypto before 9.5, so you can decrypt 8.1, 9.0, 9.3 on an O3DS just as well.
Click to expand...
I'm fairly certain you should be checking the 8.1 NFC service, not the ARM9 firmware. They did say Nintendo left the normal key in NFC, no?
 
  • Like
Reactions: Xenon Hacks
  • Like
Reactions: windwakr
I and someone else managed to reproduce the key scrambler attack, and acquired the constant C and the keyX for slot 0x38-0x3B (they all use the same keyX). 0x39 was the one we attacked, yes.

The final formula is:
k = (((x <<< 2) ^ y) + C) <<< 87

The math is all done as unsigned 128-bit integers in big-endian format. <<< denotes left rotation.

Have fun =^-^=
 
  • Like
Reactions: Quantumcat, cearp, piratesephiroth and 10 others
Myria said:
I and someone else managed to reproduce the key scrambler attack, and acquired the constant C and the keyX for slot 0x38-0x3B (they all use the same keyX). 0x39 was the one we attacked, yes.

The final formula is:
k = (((x <<< 2) ^ y) + C) <<< 87

The math is all done as unsigned 128-bit integers in big-endian format. <<< denotes left rotation.

Have fun =^-^=
Click to expand...
I LOVE YOU YOU SWEAT BASTARD I COULD KISS YOU NOW IF I COULD :wub::wub::wub:
 
  • Like
Reactions: Deleted User
Myria said:
I and someone else managed to reproduce the key scrambler attack, and acquired the constant C and the keyX for slot 0x38-0x3B (they all use the same keyX). 0x39 was the one we attacked, yes.

The final formula is:
k = (((x <<< 2) ^ y) + C) <<< 87

The math is all done as unsigned 128-bit integers in big-endian format. <<< denotes left rotation.

Have fun =^-^=
Click to expand...
The rotation is just a basic (assuming it's only one rotation)

Original:
100000

Shifted 1 to the left:
000001

Right?
 
Myria said:
I and someone else managed to reproduce the key scrambler attack, and acquired the constant C and the keyX for slot 0x38-0x3B (they all use the same keyX). 0x39 was the one we attacked, yes.

The final formula is:
k = (((x <<< 2) ^ y) + C) <<< 87

The math is all done as unsigned 128-bit integers in big-endian format. <<< denotes left rotation.

Have fun =^-^=
Click to expand...
Sorry for bothering, I'd like to understand what you can do with this stuff now: is it needed for arm9hax?
 
So, we have the keyY and that formula -> we get keyX -> we get C -> key scrambler is not a problem anymore -> arm9hax. Am I missing anything?
 
  • Like
Reactions: Xenon Hacks
and what about the arm9 payload described by the third guy (plutoo or derrek?) that would make coldboot possible?
 
dark_samus3 said:
It can be used to get KeyX for keyslots
Click to expand...

Only keyslots 0x38-0x3B, because Nintendo leaked the corresponding normal-key to keyslot 0x39. You need the normal-key and either keyX or keyY in order to figure out the other. (Keyslots 0x38, 0x3A and 0x3B are broken just because boot ROM sets all four keyslots' keyX to the same value.)

dark_samus3 said:
How does that give us arm9? It just lets us decrypt stuff on PC
Click to expand...

It doesn't even let us decrypt on PC for the most part. Now the problem is that because boot ROM isn't dumped, we don't know the keyX for keyslot 0x2C, a critical keyslot for NCCH decryption.

I suppose that this *does* allow decryption of Amiibos on PC, then, but that can be done with just the normal-key Nintendo leaked.

The formula I gave above is very generic. You'll still have to do the exploit if you actually want to find C and the 0x39 keyX.
 
  • Like
Reactions: kiwiis
Myria said:
I and someone else managed to reproduce the key scrambler attack, and acquired the constant C and the keyX for slot 0x38-0x3B (they all use the same keyX). 0x39 was the one we attacked, yes.

The final formula is:
k = (((x <<< 2) ^ y) + C) <<< 87

The math is all done as unsigned 128-bit integers in big-endian format. <<< denotes left rotation.

Have fun =^-^=
Click to expand...

We've known that since plutoo's presentation, see windwakr's post earlier in this thread. The rest of this thread has been finding C for the rest of the world that isn't you or plutoo.

windwakr said:
Turns out this contains firmware 9.3. So, it's useless. Needs to be <9.3.
Click to expand...

Partially useless, unless you've located the key in O3DS NATIVE_FIRM already. And it should contain 9.5, not just 9.3.

Wish I had a N3DS so I could do this myself.
Click to expand...

I'll see what I can dig up.
 
Last edited by Suiginou,
Myria said:
I and someone else managed to reproduce the key scrambler attack, and acquired the constant C and the keyX for slot 0x38-0x3B (they all use the same keyX). 0x39 was the one we attacked, yes.

The final formula is:

k = (((x <<< 2) ^ y) + C) <<< 87

The math is all done as unsigned 128-bit integers in big-endian format. <<< denotes left rotation.

Have fun =^-^=
Click to expand...

Wow, you gave us the formula that was in the slides!

Seriously, I found the normal key, but I have some trouble to find the KeyY.
 
  • Like
Reactions: piratesephiroth, Suiginou and Vappy
Myria said:
Only keyslots 0x38-0x3B, because Nintendo leaked the corresponding normal-key to keyslot 0x39. You need the normal-key and either keyX or keyY in order to figure out the other. (Keyslots 0x38, 0x3A and 0x3B are broken just because boot ROM sets all four keyslots' keyX to the same value.)



It doesn't even let us decrypt on PC for the most part. Now the problem is that because boot ROM isn't dumped, we don't know the keyX for keyslot 0x2C, a critical keyslot for NCCH decryption.

I suppose that this *does* allow decryption of Amiibos on PC, then, but that can be done with just the normal-key Nintendo leaked.

The formula I gave above is very generic. You'll still have to do the exploit if you actually want to find C and the 0x39 keyX.
Click to expand...

Do you mean the memchunkhax2 to gain ARM11 kernel on new firmwares? Is it just a matter of calculations and we'll eventually get the keyY or something is still missing?
 
Myria said:
Only keyslots 0x38-0x3B, because Nintendo leaked the corresponding normal-key to keyslot 0x39. You need the normal-key and either keyX or keyY in order to figure out the other. (Keyslots 0x38, 0x3A and 0x3B are broken just because boot ROM sets all four keyslots' keyX to the same value.)
Click to expand...
Side note: as 0x3B is broken, anyone can make a Sky3DS clone...
 
  • Like
Reactions: Xenon Hacks

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Gaming  any good rpgs on 3ds?

Hardware  2 Broken 3DSes, need help

Hacking  Modding Reassurance