Lol they aren't dumpable, you're right, so we solve the hardware scrambler and then you can figure the keys out instead if dumping them
You can't solve for two unknowns. You don't have a normal key or a way to dump a normal key for a given keyY.
Lol they aren't dumpable, you're right, so we solve the hardware scrambler and then you can figure the keys out instead if dumping them
Like I said, you can make a Sky3DS clone with that currently. And sniff Download Play traffic.PSA: I don't think what we're doing has any real practical use whatsoever. This is just nerd science for the sake of knowledge for the time being.
Until we get bootrom dumps (if ever...), it will likely stay this way.
This means Sky3DS has already got those keys?
Kernel exploits won't reveal the keys. Maybe a bootrom dump.This means Sky3DS has already got those keys?
Also, couldn't you use memchunkhax to gain ARM11 kernel access and dump the keys you need? Do you have to necessarily exploit ARM9?
Nobody knows. It's an unsolved mystery. Yellows8 supposedly has done it, but we're never gonna see him reveal how he pulled that off.And how can you dump the bootrom?
Well. No one has released the bootrom so... we wait.What about the third guy (derrek, if I'm not wrong)? He explained something about keys and bootrom, wasn't there anything useful? What's the point of what he said, then?
No. It's extremely unlikely that any major entity will release it. If we wait we'll stall indefinitely.Well. No one has released the bootrom so... we wait.
Yeah. Unless FirmX gets cracked.No. It's extremely unlikely that any major entity will release it. If we wait we'll stall indefinitely.
Sorry, but I fail to find an answer to my question in your reply.Well. No one has released the bootrom so... we wait.
More information about the bootrom. They have access. They want to let us know.Sorry, but I fail to find an answer to my question in your reply.
"wasn't there anything useful (in what derrek said)? What's the point of what he said, then?"
I remember it being mentioned, but can't remember in detail.Sorry, but I fail to find an answer to my question in your reply.
"wasn't there anything useful (in what derrek said)? What's the point of what he said, then?"
Eh.. Could anyone tell me what the CTR with the KeyX/KeyY is for, then?
There isn't a place for it in the algorithm listed, and i fear no place for it in normal AES-CTR decryption with PC software.
If you can calculate two C out of the different keyslots, please tell me if they are the same.
Also as you might already know, that CTR is set when you need the xorpads, see decrypt9.
At the talk they showed how to do it, you can encrypt something with all 0's with a KeyY and unknown corresponding KeyX, then flip bits in KeyY and you can determine KeyX from that, then you only have one unknown which you can solve forYou can't solve for two unknowns. You don't have a normal key or a way to dump a normal key for a given keyY.
At the talk they showed how to do it, you can encrypt something with all 0's with a KeyY and unknown corresponding KeyX, then flip bits in KeyY and you can determine KeyX from that, then you only have one unknown which you can solve for