Toggle sidebar

Homebrew AES key scrambler

  • Thread starter Thread starter Suiginou
  • Start date Start date
  • Views Views 89,911
  • Replies Replies 455
  • Likes Likes 12
The Real Jdbye said:
KeyX is set by Arm9Loader and KeyY is set by NATIVE_FIRM, so I guess you are right since KeyX is probably already cleared by the time arm9loaderhax runs. If we could get the normal key somehow it would be possible, but that's probably not going to happen any time soon.
Click to expand...
These keys are generated with Key #2 and you overwrute Key #2 with a garbage key to exploit this. So, while the keys are still set in the keyslots, you can't use themp, because they are garbage.
If you use memchunkhax2+ntrcardhax on sysNAND 9.6+, you will be able to use the keys (are they are set in keyslots), but not to know their values. Plus Nintendo will probably change the keys soon.
 
motezazer said:
Plus Nintendo will probably change the keys soon.
Click to expand...
and when nintendo change the keys, we will have to wait and do all of this stuff again? would it be harder, or just the same more work? i mean... if whatever made n3ds emunand 9.5+ so difficult, can't they just do that again, but... better/more?

-- stuff like cryptofix new games for n3ds, that will get worse/more complex?
 
Last edited by cearp,
cearp said:
and when nintendo change the keys, we will have to wait and do all of this stuff again? would it be harder, or just the same more work? i mean... if whatever made n3ds emunand 9.5+ so difficult, can't they just do that again, but... better/more?
Click to expand...
Currently to use emuNAND 9.6+ you have to have a sysNAND 9.6+ and to exploit memchunkhax2+ntrcardhax. (To USE it.)
They fix ntrcardhax and they change the keys: you can't have emuNAND 10.4+
 
  • Like
Reactions: uyjulian and cearp
motezazer said:
Currently to use emuNAND 9.6+ you have to have a sysNAND 9.6+ and to exploit memchunkhax2+ntrcardhax. (To USE it.)
They fix ntrcardhax and they change the keys: you can't have emuNAND 10.4+
Click to expand...
But that's for N3DS, since O3DS can use Emunand 10.3 (atm) on sysnand 9.2? (not saying that 10.4 will work on O3DS if they fix the ntrcardhax and change keys (if for now, we all know Nintendo, sometimes there thinking in a very wierd way!))
 
motezazer said:
Currently to use emuNAND 9.6+ you have to have a sysNAND 9.6+ and to exploit memchunkhax2+ntrcardhax. (To USE it.)
They fix ntrcardhax and they change the keys: you can't have emuNAND 10.4+
Click to expand...
Couldn't someone just dump the NAND 0x12c00 sector, firmlaunch into a modified 9.6 NATIVE_FIRM that doesn't do the keyslot cleanup, generate a xorpad from there to decrypt the 0x12c00 sector and thus be able to decrypt 9.6+ firmwares?

I'm not too hot into N3DS stuff.
 
DjoeN said:
But that's for N3DS, since O3DS can use Emunand 10.3 (atm) on sysnand 9.2? (not saying that 10.4 will work on O3DS if they fix the ntrcardhax and change keys (if for now, we all know Nintendo))
Click to expand...
Of course that's for N3DS, I'm not sure that Nintendo could ever block emuNAND on O3DS.

--------------------- MERGED ---------------------------

Suiginou said:
Couldn't someone just dump the NAND 0x12c00 sector, firmlaunch into a modified 9.6 NATIVE_FIRM that doesn't do the keyslot cleanup, generate a xorpad from there to decrypt the 0x12c00 sector and thus be able to decrypt 9.6+ firmwares?

I'm not too hot into N3DS stuff.
Click to expand...
No, the OTP are locked. :p
 
How come nintendo only put the extra encryption on N3DS? It's successfully locked us out of 9.6 emunand so far, so it'd make sense to do it on o3DS, unless it requires new hardware that is N3DS exclusive?
 
froggestspirit said:
How come nintendo only put the extra encryption on N3DS? It's successfully locked us out of 9.6 emunand so far, so it'd make sense to do it on o3DS, unless it requires new hardware that is N3DS exclusive?
Click to expand...
It requires to install a special per-console sector on NAND.
Plus on O3DS a vulnerability could allow us to break it in a few minutes.
 
  • Like
Reactions: froggestspirit
Xenon Hacks said:
Soooooo couldnt someone run Sysupdater on an O3DS on and downgrade to abuse the flaw? Or is there no complete 3.0 backup anywhere?
Click to expand...
Not on THAT iso site. This issue was you couldnt run a browser or Cubic before 4.5(afaik) so no dumps exist yet.

But. In theory. Someone with a 3DS hardmodded on 2.x could do a nand dump on 2,x then upgrade to 4.5 and decrypt their 2.x nand dump.
 
OctopusRift said:
Not on THAT iso site. This issue was you couldnt run a browser or Cubic before 4.5(afaik) so no dumps exist yet.

But. In theory. Someone with a 3DS hardmodded on 2.x could do a nand dump on 2,x then upgrade to 4.5 and decrypt their 2.x nand dump.
Click to expand...
ROP for 1.0 cubic ninja exists, but i digress. Also OTP is per console so you'd need to half-boot your n3ds somehow into 3x and obtain OTP. Or try the various other seemingly unlikely methods.
 
  • Like
Reactions: Syphurith and Xenon Hacks
Reisyukaku said:
ROP for 1.0 cubic ninja exists, but i digress. Also OTP is per console so you'd need to half-boot your n3ds somehow into 3x and obtain OTP. Or try the various other seemingly unlikely methods.
Click to expand...
2.X, not 3.X
And O3DS ARM11 kernel would panic, because of the new hardware.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Website for finding alternative games for 3DS

Hardware  2 Broken 3DSes, need help

Gaming  any good rpgs on 3ds?

Hacking  Modding Reassurance