Homebrew AES key scrambler

[Dazzozo]

Ok, I didn't know that, this seemed like an obvious thing to do, given that it's cleared by Kernel9, as you run code earlier, you can just read the actual OTP hash used in the decryption of the nand keystore.

Sure you didn't just look at 3dbrew recent changes?

--------------------- MERGED ---------------------------

Besides, that attack is far harder to pull off than downgrading to use the 2.X OTP flaw.

 

[mathieulh]

Sure you didn't just look at 3dbrew recent changes?

Not since this morning, I am about to check now xD

--------------------- MERGED ---------------------------

Besides, that attack is far harder to pull off than downgrading to use the 2.X OTP flaw.

Hum... seems easier to me, as the NAND requires "invasive" changes to run the older FIRM and the NCSD header is signed.

UPDATE: You are right, it was recently added to 3dbrew xD
That's a very interesting read by the way.

 

[Dazzozo]

Not since this morning, I am about to check now xD

--------------------- MERGED ---------------------------



Hum... seems easier to me, as the NAND requires "invasive" changes to run the older FIRM and the NCSD header is signed.

Well that sure sounds like you don't know what you're talking about.

 

[mathieulh]

Well that sure sounds like you don't know what you're talking about.

Well, talking about 3dbrew (since I am currently there)

https://3dbrew.org/wiki/Flash_Filesystem#NAND_structure
https://3dbrew.org/wiki/NCSD

Nothing beats actual documentation.

 

[runetoonxx2]

Woot rxtools 3.0 alpha 0 out

--------------------- MERGED ---------------------------

https://github.com/roxas75/rxTools/releases

 

[RednaxelaNnamtra]

I added the slot0x11key9.6.bin generation to my key generator.
Don't know if its the best name for the key.

 

[night_hawk]

Woot rxtools 3.0 alpha 0 out

--------------------- MERGED ---------------------------

https://github.com/roxas75/rxTools/releases

Yes...released on 11 july 2015... -.-'

 

[Ripper00420]

Yes...released on 11 july 2015... -.-'

LOL!!!! Roasted em.....

 

[zecoxao]

couple more keys added in Rei's googlesheet. Including 0x0B ncch flag key (which i was interested in)

 

[Xenon Hacks]

Question about OTP is there a way to dump your console's key from your own Nand dump? Also let's say it can be done what fun things could one do on a N3DS or is there something deeper than that on boot?

 

[zecoxao]

Question about OTP is there a way to dump your console's key from your own Nand dump? Also let's say it can be done what fun things could one do on a N3DS or is there something deeper than that on boot?

nand dump shouldn't contain perconsole keys, i think. if you dump the otp with the kernel 9 flaw documented on wiki, however, you can easily decrypt your nand

 

[zoogie]

Well the fruits of this labor are emerging.
https://github.com/delebile/arm9loaderhax/

(and yes I struggled google-fuing a relevant thread lol)

 

[SomeGamer]

Well the fruits of this labor are emerging.
https://github.com/delebile/arm9loaderhax/

(and yes I struggled google-fuing a relevant thread lol)

What does this mean? Should I update to 9.6? (Now on 9.2)

 

[FR0ZN]

What does this mean? Should I update to 9.6? (Now on 9.2)

UPDATE TO 8475.3 WHILE YOU STILL CAN !!!!!!!!!!!!!!!!!!!!!!!!

j/k m8, why would you update to 9.6 ???
It even says in the readme on which version you should stay if you want the good shit.

 

[zoogie]

What does this mean? Should I update to 9.6? (Now on 9.2)

Nooooo, stay where you're at for now.

 

[SomeGamer]

UPDATE TO 8475.3 WHILE YOU STILL CAN !!!!!!!!!!!!!!!!!!!!!!!!

j/k m8, why would you update to 9.6 ???
It even says in the readme on which version you should stay if you want the good shit.

Nooooo, stay where you're at for now.

Thanks and sorry, I just realized there is a view all of Readme button .

 

[Suiginou]

Well the fruits of this labor are emerging.
https://github.com/delebile/arm9loaderhax/

(and yes I struggled google-fuing a relevant thread lol)

Oh shit. Things are on fire now. At a quick glance, it seems to read 0x4000 bytes from NAND 0x0B800000 (stage1, i.e., this code must fit into the size difference of firm0/firm1) into address 0x08006000. That one then does some weird magic with ARM11, loads sd:/arm9loaderhax.bin into 0x23F00000 and jumps there.

 

[Psi-hate]

Judging by the readme, all we need is our own OTP.bin? I'm sure the other setup files are obtainable online from the looks of it. (Unless we need to get our own console NATIVE_FIRMs and keys). If you can downgrade and dump your OTP.BIN then is it possible to find the other setup files online and build the hax from there?

 

[Suiginou]

Judging by the readme, all we need is our own OTP.bin? I'm sure the other setup files are obtainable online from the looks of it (unless we need to dump our own Native _Firms). If you can downgrade and dump your OTP.BIN then is it possible to find the other setup files online and build the hax from there?

Yep, the other firmware things should all still be on the CDN. OTP dumping is super hard currently, though. The downgrade effectively requires a hardmod on N3DS. On O3DS, you'll still have a bad time finding a 2.1 dump with browser (if you want to ARM9 from browser; else you can just use cubic ninja).

 

[Psi-hate]

Yep, the other firmware things should all still be on the CDN. OTP dumping is super hard currently, though. The downgrade effectively requires a hardmod on N3DS. On O3DS, you'll still have a bad time finding a 2.1 dump with browser (if you want to ARM9 from browser; else you can just use cubic ninja).

If N3DS requires a hardmod, I may as well get it done sooner than later. Also, how would someone get the downgraded N3DS to run in the first place? I haven't seen anyone explain that yet.