Hacking Finding the 3DS Common Key

[Mbmax]

Too bad the old GBAtemp's topics are gone.
There was a lot of information inside them : http://gbatemp.net/i...howtopic=149267 http://gbatemp.net/i...howtopic=207271

Some content are still available on wayback machine : http://web.archive.org/web/20090527090510/http://gbatemp.net/index.php?showtopic=149267 http://web.archive.o...howtopic=207271

 

[WiiUBricker]

I can guarantee that the DSi common key was also found by at least one other (german) person who is not a member of T_T. However blasty claims that someone has leaked T_T's DSi common key, but proof was never delivered.

 

[SifJar]

I can guarantee that the DSi common key was also found by at least one other (german) person who is not a member of T_T. However blasty claims that someone has leaked T_T's DSi common key, but proof was never delivered.

There was never any proof that the person who released the key was capable of discovering it themselves. In fact, they seemed rather unlikely to be able to do such a thing. They showed very little expertise in the area of hacking.

 

[WiiUBricker]

I can guarantee that the DSi common key was also found by at least one other (german) person who is not a member of T_T. However blasty claims that someone has leaked T_T's DSi common key, but proof was never delivered.

There was never any proof that the person who released the key was capable of discovering it themselves. In fact, they seemed rather unlikely to be able to do such a thing. They showed very little expertise in the area of hacking.

I don't know the person who has released the key over at some spanish forum nor do I know how he/she obtained it.

 

[SifJar]

I don't know the person who has released the key over at some spanish forum nor do I know how he/she obtained it.

That same person posted a few posts here, and even ignoring the understandably broken English, they showed no level of knowledge about what the key even meant. Anyone capable of finding the key themselves would know this information.

Also there is the fact they released the key as a program that required you to enter 42e and then spat out the key.bin file. This is something they saw in the Wii scene and assumed made it legal. They didn't realise that in the case of the Wii common key, the 42e was actually used for generating the key.bin file (so the whole key wasn't distributed), whereas there DSi common key "generator" just made the file after you typed the 42e, not using the input at all. Someone capable of finding the key would either have made the program properly or realised that there is no need to do such a thing because sharing the key is not illegal.

 

[Janthran]

Short answer:
No, you can't brute force it.

Long answer:
Suppose the 3DS key is sixteen bytes long, just like the DSi. That would be 256^16 possible combinations, since each of the sixteen bytes can have 256 possible combinations. Multiply that with a calculator, and that's 340,282,366,920,938,463,463,374,607,431,768,211,456 combinations. Now for sake of arguement, let us suppose that every person in the world each has a quarter of a million dollars to spend on one of these devices, which can test 90,000,000,000 keys per second. Since the world's population is 6,840,507,003 according to Google, then that means we can test 615,645,630,270,000,000,000 keys per second. That would take us 552,724,408,636,999,296 seconds to test every key. Divide that by 60 seconds, and we need 9,212,073,477,283,321 minutes. Divide again by 60, and that would take 153,534,557,954,722 hours. Divide by 24 hours, and we have 6,397,273,248,113 days. Divide that by 365 days, and we have 17,526,776,022 years. The universe is scheduled to last another 4 billion years, since it is currently half way through it's lifespan. So in summary, we would need more than 4 times the time left in our universe.

Therefore, we come to the conclusion that its NOT possible to brute-force the key...

May I ask how you claim to know the exact time our universe has left?

 

[Wizerzak]

Short answer:
No, you can't brute force it.

Long answer:
Suppose the 3DS key is sixteen bytes long, just like the DSi. That would be 256^16 possible combinations, since each of the sixteen bytes can have 256 possible combinations. Multiply that with a calculator, and that's 340,282,366,920,938,463,463,374,607,431,768,211,456 combinations. Now for sake of arguement, let us suppose that every person in the world each has a quarter of a million dollars to spend on one of these devices, which can test 90,000,000,000 keys per second. Since the world's population is 6,840,507,003 according to Google, then that means we can test 615,645,630,270,000,000,000 keys per second. That would take us 552,724,408,636,999,296 seconds to test every key. Divide that by 60 seconds, and we need 9,212,073,477,283,321 minutes. Divide again by 60, and that would take 153,534,557,954,722 hours. Divide by 24 hours, and we have 6,397,273,248,113 days. Divide that by 365 days, and we have 17,526,776,022 years. The universe is scheduled to last another 4 billion years, since it is currently half way through it's lifespan. So in summary, we would need more than 4 times the time left in our universe.

Therefore, we come to the conclusion that its NOT possible to brute-force the key...

Except that:
1) I doubt the universe has 4 milliard years left
2) People will (hopefully) have quantum computers not too far (ok, quite a while left yet) into the future will be able to brute-force a LOT faster than computers currently.

 

[SifJar]

May I ask how you claim to know the exact time our universe has left?

I am fairly sure he was actually thinking of the sun, which scientists believe to be about 4.5 billion years through it's 9 billion year cycle. This is deduced from observing many, many other similarly sized stars at various points during their cycles, allowing estimation of both the total time of the cycle and also the amount of time a particular star is through said cycle. Of course, no one has been around for the full cycle of any star, so it's largely estimation and calculation, rather than observation. But when the Sun dies, the Earth will almost certainly be eradicated also.

 

[Janthran]

May I ask how you claim to know the exact time our universe has left?

I am fairly sure he was actually thinking of the sun, which scientists believe to be about 4.5 billion years through it's 9 billion year cycle. This is deduced from observing many, many other similarly sized stars at various points during their cycles, allowing estimation of both the total time of the cycle and also the amount of time a particular star is through said cycle. Of course, no one has been around for the full cycle of any star, so it's largely estimation and calculation, rather than observation. But when the Sun dies, the Earth will almost certainly be eradicated also.

The fact that nobody has a sample of anything from the sun would kinda point in a different direction..
Also, the earth is not the universe. That is all, we should get back on topic.

 

[SifJar]

May I ask how you claim to know the exact time our universe has left?

I am fairly sure he was actually thinking of the sun, which scientists believe to be about 4.5 billion years through it's 9 billion year cycle. This is deduced from observing many, many other similarly sized stars at various points during their cycles, allowing estimation of both the total time of the cycle and also the amount of time a particular star is through said cycle. Of course, no one has been around for the full cycle of any star, so it's largely estimation and calculation, rather than observation. But when the Sun dies, the Earth will almost certainly be eradicated also.

The fact that nobody has a sample of anything from the sun would kinda point in a different direction..
Also, the earth is not the universe. That is all, we should get back on topic.

I know. Like I said, he was wrong and it is not the universe.

And we are surrounded by "something from the sun" - that thing called light. Gets everywhere in my experiences...

Finally that "we should get back on topic" is a bit rich coming from you, seeing as all this "off topic" stuff was from your post. You asked a question and I was trying to answer it.

 

[ichichfly]

So theoretically, how do I know if this program does find the key?

If it worked this should appear

Common Key:
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX Title Key:
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
Key written to /dsikey.bin. DO NOT CLOSE THIS UNTIL YOU CAN VERIFY FILE INTEGRIT
Y.

Verifying entire file...
SHA-1 test matches
Done - 202005652 Operation

@ichichfly I think there's something wrong with your code:
1) contsha1 is different from the one calculated on the tmd file.
2) You're using the same decfirstbytes (First bytes of the decripted content) of the dsi bruteforcer.
2.1) How can we know what are the first bytes of the decrypted content if we don't have it?
3) You're not using decfirstbytes at all, you're comparing the sha1 of the content decrypted with the current key with the contsha1, that it's a part of the tmd, how do you know it's the sha1 of the decrypted content?

Hope I'm wrong and your program works.
P.S. Remove the secure mode, it only tests the keys starting with 1.

1. I use the contsha1 (sha256) from the tmd

for (int i = 0; i < 0x20; i++)
{
contsha1[i] = tmd[0xB14 + i];
}

2. I don't use the decfirstbytes
2.1 Read it from the nand of a 3DS
3. http://www.3dbrew.org/wiki/TMD

 

[Rapper_skull]

1. I use the contsha1 (sha256) from the tmd

for (int i = 0; i < 0x20; i++)
{
contsha1[i] = tmd[0xB14 + i];
}

2. I don't use the decfirstbytes
2.1 Read it from the nand of a 3DS
3. http://www.3dbrew.org/wiki/TMD

 

[leseratte]

This hack program doesn't work. Somebody in the german Wii-Homebrew-Forum found the key, and it doesn't work: http://forum.wii-homebrew.com/board200-ds-homebrew-area/board7-ds-dsi-3ds-homebrew/p456393-bruteforce-versuch-aes-decrypter/#post456393

 

[Rydian]

Translation?

 

[leseratte]

The tool he used found a key, and he has asked some experts from here (I don't know who) and they said that is the wrong key and it won't work.

Sorry for my bad English, I'm German.

 

[ken28]

mostlikely he was on the 3ds dev irc channel and asked neimod and co^^

 

[ichichfly]

OK I have found some bug the second IV is wrong. I don't think I update the Application. It cause way to much trouble and I am not sure if the 3DS Handel things the same way the dsi did (as I said before I am only 50% certain).


ADD: I am not 100% certain but the old Version should not be able to find any key.

 

[hanfhase]

soooo just say someone gets the commonkey what do you do with it?

 

[ichichfly]

soooo just say someone gets the commonkey what do you do with it?

the commonkey can be used to decrypt parts of the 3DS software from the nin update server

 

[nukeboy95]

soooo just say someone gets the commonkey what do you do with it?

the commonkey can be used to decrypt parts of the 3DS software from the nin update server

once we find it cant nintendo just update the system and change the key