Toggle sidebar

Hacking Finding the 3DS Common Key

Just an idea...
Would be possible to make some thing like a pool where all the comunity tests the keys with cpu and gpu like the bitcoin does?

-Ismaw34
 
Dyreath said:
All we need to do is solve P vs NP and we could find the number instantaniously.
Click to expand...
Solving P vs NP wouldn't necessarily help, in order to break this you would need to prove that P=NP, and if anybody did, we would have way more serious concerns than the 3DS common key (like the fact that all asymmetric cryptography would be broken). Most in the field believe that likely P =/= NP, but nobody has a proof.

Ismaw34 said:
Would be possible to make some thing like a pool where all the comunity tests the keys with cpu and gpu like the bitcoin does?
Click to expand...
No. We will NEVER brute force the key. We will NEVER figure out the key by having plaintext and cryptotext and comparing. We MIGHT (really unlikely here) find the key by assuming that nintendo made a mistake somewhere in their crypto algorithms, and algebraically reversing it (this is how the PS3 private key was found), but this is extremely unlikely. Most likely, somebody will figure out how to run unsigned code and dump dump the key. I actually speculate that the Gateway people (who can in fact run unsigned code as seen in version two of their software) actually have the common key.
 
I actually speculate that the Gateway people (who can in fact run unsigned code as seen in version two of their software) actually have the common key.
Click to expand...

The common key wouldn't be required to run homebrew (which is technically what the "Gateway mode" launcher is, anyway).

Nice necro, btw.
 
  • Like
Reactions: Boy12
Supercool330 said:
Solving P vs NP wouldn't necessarily help, in order to break this you would need to prove that P=NP, and if anybody did, we would have way more serious concerns than the 3DS common key (like the fact that all asymmetric cryptography would be broken). Most in the field believe that likely P =/= NP, but nobody has a proof.


No. We will NEVER brute force the key. We will NEVER figure out the key by having plaintext and cryptotext and comparing. We MIGHT (really unlikely here) find the key by assuming that nintendo made a mistake somewhere in their crypto algorithms, and algebraically reversing it (this is how the PS3 private key was found), but this is extremely unlikely. Most likely, somebody will figure out how to run unsigned code and dump dump the key. I actually speculate that the Gateway people (who can in fact run unsigned code as seen in version two of their software) actually have the common key.
Click to expand...

Did you really have to bump a year old thread?
 
Listen, everyone.
All you need is one billion of super-computers capable of doing one billion of unique keys every second each. Look for 999999999 other people with a supercomputer willing to do this with you, and you will find a key in less than a year!
 
Just curious, y'all keep mentioning using "brute force" attacks to find the common key. You assume a super computer generates 50,000 keys every second. I am not aware of how you would use the brute force attack against the 3DS, but I use to mine bitcoins on my graphics card, it would reach up to 200 million hashes every second. If you would use the same method, then it wouldn't take "as long" as stated. It may take a long time, but not "as long" as stated.

Correct me if I'm wrong or just being ridiculous.
 
Not this shit again... P =? NP problem is totally unrelated to main 3DS crypto, which is symmetric and doesn't rely on hard to invert functions.
 
Oh shit, totally didn't mean to necro. I didn't notice this was a dead thread, got here through el goog XP. And the common key does mater, it is what would allow us to decrypt games and extract assets (such as figuring out what the event Pokemon are in x and y). It is very helpful in creating homebrew, as otherwise you have no way to decrypt binaries and find an exploit, or figure out how they make system calls, however it is not strictly necessary. If the gateway people don't have some way of getting decrypted binaries (either by using the key, or dumping them from memory once they are loaded) I would be very very impressed though.
 
Supercool330 said:
Oh shit, totally didn't mean to necro. I didn't notice this was a dead thread, got here through el goog XP. And the common key does mater, it is what would allow us to decrypt games and extract assets (such as figuring out what the event Pokemon are in x and y). It is very helpful in creating homebrew, as otherwise you have no way to decrypt binaries and find an exploit, or figure out how they make system calls, however it is not strictly necessary. If the gateway people don't have some way of getting decrypted binaries (either by using the key, or dumping them from memory once they are loaded) I would be very very impressed though.
Click to expand...
You lack a fundamental understanding of how and why the common key (in the context of the 3DS) is used. The mechanism which hides the assets and game code from prying eyes is a completely separate mechanism to which the common key is used in. The common key is used to protect 3DS files in transit, like when you download system updates or eShop games. Removing that layer of protection will not yield you any game assets or code.
 
3DSGuy said:
You lack a fundamental understanding of how and why the common key (in the context of the 3DS) is used. The mechanism which hides the assets and game code from prying eyes is a completely separate mechanism to which the common key is used in. The common key is used to protect 3DS files in transit, like when you download system updates or eShop games. Removing that layer of protection will not yield you any game assets or code.
Click to expand...
I know the 3DS uses various AES block modes for most of it's encryption, but I assumed that the firmware binaries were encrypted with asymmetric keys. Do they use AES to encrypt everything and then just use RSA for signing? I mean at some point, there is some asymmetric cryptography going on, otherwise if you got the keys you could sign and encrypt arbitrary code. Regardless, even if the asymmetric keys aren't used for encryption, there is some common key which is used to decrypt game content (admittedly, this key is almost certainly stored encrypted by a console specific key), and there is some sort of key used to load the first encrypted binaries during system initialization (either common asymmetric, or console specific symmetric so that the console could encrypt the binaries). Evidence indicates that the gateway people have been successful in decrypting binaries (otherwise it would be virtually impossible for them to create their own which interact with the system firmware), and the custom firmware that has sprung up has to have been created from decrypted firmware. Somebody, somewhere has broken the chain at some level, and gotten some of the keys (symmetric, asymmetric doesn't matter). They may have only been able to dump the console specific keys, which would still be amazing, but not as awesome; but likely, if they had access to some of the keys, they had access to common key used to decrypt games (again not claiming that this is symmetric or asymmetric, doesn't really matter, unless the games are symmetrically signed which would be asinine to the point of insanity). As game cartridges can't be per console encrypted (I suppose they could be, but the dumped roms definitely aren't since they can be used on more than one system), there must be some common key capable of decrypting their contents.
 
Supercool330 said:
I know the 3DS uses various AES block modes for most of it's encryption, but I assumed that the firmware binaries were encrypted with asymmetric keys. Do they use AES to encrypt everything and then just use RSA for signing? I mean at some point, there is some asymmetric cryptography going on, otherwise if you got the keys you could sign and encrypt arbitrary code. Regardless, even if the asymmetric keys aren't used for encryption, there is some common key which is used to decrypt game content (admittedly, this key is almost certainly stored encrypted by a console specific key), and there is some sort of key used to load the first encrypted binaries during system initialization (either common asymmetric, or console specific symmetric so that the console could encrypt the binaries). Evidence indicates that the gateway people have been successful in decrypting binaries (otherwise it would be virtually impossible for them to create their own which interact with the system firmware), and the custom firmware that has sprung up has to have been created from decrypted firmware. Somebody, somewhere has broken the chain at some level, and gotten some of the keys (symmetric, asymmetric doesn't matter). They may have only been able to dump the console specific keys, which would still be amazing, but not as awesome; but likely, if they had access to some of the keys, they had access to common key used to decrypt games (again not claiming that this is symmetric or asymmetric, doesn't really matter, unless the games are symmetrically signed which would be asinine to the point of insanity). As game cartridges can't be per console encrypted (I suppose they could be, but the dumped roms definitely aren't since they can be used on more than one system), there must be some common key capable of decrypting their contents.
Click to expand...
Oh you mean, a common key, not the common key. This thread is about finding the common key, a key which has kept it's name sake since the Wii was hacked. When I said different mechanisms, I meant separate, as in, they don't overlap, keys from one mechanism aren't used with the other. You are right AES is used for en/decrypting, and RSA is used for signing.


there is some common key which is used to decrypt game content (admittedly, this key is almost certainly stored encrypted by a console specific key)
Click to expand...
Unlike the Wii & DSi, the 3DS's AES Engine has a hardware key scrambler which outputs unscrambled keys to it's own internal buffer, which is accessible as "write-only" for everything else. So yes "keys" are stored in various binaries, but they are scrambled. And in addition, the key scrambling method, actually takes two parts to generate a final key. This allows Nintendo to keep one part of a scrambled key stored in the 3DS, and the other part calculated from the NCCH header of binary. Which essentially makes each every binary encrypted with a different key. So there isn't a common key like you'd expect, and it's no where near as useful by it self.

Somebody, somewhere has broken the chain at some level, and gotten some of the keys
Click to expand...
RAMHAXX was used, that literally attached an emulated RAM chip to a 3DS and get decrypted binaries as they were loaded into memory. No unscrambled keys required there.
 
  • Like
Reactions: pelago

Site & Scene News

Go to forum More news

Popular threads in this forum

Why did the price of 3ds shoot up ?

Hacking Homebrew Project  BlazerTube - a YouTube 3DS revival using the REAL app!

Problems getting Homebrew to appear outside of the Homebrew Launcher (homebrew won't appear on the HOME menu)

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Website for finding alternative games for 3DS

Gaming  any good rpgs on 3ds?

Hardware  2 Broken 3DSes, need help

Hacking  Modding Reassurance