On 3dbrew: "ARM9/ARM11 bootrom vectors point at unitialized RAM" claims there is a theory that will allow injecting custom code to dump the bootrom. With the ability to run code through this hardware exploit, will it be possible to dump the keys if this theory actually gets successfully proven? I remember Wulfy saying that if it works, that it won't be fixable without a new 3ds model without said exploit. Would that mean we'd always have the keys available?
Well yeah, if you could pull that off you could get at literally every key since you'd know the ones set in bootrom (and have the entire OTP area, and other things). However like a lot of exploits on there, it's more of a theory and hasn't been tested (and for what it's worth, we haven't done it either, and others have tried). In theory, there's definitely a way. Actually executing it is near impossible though without extremely precise equipment.
Well I'll applaud those who try it. It could really help out with emunand. Plus if the bootrom was dumped, what else could we do with it? Would it allow coldbooting custom software or extra services?
IF the bootrom was dumped we would understand better how the 3DS boot and how it handles the crypto and all these stuff, aside from dumping keys, i don't see how useful dumping the bootrom would be for unsigned software/homebrew/piracy. We would have the keys and know better how the console works, nothing more than that.
Okay. That's good. I just wonder what you would need in order to be able to run custom software right off of cold boot. (Maybe the ability of signing things is needed.) I suppose the PSP's method of cold booting CFW won't apply here or is everything signed there too?
What happend on PSP is that Sony fucked up with the ECDSA on the PS3, and somehow someone got the private key of PSP using the PS3, so everybody have the ability to sign software for the PSP, now, with the 3DS, Nintendo are using RSA, with are not vunerable to the ECDSA shit from Sony, so we would need the Nintendo Private Key to sign software/containers/firms with means that an internal Nintendo leak would have to happen, if they didn't fucked up with anything on their signature checks, it's impossible to run any kind of custom firmware from cold boot
Thanks for the info. I learned a ton! I just kinda now hope that someone who works on the signing part doesn't screw nintendo over by leaking it. Honestly that would be detrimental for the 3DS and honestly no matter how much you want homebrew or CFW, you don't want to risk destroying the whole economy of the console. I think I'd stick with regular exploits instead.
The chance of that happening is so wildly low it's not even worth mentioning, imho.Thanks for the info. I learned a ton! I just kinda now hope that someone who works on the signing part doesn't screw nintendo over by leaking it. Honestly that would be detrimental for the 3DS and honestly no matter how much you want homebrew or CFW, you don't want to risk destroying the whole economy of the console. I think I'd stick with regular exploits instead.
Sorry if i bother you. Where could the bootrom comes from? NAND/RAM/Inside-Chip?
It's its own unit within the processor SoC, hence bootROM (it's not in any r/w memory). Tracing calls to it would be impossible as far as I know.
Judge: So there is no known possible way to achieve bootrom dumping.. I see.
If you're aking the feasibility of dumping bootrom, its not impossible, just not likely. I have half baked ideas on how it could be done but meh..
Thanks for reply. Not for bootrom. but for new keys.
because obviously everyone know that. Not eveyone are genuises. Keep your supperiority for yourself for a minure, thank you for clarifications.
This is a site where they think 'Ryanrocks462' is actually smart.. you're only wasting your time and energy, lol. Like i've said to people before, the people that are able to make use of these keys most likely already have them, therefore it shouldn't hinder my (or anyone's) work too much, but i still was sucked into the drama which wasnt fun.. I'm not trying to claim im smart or what have you either, I just started to look into the FIRM layout like a few weeks ago and asked around a bit, then ended up figuring this out.. sure it isnt difficult in hind sight but im fairly new to this too.. so it's still exciting for me to be learning fairly fast and watching everything unfold before my eyes.
