[Question] Cracking the BOOTROM?

Discussion in '3DS - Homebrew Development and Emulators' started by survive9, Apr 8, 2016.

  1. survive9
    OP

    survive9 Advanced Member

    Newcomer
    1
    Dec 13, 2014
    United States
    Let's say someone manages to crack the BOOTROM security someday. What would that allow us to do that we can't do even now? From what I heard it allows us to get the normal keys but idk what all of them would be useful for.
     
  2. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    8
    Oct 8, 2015
    Italy
    Hyrule Castle
    otp dumping a coldboot... nothing else.

    — Posts automatically merged - Please don't double post! —

    nothing else that a9lh doesn't already allow us to do.
     
    survive9 and yusuo like this.
  3. julialy

    julialy Homebrewer

    Member
    6
    Nov 26, 2012
    United States
    United States
    it would allow us to decrypt games on a PC, instead of requiring a 3DS to decrypt for you
     
    survive9 likes this.
  4. mikey420

    mikey420 GBAtemp Advanced Fan

    Member
    4
    Dec 11, 2015
    United States
    Basically it would remove any remaining security allowing us to decrypt content without the 3ds and allowing us to "sign" software to run without the need for an exploit.
     
    peteruk likes this.
  5. Mazamin

    Mazamin GBAtemp Advanced Maniac

    Member
    6
    GBAtemp Patron
    Mazamin is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Sep 4, 2014
    Italy
    No, it won't allow us to sign software, only real coldboot, loading code before the start of sysprot9, allowing us to dump otp at coldboot(thing that we'll not need anymore)
     
    Last edited by Mazamin, Apr 8, 2016
    peteruk likes this.
  6. mikey420

    mikey420 GBAtemp Advanced Fan

    Member
    4
    Dec 11, 2015
    United States
    How do you expect to dump anything with a coldboot if you can't run code? With the bootrom broken and the keys used to sign the content available we should be able to decrypt abd reencrypt any part of the system modifying it as we please. If the bootrom protection is defeated all signing checks will mean nothing to developers. I'm certain of this statement.
     
  7. capito27

    capito27 GBAtemp Advanced Fan

    Member
    7
    Jan 19, 2015
    Swaziland
    depending of how early the bootrom can be broken, it could allow for 100% nand brick proofing (as, depending on wherein the bootrom could be exploited), as you could possbily directly control it before it checks for nand validity, thus code exec to load an emunand at boot, before nand is even accessed, possibly. but it's verry theoric and HIGHLY unlikely
     
    Mazamin likes this.
  8. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    8
    Oct 8, 2015
    Italy
    Hyrule Castle
    seriusly you think that the bootrom doesn't contain code?
     
    Mazamin likes this.
  9. Mazamin

    Mazamin GBAtemp Advanced Maniac

    Member
    6
    GBAtemp Patron
    Mazamin is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Sep 4, 2014
    Italy
    Otherwise how could you load the 3ds kernel and firmware? LOL
     
  10. capito27

    capito27 GBAtemp Advanced Fan

    Member
    7
    Jan 19, 2015
    Swaziland
    you do know that the signing keys are no where on the 3ds, right ? the keys available are only for decryption, all signature would be invalid without the private signing keys in some nintendo bunker
     
    Last edited by capito27, Apr 8, 2016
  11. survive9
    OP

    survive9 Advanced Member

    Newcomer
    1
    Dec 13, 2014
    United States
    Thanks for clearing this up guys. I thought it would allow for something cool like running a true cfw that is very different from nintendo's but that seems to not be the case.
     
  12. dubbz82

    dubbz82 GBAtemp Advanced Maniac

    Member
    7
    Feb 2, 2014
    United States

    This is already theoretically possible, it would require someone to actually build it out though, which isn't trivial. Nintendo's built in OS isn't THAT bad, is it?
     
  13. zoogie

    zoogie playing around in the dsiware

    Member
    19
    Nov 30, 2014
    Micronesia, Federated States of
    Well that is possible you know. Everything besides the bootloader is replaceable.
    It's just a lot of work though when piracy is enough for most people.
     
  14. mikey420

    mikey420 GBAtemp Advanced Fan

    Member
    4
    Dec 11, 2015
    United States
    I'm well aware of this. I'm saying that to defeat the bootrom requires one of 2 things either you must exploit it it's self or manage to pass its signature checks regardless this would ultimately defeat all signature checks allowing us to do as we please to the device.
     
  15. TuxSH

    TuxSH GBAtemp Advanced Fan

    Member
    7
    Oct 19, 2015
    France
    A bootROM vulnerability exploitable by the end-user would be both a full system-control exploit and an entrypoint, hardcoded in hardware.
    If such a flaw exists, it would literally kill the 3DS's security, in fact the 3DS as a whole.

    What about Linux?
     
  16. zoogie

    zoogie playing around in the dsiware

    Member
    19
    Nov 30, 2014
    Micronesia, Federated States of
    arm9 control does this. we've had that for a while.
     
  17. Filo97

    Filo97 Zelda's totally my sister! Not lying!

    Member
    8
    Oct 8, 2015
    Italy
    Hyrule Castle
    no, he does not mean to patch the ckecks, he means to remove the checks from the OS itself.
     
  18. dubbz82

    dubbz82 GBAtemp Advanced Maniac

    Member
    7
    Feb 2, 2014
    United States
    Same end result..
     
    Ammako and zoogie like this.
  19. artur3004

    artur3004 GBAtemp Fan

    Member
    3
    Mar 31, 2015
    Gambia, The
    wouldn't it be like a simular situation like with the exploit in the A4 Iphone cpu?
     
  20. linuxares

    linuxares I'm not a generous god!

    Moderator
    12
    Aug 5, 2007
    Sweden
    Wouldn't the 3DS basically be as the 360 is with the JTAG/RGH ?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice