The bootroms

Discussion in '3DS - Homebrew Development and Emulators' started by Suiginou, May 1, 2016.

  1. Suiginou
    OP

    Suiginou (null)

    Member
    565
    588
    Jun 26, 2012
    Gambia, The
    pc + 8
    This is the final frontier of 3DS security: The bootroms. Usually dubbed "bootrom", there are actually two of them: one for the ARM9 ("bootrom9") and one for the ARM11 ("bootrom11").

    What we know

    The lower 0x8000 bytes of each bootrom is readable and they are 0x10000 bytes each; bootrom9 is at 0xFFFF0000 and bootrom11 is at 0x00000000.

    During boot, bit 0 of CFG_SYSPROT9/CFG_SYSPROT11 are set. After that, trying to read the upper 0x8000 bytes (i.e., 0xFFFF8000-0xFFFFFFFF for bootrom9 and 0x00008000-0x0000FFFF for bootrom11) causes the system to hang. It's currently unknown if this causes an exception and the CPU exception vectors infinite loop or this is some other kind of hang.

    Unlike the OTP region, the bootrom locks itself. For that reason, there's no silly bypassing the bootrom security by downgrading.

    The bootroms do not immediately set up the hardware exception vectors, a few cycles are available until the hardware exception vectors are changed to something the bootrom controls. Loading a payload into the top of FCRAM, rebooting the system via I2C/MCU and then causing a hardware exception would permit code execution before the bootrom locks itself. The timing for that is humanly impossible, however. Reliable and safe means of inducing a hardware exception are currently unknown. Given everything so far, this seems infeasible.

    So far, the only hopes of dumping the bootroms seem to lie on a decap and then reading the bootrom off the chip. This requires relatively high amounts of money for equipment, as well as skills with handling the hardware. Since the last fundraiser for this exact purpose has ended in the money being taken and the people involved never having been heard of again, it's doubtful that this will ever happen, either.

    What can be done with them

    The bootroms hold the missing keys. Given that the AES key scrambler is known, physical 3DSes would no longer be required to do any sort of crypto operation, such as decrypting NCCH containers in the CCI/.3ds -> CIA conversion process or decrypting titlekeys. Decrypt9 would lose its use for any crypto-related operation.

    Low-level emulators such as XDS will likely benefit from having the bootroms. Similarly, citra would no longer require a round-trip to decrypt the title to be played.

    In the unlikely event that an exploit in one of the bootroms can be identified, the 3DS is fully compromised; a fix would require a new hardware revision.
     


  2. hobbledehoy899

    hobbledehoy899 Conniption Master

    Member
    2,649
    4,283
    Nov 13, 2015
    United States
    Kernel Version: Linux 4.13.3-1-zen
    4DS cofirmed.
     
  3. runetoonxx2

    runetoonxx2 GBATemp's Cancer

    Member
    1,349
    176
    Jan 15, 2014
    United States
    The GBATemp
    Nah handheld nx confirmed
     
  4. hobbledehoy899

    hobbledehoy899 Conniption Master

    Member
    2,649
    4,283
    Nov 13, 2015
    United States
    Kernel Version: Linux 4.13.3-1-zen
    NAND X?
     
  5. Ricken

    Ricken We'll Carry On

    Member
    2,192
    2,347
    Jan 19, 2016
    United States
    Shibuya, The small one from Vegas
    In other words, there can be something faster than A9LH?

    Welp, gonna wait for a SafeInsertNameHereIstaller+SafeHardModInstaller (I wish)
     
    Last edited by Ricken, May 1, 2016
  6. iCEQB

    iCEQB GBAtemp Advanced Fan

    Member
    674
    446
    Nov 2, 2013
    United States
    What abount underclocking the CPUs ? Thinking about the RGH on 360, the CPU gets underclocked through i2c during boot. Maybe the ARM9/11 can also be locked somewhere in hte kHz area? That would widen the timeframe by alot.
     
  7. Thee_BaBs

    Thee_BaBs GBAtemp Regular

    Member
    128
    22
    Sep 19, 2015
    United States
    -snip-
     
    Last edited by Thee_BaBs, May 1, 2016
  8. Conn0r

    Conn0r GBAtemp Fan

    Member
    327
    187
    Jan 10, 2016
    United States
    I'm still waiting for kernal time machine. Kek.
     
  9. Pippin666

    Pippin666 SSF43DE Master

    Member
    1,815
    248
    Mar 30, 2009
    Canada
    Montreal, Qc
    Yes, A9LH is very poorly coded anyway.

    Pip'
     
    Technicmaster0 likes this.
  10. iCEQB

    iCEQB GBAtemp Advanced Fan

    Member
    674
    446
    Nov 2, 2013
    United States
    Why do you think that?
     
  11. Pippin666

    Pippin666 SSF43DE Master

    Member
    1,815
    248
    Mar 30, 2009
    Canada
    Montreal, Qc
    by looking at the code and mostly of all the risk that is involve.

    Pip'
     
  12. iCEQB

    iCEQB GBAtemp Advanced Fan

    Member
    674
    446
    Nov 2, 2013
    United States
    The "risk" is in the nature of the exploit + even if something goes south, it's not a lost device, there is always a way back and since you need a NAND dump in the first place anyway, I don't see a real risk here, only another hurdle in case something funny happens.

    And what about the code? Are you talking about the installer ? Because that's not realy part of the hack. It just places crafted files in your NAND which actually trigger the exploit ... and once that is done A9LH is has proven to be the most reliable hack in the 3DS, because it works everytime 100% no matter what, due to its nature.
     
  13. Aurora Wright

    Aurora Wright GBAtemp Advanced Maniac

    Member
    1,542
    4,100
    Aug 13, 2006
    Italy
    Out of curiosity, where's this bad code you talk about?
     
  14. TR_mahmutpek

    TR_mahmutpek GBAtemp Advanced Fan

    Member
    630
    134
    Jul 28, 2015
    The end of the cfw 'es coming.
    (hype)
     
  15. Ricken

    Ricken We'll Carry On

    Member
    2,192
    2,347
    Jan 19, 2016
    United States
    Shibuya, The small one from Vegas
    Correction; NintyFW will BE the only non obsolete CFW
     
    Exavold and TR_mahmutpek like this.
  16. jerrmy12

    jerrmy12 GBAtemp Regular

    Member
    240
    71
    Apr 8, 2016
    United States
    No, it isn't, this isn't a release or anything
     
    TR_mahmutpek likes this.
  17. sirocyl

    sirocyl Are we Geniuses or what?

    Newcomer
    85
    104
    Apr 30, 2012
    United States
    I have a feeling it would be perfectly feasible to do an attack within the timeframe of SYSPROT9 bit 0x00, but we'd need a good feedback loop.
    I propose flashing the MCU firmware, or even completely replacing the chip with a dummy clone, just an I2C bus peripheral that does the bare minimum to initialize the system, and pull the /RESET line on the SoC at the right time.
    An RGH-style core slowdown wouldn't work, simply because the SoC doesn't (as far as I know) expose the registers to control CPU clocks with such fine granularity.
    As for triggering the exception, three letters: NMI.

    (information: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0553a/BABBGBEC.html it's for a different chip, but the behavior should be the same for the most part.)
     
    Last edited by sirocyl, May 1, 2016
  18. Suiginou
    OP

    Suiginou (null)

    Member
    565
    588
    Jun 26, 2012
    Gambia, The
    pc + 8
    Next up: Finding the reset line. Good luck with that, champ.

    The rest sounds somewhat promising. Did you actually try this or?
     
    sirocyl likes this.
  19. sirocyl

    sirocyl Are we Geniuses or what?

    Newcomer
    85
    104
    Apr 30, 2012
    United States
    If theory serves right, it runs to the MCU.
    I would love to try it, in the interests of science. I don't want to spill my life's story here, but suffice it to say, I don't have the equipment at the moment. I'm trying to find a job, and it's tough.
    There's no well-equipped hackerspaces within 70 miles of here (central Long Island), either.
    If anyone's local and willing to lend a hand, I can procure a busted 3DS for relatively cheap.
     
  20. nero99

    nero99 GBAtemp Advanced Maniac

    Member
    1,906
    866
    Sep 18, 2014
    United States
    Have you even tried installing it? I have done to over 100 new 3ds systems the past 3 weeks and nothing has ever gone wrong. No bricking what so ever beside the emunand brick you're supposed to cause with 2.1.
     
    hobbledehoy899 likes this.