[Tool] arm9loaderhax-keyfinder

Discussion in '3DS - Homebrew Development and Emulators' started by delebile, May 18, 2016.

  1. delebile
    OP

    delebile Advanced Member

    Newcomer
    54
    139
    Aug 19, 2015
    Italy
    On the road
    I recently cleaned up and released the tool i used to find the proper fake key when i initially implemented the arm9loaderhax exploit.
    In origin it ran in my 3DS, i decided to make it a PC tool in order to improve the speed : as for now it can attempt around 2200 keys every second (at least on my PC, may be better on others), which is good enough.
    I leave it here as it can be useful to improve the current public arm9loaderhax methods with new keys or firms, if anybody wants to work on it.
    On a side note, this tool contains my little 3DS AES engine simulator in C, which i didn't find on the net, i hope it can be of any use for other projects. ;)

    Code : https://github.com/delebile/arm9loaderhax-keyfinder
    Download : https://github.com/delebile/arm9loaderhax-keyfinder/releases

    Read here before asking useless questions:
    • Is this a new vulnerability?
      • No. It's just a tool that was used to develop the public version of arm9loaderhax.
    • Is this related to downgrade/cfw/warez?
      • No. Again, this is a tool for developers mostly.
    • So where are the news?
      • There is nothing new here, it's a simple open-sourcing a software that previously was not, and that can result useful to some people.
    • Okok... Is there any way i can learn how the exploit works then?
     
    Last edited by delebile, May 18, 2016
    Xiphiidae, justln, gamered and 18 others like this.


  2. MsMidnight

    MsMidnight part time fe modder

    Member
    1,753
    1,308
    Oct 12, 2015
    kys
    So we can encypt stuff with keys ?
     
  3. delebile
    OP

    delebile Advanced Member

    Newcomer
    54
    139
    Aug 19, 2015
    Italy
    On the road
    No, that's not the point.
    This is a bruteforcer which randomizes many keys and try to find a proper one that can fit the exploit, in order to gain code execution.
    Read any documentation about the exploit and you'll understand it quickly.
     
    Xiphiidae likes this.
  4. Nyap

    Nyap HTML Noob

    Banned
    973
    344
    Jan 13, 2016
    That Chaos Site
    wait, so you no longer need to downgrade?
     
  5. MsMidnight

    MsMidnight part time fe modder

    Member
    1,753
    1,308
    Oct 12, 2015
    kys
    snip
     
    Last edited by MsMidnight, May 18, 2016
  6. Nyap

    Nyap HTML Noob

    Banned
    973
    344
    Jan 13, 2016
    That Chaos Site
    its there in op
     
  7. MsMidnight

    MsMidnight part time fe modder

    Member
    1,753
    1,308
    Oct 12, 2015
    kys
    edited my post
     
  8. Davidosky99

    Davidosky99 Eevee :3

    Banned
    2,582
    1,570
    Jun 7, 2015
    Porto
    how can I use this? this sure looks promising
     
  9. delebile
    OP

    delebile Advanced Member

    Newcomer
    54
    139
    Aug 19, 2015
    Italy
    On the road
    I do not see how this can be related to a downgrade... Any simple logic?
    This is a development tool i used to exploit the vulnerability, not a new vulnerability itself.

    I made a writeup about it some time ago. See here.
     
  10. MsMidnight

    MsMidnight part time fe modder

    Member
    1,753
    1,308
    Oct 12, 2015
    kys
    really interesting. can anything else be accomplished ?
     
  11. astrangeone

    astrangeone GBAtemp Addict

    Member
    2,029
    586
    Dec 1, 2009
    Canada
    Canada
    Oh, awesome. Doing n3DSes was a pain because of the downgrade and potential for bricking because you forgot that there was a need for wifi!
     
  12. Nyap

    Nyap HTML Noob

    Banned
    973
    344
    Jan 13, 2016
    That Chaos Site
    could we make something where it would just keep guessing otp.bin at random? I'm guessing no because there would be no way of telling if it succeeded, but then again I know nothing :|
     
  13. yusuo

    yusuo GBAtemp Addict

    Member
    2,526
    883
    Oct 19, 2006
    You know, I done the math and if the key is atleast 12 digits long it would still take 14.41 years to test every key combination. And that's only if they're digits, I believe keys consist of letters as well. So add another 7 years onto that total. And I'm pretty sure keys are 20 something digits so add another 8 years.
    That means it's theoretically going to take 29 years to try every combination.
    Kinda pointless don't you think
     
  14. Nyap

    Nyap HTML Noob

    Banned
    973
    344
    Jan 13, 2016
    That Chaos Site
    how many would it be able to do per second :x
     
  15. GalladeGuy

    GalladeGuy Freeze Kirby :3

    Member
    2,575
    2,564
    Oct 28, 2015
    United States
    So this is basically an OTP generator?
     
  16. Nyap

    Nyap HTML Noob

    Banned
    973
    344
    Jan 13, 2016
    That Chaos Site
     
  17. Drakia

    Drakia GBAtemp Advanced Maniac

    Member
    1,512
    1,761
    Mar 15, 2008
    Canada
    Holy shit, are you guys stupid? This is THE tool he wrote that gave us a9lh, he's releasing it incase anybody else can find it useful for future development.

    No, it doesn't give you your OTP
    No, it doesn't let you downgrade
    No, it serves no purpose FOR YOU
    This is a development tool and nothing else. Jesus.
     
  18. MsMidnight

    MsMidnight part time fe modder

    Member
    1,753
    1,308
    Oct 12, 2015
    kys
    OP says it tries 2K +keys per second tho
     
  19. Nyap

    Nyap HTML Noob

    Banned
    973
    344
    Jan 13, 2016
    That Chaos Site
    we just thought he meant otp.bin when he said keys
     
  20. Bullseye

    Bullseye GBAtemp Regular

    Member
    287
    115
    Feb 22, 2016
    The number of facepalms some replies have given me so far is unprecedented. How do some of you guys get to some conclusions? I don't know how to code, but I do know how to read.

    ANyways that's cool. Let's see what some people find about this. Cool work OP.
     
    nxwing, Xiphiidae, Diagamma and 9 others like this.