Homebrew [Tool] arm9loaderhax-keyfinder

[Deleted User]

I recently cleaned up and released the tool i used to find the proper fake key when i initially implemented the arm9loaderhax exploit.
In origin it ran in my 3DS, i decided to make it a PC tool in order to improve the speed : as for now it can attempt around 2200 keys every second (at least on my PC, may be better on others), which is good enough.
I leave it here as it can be useful to improve the current public arm9loaderhax methods with new keys or firms, if anybody wants to work on it.
On a side note, this tool contains my little 3DS AES engine simulator in C, which i didn't find on the net, i hope it can be of any use for other projects.

Code : https://github.com/delebile/arm9loaderhax-keyfinder
Download : https://github.com/delebile/arm9loaderhax-keyfinder/releases

Read here before asking useless questions:

• Is this a new vulnerability?
  • No. It's just a tool that was used to develop the public version of arm9loaderhax.
• Is this related to downgrade/cfw/warez?
  • No. Again, this is a tool for developers mostly.
• So where are the news?
  • There is nothing new here, it's a simple open-sourcing a software that previously was not, and that can result useful to some people.
• Okok... Is there any way i can learn how the exploit works then?
  • Sure, here is some documentation.

Holy shit, are you guys stupid? This is THE tool he wrote that gave us a9lh, he's releasing it incase anybody else can find it useful for future development.

No, it doesn't give you your OTP
No, it doesn't let you downgrade
No, it serves no purpose FOR YOU
This is a development tool and nothing else. Jesus.

 

[MsMidnight]

I recently cleaned up and released the tool i used to find the proper fake key when i initially implemented the arm9loaderhax exploit.
In origin it ran in my 3DS, i decided to make it a PC tool in order to improve the speed : as for now it can attempt around 2200 keys every second (at least on my PC, may be better on others), which is good enough.
I leave it here as it can be useful to improve the current public arm9loaderhax methods with new keys or firms, if anybody wants to work on it.
On a side note, this tool contains my little 3DS AES engine simulator in C, which i didn't find on the net, i hope it can be of any use for other projects.

Code : https://github.com/delebile/arm9loaderhax-keyfinder
Download : https://github.com/delebile/arm9loaderhax-keyfinder/releases

So we can encypt stuff with keys ?

 

[Deleted User]

So we can encypt stuff with keys ?

No, that's not the point.
This is a bruteforcer which randomizes many keys and try to find a proper one that can fit the exploit, in order to gain code execution.
Read any documentation about the exploit and you'll understand it quickly.

 

[Nyap]

wait, so you no longer need to downgrade?

 

[MsMidnight]

snip

 

[Nyap]

ah. may i please get a link ?

its there in op

 

[MsMidnight]

its there in op

edited my post

 

[Deleted member 366698]

I recently cleaned up and released the tool i used to find the proper fake key when i initially implemented the arm9loaderhax exploit.
In origin it ran in my 3DS, i decided to make it a PC tool in order to improve the speed : as for now it can attempt around 2200 keys every second (at least on my PC, may be better on others), which is good enough.
I leave it here as it can be useful to improve the current public arm9loaderhax methods with new keys or firms, if anybody wants to work on it.
On a side note, this tool contains my little 3DS AES engine simulator in C, which i didn't find on the net, i hope it can be of any use for other projects.

Code : https://github.com/delebile/arm9loaderhax-keyfinder
Download : https://github.com/delebile/arm9loaderhax-keyfinder/releases

how can I use this? this sure looks promising

 

[Deleted User]

wait, so you no longer need to downgrade?

I do not see how this can be related to a downgrade... Any simple logic?
This is a development tool i used to exploit the vulnerability, not a new vulnerability itself.

ah. may i please get a link ?

I made a writeup about it some time ago. See here.

 

[MsMidnight]

I do not see how this can be related to a downgrade... Any simple logic?
This is a development tool i used to exploit the vulnerability, not a new vulnerability itself.


I made a writeup about it some time ago. See here.

really interesting. can anything else be accomplished ?

 

[astrangeone]

Oh, awesome. Doing n3DSes was a pain because of the downgrade and potential for bricking because you forgot that there was a need for wifi!

 

[Nyap]

could we make something where it would just keep guessing otp.bin at random? I'm guessing no because there would be no way of telling if it succeeded, but then again I know nothing :|

 

[yusuo]

You know, I done the math and if the key is atleast 12 digits long it would still take 14.41 years to test every key combination. And that's only if they're digits, I believe keys consist of letters as well. So add another 7 years onto that total. And I'm pretty sure keys are 20 something digits so add another 8 years.
That means it's theoretically going to take 29 years to try every combination.
Kinda pointless don't you think

 

[Nyap]

You know, I done the math and if the key is atleast 12 digits long it would still take 14.41 years to test every key combination. And that's only if they're digits, I believe keys consist of letters as well. So add another 7 years onto that total. And I'm pretty sure keys are 20 something digits so add another 8 years.
That means it's theoretically going to take 29 years to try every combination.
Kinda pointless don't you think

how many would it be able to do per second :x

 

[GalladeGuy]

So this is basically an OTP generator?

 

[Nyap]

So this is basically an OTP generator?

You know, I done the math and if the key is atleast 12 digits long it would still take 14.41 years to test every key combination. And that's only if they're digits, I believe keys consist of letters as well. So add another 7 years onto that total. And I'm pretty sure keys are 20 something digits so add another 8 years.
That means it's theoretically going to take 29 years to try every combination.
Kinda pointless don't you think

 

[Drakia]

You know, I done the math and if the key is atleast 12 digits long it would still take 14.41 years to test every key combination. And that's only if they're digits, I believe keys consist of letters as well. So add another 7 years onto that total. And I'm pretty sure keys are 20 something digits so add another 8 years.
That means it's theoretically going to take 29 years to try every combination.
Kinda pointless don't you think

Holy shit, are you guys stupid? This is THE tool he wrote that gave us a9lh, he's releasing it incase anybody else can find it useful for future development.

No, it doesn't give you your OTP
No, it doesn't let you downgrade
No, it serves no purpose FOR YOU
This is a development tool and nothing else. Jesus.

 

[MsMidnight]

OP says it tries 2K +keys per second tho

 

[Nyap]

Holy shit, are you guys stupid? This is THE tool he wrote that gave us a9lh, he's releasing it incase anybody else can find it useful for future development.

No, it doesn't give you your OTP
No, it doesn't let you downgrade
No, it serves no purpose FOR YOU
This is a development tool and nothing else. Jesus.

we just thought he meant otp.bin when he said keys

 

[Bullseye]

The number of facepalms some replies have given me so far is unprecedented. How do some of you guys get to some conclusions? I don't know how to code, but I do know how to read.

ANyways that's cool. Let's see what some people find about this. Cool work OP.