Unbanning Switch

Ryab

Well-Known Member
Member
Joined
Aug 9, 2017
Messages
3,197
Trophies
1
XP
4,397
Country
United States
I can't send a link but you can clearly see in the code source that atmosphere uses private keys for example and it is clearly visible. I think the problem is more with publishing the keys to be available for everyone (that's why you can't just share your keys.txt to people) than using it
The keys are extracted from the system. The system already has the keys on it. Now if the source included those keys directly, yes it would be a problem.
 

dogtygr

Member
Newcomer
Joined
May 30, 2023
Messages
9
Trophies
0
XP
29
Country
United States
The keys are extracted from the system. The system already has the keys on it. Now if the source included those keys directly, yes it would be a problem.
There are keys that are directly included in the source code look for the fusee_key_deriviation.cpp file for example
 

Ryab

Well-Known Member
Member
Joined
Aug 9, 2017
Messages
3,197
Trophies
1
XP
4,397
Country
United States
There are keys that are directly included in the source code look for the fusee_key_deriviation.cpp file for example
Those are not the keys. I'm looking at that exact file and those are definitely not the keys. There are many calls to where they would be located on the system itself, but the actual keys are not there.
 

dogtygr

Member
Newcomer
Joined
May 30, 2023
Messages
9
Trophies
0
XP
29
Country
United States
Those are not the keys. I'm looking at that exact file and those are definitely not the keys. There are many calls to where they would be located on the system itself, but the actual keys are not there.
They are not the keys that you would see in the keys.txt file but arent they the keys to retrieve those keys (sort of a master key)? If you look at the lockpick_rcm updates commits you'll see that the only updates those commits have to be compatible with new firmwares are the keys that are in the file I showed you.
 
Last edited by dogtygr,

Ryab

Well-Known Member
Member
Joined
Aug 9, 2017
Messages
3,197
Trophies
1
XP
4,397
Country
United States
On a technical level there is nothing wrong there. Those are basically just calls to where those keys are stored on the system. New keys are added every major update. Atmosphere directly uses them from the system and never actually extracts them, just references them.
 

dogtygr

Member
Newcomer
Joined
May 30, 2023
Messages
9
Trophies
0
XP
29
Country
United States
On a technical level there is nothing wrong there. Those are basically just calls to where those keys are stored on the system. New keys are added every major update. Atmosphere directly uses them from the system and never actually extracts them, just references them.
Like I said take it with a grain of salt but if you look at the lockpick_rcm code the function void generate_aes_kek() for example directly uses the keys mentioned earlier to retrieve the private keys.

I don't know how they got those master keys in the first place but I think that an argument can be made that these keys shouldn't be published out of the open especially if they're from nintendo, these keys are the direct link to generate the private keys. It's like (in my view of course) if someone published your master password that allows people to retrieve all your passwords.

But again I suppose that they know what they are doing and they haven't had any kind of legal trouble (well actually lockpick_rcm did have some issues but I don't think it was because they had those keys in their code) but I wonder what legislation allows them to publish these keys (especially if they are not publicly available in the first place).
 

Ryab

Well-Known Member
Member
Joined
Aug 9, 2017
Messages
3,197
Trophies
1
XP
4,397
Country
United States
Like I said take it with a grain of salt but if you look at the lockpick_rcm code the function void generate_aes_kek() for example directly uses the keys mentioned earlier to retrieve the private keys.

I don't know how they got those master keys in the first place but I think that an argument can be made that these keys shouldn't be published out of the open especially if they're from nintendo, these keys are the direct link to generate the private keys. It's like (in my view of course) if someone published your master password that allows people to retrieve all your passwords.

But again I suppose that they know what they are doing and they haven't had any kind of legal trouble (well actually lockpick_rcm did have some issues but I don't think it was because they had those keys in their code) but I wonder what legislation allows them to publish these keys (especially if they are not publicly available in the first place).
Generally in most cases software to extract copywritten content is fine. There have been instances where that has failed though. Mainly lockpick.
 

dogtygr

Member
Newcomer
Joined
May 30, 2023
Messages
9
Trophies
0
XP
29
Country
United States
Generally in most cases software to extract copywritten content is fine. There have been instances where that has failed though. Mainly lockpick.
I don't think that there's a problem legally speaking on the purpose of the software itself but in how they do it.

I think that we can both agree that the tool hactool has nothing illegal per see on it even though it allows to extract copywritten content. I think that it would be a problem if hactool directly integrated the private keys in their software.

What's the difference between this and let's say lockpick_rcm that directly uses some keys in their code to extract private keys?
 

Ryab

Well-Known Member
Member
Joined
Aug 9, 2017
Messages
3,197
Trophies
1
XP
4,397
Country
United States
I don't think that there's a problem legally speaking on the purpose of the software itself but in how they do it.

I think that we can both agree that the tool hactool has nothing illegal per see on it even though it allows to extract copywritten content. I think that it would be a problem if hactool directly integrated the private keys in their software.

What's the difference between this and let's say lockpick_rcm that directly uses some keys in their code to extract private keys?
I mean you could say the same thing about emulation there. Which the real answer to all of that is that you technically do own any content that you extract. If you own the Switch then the keys on it technically do belong to you. They just cannot be distributed.
 
Joined
Sep 9, 2019
Messages
904
Trophies
1
Location
Switch scene
Website
github.com
XP
2,663
Country
Korea, North
There are keys that are directly included in the source code look for the fusee_key_deriviation.cpp file for example
Those aren't keys they're key sources. The key sources themselves are not used to encrypt anything, they're useless which is why it is legal to distribute them. To get the actual keys (which are illegal to share) you have to pass the keys through a hardware black box in TSEC. The key sources themselves are useless unless you have the algorithm to transform them into the keys.
 

dogtygr

Member
Newcomer
Joined
May 30, 2023
Messages
9
Trophies
0
XP
29
Country
United States
Those aren't keys they're key sources. The key sources themselves are not used to encrypt anything, they're useless which is why it is legal to distribute them. To get the actual keys (which are illegal to share) you have to pass the keys through a hardware black box in TSEC. The key sources themselves are useless unless you have the algorithm to transform them into the keys.
Oh right makes sense. So there is no legal issue if you publish those key sources like in the lockpick_rcm code source? I suppose they are not like public keys or salt where those are meant to be shared.
 
Joined
Sep 9, 2019
Messages
904
Trophies
1
Location
Switch scene
Website
github.com
XP
2,663
Country
Korea, North
Oh right makes sense. So there is no legal issue if you publish those key sources like in the lockpick_rcm code source? I suppose they are not like public keys or salt where those are meant to be shared.
I am not a lawyer but to the best of my knowledge, yes that is legal.
It's worth noting that the main developer of Atmosphere (SciresM) is a lawyer himself and I doubt he would put himself at risk by sharing illegal numbers like that on a public GitHub repo.
 

dogtygr

Member
Newcomer
Joined
May 30, 2023
Messages
9
Trophies
0
XP
29
Country
United States
I am not a lawyer but to the best of my knowledge, yes that is legal.
It's worth noting that the main developer of Atmosphere (SciresM) is a lawyer himself and I doubt he would put himself at risk by sharing illegal numbers like that on a public GitHub repo.
That was an interesting read thank you! I find it odd that it is just legal to share this kind of information (I don't even know how they were able to get those key sources I don't know if this is supposed to be confidential or not) but like I said earlier I suppose they know what they are doing.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    LeoTCK @ LeoTCK: yes for nearly a month i was officially a wanted fugitive, until yesterday when it ended