What are the OTP's ? (used for ?)

Discussion in '3DS - Flashcards & Custom Firmwares' started by Gnarmagon, Feb 1, 2017.

  1. Gnarmagon
    OP

    Gnarmagon Noob <3

    Member
    427
    58
    Dec 12, 2016
    Germany
    Hello,

    I know that you need the OTP's to install A9LH but what does A9LH with these OTP's ?
    How is A9LH installed ? (just a new Line in a Script / .txt ?)
    The Wii and WiiU have these OTP's too ?
     
  2. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ I drool on my knife

    Member
    19,363
    19,694
    Sep 13, 2009
    Antarctica
    Between insane and insecure
    The OTP is used to get the keys needed to install A9LH.
    How is it installed? You follow the guide
    3ds.guide
    Both the Wii and Wii U have an OTP
     
    Last edited by Lilith Valentine, Feb 1, 2017
    proflayton123 likes this.
  3. proflayton123

    proflayton123 悲しみ

    Member
    5,610
    2,058
    Jan 11, 2016
    Japan
    日本
    Last edited by proflayton123, Feb 1, 2017
    Gnarmagon likes this.
  4. Searinox

    Searinox <3

    Member
    1,734
    160
    Dec 16, 2007
    Romania
    OTP stands for One-Time Pad, which is actually a bit of an odd thing since the definition rather closer fits XOR pads than what the OTP actually is. The OTP is a 256-byte unique value from which several important keys are derived. Admittingly, it's too big to be outright considered a "key" in its own right since most keys are 16-byte(128bit) or 32-byte(256bit) long and the OTP is much larger. I believe -how- the keys are derived is yet unknown but then the OTP can still be used to encrypt or decrypt stuff in a valid fashion.
     
  5. addi33

    addi33 GBAtemp Advanced Maniac

    Member
    1,641
    701
    Sep 12, 2016
    Gambia, The
    no clue what you mean by Line in a script, but the a9lh payloads are written to the FIRM partition of the nand. the arm9loader then executes the arm9 payload on the root of the sd card which should be called "arm9loaderhax.bin" and has to be a valid arm9 payload.
     
  6. Goombi

    Goombi Meme crypto = my crypto

    Member
    143
    53
    Jun 1, 2014
    France
    RnVja1lvdU15RHVkZQ
    One Time Programmable*. It's a unique-per-console read-only randomly-generated-at-factory piece of data used by the Kernel9Loader on New 3DS to decrypt the secret sector (on N3DS NAND). The decrypted secret sector contains keys used by the K9L to decrypt the NATIVE_FIRM.

    About A9LH, providing a carefully chosen key to K9L will allow to gain code exec, not going for the full explanation here. That key is known but in order to provide it to K9L, we need to encrypt it with the OTP and write it in the secret sector.

    There's much more to it, you should check 32c3 presentation on 3DS hacking
     
    RosaliinaDaHacker64 and XRaTiX like this.
  7. Searinox

    Searinox <3

    Member
    1,734
    160
    Dec 16, 2007
    Romania
    Thanks for clearing that up. You mentioned what it does on the N3DS, so what does it do on the O3DS?
     
  8. smileyhead

    smileyhead Bow ties are cool.

    Member
    GBAtemp Patron
    smileyhead is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    2,426
    5,031
    Aug 31, 2015
    Hungary
    Budakeszi, Hungary
    [​IMG]